官网https://goharbor.io/
部署文档https://github.com/goharbor/harbor
Harbor概述
Habor是由VMWare公司开源的容器镜像仓库。事实上,Habor是在Docker Registry上进行了相应的企业级扩展,从而获得了更加广泛的应用,这些新的企业级特性包括:管理用户界面,基于角色的访问控制 ,AD/LDAP集成以及审计日志等,足以满足基本企业需求;另外之前学的Docker也有官方的docker hub,相当于github,需要外网,正常都是公有的,而Harbor可以在安全的环境管理和提供容器镜像
- 安全性:能够提供漏洞的分析、内容可以进行签名和验证
- 管理性:多租户、可扩展的API/Web UI、在多个Harbor实例当中我们能够进行镜像的复制(生产环境、测试环境就可以通过Harbor进行复制,这时候是通过Harbor下载)、基于身份的集成以及基于角色的访问
各组件功能如下:
- harbor-adminserver:配置管理中心
- harbor-dbMysql:数据库
- harbor-jobservice:负责镜像复制
- harbor-log:记录操作日志
- harbor-ui:Web管理页面和API
- nginx:前端代理,负责前端页面和镜像上传/下载转发
- redis:会话
- registry:镜像存储
harbor部署
Harbor安装有3种方式:
- 在线安装:从Docker Hub下载Harbor相关镜像,因此安装软件包非常小-
- 离线安装:安装包包含部署的相关镜像,因此安装包比较大
- OVA安装程序:当用户具有vCenter环境时,使用此安装程序,在部署OVA后启动Harbor
我们这里使用离线安装
docker部署
首先在阿里云上买两台机器,并安装docker,两台机器一起做
[root@hadoop001 ~]# yum install -y yum-utils \
device-mapper-persistent-data \
lvm2
[root@hadoop002 ~]# yum install -y yum-utils \
device-mapper-persistent-data \
lvm2
[root@hadoop001 ~]# yum-config-manager \
--add-repo \
https://download.docker.com/linux/centos/docker-ce.repo
[root@hadoop002 ~]# yum-config-manager \
--add-repo \
https://download.docker.com/linux/centos/docker-ce.repo
[root@hadoop001 ~]# yum install docker-ce docker-ce-cli containerd.io
[root@hadoop002 ~]# yum install docker-ce docker-ce-cli containerd.io
看到这里rc的版本,还是尽量不要去部署,因为这个更新还是很快的,一般选择非rc的最新版本
RC版:是Release Candidate的缩写,意思是发布倒计时,候选版本,处于Gamma阶段,该版本已经完成全部功能并清除大部分的BUG。到了这个阶段只会除BUG,不会对软件做任何大的更改。从Alpha到Beta再到Gamma是改进的先后关系,但RC1、RC2往往是取舍关系。
[root@hadoop001 soft]# rz -be
rz waiting to receive.
Starting zmodem transfer. Press Ctrl+C to cancel.
Transferring harbor-offline-installer-v1.8.1.tgz...
100% 547997 KB 4151 KB/sec 00:02:12 0 Errors
[root@hadoop001 soft]# scp harbor-offline-installer-v1.8.1.tgz 139.224.80.25:/root/
The authenticity of host '139.224.80.25 (139.224.80.25)' can't be established.
ECDSA key fingerprint is 03:81:aa:d1:46:84:33:81:2e:65:55:31:ab:63:9a:ec.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '139.224.80.25' (ECDSA) to the list of known hosts.
root@139.224.80.25's password:
docker compose部署
主要是为了运维和部署更加便捷,官方提供的一个管理的脚本
[root@hadoop001 soft]# curl -L https://github.com/docker/compose/releases/download/1.24.1/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 638 100 638 0 0 663 0 --:--:-- --:--:-- --:--:-- 663
100 15.4M 100 15.4M 0 0 16879 0 0:15:57 0:15:57 --:--:-- 22592
[root@hadoop001 ~]# cd /usr/local/bin/
[root@hadoop001 bin]# ll
total 15792
-rw-r--r-- 1 root root 16168192 Apr 20 21:44 docker-compose
[root@hadoop001 bin]#
[root@hadoop001 bin]# chmod +x /usr/local/bin/docker-compose
[root@hadoop001 bin]# which docker-compose
/usr/local/bin/docker-compose
[root@hadoop001 bin]#
https://github.com/goharbor/harbor/blob/master/docs/installation_guide.md
[root@hadoop001 soft]# tar -zxvf harbor-offline-installer-v1.8.1.tgz
drwxr-xr-x 2 root root 4096 Apr 20 22:37 harbor
-rw-r--r-- 1 root root 561149414 Aug 11 2019 harbor-offline-installer-v1.8.1.tgz
[root@hadoop001 soft]# cd harbor
[root@hadoop001 harbor]# ll
total 551212
-rw-r--r-- 1 root root 564403568 Jun 17 2019 harbor.v1.8.1.tar.gz
-rw-r--r-- 1 root root 4519 Jun 17 2019 harbor.yml //docker-compose要执行这个命令,必须要有docker-compose.yml ,根据这个文件去找,配套使用,但是现在公司用的比较少
-rwxr-xr-x 1 root root 5088 Jun 17 2019 install.sh
-rw-r--r-- 1 root root 11347 Jun 17 2019 LICENSE
-rwxr-xr-x 1 root root 1654 Jun 17 2019 prepare
[root@hadoop001 harbor]#
配置https
由于我们要配置https,不然部署完成就是以http的形式
https://github.com/goharbor/harbor/blob/master/docs/configure_https.md
[root@hadoop001 harbor]# mkdir https
[root@hadoop001 harbor]# cd https/
[root@hadoop001 https]# openssl genrsa -out ca.key 4096 //生成key
Generating RSA private key, 4096 bit long modulus
.................................................................++
......................++
e is 65537 (0x10001)
[root@hadoop001 https]# ll
total 4
-rw-r--r-- 1 root root 3243 Apr 20 22:39 ca.key
[root@hadoop001 https]#
认证文件
[root@hadoop001 https]# openssl req -x509 -new -nodes -sha512 -days 3650 \
-subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=hadoop001" \ //修改主机名
-key ca.key \
-out ca.crt
[root@hadoop001 https]# openssl genrsa -out hadoop001.key 4096
Generating RSA private key, 4096 bit long modulus
..................................++
.............................................................................................................................................................................................................................................................++
e is 65537 (0x10001)
[root@hadoop001 https]#
[root@hadoop001 https]# openssl req -sha512 -new \
-subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=hadoop001" \
-key hadoop001.key \
-out hadoop001.csr
//上述两步是官网上的,可以直接按照以下的操作
[root@hadoop001 https]# openssl req \
> -newkey rsa:4096 -nodes -sha256 -keyout ca.key \
> -x509 -days 365 -out ca.crt
Generating a 4096 bit RSA private key
