内网服务器配置镜像仓库Harbor2.7.1,映射端口后公网可以访问,shell生成镜像目录
先安装docker和docker-compose
# 配置dnf源
略
dnf install -y mtr vim bash-completion git telnet npm wget
# 配置docker和docker-compose
dnf erase -y podman buildah
dnf remove docker*
rm -fr /var/lib/docker/
dnf config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo
systemctl daemon-reload
dnf clean all && dnf makecache
dnf install -y docker-ce
systemctl start docker
systemctl enable docker
curl -L https://get.daocloud.io/docker/compose/releases/download/v2.7.0/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose
touch /etc/docker/daemon.json
cat >/etc/docker/daemon.json<<DD
{
"log-driver":"json-file",
"log-opts": {"max-size":"500m", "max-file":"2"}
}
DD
systemctl daemon-reload
systemctl restart docker
# 查看一下docker和docker-compose版本
docker-compose version && docker version
下载、解压harbor-2.3.4镜像包
mkdir -p /data/harbor /data/harbor_data && cd /data/harbor
wget https://github.com/goharbor/harbor/releases/download/v2.7.1/harbor-offline-installer-v2.7.1.tgz
tar -zxvf harbor-offline-installer-v2.7.1.tgz
开始安装
cd harbor
# 复制出docker-compose启动文件
cp harbor.yml.tmpl harbor.yml
#编辑docker-compose的启动文件
vim habor.yml
===============yaml文件内容如下===============
# Configuration file of Harbor
# The IP address or hostname to access admin UI and registry service.
# DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
hostname: 10.1.1.60 #配置监听地址或URL
# http related config
http:
# port for http, default is 80. If https enabled, this port will redirect to https port
port: 80 #配置监听端口
#注消下方所有关于https配置的信息
# https related config
#https:
# https port for harbor, default is 443
# port: 443
# The path of cert and key files for nginx
#certificate: /your/certificate/path
#private_key: /your/private/key/path
# The initial password of Harbor admin
# It only works in first time to install harbor
# Remember Change the admin password from UI after launching Harbor.
harbor_admin_password: baiinfo.1234 #配置admin用户登陆密码
# The default data volume
data_volume: /data/harbor_data #配置数据存放目录
# 开始安装,等待即可
./install.sh
# 系统重启动后若harbor未启动,进目录下命令启动
docker-compose -f /data/harbor/harbor/docker-compose.yml up -d
配置harbor开机自启动
# 查看docker-compose的绝对路径
which docker-compose
# 写入服务
cat >/usr/lib/systemd/system/harbor.service<<DD
[Unit]
Description=Harbor
After=docker.service systemd-networkd.service systemd-resolved.service
Requires=docker.service
Documentation=http://github.com/vmware/harbor
[Service]
Type=simple
Restart=on-failure
RestartSec=5
ExecStart=/usr/local/bin/docker-compose -f /data/harbor/harbor/docker-compose.yml up
ExecStop=/usr/local/bin/docker-compose -f /data/harbor/harbor/docker-compose.yml down
[Install]
WantedBy=multi-user.target
DD
# 安装和启动harbor服务, 查看一下harbor服务的状态
systemctl enable harbor
systemctl start harbor
systemctl status harbor
当harbor放置于内网, 公网访问配置端口映射方式后的token获取方式:
# 因为harbor采用了登陆和token分离的方式, 所以公网docker login时token会返回你的子网Harbor机器IP,导致报错如下:
Error response from daemon: Get "http://119.26.88.210:20061/v2/": Get "http://10.1.1.60/service/token?account=admin&client_id=docker&offline_token=true&service=harbor-registry": net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
# 此时需要配置harbor的external_url, 需要把此值写为公网访问的地址+端口(80不用写)
vim harbor.yml
# 找到如下位置, 取消external_url的注释, 添加公网地址
===============yaml文件内容如下===============
# Uncomment external_url if you want to enable external proxy
# And when it enabled the hostname will no longer used
external_url: http://119.26.88.210:20061
# 保存退出后, 需要清空harbor配置, 重新使配置生效
rm -rf ./common/config #每次修改配置后必须删除安装目录下这个文件夹
bash install.sh #重新安装即更新配置
# 再次登陆harbor就正常了
[root@zl_CentOS8 ~]# docker login 119.26.88.210:20061
Username: admin
Password: abcd1234
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
命令方式: 登陆, 推送, 拉取,登出
cat >>/etc/docker/daemon.json<<DD
{"insecure-registries":["119.26.88.210:20061"]}
DD
systemctl daemon-reload && systemctl restart docker
# 如果无法启动, 记得daemon.json文件"set ff=unix"一遍
# 公司内部harbor仓库推送和拉取方式
# 第一步, 登陆
docker login 119.26.88.210:20061
# 第二步, 打标记推送镜像到仓库
docker tag SOURCE_IMAGE[:TAG] 119.26.88.210:20061/bigdata/REPOSITORY[:TAG]
docker push 119.26.88.210:20061/bigdata/REPOSITORY[:TAG]
# 第三步, 拉取仓库的镜像
docker pull 119.26.88.210:20061/bigdata/check_ip:20230110
# 第四步,登出
docker logout 119.26.88.210:20061
cat >get-harbor-images-list.sh<<DD
#!/bin/bash
Harbor_Address=119.26.88.210:20061 #Harbor主机地址
Harbor_User=admin #登录Harbor的用户
Harbor_Passwd=abcd1234 #登录Harbor的用户密码
Images_File=harbor-images-`date '+%Y-%m-%d'`.txt #镜像清单文件
Tar_File=./ #镜像存放路径
# 获取Harbor中所有的项目(Projects), 借助python工具json.tool格式化输入无序的格式
Project_List=$(curl -u admin:abcd1234 -H "Content-Type: application/json" -X GET http://119.26.88.210:20061/api/v2.0/projects -k -s | python3 -m json.tool | grep name | awk '/"name": /' | awk -F '"' '{print $4}')
for Project in $Project_List;do
# 循环获取项目下所有的镜像
Image_Names=$(curl -u admin:abcd1234 -H "Content-Type: application/json" -X GET http://119.26.88.210:20061/api/v2.0/projects/$Project/repositories -k -s | python3 -m json.tool | grep name | awk '/"name": /' | awk -F '"' '{print $4}')
for Image in $Image_Names;do
# 循环获取镜像的版本(tag)
Image_Tags=$(curl -u admin:abcd1234 -H "Content-Type: application/json" -X GET http://119.26.88.210:20061/v2/$Image/tags/list -k -s | awk -F '"' '{print $8,$10,$12}')
for Tag in $Image_Tags;do
# 格式化输出镜像信息
echo "$Harbor_Address/$Image:$Tag" >> $Tar_File/harbor-images-`date '+%Y-%m-%d'`.txt
done
done
done
echo "以下镜像内容已保存到文件: $Tar_File/ harbor-images-`date '+%Y-%m-%d'`.txt"
cat $Tar_File/harbor-images-`date '+%Y-%m-%d'`.txt
DD
bash get-harbor-images-list.sh
#本脚本引用: https://blog.51cto.com/lidabai/5217350
web登陆方式访问harbor
内网访问:http://10.1.1.60 ,公网访问: http://119.26.88.210:20061