企业级docker私有仓库harbor
- Harbor简述:
Harbor是一个用于存储和分发Docker镜像的企业级Registry服务器,通过添加一些企业必需的功能特性,例如安全、标识和管理等,扩展了开源Docker Distribution。作为一个企业级私有Registry服务器,Harbor提供了更好的性能和安全。提升用户使用Registry构建和运行环境传输镜像的效率。Harbor支持安装在多个Registry节点的镜像资源复制,镜像全部保存在私有Registry中, 确保数据和知识产权在公司内部网络中管控。另外,Harbor也提供了高级的安全特性,诸如用户管理,访问控制和活动审计等
- 环境:
centos 7.4 harbor 1.7.4 docker 1.13.1 docker-compose 1.16
1、安装docker
[root@gitlab_server ~]# yum -y install docker [root@gitlab_server ~]# docker -v Docker version 1.13.1, build b2f74b2/1.13.1
2、安装docker-compose
方法一:
[root@gitlab_server ~]# yum install python-pip -y [root@gitlab_server ~]# pip install docker-compose
方法二:
[root@gitlab_server ~]# curl -L https://github.com/docker/compose/releases/download/1.16.0/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose [root@gitlab_server ~]# chmod +x /usr/local/bin/docker-compose
3、下载harbor
[root@gitlab_server ~]# cd /opt [root@github_server opt]# wget https://storage.googleapis.com/harbor-releases/release-1.7.0/harbor-offline-installer-v1.7.4.tgz
注:harbor有两种安装方式,一种是在线安装online,一种是offline,我下载的是offline离线包,这样在后续的部署及安装都会比较快,总共有550M左右的大小!
4、解压,安装harbor
[root@github_server opt]# unar harbor.v1.7.4.tar.gz [root@github_server opt]# cd harbor/ [root@github_server harbor]# vim harbor.cfg #设置域名或IP hostname = 192.168.62.10
注:由于是测试,其它配置先不用改
- 配置文件注解
[root@github_server harbor]# egrep -v "^#|^$" harbor.cfg _version = 1.7.0 #版本号 hostname = 192.168.62.10 #服务域名或IP ui_url_protocol = http #设置访问协议,默认http max_job_workers = 10 #最大工作进程 customize_crt = on ssl_cert = /data/cert/server.crt #证书位置,若没有此目录则需要手动建立 ssl_cert_key = /data/cert/server.key secretkey_path = /data #数据目录 admiral_url = NA log_rotate_count = 50 log_rotate_size = 200M http_proxy = https_proxy = no_proxy = 127.0.0.1,localhost,core,registry #邮件设置,发送重置密码邮件时使用 email_identity = email_server = smtp.mydomain.com email_server_port = 25 email_username = sample_admin@mydomain.com email_password = abc email_from = admin <sample_admin@mydomain.com> email_ssl = false email_insecure = false harbor_admin_password = Harbor12345 #管理员UI登录的密码 #认证方式,支持多种认证方式,如LADP、本地存储、数据库认证。默认是db_auth,mysql数据库认证 auth_mode = db_auth #ldap认证 ldap_url = ldaps://ldap.mydomain.com ldap_basedn = ou=people,dc=mydomain,dc=com ldap_uid = uid ldap_scope = 2 ldap_timeout = 5 ldap_verify_cert = true ldap_group_basedn = ou=group,dc=mydomain,dc=com ldap_group_filter = objectclass=group ldap_group_gid = cn ldap_group_scope = 2 self_registration = on #是否开启自注册 token_expiration = 30 #Token有效时间,默认30分钟 project_creation_restriction = everyone #创建项目权限控制,默认是everyone(所有人),也设置为adminonly(只能管理员) #数据库认证 db_host = postgresql db_password = root123 db_port = 5432 db_user = postgres #redis认证 redis_host = redis redis_port = 6379 redis_password = redis_db_index = 1,2,3 #clair认证 clair_db_host = postgresql clair_db_password = root123 clair_db_port = 5432 clair_db_username = postgres clair_db = postgres clair_updaters_interval = 12 uaa_endpoint = uaa.mydomain.org uaa_clientid = id uaa_clientsecret = secret uaa_verify_cert = true uaa_ca_cert = /path/to/ca.pem registry_storage_provider_name = filesystem registry_storage_provider_config = registry_custom_ca_bundle =
[root@github_server harbor]# ./prepare [root@github_server harbor]# ./instsll.sh .... ✔ ----Harbor has been installed and started successfully.---- Now you should be able to visit the admin portal at http://192.168.62.10. For more details, please visit https://github.com/vmware/harbor .
