Ubuntu单台安装harbor

Ubuntu单台安装harbor

docker镜像加速配置

docker镜像官方的下载站点是:https://hub.docker.com/

从国内下载官方的镜像站点有时候很慢,因此可以更改docker配置文件添加一个加速器,可以通过加速器达到加速下载镜像的目的。

image

国内有很多公司提供了加速服务,这里以阿里云为例。

其它公司还有:

网易云:http://hub-mirror.c.163.com

腾讯云:http://mirror.ccs.tencentyun.com

浏览器打开https://cr.console.aliyun.com,注册或登录阿里云账号,找到专属自己的加速地址

右侧有操作文档

sudo mkdir -p /etc/docker
sudo tee /etc/docker/daemon.json <<-'EOF'
{
  "registry-mirrors": ["阿里云镜像加速地址"]
}
EOF
sudo systemctl daemon-reload
sudo systemctl restart docker

Docker之分布式仓库Harbor

harbor官方网址:https://goharbor.io/

harbor官方文档:https://goharbor.io/docs/2.2.0/

harbor官方github地址:https://github.com/goharbor/harbor

harbor官方github文档:https://github.com/goharbor/harbor/tree/master/docs

Harbor功能官方介绍

Harbor组成

在这里插入图片描述

安装Harbor

下载地址:https://github.com/goharbor/harbor/releases

安装文档:https://goharbor.io/docs/2.2.0/install-config/

环境准备:共四台主机

  • 两台主机harbor服

  • 两台主机docker客户端上传和下载镜像

1 先安装docker compose

docker compose必须先于harbor安装,否则会报错

github地址:https://github.com/docker/compose/releases

利用pip安装docker-compose

root@root:~# sudo apt-get -y install python3-pip
root@root:~# pip3 install docker-compose
root@root:~# docker-compose --version
docker-compose version 1.29.2, build unknown

2 下载harbor包

harbor下载网址:https://github.com/goharbor/harbor/releases

最新包是 v2.1.5,下载地址如下:

https://github.com/goharbor/harbor/releases/download/v2.1.5/harbor-online-installer-v2.1.5.tgz

将下载的包解压到指定目录:

root@root:~# mkdir /apps
root@root:~# tar zxf /root/harbor-offline-installer-v2.1.5.tgz -C /apps/
root@root:~# ll /apps/harbor/
total 552808
drwxr-xr-x 2 root root      4096 May 14 09:53 ./
drwxr-xr-x 3 root root      4096 May 14 09:53 ../
-rw-r--r-- 1 root root      3361 Apr 22 09:28 common.sh
-rw-r--r-- 1 root root 566029331 Apr 22 09:29 harbor.v2.1.5.tar.gz
-rw-r--r-- 1 root root      8136 Apr 22 09:28 harbor.yml.tmpl
-rwxr-xr-x 1 root root      2523 Apr 22 09:28 install.sh*
-rw-r--r-- 1 root root     11347 Apr 22 09:28 LICENSE
-rwxr-xr-x 1 root root      1881 Apr 22 09:28 prepare*
root@root:~# cp /apps/harbor/harbor.yml.tmpl /apps/harbor/harbor.yml
root@root:~# ll /apps/harbor/
total 552816
drwxr-xr-x 2 root root      4096 May 14 09:57 ./
drwxr-xr-x 3 root root      4096 May 14 09:53 ../
-rw-r--r-- 1 root root      3361 Apr 22 09:28 common.sh
-rw-r--r-- 1 root root 566029331 Apr 22 09:29 harbor.v2.1.5.tar.gz
-rw-r--r-- 1 root root      8136 May 14 09:57 harbor.yml
-rw-r--r-- 1 root root      8136 Apr 22 09:28 harbor.yml.tmpl
-rwxr-xr-x 1 root root      2523 Apr 22 09:28 install.sh*
-rw-r--r-- 1 root root     11347 Apr 22 09:28 LICENSE
-rwxr-xr-x 1 root root      1881 Apr 22 09:28 prepare*

/apps/harbor/harbor.yml 的配置里边以下几处地方要注意:

hostname: harbor1.xingyu.com

......

certificate: /data/cert/server.crt
private_key: /data/cert/server.key

harbor_admin_password: Harbor12345
database:
password: root123

/apps/harbor/harbor.yml 全部配置如下:

hostname: harbor1.xingyu.com
http:
  port: 80
https:
  port: 443
  certificate: /data/cert/server.crt
  private_key: /data/cert/server.key
harbor_admin_password: Harbor12345
database:
  password: root123
  max_idle_conns: 50
  max_open_conns: 1000
data_volume: /data
clair:
  updaters_interval: 12
trivy:
  ignore_unfixed: false
  skip_update: false
  insecure: false
jobservice:
  max_job_workers: 10
notification:
  webhook_job_max_retry: 10
chart:
  absolute_url: disabled
log:
  level: info
  local:
    rotate_count: 50
    rotate_size: 200M
    location: /var/log/harbor
_version: 2.0.0
proxy:
  http_proxy:
  https_proxy:
  no_proxy:
  components:
    - core
    - jobservice
    - clair
    - trivy

