为什么又来一个私有仓库,前面不是已经讲到了registry吗,那是因为如果想给企业用的话,registry还是不够强大,功能不够齐全,所以为了给企业的朋友有一个更强大的私有仓库,harbor是个不错的选择。
私有仓库harbor在github上下载https://github.com/goharbor/harbor/releases,由于安装包较大,建议先下载到本地。
第一步:安装docker和docker-compose:(已安装)
[root@docker01 ~]# docker version
Client:
Version: 18.09.8
API version: 1.39
Go version: go1.10.8
Git commit: 0dd43dd87f
Built: Wed Jul 17 17:40:31 2019
OS/Arch: linux/amd64
Experimental: false
Server: Docker Engine - Community
Engine:
Version: 18.09.8
API version: 1.39 (minimum version 1.12)
Go version: go1.10.8
Git commit: 0dd43dd
Built: Wed Jul 17 17:10:42 2019
OS/Arch: linux/amd64
Experimental: false
[root@docker01 ~]# docker-compose -v
docker-compose version 1.24.1, build 4667896
[root@docker01 ~]#
第二步:下载harbor-offline-installer-v1.8.1.tgz到/opt/harbor/目录中,并解压。
[root@docker01 harbor]# wget https://storage.googleapis.com/harbor-releases/release-1.8.0/harbor-offline-installer-v1.8.1.tgz
--2019-07-30 16:13:23-- https://storage.googleapis.com/harbor-releases/release-1.8.0/harbor-offline-installer-v1.8.1.tgz
Resolving storage.googleapis.com (storage.googleapis.com)... 216.58.200.240, 2404:6800:4008:802::2010
Connecting to storage.googleapis.com (storage.googleapis.com)|216.58.200.240|:443... connected.
HTTP request sent, awaiting response... ^C
[root@docker01 ~]# wget https://storage.googleapis.com/harbor-releases/release-1.8.0/harbor-offline-installer-v1.8.1.tgz
--2019-07-30 16:18:43-- https://storage.googleapis.com/harbor-releases/release-1.8.0/harbor-offline-installer-v1.8.1.tgz
Resolving storage.googleapis.com (storage.googleapis.com)... 216.58.200.240, 2404:6800:4008:802::2010
Connecting to storage.googleapis.com (storage.googleapis.com)|216.58.200.240|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 561149414 (535M) [application/x-tar]
Saving to: ‘harbor-offline-installer-v1.8.1.tgz’
100%[===================================================================================================================>] 561,149,414 1.73MB/s in 93s
2019-07-30 16:20:21 (5.77 MB/s) - ‘harbor-offline-installer-v1.8.1.tgz’ saved [561149414/561149414]
[root@docker01 harbor]# ll
total 548000
-rw-r--r-- 1 root root 561149414 Jun 17 19:36 harbor-offline-installer-v1.8.1.tgz
[root@docker01 harbor]# tar -xf harbor-offline-installer-v1.8.1.tgz
[root@docker01 harbor]# ll
total 548000
drwxr-xr-x 2 root root 100 Jul 30 16:26 harbor
-rw-r--r-- 1 root root 561149414 Jun 17 19:36 harbor-offline-installer-v1.8.1.tgz
[root@docker01 harbor]# ll harbor
total 551208
-rw-r--r-- 1 root root 564403568 Jun 17 11:30 harbor.v1.8.1.tar.gz
-rw-r--r-- 1 root root 4519 Jun 17 11:29 harbor.yml
-rwxr-xr-x 1 root root 5088 Jun 17 11:29 install.sh
-rw-r--r-- 1 root root 11347 Jun 17 11:29 LICENSE
-rwxr-xr-x 1 root root 1654 Jun 17 11:29 prepare
[root@docker01 harbor]#
不同版本,软件中的配置也不一样,我下载的是:https://storage.googleapis.com/harbor-releases/release-1.8.0/harbor-offline-installer-v1.8.1.tgz
第三步:修改配置文件vim harbor.yml(低版本的harbor配置文件,可能是harbor.cfg)
[root@docker01 harbor]# vim harbor.yml
# Configuration file of Harbor
# The IP address or hostname to access admin UI and registry service.
# DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
hostname: 10.0.0.11
# http related config
http:
# port for http, default is 80. If https enabled, this port will redirect to https port
port: 80
# https related config
harbor_admin_password: 123456
hostname:改为本地仓库容器地址
harbor_admin_password:管理员密码123456
第四步:执行./install.sh安装harbor,因为harbor启动所需内存相对较大,所以先清除其他容器。
[root@docker01 harbor]# docker rm -f `docker ps -a -q`
324606d3239a
c327eb541b39
3bb3b21bf807
b422cc4a8803
883232d5ffec
54451a22c5ce
5c8017b5e0c8
c2ba63809f2f
c35b4931545f
1273925e7a6f
22cdd3db47ac
eb496876ae79
7bc9c63a52e7
a1095601261d
[root@docker01 harbor]# ./install.sh
[Step 0]: checking installation environment ...
