Docker Private Registry(私有仓库)
Docker加速器
centos 7 registries加速器的配置方法
[root@localhost ~]# cat /etc/redhat-release
CentOS Linux release 7.5.1804 (Core)
[root@localhost ~]# cd /etc/containers/
[root@localhost containers]# ls
certs.d policy.json registries.d
oci registries.conf storage.conf
## registries.conf是用来配镜像仓库的
[root@localhost containers]# vim registries.conf
[registries.search] // 它的仓库默认情况下用https去访问
registries = ['docker.io'] // 把原来的镜像删掉。只留docker.io
[[docker.io]]
location="j3m2itm3.mirror.aliyuncs.com"
# [[registry]]
// 删除所有容器
[root@localhost ~]# podman rm -f -l
// 删除所有镜像
[root@localhost ~]# podman image rm -af
// 查看镜像
[root@localhost ~]# podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
// 拉镜像
[root@localhost ~]# podman pull nginx
Trying to pull docker.io/library/nginx...
Getting image source signatures
Copying blob ed835de16acd done
Copying blob 77700c52c969 done
Copying blob e5ae68f74026 done
Copying blob 881ff011f1c9 done
Copying blob 44be98c0fab6 done
Copying blob 21e0df283cd6 done
Copying config f652ca386e done
Writing manifest to image destination
Storing signatures
f652ca386ed135a4cbe356333e08ef0816f81b2ac8d0619af01e2b256837ed3e
[root@localhost ~]# podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/library/nginx latest f652ca386ed1 13 days ago 146 MB
centos 8 registries加速器的配置方法
[root@localhost ~]# cat /etc/redhat-release
CentOS Stream release 8
[root@localhost ~]# cd /etc/containers/
[root@localhost containers]# ls
certs.d policy.json registries.conf.d storage.conf
oci registries.conf registries.d
[root@localhost containers]# vim registries.conf
22 unqualified-search-registries = ["docker.io"]
23
24 [[registry]]
25 prefix="docker.io" // 表示去哪里拉
26 location="2bkybiwf.mirror.aliyuncs.com" // 加速器的位置
27
28 # [[registry]]
[root@localhost ~]# podman pull nginx
Resolving "nginx" using unqualified-search registries (/etc/containers/registries.conf)
Trying to pull docker.io/library/nginx:latest...
Getting image source signatures
Copying blob ed835de16acd done
Copying blob 881ff011f1c9 done
Copying blob 44be98c0fab6 done
Copying blob 21e0df283cd6 done
Copying blob e5ae68f74026 done
Copying blob 77700c52c969 done
Copying config f652ca386e done
Writing manifest to image destination
Storing signatures
f652ca386ed135a4cbe356333e08ef0816f81b2ac8d0619af01e2b256837ed3e
[root@localhost ~]# podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/library/nginx latest f652ca386ed1 13 days ago 146 MB
Docker Registry
网上有很多的Registry服务器都支持第三方用户注册,而后基于用户名去做自己的仓库,但是使用互联网上的Registry有一个缺陷,那就是我们去推送和下载镜像时都不会很快,而在生产环境中很可能并行启动的容器将达到几十、上百个,而且很有可能每个服务器本地是没有镜像的,此时如果通过互联网去下载镜像会有很多问题,比如下载速度会很慢、带宽会用很多等等,如果带宽不够的话,下载至启动这个过程可能要持续个几十分钟,这已然违背了使用容器会更加轻量、快速的初衷和目的。因此,很多时候我们很有可能需要去做自己的私有Registry。
Registry用于保存docker镜像,包括镜像的层次结构和元数据。用户可以自建Registry,也可以使用官方的Docker Hub。
Docker Registry分类:
- Sponsor Registry:第三方的Registry,供客户和Docker社区使用(收费)
- Mirror Registry:第三方的Registry,只让客户使用 (收费)
- Vendor Registry:由发布docker镜像的
供应商(官方docker hub镜像仓库)提供的registry - Private Registry(私有仓库):通过设有防火墙和额外的安全层的
私有实体(某一个公司内部)提供的registry
事实上,如果运维的系统环境托管在云计算服务上,比如阿里云,那么用阿里云的Registry则是最好的选择。很多时候我们的生产环境不会在本地,而是托管在数据中心机房里,如果我们在数据中心机房里的某台主机上部署Registry,因为都在同一机房,所以属于同一局域网,此时数据传输走内网,效率会极大的提升。
所有的Registry默认情况下都是基于https工作的,这是Docker的基本要求,而我自建Registry时很可能是基于http工作的,但是Docker默认是拒绝使用http提供Registry服务的,除非明确的告诉它,我们就是要用http协议的Registry。
Docker Private Registry
为了帮助我们快速创建私有Registry,Docker专门提供了一个名为Docker Distribution的软件包(centos7上面有),我们可以通过安装这个软件包快速构建私有仓库。
问:既然Docker是为了运行程序的,Docker Distribution能否运行在容器中?