安装python3环境:

sudo apt-get -y install python

配置对Harbor的HTTPS访问

https://goharbor.io/docs/2.2.0/install-config/configure-https/

3 生成证书颁发机构证书

在生产环境中,您应该从CA获得证书。在测试或开发环境中,您可以生成自己的CA。要生成CA证书,请运行以下命令。

  1. 生成CA证书私钥。

    openssl genrsa -out server.key 4096
    
  2. 生成CA证书。

    调整-subj选项中的值以反映您的组织。如果使用FQDN连接Harbor主机,则必须将其指定为通用名称(CN)属性。

    openssl req -x509 -new -nodes -sha512 -days 3650 \
     -subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=yourdomain.com" \
     -key server.key \
     -out server.crt
    

证书位置如下:

root@root:~# ll /data/cert/
total 16
drwxr-xr-x 2 root root 4096 May 14 10:38 ./
drwxr-xr-x 9 root root 4096 May 14 10:39 ../
-rw-r--r-- 1 root root 2053 May 14 10:38 server.crt
-rw------- 1 root root 3247 May 14 10:38 server.key

4 harbor安装

/apps/harbor/install.sh

查看安装的容器:

root@root:/apps/harbor# docker ps
CONTAINER ID   IMAGE                                COMMAND                  CREATED          STATUS                             PORTS                                                                            NAMES
4ef391aeeee8   goharbor/harbor-jobservice:v2.1.5    "/harbor/entrypoint.…"   25 seconds ago   Up 24 seconds (health: starting)                                                                                    harbor-jobservice
b9a8b06f66c5   goharbor/nginx-photon:v2.1.5         "nginx -g 'daemon of…"   25 seconds ago   Up 24 seconds (health: starting)   0.0.0.0:80->8080/tcp, :::80->8080/tcp, 0.0.0.0:443->8443/tcp, :::443->8443/tcp   nginx
5acc2e942e5d   goharbor/harbor-core:v2.1.5          "/harbor/entrypoint.…"   25 seconds ago   Up 24 seconds (health: starting)                                                                                    harbor-core
a799c3bf0109   goharbor/redis-photon:v2.1.5         "redis-server /etc/r…"   27 seconds ago   Up 25 seconds (health: starting)                                                                                    redis
b953006e7771   goharbor/harbor-portal:v2.1.5        "nginx -g 'daemon of…"   27 seconds ago   Up 26 seconds (health: starting)                                                                                    harbor-portal
e5d46ae92408   goharbor/harbor-registryctl:v2.1.5   "/home/harbor/start.…"   27 seconds ago   Up 25 seconds (health: starting)                                                                                    registryctl
0a600373e9c1   goharbor/registry-photon:v2.1.5      "/home/harbor/entryp…"   27 seconds ago   Up 25 seconds (health: starting)                                                                                    registry
b7fea4d450e6   goharbor/harbor-db:v2.1.5            "/docker-entrypoint.…"   27 seconds ago   Up 25 seconds (health: starting)                                                                                    harbor-db
50eaf472c2c2   goharbor/harbor-log:v2.1.5           "/bin/sh -c /usr/loc…"   28 seconds ago   Up 27 seconds (health: starting)   127.0.0.1:1514->10514/tcp 

5 实现开机自启动harbor

方法1:通过service文件实现

root@root:~# vim /lib/systemd/system/harbor.service

[Unit]
Description=Harbor
After=docker.service systemd-networkd.service systemd-resolved.service
Requires=docker.service
Documentation=http://github.com/vmware/harbor
[Service]
Type=simple
Restart=on-failure
RestartSec=5
ExecStart=/usr/local/bin/docker-compose -f /apps/harbor/docker-compose.yml up
ExecStop=/usr/local/bin/docker-compose -f /apps/harbor/docker-compose.yml down
[Install]
WantedBy=multi-user.target

设置开机启动

root@root:~# systemctl daemon-reload
root@root:~# systemctl enable harbor
Created symlink /etc/systemd/system/multi-user.target.wants/harbor.service → /lib/systemd/system/harbor.service.

