docker 镜像仓库的安装与使用
安装Docker Compose 解决依赖
[root@service-1 ~]# curl -L "https://github.com/docker/compose/releases/download/1.24.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 617 0 617 0 0 53 0 --:--:-- 0:00:11 --:--:-- 155 100 15.4M 100 15.4M 0 0 22247 0 0:12:06 0:12:06 --:--:-- 32266 [root@service-1 ~]# chmod +x /usr/local/bin/docker-compose
安装harbor
下载harbor包
[root@service-1 ~]# wget https://storage.googleapis.com/harbor-releases/harbor-offline-installer-v1.6.1.tgz --2019-04-08 09:35:20-- https://storage.googleapis.com/harbor-releases/harbor-offline-installer-v1.6.1.tgz 正在解析主机 storage.googleapis.com (storage.googleapis.com)... 172.217.160.112, 2404:6800:4008:801::2010 正在连接 storage.googleapis.com (storage.googleapis.com)|172.217.160.112|:443... 已连接。 已发出 HTTP 请求,正在等待回应... 读取文件头错误 (连接超时)。 重试中。 --2019-04-08 09:50:26-- (尝试次数: 2) https://storage.googleapis.com/harbor-releases/harbor-offline-installer-v1.6.1.tgz 正在连接 storage.googleapis.com (storage.googleapis.com)|172.217.160.112|:443... 已连接。 已发出 HTTP 请求,正在等待回应... 200 OK 长度:658170229 (628M) [application/x-tar] 正在保存至: “harbor-offline-installer-v1.6.1.tgz” 100%[=====================================================================================================================================================>] 658,170,229 607KB/s 用时 18m 37s 2019-04-08 10:09:04 (576 KB/s) - 已保存 “harbor-offline-installer-v1.6.1.tgz” [658170229/658170229])
安装
[root@service-1 ~]# systemctl start docker [root@service-1 ~]# setenforce 0 [root@service-1 ~]# systemctl stop firewalld.service [root@service-1 ~]# tar xf harbor-offline-installer-v1.6.1.tgz [root@service-1 ~]# mkdir /docker [root@service-1 ~]# mv harbor /docker/ [root@service-1 ~]# cd /docker/harbor/ [root@service-1 harbor]# egrep -v "^#|^$" harbor.cfg _version = 1.6.0 hostname = 192.168.10.31 主机名或者IPv4 地址 ui_url_protocol = http max_job_workers = 10 customize_crt = on ssl_cert = /data/cert/server.crt ssl_cert_key = /data/cert/server.key secretkey_path = /data admiral_url = NA log_rotate_count = 50 log_rotate_size = 200M http_proxy = https_proxy = no_proxy = 127.0.0.1,localhost,ui,registry email_identity = email_server = smtp.mydomain.com email_server_port = 25 email_username = sample_admin@mydomain.com email_password = abc email_from = admin <sample_admin@mydomain.com> email_ssl = false email_insecure = false harbor_admin_password = Harbor12345 auth_mode = db_auth ldap_url = ldaps://ldap.mydomain.com ldap_basedn = ou=people,dc=mydomain,dc=com ldap_uid = uid ldap_scope = 2 ldap_timeout = 5 ldap_verify_cert = true ldap_group_basedn = ou=group,dc=mydomain,dc=com ldap_group_filter = objectclass=group ldap_group_gid = cn ldap_group_scope = 2 self_registration = on token_expiration = 30 project_creation_restriction = everyone db_host = postgresql db_password = root123 db_port = 5432 db_user = postgres redis_host = redis redis_port = 6379 redis_password = redis_db_index = 1,2,3 clair_db_host = postgresql clair_db_password = root123 clair_db_port = 5432 clair_db_username = postgres clair_db = postgres clair_updaters_interval = 12 uaa_endpoint = uaa.mydomain.org uaa_clientid = id uaa_clientsecret = secret uaa_verify_cert = true uaa_ca_cert = /path/to/ca.pem registry_storage_provider_name = filesystem registry_storage_provider_config = registry_custom_ca_bundle =
加载并启动
[root@service-1 harbor]# ./prepare Generated and saved secret to file: /data/secretkey Generated configuration file: ./common/config/nginx/nginx.conf Generated configuration file: ./common/config/adminserver/env Generated configuration file: ./common/config/ui/env Generated configuration file: ./common/config/registry/config.yml Generated configuration file: ./common/config/db/env Generated configuration file: ./common/config/jobservice/env Generated configuration file: ./common/config/jobservice/config.yml Generated configuration file: ./common/config/log/logrotate.conf Generated configuration file: ./common/config/registryctl/env Generated configuration file: ./common/config/ui/app.conf Generated certificate, key file: ./common/config/ui/private_key.pem, cert file: ./common/config/registry/root.crt The configuration files are ready, please use docker-compose to start the service. [root@service-1 harbor]# ./install.sh [Step 0]: checking installation environment ... Note: docker version: 1.13.1 Note: docker-compose version: 1.24.0 [Step 1]: loading Harbor images ... ad50e89f4922: Loading layer [==================================================>] 133.4 MB/133.4 MB 8c9a00a7f290: Loading layer [==================================================>] 73.29 MB/73.29 MB 078e22641f73: Loading layer [==================================================>] 3.584 kB/3.584 kB 5494f0d704cb: Loading layer [==================================================>] 3.072 kB/3.072 kB 34c7e304d18b: Loading layer [==================================================>] 4.096 kB/4.096 kB ae9209f78c11: Loading layer [==================================================>] 3.584 kB/3.584 kB 1498359f7391: Loading layer [==================================================>] 9.728 kB/9.728 kB Loaded image: goharbor/harbor-log:v1.6.1 bb738fd5b202: Loading layer [==================================================>] 23.38 MB/23.38 MB 51f6c7e046ae: Loading layer [==================================================>] 21.15 MB/21.15 MB 67ff79ae8340: Loading layer [==================================================>] 21.15 MB/21.15 MB Loaded image: goharbor/harbor-jobservice:v1.6.1 b5be864bae6a: Loading layer [==================================================>] 83.89 MB/83.89 MB 9fdbae37c606: Loading layer [==================================================>] 3.072 kB/3.072 kB c24b06c70085: Loading layer [==================================================>] 59.9 kB/59.9 kB 946c040a69da: Loading layer [==================================================>] 61.95 kB/61.95 kB Loaded image: goharbor/redis-photon:v1.6.1 747ac74b0475: Loading layer [==================================================>] 5.128 MB/5.128 MB Loaded image: goharbor/nginx-photon:v1.6.1 3d4aae33f4f1: Loading layer [==================================================>] 683 MB/683 MB 3cb271cda7e0: Loading layer [==================================================>] 7.68 kB/7.68 kB 7ae402931bdb: Loading layer [==================================================>] 197.6 kB/197.6 kB Loaded image: goharbor/harbor-migrator:v1.6.1 67747a74e108: Loading layer [==================================================>] 158.1 MB/158.1 MB 93f3d22257c7: Loading layer [==================================================>] 35.08 MB/35.08 MB 2eda636f347b: Loading layer [==================================================>] 2.56 kB/2.56 kB 7a3b4ef015e8: Loading layer [==================================================>] 35.08 MB/35.08 MB Loaded image: goharbor/chartmuseum-photon:v0.7.1-v1.6.1 038c23438769: Loading layer [==================================================>] 23.38 MB/23.38 MB a6a0201bf457: Loading layer [==================================================>] 26.88 MB/26.88 MB aa0986b7d608: Loading layer [==================================================>] 7.168 kB/7.168 kB 830a350d7059: Loading layer [==================================================>] 11.32 MB/11.32 MB 3100afecce3d: Loading layer [==================================================>] 26.87 MB/26.87 MB Loaded image: goharbor/harbor-ui:v1.6.1 15134eb6d277: Loading layer [==================================================>] 95.85 MB/95.85 MB 02cff5f31ca4: Loading layer [==================================================>] 6.656 kB/6.656 kB 3e43f3cb1d4c: Loading layer [==================================================>] 2.048 kB/2.048 kB 4ab1b74a5650: Loading layer [==================================================>] 7.68 kB/7.68 kB 9c78faccbd48: Loading layer [==================================================>] 2.56 kB/2.56 kB 158d4a16071f: Loading layer [==================================================>] 2.56 kB/2.56 kB 6a2fbfb6100b: Loading layer [==================================================>] 2.56 kB/2.56 kB Loaded image: goharbor/harbor-db:v1.6.1 b15fe66f326a: Loading layer [==================================================>] 23.38 MB/23.38 MB 336e69120569: Loading layer [==================================================>] 3.072 kB/3.072 kB f308142e2037: Loading layer [==================================================>] 3.072 kB/3.072 kB 3119c7884a49: Loading layer [==================================================>] 2.048 kB/2.048 kB fafa9955d095: Loading layer [==================================================>] 22.8 MB/22.8 MB 4c53b946082a: Loading layer [==================================================>] 22.8 MB/22.8 MB Loaded image: goharbor/registry-photon:v2.6.2-v1.6.1 0fee5e457010: Loading layer [==================================================>] 23.38 