一、搭建配置harbor私有仓库
环境
Ubuntu 20.04
Harbor 2.6.1
Harbor官方github地址:Releases · goharbor/harbor (github.com)
Harbor官方网址:Harbor (goharbor.io)
准备
将准备好的软件包提前上传到/usr/local/src
目录
root@Harbor-server1:~# cd /usr/local/src/
root@Harbor-server1:/usr/local/src# ll
total 391272
drwxr-xr-x 2 root root 4096 Oct 31 20:44 ./
drwxr-xr-x 11 root root 4096 Aug 24 16:49 ../
-rw-r--r-- 1 root root 78180774 Oct 31 20:45 docker-19.03.15-binary-install.zip
-rw-r--r-- 1 root root 322469888 Oct 31 20:46 harbor-offline-installer-v2.6.1.tgz
安装
-
安装docker和doocker-compose
安装docker
# step 1: 安装必要的一些系统工具 sudo apt-get update sudo apt-get -y install apt-transport-https ca-certificates curl software-properties-common # step 2: 安装GPG证书 curl -fsSL https://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | sudo apt-key add - # Step 3: 写入软件源信息 sudo add-apt-repository "deb [arch=amd64] https://mirrors.aliyun.com/docker-ce/linux/ubuntu $(lsb_release -cs) stable" # Step 4: 更新并安装Docker-CE sudo apt-get -y update sudo apt-get -y install docker-ce # 安装指定版本的Docker-CE: # Step 1: 查找Docker-CE的版本: # apt-cache madison docker-ce # docker-ce | 17.03.1~ce-0~ubuntu-xenial | https://mirrors.aliyun.com/docker-ce/linux/ubuntu xenial/stable amd64 Packages # docker-ce | 17.03.0~ce-0~ubuntu-xenial | https://mirrors.aliyun.com/docker-ce/linux/ubuntu xenial/stable amd64 Packages # Step 2: 安装指定版本的Docker-CE: (VERSION例如上面的17.03.1~ce-0~ubuntu-xenial) # sudo apt-get -y install docker-ce=[VERSION]
安装doocker-compose
#将包上传到/opt,并添加执行权限 root@Harbor-server1:/opt# chmod a+x docker-compose-linux-x86_64 #查看版本 root@Harbor-server1:/opt# ./docker-compose-linux-x86_64 version Docker Compose version v2.12.2 #将其拷贝到/usr/bin下作为命令 root@Harbor-server1:/opt# cp docker-compose-linux-x86_64 /usr/bin/docker-compose #可以使用就行 root@Harbor-server1:/opt# docker-compose version Docker Compose version v2.12.2
-
安装harbor
root@Harbor-server1:~# cd /usr/local/src/ root@Harbor-server1:/usr/local/src# ll total 391272 drwxr-xr-x 2 root root 4096 Oct 31 20:44 ./ drwxr-xr-x 11 root root 4096 Aug 24 16:49 ../ -rw-r--r-- 1 root root 78180774 Oct 31 20:45 docker-19.03.15-binary-install.zip -rw-r--r-- 1 root root 322469888 Oct 31 20:46 harbor-offline-installer-v2.6.1.tgz root@Harbor-server1:/usr/local/src# tar xvf harbor-offline-installer-v2.6.1.tgz harbor/harbor.v2.6.1.tar.gz harbor/prepare harbor/LICENSE harbor/install.sh harbor/common.sh harbor/harbor.yml.tmpl root@Harbor-server1:/usr/local/src# cd harbor/ root@Harbor-server1:/usr/local/src/harbor# ll total 743392 drwxr-xr-x 2 root root 4096 Oct 31 20:50 ./ drwxr-xr-x 3 root root 4096 Oct 31 20:50 ../ -rw-r--r-- 1 root root 3639 Oct 10 11:32 common.sh -rw-r--r-- 1 root root 761180661 Oct 10 11:33 harbor.v2.6.1.tar.gz -rw-r--r-- 1 root root 10491 Oct 10 11:32 harbor.yml.tmpl -rwxr-xr-x 1 root root 3171 Oct 10 11:32 install.sh* -rw-r--r-- 1 root root 11347 Oct 10 11:32 LICENSE -rwxr-xr-x 1 root root 1881 Oct 10 11:32 prepare* #将配置文件模板重命名 root@Harbor-server1:/usr/local/src/harbor# cp harbor.yml.tmpl harbor.yml
