docker开源仓库Harbor部署笔记
Harbor介绍
Harbor是Vmvare团队开发的开源企业级registry仓库,相比docker官方拥有更丰富的权限权利和完善的架构设计,适用大规模docker集群部署提供仓库服务。
项目地址:https://github.com/vmware/harbor
环境说明:
ip地址: 10.20.9.223 系统版本: CentOS Linux release 7.3
1、关闭防火墙:
#systemctl disable firewalld.service
#systemctl stop firewalld.service
2、设置主机名:
#hostnamectl --static set-hostname docker-Harbor-registry
3、安装docker:
# yum install docker -y
4、安装compose
Harbor是通过docker的compose项目部署的,需要安装compose,幸好compost 在git上提供了安装指令:
# curl -L https://github.com/docker/compose/releases/download/1.18.0/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose # chmod +x /usr/local/bin/docker-compose #设置执行权限 # docker-compose --version #查看安装是否程成功 docker-compose version 1.18.0, build 8dd22a9
5、Harbor软件安装
#wget http://harbor.orientsoft.cn/harbor-v1.3.0-rc4/harbor-offline-installer-v1.3.0-rc4.tgz 解压文件 #tar -zxf harbor-offline-installer-v1.3.0-rc4.tgz -C /usr/local
#解压后的文件夹是harbor
解压完成后:修改配置文件harbor.conf,主要就是hostname修改
此处我们只修改hostname=10.20.9.223(私有仓库主机ip)
安装
[root@docker-Harbor-registry harbor]# ./install.sh he configuration files are ready, please use docker-compose to start the service. Creating harbor-log ... done [Step 3]: checking existing instance of Harbor ... Creating registry ... done Creating harbor-ui ... done Creating network "harbor_harbor" with the default driver Creating nginx ... done Creating harbor-db ... Creating registry ... Creating harbor-adminserver ... Creating harbor-ui ... Creating nginx ... Creating harbor-jobservice ... ? ----Harbor has been installed and started successfully.---- Now you should be able to visit the admin portal at http://10.20.9.223. For more details, please visit https://github.com/vmware/harbor . [root@docker-Harbor-registry harbor]#
此时我们可以在浏览器中输入:http://10.20.9.223进入harbor web管理后台,默认的帐号密码是admin, Harbor12345(如果你没有修改harbor.cfg中的harbor_admin_password)
6、查看是否启动成功(执行命令要切换到harbor的安装目录执行,本例中为/usr/local/harbor):
[root@docker-Harbor-registry harbor]# docker-compose ps Name Command State Ports ------------------------------------------------------------------------------------------------------------------------------ harbor-adminserver /harbor/start.sh Up harbor-db /usr/local/bin/docker-entr ... Up 3306/tcp harbor-jobservice /harbor/start.sh Up harbor-log /bin/sh -c /usr/local/bin/ ... Up 127.0.0.1:1514->10514/tcp harbor-ui /harbor/start.sh Up nginx nginx -g daemon off; Up 0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp, 0.0.0.0:80->80/tcp registry /entrypoint.sh serve /etc/ ... Up 5000/tcp [root@docker-Harbor-registry harbor]#
使用命令行登录harbor镜像仓库时,报错如下:
[root@docker-Harbor-registry harbor]# docker login 10.20.9.223 Username: admin Password: Error response from daemon: Get https://10.20.9.223/v1/users/: dial tcp 10.20.9.223:443: getsockopt: connection refused [root@docker-Harbor-registry harbor]#
解决方案:修改docekr文件参数
# vim /etc/sysconfig/docker 添加如下参数: OPTIONS='--insecure-registry=10.20.9.223'
或者修改/etc/docker/daemon.json文件也可以
vim /etc/docker/daemon.json { "insecure-registries":["10.20.9.223"] }
或者修改 /usr/lib/systemd/system/docker.service即可,三者选其一即可.
ExecStart=/usr/bin/dockerd-current \ --add-registry=10.20.9.223 --insecure-registry=10.20.9.223 #在ExecStart=/usr/bin/dockerd-current出添加-add-registry和--insecure-registry参数.
使用docker info验证:
执行:
# docker info
输出最后一行有:
Registries: 10.20.9.223 (insecure), docker.io (secure)
重启docker服务
# systemctl daemon-reload
# systemctl restart docker.service
重启harbor服务
[root@docker-Harbor-registry harbor]# docker-compose restart
再次登录
[root@docker-Harbor-registry harbor]# docker login 10.20.9.223 Username: admin Password: Login Succeeded [root@docker-Harbor-registry harbor]#
至此Harbor仓库部署完成,Harbor web访问访问也是正常的.
二、推送测试:将本地镜像推送到docker私有仓库:
1、向Harbor推一个镜像:
1.首先登录Harbor的web界面并创建一个项目common.org 需要把项目设为公开 然后把需要上传的镜像命名为 ip:端口/项目名/镜像名:版本号 必须谨记。
2、查看本地的镜像:
[root@docker-node ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE docker.io/mysql latest a8a59477268d 2 weeks ago 445 MB docker.io/nginx latest ae513a47849c 3 weeks ago 109 MB docker.io/centos latest e934aafc2206 6 weeks ago 199 MB
3.给centos镜像打tag:
# docker tag docker.io/centos:latest 10.20.9.223/common.org/centos7:latest
4、推送至Harbor:
[root@docker-Harbor-registry ~]# docker push 10.20.9.223/common.org/centos7:latest The push refers to a repository [10.20.9.223/common.org/centos7] 43e653f84b79: Pushed latest: digest: sha256:191c883e479a7da2362b2d54c0840b2e8981e5ab62e11ab925abf8808d3d5d44 size: 529 [root@docker-Harbor-registry ~]#
5、登录Harbor web页面查看common.org项目下的镜像,如果common.org目录下存在centos7镜像,则说明推送成功.
三、从Harbor私有仓库上拉取一个镜像到客户机.
如果其他主机要拉取harbor仓库的镜像,也需要修改docker的配置文件,添加如下参数即可,并重启服务,其中ip为harbor仓库的地址.
# vim /etc/sysconfig/docker OPTIONS='--insecure-registry=10.20.9.223'
在客户端机器登陆harbor服务器,如果认证成功,即可以上传下载.
[root@dockr-client~]# docker login 10.20.9.223 Username (admin): admin Password: Login Succeeded [root@dockr-client~]#
执行拉取镜像命令:
[root@docker-node ~]# docker pull 10.20.9.223/common.org/centos7:latest Trying to pull repository 10.20.9.223/common.org/centos7 ... latest: Pulling from 10.20.9.223/common.org/centos7 Digest: sha256:191c883e479a7da2362b2d54c0840b2e8981e5ab62e11ab925abf8808d3d5d44 Status: Image is up to date for 10.20.9.223/common.org/centos7:latest [root@docker-node ~]#
如果想查看harbor仓库的有哪些镜像,直接在http://10.20.9.223/harbor 界面就可以搜索到镜像列表.
参考文档:
https://blog.csdn.net/cuipengchong/article/details/68496627
http://www.cnblogs.com/netsa/p/8124708.html
https://www.cnblogs.com/hh2737/p/7483855.html
https://www.cnblogs.com/Javame/p/7389093.html