容器时代,任何程序都应该运行在容器中,除了Kernel和init。而为了能够做Docker Private Registry,Docker Hub官方直接把Registry做成了镜像,我们可以直接将其pull到本地并启动为容器即可快速实现私有Registry。
Registry的主要作用是托管镜像,Registry运行在容器中,而容器自己的文件系统是随着容器的生命周期终止和删除而被删除的,所以当我们把Registry运行在容器中时,客户端上传了很多镜像,随着Registry容器的终止并删除,所有镜像都将化为乌有,因此这些镜像应该放在存储卷上,而且这个存储卷最好不要放在Docker主机本地,而应该放在一个网络共享存储上,比如NFS。不过,镜像文件自己定义的存储卷,还是一个放在Docker本地、Docker管理的卷,我们可以手动的将其改成使用其它文件系统的存储卷。
这就是使用容器来运行Registry的一种简单方式。自建Registry的另一种方式,就是直接安装docker-distribution软件。
使用docker-distribution自建Registry(了解即可)
适用于centos 7系统
在node02上自建Registry
[root@node02 ~]# yum -y install docker-distribution
[root@node02 ~]# vim /etc/docker-distribution/registry/config.yml
version: 0.1
log:
fields:
service: registry
storage:
cache: // 缓存
layerinfo: inmemory
filesystem: // 文件系统
rootdirectory: /var/lib/registry # 修改此处为一个容量大的磁盘分区目录
http:
addr: :5000
[root@node02 ~]# systemctl start docker-distribution
[root@node02 ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 100 [::1]:25 [::]:*
LISTEN 0 128 [::]:5000 [::]:*
LISTEN 0 128 [::]:22 [::]:*
在node01上使用自建的Registry去上传镜像
# 使用insecure-registries参数添加http支持
[root@node01 ~]# vim /etc/docker/daemon.json
{
"registry-mirrors": ["https://j3m2itm3.mirror.aliyuncs.com","https://registry.docker-cn.com"],
"insecure-registries": ["node02-linux.example.com:5000"]
}
[root@node01 ~]# systemctl restart docker
[root@node01 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
seancheng1002/b1 v0.2 42a777e26541 2 weeks ago 1.22MB
seancheng1002/b1 v0.1 bb54705dfd51 2 weeks ago 1.22MB
nginx latest 2073e0bcb60e 2 weeks ago 127MB
centos latest 470671670cac 5 weeks ago 237MB
busybox latest 6d5fcfe5ff17 8 weeks ago 1.22MB
[root@node01 ~]# docker tag nginx:latest node02-linux.example.com:5000/nginx:latest // 改名字
[root@node01 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
seancheng1002/b1 v0.2 42a777e26541 2 weeks ago 1.22MB
seancheng1002/b1 v0.1 bb54705dfd51 2 weeks ago 1.22MB
nginx latest 2073e0bcb60e 2 weeks ago 127MB
node02-linux.example.com:5000/nginx latest 2073e0bcb60e 2 weeks ago 127MB
centos latest 470671670cac 5 weeks ago 237MB
busybox latest 6d5fcfe5ff17 8 weeks ago 1.22MB
[root@node01 ~]# docker push node02-linux.example.com:5000/nginx
The push refers to repository [node02-linux.example.com:5000/nginx]
22439467ad99: Pushed
b4a29beac87c: Pushed
488dfecc21b1: Pushed
latest: digest: sha256:62f787b94e5faddb79f96c84ac0877aaf28fb325bfc3601b9c0934d4c107ba94 size: 948
使用官方镜像自建Registry(了解即可)
[root@node02 ~]# docker run -d -p 5000:5000 -v /opt/data/registry:/tmp/registry registry
[root@node02 ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 100 [::1]:25 [::]:*
