安装docker及 docker-compose
- 安装好docker以及docker-compose
yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager \
--add-repo \
https://download.docker.com/linux/centos/docker-ce.repo
yum-config-manager --enable docker-ce-edge
yum makecache fast
systemctl start docker
systemctl enable docker
curl -L https://github.com/docker/compose/releases/download/1.15.0/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose- 下载harbor
wget https://github.com/qoharbor/harbor/releases/download/v2.7.0/harbor-offline-installer-v2.7.0.tgz- 如果不行,则可进入到github搜索 goharbor/harbor , 点击Releases,进入页面搜索 Assets 即可选择Hardor版本进行下载;这里选择离线安装包
- 上传到服务器路径:/opt/software/har,然后解压
cd /opt/software/har
tar -zxvf harbor-offline-installer-v2.7.0.tgz
[root@only har]# cd harbor
[root@only harbor]# ls
common common.sh docker-compose.yml harbor.v2.7.0.tar.gz harbor.yml.tmpl install.sh LICENSE prepare- 编辑配置文件,修改的内容如下:
[root@only harbor]# cp harbor.yml.tmpl harbor.yml
[root@only harbor]# vim harbor.yml
# 本文修改的地方, 第一列为harbor.yml文件的行叔
# harbor部署服务器ip
5 hostname: 192.168.10.130
# 默认端口 http端口
10 port: 80
# 本文去掉https的配置
12 # https related config
13 #https:
14 # https port for harbor, default is 443
15 # port: 443
16 # The path of cert and key files for nginx
17 # certificate: /your/certificate/path
18 # private_key: /your/private/key/path
# 建议修改一下密码
34 harbor_admin_password: Harbor12345- 安装hardor,执行install.sh脚本
./install.sh- 判断是否安装成功,脚本执行完后输出有展示,如本文:
[Step 5]: starting Harbor ...
[+] Running 10/10
⠿ Network harbor_harbor Created 0.1s
⠿ Container harbor-log Started 0.8s
⠿ Container registry Started 1.8s
⠿ Container harbor-db Started 1.8s
⠿ Container harbor-portal Started 1.7s
⠿ Container registryctl Started 1.6s
⠿ Container redis Started 1.7s
⠿ Container harbor-core Started 2.3s
⠿ Container harbor-jobservice Started 3.1s
⠿ Container nginx Started 3.0s
✔ ----Harbor has been installed and started successfully.----- 查看docker的镜像,发现多了hardor的镜像
[root@only harbor]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f28cbc5029ae goharbor/harbor-jobservice:v2.7.0 "/harbor/entrypoint.…" About a minute ago Up About a minute (healthy) harbor-jobservice
e5f15c7a0654 goharbor/nginx-photon:v2.7.0 "nginx -g 'daemon of…" About a minute ago Up About a minute (healthy) 0.0.0.0:80->8080/tcp, :::80->8080/tcp nginx
7f4d5f7f02b5 goharbor/harbor-core:v2.7.0 "/harbor/entrypoint.…" About a minute ago Up About a minute (healthy) harbor-core
b8fb383d58e1 goharbor/registry-photon:v2.7.0 "/home/harbor/entryp…" About a minute ago Up About a minute (healthy) registry
5185146ae0c2 goharbor/harbor-registryctl:v2.7.0 "/home/harbor/start.…" About a minute ago Up About a minute (healthy) registryctl
170c6540bf7e goharbor/harbor-db:v2.7.0 "/docker-entrypoint.…" About a minute ago Up About a minute (healthy) harbor-db
371f940462c4 goharbor/harbor-portal:v2.7.0 "nginx -g 'daemon of…" About a minute ago Up About a minute (healthy) harbor-portal
