docker镜像仓库管理Harbor
一 部署Harbor
前提: Harbor需要运行在docker上面,所以首先需要在harbor部署机器上面自行部署docker和docker-compose
docker-compose安装命令如下所示:
sudo curl -L https://get.daocloud.io/docker/compose/releases/download/1.25.1/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
1.1 开始在部署Harbor
1.1.1 下载源码包
wget https://github.com/vmware/harbor/releases/download/v1.1.2/harbor-online-installer-v1.1.2.tgz
1.1.2 解压过程略
1.1.3 配置以及开始启动安装流程如下所示
# hostname设置访问地址,可以使用ip、域名,不可以设置为127.0.0.1或localhost hostname = 172.16.173.141 # 访问协议,默认是http,也可以设置https,如果设置https,则nginx ssl需要设置on ui_url_protocol = http # mysql数据库root用户默认密码root123,实际使用时修改下 db_password = xxxxxx max_job_workers = 3 customize_crt = on ssl_cert = /data/cert/server.crt ssl_cert_key = /data/cert/server.key secretkey_path = /data admiral_url = NA # 邮件设置,发送重置密码邮件时使用 email_identity = email_server = smtp.mydomain.com email_server_port = 25 email_username = sample_admin@mydomain.com email_password = abc email_from = admin <sample_admin@mydomain.com> email_ssl = false # 启动Harbor后,管理员UI登录的密码,默认是Harbor12345 harbor_admin_password = xxxxxx # 认证方式,这里支持多种认证方式,如LADP、本次存储、数据库认证。默认是db_auth,mysql数据库认证 auth_mode = db_auth # LDAP认证时配置项 ldap_url = ldaps://ldap.mydomain.com #ldap_searchdn = uid=searchuser,ou=people,dc=mydomain,dc=com #ldap_search_pwd = password ldap_basedn = ou=people,dc=mydomain,dc=com #ldap_filter = (objectClass=person) ldap_uid = uid ldap_scope = 3 ldap_timeout = 5 # 是否开启自注册 self_registration = on # token有效时间,默认30分钟 token_expiration = 30 # 用户创建项目权限控制,默认是everyone(所有人),也可以设置为adminonly(只能管理员) project_creation_restriction = everyone verify_remote_cert = on
1.14 开始执行安装执行./install.sh结束有如下进程
[root@localhost harbor]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 2c338d048370 vmware/harbor-jobservice:v1.1.2 "/harbor/harbor_jo..." 8 minutes ago Up 8 minutes harbor-jobservice 3536e02036cc vmware/nginx:1.11.5-patched "nginx -g 'daemon ..." 8 minutes ago Up 8 minutes 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp nginx f0e9cce9ebd0 vmware/harbor-ui:v1.1.2 "/harbor/harbor_ui" 8 minutes ago Up 8 minutes harbor-ui 10899d82255e vmware/registry:2.6.1-photon "/entrypoint.sh se..." 8 minutes ago Up 8 minutes 5000/tcp registry 7c4142e47177 vmware/harbor-db:v1.1.2 "docker-entrypoint..." 8 minutes ago Up 8 minutes 3306/tcp harbor-db af6ee670aafd vmware/harbor-adminserver:v1.1.2 "/harbor/harbor_ad..." 8 minutes ago Up 8 minutes harbor-adminserver 332a9f81c337 vmware/harbor-log:v1.1.2 "/bin/sh -c 'crond..." 8 minutes ago Up 8 minutes 127.0.0.1:1514->514/tcp harbor-log
1.15 在需要访问的机器上面的/etc/docker/daemon.json下面添加认可IP信息如下所示
[root@localhost docker]# cat daemon.json { "registry-mirrors": ["https://xxxxxxxx.mirror.aliyuncs.com"], "insecure-registries":["xx.xx.xx.xx"] }
1.16可以成功的访问自己搭建的私有镜像仓库
[root@localhost docker]# docker login 172.16.173.141 Username (admin): Password: Login Succeeded
1.17接下来展示一个如何将研发仓库的镜像打包到harbor仓库里面去
[root@localhost wxm_images]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE <none> <none> 3101777ef936 33 minutes ago 529 MB docker.io/mysql latest c8562eaf9d81 2 months ago 546 MB 172.16.173.141/wxm-test-01/basenginx2 wxm 300e315adb2f 3 months ago 209 MB 172.16.173.141/wxm-test-01/basenginx wxm 300e315adb2f 3 months ago 209 MB basenginx wxm 300e315adb2f 3 months ago 209 MB docker.io/centos latest 300e315adb2f 3 months ago 209 MB nginx wxm 300e315adb2f 3 months ago 209 MB [root@localhost wxm_images]# docker tag docker.io/mysql 172.16.173.141/wxm-test-01/mysql:wxm
1.18 之后push到harbor上面
[root@localhost wxm_images]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
<none> <none> 3101777ef936 40 minutes ago 529 MB
172.16.173.141/wxm-test-01/mysql wxm c8562eaf9d81 2 months ago 546 MB
docker.io/mysql latest c8562eaf9d81 2 months ago 546 MB
172.16.173.141/wxm-test-01/basenginx2 wxm 300e315adb2f 3 months ago 209 MB
172.16.173.141/wxm-test-01/basenginx wxm 300e315adb2f 3 months ago 209 MB
basenginx wxm 300e315adb2f 3 months ago 209 MB
docker.io/centos latest 300e315adb2f 3 months ago 209 MB
nginx wxm 300e315adb2f 3 months ago 209 MB
[root@localhost wxm_images]# docker push 172.16.173.141/wxm-test-01/mysql The push refers to a repository [172.16.173.141/wxm-test-01/mysql] c080af299e3f: Pushed ab82e085fd82: Pushed d60ed0726e37: Pushed 9577a2d5d759: Pushing [==============> ] 119.5 MB/410.8 MB d35a1217c926: Pushed 98d98806c8ac: Pushed 0394a41efa73: Pushing [=============> ] 13.77 MB/52.24 MB c484a3b6d841: Pushed 6d23902c2a54: Pushed 74c86dffd46f: Pushing [=================================================> ] 9.176 MB/9.343 MB ef4a33cee7a0: Pushed cb42413394c4: Mounted from wxm-test-01/basenginx
1.19 在harbor上面能看到刚推上去的镜像
1.1.20 下面展示如何从harbor上面拉取镜像
[root@localhost wxm_images]# docker pull 172.16.173.141/wxm-test-01/mysql:wxm
Trying to pull repository 172.16.173.141/wxm-test-01/mysql ...
wxm: Pulling from 172.16.173.141/wxm-test-01/mysql
Digest: sha256:43bf7db32d11e75d8463a8bc077f09af5fb5b84b182b1d74124ddca633093bfa
Status: Image is up to date for 172.16.173.141/wxm-test-01/mysql:wxm
