Harbor概述
Harbor是由VMWare公司开源的容器镜像仓库。事实上,Harbor是在Docker Registry上进行了相应的企业级扩展,
从而获得了更加广泛的应用,这些新的企业级特性包括:管理用户界面,基于角色的访问控制 ,AD/LDAP集成以及
审计日志等,足以满足基本企业需求。
官方:https://goharbor.io/
Github:https://github.com/goharbor/harbor
Harbor部署:先决条件
服务器硬件配置:
• 最低要求:CPU2核/内存4G/硬盘40GB
• 推荐:CPU4核/内存8G/硬盘160GB
软件:
• Docker CE 17.06版本+
• Docker Compose 1.18版本+
Harbor安装有2种方式:
• 在线安装:从Docker Hub下载Harbor相关镜像,因此安装软件包非常小
• 离线安装:安装包包含部署的相关镜像,因此安装包比较大
Harbor部署
1、先安装Docker和Docker Compose
官方文档
https://github.com/docker/compose/releases
2、部署Harbor HTTP
上传harbor软件包,和compose包
[root@docker01 ~]# mv docker-compose-Linux-x86_64 /usr/bin/docker-compose
[root@docker01 ~]# chmod +x /usr/bin/docker-compose
[root@docker01 ~]# tar zxvf harbor-offline-installer-v2.0.0.tgz
harbor/harbor.v2.0.0.tar.gz
harbor/prepare
harbor/LICENSE
harbor/install.sh
harbor/common.sh
harbor/harbor.yml.tmpl
[root@docker01 ~]# ls
anaconda-ks.cfg dockerfile dockerfile.zip harbor harbor-offline-installer-v2.0.0.tgz redis.tar
[root@docker01 ~]# cd harbor/
[root@docker01 ~/harbor]# ls
common.sh harbor.v2.0.0.tar.gz harbor.yml.tmpl install.sh LICENSE prepare
[root@docker01 ~/harbor]# cp harbor.yml.tmpl harbor.yml
[root@docker01 ~/harbor]# vim harbor.yml
hostname: reg.ctnrs.com或者ip地址
https: # 先注释https相关配置
harbor_admin_password: Harbor12345
[root@docker01 ~/harbor]# ./prepare
[root@docker01 ~/harbor]# ./install.sh
Harbor基本使用
1、配置http镜像仓库可信任
[root@docker01 ~/harbor]# cat /etc/docker/daemon.json
{
"registry-mirrors": ["https://b9pmyelo.mirror.aliyuncs.com"],
"insecure-registries":["10.0.0.22"]
}
[root@docker01 ~/harbor]#systemctl restart docker
查看是否配置成功
[root@docker01 ~/harbor]# docker info
Insecure Registries:
10.0.0.22 显示出来仓库地址
127.0.0.0/8
2、打标签
[root@docker01 ~/harbor]# docker tag tomcat:v1 10.0.0.22/library/tomcat:v1
3、上传
没有配置仓库信任的化会报错
[root@docker01 ~/harbor]# docker push 10.0.0.22/library/tomcat:v1
The push refers to repository [10.0.0.22/library/tomcat]
Get https://10.0.0.22/v2/: dial tcp 10.0.0.22:443: connect: connection refused
[root@docker01 ~/harbor]# ss -anlp|grep 443
重启docker之后还是无法上传,发现有个仓库服务停止
[root@docker01 ~/harbor]# docker-compose ps
Name Command State Ports
---------------------------------------------------------------------------------------------
harbor-core /harbor/entrypoint.sh Up (healthy)
harbor-db /docker-entrypoint.sh Up (healthy) 5432/tcp
harbor-jobservice /harbor/entrypoint.sh Up (healthy)
harbor-log /bin/sh -c /usr/local/bin/ ... Up (healthy) 127.0.0.1:1514->10514/tcp
harbor-portal nginx -g daemon off; Exit 128
nginx nginx -g daemon off; Restarting
redis redis-server /etc/redis.conf Up (healthy) 6379/tcp
registry /home/harbor/entrypoint.sh Up (healthy) 5000/tcp
registryctl /home/harbor/start.sh Up (healthy)
使用docker-compose up -d将停止的服务重启
[root@docker01 ~/harbor]# docker-compose up -d
harbor-log is up-to-date
redis is up-to-date
Starting harbor-portal ...
registryctl is up-to-date
harbor-db is up-to-date
registry is up-to-date
harbor-core is up-to-date
Starting harbor-portal ... done
nginx is up-to-date
发现还是无法上传
[root@docker01 ~/harbor]# docker push 10.0.0.22/library/tomcat:v1
The push refers to repository [10.0.0.22/library/tomcat]
1b512c1c55fe: Preparing
772c853525a5: Preparing
3b7d4630f08c: Preparing
174f56854903: Preparing
unauthorized: unauthorized to access repository: library/tomcat, action: push: unauthorized to access repository: library/tomcat, action: push
此时需要登录仓库地址
[root@docker01 ~/harbor]# docker login 10.0.0.22
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
推送成功
[root@docker01 ~/harbor]# docker push 10.0.0.22/library/tomcat:v1
The push refers to repository [10.0.0.22/library/tomcat]
1b512c1c55fe: Pushed
772c853525a5: Pushed
3b7d4630f08c: Pushed
174f56854903: Pushed
v1: digest: sha256:610feb6bc88229270635798e5eac00dd8b42925eac1b6a9a9a377f8941fa44dc size: 1163
4、下载
其他服务器下载不需要登录
无法下载是因为没有配置信任
[root@docker02 ~]# docker pull 10.0.0.22/library/tomcat@sha256:610feb6bc88229270635798e5eac00dd8b42925eac1b6a9a9a377f8941fa44dc
Error response from daemon: Get https://10.0.0.22/v2/: dial tcp 10.0.0.22:443: connect: connection refused
[root@docker02 ~]# vim /etc/docker/daemon.json
[root@docker02 ~]# systemctl restart docker
配置信任之后拉去成功
[root@docker02 ~]# docker pull 10.0.0.22/library/tomcat@sha256:610feb6bc88229270635798e5eac00dd8b42925eac1b6a9a9a377f8941fa44dc
10.0.0.22/library/tomcat@sha256:610feb6bc88229270635798e5eac00dd8b42925eac1b6a9a9a377f8941fa44dc: Pulling from library/tomcat
2d473b07cdd5: Pull complete
69d2ba43082b: Pull complete
213c504a4b24: Pull complete
928768913e56: Pull complete
Digest: sha256:610feb6bc88229270635798e5eac00dd8b42925eac1b6a9a9a377f8941fa44dc
Status: Downloaded newer image for 10.0.0.22/library/tomcat@sha256:610feb6bc88229270635798e5eac00dd8b42925eac1b6a9a9a377f8941fa44dc
10.0.0.22/library/tomcat@sha256:610feb6bc88229270635798e5eac00dd8b42925eac1b6a9a9a377f8941fa44dc