docker私有仓库-harbor的搭建

docker 官方提供的私有仓库 registry，用起来虽然简单 ，但在管理的功能上存在不足。 Harbor是一个用于存储和分发Docker镜像的企业级Registry服务器，harbor使用的是官方的docker registry(v2命名是distribution)服务去完成。harbor在docker distribution的基础上增加了一些安全、访问控制、管理的功能以满足企业对于镜像仓库的需求。

安装Harbor

1. 安装harbor之前需要安装docker  
2. 由于 Harbor 是基于 Docker Registry V2 版本，所以 docker 版本必须 >=1.10.0 docker-compose >=1.6.0
3. 下载最新版 Docker Compose   wget -c https://github.com/docker/compose/releases/download/v2.24.6/docker-compose-linux-x86_64 -o /usr/local/bin/docker-compose
4. 对二进制文件应用可执行权限： chmod +x /usr/local/bin/docker-compose
5. 测试是否安装成功 docker-compose --version

安装Harbor安装包

wget -c https://github.com/goharbor/harbor/releases/download/v2.0.2/harbor-offline-installer-v2.8.4.tgz

解压：wget -c https://github.com/goharbor/harbor/releases/download/v2.0.2/harbor-offline-installer-v2.8.4.tgz

cd /usr/local/harbor/

cp harbor.yml.tmpl harbor.yml

vim harbor.yml

修改3个地方：hostname，密码，注释掉https(没有配置证书启动会报错)

运行安装脚本

# 运行安装脚本 # ./install.sh

Harbor上传镜像

新建项目

新建用户，并设置为openlab的维护人员

从另一台主机上传镜像

修改配置文件，并登陆

[root@node1 ~]# cat /etc/docker/daemon.json 
{
 "registry-mirrors": ["https://registry.docker-cn.com","http://hub-mirror.c.163.com"],
 "live-restore": true, 
 "insecure-registries":["192.168.37.21:5000"],
 "insecure-registries":["reg.openlab.cn"]

}


[root@node1 ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.37.31 reg.openlab.cn


[root@node1 ~]# systemctl daemon-reload 
[root@node1 ~]# systemctl restart docker

[root@node1 ~]# docker login reg.openlab.cn
Username: tom
Password: 
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

将要上传的镜像tag，并push

[root@node1 ~]# docker tag busybox:latest reg.openlab.cn/openlab/busybox:v1
[root@node1 ~]# docker push reg.openlab.cn/openlab/busybox:v1

Harbor下载镜像

从另一台主机下载，修改另一台主机的配置文件

[root@node2 ~]# cat /etc/docker/daemon.json
{
 "insecure-registries":["192.168.37.21:5000"],
 "insecure-registries":["reg.openlab.cn"]

}

[root@node2 ~]# systemctl daemon-reload 
[root@node2 ~]# systemctl restart docker.service 

[root@node2 ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.37.31 reg.openlab.cn

[root@node2 ~]# docker pull reg.openlab.cn/openlab/busybox:v1
Error response from daemon: unauthorized: unauthorized to access repository: openlab/busybox, action: pull: unauthorized to access repository: openlab/busybox, action: pull

由于是私有仓库，直接下载是没有权限的，必须登陆

[root@node2 ~]# docker login reg.openlab.cn
Username: tom
Password: 
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

[root@node2 ~]# docker pull reg.openlab.cn/openlab/busybox:v1
v1: Pulling from openlab/busybox
3a2e9cc4b126: Pull complete 
Digest: sha256:db16cd196b8a37ba5f08414e6f6e71003d76665a5eac160cb75ad3759d8b3e29
Status: Downloaded newer image for reg.openlab.cn/openlab/busybox:v1


[root@node2 ~]# docker images
REPOSITORY                       TAG                 IMAGE ID            CREATED             SIZE
ubuntu                           latest              ca2b0f26964c        11 days ago         77.9MB
ubuntu                           18.04               f9a80a55f492        9 months ago        63.2MB
reg.openlab.cn/openlab/busybox   v1                  ba5dc23f65d4        9 months ago        4.26MB