經過harbor搭建私有docker registry
- 流程:
- 安裝docker
- 安裝docker-compose
- 安裝harbor
- 修改docker啓動選項,使默認docker login爲http
- 簡單使用示例
- 系統環境:
- CentOS 7.4.1708
- docker-ce 18.06.0-ce (client/server)
- docker-compose 1.16.1
- 安裝路徑:/usr/local/bin/
- harbor v1.6.0
- 安裝路徑:/usr/local/harbor/
一. 安裝docker
- 配置yum源
- 在/etc/yum.repos.d/目錄下建立docker.repo文件,並添加如下內容
[docker] name=docker enabled=1 baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/x86_64/stable/ gpgcheck=0 enabled=1
- 執行如下命令安裝docker-ce,等待安裝完成便可
[root@node ~]# yum install -y docker-ce
二. 安裝docker-compose
- 下載二進制文件至指定路徑下、給予執行權限(不×××死慢)
curl -L https://github.com/docker/compose/releases/download/1.16.1/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose chmod + x /usr/local/bin/docker-compose
- 也可到https://github.com/docker/compose/releases/下載最新版
- 執行docker-compose需在包含docker-compose.yml(harbor自帶該文件)的目錄
- 驗證docker-compose是否安裝好
[root@node ~]# docker-compose version docker-compose version 1.16.1, build 6d1ac21 docker-py version: 2.5.1 CPython version: 2.7.13 OpenSSL version: OpenSSL 1.0.1t 3 May 2016
- 卸載docker-compose
rm -rf /usr/local/bin/docker-compose
三. 安裝 Harbor
- 系統需求:
- docker:1.10.0+
- docker-compose:1.6.0+
- Python:2.7或更高
- Openssl:若使用https方式,需安裝最新版
1. 下載harbor安裝包node
- Online installer:
- 下載連接:https://storage.googleapis.com/harbor-releases/harbor-offline-installer-v1.5.2.tgz
- md5: 49f5ce1cab8125e59d45af305b8f46fe
- Offline installer:
- 下載連接:https://storage.googleapis.com/harbor-releases/harbor-online-installer-v1.5.2.tgz
- md5: abd7a80c052cc10b3346062f65f96b96
2. 解壓安裝包至/usr/local/harbor/目錄下mysql
3. 編輯harbor.cfg文件:linux
- 必須項:
hostname = reg.lxk.com #IP地址或FQDN
ui_url_protocol = http
#通信協議。默認docker pull/push通信協議爲https。若爲https,需配置證書。
max_job_workers = 50 #最大工做進程(默認值)
db_password = root123 #harbor數據密碼(默認值)
customize_crt = on #默認on:準備腳本爲registry的令牌的生成/驗證建立私鑰和根證書。
#off :密鑰和根證書由外部存儲提供
ssl_cert = /data/cert/server.crt #SSL證書的路徑,僅在ui_url_protocol爲https時有效
ssl_cert_key = /data/cert/server.key #SSL密鑰的路徑,僅在ui_url_protocol爲https時有效
secretkey_path = /data #The path of secretkey storage
log_rotate_count = 50 #日誌輪轉次數(保留多少次輪轉日誌,使用默認值)
log_rotate_size = 200M #日誌達到多大時執行輪轉操做(使用默認值)
- 可選項:
self_registration = off #禁止用戶註冊 project_creation_restriction = adminonly #設置只有管理員能夠建立項目 harbor_admin_password = centos #網頁登陸管理賬號的密碼,默認帳號密碼爲:admin/Harbor12345
- 郵箱設置:
- 只有此處設置了郵箱設置,才容許用戶發送「密碼重置」電子郵件
email_server = smtp.mydomain.com email_server_port = 25 email_identity = email_username = sample_admin@mydomain.com email_password = abc email_from = admin sample_admin@mydomain.com email_ssl = false email_insecure = false
4. 執行安裝腳本nginx
- 這是已經安裝過又執行一次的結果,能夠下載離線安裝包,也能夠用鏡像加速。
[root@node ~]# cd /usr/local/harbor/ [root@node harbor]# ./install.sh [Step 0]: checking installation environment ... Note: docker version: 18.06.0 Note: docker-compose version: 1.16.1 [Step 1]: preparing environment ... Clearing the configuration file: ./common/config/adminserver/env Clearing the configuration file: ./common/config/ui/env Clearing the configuration file: ./common/config/ui/app.conf Clearing the configuration file: ./common/config/ui/private_key.pem Clearing the configuration file: ./common/config/db/env Clearing the configuration file: ./common/config/jobservice/env Clearing the configuration file: ./common/config/jobservice/config.yml Clearing the