docker开源仓库Harbor部署笔记

Harbor介绍
Harbor是Vmvare团队开发的开源企业级registry仓库,相比docker官方拥有更丰富的权限权利和完善的架构设计,适用大规模docker集群部署提供仓库服务。
项目地址:https://github.com/vmware/harbor

环境说明:

ip地址: 10.20.9.223
系统版本: CentOS Linux release 7.3

1、关闭防火墙:

#systemctl disable firewalld.service
#systemctl stop firewalld.service

2、设置主机名:

#hostnamectl --static set-hostname  docker-Harbor-registry

3、安装docker:

# yum install docker -y

4、安装compose

Harbor是通过docker的compose项目部署的,需要安装compose,幸好compost 在git上提供了安装指令:

# curl -L https://github.com/docker/compose/releases/download/1.18.0/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose

# chmod +x /usr/local/bin/docker-compose   #设置执行权限
# docker-compose --version  #查看安装是否程成功
docker-compose version 1.18.0, build 8dd22a9

5、Harbor软件安装

#wget http://harbor.orientsoft.cn/harbor-v1.3.0-rc4/harbor-offline-installer-v1.3.0-rc4.tgz
解压文件
#tar -zxf harbor-offline-installer-v1.3.0-rc4.tgz -C /usr/local

#解压后的文件夹是harbor

解压完成后:修改配置文件harbor.conf,主要就是hostname修改

此处我们只修改hostname=10.20.9.223(私有仓库主机ip)

安装

[root@docker-Harbor-registry harbor]# ./install.sh 

he configuration files are ready, please use docker-compose to start the service.

Creating harbor-log ... done
[Step 3]: checking existing instance of Harbor ...

Creating registry ... done
Creating harbor-ui ... done
Creating network "harbor_harbor" with the default driver
Creating nginx ... done
Creating harbor-db ... 
Creating registry ... 
Creating harbor-adminserver ... 
Creating harbor-ui ... 
Creating nginx ... 
Creating harbor-jobservice ... 

? ----Harbor has been installed and started successfully.----

Now you should be able to visit the admin portal at http://10.20.9.223. 
For more details, please visit https://github.com/vmware/harbor .

[root@docker-Harbor-registry harbor]# 

此时我们可以在浏览器中输入:http://10.20.9.223进入harbor web管理后台,默认的帐号密码是admin, Harbor12345(如果你没有修改harbor.cfg中的harbor_admin_password)

6、查看是否启动成功(执行命令要切换到harbor的安装目录执行,本例中为/usr/local/harbor):

[root@docker-Harbor-registry harbor]# docker-compose ps
       Name                     Command               State                                Ports                              
------------------------------------------------------------------------------------------------------------------------------
harbor-adminserver   /harbor/start.sh                 Up                                                                      
harbor-db            /usr/local/bin/docker-entr ...   Up      3306/tcp                                                        
harbor-jobservice    /harbor/start.sh                 Up                                                                      
harbor-log           /bin/sh -c /usr/local/bin/ ...   Up      127.0.0.1:1514->10514/tcp                                       
harbor-ui            /harbor/start.sh                 Up                                                                      
nginx                nginx -g daemon off;             Up      0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp, 0.0.0.0:80->80/tcp
registry             /entrypoint.sh serve /etc/ ...   Up      5000/tcp                                                        
[root@docker-Harbor-registry harbor]# 

使用命令行登录harbor镜像仓库时,报错如下:

[root@docker-Harbor-registry harbor]# docker login 10.20.9.223
Username: admin
Password: 
Error response from daemon: Get https://10.20.9.223/v1/users/: dial tcp 10.20.9.223:443: getsockopt: connection refused
[root@docker-Harbor-registry harbor]# 

解决方案:修改docekr文件参数

# vim /etc/sysconfig/docker 添加如下参数:

OPTIONS='--insecure-registry=10.20.9.223'

或者修改/etc/docker/daemon.json文件也可以

vim /etc/docker/daemon.json 
{ "insecure-registries":["10.20.9.223"] }

或者修改 /usr/lib/systemd/system/docker.service即可,三者选其一即可.