修改配置文件
vim harbor.yml
,修改配置文件第5行域名(直接使用IP也行)、12-18行注释掉https、34行admin密码、47行数据存储目录
执行安装脚本./install.sh
,因为没有事先安装docker和docker-compose,所以会报错。
docker和docker-compose装完后再次安装harbor,完成后直接访问
解决重启服务器后harbor无法自启的问题
目前Harbor的安装目录位置为/usr/local/src/harbor/
,在Harbor安装完成之后,在此目录下会生成docker-compose.yml配置文件,可以使用docker-compose操作此文件来控制Harbor的启停。
接下来编写自启Harbor的systemd服务,命名为harbor.service(放置于/etc/systemd/system目录下):
root@Harbor-server1:~# vim /etc/systemd/system/harbor.service
[Unit]
Description=harbor
After=docker.service systemd-networkd.service systemd-resolved.service
Requires=docker.service
Documentation=http://github.com/vmware/harbor
[Service]
Type=simple
Restart=on-failure
RestartSec=5
ExecStart=docker-compose -f /usr/local/src/harbor/docker-compose.yml up
ExecStop=docker-compose -f /usr/local/src/harbor/docker-compose.yml down
[Install]
WantedBy=multi-user.target
或者用docker-compose stop/start
命令来启停。注意:要在docker-compose.yml
这个文件所在目录执行
开启扫描器
harbor2.2版本后使用--with-trivy
开启
./install.sh --with-trivy
二、docker网络
容器之间通过容器名称或者自定义别名实现的互联--link
,仅仅限于单机docker主机使用,不能跨主机,使用场景比较少。
docker run -it -d --name Y73-C1 harbor.magedu.com/m43/tomcat-m43:app1
docker run -it -d -p 80:80 --name Y73-C2 --link Y73-C1 harbor.magedu.com/m43/nginx-all-in-one:1.16.1-v2
此时可在容器Y73-C2的hosts文件看到容器Y73-C1的解析
网络模式
是docker默认创建的网络模式
--net=host
容器不会创建网络堆栈信息,而是直接使用宿主机的网络堆栈进行通信,优势是不用docker0网桥进行报文转发,所以性能较强,常用于对网络性能要求比较高的业务,比如MySQL、Kafka、redis、大数据等容器业务,缺点是在宿主机直接监听端口,可能会导致端口冲突等问题。不支持端口映射。
-
null
使用后,docker不会进行任何网络配置,没有网卡、没有IP、没有路由,无法与外界通信,需要手动添加网卡配置。
-
container寄生模式:
使用此模式创建的容器需要和一个已经存在的容器共用一个网络,而不是和宿主机共享网络。新创建的容器不会创建自己网卡和IP,和一个已经存在的容器共用IP和端口范围,因此两个容器端口不能冲突。他们通过lo网卡及容器IP通信。
--net=container:已存在的容器
-
自定义网络
--driver bridge
--gateway 172.28.0.1
--ip-range 172.28.0.2-172.28.0.254
--subnet 172.28.0.0/24
docker network create -d bridge --subnet 172.21.90.0/24 --gateway 172.21.90.1 Y73-net
三、docker-compose单机站点
-
制作centos基础镜像
Dockerfile
# pwd /opt/dockerfile/system/centos # vim Dockerfile FROM centos:7.8.2003 LABEL maintainer="azikaban 75461641@qq.com" RUN yum install -y epel-release && yum install -y vim wget tree lrzsz gcc gcc-c++ automake pcre pcre-devel zlib zlib-devel openssl openssl-devel iproute net-tools iotop && groupadd www -g 2022 && useradd www -u 2022 -g www
镜像构建和上传harbor仓库脚本
vim build-command.sh
#!/bin/bash docker build -t 172.21.90.182/y73/centos-base:7.8.2003 . docker push 172.21.90.182/y73/centos-base:7.8.2003
创建镜像并查看
bash build-command.sh
# docker images REPOSITORY TAG IMAGE ID CREATED SIZE 172.21.90.182/y73/centos-base 7.8.2003 70031ad05c7d 4 minutes ago 605MB centos 7.8.2003 afb6fca791e0 2 years ago 203MB
-
制作nginx镜像
脚本里用到的包