..................++
...........++
writing new private key to 'ca.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:sh
Locality Name (eg, city) [Default City]:sh
Organization Name (eg, company) [Default Company Ltd]:rz
Organizational Unit Name (eg, section) []:rz
Common Name (eg, your name or your server's hostname) []:hadoop001
Email Address []:j@rz.com
[root@hadoop001 https]#
[root@hadoop001 https]# openssl req \
> -newkey rsa:4096 -nodes -sha256 -keyout hadoop001.key \
> -out hadoop001.csr
Generating a 4096 bit RSA private key
.............................++
......................................++
writing new private key to 'hadoop001.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:sh
State or Province Name (full name) []:sh
Locality Name (eg, city) [Default City]:sh
Organization Name (eg, company) [Default Company Ltd]:rz
Organizational Unit Name (eg, section) []:rz
Common Name (eg, your name or your server's hostname) []:hadoop001
Email Address []:j@ruoze.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@hadoop001 https]#
[root@hadoop001 https]# openssl x509 \
> -req -days 365 -in hadoop001.csr \
> -CA ca.crt -CAkey ca.key \
> -CAcreateserial \
> -out hadoop001.crt
Signature ok
subject=/C=sh/ST=sh/L=sh/O=rz/OU=rz/CN=hadoop001/emailAddress=j@ruoze.com
Getting CA Private Key
[root@hadoop001 https]#
[root@hadoop001 https]# ll
total 24
-rw-r--r-- 1 root root 2033 Apr 20 22:59 ca.crt
-rw-r--r-- 1 root root 3272 Apr 20 22:59 ca.key
-rw-r--r-- 1 root root 17 Apr 20 23:06 ca.srl
-rw-r--r-- 1 root root 1919 Apr 20 23:06 hadoop001.crt
-rw-r--r-- 1 root root 1712 Apr 20 23:05 hadoop001.csr
-rw-r--r-- 1 root root 3272 Apr 20 23:05 hadoop001.key
[root@hadoop001 https]#
修改配置文件
[root@hadoop001 harbor]# vi harbor.yml
必填参数,不会改的使用默认就行
hostname: hadoop001 #主机名,例如:192.168.1.10或reg.yourdomain.com。不要使用localhost或127.0.0.1作为主机名
data_volume: /data #存储harbor数据的位置
harbor_admin_password: Harbor12345 #管理员的初始密码,默认用户名/密码为admin/Harbor12345
database:
password: root123 #用于db_auth的PostgreSQL数据库的root密码
jobservice:
max_job_workers: 10 #最大同时工作者数
log:
level: info #日志等级,debug, info, warning, error, fatal
rotate_count: 50
rotate_size: 200M
location: /var/log/harbor #存储日志的目录
选填参数
http:
port: 28083 #http的端口号
https: #如果启用了公证,则必须设置为https
# # https port for harbor, default is 443
port: 443 #https的端口号
#The path of cert and key files for nginx
certificate: /data/cert/hadoop001.crt #SSL证书的路径,仅在协议设置为https时应用
private_key: /data/cert/hadoop001.key #SSL密钥的路径,仅在协议设置为https时应用
[root@hadoop001 harbor]# mkdir /data/cert/
[root@hadoop001 harbor]# cd https/
[root@hadoop001 https]# ll
total 24
-rw-r--r-- 1 root root 2033 Apr 20 22:59 ca.crt
-rw-r--r-- 1 root root 3272 Apr 20 22:59 ca.key
-rw-r--r-- 1 root root 17 Apr 20 23:06 ca.srl
-rw-r--r-- 1 root root 1919 Apr 20 23:06 hadoop001.crt
-rw-r--r-- 1 root root 1712 Apr 20 23:05 hadoop001.csr
-rw-r--r-- 1 root root 3272 Apr 20 23:05 hadoop001.key
[root@hadoop001 https]# cp hadoop001.crt /data/cert/
[root@hadoop001 https]# cp hadoop001.key /data/cert/
docker启动
[root@hadoop001 harbor]# systemctl start docker
[root@hadoop001 harbor]# systemctl status docker
● docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor preset: disabled)
Active: active (running) since Tue 2020-04-21 14:15:18 CST; 6s ago
Docs: https://docs.docker.com
Main PID: 3530 (dockerd)
Memory: 155.0M
CGroup: /system.slice/docker.service
└─3530 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
Apr 21 14:15:18 hadoop001 dockerd[3530]: time="2020-04-21T14:15:18.163909335+08:00" level=info msg="ClientConn switching bala...le=grpc
Apr 21 14:15:18 hadoop001 dockerd[3530]: time="2020-04-21T14:15:18.176644776+08:00" level=info msg="[graphdriver] using prior...erlay2"
Apr 21 14:15:18 hadoop001 dockerd[3530]: time="2020-04-21T14:15:18.377507035+08:00" level=info msg="Loading containers: start."
Apr 21 14:15:18 hadoop001 dockerd[3530]: time="2020-04-21T14:15:18.552235698+08:00" level=info msg="Default bridge (docker0) ...ddress"
Apr 21 14:15:18 hadoop001 dockerd[3530]: time="2020-04-21T14:15:18.583179561+08:00" level=info msg="Loading containers: done."
Apr 21 14:15:18 hadoop001 dockerd[3530]: time="2020-04-21T14:15:18.660983981+08:00" level=warning msg="Not using native diff ...verlay2
Apr 21 14:15:18 hadoop001 dockerd[3530]: time="2020-04-21T14:15:18.661137848+08:00" level=info msg="Docker daemon" commit=afa...19.03.8
Apr 21 14:15:18 hadoop001 dockerd[3530]: time="2020-04-21T14:15:18.661595807+08:00" level=info msg="Daemon has completed init...zation"
Apr 21 14:15:18 hadoop001 systemd[1]: Started Docker Application Container Engine.
Apr 21 14:15:18 hadoop001 dockerd[3530]: time="2020-04-21T14:15:18.680356720+08:00" level=info msg="API listen on /var/run/docker.sock"
Hint: Some lines were ellipsized, use -l to show in full.
[root@hadoop001 harbor]#
运行install.sh安装并启动Harbor
[root@hadoop001 harbor]# ./install.sh
[Step 3]: starting Harbor ...
