docker部署Harbor
Harbor是一个用于存储和分发Docker镜像的企业级Registry服务器,可以用来构建企业内部的Docker镜像仓库。
它在Docker的开源项目 Distribution的基础上,添加了一些企业需要的功能特性,如镜像同步复制、漏洞扫描和权限管理等。
//将提前下载好的包拉进来
[root@localhost ~]# ls
anaconda-ks.cfg docker-compose-linux-x86_64 httpd_html runtime.gz
//修改名字并放在指定目录下
[root@localhost ~]# mv docker-compose-linux-x86_64 /usr/bin/docker-compose/
//添加执行权限
[root@localhost bin]# chmod +x docker-compose
[root@localhost bin]# docker-compose -v
Docker Compose version v2.7.0
//将提前下载好的压缩包拉进来
[root@localhost ~]# ls
anaconda-ks.cfg harbor-offline-installer-v2.4.3.tgz httpd_html runtime.gz
//压缩到/usr/local目录下
[root@localhost ~]# tar xf harbor-offline-installer-v2.4.3.tgz -C /usr/local/
[root@localhost ~]# cd /usr/local/harbor/
[root@localhost harbor]# ls
LICENSE harbor.v2.4.3.tar.gz install.sh
common.sh harbor.yml.tmpl prepare
//修改配置文件
[root@localhost harbor]# vim harbor.yml.tmpl
hostname: localhost //修改成本主机名
# https related config //全部注释没有https
#https:
# https port for harbor, default is 443
# port: 443
# The path of cert and key files for nginx
# certificate: /your/certificate/path
# private_key: /your/private/key/path
[root@localhost harbor]# cp harbor.yml.tmpl harbor.yml
[root@localhost harbor]# ls
LICENSE harbor.v2.4.3.tar.gz harbor.yml.tmpl prepare
common.sh harbor.yml install.sh
//安装
[root@localhost harbor]# ./install.sh
[root@localhost harbor]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
07f3d9235e7f goharbor/harbor-jobservice:v2.4.3 "/harbor/entrypoint.…" 3 minutes ago Up 3 minutes (healthy) harbor-jobservice
695eab7ea162 goharbor/nginx-photon:v2.4.3 "nginx -g 'daemon of…" 3 minutes ago Up 3 minutes (healthy) 0.0.0.0:80->8080/tcp, :::80->8080/tcp nginx
a379a8ccdea9 goharbor/harbor-core:v2.4.3 "/harbor/entrypoint.…" 3 minutes ago Up 3 minutes (healthy) harbor-core
2d55ff6bc175 goharbor/registry-photon:v2.4.3 "/home/harbor/entryp…" 3 minutes ago Up 3 minutes (healthy) registry
6a00f1bfc58c goharbor/harbor-portal:v2.4.3 "nginx -g 'daemon of…" 3 minutes ago Up 3 minutes (healthy) harbor-portal
4f1f6c1c8d37 goharbor/redis-photon:v2.4.3 "redis-server /etc/r…" 3 minutes ago Up 3 minutes (healthy) redis
878ebdb9e103 goharbor/harbor-db:v2.4.3 "/docker-entrypoint.…" 3 minutes ago Up 3 minutes (healthy) harbor-db
e6357fdcb967 goharbor/harbor-registryctl:v2.4.3 "/home/harbor/start.…" 3 minutes ago Up 3 minutes (healthy) registryctl
63b3b96042dc goharbor/harbor-log:v2.4.3 "/bin/sh -c /usr/loc…" 3 minutes ago Up 3 minutes (healthy) 127.0.0.1:1514->10514/tcp harbor-log
0764ac9c4e2b zjunwhite/httpd:v0.1 "/bin/bash" 22 hours ago Created test2
d6e228d4ece3 zjunwhite/httpd:v0.1 "/bin/bash" 2 days ago Exited (0) 2 days ago t1
60baa880cf17 5d0da3dc9764 "/bin/bash" 2 days ago Exited (0) 14 hours ago httpd
//查看端口
[root@localhost harbor]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 127.0.0.1:1514 0.0.0.0:*
LISTEN 0 128 0.0.0.0:80 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:80 [::]:*
LISTEN 0 128 [::]:22 [::]:*
//设置容器开机自启
[root@localhost harbor]# vim /etc/rc.local
#!/bin/bash //添加下面两行
cd /usr/local/harbor
docker-compose start
//添加执行权限
[root@localhost harbor]# ll /etc/rc.d/rc.local
-rw-r--r--. 1 root root 516 Aug 12 11:02 /etc/rc.d/rc.local
[root@localhost harbor]# chmod +x /etc/rc.d/rc.local
浏览器访问:用户名与密码可在harbor.yml
配置文件中找到,修改密码的话也在这里面改
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
