操作节点:node200.hzw.com 172.10.10.200
harbor镜像私服
下载harbor包
从github上获取:https://github.com/goharbor/harbor/releases
下载完离线安装包后传到目标节点
安装harbor
了解一点:
harbor启动后是多个容器的,其启动方式是使用docker-compose来进行编排的
上面下载的离线安装包,其实包含了启动harbor需要的所有镜像
安装docker-compose
因为harbor的install.sh中是使用docker-compose启动harbor的
-
下载docker-compose二进制运行程序
https://github.com/docker/compose/releases
-
拷贝到二进制程序到
/usr/bin
下并授执行权限
cp docker-compose-Linux-x86_64 /usr/bin/docker-compose
chmod +x /usr/bin/docker-compose
docker-compose -version
解压安装harbor
1.解压harbor离线安装包到/opt/harbor
下
tar -xzvf harbor-offline-installer-v2.1.4-rc1.tgz -C /opt/
2.配置/opt/harbor/harbor.yml
# The IP address or hostname to access admin UI and registry service.
# DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
hostname: harbor.ob.com
# http related config
http:
# port for http, default is 80. If https enabled, this port will redirect to https port
port: 800
# https related config
https:
# https port for harbor, default is 443
port: 443
# The path of cert and key files for nginx
certificate: /your/certificate/path
private_key: /your/private/key/path
# 默认管理员密码
harbor_admin_password: Harbor12345
database:
password: root123
max_idle_conns: 50
max_open_conns: 1000
data_volume: /data/harbor
log:
level: info
local:
# 日志轮转归档数量
rotate_count: 5
# 日志轮转大小
rotate_size: 200M
# 设置日志保存目录
location: /data/harbor/logs
TODO https后续还要看怎么使用
3.启动安装脚本
配置好harbor.yml配置后,就可以执行install脚本了./opt/harbor/install.sh
,安装执行步骤大致如下
[Step 0]: checking if docker is installed ...
Note: docker version: 20.10.4
[Step 1]: checking docker-compose is installed ...
Note: docker-compose version: 1.28.5
[Step 2]: loading Harbor images ...
Loaded image: goharbor/prepare:v2.1.4
Loaded image: goharbor/harbor-registryctl:v2.1.4
Loaded image: goharbor/notary-signer-photon:v2.1.4
Loaded image: goharbor/clair-photon:v2.1.4
Loaded image: goharbor/harbor-log:v2.1.4
Loaded image: goharbor/trivy-adapter-photon:v2.1.4
Loaded image: goharbor/chartmuseum-photon:v2.1.4
Loaded image: goharbor/harbor-core:v2.1.4
Loaded image: goharbor/harbor-jobservice:v2.1.4
Loaded image: goharbor/redis-photon:v2.1.4
Loaded image: goharbor/registry-photon:v2.1.4
Loaded image: goharbor/clair-adapter-photon:v2.1.4
Loaded image: goharbor/harbor-portal:v2.1.4
Loaded image: goharbor/harbor-db:v2.1.4
Loaded image: goharbor/nginx-photon:v2.1.4
Loaded image: goharbor/notary-server-photon:v2.1.4
[Step 3]: preparing environment ...
[Step 4]: preparing harbor configs ...
[Step 5]: starting Harbor ...
Creating network "harborv214_harbor" with the default driver
Creating harbor-log ... done
Creating registry ... done
Creating registryctl ... done
Creating harbor-portal ... done
Creating harbor-db ... done
Creating redis ... done
Creating harbor-core ... done
Creating harbor-jobservice ... done
Creating nginx ... done
✔ ----Harbor has been installed and started successfully.----
install.sh执行后,实际上在/opt/harbor目录下生成了
- 变量配置
common
目录docker-compose.yml
- 启动harbor的docker编排配置文件
后续可以直接使用或修改docker-compose.yml
手动使用docker-compose重启harbor容器编排群,比如修改端口映射呀什么的
此时我遇到一个大坑,用两天去解决:**访问harbor时curl: (56) Recv failure: Connection reset by peer
**
问题探索解决过程
我在虚拟机上部署的docker,其网络是虚拟网络,虚拟的docker0网桥需要设置成promiscuous模式,至于什么原因,我也不知道。。。
解决: ifconfig docker0 promisc
直接将docker0的mode设置成promiscuous模式,就可以了
注意具体是哪个网桥哦
感受一下:admin/Harbor12345
nginx代理harbor
安装nginx
- 添加源
到 cd /etc/yum.repos.d/ 目录下
vim nginx.repo
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/
gpgcheck=1
enabled=0
gpgkey=https://nginx.org/keys/nginx_signing.key
yum makecache
yum install nginx
配置nginx代理harbor服务
vi /etc/nginx/conf.d/harbor.hzwod.com.conf
server {
listen 80;
server_name harbor.hzwod.com;
client_max_body_size 1000m;
location / {
proxy_pass http://127.0.0.1:180;
}
}
client_max_body_size 1000m;
是为了防止镜像某一层过大导致nginx异常
nginx -t
测试一下nginx配置
systemctl start nginx
启动
systemctl enable nginx
自启
这个时候harbor已经能访问了,但我们还需要通过域名来访问,那就需要在我们自建dns上进行域名映射
域名映射
dns服务上配置,node11(172.10.10.11)上
vi /var/named/hzwod.com.zone
添加记录:harbor IN A 172.10.10.200
systemctl restart named
重启dns
其他细节参照自建dns那一节内容
docker登录harbor
- docker daemon.json
vi /etc/docker/daemon.json
将目标harbor服务域名配置到insecure-registries
中,否则docker loging时会通过通过ssl进行登录
我们现在测试暂不使用证书,故这样配置 docker login harbor.hzwod.com
docker tag hello-word:latest harbor.hzwod.com/public/hello-world:v.hzw
提前在harbor上创建public项目
docker push harbor.hzwod.com/public/hello-world:v.hzw
推送到harbor上docker pull harbor.hzwod.com/public/hello-world:v.hzw
拉取镜像