Creating network "harbor_harbor" with the default driver
Creating harbor-log ... done
Creating registry ... done
Creating registryctl ... done
Creating redis ... done
Creating harbor-db ... done
Creating harbor-core ... done
Creating harbor-jobservice ... done
Creating harbor-portal ... done
Creating nginx ... done
✔ ----Harbor has been installed and started successfully.----
Now you should be able to visit the admin portal at https://hadoop001.
For more details, please visit https://github.com/goharbor/harbor .
[root@hadoop001 harbor]#
[root@hadoop001 harbor]# docker-compose ps //harbor所有依赖的组件,全部打印出来
Name Command State Ports
------------------------------------------------------------------------------------------------------------
harbor-core /harbor/start.sh Up (healthy)
harbor-db /entrypoint.sh postgres Up (healthy) 5432/tcp
harbor-jobservice /harbor/start.sh Up
harbor-log /bin/sh -c /usr/local/bin/ ... Up (healthy) 127.0.0.1:1514->10514/tcp
harbor-portal nginx -g daemon off; Up (healthy) 80/tcp
nginx nginx -g daemon off; Up (healthy) 0.0.0.0:443->443/tcp, 0.0.0.0:80->80/tcp
redis docker-entrypoint.sh redis ... Up 6379/tcp
registry /entrypoint.sh /etc/regist ... Up (healthy) 5000/tcp
registryctl /harbor/start.sh Up (healthy)
[root@hadoop001 harbor]#
[root@hadoop001 harbor]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
0468e18f18fd goharbor/nginx-photon:v1.8.1 "nginx -g 'daemon of…" 5 minutes ago Up 5 minutes (healthy) 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp nginx
7d0b755b719c goharbor/harbor-portal:v1.8.1 "nginx -g 'daemon of…" 5 minutes ago Up 5 minutes (healthy) 80/tcp harbor-portal
856ac8203bee goharbor/harbor-jobservice:v1.8.1 "/harbor/start.sh" 5 minutes ago Up 5 minutes harbor-jobservice
8434ad65506a goharbor/harbor-core:v1.8.1 "/harbor/start.sh" 5 minutes ago Up 5 minutes (healthy) harbor-core
c1740c68ffde goharbor/redis-photon:v1.8.1 "docker-entrypoint.s…" 5 minutes ago Up 5 minutes 6379/tcp redis
25e05aaf7c24 goharbor/harbor-db:v1.8.1 "/entrypoint.sh post…" 5 minutes ago Up 5 minutes (healthy) 5432/tcp harbor-db
0197df773332 goharbor/harbor-registryctl:v1.8.1 "/harbor/start.sh" 5 minutes ago Up 5 minutes (healthy) registryctl
9e3b6ea51795 goharbor/registry-photon:v2.7.1-patch-2819-v1.8.1 "/entrypoint.sh /etc…" 5 minutes ago Up 5 minutes (healthy) 5000/tcp registry
2eab5a86b05f goharbor/harbor-log:v1.8.1 "/bin/sh -c /usr/loc…" 5 minutes ago Up 5 minutes (healthy) 127.0.0.1:1514->10514/tcp harbor-log
[root@hadoop001 harbor]#
//这时候你如果需要停的话,可以直接使用docker-compose down 命令,而如果使用docker的话,需要一个一个停,不方便
登陆
启动第二台机器的docker
[root@hadoop002 ~]# systemctl start docker
[root@hadoop002 ~]# systemctl status docker
● docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor preset: disabled)
Active: active (running) since Tue 2020-04-21 15:09:49 CST; 9s ago
Docs: https://docs.docker.com
Main PID: 4116 (dockerd)
Memory: 145.3M
CGroup: /system.slice/docker.service
└─4116 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
Apr 21 15:09:49 hadoop002 dockerd[4116]: time="2020-04-21T15:09:49.065523660+08:00" level=info msg="ccResolverWrapper: sendin...le=grpc
Apr 21 15:09:49 hadoop002 dockerd[4116]: time="2020-04-21T15:09:49.065534421+08:00" level=info msg="ClientConn switching bala...le=grpc
Apr 21 15:09:49 hadoop002 dockerd[4116]: time="2020-04-21T15:09:49.088115566+08:00" level=info msg="Loading containers: start."
Apr 21 15:09:49 hadoop002 dockerd[4116]: time="2020-04-21T15:09:49.167522044+08:00" level=info msg="Default bridge (docker0) ...ddress"
Apr 21 15:09:49 hadoop002 dockerd[4116]: time="2020-04-21T15:09:49.213692154+08:00" level=info msg="Loading containers: done."
Apr 21 15:09:49 hadoop002 dockerd[4116]: time="2020-04-21T15:09:49.267185907+08:00" level=warning msg="Not using native diff ...verlay2
Apr 21 15:09:49 hadoop002 dockerd[4116]: time="2020-04-21T15:09:49.267401258+08:00" level=info msg="Docker daemon" commit=afa...19.03.8
Apr 21 15:09:49 hadoop002 dockerd[4116]: time="2020-04-21T15:09:49.267478290+08:00" level=info msg="Daemon has completed init...zation"
Apr 21 15:09:49 hadoop002 systemd[1]: Started Docker Application Container Engine.
Apr 21 15:09:49 hadoop002 dockerd[4116]: time="2020-04-21T15:09:49.285847278+08:00" level=info msg="API listen on /var/run/docker.sock"
Hint: Some lines were ellipsized, use -l to show in full.
[root@hadoop002 ~]#
尝试登陆
一般的我们是要将harbor取代常用的docker hub,这时候我们先尝试登陆
[root@hadoop001 harbor]# docker login hadoop001
Username: admin
Password:
Error response from daemon: Get https://hadoop001/v2/: x509: certificate signed by unknown authority
[root@hadoop001 harbor]#
//这时候会发现登陆不进去,然后试下用内网IP
[root@hadoop001 harbor]# docker login 172.19.242.225
Username: admin
Password:
Error response from daemon: Get https://172.19.242.225/v2/: x509: cannot validate certificate for 172.19.242.225 because it doesn't contain any IP SANs
//也是登陆不进去
[root@hadoop001 harbor]# docker login --help
Usage: docker login [OPTIONS] [SERVER]
Log in to a Docker registry.
If no server is specified, the default is defined by the daemon.
