Docker-Harbor宿主方式部署

一、本地Harbor搭建

1.1、源码托管地址及安装包下载

• 源代码托管在github:https://github.com/goharbor/harbor

1.2、docker环境搭建

1.##########################确保时间同步########################
    yum.repos.d]# ntpdata ntp1.aliyun.com
 
2.#######################下载docker yum源######################
    yum.repos.d]# pwd
    /etc/yum.repos.d
    yum.repos.d]# wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo     #下载的docker源为阿里云
 
 
3.#####################安装docker社区版########################
    如果有报错
    Error: Package: 3:docker-ce-18.09.0-3.el7.x86_64 (docker-ce-stable)
            Requires: container-selinux >= 2.9
    You could try using --skip-broken to work around the problem
    You could try running: rpm -Va --nofiles --nodigest
    #报错解决方案
        yum install http://vault.centos.org/centos/7.3.1611/extras/x86_64/Packages/container-selinux-2.9-4.el7.noarch.rpm
    #安装docker
    yum.repos.d]# yum install docker-ce
 
4.############################使用镜像加速#####################
方式一：aliyun官网镜像加速
  https://cr.console.aliyun.com
方式二：docker公共加速器
  http://www.docker-cn.com/registry-mirror
支持两种方式同时使用
 
~]# mkdir -p /etc/docker
~]# tee /etc/docker/daemon.json <<-'EOF'
{
  "registry-mirrors": ["https://xr8r3tc3.mirror.aliyuncs.com","https://registry.docker-cn.com"]
}
EOF
[root@centos7 ~]# systemctl daemon-reload
[root@centos7 ~]# systemctl restart docker
 
5.###################查看docker客户端版本和服务端版本############
#查看版本信息
~]# docker version
Client: #客户端版本
 Version:           18.09.0
 API version:       1.39
 Go version:        go1.10.4
 Git commit:        4d60db4
 Built:             Wed Nov  7 00:48:22 2018
 OS/Arch:           linux/amd64
 Experimental:      false
 
Server: Docker Engine - Community #服务端版本
 Engine:
  Version:          18.09.0
  API version:      1.39 (minimum version 1.12)
  Go version:       go1.10.4
  Git commit:       4d60db4
  Built:            Wed Nov  7 00:19:08 2018
  OS/Arch:          linux/amd64
  Experimental:     false
 
#查看更详细的docker环境信息
~]# docker info
Containers: 0 #系统上总共有多少个容器
 Running: 0 #容器运行态个数
 Paused: 0  #容器暂停态个数
 Stopped: 0 #容器停止态个数
Images: 0 #当前系统上镜像的个数
Server Version: 18.09.0
Storage Driver: overlay2  #存储驱动
 Backing Filesystem: xfs  #放置在本地的文件系统的格式，建议使用xfs
 Supports d_type: true
 Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs #资源配额功能，需要的虚拟文件系统格式
Plugins:  #插件
 Volume: local  #存储卷的插件，仅支持本地
 Network: bridge host macvlan null overlay  #网络插件，支持桥接、主机、叠加、不使用等
 Log: awslogs fluentd gcplogs gelf journald  json-file local logentries splunk syslog #日志系统插件
Swarm: inactive #集群管理工具
Runtimes: runc  #运行时环境
Default Runtime: runc
Init Binary: docker-init
containerd version: c4446665cb9c30056f4998ed953e6d4ff22c7c39
runc version: 4fc53a81fb7c994640722ac585fa9ca548971871
init version: fec3683
Security Options:
 seccomp
  Profile: default
Kernel Version: 3.10.0-862.el7.x86_64
Operating System: CentOS Linux 7 (Core)
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 1.779GiB
Name: centos7.com
ID: CUT4:A7LF:QJ4B:OORH:POA7:AZ7I:SWFT:7F4H:YKBQ:YFXH:BBBV:WGNQ
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
 127.0.0.0/8
Registry Mirrors: #镜像加速服务
 https://xr8r3tc3.mirror.aliyuncs.com/
Live Restore Enabled: false
Product License: Community Engine

1.3、Docker Harbor搭建

#Harbor服务传输使用的也是https协议传输，可以将此功能关掉,生产中若使用Harbor建议启用https加密以及从节点复制功能。
港口可以通过以下三种方法之一安装：
    1.在线安装程序：安装程序从Docker hub下载Harbor的图像。因此，安装程序的尺寸非常小。
    2.脱机安装程序：当主机没有Internet连接时使用此安装程序。安装程序包含预先构建的图像，因此其大小更大。
 