07f3d9235e7f goharbor/harbor-jobservice:v2.4.3 "/harbor/entrypoint.…" 19 minutes ago Up 38 seconds (healthy) harbor-jobservice
695eab7ea162 goharbor/nginx-photon:v2.4.3 "nginx -g 'daemon of…" 19 minutes ago Up 38 seconds (healthy) 0.0.0.0:80->8080/tcp, :::80->8080/tcp nginx
a379a8ccdea9 goharbor/harbor-core:v2.4.3 "/harbor/entrypoint.…" 19 minutes ago Up 38 seconds (healthy) harbor-core
2d55ff6bc175 goharbor/registry-photon:v2.4.3 "/home/harbor/entryp…" 19 minutes ago Up 38 seconds (healthy) registry
6a00f1bfc58c goharbor/harbor-portal:v2.4.3 "nginx -g 'daemon of…" 19 minutes ago Up 38 seconds (healthy) harbor-portal
4f1f6c1c8d37 goharbor/redis-photon:v2.4.3 "redis-server /etc/r…" 19 minutes ago Up 37 seconds (healthy) redis
878ebdb9e103 goharbor/harbor-db:v2.4.3 "/docker-entrypoint.…" 19 minutes ago Up 38 seconds (healthy) harbor-db
e6357fdcb967 goharbor/harbor-registryctl:v2.4.3 "/home/harbor/start.…" 19 minutes ago Up 38 seconds (healthy) registryctl
63b3b96042dc goharbor/harbor-log:v2.4.3 "/bin/sh -c /usr/loc…" 19 minutes ago Up 38 seconds (healthy) 127.0.0.1:1514->10514/tcp harbor-log
//停止harbor中的几台容器,模拟容器故障
[root@localhost harbor]# docker stop 07f3d9235e7f
07f3d9235e7f
[root@localhost harbor]# docker stop 695eab7ea162
695eab7ea162
浏览器中已经不能访问了
//使用docker-compose restar命令编排重启harbor
[root@localhost harbor]# docker-compose restart
[+] Running 9/9
⠿ Container harbor-log Started 10.5s
⠿ Container registryctl Started 10.9s
⠿ Container redis Started 1.2s
⠿ Container registry Started 1.2s
⠿ Container harbor-portal Started 1.2s
⠿ Container harbor-db Started 10.9s
⠿ Container harbor-core Started 0.4s
⠿ Container harbor-jobservice Started 0.5s
⠿ Container nginx Started 0.7s
再去浏览器访问又可以访问了
//将harbor服务端的主机域名映射
[root@localhost ~]# cd /usr/local/harbor/
[root@localhost harbor]# vim /etc/hosts
192.168.192.129 localhost.localdomain
//测试能否ping通
[root@localhost harbor]# ping localhost.localdomain
PING localhost.localdomain(localhost (::1)) 56 data bytes
64 bytes from localhost (::1): icmp_seq=1 ttl=64 time=0.017 ms
64 bytes from localhost (::1): icmp_seq=2 ttl=64 time=0.025 ms
^C
--- localhost.localdomain ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1042ms
rtt min/avg/max/mdev = 0.017/0.021/0.025/0.004 ms
//使用insecure-registries参数添加http支持
[root@localhost harbor]# vim /etc/docker/daemon.json
{
"registry-mirrors": ["https://gxroeyl8.mirror.aliyuncs.com"],
"insecure-registries": ["192.168.192.129"]
}
//重启docker
[root@localhost harbor]# systemctl daemon-reload
[root@localhost harbor]# systemctl restart docker.service
//登录harbor
[root@localhost harbor]# docker login 192.168.192.129
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
//修改镜像名标签,上传镜像
[root@localhost harbor]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
zjunwhite/httpd v0.1 e11bc12ce351 4 days ago 671MB
[root@localhost harbor]# docker tag zjunwhite/httpd:v0.1 192.168.192.129/library/httpd:v0.1
[root@localhost harbor]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.192.129/library/httpd v0.1 e11bc12ce351 4 days ago 671MB
[root@localhost harbor]# docker push 192.168.192.129/library/httpd:v0.1
The push refers to repository [192.168.192.129/library/httpd]
c46c49bd686d: Pushed
74ddd0ec08fa: Pushed
v0.1: digest: sha256:44951d9ac847799cafe2a549bb038c1c94190d28fd397e7a42aee412e41de28c size: 742