Options:
-p, --password string Password
--password-stdin Take the password from stdin
-u, --username string Username
[root@hadoop001 harbor]#
//如果后面不带hostname的话,那就是登陆的官方的
[root@hadoop001 harbor]# mkdir -p /etc/docker/certs.d/hadoop001/
[root@hadoop001 harbor]# cd https/
[root@hadoop001 https]# ll
total 24
-rw-r--r-- 1 root root 2033 Apr 20 22:59 ca.crt
-rw-r--r-- 1 root root 3272 Apr 20 22:59 ca.key
-rw-r--r-- 1 root root 17 Apr 20 23:06 ca.srl
-rw-r--r-- 1 root root 1919 Apr 20 23:06 hadoop001.crt
-rw-r--r-- 1 root root 1712 Apr 20 23:05 hadoop001.csr
-rw-r--r-- 1 root root 3272 Apr 20 23:05 hadoop001.key
[root@hadoop001 https]# cp ca.crt /etc/docker/certs.d/hadoop001/
[root@hadoop001 https]# cp hadoop001.crt /etc/docker/certs.d/hadoop001/
[root@hadoop001 https]# cp hadoop001.key /etc/docker/certs.d/hadoop001/
[root@hadoop001 https]# ll /etc/docker/certs.d/hadoop001/
total 12
-rw-r--r-- 1 root root 2033 Apr 21 15:21 ca.crt
-rw-r--r-- 1 root root 1919 Apr 21 15:22 hadoop001.crt
-rw-r--r-- 1 root root 3272 Apr 21 15:22 hadoop001.key
[root@hadoop001 https]#
//先把harbor关了
[root@hadoop001 harbor]# docker-compose down
Stopping nginx ... done
Stopping harbor-portal ... done
Stopping harbor-jobservice ... done
Stopping harbor-core ... done
Stopping redis ... done
Stopping harbor-db ... done
Stopping registryctl ... done
Stopping registry ... done
Stopping harbor-log ... done
Removing nginx ... done
Removing harbor-portal ... done
Removing harbor-jobservice ... done
Removing harbor-core ... done
Removing redis ... done
Removing harbor-db ... done
Removing registryctl ... done
Removing registry ... done
Removing harbor-log ... done
Removing network harbor_harbor
[root@hadoop001 harbor]#
//这是关闭和移除,应该用stop,等会儿重新安装一下
[root@hadoop001 harbor]# systemctl restart docker
//重新部署harbor,之前的install脚本是第一次使用
[root@hadoop001 harbor]# ./prepare
prepare base dir is set to /root/soft/harbor
Clearing the configuration file: /config/nginx/nginx.conf
Clearing the configuration file: /config/db/env
Clearing the configuration file: /config/registryctl/config.yml
Clearing the configuration file: /config/registryctl/env
Clearing the configuration file: /config/core/app.conf
Clearing the configuration file: /config/core/env
Clearing the configuration file: /config/log/logrotate.conf
Clearing the configuration file: /config/cert/server.crt
Clearing the configuration file: /config/cert/server.key
Clearing the configuration file: /config/registry/root.crt
Clearing the configuration file: /config/registry/config.yml
Clearing the configuration file: /config/jobservice/config.yml
Clearing the configuration file: /config/jobservice/env
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
loaded secret from file: /secret/keys/secretkey
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir
[root@hadoop001 harbor]#
[root@hadoop001 harbor]# docker-compose up -d
Creating network "harbor_harbor" with the default driver
Creating harbor-log ... done
Creating redis ... done
Creating registry ... done
Creating registryctl ... done
Creating harbor-db ... done
Creating harbor-core ... done
Creating harbor-portal ... done
Creating harbor-jobservice ... done
Creating nginx ... done
[root@hadoop001 harbor]#
[root@hadoop001 harbor]# docker login hadoop001
Username: admin
Password:
Error response from daemon: Missing client certificate hadoop001.cert for key hadoop001.key
[root@hadoop001 harbor]#
//再一次登陆的时候发现丢失了key
[root@hadoop001 harbor]# cd /etc/docker/certs.d/hadoop001/
[root@hadoop001 hadoop001]# ll
total 12
-rw-r--r-- 1 root root 2033 Apr 21 15:21 ca.crt
-rw-r--r-- 1 root root 1919 Apr 21 15:22 hadoop001.crt
-rw-r--r-- 1 root root 3272 Apr 21 15:22 hadoop001.key
[root@hadoop001 hadoop001]# mv hadoop001.crt hadoop001.cert
[root@hadoop001 hadoop001]# systemctl restart docker
[root@hadoop001 harbor]# docker-compose ps
Name Command State Ports
---------------------------------------------------------------------------------------------------------------------
harbor-core /harbor/start.sh Up (health: starting)
harbor-db /entrypoint.sh postgres Exit 255
harbor-jobservice /harbor/start.sh Exit 137
harbor-log /bin/sh -c /usr/local/bin/ ... Up (healthy) 127.0.0.1:1514->10514/tcp
harbor-portal nginx -g daemon off; Up (healthy) 80/tcp
nginx nginx -g daemon off; Up (healthy) 0.0.0.0:443->443/tcp, 0.0.0.0:80->80/tcp
redis docker-entrypoint.sh redis ... Exit 137
registry /entrypoint.sh /etc/regist ... Exit 137
registryctl /harbor/start.sh Up (healthy)
[root@hadoop001 harbor]#
//发现有exit退出,我们再up一下
[root@hadoop001 harbor]# docker-compose up -d
harbor-log is up-to-date
Starting registry ...
Starting registry ... done
registryctl is up-to-date
Starting harbor-db ...
Starting redis ... done
Starting harbor-db ... done
Starting harbor-jobservice ...