# pwd /opt/dockerfile/web/nginx/all-in-one # tree . ├── build-command.sh ├── code │ ├── 1.JPG │ ├── 2.JPG │ └── index.html ├── code.tar.gz ├── Dockerfile ├── nginx-1.16.1.tar.gz ├── nginx.conf └── run_nginx.sh
Dockerfile
FROM 172.21.90.182/y73/centos-base:7.8.2003 maintainer "azikaban 75461641@qq.com" RUN yum install -y epel-release && yum install -y vim wget tree lrzsz gcc gcc-c++ automake pcre pcre-devel zlib zlib-devel openssl openssl-devel iproute net-tools iotop #COPY nginx-1.16.1.tar.gz /usr/local/src/ ADD nginx-1.16.1.tar.gz /usr/local/src/ RUN cd /usr/local/src/nginx-1.16.1 && ./configure --prefix=/apps/nginx --with-http_sub_module && make && make install RUN useradd nginx -u 2023 ADD nginx.conf /apps/nginx/conf/nginx.conf ADD code.tar.gz /data/nginx/html #ADD run_nginx.sh /apps/nginx/sbin/run_nginx.sh #RUN chmod a+x /apps/nginx/sbin/run_nginx.sh EXPOSE 80 443 #RUN useradd m43 #USER m43 #WORKDIR /opt #run mkdir 123 #WORKDIR 123 #ENTRYPOINT ["/apps/nginx/sbin/run_nginx.sh"] ENTRYPOINT ["/apps/nginx/sbin/nginx"] CMD ["-g","daemon off;"]
nginx运行脚本
vim run_nginx.sh
#!/bin/bash echo "1.1.1.1" >> /etc/hosts /apps/nginx/sbin/nginx
nginx.confg
文件#添加 upstream web { server tomcat-service-app1:8080; server tomcat-service-app2:8080; } location /myapp { proxy_pass http://web; }
镜像构建和上传harbor仓库脚本
vim build-command.sh
#!/bin/bash docker build -t 172.21.90.182/y73/nginx-all-in-one:1.16.1 . docker push 172.21.90.182/y73/nginx-all-in-one:1.16.1
创建镜像并查看
bash build-command.sh
# docker images REPOSITORY TAG IMAGE ID CREATED SIZE 172.21.90.182/y73/nginx-all-in-one 1.16.1 e6e698f89c93 20 seconds ago 858MB 172.21.90.182/y73/centos-base 7.8.2003 70031ad05c7d 30 minutes ago 605MB centos 7.8.2003 afb6fca791e0 2 years ago 203MB
-
JDK环境基础镜像制作
# pwd /opt/dockerfile/web/jdk/jdk-8u-212 # tree . ├── build-command.sh ├── Dockerfile ├── jdk-8u212-linux-x64.tar.gz └── profile
Dockerfile
FROM 172.21.90.182/y73/centos-base:7.8.2003 LABEL maintainer="azikaban 75461641@qq.com" ADD jdk-8u212-linux-x64.tar.gz /usr/local/src RUN ln -sv /usr/local/src/jdk1.8.0_212 /usr/local/jdk ADD profile /etc/profile ENV name magedu ENV JAVA_HOME /usr/local/jdk ENV JRE_HOME $JAVA_HOME/jre ENV CLASSPATH $JAVA_HOME/lib/:$JRE_HOME/lib/ ENV PATH $PATH:$JAVA_HOME/bin RUN rm -rf /etc/localtime && ln -snf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
profile文件
vim profile
# /etc/profile # System wide environment and startup programs, for login setup # Functions and aliases go in /etc/bashrc # It's NOT a good idea to change this file unless you know what you # are doing. It's much better to create a custom.sh shell script in # /etc/profile.d/ to make custom changes to your environment, as this # will prevent the need for merging in future updates. pathmunge () { case ":${PATH}:" in *:"$1":*) ;; *) if [ "$2" = "after" ] ; then