LISTEN 0 128 [::]:5000 [::]:*
LISTEN 0 128 [::]:22 [::]:*
Harbor
无论是使用Docker-distribution去自建仓库,还是通过官方镜像跑容器的方式去自建仓库,通过前面的演示我们可以发现其是非常的简陋的,还不如直接使用官方的Docker Hub去管理镜像来得方便,至少官方的Docker Hub能够通过web界面来管理镜像,还能在web界面执行搜索,还能基于Dockerfile利用Webhooks和Automated Builds实现自动构建镜像的功能,用户不需要在本地执行docker build,而是把所有build上下文的文件作为一个仓库推送到github上,让Docker Hub可以从github上去pull这些文件来完成自动构建。
但无论官方的Docker Hub有多强大,它毕竟是在国外,所以速度是最大的瓶颈,我们很多时候是不可能去考虑使用官方的仓库的,但是上面说的两种自建仓库方式又十分简陋,不便管理,所以后来就出现了一个被 CNCF 组织青睐的项目,其名为Harbor。
Harbor简介
Harbor是由VMWare在Docker Registry的基础之上进行了二次封装,加进去了很多额外程序,而且提供了一个非常漂亮的web界面。
项目Harbor是一个开源的、受信任的云原生的仓库项目,用来存储、登录(用户管理)和查找镜像。
Harbor扩展了开源的Docker Distribution的功能,通过添加用户通常需要的功能,如安全、认证和管理。
Harbor支持高级特性,如用户管理、访问控制、活动监视和主从复制。
Harbor的功能
Feathers:
- 用户的登录与校验
- 安全性和漏洞分析
- 日志审计
- 身份验证和基于角色的访问控制
- 镜像实例的主从复制(高可用)
- 可扩展API和图形UI
- 支持的语言(当前支持英语和中文)
Docker Compose(编排工具)
Harbor在物理机上部署是非常难的,而为了简化Harbor的应用,Harbor官方直接把Harbor做成了在容器中运行的应用,而且这个容器在Harbor中依赖类似redis、mysql、pgsql等很多存储系统,所以它需要编排很多容器协同起来工作,因此VMWare Harbor在部署和使用时,需要借助于Docker的单机编排工具(Docker compose)来实现。
Compose是一个用于定义和运行多容器Docker应用程序的工具。使用Compose,您可以使用YAML文件来配置应用程序的服务。然后,通过一个命令,您可以创建并启动配置中的所有服务。
docker compose 常用命令与配置
docker-compose ps 列出所有运行的容器
docker-compose logs 查看服务日志输出
docker-compose port http 8080 输出 http 服务8080端口所绑定的公共端口
docker-compose build 构建或者重新构建服务
docker-compose start|stop eureka 启动|停止指定服务已存在的容器
docker-compose rm eureka 删除指定服务的容器
docker-compose up 构建、启动容器
docker-compose kill eureka 通过发送 SIGKILL 信号来停止指定服务的容器
docker-compose scale user=3 movie=3 设置指定服务运气容器的个数,以 service=num 形式指定
docker-compose run web bash 在一个服务上执行一个命令
docker-compose.yml 属性
version:指定 docker-compose.yml 文件的写法格式
services:多个容器集合
build:配置构建时,Compose 会利用它自动构建镜像,该值可以是一个路径,也可以是一个对象,用于指定 Dockerfile 参数
build: ./dir
或者
build:
context: ./dir
dockerfile: Dockerfile
args:
buildno: 1
command:覆盖容器启动后默认执行的命令
command: bundle exec thin -p 3000 #shell格式
或者
command: [bundle,exec,thin,-p,3000] #列表格式
dns:配置 dns 服务器,可以是一个值或列表
dns: 8.8.8.8 #值
或者
dns: #列表格式
- 8.8.8.8
- 9.9.9.9
environment:环境变量配置,可以用数组或字典两种方式
environment: #数组格式
RACK_ENV: development
SHOW: 'ture'
或者
environment: #字典格式
- RACK_ENV=development
- SHOW=ture
env_file:从文件中获取环境变量,可以指定一个文件路径或路径列表,其优先级低于environment 指定的环境变量
env_file: .env
或者
env_file:
- ./common.env
expose:暴露端口,只将端口暴露给连接的服务,而不暴露给主机
expose:
- "3000"
- "8000"
image:指定服务所使用的镜像
network_mode:设置网络模式
network_mode: "bridge"
network_mode: "host"
network_mode: "none"
network_mode: "service:[service name]"
network_mode: "container:[container name/id]"
ports:对外暴露的端口定义,和 expose 对应
ports: # 暴露端口信息 - "宿主机端口:容器暴露端口"
- "8763:8763"