Starting harbor-jobservice ... done
[root@hadoop001 harbor]#
[root@hadoop001 harbor]# docker-compose ps
Name Command State Ports
------------------------------------------------------------------------------------------------------------
harbor-core /harbor/start.sh Up (healthy)
harbor-db /entrypoint.sh postgres Up (healthy) 5432/tcp
harbor-jobservice /harbor/start.sh Up
harbor-log /bin/sh -c /usr/local/bin/ ... Up (healthy) 127.0.0.1:1514->10514/tcp
harbor-portal nginx -g daemon off; Up (healthy) 80/tcp
nginx nginx -g daemon off; Up (healthy) 0.0.0.0:443->443/tcp, 0.0.0.0:80->80/tcp
redis docker-entrypoint.sh redis ... Up 6379/tcp
registry /entrypoint.sh /etc/regist ... Up (healthy) 5000/tcp
registryctl /harbor/start.sh Up (healthy)
[root@hadoop001 harbor]#
[root@hadoop001 harbor]# docker login hadoop001
Username: admin
Password:
Error response from daemon: login attempt to https://hadoop001/v2/ failed with status: 502 Bad Gateway
[root@hadoop001 harbor]# vim /etc/docker/daemon.json
//登陆报错
[root@hadoop001 hadoop001]# cd /etc/docker/
[root@hadoop001 docker]# ll
total 8
drwxr-xr-x 3 root root 4096 Apr 21 15:20 certs.d
-rw------- 1 root root 244 Apr 19 12:37 key.json
[root@hadoop001 docker]# vi key.json
{"crv":"P-256","d":"nm1w3sC1A-AYZMndOiogZ4FXwXkFLjciSrdsdrVXd-I","kid":"X42J:NEYW:BFQ4:N2LJ:KZDV:GW2I:D64D:QT54:6HLT:JE3A:QS7H:VVFF","k
ty":"EC","x":"UTsrVqveNvoq0qDoK2ffMV1fCsNLyyYD6a_a_5kgdYs","y":"sJFrW5Sx7jgNqYxgt9qwS2J6am0r2N6NI1qGP3J0R4E","insecure-registries" : ["
hadoop001"]}
//添加"insecure-registries" : ["hadoop001"]
[root@hadoop001 harbor]# docker login hadoop001
Username: admin
Password:
Error response from daemon: login attempt to https://hadoop001/v2/ failed with status: 502 Bad Gateway
//发现一样报错
[root@hadoop001 harbor]# docker-compose ps
Name Command State Ports
---------------------------------------------------------------------------------------------
harbor-core /harbor/start.sh Exit 137
harbor-db /entrypoint.sh postgres Up (healthy) 5432/tcp
harbor-jobservice /harbor/start.sh Up
harbor-log /bin/sh -c /usr/local/bin/ ... Up (healthy) 127.0.0.1:1514->10514/tcp
harbor-portal nginx -g daemon off; Up (healthy) 80/tcp
nginx nginx -g daemon off; Restarting
redis docker-entrypoint.sh redis ... Up 6379/tcp
registry /entrypoint.sh /etc/regist ... Up (healthy) 5000/tcp
registryctl /harbor/start.sh Exit 137
[root@hadoop001 harbor]# docker-compose up -d
harbor-log is up-to-date
registry is up-to-date
redis is up-to-date
Starting registryctl ...
Starting registryctl ... done
Starting harbor-core ... done
harbor-jobservice is up-to-date
harbor-portal is up-to-date
nginx is up-to-date
//这时候发现报如下错
[root@hadoop001 harbor]# docker login hadoop001
Username: admin
Password:
Error response from daemon: Get https://hadoop001/v2/: dial tcp 172.19.242.225:443: connect: connection refused
[root@hadoop001 harbor]# find / -name docker.service -type f
/usr/lib/systemd/system/docker.service
[root@hadoop001 harbor]# cat /usr/lib/systemd/system/docker.service
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
BindsTo=containerd.service
After=network-online.target firewalld.service containerd.service
Wants=network-online.target
Requires=docker.socket
[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always
# Note that StartLimit* options were moved from "Service" to "Unit" in systemd 229.
# Both the old, and new location are accepted by systemd 229 and up, so using the old location
# to make them work for either version of systemd.
StartLimitBurst=3
# Note that StartLimitInterval was renamed to StartLimitIntervalSec in systemd 230.
# Both the old, and new name are accepted by systemd 230 and up, so using the old name to make
# this option work for either version of systemd.
StartLimitInterval=60s
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
# Comment TasksMax if your systemd version does not support it.
# Only systemd 226 and above support this option.
TasksMax=infinity
# set delegate yes so that systemd does not reset the cgroups of docker containers
Delegate=yes //这里需要是yes
# kill only the docker process, not all processes in the cgroup
KillMode=process
[Install]
WantedBy=multi-user.target
//发现配置无问题,直接重启
[root@hadoop001 harbor]# systemctl daemon-reload
[root@hadoop001 harbor]# systemctl restart docker
//登陆成功
[root@hadoop001 harbor]# docker login hadoop001
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
//登陆成功后会产生.docker的文件
[root@hadoop001 harbor]# cd
[root@hadoop001 ~]# ll -a
total 80
dr-xr-x---. 10 root root 4096 Apr 21 16:12 .
dr-xr-xr-x. 19 root root 4096 Apr 21 14:19 ..
-rw------- 1 root root 4454 Apr 20 23:07 .bash_history
-rw-r--r--. 1 root root 18 Dec 29 2013 .bash_logout
-rw-r--r--. 1 root root 176 Dec 29 2013 .bash_profile
-rw-r--r--. 1 root root 176 Dec 29 2013 .bashrc
drwx------ 3 root root 4096 Aug 17 2017 .cache
-rw-r--r--. 1 root root 100 Dec 29 2013 .cshrc
drwxr-xr-x 3 root root 4096 Apr 19 16:05 docker
drwx------ 2 root root 4096 Apr 21 16:12 .docker
drwxr-xr-x 3 root root 4096 Apr 20 12:38 mysql
drwxr-xr-x 2 root root 4096 Aug 17 2017 .pip
drwxr----- 3 root root 4096 Apr 19 12:28 .pki
-rw-r--r-- 1 root root 64 Aug 17 2017 .pydistutils.cfg
-rw------- 1 root root 1024 Apr 20 23:06 .rnd
drwxr-xr-x 3 root root 4096 Apr 20 22:37 soft
drwx------ 2 root root 4096 Apr 20 21:07 .ssh
-rw-r--r--. 1 root root 129 Dec 29 2013 .tcshrc
-rw------- 1 root root 620 Apr 21 15:54 .viminfo
[root@hadoop001 ~]#
[root@hadoop001 ~]# cd .docker/
[root@hadoop001 .docker]# ll
total 4
-rw------- 1 root root 147 Apr 21 16:12 config.json