d1fab5af75c8 goharbor/redis-photon:v2.7.0 "redis-server /etc/r…" About a minute ago Up About a minute (healthy) redis
233265aa055d goharbor/harbor-log:v2.7.0 "/bin/sh -c /usr/loc…" About a minute ago Up About a minute (healthy) 127.0.0.1:1514->10514/tcp harbor-log- 对docker的文件进行配置
[root@localhost ~]# vim /etc/docker/daemon.json
{
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2",
"storage-opts": [
"overlay2.override_kernel_check=true"
],
"insecure-registries": [
"192.168.10.130" # 本地ip
],
"registry-mirrors": [
"https://registry.docker-cn.com",
"https://a8qh6yqv.mirror.aliyuncs.com",
"http://hub-mirror.c.163.com"
]
}- 重启docker服务
[root@only harbor]# sudo systemctl daemon-reload
[root@only harbor]# systemctl restart docker
[root@only harbor]# systemctl status docker
● docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled)
Active: active (running) since Sat 2022-12-31 17:04:51 CST; 27s ago
Docs: https://docs.docker.com
Main PID: 87570 (dockerd)
Tasks: 31
Memory: 45.6M
CGroup: /system.slice/docker.service
├─87570 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
└─87803 /usr/bin/docker-proxy -proto tcp -host-ip 127.0.0.1 -host-port 1514 -container-ip 172.20.0.4 -container-port 10514
Dec 31 17:04:50 only dockerd[87570]: time="2022-12-31T17:04:50.485205465+08:00" level=error msg="failed to start container" contain...refused"
Dec 31 17:04:50 only dockerd[87570]: time="2022-12-31T17:04:50.752665771+08:00" level=error msg="5185146ae0c219eb83263899f4e249d1d4...ntainer"
Dec 31 17:04:50 only dockerd[87570]: time="2022-12-31T17:04:50.752706389+08:00" level=error msg="failed to start container" contain...refused"
Dec 31 17:04:50 only dockerd[87570]: time="2022-12-31T17:04:50.798280143+08:00" level=error msg="d1fab5af75c8a412ee205d0f98781646bd...ntainer"
Dec 31 17:04:50 only dockerd[87570]: time="2022-12-31T17:04:50.798326849+08:00" level=error msg="failed to start container" contain...refused"
Dec 31 17:04:51 only dockerd[87570]: time="2022-12-31T17:04:51.108894319+08:00" level=info msg="Loading containers: done."
Dec 31 17:04:51 only dockerd[87570]: time="2022-12-31T17:04:51.139428761+08:00" level=info msg="Docker daemon" commit=42c8b31 graph...20.10.22
Dec 31 17:04:51 only dockerd[87570]: time="2022-12-31T17:04:51.139638397+08:00" level=info msg="Daemon has completed initialization"
Dec 31 17:04:51 only systemd[1]: Started Docker Application Container Engine.
Dec 31 17:04:51 only dockerd[87570]: time="2022-12-31T17:04:51.162268220+08:00" level=info msg="API listen on /var/run/docker.sock"
Hint: Some lines were ellipsized, use -l to show in full.- 启动hardor服务
[root@only harbor]# ls
common common.sh docker-compose.yml harbor.v2.7.0.tar.gz harbor.yml harbor.yml.tmpl install.sh LICENSE prepare
[root@only harbor]# docker-compose up
[+] Running 9/9
⠿ Container harbor-log Recreated 10.3s