configuration file: ./common/config/registry/config.yml Clearing the configuration file: ./common/config/registry/root.crt Clearing the configuration file: ./common/config/nginx/nginx.conf Clearing the configuration file: ./common/config/log/logrotate.conf loaded secret from file: /data/secretkey Generated configuration file: ./common/config/nginx/nginx.conf Generated configuration file: ./common/config/adminserver/env Generated configuration file: ./common/config/ui/env Generated configuration file: ./common/config/registry/config.yml Generated configuration file: ./common/config/db/env Generated configuration file: ./common/config/jobservice/env Generated configuration file: ./common/config/jobservice/config.yml Generated configuration file: ./common/config/log/logrotate.conf Generated configuration file: ./common/config/jobservice/config.yml Generated configuration file: ./common/config/ui/app.conf Generated certificate, key file: ./common/config/ui/private_key.pem, cert file: ./common/config/registry/root.crt The configuration files are ready, please use docker-compose to start the service. [Step 2]: checking existing instance of Harbor ... Note: stopping existing Harbor instance ... Removing nginx ... done Removing harbor-jobservice ... done Removing harbor-ui ... done Removing redis ... done Removing harbor-adminserver ... done Removing registry ... done Removing harbor-db ... done Removing harbor-log ... done Removing network harbor_harbor [Step 3]: starting Harbor ... Creating network "harbor_harbor" with the default driver Creating harbor-log ... Creating harbor-log ... done Creating harbor-db ... Creating redis ... Creating harbor-adminserver ... Creating registry ... Creating harbor-db Creating redis Creating registry Creating harbor-db ... done Creating harbor-ui ... Creating harbor-ui ... done Creating harbor-jobservice ... Creating nginx ... Creating nginx Creating nginx ... done ✔ ----Harbor has been installed and started successfully.---- Now you should be able to visit the admin portal at http://reg.lxk.com. For more details, please visit https://github.com/vmware/harbor .
5. 查看安裝好的harborgit
[root@node harbor]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 45c849240289 vmware/harbor-jobservice:v1.5.2 "/harbor/start.sh" 2 minutes ago Up 2 minutes harbor-jobservice 24df8c8d740e vmware/nginx-photon:v1.5.2 "nginx -g 'daemon of…" 2 minutes ago Up 2 minutes (healthy) 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp nginx 49a2e63d33eb vmware/harbor-ui:v1.5.2 "/harbor/start.sh" 2 minutes ago Up 2 minutes (healthy) harbor-ui 44edfc92d5c2 vmware/harbor-adminserver:v1.5.2 "/harbor/start.sh" 2 minutes ago Up 2 minutes (healthy) harbor-adminserver a2d2f2a08e77 vmware/registry-photon:v2.6.2-v1.5.2 "/entrypoint.sh serv…" 2 minutes ago Up 2 minutes (healthy) 5000/tcp registry 229dddfc0e34 vmware/redis-photon:v1.5.2 "docker-entrypoint.s…" 2 minutes ago Up 2 minutes 6379/tcp redis 97ac1f88d6a7 vmware/harbor-db:v1.5.2 "/usr/local/bin/dock…" 2 minutes ago Up 2 minutes (healthy) 3306/tcp harbor-db d96f1ce61867 vmware/harbor-log:v1.5.2 "/bin/sh -c 'crond &…" 2 minutes ago Up 2 minutes 514/tcp, 127.0.0.1:1514->10514/tcp harbor-log
四. 用docker-compose管理harbor
- docker-compose命令註釋
docker-compose
Define and run multi-container applications with Docker.