[root@hadoop001 .docker]# cat config.json
{
"auths": {
"hadoop001": {
"auth": "YWRtaW46SGFyYm9yMTIzNDU="
}
},
"HttpHeaders": {
"User-Agent": "Docker-Client/19.03.8 (linux)"
}
}[root@hadoop001 .docker]#
//发现用内网IP登陆不成功
[root@hadoop001 harbor]# docker login 172.19.242.225
Username: admin
Password:
Error response from daemon: Get https://172.19.242.225/v2/: x509: cannot validate certificate for 172.19.242.225 because it doesn't contain any IP SANs
创建项目
测试
[root@hadoop001 .docker]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
mysql rz 2360233f9f6a 27 hours ago 454MB
mysql 5.7 273c7fcf9499 3 days ago 455MB
nginx latest e791337790a6 3 days ago 127MB
debian buster-slim 4e22ed854b0a 5 days ago 69.2MB
hello-world latest bf756fb1ae65 3 months ago 13.3kB
goharbor/chartmuseum-photon v0.8.1-v1.8.1 ef41a1168648 10 months ago 113MB
goharbor/harbor-migrator v1.8.1 c66a77415297 10 months ago 367MB
goharbor/redis-photon v1.8.1 4bca1a23b865 10 months ago 105MB
goharbor/clair-photon v2.0.8-v1.8.1 32e97276b570 10 months ago 164MB
goharbor/notary-server-photon v0.6.1-v1.8.1 167bf40fafa6 10 months ago 135MB
goharbor/notary-signer-photon v0.6.1-v1.8.1 e897887daa34 10 months ago 132MB
goharbor/harbor-registryctl v1.8.1 94ff7551440f 10 months ago 96.3MB
goharbor/registry-photon v2.7.1-patch-2819-v1.8.1 179cd056fc97 10 months ago 81.4MB
goharbor/nginx-photon v1.8.1 67d9e02bf1f3 10 months ago 36MB
goharbor/harbor-log v1.8.1 07c1d1bb675d 10 months ago 81.5MB
goharbor/harbor-jobservice v1.8.1 74b018ae96fc 10 months ago 119MB
goharbor/harbor-core v1.8.1 3b1aba49bfbd 10 months ago 135MB
goharbor/harbor-portal v1.8.1 0a9a6470222b 10 months ago 42.9MB
goharbor/harbor-db v1.8.1 54fb972a93e1 10 months ago 142MB
goharbor/prepare v1.8.1 1e9ec2ceb07a 10 months ago 140MB
[root@hadoop001 .docker]#
//直接下一个
[root@hadoop001 .docker]# docker pull hello
Using default tag: latest
Error response from daemon: pull access denied for hello, repository does not exist or may require 'docker login': denied: requested access to the resource is denied
[root@hadoop001 .docker]#
//从官方down
[root@hadoop001 .docker]# docker search hello
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
hello-world Hello World! (an example of minimal Dockeriz… 1171 [OK]
kitematic/hello-world-nginx A light-weight nginx container that demonstr… 141
tutum/hello-world Image to test docker deployments. Has Apache… 70 [OK]
nginxdemos/hello NGINX webserver that serves a simple page co… 47 [OK]
openshift/hello-openshift Simple Example for Running a Container on Op… 34
dockercloud/hello-world Hello World! 19 [OK]
karthequian/helloworld A simple helloworld nginx container to get y… 14 [OK]
crccheck/hello-world Hello World web server in under 2.5 MB 12 [OK]
strm/helloworld-http A hello world container for testing http bal… 5 [OK]
hello-seattle Hello from DockerCon 2016 (Seattle)! 4 [OK]
ppc64le/hello-world Hello World! (an example of minimal Dockeriz… 2
ansibleplaybookbundle/hello-world-db-apb An APB which deploys a sample Hello World! a… 1 [OK]
yaros1av/hello-core Hello from ASP.NET Core! 1
wouterm/helloworld A simple Docker image with an Nginx server … 1 [OK]
datawire/hello-world Hello World! Simple Hello World implementati… 1 [OK]
ansibleplaybookbundle/hello-world-apb An APB which deploys a sample Hello World! a… 1 [OK]
dongxuny/hellotencent Auto build 0 [OK]
aosqe/hello-openshift https://github.com/jhou1/hello-openshift 0
milsonian/hellohttp Basic hello world http app in golang 0 [OK]
silasbw/hello 0
hivesolutions/hello_appier Simple hello world application for Appier. 0 [OK]
danieldreier/hello-pcr 0
s390x/hello-world Hello World! (an example of minimal Dockeriz… 0
widdix/hello Hello World! 0
ocpqe/hello-pod Copy form docker.io/deshuai/hello-pod:latest 0
[root@hadoop001 .docker]# docker pull hello-world
Using default tag: latest
latest: Pulling from library/hello-world
Digest: sha256:8e3114318a995a1ee497790535e7b88365222a21771ae7e53687ad76563e8e76
Status: Image is up to date for hello-world:latest
docker.io/library/hello-world:latest
[root@hadoop001 .docker]#
//打tag标记为我们自己的
[root@hadoop001 .docker]# docker tag hello-world:latest hadoop001/ruozedata/hello:v1
[root@hadoop001 .docker]#
推到私服
[root@hadoop001 .docker]# docker push hadoop001/ruozedata/hello:v1
The push refers to repository [docker.io/hadoop001/ruozedata/hello]
9c27e219663c: Preparing
denied: requested access to the resource is denied
[root@hadoop001 .docker]#
//报访问权限的问题,但是docker.io不是我们的地址,而是官方的地址,虽然登陆成功了,他默认是docker.io,而我们的其实是hadoop001,因为我们没有DNS后缀,所以把后面的认为是一个整体,找的是官方的,这里面替换为IP应该就没这个问题了
配置hostname
[root@hadoop001 .docker]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
172.19.242.225 hadoop001
[root@hadoop001 .docker]#
重新打镜像
[root@hadoop001 .docker]# docker tag hello-world:latest 172.19.242.225/ruozedata/hello:v1
[root@hadoop001 .docker]# docker push 172.19.242.225/ruozedata/hello:v1
The push refers to repository [172.19.242.225/ruozedata/hello]
Get https://172.19.242.225/v2/: x509: cannot validate certificate for 172.19.242.225 because it doesn't contain any IP SANs
[root@hadoop001 .docker]#
//ip尝试登录,失败
[root@hadoop001 .docker]# docker login 172.19.242.225
Username: admin
Password:
Error response from daemon: Get https://172.19.242.225/v2/: x509: cannot validate certificate for 172.19.242.225 because it doesn't contain any IP SANs
[root@hadoop001 .docker]#
//这两个报错是一样的
上面push不上去,主要是没有配域名
修改配置文件
新增 “insecure-registries” : [“192.168.1.40”],harbor地址
[root@hadoop001 .docker]# vim /etc/docker/daemon.json
{
"insecure-registries" : ["172.19.242.225"],
