zoukankan      html  css  js  c++  java
  • docker开源仓库Harbor部署笔记

    Harbor介绍
    Harbor是Vmvare团队开发的开源企业级registry仓库,相比docker官方拥有更丰富的权限权利和完善的架构设计,适用大规模docker集群部署提供仓库服务。
    项目地址:https://github.com/vmware/harbor

    环境说明:

    ip地址: 10.20.9.223
    系统版本: CentOS Linux release 7.3

    1、关闭防火墙:

    #systemctl disable firewalld.service
    #systemctl stop firewalld.service

    2、设置主机名:

    #hostnamectl --static set-hostname  docker-Harbor-registry

    3、安装docker:

    # yum install docker -y

    4、安装compose

    Harbor是通过docker的compose项目部署的,需要安装compose,幸好compost 在git上提供了安装指令:

    # curl -L https://github.com/docker/compose/releases/download/1.18.0/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
    
    # chmod +x /usr/local/bin/docker-compose   #设置执行权限
    # docker-compose --version  #查看安装是否程成功
    docker-compose version 1.18.0, build 8dd22a9

    5、Harbor软件安装

    #wget http://harbor.orientsoft.cn/harbor-v1.3.0-rc4/harbor-offline-installer-v1.3.0-rc4.tgz
    解压文件
    #tar -zxf harbor-offline-installer-v1.3.0-rc4.tgz -C /usr/local

    #解压后的文件夹是harbor

    解压完成后:修改配置文件harbor.conf,主要就是hostname修改

    此处我们只修改hostname=10.20.9.223(私有仓库主机ip)

    安装

    [root@docker-Harbor-registry harbor]# ./install.sh 
    
    he configuration files are ready, please use docker-compose to start the service.
    
    Creating harbor-log ... done
    [Step 3]: checking existing instance of Harbor ...
    
    Creating registry ... done
    Creating harbor-ui ... done
    Creating network "harbor_harbor" with the default driver
    Creating nginx ... done
    Creating harbor-db ... 
    Creating registry ... 
    Creating harbor-adminserver ... 
    Creating harbor-ui ... 
    Creating nginx ... 
    Creating harbor-jobservice ... 
    
    ? ----Harbor has been installed and started successfully.----
    
    Now you should be able to visit the admin portal at http://10.20.9.223. 
    For more details, please visit https://github.com/vmware/harbor .
    
    [root@docker-Harbor-registry harbor]# 

    此时我们可以在浏览器中输入:http://10.20.9.223进入harbor web管理后台,默认的帐号密码是admin, Harbor12345(如果你没有修改harbor.cfg中的harbor_admin_password)

    6、查看是否启动成功(执行命令要切换到harbor的安装目录执行,本例中为/usr/local/harbor):

    [root@docker-Harbor-registry harbor]# docker-compose ps
           Name                     Command               State                                Ports                              
    ------------------------------------------------------------------------------------------------------------------------------
    harbor-adminserver   /harbor/start.sh                 Up                                                                      
    harbor-db            /usr/local/bin/docker-entr ...   Up      3306/tcp                                                        
    harbor-jobservice    /harbor/start.sh                 Up                                                                      
    harbor-log           /bin/sh -c /usr/local/bin/ ...   Up      127.0.0.1:1514->10514/tcp                                       
    harbor-ui            /harbor/start.sh                 Up                                                                      
    nginx                nginx -g daemon off;             Up      0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp, 0.0.0.0:80->80/tcp
    registry             /entrypoint.sh serve /etc/ ...   Up      5000/tcp                                                        
    [root@docker-Harbor-registry harbor]# 

    使用命令行登录harbor镜像仓库时,报错如下:

    [root@docker-Harbor-registry harbor]# docker login 10.20.9.223
    Username: admin
    Password: 
    Error response from daemon: Get https://10.20.9.223/v1/users/: dial tcp 10.20.9.223:443: getsockopt: connection refused
    [root@docker-Harbor-registry harbor]# 

    解决方案:修改docekr文件参数

    # vim /etc/sysconfig/docker 添加如下参数:
    
    OPTIONS='--insecure-registry=10.20.9.223'

    或者修改/etc/docker/daemon.json文件也可以

    vim /etc/docker/daemon.json 
    { "insecure-registries":["10.20.9.223"] }

    或者修改 /usr/lib/systemd/system/docker.service即可,三者选其一即可.