方法2:通过rc.local实现

vim /etc/rc.local

#!/bin/bash
cd /apps/harbor
/usr/local/bin/docker-compose up

添加执行权限

chmod +x /etc/rc.local

找到一台windows客户端,修改hosts文件:

image

用浏览器访问:https://harbor1.xingyu.com/

image

登录后的界面:
image

使用单主机harbor

建立项目

harbor上必须先建立项目,才能上传镜像

image

image

在客户端用命令行登录harbor

在客户端1上,配置hosts文件:

vim /etc/hosts

192.168.1.114 harbor1.xingyu.com
192.168.1.116 harbor2.xingyu.com

在客户端1上,修改docker.service文件:

vim /lib/systemd/system/docker.service

ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --insecure-registry harbor1.xingyu.com --insecure-registry harbor2.xingyu.com

重启docker服务:

root@root:~# systemctl daemon-reload
root@root:~# systemctl restart docker

先从docker官方镜像地址下载alpine:

docker官方镜像地址:https://hub.docker.com/

root@root:~# docker pull alpine:3.13.5
3.13.5: Pulling from library/alpine
540db60ca938: Pull complete 
Digest: sha256:69e70a79f2d41ab5d637de98c1e0b055206ba40a8145e7bddb55ccc04e13cf8f
Status: Downloaded newer image for alpine:3.13.5
docker.io/library/alpine:3.13.5
root@root:~# docker images
REPOSITORY   TAG       IMAGE ID       CREATED       SIZE
alpine       3.13.5    6dbb9cc54074   4 weeks ago   5.61MB

用命令行登录harbor:

root@root:~# docker login harbor1.xingyu.com
Username: admin
Password: 
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

查看进程是否添加上面设置

ps aux |grep dockerd

root@root:~# ps aux |grep dockerd
root      245989  0.0  2.2 1021000 90456 ?       Ssl  11:11   0:00 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --insecure-registry harbor1.xingyu.com --insecure-registry harbor2.xingyu.com

查看docker存储的密码文件:

root@root:~# cat /root/.docker/config.json
{
	"auths": {
		"harbor1.xingyu.com": {
			"auth": "YWRtaW46SGFyYm9yMTIzNDU="
		}
	}
}

从客户端上传镜像

给本地镜像打标签并上传到harbor

修改images的名称,不修改无法上传到harbor仓库

格式为:

harbor主机IP/项目名/image名字:版本

范例:

上传镜像前,必须先登录harbor

操作上边有

root@root:~# docker tag alpine:3.13.5 harbor1.xingyu.com/xiangmu/alpine:3.13.5
root@root:~# docker images
REPOSITORY                          TAG       IMAGE ID       CREATED       SIZE
alpine                              3.13.5    6dbb9cc54074   4 weeks ago   5.61MB
harbor1.xingyu.com/xiangmu/alpine   3.13.5    6dbb9cc54074   4 weeks ago   5.61MB
root@root:~# docker push harbor1.xingyu.com/xiangmu/alpine:3.13.5
The push refers to repository [harbor1.xingyu.com/xiangmu/alpine]
b2d5eeeaba3a: Pushed 
3.13.5: digest: sha256:def822f9851ca422481ec6fee59a9966f12b351c62ccb9aca841526ffaa9f748 size: 528

访问harbor网站验证上传镜像成功

image

可看到操作的日志记录

image

从客户端下载镜像

在客户端2上无需登录,即可下载镜像

下载前必须修改docker的service文件,加入harbor服务器的地址才可以下载

在客户端2上,配置hosts文件:

vim /etc/hosts

192.168.1.114 harbor1.xingyu.com
192.168.1.116 harbor2.xingyu.com

在客户端2上,修改docker.service文件:

vim /lib/systemd/system/docker.service

ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --insecure-registry harbor1.xingyu.com --insecure-registry harbor2.xingyu.com

重启docker服务:

root@root:~# systemctl daemon-reload
root@root:~# systemctl restart docker
root@root:~# docker images
REPOSITORY   TAG       IMAGE ID   CREATED   SIZE

从harbor仓库下载镜像:

root@root:~# docker pull harbor1.xingyu.com/xiangmu/alpine:3.13.5
3.13.5: Pulling from xiangmu/alpine
540db60ca938: Pull complete 
Digest: sha256:def822f9851ca422481ec6fee59a9966f12b351c62ccb9aca841526ffaa9f748
Status: Downloaded newer image for harbor1.xingyu.com/xiangmu/alpine:3.13.5
harbor1.xingyu.com/xiangmu/alpine:3.13.5
root@root:~# docker images
REPOSITORY                          TAG       IMAGE ID       CREATED       SIZE
harbor1.xingyu.com/xiangmu/alpine   3.13.5    6dbb9cc54074   4 weeks ago   5.61MB
posted @ 2021-05-14 18:56  jianchen013  阅读(131)  评论(0编辑  收藏  举报