harbor垃圾回收
Harbor私有仓库运行一段时间后,仓库中存有大量镜像,会占用太多的存储空间。直接通过Harbor界面删除相关镜像,并不会自动删除存储中的文件和镜像。需要停止Harbor服务,执行垃圾回收命令,进行存储空间清理和回收。
1、首先,删除Harbor的UI中的存储库。这是软删除。您可以删除整个存储库或仅删除它的标签。软删除后,Harbor中不再管理存储库,但是存储库的文件仍然保留在Harbor的存储中。
2、接下来,使用注册表的垃圾回收(GC)删除存储库的实际文件。在执行GC之前,确保没有人推送图像或Harbor根本没有运行。如果有人在GC运行时推送镜像,则存在镜像层被错误删除的风险,从而导致镜像损坏。所以在运行GC之前,首选的方法是先停止Harbor。
(1)
cd /usr/local/harbor
docker-compose stop
(2)
在部署Harbor的主机上运行以下命令以预览会影响哪些文件/镜像
注:上述选项”–dry-run”将打印进度而不删除任何数据。
docker run -it --name gc --rm --volumes-from registry vmware/registry-photon:v2.6.2-v1.5.0 garbage-collect --dry-run /etc/registry/config.yml
验证上述测试的结果,然后使用以下命令执行垃圾回收并重新启动Harbor。
docker run -it --name gc --rm --volumes-from registry vmware/registry-photon:v2.6.2-v1.5.0 garbage-collect /etc/registry/config.yml
(3)
重启harbor各组件镜像
docker-compose start
(4)
最后验证:
#blobs和repositories与删除前之前该目录文件大小做对比
du -sh /data/registry/docker/registry/v2/blobs
du -sh /data/registry/docker/registry/v2/repositories
注:实际操作时,harbor的剩余空间还是很小,于是,使用下面的方法:
Harbor镜像清理(包含清理无tag的镜像)
背景:harbor镜像仓库中推送过很多相同tag的镜像,无法通过harbor的UI界面执行删除
1.进入harbor安装目录,停止harbor服务"docker-compose stop"
root@linux:/home/harbor/make# ls
common docker-compose.clair.yml harbor.cfg NOTICE
config.yml docker-compose.notary.yml harbor.v1.6.1.tar.gz open_source_license
dle.sh docker-compose.yml install.sh prepare
docker-compose.chartmuseum.yml ha LICENSE
root@linux:/home/harbor/make# docker-compose stop
Stopping nginx ... done
Stopping harbor-jobservice ... done
Stopping harbor-ui ... done
Stopping harbor-adminserver ... done
Stopping registry ... done
Stopping registryctl ... done
Stopping harbor-db ... done
Stopping redis ... done
Stopping harbor-log ... done
root@linux:/home/harbor/make#
2.编辑 common/config/registry/config.yml文件
此文件在harbor安装目录下,关闭的目的是为了禁止身份验证
root@linux:/home/harbor/make# vim common/config/registry/config.yml
version: 0.1
log:
level: info
fields:
service: registry
storage:
cache:
layerinfo: redis
filesystem:
rootdirectory: /storage
maintenance:
uploadpurging:
enabled: false
delete:
enabled: true
redis:
addr: redis:6379
db: 1
http:
addr: :5000
secret: placeholder
debug:
addr: localhost:5001
# 注释掉以下6行文件即可,其余无需改动
#auth:
# token:
# issuer: harbor-token-issuer
# realm: http://192.168.11.225/service/token
# rootcertbundle: /etc/registry/root.crt
# service: harbor-registry
3.编辑 docker-compose.yml文件
root@linux:/home/harbor/make# vim docker-compose.yml
version: '2'
services:
log:
image: vmware/harbor-log:dev
container_name: harbor-log
restart: always
volumes:
- /var/log/harbor/:/var/log/docker/:z
- ./common/config/log/:/etc/logrotate.d/:z
ports:
- 127.0.0.1:1514:10514
networks:
- harbor
registry:
# 添加以下两行配置
ports:
- 127.0.0.1:5000:5000
image: vmware/registry-photon:v2.6.2-dev
4.启动harbor
root@linux:/home/harbor/make# docker-compose up -d
Starting harbor-log ... done
Starting registryctl ...
Starting harbor-adminserver ...
Starting harbor-db ...
Recreating registry ...
Recreating registry ... done
Recreating harbor-ui ... done
Recreating harbor-jobservice ...
Recreating harbor-jobservice ... done
5.将被覆盖过的镜像标记为可删除
(1)下载镜像“ mortensrasmussen/docker-registry-manifest-cleanup ”
docker pull mortensrasmussen/docker-registry-manifest-cleanup
(2)标记镜像
root@linux:/home/harbor/make# docker run --network="host" -it -v /data/registry:/registry -e REGISTRY_URL=http://127.0.0.1:5000 mortensrasmussen/docker-registry-manifest-cleanup
Running against local storage
Caught error trying to read manifest, ignoring.
Caught error trying to read manifest, ignoring.
Caught error trying to read manifest, ignoring.
Caught error trying to read manifest, ignoring.
Caught error trying to read manifest, ignoring.
Caught error trying to read manifest, ignoring.
Found 6094 manifests without tags. Deleting
Cleaning 1 of 6094
Cleaning 2 of 6094
Cleaning 3 of 6094
Cleaning 4 of 6094
Cleaning 5 of 6094
Cleaning 6 of 6094
...
Cleaning 6093 of 6094
Cleaning 6094 of 6094
Job done, Cleaned 6095 of 6094 manifests.
Please run a garbage-collect on the registry now to free up disk space.
6.执行删除已经被标记可删除的镜像
(1)停止harbor “docker-compose stop”
(2)删除镜像
root@linux:/home/harbor/make# docker run -it --name gc --rm --volumes-from registry vmware/registry-photon:v2.6.2-dev garbage-collect /etc/registry/config.yml
vse/postgres
vse/postgres: marking manifest sha256:28ab96b419e754b05e93109eb4e54fab7f19264e103743f77a6a33921a3a19a4
vse/postgres: marking blob sha256:f9b577fb1ed6ad42987f06b79889a4f140cb356aad67a61557c1683ea8009f13
vse/postgres: marking blob sha256:a5a6f2f73cd8abbdc55d0df0d8834f7262713e87d6c8800ea3851f103025e0f0
vse/postgres: marking blob sha256:e50fbea8af5a0d3f282443e820c3ea2a5223ca089ab906faea318922da594f2a
...
5014 blobs marked, 32370 blobs eligible for deletion
blob eligible for deletion: sha256:79288098314f078995df8a9b98168464bc72490eceadbea8870de277b00d9407
INFO[0004] Deleting blob: /docker/registry/v2/blobs/sha256/79/79288098314f078995df8a9b98168464bc72490eceadbea8870de277b00d9407 go.version=go1.7.3 instance.id=8cf9a0b5-7713-4b9f-929a-d3da354be01f service=registry
blob eligible for deletion: sha256:97583c8caf43066c64934b336c9c64622b03d9a492da024a4c13293beb656613
INFO[0004] Deleting blob: /docker/registry/v2/blobs/sha256/97/97583c8caf43066c64934b336c9c64622b03d9a492da024a4c13293beb656613 go.version=go1.7.3 instance.id=8cf9a0b5-7713-4b9f-929a-d3da354be01f service=registry
7.还原步骤二、步骤三修改的配置文件,重启harbor服务
docker-compose start
转载自(https://blog.csdn.net/kong2030/article/details/81331142)
(https://blog.csdn.net/zhangxiangui40542/article/details/98232303)