PATH=$PATH:$1 else PATH=$1:$PATH fi esac } if [ -x /usr/bin/id ]; then if [ -z "$EUID" ]; then # ksh workaround EUID=`/usr/bin/id -u` UID=`/usr/bin/id -ru` fi USER="`/usr/bin/id -un`" LOGNAME=$USER MAIL="/var/spool/mail/$USER" fi # Path manipulation if [ "$EUID" = "0" ]; then pathmunge /usr/sbin pathmunge /usr/local/sbin else pathmunge /usr/local/sbin after pathmunge /usr/sbin after fi HOSTNAME=`/usr/bin/hostname 2>/dev/null` HISTSIZE=1000 if [ "$HISTCONTROL" = "ignorespace" ] ; then export HISTCONTROL=ignoreboth else export HISTCONTROL=ignoredups fi export PATH USER LOGNAME MAIL HOSTNAME HISTSIZE HISTCONTROL # By default, we want umask to get set. This sets it for login shell # Current threshold for system reserved uid/gids is 200 # You could check uidgid reservation validity in # /usr/share/doc/setup-*/uidgid file if [ $UID -gt 199 ] && [ "`/usr/bin/id -gn`" = "`/usr/bin/id -un`" ]; then umask 002 else umask 022 fi for i in /etc/profile.d/*.sh /etc/profile.d/sh.local ; do if [ -r "$i" ]; then if [ "${-#*i}" != "$-" ]; then . "$i" else . "$i" >/dev/null fi fi done unset i unset -f pathmunge export JAVA_HOME=/usr/local/jdk export TOMCAT_HOME=/apps/tomcat export PATH=$JAVA_HOME/bin:$JAVA_HOME/jre/bin:$TOMCAT_HOME/bin:$PATH export CLASSPATH=.$CLASSPATH:$JAVA_HOME/lib:$JAVA_HOME/jre/lib:$JAVA_HOME/lib/tools.jar
镜像构建和上传harbor仓库脚本
vim build-command.sh
#!/bin/bash docker build -t 172.21.90.182/y73/centos-jdk-base:8u212 . docker push 172.21.90.182/y73/centos-jdk-base:8u212
创建镜像并查看
bash build-command.sh
# docker images REPOSITORY TAG IMAGE ID CREATED SIZE 172.21.90.182/y73/centos-jdk-base 8u212 ebbc7c5cd649 About a minute ago 1.01GB 172.21.90.182/y73/nginx-all-in-one 1.16.1 e6e698f89c93 14 minutes ago 858MB 172.21.90.182/y73/centos-base 7.8.2003 70031ad05c7d 43 minutes ago 605MB centos 7.8.2003 afb6fca791e0 2 years ago 203MB
-
tomcat镜像制作
创建一个tomcat基础镜像和两个tomcat服务tomcat-app1、tomcat-app2
# pwd /opt/dockerfile/web/tomcat/tomcat-base-8.5.65 # tree . ├── apache-tomcat-8.5.65.tar.gz ├── build-command.sh └── Dockerfile
Dockerfile
vim Dockerfile
FROM 172.21.90.182/y73/centos-jdk-base:8u212 LABEL maintainer="azikaban 75461641@qq.com" #VOLUME /data /apps ADD apache-tomcat-8.5.65.tar.gz /apps RUN ln -sv /apps/apache-tomcat-8.5.65 /apps/tomcat
镜像构建和上传harbor仓库脚本
vim build-command.sh
#!/bin/bash docker build -t 172.21.90.182/y73/tomcat-centos-base:v8.5.65 . docker push 172.21.90.182/y73/tomcat-centos-base:v8.5.65
创建镜像并查看
bash build-command.sh
# docker images REPOSITORY TAG IMAGE ID CREATED SIZE 172.21.90.182/y73/tomcat-centos-base v8.5.65 46a69be5aacb 15 seconds ago 1.03GB 172.21.90.182/y73/centos-jdk-base 8u212 ebbc7c5cd649 13 minutes ago 1.01GB 172.21.90.182/y73/nginx-all-in-one 1.16.1 e6e698f89c93 26 minutes ago 858MB 172.21.90.182/y73/centos-base 7.8.2003 70031ad05c7d 56 minutes ago 605MB centos 7.8.2003 afb6fca791e0 2 years ago 203MB
# pwd /opt/dockerfile/web/tomcat/tomcat-app1 # tree . ├── build-command.sh ├── Dockerfile ├── myapp │ └── index.jsp ├── myapp.tar.gz ├── run_tomcat.sh └── server.xml
Dockerfile