- "8763:8763"
links:将指定容器连接到当前连接,可以设置别名,避免ip方式导致的容器重启动态改变的无法连接情况
links: # 指定服务名称:别名
- docker-compose-eureka-server:compose-eureka
volumes:卷挂载路径
volumes:
- /lib
- /var
Harbor部署
[root@localhost ~]# cd /etc/yum.repos.d/
[root@localhost yum.repos.d]# ls
CentOS-Stream-AppStream.repo CentOS-Stream-HighAvailability.repo
CentOS-Stream-BaseOS.repo CentOS-Stream-Media.repo
CentOS-Stream-Debuginfo.repo CentOS-Stream-PowerTools.repo
CentOS-Stream-Extras.repo CentOS-Stream-RealTime.repo
[root@localhost yum.repos.d]# curl -o docker-ce.repo https://mirrors.tuna.tsinghua.edu.cn/docker-ce/linux/centos/docker-ce.repo
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:- 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:- 0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:- 0 0 0 0 0 0 0 0 --:--:-- 0:00:02 --:-100 1919 100 1919 0 0 551 0 0:00:03 0:00:03 --:-100 1919 100 1919 0 0 551 0 0:00:03 0:00:03 --:--:-- 550
[root@localhost yum.repos.d]# ls
CentOS-Stream-AppStream.repo CentOS-Stream-Media.repo
CentOS-Stream-BaseOS.repo CentOS-Stream-PowerTools.repo
CentOS-Stream-Debuginfo.repo CentOS-Stream-RealTime.repo
CentOS-Stream-Extras.repo docker-ce.repo
CentOS-Stream-HighAvailability.repo
[root@localhost yum.repos.d]# sed -i 's@https://download.docker.com@https://mirrors.tuna.tsinghua.edu.cn/docker-ce@g' docker-ce.repo
[root@localhost yum.repos.d]# yum clean all
21 文件已删除
[root@localhost yum.repos.d]# yum8 makecache
CentOS Stream 8 - AppStream 1.1 MB/s | 18 MB 00:16
CentOS Stream 8 - BaseOS 1.4 MB/s | 16 MB 00:11
CentOS Stream 8 - Extras 16 kB/s | 16 kB 00:00
Docker CE Stable - x86_64 24 kB/s | 19 kB 00:00
元数据缓存已建立。
// 安装docker
[root@localhost ~]# dnf -y install docker-ce
// 运行此命令以下载Docker Compose的当前稳定版本:
[root@localhost ~]# curl -L --fail https://github.com/docker/compose/releases/download/1.29.2/run.sh -o /usr/local/bin/docker-compose
[root@localhost ~]# ll /usr/local/bin/
总用量 4
-rw-r--r--. 1 root root 2585 12月 15 21:47 docker-compose
[root@localhost ~]# chmod +x /usr/local/bin/docker-compose
[root@localhost ~]# which docker-compose
/usr/local/bin/docker-compose
[root@localhost ~]# echo $PATH
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin
// 上传harbor安装包并解压,然后修改配置文件
[root@localhost ~]# cd /usr/src/
[root@localhost src]# ls
debug harbor-offline-installer-v2.3.5.tgz kernels
[root@localhost src]# ls /usr/local/
bin etc games include lib lib64 libexec sbin share src
[root@localhost src]# tar xf harbor-offline-installer-v2.3.5.tgz -C /usr/local/
[root@localhost src]# ls /usr/local/
bin games include lib64 sbin src
etc harbor lib libexec share
