私有仓库harbor安装包括https
1. 下载离线的 harbor gz包
wget https://github.com/vmware/harbor/releases/download/v1.2.0/harbor-offline-installer-v1.2.0.tgz -O harbor-offline-installer-v1.2.0.tgz
2. 安装docker-compose
(1). 使用pip安装
使用 epel.repo 源
yum install python-pip
pip install --upgrade pip
pip install docker-compose
(2). 使用 yum直接安装
yum install -y docker-compose
由于docker-compose 版本过高引起的,所有卸载,安装 1.7.1版本
卸载 [root@iZrj9ftygu3aq014t90o08Z harbor]# pip uninstall docker-compose [root@iZrj9ftygu3aq014t90o08Z harbor]# pip install docker-compose==1.7.1
3. 解压进入到harbor 文件夹修改 hostname,其他配置可以不动
修改主机名
禁止harbor注册
4. 执行: ./install
5. 访问
6. 维护操作
比如使用https,那么
关闭 docker-compose down -v
修改 harbor配置文件,
运行 ./prepare
启动 : docker-compose up -d
######################################################################################################
harbor 配置https 登录,避免使用 在docker 配置文件中再次添加 -insecure-registry 参数
1. 生成证书
localdomain=docker.senyint.com openssl req -nodes -subj "/C=CN/ST=BeiJing/L=ChaoYang/CN=$localdomain" -newkey rsa:2048 -keyout $localdomain.key -out $localdomain.csr openssl x509 -req -days 10000 -in $localdomain.csr -signkey $localdomain.key -out $localdomain.crt openssl x509 -req -in $localdomain.csr -CA $localdomain.crt -CAkey $localdomain.key -CAcreateserial -out $localdomain.crt -days 10000
2. harbor服务器进行操作 docker cert.d 目录建立 登录域名的文件夹,并且把ca拷贝到目录中
mkdir /etc/docker/certs.d/docker.senyint.com/
cp /data/cert/docker.senyint.com.crt /etc/docker/certs.d/docker.senyint.com/ca.crt
3.修改配置文件, 把http 修改成 https
hostname = docker.senyint.com ui_url_protocol = https db_password = root123 max_job_workers = 3 customize_crt = off ssl_cert = /data/cert/docker.senyint.com.crt ssl_cert_key = /data/cert/docker.senyint.com.key secretkey_path = /data admiral_url = NA clair_db_password = password email_identity = email_server = smtp.mydomain.com email_server_port = 25 email_username = sample_admin@mydomain.com email_password = abc email_from = admin <sample_admin@mydomain.com> email_ssl = false harbor_admin_password = admin auth_mode = db_auth ldap_url = ldaps://ldap.mydomain.com ldap_basedn = ou=people,dc=mydomain,dc=com ldap_uid = uid ldap_scope = 3 ldap_timeout = 5 self_registration = on token_expiration = 30 project_creation_restriction = everyone verify_remote_cert = on
[root@harbor harbor]# cd /data/harbor
[root@harbor harbor]# ./install
[root@harbor harbor]# docker login docker.senyint.com
Username: admin
Password:
Login Succeeded
查看保存的登录认证信息
[root@harbor docker.senyint.com]# cat /root/.docker/config.json { "auths": { "docker.senyint.com": { "auth": "YWRtaW46YWRtaW4=" } } }
测试上传镜像,先打tag , 注意一定要登录https://docker.senyint.com 建立项目名称
[root@harbor harbor]# docker tag photon:1.0 docker.senyint.com/senyint/photon:1.0 [root@harbor harbor]# docker pull docker.senyint.com/senyint/photon:1.0
docker服务器进行操作
1. docker cert.d 目录建立 登录域名的文件夹,并且把ca拷贝到目录中
[root@openfalcon_mysql docker.senyint.com]# mkdir /etc/docker/certs.d/docker.senyint.com/
[root@openfalcon_mysql docker.senyint.com]# scp docker.senyint.com:/etc/docker/certs.d/docker.senyint.com/ca.crt /etc/docker/certs.d/docker.senyint.com/ca.crt
2.登录一下docker.senyint.com 服务器,把认证信息保存在/root/.docker/config.json
[root@openfalcon_mysql docker.senyint.com]# docker login docker.senyint.com
Username: admin
Password:
Login Succeeded
3. 测试拉取镜像
[root@openfalcon_mysql docker.senyint.com]# docker pull docker.senyint.com/senyint/busybox Using default tag: latest Trying to pull repository docker.senyint.com/senyint/busybox ... latest: Pulling from docker.senyint.com/senyint/busybox fb46b04c527d: Pull complete Digest: sha256:cb845cc8a7838ec7a4bcc3ace4084318773798c1bb8fe11b34b06204d8be9a9b
harbor 镜像删除与空间回收
1. 在管理页面裸机上删除镜像
2. 关闭harbor所有容器
docker-compose stop
3. 查看registry 镜像
[root@ceonts-ceph-01 harbor]# docker images vmware/registry REPOSITORY TAG IMAGE ID CREATED SIZE vmware/registry 2.6.2-photon c38af846a0da 11 months ago 240MB
4. 查看要删除的镜像, /etc/registry/config.yml 没有这个文件
docker run -it --name gc --rm --volumes-from registry vmware/registry:2.6.2-photon garbage-collect --dry-run /etc/registry/config.yml
5. 删除镜像
docker run -it --name gc --rm --volumes-from registry vmware/registry:2.6.2-photon garbage-collect /etc/registry/config.yml
6. 查看/data/registry大小
7. 启动镜像
docker-compose start