vim Dockerfile
FROM 172.21.90.182/y73/tomcat-centos-base:v8.5.65 LABEL maintainer="azikaban 75461641@qq.com" ADD run_tomcat.sh /apps/tomcat/bin/run_tomcat.sh ADD server.xml /apps/tomcat/conf/server.xml ADD myapp.tar.gz /data/tomcat/webapps RUN chown www.www /data /apps -R RUN chmod 777 /apps -R EXPOSE 8080 8443 CMD ["/apps/tomcat/bin/run_tomcat.sh"]
tomcat运行脚本
vim run_tomcat.sh
#!/bin/bash su - www -c "/apps/tomcat/bin/catalina.sh start" tail -f /etc/hosts
镜像构建和上传harbor仓库脚本
vim build-command.sh
#!/bin/bash docker build -t 172.21.90.182/y73/tomcat-y73:app1 . docker push 172.21.90.182/y73/tomcat-y73:app1
server.xml文件
创建镜像并查看
bash build-command.sh
# docker images REPOSITORY TAG IMAGE ID CREATED SIZE 172.21.90.182/y73/tomcat-y73 app1 66c35480b1a0 2 minutes ago 1.06GB 172.21.90.182/y73/tomcat-centos-base v8.5.65 46a69be5aacb 22 minutes ago 1.03GB 172.21.90.182/y73/centos-jdk-base 8u212 ebbc7c5cd649 36 minutes ago 1.01GB 172.21.90.182/y73/nginx-all-in-one 1.16.1 e6e698f89c93 49 minutes ago 858MB 172.21.90.182/y73/centos-base 7.8.2003 70031ad05c7d About an hour ago 605MB centos 7.8.2003 afb6fca791e0 2 years ago 203MB
# pwd /opt/dockerfile/web/tomcat/tomcat-app2 # tree . ├── build-command.sh ├── Dockerfile ├── myapp │ └── index.jsp ├── myapp.tar.gz ├── run_tomcat.sh └── server.xml
Dockerfile
vim Dockerfile
FROM 172.21.90.182/y73/tomcat-centos-base:v8.5.65 LABEL maintainer="azikaban 75461641@qq.com" ADD run_tomcat.sh /apps/tomcat/bin/run_tomcat.sh ADD server.xml /apps/tomcat/conf/server.xml ADD myapp.tar.gz /data/tomcat/webapps RUN chown www.www /data /apps -R RUN chmod 777 /apps -R EXPOSE 8080 8443 CMD ["/apps/tomcat/bin/run_tomcat.sh"]
tomcat运行脚本
vim run_tomcat.sh
#!/bin/bash su - www -c "/apps/tomcat/bin/catalina.sh start" tail -f /etc/hosts
镜像构建和上传harbor仓库脚本
vim build-command.sh
#!/bin/bash docker build -t 172.21.90.182/y73/tomcat-y73:app2 . docker push 172.21.90.182/y73/tomcat-y73:app2
server.xml文件
创建镜像并查看
bash build-command.sh
# docker images REPOSITORY TAG IMAGE ID CREATED SIZE 172.21.90.182/y73/tomcat-y73 app2 270350c96321 7 seconds ago 1.06GB 172.21.90.182/y73/tomcat-y73 app1 66c35480b1a0 4 minutes ago 1.06GB 172.21.90.182/y73/tomcat-centos-base v8.5.65 46a69be5aacb 25 minutes ago 1.03GB 172.21.90.182/y73/centos-jdk-base 8u212 ebbc7c5cd649 39 minutes ago 1.01GB 172.21.90.182/y73/nginx-all-in-one 1.16.1 e6e698f89c93 51 minutes ago 858MB 172.21.90.182/y73/centos-base 7.8.2003 70031ad05c7d About an hour ago 605MB centos 7.8.2003 afb6fca791e0 2 years ago 203MB
-
haproxy镜像制作
# pwd
/opt/dockerfile/web/haproxy
root@docker:/opt/dockerfile/web/haproxy# tree
.
