使用简录:
- 依据《CentOS7部署安装Docker和Docker Compose工具简录》搭建部署CentOS7 Docker主机,需要同时安装Docker Compose工具:harbor 192.168.77.10
HOSTNAME=harbor
hostnamectl set-hostname "$HOSTNAME"
echo "$HOSTNAME">/etc/hostname
echo "$(grep -E '127|::1' /etc/hosts)">/etc/hosts
echo "$(ip a|grep "inet "|grep -v 127|grep 192|awk -F'[ /]' '{print $6}') $HOSTNAME">>/etc/hosts
- 依据《CentOS7 gitlab支持https的改造》创建一对密钥
yum -y install openssl
mkdir -pv /etc/harbor/ssl && cd /etc/harbor/ssl
openssl genrsa -out "/etc/harbor/ssl/harbor.vincent.com.key" 2048
openssl req -new -key "/etc/harbor/ssl/harbor.vincent.com.key" \
-out "/etc/harbor/ssl/harbor.vincent.com.csr"
openssl x509 -req -days 365 -in "/etc/harbor/ssl/harbor.vincent.com.csr" \
-signkey "/etc/harbor/ssl/harbor.vincent.com.key" \
-out "/etc/harbor/ssl/harbor.vincent.com.crt"
chmod 600 *
- Harbor离线安装包下载地址 https://github.com/goharbor/harbor/releases
# 下载离线安装包
cd /opt/
wget https://github.com/goharbor/harbor/releases/download/v1.10.1/harbor-offline-installer-v1.10.1.tgz
tar -xf harbor-offline-installer-v1.10.1.tgz
cd harbor
echo "$(hostname -i) vincent.cn-shanghai.vincent.com">>/etc/hosts
# 注意,仓库名要相当复杂,否则镜像会被解析成docker.io之下的镜像而被推送到dockerhub
sed -i "s/^hostname:.*$/hostname: vincent.cn-shanghai.vincent.com/g" harbor.yml
sed -i 's|/your/certificate/path|/etc/harbor/ssl/harbor.vincent.com.crt|g' harbor.yml
sed -i 's|/your/private/key/path|/etc/harbor/ssl/harbor.vincent.com.key|g' harbor.yml
# 执行安装脚本进行安装
./install.sh
# 简单启停
cd /opt/harbor
docker-compose stop
docker-compose start
# 日志目录:
cd /var/log/harbor
-
访问https://192.168.77.10 使用 admin/Harbor12345 登陆
-
创建公开项目 subject
-
用户管理创建用户 vincent/Vincent123
-
subject项目管理,添加成员 vincent为项目管理员
-
Tag保留设置为保留最近推送的2个
-
定时执行策略为自定义 0 * * * * * 即每分钟执行一次
-
垃圾清理,设定为每小时
-
设置harbor本机对本机的信任,并上传镜像测试
sed -i "s/^.*registry-mirrors.*$/&\n ,\"insecure-registries\": [\"vincent.cn-shanghai.vincent.com\"]/g" /etc/docker/daemon.json
sed -i 's|^\[Service\]$|&\nEnvironmentFile=-/etc/docker/daemon.json|g' /lib/systemd/system/docker.service
cd /opt/harbor
docker-compose stop
systemctl daemon-reload && systemctl restart docker
docker-compose start
# 使用创建的账户登陆
docker login vincent.cn-shanghai.vincent.com
# vincent/Vincent123
# 认证信息保存在 ~/.docker/config.json 中,其他主机同步该文件即可跳过认证步骤
# 尝试将镜像上传到harbor,上传多个版本并查看tag的保留策略是否为近期2个
count=1
for i in $(docker image ls -q)
do
clear
docker tag $i vincent.cn-shanghai.vincent.com/subject/test:${count}
docker push vincent.cn-shanghai.vincent.com/subject/test:${count}
count=$((${count}+1))
sleep 5
done
# 经测试,仓库不存在时会自动创建,设置的tag保留策略生效,最终保留的tag只有近期两个
# 注意,如果你的仓库名太过简单,此处push的时候会被推送到docker.io之上
- 其他主机设置信任并尝试上传和下载镜像
echo '192.168.77.10 vincent.cn-shanghai.vincent.com'>>/etc/hosts
sed -i "s/^.*registry-mirrors.*$/&\n ,\"insecure-registries\": [\"vincent.cn-shanghai.vincent.com\"]/g" /etc/docker/daemon.json
sed -i 's|^\[Service\]$|&\nEnvironmentFile=-/etc/docker/daemon.json|g' /lib/systemd/system/docker.service
systemctl daemon-reload && systemctl restart docker
docker login vincent.cn-shanghai.vincent.com
# vincent/Vincent123
docker pull busybox
docker tag busybox vincent.cn-shanghai.vincent.com/subject/busybox
docker push vincent.cn-shanghai.vincent.com/subject/busybox
- 删除环境
cd /opt/harbor
docker-compose down
cd /tmp
rm -rf /opt/harbor
docker image ls -q|xargs docker rmi
- API使用简录,浏览器打开https://192.168.77.10/devcenter
# 安装jq,对返回的json进行解析
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
yum clean all && yum makecache faster
yum -y install jq
# 获取到的curl命令还需要使用 -k 参数
# /repositories/{repo_name}/tags
curl -s -k -X -H "accept: application/json" \
-H "X-Xsrftoken: 1FirciyYU2fwz5acjt4L4t7Z0yO24I5s" \
GET "https://192.168.77.10/api/repositories/subject%2Ftest/tags" \
| jq '.[]|{name:.name,digest:.digest}'
# /repositories/{repo_name}/tags/{tag}
curl -s -k -X GET -H "accept: application/json" \
-H "X-Xsrftoken: 1FirciyYU2fwz5acjt4L4t7Z0yO24I5s" \
"https://192.168.77.10/api/repositories/subject%2Ftest/tags/15" \
| jq '.|{name:.name,digest:.digest}'
[TOC]