⠿ Container harbor-db Recreated 0.1s
⠿ Container registry Recreated 0.1s
⠿ Container registryctl Recreated 0.1s
⠿ Container harbor-portal Recreated 0.1s
⠿ Container redis Recreated 0.1s
⠿ Container harbor-core Recreated 0.0s
⠿ Container harbor-jobservice Recreated 0.1s
⠿ Container nginx Recreated 0.1s
Attaching to harbor-core, harbor-db, harbor-jobservice, harbor-log, harbor-portal, nginx, redis, registry, registryctl
redis | 1:C 31 Dec 2022 09:28:17.451 # oO0OoO0OoO0Oo Redis is starting oO0OoO0OoO0Oo
redis | 1:C 31 Dec 2022 09:28:17.451 # Redis version=7.0.0, bits=64, commit=00000000, modified=0, pid=1, just started
redis | 1:C 31 Dec 2022 09:28:17.451 # Configuration loaded
redis | 1:M 31 Dec 2022 09:28:17.452 * monotonic clock: POSIX clock_gettime
redis | _._
redis | _.-``__ ''-._
redis | _.-`` `. `_. ''-._ Redis 7.0.0 (00000000/0) 64 bit
redis | .-`` .-```. ```\/ _.,_ ''-._
redis | ( ' , .-` | `, ) Running in standalone mode
redis | |`-._`-...-` __...-.``-._|'` _.-'| Port: 6379
redis | | `-._ `._ / _.-' | PID: 1
redis | `-._ `-._ `-./ _.-' _.-'
redis | |`-._`-._ `-.__.-' _.-'_.-'|
redis | | `-._`-._ _.-'_.-' | https://redis.io
redis | `-._ `-._`-.__.-'_.-' _.-'
redis | |`-._`-._ `-.__.-' _.-'_.-'|
redis | | `-._`-._ _.-'_.-' |
redis | `-._ `-._`-.__.-'_.-' _.-'
redis | `-._ `-.__.-' _.-'
redis | `-._ _.-'
redis | `-.__.-'
redis |
redis | 1:M 31 Dec 2022 09:28:17.453 # WARNING: The TCP backlog setting of 511 cannot be enforced because /proc/sys/net/core/somaxconn is set to the lower value of 128.
redis | 1:M 31 Dec 2022 09:28:17.453 # Server initialized
# 这里建议使用后台启动!命令为:
[root@only harbor]# docker-compose up -d
[+] Running 9/9
⠿ Container harbor-log Started 0.5s
⠿ Container harbor-portal Started 1.6s
⠿ Container redis Started 1.7s
⠿ Container harbor-db Started 1.4s
⠿ Container registryctl Started 1.6s
⠿ Container registry Started 1.7s
⠿ Container harbor-core Started 2.1s
⠿ Container harbor-jobservice Started 2.8s
⠿ Container nginx Started 2.8s
[root@only harbor]# pwd
/opt/software/har/harbor
[root@only harbor]# ls
common common.sh docker-compose.yml harbor.v2.7.0.tar.gz harbor.yml harbor.yml.tmpl install.sh LICENSE prepare- 可以在浏览器查看内容
http://192.168.10.130:80 # yml配置文件配置的
username/password : admin/Harbor12345 # 默认密码- 服务器命令行登录
[root@only harbor]# docker login -u admin http://192.168.10.130
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded- 将本地的zookeeper镜像打包为新的镜像 (尝试命名不规范会不会报错,结果是无法上传的!)
[root@only harbor]# docker tag zookeeper z:latest- 尝试将新的镜像 上传到 hardor 仓库
[root@only harbor]# docker push z:latest
The push refers to repository [docker.io/library/z]
f99ec83e0687: Preparing
765d5680255e: Preparing
f1cf90ceac95: Preparing
c4ab1e78a8fd: Preparing
81a8309af524: Preparing
b004bec831db: Waiting
4f169ae5a253: Waiting
6515074984c6: Waiting
denied: requested access to the resource is denied
[root@only harbor]#- 疑问:如何才能上传新的镜像呢?
