内网服务器配置镜像仓库Harbor2.7.1,映射端口后公网可以访问,shell生成镜像目录

 

先安装docker和docker-compose

# 配置dnf源
略
dnf install -y mtr vim bash-completion git telnet npm wget
​
# 配置docker和docker-compose
dnf erase -y podman buildah
dnf remove docker*
rm -fr /var/lib/docker/
dnf config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo
systemctl daemon-reload
dnf clean all && dnf makecache
dnf install -y docker-ce
systemctl start docker
systemctl enable docker
curl -L https://get.daocloud.io/docker/compose/releases/download/v2.7.0/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose
touch /etc/docker/daemon.json
cat >/etc/docker/daemon.json<<DD
{
  "log-driver":"json-file",
  "log-opts": {"max-size":"500m", "max-file":"2"}
}
DD
systemctl daemon-reload
systemctl restart docker
​
# 查看一下docker和docker-compose版本
docker-compose version && docker version

下载、解压harbor-2.3.4镜像包

mkdir -p /data/harbor /data/harbor_data && cd /data/harbor
wget https://github.com/goharbor/harbor/releases/download/v2.7.1/harbor-offline-installer-v2.7.1.tgz
tar -zxvf harbor-offline-installer-v2.7.1.tgz

开始安装

cd harbor
# 复制出docker-compose启动文件
cp harbor.yml.tmpl harbor.yml 
#编辑docker-compose的启动文件
vim habor.yml 
​
===============yaml文件内容如下===============
# Configuration file of Harbor
  
# The IP address or hostname to access admin UI and registry service.
# DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
hostname: 10.1.1.60  #配置监听地址或URL
# http related config
http:
  # port for http, default is 80. If https enabled, this port will redirect to https port
  port: 80  #配置监听端口
​
#注消下方所有关于https配置的信息
# https related config
#https:
  # https port for harbor, default is 443
  # port: 443
  # The path of cert and key files for nginx
  #certificate: /your/certificate/path
   #private_key: /your/private/key/path
# The initial password of Harbor admin
# It only works in first time to install harbor
# Remember Change the admin password from UI after launching Harbor.
​
harbor_admin_password: baiinfo.1234  #配置admin用户登陆密码
​
# The default data volume
data_volume: /data/harbor_data   #配置数据存放目录
​
# 开始安装,等待即可
./install.sh    
​
# 系统重启动后若harbor未启动,进目录下命令启动
docker-compose -f /data/harbor/harbor/docker-compose.yml up -d

配置harbor开机自启动

# 查看docker-compose的绝对路径
which docker-compose
​
# 写入服务
cat >/usr/lib/systemd/system/harbor.service<<DD
[Unit]
Description=Harbor
After=docker.service systemd-networkd.service systemd-resolved.service
Requires=docker.service
Documentation=http://github.com/vmware/harbor
​
[Service]
Type=simple
Restart=on-failure
RestartSec=5
ExecStart=/usr/local/bin/docker-compose -f /data/harbor/harbor/docker-compose.yml up
ExecStop=/usr/local/bin/docker-compose -f /data/harbor/harbor/docker-compose.yml down
​
[Install]
WantedBy=multi-user.target
DD
​
# 安装和启动harbor服务, 查看一下harbor服务的状态
systemctl enable harbor
systemctl start harbor
systemctl status harbor

当harbor放置于内网, 公网访问配置端口映射方式后的token获取方式:

# 因为harbor采用了登陆和token分离的方式, 所以公网docker login时token会返回你的子网Harbor机器IP,导致报错如下:
Error response from daemon: Get "http://119.26.88.210:20061/v2/": Get "http://10.1.1.60/service/token?account=admin&client_id=docker&offline_token=true&service=harbor-registry": net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
​
# 此时需要配置harbor的external_url, 需要把此值写为公网访问的地址+端口(80不用写)
vim harbor.yml
# 找到如下位置, 取消external_url的注释, 添加公网地址
===============yaml文件内容如下===============
# Uncomment external_url if you want to enable external proxy
# And when it enabled the hostname will no longer used
external_url: http://119.26.88.210:20061
​
# 保存退出后, 需要清空harbor配置, 重新使配置生效
 rm -rf ./common/config  #每次修改配置后必须删除安装目录下这个文件夹
 bash install.sh  #重新安装即更新配置
 