#定義並運行多個docker容器
Usage:
docker-compose [-f <arg>...] [options] [COMMAND] [ARGS...]
docker-compose -h|--help
Options:
-f, --file FILE Specify an alternate compose file (default: docker-compose.yml)
#指定配置文件,默認當前目錄下docker-compose.yml
--verbose Show more output
-v, --version Print version and exit
Commands:
down Stop and remove containers, networks, images, and volumes
#中止並刪除容器、網絡、docker鏡像和卷組
kill Kill containers #關閉容器
logs View output from containers #顯示容器的日誌
pause Pause services #暫停服務
ps List containers #顯示容器列表
pull Pull service images #下載一個服務鏡像
push Push service images #推送一個服務鏡像至服務器
restart Restart services #重啓鏡像
rm Remove stopped containers #刪除中止的窗口
run Run a one-off command #運行一箇中止的命令
start Start services #啓動服務
stop Stop services #中止服務
top Display the running processes #顯示運行中的進程
unpause Unpause services #恢復暫停中的服務
up Create and start containers #建立並運行一個容器
version Show the Docker-Compose version information #顯示docker-compose的版本
- docker-compose命令運行時須要配置文件docker-compose.yml,該文件在harbor目錄下,故運行docker-compose命令須要在/usr/local/harbor目錄。也可用-f選項指定compose文件。
例:使用-f參數指定docker-compose.yml文件github
[root@node ~]# docker-compose -f /usr/local/harbor/docker-compose.yml ps
Name Command State Ports
------------------------------------------------------------------------------------------------------------------------------
harbor-adminserver /harbor/start.sh Up
harbor-db /usr/local/bin/docker-entr ... Up 3306/tcp
harbor-jobservice /harbor/start.sh Up
harbor-log /bin/sh -c crond && rsyslo ... Up 127.0.0.1:1514->10514/tcp, 514/tcp
harbor-ui /harbor/start.sh Up
nginx nginx -g daemon off; Up 0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp, 0.0.0.0:80->80/tcp
redis docker-entrypoint.sh redis ... Up 6379/tcp
registry /entrypoint.sh serve /etc/ ... Up 5000/tcp
例:不指定docker-compose.yml文件時會報錯redis
[root@node ~]# docker-compose ps
ERROR:
Can't find a suitable configuration file in this directory or any
parent. Are you in the right directory?