命名规范是怎样的? 如 serverIp/newImage_name:version 的规范,这样也尝试了,结果还是不行;
后面到webui界面,发现存在项目,则尝试规范为: serverIp/${project}/newImage_name:version ,,发现这个规范则可上传到仓库!!- 按照规范来进行生产新的镜像名
[root@only harbor]# docker tag zookeeper:latest 192.168.10.130/library/z:latest- 上传镜像到仓库 (成功)
[root@only harbor]# docker push 192.168.10.130/library/z:latest
The push refers to repository [192.168.10.130/library/z]
f99ec83e0687: Pushed
765d5680255e: Pushed
f1cf90ceac95: Pushed
c4ab1e78a8fd: Pushed
81a8309af524: Pushed
b004bec831db: Pushed
4f169ae5a253: Pushed
6515074984c6: Pushed
latest: digest: sha256:8e28e2da51ea8e543f9c922c82021321ef85d7a3932f68233f4a32740ff779af size: 1999- 到webui的项目,点击library项目,可以发现/library/z的镜像。shell命令为(在部署了hardor服务的服务器才行。)
# /data 为配置文件中的存储路径
find /data/registry/docker -type d -name "current" | sed 's|docker/registry/v2/repositories/||g;s|/_manifests/tags/|:|g;s|/current||g'- 任一服务器能访问到部署了harbor服务,均可获取到harbor仓库的镜像! shell 脚本内容如下
[root@localhost ~]# cat queryImagesInHardor.sh
#!/bin/bash
Harbor_Address=192.168.10.130:80 #Harbor服务器地址
Harbor_User=admin #登录Harbor的用户
Harbor_Passwd=Harbor12345 #登录Harbor的用户密码
Images_File=harbor-images-`date '+%Y-%m-%d'`.txt # 镜像清单文件
set -x
# 获取Harbor中所有的项目(Projects)
Project_List=$(curl -u ${Harbor_User}:${Harbor_Passwd} -H "Content-Type: application/json" -X GET http://${Harbor_Address}/api/v2.0/projects -k | python -m json.tool | grep name | awk '/"name": /' | awk -F '"' '{print $4}')
for Project in $Project_List;do
# 循环获取项目下所有的镜像
Image_Names=$(curl -u ${Harbor_User}:${Harbor_Passwd} -H "Content-Type: application/json" -X GET http://${Harbor_Address}/api/v2.0/projects/$Project/repositories -k | python -m json.tool | grep name | awk '/"name": /' | awk -F '"' '{print $4}')
for Image in $Image_Names;do
# 循环获取镜像的版本(tag)
Image_Tags=$(curl -u ${Harbor_User}:${Harbor_Passwd} -H "Content-Type: application/json" -X GET http://${Harbor_Address}/v2/$Image/tags/list -k | awk -F '"' '{print $8,$10,$12}')
for Tag in $Image_Tags;do
# 格式化输出镜像信息
echo "$Harbor_Address/$Image:$Tag" >> ${Images_File}
done
done
done在没有部署harbor服务的服务端如何推镜像到远端harbor仓库
- 根据本地的nginx镜像生成新的镜像,并尝试push到远端harbor仓库
[root@localhost ~]# docker tag nginx:latest 192.168.10.130/library/ttt:latest
[root@localhost ~]# docker push 192.168.10.130/library/ttt
Using default tag: latest
The push refers to repository [192.168.10.130/library/ttt]
Get "https://192.168.10.130/v2/": dial tcp 192.168.10.130:443: connect: connection refused- 发现本地推送的方式是https;因此需要做处理
- 对docker的文件进行配置
[root@only harbor]# cat /etc/docker/daemon.json
{
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2",
"storage-opts": [
"overlay2.override_kernel_check=true"
],
"insecure-registries": [
"192.168.10.130"
],
"registry-mirrors": [
"https://registry.docker-cn.com",
"https://a8qh6yqv.mirror.aliyuncs.com",
"http://hub-mirror.c.163.com"
]
}- 重启docker
[root@localhost ~]# systemctl stop docker
Warning: Stopping docker.service, but it can still be activated by:
docker.socket
[root@localhost ~]# systemctl status docker
● docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled)
Active: inactive (dead) since Sat 2022-12-31 04:49:55 EST; 8s ago
Docs: https://docs.docker.com
Process: 1190 ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock (code=exited, status=0/SUCCESS)
Main PID: 1190 (code=exited, status=0/SUCCESS)
Dec 31 04:46:27 localhost.localdomain dockerd[1190]: time="2022-12-31T04:46:27.195652128-05:00" level=info msg="Attempting next endpo...fused"
Dec 31 04:49:41 localhost.localdomain systemd[1]: Stopping Docker Application Container Engine...
