-
安装搭建私有仓库Harbor
1. Harbor介绍:Harbor是VMware公司开源的企业级DockerRegistry项目,其目标是帮助用户迅速搭建一个企业级的Docker registry服务。它以Docker公司开源的registry为基础,提供了管理UI,基于角色的访问控制(Role Based Access Control),AD/LDAP集成、以及审计日志(Auditlogging) 等企业用户需求的功能,同时还原生支持中文。
2. 安装搭建Harbor:
1>. 安装docker的编排工具docker compose ,如果没有安装docker也要安装docker-ce:
- ##方式一:
- [root@centos7 ~]#curl -L https://get.daocloud.io/docker/compose/releases/download/1.25.1/docker-compose- `uname -s`-`uname -m` -o /usr/local/bin/docker-compose
- [root@centos7 ~]# chmod +x /usr/local/bin/docker-compose
- ##方式二:
- ##配置扩展源
- [root@centos7 ~]# wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
- ##安装docker-compose
- [root@centos7 ~]# yum install http://rpmfind.net/linux/epel/7/x86_64/Packages/d/docker-compose-1.18.0-4.el7.noarch.rpm
- ##查看docker-compose版本
- [root@centos7 harbor]# docker-compose -v
- docker-compose version 1.25.1, build a82fef07
2>. 下载Harbor安装包:添加一块新硬盘格式化后挂载在/harbordata
- # 使用ext4文件系统格式化sdb磁盘的sdb1分区
- [root@centos7 ~]# mkfs.ext4 /dev/sdb1
- # 创建挂载目录
- [root@centos7 ~]# mkdir /harbordata
- # 将sdb1分区挂载到/harbordata上
- [root@centos7 ~]# mount /dev/sdb1 /harbordata/
- # 下载Harbor安装包
- [root@centos7 ~]# wget https://storage.googleapis.com/harbor-releases/release- 1.7.0/harbor-offline-installer-v1.7.1.tgz
- # 解压安装包到指定目录/harbordata/
- [root@centos7 ~]# tar -C /harbordata/ -xvf harbor-offline-installer-v1.7.1.tgz
3>. 修改harbor.cfg配置文件:
- [root@centos7 harbor]# cd /harbordata/harbor/
- [root@centos7 harbor]# vim harbor.cfg
- _version = 1.7.0
- hostname = harbor_test
- ui_url_protocol = http
- max_job_workers = 1
- customize_crt = on
- ssl_cert = /data/cert/server.crt
- ssl_cert_key = /data/cert/server.key
- secretkey_path = /data
- log_rotate_count = 50
- log_rotate_size = 200M
- http_proxy =
- https_proxy =
- no_proxy = 127.0.0.1,localhost,core,registry
- email_identity =
- email_server = smtp.mydomain.com
- email_server_port = 25
- email_username = sample_admin@mydomain.com
- email_password = abc
- email_from = admin <sample_admin@mydomain.com>
- email_ssl = false
- email_insecure = false
- harbor_admin_password = Harbor12345
- ldap_url = ldaps://ldap.mydomain.com
- ldap_basedn = ou=people,dc=mydomain,dc=com
- ldap_uid = uid
- LDAP_SCOPE_SUBTREE
- ldap_scope = 2
- ldap_timeout = 5
- ldap_verify_cert = true
- ldap_group_basedn = ou=group,dc=mydomain,dc=com
- ldap_group_filter = objectclass=group
- ldap_group_gid = cn
- ldap_group_scope = 2
- self_registration = on
- token_expiration = 30
- project_creation_restriction = everyone
- db_host = postgresql
- db_password = root123
- db_port = 5432
- db_user = postgres
- redis_host = redis
- redis_port = 6379
- redis_password =
- redis_db_index = 1,2,3
- clair_db_password = root123
- clair_db_username = postgres
- clair_updaters_interval = 12
- uaa_endpoint = uaa.mydomain.org
- uaa_clientid = id
- uaa_clientsecret = secret
- uaa_verify_cert = true
- uaa_ca_cert = /path/to/ca.pem
- registry_storage_provider_name = filesystem
- registry_storage_provider_config =
- registry_custom_ca_bundle =
主要修改了:hostname:主机名。max_job_workers:最大cpu数,小于等于自己服务器的硬件。4>. 安装启动harbor:[root@centos7 harbor]# ./install.sh
5>. 安装后验证:
· 启动后开启了一些端口:
· harbor实际就是启动了一些docker服务
6>. 使用Harbor:
7>. 使用admin登录,密码为Harbor12345(初始密码在harbor.cfg 文件中)
3. 上传下载镜像到harbor仓库:
1>. 修改docker配置,添加harbor仓库为信任地址:不管是从仓库拉取镜像,还是向仓库上传都需要修改。
- [root@centos7 harbor]# cat /etc/docker/daemon.json
- {
- "registry-mirrors": ["https://registry.docker-cn.com"],
- "insecure-registries": ["192.168.188.223:80"]
- }
- [root@centos7 harbor]# systemctl daemon-reload
- [root@centos7 harbor]# systemctl restart docker
- [root@centos7 harbor]# docker-compose up -d
- [root@centos7 harbor]# cat /etc/hosts
- 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
- ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
- 192.168.188.223 harbor_test #添加解析
2>. 将要上传镜像打标签:标签格式常为:harbor所在主机的域名或ip:80/要上传到harbor上的哪个项目的项目名/镜像名称:镜像版本。
[root@centos7 harbor]# docker tag busybox:latest 192.168.188.223:80/test/busybox:latest3>. 登录harbor仓库:
- [root@centos7 harbor]# docker login 192.168.188.223:80
- Authenticating with existing credentials...
- WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
- Configure a credential helper to remove this warning. See
- https://docs.docker.com/engine/reference/commandline/login/#credentials-store
- Login Succeeded
- [root@centos7 harbor]#
- 也可以使用一些选项登录:
- -u:指定用户名
- -p:指定密码
4>. 上传镜像:
- [root@centos7 harbor]# docker push 192.168.188.223:80/test/busybox:latest
- The push refers to repository [192.168.188.223:80/test/busybox]
- 01fd6df81c8e: Pushed
- latest: digest: sha256:62ffc2ed7554e4c6d360bce40bbcf196573dd27c4ce080641a2c59867e732dee size: 527
- [root@centos7 harbor]#
5>. 在harbor上验证是否上传成功:
在harbor web页面中也可以进行很多实用的操作,比如:给镜像打标、复制镜像、删除镜像等。
4. 控制harbor服务:在harbor安装路径下,使用docker-compose命令对harbor进行控制。
- # 暂停暂停harbor服务
- [root@localhost harbor]# docker-compose pause
- # 取消暂停harbor服务
- [root@localhost harbor]# docker-compose unpause
- # 关闭harbor服务
- [root@localhost harbor]# docker-compose stop
- # 开启harbor服务
- [root@localhost harbor]# docker-compose start
-
相关阅读:
深入探讨 Presto 中的缓存
线性递推数列的通项公式(非常简单,三步完成)
Netty2
电脑重装系统后如何查看电脑内存信息的方法
基于Java毕业设计智能导诊系统源码+系统+mysql+lw文档+部署软件
遮挡Windows电脑上烦人的微信/企业微信/钉钉消息闪烁提醒
使用python玩转二维码!速学速用!⛵
autollm 指令设计
100天精通Python(爬虫篇)——第47天:selenium自动化操作浏览器
论文阅读(12) 与其他后生动物相比,水母被动能量的重新获取有助于推进优势(2013)
- 原文地址:https://blog.csdn.net/NancyLCL/article/details/126542597