"registry-mirrors": ["https://hadoop001"]
}
[root@hadoop001 .docker]# systemctl restart docker
[root@hadoop001 .docker]# cd /root/soft/harbor
[root@hadoop001 harbor]# ll
total 551228
drwxr-xr-x 3 root root 4096 Apr 21 14:19 common
-rw-r----- 1 root root 5393 Apr 21 15:29 docker-compose.yml
-rw-r--r-- 1 root root 564403568 Jun 17 2019 harbor.v1.8.1.tar.gz
-rw-r--r-- 1 root root 4510 Apr 21 15:51 harbor.yml
drwxr-xr-x 2 root root 4096 Apr 20 23:06 https
-rwxr-xr-x 1 root root 5088 Jun 17 2019 install.sh
-rw-r--r-- 1 root root 11347 Jun 17 2019 LICENSE
-rwxr-xr-x 1 root root 1654 Jun 17 2019 prepare
[root@hadoop001 harbor]# docker-compose ps
Name Command State Ports
---------------------------------------------------------------------------------------------------------------------
harbor-core /harbor/start.sh Up (healthy)
harbor-db /entrypoint.sh postgres Up (healthy) 5432/tcp
harbor-jobservice /harbor/start.sh Up
harbor-log /bin/sh -c /usr/local/bin/ ... Up (healthy) 127.0.0.1:1514->10514/tcp
harbor-portal nginx -g daemon off; Exit 128
nginx nginx -g daemon off; Up (health: starting) 0.0.0.0:443->443/tcp, 0.0.0.0:80->80/tcp
redis docker-entrypoint.sh redis ... Up 6379/tcp
registry /entrypoint.sh /etc/regist ... Up (healthy) 5000/tcp
registryctl /harbor/start.sh Up (healthy)
[root@hadoop001 harbor]# docker-compose up -d
harbor-log is up-to-date
registry is up-to-date
redis is up-to-date
registryctl is up-to-date
harbor-db is up-to-date
harbor-core is up-to-date
harbor-jobservice is up-to-date
Starting harbor-portal ... done
nginx is up-to-date
[root@hadoop001 harbor]#
//ip登录成功
[root@hadoop001 harbor]# docker login 172.19.242.225
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
[root@hadoop001 harbor]# cd
[root@hadoop001 ~]# cd .docker/
[root@hadoop001 .docker]# ll
total 4
-rw------- 1 root root 212 Apr 21 17:01 config.json
[root@hadoop001 .docker]# cat config.json
{
"auths": {
"172.19.242.225": {
"auth": "YWRtaW46SGFyYm9yMTIzNDU="
},
"hadoop001": {
"auth": "YWRtaW46SGFyYm9yMTIzNDU="
}
},
"HttpHeaders": {
"User-Agent": "Docker-Client/19.03.8 (linux)"
}
}[root@hadoop001 .docker]#
//这时候认证文件中已经添加
[root@hadoop001 .docker]# docker logout hadoop001
Removing login credentials for hadoop001
[root@hadoop001 .docker]# cat config.json
{
"auths": {
"172.19.242.225": {
"auth": "YWRtaW46SGFyYm9yMTIzNDU="
}
},
"HttpHeaders": {
"User-Agent": "Docker-Client/19.03.8 (linux)"
}
[root@hadoop001 .docker]#
}[root@hadoop001 .docker]# docker logout 172.19.242.225
Removing login credentials for 172.19.242.225
[root@hadoop001 .docker]# cat config.json
{
"auths": {},
"HttpHeaders": {
"User-Agent": "Docker-Client/19.03.8 (linux)"
}
}[root@hadoop001 .docker]#
由于我们设置是public,那就不需要登陆应该就可以推
[root@hadoop001 .docker]# docker push 172.19.242.225/ruozedata/hello:v1
The push refers to repository [172.19.242.225/ruozedata/hello]
9c27e219663c: Preparing
denied: requested access to the resource is denied
[root@hadoop001 .docker]#
//发现报请求的资源授权
重新登陆就可以推送了
[root@hadoop001 .docker]# docker login 172.19.242.225
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
[root@hadoop001 .docker]# docker push 172.19.242.225/ruozedata/hello:v1
The push refers to repository [172.19.242.225/ruozedata/hello]
9c27e219663c: Pushed
v1: digest: sha256:90659bf80b44ce6be8234e6ff90a1ac34acbeb826903b02cfa0da11c82cbc042 size: 525
[root@hadoop001 .docker]#
设置私有化,看看能不能推送
先删除镜像,再来推
[root@hadoop001 .docker]# docker push 172.19.242.225/ruozedata/hello:v1
The push refers to repository [172.19.242.225/ruozedata/hello]
9c27e219663c: Layer already exists
v1: digest: sha256:90659bf80b44ce6be8234e6ff90a1ac34acbeb826903b02cfa0da11c82cbc042 size: 525
[root@hadoop001 .docker]#
说明登陆后不管怎样都可以推
从私服拉取
[root@hadoop001 .docker]# docker rmi 172.19.242.225/ruozedata/hello:v1
Untagged: 172.19.242.225/ruozedata/hello:v1
Untagged: 172.19.242.225/ruozedata/hello@sha256:90659bf80b44ce6be8234e6ff90a1ac34acbeb826903b02cfa0da11c82cbc042
[root@hadoop001 .docker]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
mysql rz 2360233f9f6a 28 hours ago 454MB
mysql 5.7 273c7fcf9499 3 days ago 455MB
nginx latest e791337790a6 3 days ago 127MB
debian buster-slim 4e22ed854b0a 5 days ago 69.2MB
hadoop001/ruozedata/hello v1 bf756fb1ae65 3 months ago 13.3kB
hello-world latest bf756fb1ae65 3 months ago 13.3kB
goharbor/chartmuseum-photon v0.8.1-v1.8.1 ef41a1168648 10 months ago 113MB
goharbor/harbor-migrator v1.8.1 c66a77415297 10 months ago 367MB
goharbor/redis-photon v1.8.1 4bca1a23b865 10 months ago 105MB
goharbor/clair-photon v2.0.8-v1.8.1 32e97276b570 10 months ago 164MB
goharbor/notary-server-photon v0.6.1-v1.8.1 167bf40fafa6 10 months ago 135MB
goharbor/notary-signer-photon v0.6.1-v1.8.1 e897887daa34 10 months ago 132MB
goharbor/harbor-registryctl v1.8.1 94ff7551440f 10 months ago 96.3MB
goharbor/registry-photon v2.7.1-patch-2819-v1.8.1 179cd056fc97 10 months ago 81.4MB
goharbor/nginx-photon v1.8.1 67d9e02bf1f3 10 months ago 36MB
goharbor/harbor-log v1.8.1 07c1d1bb675d 10 months ago 81.5MB
goharbor/harbor-jobservice v1.8.1 74b018ae96fc 10 months ago 119MB
goharbor/harbor-core v1.8.1 3b1aba49bfbd 10 months ago 135MB
goharbor/harbor-portal v1.8.1 0a9a6470222b 10 months ago 42.9MB
goharbor/harbor-db v1.8.1 54fb972a93e1 10 months ago 142MB
goharbor/prepare v1.8.1 1e9ec2ceb07a 10 months ago 140MB
[root@hadoop001 .docker]#
[root@hadoop001 .docker]# docker pull 172.19.242.225/ruozedata/hello:v1
v1: Pulling from ruozedata/hello
Digest: sha256:90659bf80b44ce6be8234e6ff90a1ac34acbeb826903b02cfa0da11c82cbc042