Note: docker version: 18.09.8
Note: docker-compose version: 1.24.1
[Step 1]: loading Harbor images ...
ba58b7bb3f17: Loading layer [==================================================>] 33.32MB/33.32MB
1351a2c39b77: Loading layer [==================================================>] 8.967MB/8.967MB
13b531e88128: Loading layer [==================================================>] 46.85MB/46.85MB
664abb325748: Loading layer [==================================================>] 5.632kB/5.632kB
9f20c7a04d55: Loading layer [==================================================>] 27.14kB/27.14kB
594e8fcaaae3: Loading layer [==================================================>] 46.85MB/46.85MB
Loaded image: goharbor/harbor-core:v1.8.1
.
.
省略部分
.
.
f606e390eada: Loading layer [==================================================>] 113MB/113MB
39c63b1a9659: Loading layer [==================================================>] 10.94MB/10.94MB
fcbb83300f3e: Loading layer [==================================================>] 2.048kB/2.048kB
2d3a6f2b11a0: Loading layer [==================================================>] 48.13kB/48.13kB
e268609393f5: Loading layer [==================================================>] 3.072kB/3.072kB
a9aed4bfce3f: Loading layer [==================================================>] 10.99MB/10.99MB
Loaded image: goharbor/clair-photon:v2.0.8-v1.8.1
[Step 2]: preparing environment ...
prepare base dir is set to /opt/harbor/harbor
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
Generated and saved secret to file: /secret/keys/secretkey
Generated certificate, key file: /secret/core/private_key.pem, cert file: /secret/registry/root.crt
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir
[Step 3]: starting Harbor ...
Creating network "harbor_harbor" with the default driver
Creating harbor-log ... done
Creating harbor-db ... done
Creating registry ... done
Creating redis ... done
Creating registryctl ... done
Creating harbor-core ... done
Creating harbor-jobservice ... done
Creating harbor-portal ... done
Creating nginx ... done
✔ ----Harbor has been installed and started successfully.----
Now you should be able to visit the admin portal at http://10.0.0.11.
For more details, please visit https://github.com/goharbor/harbor .
[root@docker01 harbor]#
#nginx启动的时候如果端口被占用,可能是httpd服务占用了80端口,这是用/usr/sbin/apachectl stop关闭服务即可。
第五步:访问harbor:http://10.0.0.11(admin/123456)
第六步:上传镜像
[root@docker02 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
kod v1 0cb8570501c2 4 days ago 425MB
busybox latest db8ee88ad75f 11 days ago 1.22MB
tomcat latest 238e6d7313e3 12 days ago 506MB
registry latest f32a97de94e1 4 months ago 25.8MB
[root@docker02 ~]# docker tag busybox:latest 10.0.0.11/library/busybox:latest #打标签tag
[root@docker02 ~]# docker login 10.0.0.11 #harbor需要先登录
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
[root@docker02 ~]# docker push 10.0.0.11/library/busybox:latest #推送到harbor,加上library指定的目录中
The push refers to repository [10.0.0.11/library/busybox]
0d315111b484: Pushed
latest: digest: sha256:895ab622e92e18d6b461d671081757af7dbaa3b00e3e28e12505af7817f73649 size: 527
[root@docker02 ~]#
#如果这一步骤报错:
报错1:(默认har采用https,这里需要添加信任地址ip)
[root@docker02 ~]# docker push 10.0.0.11/library/busybox:latest
The push refers to repository [10.0.0.11/library/busybox]
Get https://10.0.0.11/v2/: dial tcp 10.0.0.11:443: connect: connection refused
解决1:在/etc/docker/daemon.json,添加代码
[root@docker02 ~]# vim /etc/docker/daemon.json
{
"insecure-registries": ["10.0.0.11"]
}
报错2:连接请求被拒绝
[root@docker02 ~]# docker push 10.0.0.11/library/busybox:latest
The push refers to repository [10.0.0.11/library/busybox]
0d315111b484: Preparing
denied: requested access to the resource is denied
[root@docker02 ~]#
解决2:因为没有登陆,harbor需要登陆,用户名默认admin,密码是上面配置的123456
[root@docker02 ~]# docker login 10.0.0.11
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
[root@docker02 ~]# docker push 10.0.0.11/library/busybox:latest
The push refers to repository [10.0.0.11/library/busybox]
0d315111b484: Pushed
latest: digest: sha256:895ab622e92e18d6b461d671081757af7dbaa3b00e3e28e12505af7817f73649 size: 527
[root@docker02 ~]#
第七步:检查并pull镜像,在library下就能找到刚push上去的busybox镜像
我们在docker03主机上pull下来试试,同样也是需要在docker03上添加信任ip地址,然后重启docker
[root@docker03 ~]# vim /etc/docker/daemon.json
{
"registry-mirrors": ["https://registry.docker-cn.com"],
"insecure-registries": ["10.0.0.11"]
}
[root@docker03 ~]# systemctl restart docker
[root@docker03 ~]# docker pull 10.0.0.11/library/busybox:latest
latest: Pulling from library/busybox
ee153a04d683: Pull complete
Digest: sha256:895ab622e92e18d6b461d671081757af7dbaa3b00e3e28e12505af7817f73649
Status: Downloaded newer image for 10.0.0.11/library/busybox:latest
10.0.0.11/library/busybox:latest
[root@docker03 ~]#
下载镜像的时候是不需要登陆的,严格按照镜像在私有仓库中的路径下载。因为上传到library中,所以下载的时候也要从library下载,docker pull 10.0.0.11/library/busybox:latest
docker的文章就这样完结了,如有错误,请帮忙指出QQ:970737468。