# 再次登陆harbor就正常了
[root@zl_CentOS8 ~]# docker login 119.26.88.210:20061
Username: admin
Password: abcd1234
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
​
Login Succeeded

命令方式: 登陆, 推送, 拉取,登出

cat >>/etc/docker/daemon.json<<DD
{"insecure-registries":["119.26.88.210:20061"]}
DD
systemctl daemon-reload && systemctl restart docker
# 如果无法启动, 记得daemon.json文件"set ff=unix"一遍
​
# 公司内部harbor仓库推送和拉取方式
# 第一步, 登陆
docker login 119.26.88.210:20061
# 第二步, 打标记推送镜像到仓库
docker tag SOURCE_IMAGE[:TAG] 119.26.88.210:20061/bigdata/REPOSITORY[:TAG]
docker push 119.26.88.210:20061/bigdata/REPOSITORY[:TAG]
# 第三步, 拉取仓库的镜像
docker pull 119.26.88.210:20061/bigdata/check_ip:20230110
# 第四步,登出
docker logout 119.26.88.210:20061

shell脚本获取harbor镜像中所有镜像列表

cat >get-harbor-images-list.sh<<DD
#!/bin/bash
Harbor_Address=119.26.88.210:20061   #Harbor主机地址
Harbor_User=admin                    #登录Harbor的用户
Harbor_Passwd=abcd1234           #登录Harbor的用户密码
Images_File=harbor-images-`date '+%Y-%m-%d'`.txt   #镜像清单文件
Tar_File=./                                        #镜像存放路径
​
# 获取Harbor中所有的项目(Projects), 借助python工具json.tool格式化输入无序的格式
Project_List=$(curl -u admin:abcd1234  -H "Content-Type: application/json" -X GET  http://119.26.88.210:20061/api/v2.0/projects  -k -s | python3 -m json.tool |  grep name | awk '/"name": /' | awk -F '"' '{print $4}')
​
for Project in $Project_List;do
   # 循环获取项目下所有的镜像
    Image_Names=$(curl -u admin:abcd1234 -H "Content-Type: application/json" -X GET http://119.26.88.210:20061/api/v2.0/projects/$Project/repositories -k -s | python3 -m json.tool | grep name | awk '/"name": /' | awk -F '"' '{print $4}')
    for Image in $Image_Names;do
        # 循环获取镜像的版本(tag)
        Image_Tags=$(curl -u admin:abcd1234  -H "Content-Type: application/json"   -X GET  http://119.26.88.210:20061/v2/$Image/tags/list  -k -s |  awk -F '"'  '{print $8,$10,$12}')
        for Tag in $Image_Tags;do
            # 格式化输出镜像信息
            echo "$Harbor_Address/$Image:$Tag"   >> $Tar_File/harbor-images-`date '+%Y-%m-%d'`.txt
        done
    done
done
echo "以下镜像内容已保存到文件: $Tar_File/ harbor-images-`date '+%Y-%m-%d'`.txt"
cat $Tar_File/harbor-images-`date '+%Y-%m-%d'`.txt
DD

bash get-harbor-images-list.sh

#本脚本引用: https://blog.51cto.com/lidabai/5217350

web登陆方式访问harbor

内网访问:http://10.1.1.60  ,公网访问: http://119.26.88.210:20061

帐号和密码:admin/abcd1234

posted @ 2023-03-14 15:35  天海沙  阅读(752)  评论(2编辑  收藏  举报