MB/23.38 MB 6d1b402441fc: Loading layer [==================================================>] 12.16 MB/12.16 MB 765a288fcf5a: Loading layer [==================================================>] 17.3 MB/17.3 MB da4578643aee: Loading layer [==================================================>] 11.26 kB/11.26 kB f02d275fa76f: Loading layer [==================================================>] 3.072 kB/3.072 kB 4a3d1e973223: Loading layer [==================================================>] 29.46 MB/29.46 MB Loaded image: goharbor/notary-server-photon:v0.5.1-v1.6.1 918b224a19fd: Loading layer [==================================================>] 10.95 MB/10.95 MB ff41acdef199: Loading layer [==================================================>] 17.3 MB/17.3 MB 4389d5e9282a: Loading layer [==================================================>] 11.26 kB/11.26 kB 8a0e0bb6ed63: Loading layer [==================================================>] 3.072 kB/3.072 kB d437ffa494e0: Loading layer [==================================================>] 28.24 MB/28.24 MB Loaded image: goharbor/notary-signer-photon:v0.5.1-v1.6.1 1c86e9f19207: Loading layer [==================================================>] 158.1 MB/158.1 MB 3b4698fe61a0: Loading layer [==================================================>] 10.93 MB/10.93 MB 8dbd6d55a6cd: Loading layer [==================================================>] 2.048 kB/2.048 kB 5cb748f1dcf1: Loading layer [==================================================>] 48.13 kB/48.13 kB f86a42ee549b: Loading layer [==================================================>] 10.98 MB/10.98 MB Loaded image: goharbor/clair-photon:v2.0.6-v1.6.1 18abf81cd9fd: Loading layer [==================================================>] 23.38 MB/23.38 MB 66a3e670c5b5: Loading layer [==================================================>] 15.58 MB/15.58 MB 9cdd51a1e20c: Loading layer [==================================================>] 15.36 kB/15.36 kB 9aedba3496f1: Loading layer [==================================================>] 15.58 MB/15.58 MB Loaded image: goharbor/harbor-adminserver:v1.6.1 [Step 2]: preparing environment ... Clearing the configuration file: ./common/config/adminserver/env Clearing the configuration file: ./common/config/ui/env Clearing the configuration file: ./common/config/ui/app.conf Clearing the configuration file: ./common/config/ui/private_key.pem Clearing the configuration file: ./common/config/db/env Clearing the configuration file: ./common/config/jobservice/env Clearing the configuration file: ./common/config/jobservice/config.yml Clearing the configuration file: ./common/config/registry/config.yml Clearing the configuration file: ./common/config/registry/root.crt Clearing the configuration file: ./common/config/registryctl/env Clearing the configuration file: ./common/config/registryctl/config.yml Clearing the configuration file: ./common/config/nginx/nginx.conf Clearing the configuration file: ./common/config/log/logrotate.conf loaded secret from file: /data/secretkey Generated configuration file: ./common/config/nginx/nginx.conf Generated configuration file: ./common/config/adminserver/env Generated configuration file: ./common/config/ui/env Generated configuration file: ./common/config/registry/config.yml Generated configuration file: ./common/config/db/env Generated configuration file: ./common/config/jobservice/env Generated configuration file: ./common/config/jobservice/config.yml Generated configuration file: ./common/config/log/logrotate.conf Generated configuration file: ./common/config/registryctl/env Generated configuration file: ./common/config/ui/app.conf Generated certificate, key file: ./common/config/ui/private_key.pem, cert file: ./common/config/registry/root.crt The configuration files are ready, please use docker-compose to start the service. [Step 3]: checking existing instance of Harbor ... [Step 4]: starting Harbor ... Creating network "harbor_harbor" with the default driver Creating harbor-log ... done Creating harbor-db ... done Creating harbor-adminserver ... done Creating registry ... done Creating redis ... done Creating harbor-ui ... done Creating harbor-jobservice ... done Creating nginx ... done ✔ ----Harbor has been installed and started successfully.---- Now you should be able to visit the admin portal at http://192.168.10.31. For more details, please visit https://github.com/goharbor/harbor .