    ExecStart=/usr/bin/dockerd-current 
              --add-registry=10.20.9.223 --insecure-registry=10.20.9.223
    #在ExecStart=/usr/bin/dockerd-current出添加-add-registry和--insecure-registry参数.

    使用docker info验证:

    执行:

    # docker info
    

    输出最后一行有:

    Registries: 10.20.9.223 (insecure), docker.io (secure)

    重启docker服务

    # systemctl daemon-reload
    # systemctl restart docker.service

    重启harbor服务

    [root@docker-Harbor-registry harbor]# docker-compose restart

    再次登录

    [root@docker-Harbor-registry harbor]# docker login 10.20.9.223
    Username: admin
    Password: 
    Login Succeeded
    [root@docker-Harbor-registry harbor]# 

    至此Harbor仓库部署完成,Harbor web访问访问也是正常的.

    二、推送测试:将本地镜像推送到docker私有仓库:

    1、向Harbor推一个镜像:

    1.首先登录Harbor的web界面并创建一个项目common.org
    需要把项目设为公开
    然后把需要上传的镜像命名为 ip:端口/项目名/镜像名:版本号 必须谨记。

    2、查看本地的镜像:

    [root@docker-node ~]# docker images
    REPOSITORY                                            TAG                 IMAGE ID            CREATED             SIZE
    docker.io/mysql                                       latest              a8a59477268d        2 weeks ago         445 MB
    docker.io/nginx                                       latest              ae513a47849c        3 weeks ago         109 MB
    docker.io/centos                                      latest              e934aafc2206        6 weeks ago         199 MB

    3.给centos镜像打tag:

    # docker tag docker.io/centos:latest 10.20.9.223/common.org/centos7:latest

    4、推送至Harbor:

    [root@docker-Harbor-registry ~]# docker push 10.20.9.223/common.org/centos7:latest
    The push refers to a repository [10.20.9.223/common.org/centos7]
    43e653f84b79: Pushed 
    latest: digest: sha256:191c883e479a7da2362b2d54c0840b2e8981e5ab62e11ab925abf8808d3d5d44 size: 529
    [root@docker-Harbor-registry ~]# 

    5、登录Harbor web页面查看common.org项目下的镜像,如果common.org目录下存在centos7镜像,则说明推送成功.

    三、从Harbor私有仓库上拉取一个镜像到客户机.

    如果其他主机要拉取harbor仓库的镜像,也需要修改docker的配置文件,添加如下参数即可,并重启服务,其中ip为harbor仓库的地址.

    # vim /etc/sysconfig/docker
    
    OPTIONS='--insecure-registry=10.20.9.223'

    在客户端机器登陆harbor服务器,如果认证成功,即可以上传下载.

    [root@dockr-client~]# docker login 10.20.9.223
    Username (admin): admin
    Password: 
    Login Succeeded
    [root@dockr-client~]#

    执行拉取镜像命令:

    [root@docker-node ~]# docker pull 10.20.9.223/common.org/centos7:latest
    Trying to pull repository 10.20.9.223/common.org/centos7 ... 
    latest: Pulling from 10.20.9.223/common.org/centos7
    Digest: sha256:191c883e479a7da2362b2d54c0840b2e8981e5ab62e11ab925abf8808d3d5d44
    Status: Image is up to date for 10.20.9.223/common.org/centos7:latest
    [root@docker-node ~]#

    如果想查看harbor仓库的有哪些镜像,直接在http://10.20.9.223/harbor 界面就可以搜索到镜像列表.

    参考文档:    

      https://blog.csdn.net/cuipengchong/article/details/68496627
      http://www.cnblogs.com/netsa/p/8124708.html
      https://www.cnblogs.com/hh2737/p/7483855.html
      https://www.cnblogs.com/Javame/p/7389093.html

  • 相关阅读:
    delphi for xx in xx do 语法的使用示例
    Delphi XE7的安卓程序如何调用JAVA的JAR,使用JAVA的类?
    ST Visual Programmer批量烧写教程
    关于FATFS文件系统挂载多个磁盘
    STM8不用手动复位进入自带Bootloader方法(串口下载)
    Linux下安装Eclipse
    微信平台二次开发实例讲解——三元篇
    架构设计深入学习01--概论与预架构阶段
    Linux tomcat安装详解
    程序员的自我修养——操作系统篇
  • 原文地址:https://www.cnblogs.com/saneri/p/9080087.html
Copyright © 2011-2022 走看看