[root@localhost src]# cd /usr/local/harbor/
[root@localhost harbor]# ls
common.sh harbor.yml.tmpl LICENSE
harbor.v2.3.5.tar.gz install.sh prepare
[root@localhost harbor]# cp harbor.yml.tmpl harbor.yml
[root@localhost harbor]# ls
common.sh harbor.yml install.sh prepare
harbor.v2.3.5.tar.gz harbor.yml.tmpl LICENSE
// 本机添加域名解析
[root@registry ~]# hostname
registry.example.com
[root@registry ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.47.160 registry.example.com
// 客户端添加域名解析
[root@localhost ~]# yum -y install docker-ce
[root@localhost ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.47.160 registry.example.com
// 检查是否能ping通
[root@localhost ~]# ping registry.example.com
PING registry.example.com (192.168.47.160) 56(84) bytes of data.
64 bytes from registry.example.com (192.168.47.160): icmp_seq=1 ttl=64 time=0.722 ms
64 bytes from registry.example.com (192.168.47.160): icmp_seq=2 ttl=64 time=0.481 ms
64 bytes from registry.example.com (192.168.47.160): icmp_seq=3 ttl=64 time=0.522 ms
^Z
[1]+ 已停止 ping registry.example.com
// 把hostname改成当前主机的域名
[root@localhost harbor]# vim harbor.yml
....... 此处省略多行
5 hostname: registry.example.com
.......此处省略多行
// 这里因为我们没有证书所以把它注释掉,如果你有证书,把证书的位置写上去就可以了
13 #https:
14 # https port for harbor, default is 443
15 # port: 443
16 # The path of cert and key files for nginx
17 # certificate: /your/certificate/path
18 # private_key: /your/private/key/path
........此处省略多行
34 harbor_admin_password: Harbor12345 // 管理员的密码,这个是登录harbor网页的密码
35
36 # Harbor DB configuration
37 database: // 数据库
38 # The password for the root user of Harbor DB. Change this bef ore any production use.
39 password: root123 // 数据库密码
40 # The maximum number of connections in the idle connection poo l. If it <=0, no idle connections are retained.
41 max_idle_conns: 100 // 最大的空闲连接数100个
42 # The maximum number of open connections to the database. If i t <= 0, then there is no limit on the number of open connections .
43 # Note: the default number of connections is 1024 for postgres of harbor.
44 max_open_conns: 900 // 最大的打开连接数是900个
45
46 # The default data volume
47 data_volume: /data // 数据存放位置;如果说是自己搭建仓库的话,就要放到一个共享存储的挂载点上去
........此处省略多行
118 rotate_size: 200M // 日志滚动,当日志超过200M就滚动一次,一个日志文件最多200M
.........此处省略多行
// 关闭防火墙和selinux
[root@registry ~]# cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
[root@registry ~]# systemctl disable --now firewalld
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@registry ~]# setenforce 0
// 执行install安装
[root@localhost harbor]# ./install.sh
........此处省略多行
[Step 5]: starting Harbor ...