ExecStart=/usr/bin/dockerd-current \
          --add-registry=10.20.9.223 --insecure-registry=10.20.9.223
#在ExecStart=/usr/bin/dockerd-current出添加-add-registry和--insecure-registry参数.

使用docker info验证:

执行:

# docker info

输出最后一行有:

Registries: 10.20.9.223 (insecure), docker.io (secure)

重启docker服务

# systemctl daemon-reload
# systemctl restart docker.service

重启harbor服务

[root@docker-Harbor-registry harbor]# docker-compose restart

再次登录

[root@docker-Harbor-registry harbor]# docker login 10.20.9.223
Username: admin
Password: 
Login Succeeded
[root@docker-Harbor-registry harbor]# 

至此Harbor仓库部署完成,Harbor web访问访问也是正常的.

二、推送测试:将本地镜像推送到docker私有仓库:

1、向Harbor推一个镜像:

1.首先登录Harbor的web界面并创建一个项目common.org
需要把项目设为公开
然后把需要上传的镜像命名为 ip:端口/项目名/镜像名:版本号 必须谨记。

2、查看本地的镜像:

[root@docker-node ~]# docker images
REPOSITORY                                            TAG                 IMAGE ID            CREATED             SIZE
docker.io/mysql                                       latest              a8a59477268d        2 weeks ago         445 MB
docker.io/nginx                                       latest              ae513a47849c        3 weeks ago         109 MB
docker.io/centos                                      latest              e934aafc2206        6 weeks ago         199 MB

3.给centos镜像打tag:

# docker tag docker.io/centos:latest 10.20.9.223/common.org/centos7:latest

4、推送至Harbor:

[root@docker-Harbor-registry ~]# docker push 10.20.9.223/common.org/centos7:latest
The push refers to a repository [10.20.9.223/common.org/centos7]
43e653f84b79: Pushed 
latest: digest: sha256:191c883e479a7da2362b2d54c0840b2e8981e5ab62e11ab925abf8808d3d5d44 size: 529
[root@docker-Harbor-registry ~]# 

5、登录Harbor web页面查看common.org项目下的镜像,如果common.org目录下存在centos7镜像,则说明推送成功.

三、从Harbor私有仓库上拉取一个镜像到客户机.

如果其他主机要拉取harbor仓库的镜像,也需要修改docker的配置文件,添加如下参数即可,并重启服务,其中ip为harbor仓库的地址.

# vim /etc/sysconfig/docker

OPTIONS='--insecure-registry=10.20.9.223'

在客户端机器登陆harbor服务器,如果认证成功,即可以上传下载.

[root@dockr-client~]# docker login 10.20.9.223
Username (admin): admin
Password: 
Login Succeeded
[root@dockr-client~]#

执行拉取镜像命令:

[root@docker-node ~]# docker pull 10.20.9.223/common.org/centos7:latest
Trying to pull repository 10.20.9.223/common.org/centos7 ... 
latest: Pulling from 10.20.9.223/common.org/centos7
Digest: sha256:191c883e479a7da2362b2d54c0840b2e8981e5ab62e11ab925abf8808d3d5d44
Status: Image is up to date for 10.20.9.223/common.org/centos7:latest
[root@docker-node ~]#

如果想查看harbor仓库的有哪些镜像,直接在http://10.20.9.223/harbor 界面就可以搜索到镜像列表.

 

参考文档:    

  https://blog.csdn.net/cuipengchong/article/details/68496627
  http://www.cnblogs.com/netsa/p/8124708.html
  https://www.cnblogs.com/hh2737/p/7483855.html
  https://www.cnblogs.com/Javame/p/7389093.html

 

posted @ 2018-05-23 22:37  梦徒  阅读(1000)  评论(0编辑  收藏  举报