Supported filenames: docker-compose.yml, docker-compose.yaml
- 使用docker-compose管理容器:
[root@node harbor]# docker-compose ps #查看運行中的容器
Name Command State Ports
------------------------------------------------------------------------------------------------------------------------------
harbor-adminserver /harbor/start.sh Up
harbor-db /usr/local/bin/docker-entr ... Up 3306/tcp
harbor-jobservice /harbor/start.sh Up
harbor-log /bin/sh -c crond && rsyslo ... Up 127.0.0.1:1514->10514/tcp, 514/tcp
harbor-ui /harbor/start.sh Up
nginx nginx -g daemon off; Up 0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp, 0.0.0.0:80->80/tcp
redis docker-entrypoint.sh redis ... Up 6379/tcp
registry /entrypoint.sh serve /etc/ ... Up 5000/tcp
[root@node harbor]# docker-compose stop #關閉harbor各容器
Stopping harbor-jobservice ... done
Stopping nginx ... done
Stopping harbor-ui ... done
Stopping harbor-adminserver ... done
Stopping registry ... done
Stopping redis ... done
Stopping harbor-db ... done
Stopping harbor-log ... done
[root@node harbor]# docker-compose ps #查看當前各harbor container狀態
Name Command State Ports
----------------------------------------------------------------------
harbor-adminserver /harbor/start.sh Exit 137
harbor-db /usr/local/bin/docker-entr ... Exit 0
harbor-jobservice /harbor/start.sh Exit 137
harbor-log /bin/sh -c crond && rsyslo ... Exit 137
harbor-ui /harbor/start.sh Exit 137
nginx nginx -g daemon off; Exit 0
redis docker-entrypoint.sh redis ... Exit 0
registry /entrypoint.sh serve /etc/ ... Exit 137
[root@node harbor]# docker-compose start #該命令運行時會報錯,用restart就能夠。
Starting log ... done
Starting redis ... error
Starting adminserver ... error
Starting registry ... error
Starting ui ... error
Starting mysql ... error
Starting jobservice ... error
Starting proxy ... error
ERROR: for mysql Cannot start service mysql: failed to initialize logging driver: dial tcp 127.0.0.1:1514: connect: connection refused
ERROR: for redis Cannot start service redis: failed to initialize logging driver: dial tcp 127.0.0.1:1514: connect: connection refused
ERROR: for registry Cannot start service registry: failed to initialize logging driver: dial tcp 127.0.0.1:1514: connect: connection refused
ERROR: for adminserver Cannot start service adminserver: failed to initialize logging driver: dial tcp 127.0.0.1:1514: connect: connection refused
- 關於服務啓動報錯的緣由:
guy-hub該項目issue上有提到這個問題的,緣由是日誌服務未先啓動
而其它服務須要先到日誌服務器註冊,因此會形成端口訪問拒絕。
解決方法沒有,答主只說後續會關注。sql
[root@node harbor]# docker-compose restart #使用restart能夠正常啓動,可是有時也會報錯,多來兩次就行了。 Restarting harbor-jobservice ... done Restarting nginx ... done Restarting harbor-ui ... done Restarting harbor-adminserver ... done Restarting registry ... done Restarting redis ... done Restarting harbor-db ... done Restarting harbor-log ... done
五. 測試訪問harbor
- 在瀏覽器輸入 reg.lxk.com,請你們根據本身的配置狀況輸入訪問的域名;
- 默認帳號密碼: admin / Harbor12345 登陸後修改密碼
六. 測試上傳和下載鏡像
- docker registry通信協議默認爲https,須要配置證書。若未配置證書,須要作如下修改:
[root@node ~]# vim /usr/lib/systemd/system/docker.service ExecStart=/usr/bin/dockerd --insecure-registry reg.lxk.com #在ExecStart後面加上--insecure-registry reg.lxk.com #後面的reg.lxk.com爲harbor.cfg中hostname配置的值
- 重載systemd並重啓docker