Creating network "harbor_harbor" with the default driver
Creating harbor-log ... done
Creating registryctl ... done
Creating redis ... done
Creating harbor-portal ... done
Creating harbor-db ... done
Creating registry ... done
Creating harbor-core ... done
Creating nginx ... done
Creating harbor-jobservice ... done
✔ ----Harbor has been installed and started successfully.----
[root@localhost harbor]# systemctl enable --now docker
Created symlink /etc/systemd/system/multi-user.target.wants/docker.service → /usr/lib/systemd/system/docker.service.
// 查看镜像
[root@registry ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
goharbor/harbor-exporter v2.3.5 1730c6f650e2 5 days ago 81.9MB
goharbor/chartmuseum-photon v2.3.5 47004f032938 5 days ago 179MB
goharbor/redis-photon v2.3.5 3d0cedc89a0d 5 days ago 156MB
goharbor/trivy-adapter-photon v2.3.5 5c0212e98070 5 days ago 133MB
goharbor/notary-server-photon v2.3.5 f20a76c65359 5 days ago 111MB
goharbor/notary-signer-photon v2.3.5 b9fa38eef4d7 5 days ago 108MB
goharbor/harbor-registryctl v2.3.5 7a52567a76ca 5 days ago 133MB
goharbor/registry-photon v2.3.5 cf22d3e386b8 5 days ago 82.6MB
goharbor/nginx-photon v2.3.5 5e3b6d9ce11a 5 days ago 45.7MB
goharbor/harbor-log v2.3.5 a03e4bc963d6 5 days ago 160MB
goharbor/harbor-jobservice v2.3.5 2ac32df5a2e0 5 days ago 211MB
goharbor/harbor-core v2.3.5 23baee01156f 5 days ago 193MB
goharbor/harbor-portal v2.3.5 bb545cdedf5a 5 days ago 58.9MB
goharbor/harbor-db v2.3.5 9826c57a5749 5 days ago 221MB
goharbor/prepare v2.3.5 a1ceaabe47b2 5 days ago 255MB
docker/compose 1.29.2 32d8a4638cd8 7 months ago 76.2MB
// 查看所有容器
[root@registry ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ca44feb62716 goharbor/nginx-photon:v2.3.5 "nginx -g 'daemon of…" 8 minutes ago Up 8 minutes (unhealthy) 0.0.0.0:80->8080/tcp, :::80->8080/tcp nginx
bf8c8b306fbc goharbor/harbor-jobservice:v2.3.5 "/harbor/entrypoint.…" 8 minutes ago Up 8 minutes (unhealthy) harbor-jobservice
e04652ae7b14 goharbor/harbor-core:v2.3.5 "/harbor/entrypoint.…" 8 minutes ago Up 8 minutes (unhealthy) harbor-core
ae35ac65a7e0 goharbor/harbor-db:v2.3.5 "/docker-entrypoint.…" 8 minutes ago Up 8 minutes (healthy) harbor-db
374d1fc61f23 goharbor/registry-photon:v2.3.5 "/home/harbor/entryp…" 8 minutes ago Up 8 minutes (healthy) registry
94ef4c3938ad goharbor/harbor-portal:v2.3.5 "nginx -g 'daemon of…" 8 minutes ago Up 8 minutes (healthy) harbor-portal
b97ddcacdf5a goharbor/redis-photon:v2.3.5 "redis-server /etc/r…" 8 minutes ago Up 8 minutes (healthy) redis
579474e057fa goharbor/harbor-registryctl:v2.3.5 "/home/harbor/start.…" 8 minutes ago Up 8 minutes (healthy) registryctl
a646fbc29f95 goharbor/harbor-log:v2.3.5 "/bin/sh -c /usr/loc…" 8 minutes ago Up 8 minutes (healthy) 127.0.0.1:1514->10514/tcp harbor-log
使用IP登录管理Harbor:
登录成功后界面:
// 开启docker服务,关闭客户端防火墙和selinux
[root@localhost ~]# systemctl enable --now docker
[root@localhost ~]# systemctl disabled firewalld.service
[root@localhost ~]# setenforce 0
[root@localhost ~]# cat /etc/docker/daemon.json
{
"insecure-registries": ["registry.example.com"]
}
[root@localhost ~]# systemctl restart docker
// 登录
