Docker私有倉庫部署和管理
Docker私有倉庫部署和管理
本章結構:
Harbor介紹mysql
部署Harbor所依賴的Docker Compose服務linux
部署Harbor服務nginx
Harbor平常操做管理web
Harbor管理生命週期sql
Harbor介紹
Harbor是VMware公司開源的企業級Docker Registry項目
Harbor的優點
基於角色控制docker
基於鏡像的複製策略數據庫
支持LDAP目錄服務/AD域服務json
圖像刪除和垃圾收集vim
圖形UI(能夠訪問Web界面)後端
審計
RESTful API
Harbor架構組成
Proxy:
經過一個前置的反向代理統一接收瀏覽器、Docker客戶端的請求, 並將請求轉發給後端不一樣的服務
Registry:倉庫
負責儲存Docker鏡像, 並處理docker push(上傳)/pull(下載)命令
Core services:
Harbor的核心功能,包括UI、webhook、 token(令牌) 服務
Database:mysql
爲core services提供數據庫服務
Log collector:
負責收集其餘組件的log,供往後進行分析
Docker私有倉庫架構拓撲:
過程介紹:
訪問倉庫以前先用帳戶訪問Core service,UI支持web界面,首次成功登陸後token發身份驗證令牌,後期用戶直接使用分發的令牌訪問database倉庫,查看鏡像,若是沒有就直接返回無鏡像名稱(hub公共倉庫下載),若是存在,使用webhook回調,倉庫發送信息返回客戶端,最終全部的操做信息都會記錄到log collector中
名詞解釋
webhook:
微服務當中的回調機制
token(令牌)生成方式:
1.服務器給予序列號,後面直接經過序列號找服務器驗證,方可經過
2.基於客戶端的MAC地址,生成字符串,每次傳參數時須要帶上MAC地址,此時服務器會去驗證MAC地址,若以前已驗證過則可直接經過
database:
存儲用戶信息,包括權限,鏡像的屬性信息
部署Harbor服務
下載Harbor安裝程序:
wget http://harbor.orientsoft.cn/harbor-1.2.2/harbor-offline-installer-v1.2.2.tgz tar xvf harbor-offline-installer-v1.2.2.tgz -C /usr/local
配置Harbor參數文件:
參數位於文件/usr/local/harbor/harbor.cfg
Harbor所須要參數:
hostname 、ui_url_protocol、max_job_workers
db_password、customize_crt、ssl_cert、ssl_cert_key
secretkey_path
Harbor可選參數:
電子郵件設置、harbour_admin_password、auth_mode
self_registration、token_expiration
project_creation_restriction、verify_remote_cert
啓動並安裝Harbor:
[root@localhost harbor]# sh /usr/local/harbor/install.sh
查看Harbor啓動鏡像並訪問管理頁面
建立一個新項目:
首先登陸Harbor
鏡像打tag
上傳鏡像到Harbor
以上操做都是在Harbor本地,若是其餘客戶端操做Harbor,就會報錯,須要在Harbor之外的其餘Docker客戶端修改配置,而後重啓Docker
Demo:Harbor私有倉庫部署
doncker私庫:CentOS 7-3:192.168.18.128
[root@localhost ~]# systemctl stop firewalld.service
[root@localhost ~]# setenforce 0
[root@localhost ~]# yum install yum-utils device-mapper-persistent-data lvm2 -y
[root@localhost ~]# yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
[root@localhost ~]# yum install -y docker-ce
[root@localhost ~]# systemctl start docker.service
[root@localhost ~]# systemctl enable docker.service
[root@localhost ~]# tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["https://w1ogxqvl.mirror.aliyuncs.com"]
}
EOF
[root@localhost ~]# vim /etc/sysctl.conf
`在末行下一行插入如下內容`
net.ipv4.ip_forward=1
#按Esc退出插入模式,輸入:wq保存退出
[root@localhost ~]# service network restart
Restarting network (via systemctl): [ 肯定 ]
[root@localhost ~]# systemctl restart docker
[root@localhost ~]# sysctl -p
net.ipv4.ip_forward = 1
[root@localhost ~]# systemctl daemon-reload
[root@localhost ~]# systemctl restart docker
[root@localhost ~]# mkdir /aaa
[root@localhost ~]# mount.cifs //192.168.0.105/rpm /aaa
Password for root@//192.168.0.105/rpm:
[root@localhost ~]# cd /aaa/docker/
[root@localhost docker]# cp docker-compose /usr/local/bin/
[root@localhost docker]# docker-compose -v
docker-compose version 1.21.1, build 5a3f1a3
部署Harbor服務
[root@localhost docker]# tar zxvf harbor-offline-installer-v1.2.2.tgz -C /usr/local/
[root@localhost docker]# cd /usr/local/
[root@localhost local]# ls
