CentOS7 Docker Harbor私有仓库搭建使用简录

使用简录：

• 依据《CentOS7部署安装Docker和Docker Compose工具简录》搭建部署CentOS7 Docker主机，需要同时安装Docker Compose工具：harbor 192.168.77.10

HOSTNAME=harbor
hostnamectl set-hostname "$HOSTNAME"
echo "$HOSTNAME">/etc/hostname
echo "$(grep -E '127|::1' /etc/hosts)">/etc/hosts
echo "$(ip a|grep "inet "|grep -v 127|grep 192|awk -F'[ /]' '{print $6}') $HOSTNAME">>/etc/hosts

• 依据《CentOS7 gitlab支持https的改造》创建一对密钥

yum -y install openssl
mkdir -pv /etc/harbor/ssl && cd /etc/harbor/ssl
openssl genrsa -out "/etc/harbor/ssl/harbor.vincent.com.key" 2048
openssl req -new -key "/etc/harbor/ssl/harbor.vincent.com.key" \
  -out "/etc/harbor/ssl/harbor.vincent.com.csr"
openssl x509 -req -days 365 -in "/etc/harbor/ssl/harbor.vincent.com.csr" \
  -signkey "/etc/harbor/ssl/harbor.vincent.com.key" \
  -out "/etc/harbor/ssl/harbor.vincent.com.crt"
chmod 600 *

• Harbor离线安装包下载地址 https://github.com/goharbor/harbor/releases

# 下载离线安装包
cd /opt/
wget https://github.com/goharbor/harbor/releases/download/v1.10.1/harbor-offline-installer-v1.10.1.tgz
tar -xf harbor-offline-installer-v1.10.1.tgz
cd harbor
echo "$(hostname -i) vincent.cn-shanghai.vincent.com">>/etc/hosts
# 注意，仓库名要相当复杂，否则镜像会被解析成docker.io之下的镜像而被推送到dockerhub
sed -i "s/^hostname:.*$/hostname: vincent.cn-shanghai.vincent.com/g" harbor.yml
sed -i 's|/your/certificate/path|/etc/harbor/ssl/harbor.vincent.com.crt|g' harbor.yml
sed -i 's|/your/private/key/path|/etc/harbor/ssl/harbor.vincent.com.key|g' harbor.yml
# 执行安装脚本进行安装
./install.sh
# 简单启停
cd /opt/harbor
docker-compose stop
docker-compose start
# 日志目录：
cd /var/log/harbor

• 访问https://192.168.77.10 使用 admin/Harbor12345 登陆

• 创建公开项目 subject

• 用户管理创建用户 vincent/Vincent123

• subject项目管理，添加成员 vincent为项目管理员

• Tag保留设置为保留最近推送的2个
  

• 定时执行策略为自定义 0 * * * * * 即每分钟执行一次
  

• 垃圾清理，设定为每小时
  

• 设置harbor本机对本机的信任，并上传镜像测试

sed -i "s/^.*registry-mirrors.*$/&\n  ,\"insecure-registries\": [\"vincent.cn-shanghai.vincent.com\"]/g" /etc/docker/daemon.json
sed -i 's|^\[Service\]$|&\nEnvironmentFile=-/etc/docker/daemon.json|g' /lib/systemd/system/docker.service
cd /opt/harbor
docker-compose stop
systemctl daemon-reload && systemctl restart docker
docker-compose start

# 使用创建的账户登陆
docker login vincent.cn-shanghai.vincent.com
# vincent/Vincent123
# 认证信息保存在 ~/.docker/config.json 中，其他主机同步该文件即可跳过认证步骤

# 尝试将镜像上传到harbor，上传多个版本并查看tag的保留策略是否为近期2个
count=1
for i in $(docker image ls -q)
do
  clear
  docker tag $i vincent.cn-shanghai.vincent.com/subject/test:${count}
  docker push vincent.cn-shanghai.vincent.com/subject/test:${count}
  count=$((${count}+1))
  sleep 5
done
# 经测试，仓库不存在时会自动创建，设置的tag保留策略生效，最终保留的tag只有近期两个
# 注意，如果你的仓库名太过简单，此处push的时候会被推送到docker.io之上

• 其他主机设置信任并尝试上传和下载镜像

echo '192.168.77.10 vincent.cn-shanghai.vincent.com'>>/etc/hosts
sed -i "s/^.*registry-mirrors.*$/&\n  ,\"insecure-registries\": [\"vincent.cn-shanghai.vincent.com\"]/g" /etc/docker/daemon.json
sed -i 's|^\[Service\]$|&\nEnvironmentFile=-/etc/docker/daemon.json|g' /lib/systemd/system/docker.service
systemctl daemon-reload && systemctl restart docker
docker login vincent.cn-shanghai.vincent.com
# vincent/Vincent123
docker pull busybox
docker tag busybox vincent.cn-shanghai.vincent.com/subject/busybox
docker push vincent.cn-shanghai.vincent.com/subject/busybox

• 删除环境

cd /opt/harbor
docker-compose down
cd /tmp
rm -rf /opt/harbor
docker image ls -q|xargs docker rmi

• API使用简录，浏览器打开https://192.168.77.10/devcenter
  
  
  
  

# 安装jq，对返回的json进行解析
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
yum clean all && yum makecache faster
yum -y install jq 

# 获取到的curl命令还需要使用 -k 参数
# /repositories/{repo_name}/tags
curl -s -k -X -H "accept: application/json" \
  -H "X-Xsrftoken: 1FirciyYU2fwz5acjt4L4t7Z0yO24I5s" \
  GET "https://192.168.77.10/api/repositories/subject%2Ftest/tags" \
  | jq '.[]|{name:.name,digest:.digest}'

# /repositories/{repo_name}/tags/{tag}
curl -s -k -X GET -H "accept: application/json" \
  -H "X-Xsrftoken: 1FirciyYU2fwz5acjt4L4t7Z0yO24I5s" \
  "https://192.168.77.10/api/repositories/subject%2Ftest/tags/15" \
  | jq '.|{name:.name,digest:.digest}'

[TOC]