查看启动的容器
[root@service-1 harbor]# docker-compose ps Name Command State Ports ------------------------------------------------------------------------------------------------------------------------------------- harbor-adminserver /harbor/start.sh Up (healthy) harbor-db /entrypoint.sh postgres Up (healthy) 5432/tcp harbor-jobservice /harbor/start.sh Up harbor-log /bin/sh -c /usr/local/bin/ ... Up (healthy) 127.0.0.1:1514->10514/tcp harbor-ui /harbor/start.sh Up (healthy) nginx nginx -g daemon off; Up (healthy) 0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp, 0.0.0.0:80->80/tcp redis docker-entrypoint.sh redis ... Up 6379/tcp registry /entrypoint.sh /etc/regist ... Up (healthy) 5000/tcp
查看编排文件,及端口
[root@service-1 harbor]# cat docker-compose.yml version: \'2\' services: log: image: goharbor/harbor-log:v1.6.1 container_name: harbor-log restart: always volumes: - /var/log/harbor/:/var/log/docker/:z - ./common/config/log/:/etc/logrotate.d/:z ports: - 127.0.0.1:1514:10514 networks: - harbor registry: image: goharbor/registry-photon:v2.6.2-v1.6.1 container_name: registry restart: always volumes: - /data/registry:/storage:z - ./common/config/registry/:/etc/registry/:z networks: - harbor environment: - GODEBUG=netdns=cgo depends_on: - log logging: driver: "syslog" options: syslog-address: "tcp://127.0.0.1:1514" tag: "registry" postgresql: image: goharbor/harbor-db:v1.6.1 container_name: harbor-db restart: always volumes: - /data/database:/var/lib/postgresql/data:z networks: - harbor env_file: - ./common/config/db/env depends_on: - log logging: driver: "syslog" options: syslog-address: "tcp://127.0.0.1:1514" tag: "postgresql" adminserver: image: goharbor/harbor-adminserver:v1.6.1 container_name: harbor-adminserver env_file: - ./common/config/adminserver/env restart: always volumes: - /data/config/:/etc/adminserver/config/:z - /data/secretkey:/etc/adminserver/key:z - /data/:/data/:z networks: - harbor depends_on: - log logging: driver: "syslog" options: syslog-address: "tcp://127.0.0.1:1514" tag: "adminserver" ui: image: goharbor/harbor-ui:v1.6.1 container_name: harbor-ui env_file: - ./common/config/ui/env restart: always volumes: - ./common/config/ui/app.conf:/etc/ui/app.conf:z - ./common/config/ui/private_key.pem:/etc/ui/private_key.pem:z - ./common/config/ui/certificates/:/etc/ui/certificates/:z - /data/secretkey:/etc/ui/key:z - /data/ca_download/:/etc/ui/ca/:z - /data/psc/:/etc/ui/token/:z networks: - harbor depends_on: - log - adminserver - registry logging: driver: "syslog" options: syslog-address: "tcp://127.0.0.1:1514" tag: "ui" jobservice: image: goharbor/harbor-jobservice:v1.6.1 container_name: harbor-jobservice env_file: - ./common/config/jobservice/env restart: always volumes: - /data/job_logs:/var/log/jobs:z - ./common/config/jobservice/config.yml:/etc/jobservice/config.yml:z networks: - harbor depends_on: - redis - ui - adminserver logging: driver: "syslog" options: syslog-address: "tcp://127.0.0.1:1514" tag: "jobservice" redis: image: goharbor/redis-photon:v1.6.1 