Status: Downloaded newer image for 172.19.242.225/ruozedata/hello:v1
172.19.242.225/ruozedata/hello:v1
[root@hadoop001 .docker]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
mysql rz 2360233f9f6a 28 hours ago 454MB
mysql 5.7 273c7fcf9499 3 days ago 455MB
nginx latest e791337790a6 3 days ago 127MB
debian buster-slim 4e22ed854b0a 5 days ago 69.2MB
172.19.242.225/ruozedata/hello v1 bf756fb1ae65 3 months ago 13.3kB
hadoop001/ruozedata/hello v1 bf756fb1ae65 3 months ago 13.3kB
hello-world latest bf756fb1ae65 3 months ago 13.3kB
goharbor/chartmuseum-photon v0.8.1-v1.8.1 ef41a1168648 10 months ago 113MB
goharbor/harbor-migrator v1.8.1 c66a77415297 10 months ago 367MB
goharbor/redis-photon v1.8.1 4bca1a23b865 10 months ago 105MB
goharbor/clair-photon v2.0.8-v1.8.1 32e97276b570 10 months ago 164MB
goharbor/notary-server-photon v0.6.1-v1.8.1 167bf40fafa6 10 months ago 135MB
goharbor/notary-signer-photon v0.6.1-v1.8.1 e897887daa34 10 months ago 132MB
goharbor/harbor-registryctl v1.8.1 94ff7551440f 10 months ago 96.3MB
goharbor/registry-photon v2.7.1-patch-2819-v1.8.1 179cd056fc97 10 months ago 81.4MB
goharbor/nginx-photon v1.8.1 67d9e02bf1f3 10 months ago 36MB
goharbor/harbor-log v1.8.1 07c1d1bb675d 10 months ago 81.5MB
goharbor/harbor-jobservice v1.8.1 74b018ae96fc 10 months ago 119MB
goharbor/harbor-core v1.8.1 3b1aba49bfbd 10 months ago 135MB
goharbor/harbor-portal v1.8.1 0a9a6470222b 10 months ago 42.9MB
goharbor/harbor-db v1.8.1 54fb972a93e1 10 months ago 142MB
goharbor/prepare v1.8.1 1e9ec2ceb07a 10 months ago 140MB
[root@hadoop001 .docker]#
[root@hadoop001 .docker]# docker run 172.19.242.225/ruozedata/hello:v1
Hello from Docker!
This message shows that your installation appears to be working correctly.
To generate this message, Docker took the following steps:
1. The Docker client contacted the Docker daemon.
2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
(amd64)
3. The Docker daemon created a new container from that image which runs the
executable that produces the output you are currently reading.
4. The Docker daemon streamed that output to the Docker client, which sent it
to your terminal.
To try something more ambitious, you can run an Ubuntu container with:
$ docker run -it ubuntu bash
Share images, automate workflows, and more with a free Docker ID:
https://hub.docker.com/
For more examples and ideas, visit:
https://docs.docker.com/get-started/
[root@hadoop001 .docker]#
回到第二台裸装的机器,访问第一台的harbor
[root@hadoop002 ~]# docker login 172.19.242.225
Username: admin
Password:
Error response from daemon: Get https://172.19.242.225/v2/: x509: cannot validate certificate for 172.19.242.225 because it doesn't contain any IP SANs
[root@hadoop002 ~]#
创建认证文件
[root@hadoop002 ~]# mkdir -p /etc/docker/certs.d/hadoop001 //注意写第一台机器,因为我们要去访问第一台机器的harbor
[root@hadoop002 ~]#
[root@hadoop001 hadoop001]# scp /etc/docker/certs.d/hadoop001/* 172.19.242.226:/etc/docker/certs.d/hadoop001/
[root@hadoop002 ~]# vim /etc/docker/daemon.json
{
"insecure-registries" : ["172.19.242.225"],
"registry-mirrors": ["https://hadoop001"]
}
[root@hadoop002 ~]# systemctl restart docker
[root@hadoop002 ~]#
//尝试登陆
[root@hadoop002 ~]# docker login 172.19.242.225
Username: admin
Password:
Error response from daemon: Get https://172.19.242.225/v2/: Get https://hadoop001/service/token?account=admin&client_id=docker&offline_token=true&service=harbor-registry: dial tcp: lookup hadoop001: no such host
[root@hadoop002 ~]#
//配置host文件
[root@hadoop002 ~]# vi /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
172.19.242.226 hadoop002
172.19.242.225 hadoop001
//再一次登陆,登陆成功
[root@hadoop002 ~]# docker login 172.19.242.225
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
[root@hadoop002 ~]#
[root@hadoop002 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
[root@hadoop002 ~]# docker pull 172.19.242.225/ruozedata/hello:v1
v1: Pulling from ruozedata/hello
0e03bdcc26d7: Pull complete
Digest: sha256:90659bf80b44ce6be8234e6ff90a1ac34acbeb826903b02cfa0da11c82cbc042
Status: Downloaded newer image for 172.19.242.225/ruozedata/hello:v1
172.19.242.225/ruozedata/hello:v1
[root@hadoop002 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
172.19.242.225/ruozedata/hello v1 bf756fb1ae65 3 months ago 13.3kB
[root@hadoop002 ~]# docker run 172.19.242.225/ruozedata/hello:v1
Hello from Docker!
This message shows that your installation appears to be working correctly.
To generate this message, Docker took the following steps:
1. The Docker client contacted the Docker daemon.
2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
(amd64)
3. The Docker daemon created a new container from that image which runs the
executable that produces the output you are currently reading.
4. The Docker daemon streamed that output to the Docker client, which sent it
to your terminal.
To try something more ambitious, you can run an Ubuntu container with:
$ docker run -it ubuntu bash
Share images, automate workflows, and more with a free Docker ID:
https://hub.docker.com/
For more examples and ideas, visit:
https://docs.docker.com/get-started/
[root@hadoop002 ~]#
Harbor架构图
上面部署离线是没问题,不过真正部署的时候可以适当请求开外网,因为需要下载依赖包
生产上进行网络互通就是下面的文件
[root@hadoop002 ~]# cat /etc/resolv.conf
options timeout:2 attempts:3 rotate single-request-reopen
; generated by /usr/sbin/dhclient-script
nameserver 100.100.2.136
nameserver 100.100.2.138
[root@hadoop002 ~]#
//注释掉的话,就不能访问外网了
参考文章:https://www.cnblogs.com/weifeng1463/p/9990741.html
https://blog.csdn.net/qq_39680564/article/details/97375772
1762
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