[root@github_server harbor]# docker-compose ps Name Command State Ports ------------------------------------------------------------------------------------------------------------ harbor-adminserver /harbor/start.sh Up harbor-core /harbor/start.sh Up harbor-db /entrypoint.sh postgres Up 5432/tcp harbor-jobservice /harbor/start.sh Up harbor-log /bin/sh -c /usr/local/bin/ ... Up 127.0.0.1:1514->10514/tcp harbor-portal nginx -g daemon off; Up 80/tcp nginx nginx -g daemon off; Up 0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp, 0.0.0.0:80->80/tcp redis docker-entrypoint.sh redis ... Up 6379/tcp registry /entrypoint.sh /etc/regist ... Up 5000/tcp registryctl /harbor/start.sh Up
5、访问harbor
接访问harbor地址:http://192.168.62.10 ,默认用户密码: admin/Harbor12345
6、创建项目
7、客户端连接harbor
[root@github_server ~]# docker login 192.168.62.10 Username (admin): admin Password: Login Succeeded #Succeeded 为登陆成功
8、客户端上传下载镜像
[root@github_server ~]# docker tag docker.io/busybox 192.168.62.10/qunniao/busybox #给镜像打标签 [root@github_server ~]# docker push 192.168.62.10/qunniao/busybox #上传镜像 The push refers to a repository [192.168.62.10/qunniao/busybox] 0b97b1c81a32: Pushed latest: digest: sha256:f79f7a10302c402c052973e3fa42be0344ae6453245669783a9e16da3d56d5b4 size: 527
[root@gitlab_server ~]# docker pull 192.168.62.10/qunniao/busybox #下载镜像 Using default tag: latest Trying to pull repository 192.168.62.10/qunniao/busybox ... latest: Pulling from 192.168.62.10/qunniao/busybox fc1a6b909f82: Pull complete Digest: sha256:f79f7a10302c402c052973e3fa42be0344ae6453245669783a9e16da3d56d5b4 Status: Downloaded newer image for 192.168.62.10/qunniao/busybox:latest [root@gitlab_server ~]# docker images |grep busybox 192.168.62.10/qunniao/busybox latest af2f74c517aa 4 weeks ago 1.2 MB
9、web端查看
-
报错解决
- 错误:
Error response from daemon: Get https://192.168.62.10/v2/: dial tcp 192.168.62.10:443: connect: connection refused
- 分析:
Docker自从1.3.X之后docker registry交互默认使用的是HTTPS,但是我们搭建私有镜像默认使用的是HTTP服务,所以与私有镜像交时出现以上错误。
- 解决方法:
方法一:修改启动文件
[root@gitlab_server ~]# vi /usr/lib/systemd/system/docker.service …… ExecStart=/usr/bin/dockerd --insecure-registry 192.168.62.10 #修改此处并且后边添加IP地址或者域名 [root@gitlab_server ~]# systemctl daemon-reload [root@gitlab_server ~]# systemctl restart docker
方法二:修改配置
[root@gitlab_server ~]# vim /etc/docker/daemon.json
{
"registry-mirrors": ["http://192.168.62.10"]
}
[root@gitlab_server ~]# systemctl daemon-reload
[root@gitlab_server ~]# systemctl restart docker
方法三:修改加载配置(红色为添加部分)
[root@gitlab_server ~]# vim /etc/sysconfig/docker
OPTIONS='--selinux-enabled --log-driver=journald --signature-verification=false --insecure-registry 192.168.62.10'
[root@gitlab_server ~]# systemctl daemon-reload
[root@gitlab_server ~]# systemctl restart docker
温馨提示:如无特殊说明,本站文章均为作者原创,转载时请注明出处及相应链接!