bin etc games harbor include lib lib64 libexec sbin share src
#此時有harbor目錄
[root@localhost local]# cd harbor/
[root@localhost harbor]# ls
common docker-compose.yml harbor.v1.2.2.tar.gz NOTICE
docker-compose.clair.yml harbor_1_1_0_template install.sh prepare
docker-compose.notary.yml harbor.cfg LICENSE upgrade
[root@localhost harbor]# vim harbor.cfg
hostname = 192.168.18.128 #第5行hostname後面改成本身客戶端的IP地址
harbor_admin_password = Harbor12345 #第59行默認用戶名爲admin,密碼爲Harbor12345
[root@localhost harbor]# sh /usr/local/harbor/install.sh
[root@localhost harbor]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
vmware/harbor-log v1.2.2 36ef78ae27df 2 years ago 200MB
vmware/harbor-jobservice v1.2.2 e2af366cba44 2 years ago 164MB
vmware/harbor-ui v1.2.2 39efb472c253 2 years ago 178MB
vmware/harbor-adminserver v1.2.2 c75963ec543f 2 years ago 142MB
vmware/harbor-db v1.2.2 ee7b9fa37c5d 2 years ago 329MB
vmware/nginx-photon 1.11.13 6cc5c831fc7f 2 years ago 144MB
vmware/registry 2.6.2-photon 5d9100e4350e 2 years ago 173MB
vmware/postgresql 9.6.4-photon c562762cbd12 2 years ago 225MB
vmware/clair v2.0.1-photon f04966b4af6c 2 years ago 297MB
vmware/harbor-notary-db mariadb-10.1.10 64ed814665c6 2 years ago 324MB
vmware/notary-photon signer-0.5.0 b1eda7d10640 2 years ago 156MB
vmware/notary-photon server-0.5.0 6e2646682e3c 2 years ago 157MB
photon 1.0 e6e4e4a2ba1b 3 years ago 128MB
#此時咱們能夠看到全部下載的鏡像
[root@localhost harbor]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
bd6e948955f2 vmware/harbor-jobservice:v1.2.2 "/harbor/harbor_jobs…" 3 minutes ago Up 3 minutes harbor-jobservice
45d02b396e2f vmware/nginx-photon:1.11.13 "nginx -g 'daemon of…" 3 minutes ago Up 3 minutes 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp nginx
0538aa954b1f vmware/harbor-ui:v1.2.2 "/harbor/harbor_ui" 3 minutes ago Up 3 minutes harbor-ui
ed741e609d5a vmware/harbor-adminserver:v1.2.2 "/harbor/harbor_admi…" 3 minutes ago Up 3 minutes harbor-adminserver
f0c689bedc71 vmware/registry:2.6.2-photon "/entrypoint.sh serv…" 3 minutes ago Up 3 minutes 5000/tcp #私庫的5000端口 registry
516f88c68b93 vmware/harbor-db:v1.2.2 "docker-entrypoint.s…" 3 minutes ago Up 3 minutes 3306/tcp #數據庫的3306端口 harbor-db
47a2fa42392c vmware/harbor-log:v1.2.2 "/bin/sh -c 'crond &…" 3 minutes ago Up 3 minutes 127.0.0.1:1514->514/tcp harbor-log
#此時全部的容器都屬於Up狀態
`經過編排一步完成鏡像的下載和容器的啓動`
[root@localhost harbor]# pwd
/usr/local/harbor #在工做目錄下
[root@localhost harbor]# docker-compose ps
Name Command State Ports
-----------------------------------------------------------------------------------------
harbor-adminserver /harbor/harbor_adminserver Up
harbor-db docker-entrypoint.sh mysqld Up 3306/tcp
harbor-jobservice /harbor/harbor_jobservice Up
harbor-log /bin/sh -c crond && rm -f ... Up 127.0.0.1:1514->514/tcp
harbor-ui /harbor/harbor_ui Up
nginx nginx -g daemon off; Up 0.0.0.0:443->443/tcp,
0.0.0.0:80->80/tcp
registry /entrypoint.sh serve /etc/ ... Up 5000/tcp
驗證:回到宿主機使用瀏覽器訪問192.168.18.128網頁可進入Harbor頁面
此時私庫中尚未鏡像,此時咱們須要選擇新建項目
使用CentOS 7-5客戶端登陸:
[root@localhost harbor]# docker login -u admin -p Harbor12345 http://127.0.0.1 WARNING! Using --password via the CLI is insecure. Use --password-stdin. WARNING! Your password will be stored unencrypted in /root/.docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store Login Succeeded #此時顯示登錄成功 [root@localhost harbor]# docker pull cirros #下載鏡像 [root@localhost harbor]# docker tag cirros 127.0.0.1/myproject-kgc/cirros:v1 #打標籤 [root@localhost harbor]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE 127.0.0.1/myproject-kgc/cirros v1 bc94bceaae77 12 months ago 10.3MB [root@localhost harbor]# docker push 127.0.0.1/myproject-kgc/cirros:v1 #上傳鏡像 The push refers to repository [127.0.0.1/myproject-kgc/cirros] abbd6d6ac643: Pushed 75b99987219d: Pushed 0cc237193a30: Pushed v1: digest: sha256:96137d51e0e46006243fa2403723eb47f67818802d1175b5cde7eaa7f19446bd size: 943
此時回到私庫頁面就能夠看到上傳的鏡像文件:
client客戶端:CentOS 7-5:192.168.18.145
[root@localhost ~]# systemctl stop firewalld.service
[root@localhost ~]# setenforce 0
[root@localhost ~]# yum install yum-utils device-mapper-persistent-data lvm2 -y
[root@localhost ~]# yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
[root@localhost ~]# yum install -y docker-ce
[root@localhost ~]# systemctl start docker.service
[root@localhost ~]# systemctl enable docker.service
[root@localhost ~]# tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["https://w1ogxqvl.mirror.aliyuncs.com"]
}
EOF
[root@localhost ~]# vim /etc/sysctl.conf
`在末行下一行插入如下內容`
net.ipv4.ip_forward=1
#按Esc退出插入模式,輸入:wq保存退出
[root@localhost ~]# service network restart
Restarting network (via systemctl): [ 肯定 ]
[root@localhost ~]# systemctl restart docker
[root@localhost ~]# sysctl -p
net.ipv4.ip_forward = 1
[root@localhost ~]# systemctl daemon-reload
[root@localhost ~]# systemctl restart docker
此時咱們使用CentOS 7-5客戶端訪問:
[root@localhost ~]# docker login -u admin -p Harbor12345 http://192.168.18.128 WARNING! Using --password via the CLI is insecure. Use --password-stdin. Error response from daemon: Get https://192.168.18.129/v2/: dial tcp 192.168.18.129:443: connect: connection refused `此時若是咱們使用登錄命令直接登錄的話會報錯,解決方法以下` #須要先指定私有倉庫的實例地址,以後就能夠利用其中的sock文件鏈接了 [root@localhost ~]# vim /usr/lib/systemd/system/docker.service ExecStart=/usr/bin/dockerd -H fd:// --insecure-registry 192.168.18.128 --containerd=/run/con tainerd/containerd.sock #第14行中間添加私有庫實例地址 [root@localhost ~]# systemctl daemon-reload [root@localhost ~]# systemctl restart docker [root@localhost ~]# docker login -u admin -p Harbor12345 http://192.168.18.128 Login Succeeded #此時就會顯示登錄成功
下載鏡像使用:
[root@localhost ~]# docker pull cirros [root@localhost ~]# docker pull 192.168.18.128/myproject-kgc/cirros:v1 v1: Pulling from myproject-kgc/cirros Digest: sha256:96137d51e0e46006243fa2403723eb47f67818802d1175b5cde7eaa7f19446bd Status: Downloaded newer image for 192.168.18.128/myproject-kgc/cirros:v1 192.168.18.128/myproject-kgc/cirros:v1 [root@localhost ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE 192.168.18.128/myproject-kgc/cirros v1 bc94bceaae77 12 months ago 10.3MB cirros latest bc94bceaae77 12 months ago 10.3MB `打標籤,注意打標籤的時候項目名稱必定要與以前上傳的鏡像一致,此處爲192.168.18.128/myproject-kgc/` [root@localhost ~]# docker tag cirros:latest 192.168.18.128/myproject-kgc/cirros:v2 #打標籤 [root@localhost ~]# docker push 192.168.18.128/myproject-kgc/cirros:v2 #上傳 The push refers to repository [192.168.18.128/myproject-kgc/cirros] abbd6d6ac643: Layer already exists 75b99987219d: Layer already exists 0cc237193a30: Layer already exists v2: digest: sha256:96137d51e0e46006243fa2403723eb47f67818802d1175b5cde7eaa7f19446bd size: 943
此時咱們到私有倉庫頁面刷新就能夠可看到兩個鏡像文件了,其中包含了咱們剛剛上傳的v2鏡像
[root@localhost ~]# docker pull nginx [root@localhost ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE nginx latest f7bb5701a33c 6 days ago 126MB [root@localhost ~]# docker tag nginx:latest 192.168.18.128/myproject-kgc/nginx:new [root@localhost ~]# docker push 192.168.18.128/myproject-kgc/nginx:new The push refers to repository [192.168.18.128/myproject-kgc/nginx] 75248c0d5438: Pushed 49434cc20e95: Pushed 556c5fb0d91b: Pushed new: digest: sha256:36b77d8bb27ffca25c7f6f53cadd059aca2747d46fb6ef34064e31727325784e size: 948
維護管理
(1).在CentOS 7-3中的操做
[root@localhost harbor]# docker-compose down -v #關閉容器 Stopping nginx ... done Stopping harbor-jobservice ... done Stopping harbor-ui ... done Stopping harbor-db ... done Stopping harbor-adminserver ... done Stopping registry ... done Stopping harbor-log ... done Removing nginx ... done Removing harbor-jobservice ... done Removing harbor-ui ... done Removing harbor-db ... done Removing harbor-adminserver ... done Removing registry ... done Removing harbor-log ... done Removing network harbor_harbor `修改配置文件` vim harbor.cfg [root@localhost harbor]# ./prepare #加載配置文件 [root@localhost harbor]# docker-compose up -d #啓動 Creating network "harbor_harbor" with the default driver Creating harbor-log ... done Creating registry ... done Creating harbor-db ... done Creating harbor-adminserver ... done Creating harbor-ui ... done Creating nginx ... done Creating harbor-jobservice ... done
(2).建立新用戶:
接下來咱們嘗試用客戶端登陸:
`須要先註銷登出,再從新登陸` [root@localhost ~]# docker logout http://192.168.18.128 #登出 Removing login credentials for 192.168.18.128 [root@localhost ~]# docker login http://192.168.18.128 #登陸 Username: kgc-zhou #輸入用戶名kgc-zhou Password: #輸入密碼Harbor12345 WARNING! Your password will be stored unencrypted in /root/.docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store Login Succeeded #顯示登錄成功
(3).建立項目開發人員:
相關文章
- 1. Docker私有倉庫部署和管理
- 2. Docker私有倉庫部署
- 3. Docker部署私有倉庫
- 4. Docker 部署Registry私有倉庫+Harbor私有倉庫
- 5. 部署docker-registry私有倉庫
- 6. Docker私有倉庫的部署
- 7. Docker部署私有倉庫(registry&Harbor)
- 8. docker-windows部署私有倉庫
- 9. kubernetes部署Docker私有倉庫Registry
- 10. Docker 私有倉庫搭建,Shipyard管理器部署
- 更多相關文章...
- • Docker 倉庫管理 - Docker教程
- • Maven 自動化部署 - Maven教程
- • Docker 清理命令
- • 使用阿里雲OSS+CDN部署前端頁面與加速靜態資源
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
歡迎關注本站公眾號,獲取更多信息