├── build-command.sh
├── Dockerfile
├── haproxy-2.2.11.tar.gz
├── haproxy.cfg
└── run_haproxy.sh
Dockerfile
#haproxy image
FROM 172.21.90.182/y73/centos-base:7.8.2003
LABEL maintainer="azikaban 75461641@qq.com"
RUN yum install libtermcap-devel ncurses-devel libevent-devel readline-devel gcc gcc-c++ glibc glibc-devel pcre pcre-devel openssl openssl-devel systemd-devel net-tools vim iotop bc zip unzip zlib-devel lrzsz tree screen lsof tcpdump wget ntpdate -y
ADD haproxy-2.2.11.tar.gz /usr/local/src
RUN cd /usr/local/src/haproxy-2.2.11 && make ARCH=x86_64 TARGET=linux-glibc USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 USE_SYSTEMD=1 USE_CPU_AFFINITY=1 PREFIX=/apps/haproxy && make install PREFIX=/apps/haproxy && cp haproxy /usr/sbin/ && mkdir /apps/haproxy/run -p
ADD run_haproxy.sh /apps/haproxy/bin/run_haproxy.sh
RUN chmod 777 /apps/haproxy/bin/run_haproxy.sh
ADD haproxy.cfg /etc/haproxy/haproxy.cfg
EXPOSE 80 9999
CMD ["/apps/haproxy/bin/run_haproxy.sh"]
haproxy运行脚本
vim run_haproxy.sh
#!/bin/bash
/apps/haproxy/sbin/haproxy -f /etc/haproxy/haproxy.cfg
tail -f /etc/hosts
镜像构建和上传harbor仓库脚本
vim build-command.sh
#!/bin/bash
docker build -t 172.21.90.182/y73/haproxy:v2.2.11 .
docker push 172.21.90.182/y73/haproxy:v2.2.11
haproxy.cfg
文件
添加图中内容
创建镜像并查看
bash build-command.sh
# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
172.21.90.182/y73/haproxy v2.2.11 4ac94b6d3105 4 minutes ago 961MB
172.21.90.182/y73/tomcat-y73 app2 270350c96321 14 minutes ago 1.06GB
172.21.90.182/y73/tomcat-y73 app1 66c35480b1a0 19 minutes ago 1.06GB
172.21.90.182/y73/tomcat-centos-base v8.5.65 46a69be5aacb 40 minutes ago 1.03GB
172.21.90.182/y73/centos-jdk-base 8u212 ebbc7c5cd649 53 minutes ago 1.01GB
172.21.90.182/y73/nginx-all-in-one 1.16.1 e6e698f89c93 About an hour ago 858MB
172.21.90.182/y73/centos-base 7.8.2003 70031ad05c7d 2 hours ago 605MB
centos 7.8.2003 afb6fca791e0 2 years ago 203MB
# pwd
/opt/y73
# tree
.
└── docker-compose.yml
vim docker-compose
version: '3.6'
services:
haproxy-service:
image: 172.21.90.182/y73/haproxy:v2.2.11
#networks:
# - backend
container_name: haproxy-y73
expose:
- 80
- 443
- 9999
ports:
- "80:80"
- "443:443"
- "9999:9999"
links:
- nginx-service
nginx-service:
image: 172.21.90.182/y73/nginx-all-in-one:1.16.1
#networks:
# - backend
container_name: nginx-web1
links:
- tomcat-service-app1
- tomcat-service-app2
tomcat-service-app1:
image: 172.21.90.182/y73/tomcat-y73:app1
#networks:
# - backend
tomcat-service-app2:
image: 172.21.90.182/y73/tomcat-y73:app2
#networks:
# - backend
#networks:
# front:
# driver: bridge
# backend:
# driver: bridge
# default:
# external:
# name: bridge