安装步骤归结为以下内容：
    1.下载安装程序
    2.配置harbor.cfg
        配置参数位于文件harbor.cfg中。
        在harbor.cfg中有两类参数，必需参数和可选参数
    3.运行install.sh安装并启动Harbor

1.安装docker-compose(epel源)
    [root@centos7 ~]# yum install docker-compose
 
2.下载离线安装程序包，并解压
    下载地址：https://storage.googleapis.com/harbor-releases/release-1.7.0/harbor-offline-installer-v1.7.0.tgz
    [root@centos7 local]# pwd
    /usr/local
    [root@centos7 local]# tar xvf harbor-offline-installer-v1.7.0.tgz
 
3.编辑harbor配置文件、并运行装载harbor（详细设置参考github中harbor安装手册）
    [root@centos7 harbor]# pwd
    /usr/local/harbor
    [root@centos7 harbor]# vim harbor.cfg
    8行 hostname = 本地IP                             #因为是本地搭建，不是云搭建，这里填写内网地址
    [root@centos7 harbor]# systemctl start docker     #运行 ./install.sh 前确保docker已经启动
    [root@centos7 harbor]# pwd
    /usr/local/harbor
    [root@centos7 harbor]# ./install.sh
    [root@centos7 harbor]# docker image ls     #可以查看默认的离线下载下来的镜像
  
 4.此时默认的运行的https容器已经启动，以及访问查看
    [root@centos7 harbor]# ss -tnl            #监听的端口默认映射为宿主机的端口
        LISTEN      0      128            :::80                         :::*    
        LISTEN      0      128            :::443                        :::*                 
        LISTEN      0      128            :::4443                       :::*   
  
 5.web页面访问如下
     http://172.18.135.2/harbor/sign-in
    #使用默认的账号和密码登陆
    账号admin
    密码Harbor12345
 
 
 
 
6、遇到的问题
   其他主机推送镜像到harbor报错
~]# docker login 192.168.20.248
Username: admin
Password:
Error response from daemon: Get https://192.168.20.248/v2/: dial tcp 192.168.20.248:443: connect: connection refused
 
解决方法
harbor]# vim /etc/systemd/system/multi-user.target.wants/docker.service
[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStart=/usr/bin/dockerd --insecure-registry 192.168.20.248 -H fd:// --containerd=/run/containerd/containerd.sock   #修改项
ExecReload=/bin/kill -s HUP $MAINPID
 
7、再次登陆测试
multi-user.target.wants]# docker login 192.168.20.248
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
 
 
8.推送镜像到自己创建的harbor仓库中
    [root@centos7 harbor]# vim /etc/docker/daemon.json
    {
     "registry-mirrors": ["https://xr8r3tc3.mirror.aliyuncs.com"], 
     #"insecure-registries":["www.centos7.com"]
    }
    [root@centos7 harbor]# systemctl restart docker
  
 查看本地已有的镜像
    [root@centos7 harbor]# docker image ls
    REPOSITORY                      TAG                 IMAGE ID            CREATED             SIZE
    goharbor/harbor-db              v1.7.0              45d94fe5fee5        3 weeks ago         133MB
 
    打标签
    [root@centos7 harbor]# docker tag goharbor/harbor-db:v1.7.0 192.168.20.248/public/harbor:v0.1
 
    登陆、推送到harbor
    [root@centos7 harbor]# docker login www.centos7.com
    Username: daizhe
    Password:
    WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
    Configure a credential helper to remove this warning. See
    https://docs.docker.com/engine/reference/commandline/login/#credentials-store
    Login Succeeded
    [root@centos7 harbor]# docker push 192.168.20.248/public/harbor:v0.1
 
 
9、如果其余的用户登陆不上请修改一下配置
vim /etc/default/docker
OPTIONS='--selinux-enabled --log-driver=journald --signature-verification=false --insecure-registry=192.168.20.248'
 
 
10、其他docker端想要直接使用此本地镜像仓库需要修改docker-unitfile
~]# cat /lib/systemd/system/docker.service
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
BindsTo=containerd.service
After=network-online.target firewalld.service containerd.service
Wants=network-online.target
Requires=docker.socket
 
[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --insecure-registry=192.168.20.248 \
     -H tcp://0.0.0.0:2375 -H unix:///var/run/docker.sock
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always
ExecStartPost=/usr/sbin/iptables -P FORWARD ACCEPT