[root@node test]# systemctl daemon-reload [root@node test]# systemctl restart docker
- 建立一個Dockerfile文件
[root@node ~]# mkdir test [root@node ~]# cd test/ [root@node test]# vim Dockerfile # vim Dockerfile FROM centos:centos7.1.1503 ENV TZ "Asia/Shanghai"
- 建立鏡像
[root@node test]# docker build -t reg.lxk.com/library/centos7.1:v0.1 ./ Sending build context to Docker daemon 2.048kB Step 1/2 : FROM centos:centos7.1.1503 ---> fbe8925ecf55 Step 2/2 : ENV TZ "Asia/Shanghai" ---> Using cache ---> 930eec2ed889 Successfully built 930eec2ed889 Successfully tagged reg.lxk.com/library/centos7.1:v0.1
- 登陸到reg.lxk.com並push鏡像
[root@node harbor]# docker login reg.lxk.com Authenticating with existing credentials... #以現有證書認證 WARNING! Your password will be stored unencrypted in /root/.docker/config.json. #警告!你的密碼會以明文保存在/root/.docker/config.json Configure a credential helper to remove this warning. See #配置證書就會再也不顯示該警告 https://docs.docker.com/engine/reference/commandline/login/#credentials-store #詳情請看這網址 Login Succeeded #登陸成功 [root@node harbor]# docker tag 9432976b676f reg.lxk.com/library/swaggerapi/swagger-ui:latest #給已存在的鏡像打標籤 [root@node harbor]# docker push reg.lxk.com/library/swaggerapi/swagger-ui:latest #把打好標籤的鏡像push至私有registry The push refers to repository [reg.lxk.com/library/swaggerapi/swagger-ui] 47c77f5f4ee4: Pushed ab4588773347: Pushed 5382149040dc: Pushed a8d7d0b05699: Pushed a9031380f2d7: Pushed 7105cc56962c: Pushed latest: digest: sha256:0b5457c35fa0b21c08780dd84afe3f27525bee462261dff9b8e08a1e70414109 size: 1571
- 驗證鏡像文件是否已push至私有registry
- 打好標籤的鏡像文件已保存至reg.lxk.com的library下
- 用局域網中另一臺機器下載鏡像
- 安裝docker
- 修改/usr/lib/systemd/system/docker.service
- 點擊圖中圖標便可複製docker pull命令,至shell下粘貼便可。
- 下載鏡像文件:
[root@node ~]# docker pull reg.lxk.com/library/swaggerapi/swagger-ui:latest #命令中的內容是由上圖中直接複製而來,沒必要進行任何修改。 latest: Pulling from library/swaggerapi/swagger-ui f4900964ff56: Pull complete 6f8087d9ed5d: Pull complete 31023fcfba5a: Pull complete 8c462391de19: Pull complete ba9c0a3c3f9a: Pull complete 6a4540734666: Pull complete Digest: sha256:0b5457c35fa0b21c08780dd84afe3f27525bee462261dff9b8e08a1e70414109 Status: Downloaded newer image for reg.lxk.com/library/swaggerapi/swagger-ui:latest [root@node ~]# docker image ls REPOSITORY TAG IMAGE ID CREATED SIZE reg.lxk.com/library/centos7.1 0.1 930eec2ed889 23 hours ago 212MB reg.lxk.com/library/swaggerapi/swagger-ui latest 9432976b676f 6 days ago 15.4MB
相關文章
- 1. Docker搭建私有倉庫(registry與Harbor)
- 2. docker——7、Docker私有Registry(Harbor)
- 3. Docker之Registry私有倉庫+Harbor私有倉庫的搭建
- 4. docker+harbor—搭建Docker私有倉庫
- 5. Docker搭建私有registry
- 6. docker 搭建私有registry
- 7. 搭建私有Docker Registry
- 8. [docker]搭建私有registry
- 9. 【Docker】搭建 Docker 私有倉庫 harbor
- 10. docker私有庫搭建過程(Registry)
- 更多相關文章...
- • Swift 環境搭建 - Swift 教程
- • Rust 環境搭建 - RUST 教程
- • Docker 清理命令
- • 適用於PHP初學者的學習線路和建議
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
最新文章
- 1. Appium入門
- 2. Spring WebFlux 源碼分析(2)-Netty 服務器啓動服務流程 --TBD
- 3. wxpython入門第六步(高級組件)
- 4. CentOS7.5安裝SVN和可視化管理工具iF.SVNAdmin
- 5. jedis 3.0.1中JedisPoolConfig對象缺少setMaxIdle、setMaxWaitMillis等方法,問題記錄
- 6. 一步一圖一代碼,一定要讓你真正徹底明白紅黑樹
- 7. 2018-04-12—(重點)源碼角度分析Handler運行原理
- 8. Spring AOP源碼詳細解析
- 9. Spring Cloud(1)
- 10. python簡單爬去油價信息發送到公衆號
歡迎關注本站公眾號,獲取更多信息
相關文章