container_name: redis restart: always volumes: - /data/redis:/var/lib/redis networks: - harbor depends_on: - log logging: driver: "syslog" options: syslog-address: "tcp://127.0.0.1:1514" tag: "redis" proxy: image: goharbor/nginx-photon:v1.6.1 container_name: nginx restart: always volumes: - ./common/config/nginx:/etc/nginx:z networks: - harbor ports: - 80:80 - 443:443 - 4443:4443 depends_on: - postgresql - registry - ui - log logging: driver: "syslog" options: syslog-address: "tcp://127.0.0.1:1514" tag: "proxy" networks: harbor: external: false [root@service-1 harbor]# ss -lntp | grep docker LISTEN 0 128 127.0.0.1:1514 *:* users:(("docker-proxy-cu",pid=4543,fd=4)) LISTEN 0 128 :::80 :::* users:(("docker-proxy-cu",pid=5452,fd=4)) LISTEN 0 128 :::443 :::* users:(("docker-proxy-cu",pid=5422,fd=4)) LISTEN 0 128 :::4443 :::* users:(("docker-proxy-cu",pid=5395,fd=4))
浏览器访问192.168.10.31 密码:Harbor12345
仓库操作
Docker添加信任仓库,上传镜像
[root@service-1 harbor]# vim /etc/docker/daemon.json { "registry-mirrors": ["https://3sukocvg.mirror.aliyuncs.com"], 注意,号 "insecure-registries": ["192.168.10.31"] 仓库地址 } [root@service-1 harbor]# systemctl daemon-reload [root@service-1 harbor]# systemctl restart docker 重启docker [root@service-1 harbor]# docker-compose up -d 启动镜像服务 Starting harbor-log ... done Starting harbor-db ... done Starting registry ... done Starting harbor-adminserver ... done Starting redis ... done Starting harbor-ui ... done Starting harbor-jobservice ... done Starting nginx ... done [root@service-1 harbor]# docker tag nginx:latest 192.168.10.31/library/nginx:v1 [root@service-1 harbor]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE 192.168.10.31/library/nginx v1 2bcb04bdb83f 12 days ago 109 MB docker.io/nginx latest 2bcb04bdb83f 12 days ago 109 MB docker.io/centos latest 9f38484d220f 3 weeks ago 202 MB goharbor/chartmuseum-photon v0.7.1-v1.6.1 f0a2dbee1ff1 5 months ago 350 MB goharbor/harbor-migrator v1.6.1 60e8be845b35 5 months ago 798 MB goharbor/redis-photon v1.6.1 6a67380bb061 5 months ago 210 MB goharbor/clair-photon v2.0.6-v1.6.1 c4fcdbae7df2 5 months ago 302 MB goharbor/notary-server-photon v0.5.1-v1.6.1 f1afd44d9f9b 5 months ago 209 MB goharbor/notary-signer-photon v0.5.1-v1.6.1 83aa51867207 5 months ago 207 MB goharbor/registry-photon v2.6.2-v1.6.1 f4cb5e83f0a4 5 months ago 196 MB goharbor/nginx-photon v1.6.1 9ca888fe33b2 5 months ago 132 MB goharbor/harbor-log v1.6.1 9b1ea3f29465 5 months ago 198 MB goharbor/harbor-jobservice v1.6.1 9ca6fd371ca6 5 months ago 192 MB goharbor/harbor-ui v1.6.1 305ee5b8952c 5 months ago 215 MB goharbor/harbor-adminserver v1.6.1 a3e95f74984e 5 months ago 181 MB goharbor/harbor-db v1.6.1 3bea3bff0190 5 months ago 219 MB [root@service-1 harbor]# docker login 192.168.10.31 Username: chenxi Password: Login Succeeded [root@service-1 harbor]# docker push 192.168.10.31/library/nginx:v1 The push refers to a repository [192.168.10.31/library/nginx] 7e274c0effe8: Pushed dd0338cdfab3: Pushed 5dacd731af1b: Pushed v1: digest: sha256:dabecc7dece2fff98fb00add2f0b525b7cd4a2cacddcc27ea4a15a7922ea47ea size: 948