[root@localhost ~]# docker login registry.example.com
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
[root@localhost ~]# docker pull busybox
Using default tag: latest
latest: Pulling from library/busybox
3cb635b06aa2: Pull complete
Digest: sha256:b5cfd4befc119a590ca1a81d6bb0fa1fb19f1fbebd0397f25fae164abe1e8a6a
Status: Downloaded newer image for busybox:latest
docker.io/library/busybox:latest
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
busybox latest ffe9d497c324 7 days ago 1.24MB
[root@localhost ~]# docker tag busybox:latest registry.example.com/library/busybox:v0.1
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
busybox latest ffe9d497c324 7 days ago 1.24MB
registry.example.com/library/busybox v0.1 ffe9d497c324 7 days ago 1.24MB
[root@localhost ~]# docker push registry.example.com/library/busybox:v0.1
The push refers to repository [registry.example.com/library/busybox]
64cac9eaf0da: Pushed
v0.1: digest: sha256:50e44504ea4f19f141118a8a8868e6c5bb9856efa33f2183f5ccea7ac62aacc9 size: 527
网页上查看
// 删除
[root@localhost ~]# docker rmi registry.example.com/library/busybox:v0.1
Untagged: registry.example.com/library/busybox:v0.1
Untagged: registry.example.com/library/busybox@sha256:50e44504ea4f19f141118a8a8868e6c5bb9856efa33f2183f5ccea7ac62aacc9
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
busybox latest ffe9d497c324 7 days ago 1.24MB
// 拉镜像
[root@localhost ~]# docker pull registry.example.com/library/busybox:v0.1
v0.1: Pulling from library/busybox
Digest: sha256:50e44504ea4f19f141118a8a8868e6c5bb9856efa33f2183f5ccea7ac62aacc9
Status: Downloaded newer image for registry.example.com/library/busybox:v0.1
registry.example.com/library/busybox:v0.1
// 查看
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
busybox latest ffe9d497c324 7 days ago 1.24MB
registry.example.com/library/busybox v0.1 ffe9d497c324 7 days ago 1.24MB
[root@localhost ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 127.0.0.1:1514 0.0.0.0:*
LISTEN 0 128 0.0.0.0:80 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 128 [::]:80 [::]:*
[root@localhost harbor]# docker-compose stop
Stopping harbor-jobservice ... done
Stopping nginx ... done
Stopping harbor-core ... done
Stopping registryctl ... done
Stopping redis ... done
Stopping harbor-portal ... done
Stopping harbor-db ... done
Stopping registry ... done
Stopping harbor-log ... done
[root@localhost ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 127.0.0.1:1514 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
[root@localhost harbor]# docker-compose start
Starting log ... done
Starting registry ... done
Starting registryctl ... done
Starting postgresql ... done
Starting portal ... done
Starting redis ... done
Starting core ... done
Starting jobservice ... done
Starting proxy ... done
[root@localhost harbor]# pwd
/usr/local/harbor
使用Harbor的注意事项:
- 在客户端上传镜像时一定要记得执行docker login进行用户认证,否则无法直接push
- 在客户端使用的时候如果不是用的https则必须要在客户端的/etc/docker/daemon.json配置文件中配置insecure-registries参数
- 数据存放路径应在配置文件中配置到一个容量比较充足的共享存储中
- Harbor是使用docker-compose命令来管理的,如果需要停止Harbor也应用docker-compose stop来停止,其他参数请–help
扫一扫
532
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