查看镜像
新建一个私有项目上传镜像,添加用户上传镜像
上传镜像
[root@service-1 harbor]# docker tag centos:latest 192.168.10.31/product/centos:v1 [root@service-1 harbor]# docker push 192.168.10.31/product/centos:v1 The push refers to a repository [192.168.10.31/product/centos] d69483a6face: Pushed v1: digest: sha256:ca58fe458b8d94bc6e3072f1cfbd334855858e05e1fd633aa07cf7f82b048e66 size: 529
删除本地已有的那个镜像,并重新下载测试权限
[root@service-1 harbor]# docker rmi 192.168.10.31/product/centos:v1 Untagged: 192.168.10.31/product/centos:v1 Untagged: 192.168.10.31/product/centos@sha256:ca58fe458b8d94bc6e3072f1cfbd334855858e05e1fd633aa07cf7f82b048e66 [root@service-1 harbor]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE 192.168.10.31/library/nginx v1 2bcb04bdb83f 12 days ago 109 MB docker.io/nginx latest 2bcb04bdb83f 12 days ago 109 MB docker.io/centos latest 9f38484d220f 3 weeks ago 202 MB goharbor/chartmuseum-photon v0.7.1-v1.6.1 f0a2dbee1ff1 5 months ago 350 MB goharbor/harbor-migrator v1.6.1 60e8be845b35 5 months ago 798 MB goharbor/redis-photon v1.6.1 6a67380bb061 5 months ago 210 MB goharbor/clair-photon v2.0.6-v1.6.1 c4fcdbae7df2 5 months ago 302 MB goharbor/notary-server-photon v0.5.1-v1.6.1 f1afd44d9f9b 5 months ago 209 MB goharbor/notary-signer-photon v0.5.1-v1.6.1 83aa51867207 5 months ago 207 MB goharbor/registry-photon v2.6.2-v1.6.1 f4cb5e83f0a4 5 months ago 196 MB goharbor/nginx-photon v1.6.1 9ca888fe33b2 5 months ago 132 MB goharbor/harbor-log v1.6.1 9b1ea3f29465 5 months ago 198 MB goharbor/harbor-jobservice v1.6.1 9ca6fd371ca6 5 months ago 192 MB goharbor/harbor-ui v1.6.1 305ee5b8952c 5 months ago 215 MB goharbor/harbor-adminserver v1.6.1 a3e95f74984e 5 months ago 181 MB goharbor/harbor-db v1.6.1 3bea3bff0190 5 months ago 219 MB [root@service-1 harbor]# docker logout 192.168.10.31 退出登录指定的仓库 Removing login credentials for 192.168.10.31 [root@service-1 harbor]# docker rmi 192.168.10.31/product/centos:v1 Error response from daemon: No such image: 192.168.10.31/product/centos:v1 [root@service-1 harbor]# docker login 192.168.10.31 Username: cx Password: Login Succeeded [root@service-1 harbor]# docker pull 192.168.10.31/product/centos:v1 Trying to pull repository 192.168.10.31/product/centos ... v1: Pulling from 192.168.10.31/product/centos Digest: sha256:ca58fe458b8d94bc6e3072f1cfbd334855858e05e1fd633aa07cf7f82b048e66 Status: Downloaded newer image for 192.168.10.31/product/centos:v1 [root@service-1 harbor]# docker images | grep centos 192.168.10.31/product/centos v1 9f38484d220f 3 weeks ago 202 MB
利用镜像仓库直接部署容器
[root@service-1 harbor]# docker run -d 192.168.10.31/product/centos:v1 Unable to find image \'192.168.10.31/product/centos:v1\' locally Trying to pull repository 192.168.10.31/product/centos ... v1: Pulling from 192.168.10.31/product/centos Digest: sha256:ca58fe458b8d94bc6e3072f1cfbd334855858e05e1fd633aa07cf7f82b048e66 Status: Downloaded newer image for 192.168.10.31/product/centos:v1 422763df4f6ba767a59f4172d55bff696d2e52c1877a4e5e708307a5198afc39