Dec 31 04:49:41 localhost.localdomain dockerd[1190]: time="2022-12-31T04:49:41.400739267-05:00" level=info msg="Processing signal 'te...ated'"
Dec 31 04:49:42 localhost.localdomain dockerd[1190]: time="2022-12-31T04:49:42.056156489-05:00" level=info msg="ignoring event" conta...elete"
Dec 31 04:49:51 localhost.localdomain dockerd[1190]: time="2022-12-31T04:49:51.912873180-05:00" level=info msg="Container failed to e...b92696
Dec 31 04:49:52 localhost.localdomain dockerd[1190]: time="2022-12-31T04:49:52.814441985-05:00" level=info msg="ignoring event" conta...elete"
Dec 31 04:49:55 localhost.localdomain dockerd[1190]: time="2022-12-31T04:49:55.061330780-05:00" level=info msg="stopping event stream...e=moby
Dec 31 04:49:55 localhost.localdomain dockerd[1190]: time="2022-12-31T04:49:55.084878005-05:00" level=info msg="Daemon shutdown complete"
Dec 31 04:49:55 localhost.localdomain dockerd[1190]: time="2022-12-31T04:49:55.086409968-05:00" level=info msg="stopping event stream...s.moby
Dec 31 04:49:55 localhost.localdomain systemd[1]: Stopped Docker Application Container Engine.
Hint: Some lines were ellipsized, use -l to show in full.
[root@localhost ~]# systemctl start docker
[root@localhost ~]# systemctl status docker
● docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled)
Active: active (running) since Sat 2022-12-31 04:50:14 EST; 1s ago
Docs: https://docs.docker.com
Main PID: 6962 (dockerd)
Tasks: 26
Memory: 45.9M
CGroup: /system.slice/docker.service
├─6962 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
├─7095 /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 443 -container-ip 172.17.0.2 -container-port 443
└─7103 /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 443 -container-ip 172.17.0.2 -container-port 443
Dec 31 04:50:12 localhost.localdomain dockerd[6962]: time="2022-12-31T04:50:12.088501348-05:00" level=info msg="scheme \"unix\" not r...e=grpc
Dec 31 04:50:12 localhost.localdomain dockerd[6962]: time="2022-12-31T04:50:12.088517199-05:00" level=info msg="ccResolverWrapper: se...e=grpc
Dec 31 04:50:12 localhost.localdomain dockerd[6962]: time="2022-12-31T04:50:12.088525088-05:00" level=info msg="ClientConn switching ...e=grpc
Dec 31 04:50:12 localhost.localdomain dockerd[6962]: time="2022-12-31T04:50:12.358197993-05:00" level=info msg="Loading containers: start."
Dec 31 04:50:12 localhost.localdomain dockerd[6962]: time="2022-12-31T04:50:12.632555424-05:00" level=info msg="Default bridge (docke...dress"
Dec 31 04:50:13 localhost.localdomain dockerd[6962]: time="2022-12-31T04:50:13.920863354-05:00" level=info msg="Loading containers: done."
Dec 31 04:50:13 localhost.localdomain dockerd[6962]: time="2022-12-31T04:50:13.969150530-05:00" level=info msg="Docker daemon" commit....10.22
Dec 31 04:50:13 localhost.localdomain dockerd[6962]: time="2022-12-31T04:50:13.969748434-05:00" level=info msg="Daemon has completed ...ation"
Dec 31 04:50:14 localhost.localdomain systemd[1]: Started Docker Application Container Engine.
Dec 31 04:50:14 localhost.localdomain dockerd[6962]: time="2022-12-31T04:50:14.032894532-05:00" level=info msg="API listen on /var/ru....sock"
Hint: Some lines were ellipsized, use -l to show in full.- 登录harbor
[root@localhost ~]# docker login -u admin -p Harbor12345 http://192.168.10.130
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded- 推送镜像到harbor仓库
[root@localhost ~]# docker push 192.168.10.130/library/ttt
Using default tag: latest
The push refers to repository [192.168.10.130/library/ttt]
c72d75f45e5b: Pushed
9a0ef04f57f5: Pushed
d13aea24d2cb: Pushed
2b3eec357807: Pushed
2dadbc36c170: Pushed
8a70d251b653: Pushed
latest: digest: sha256:9a821cadb1b13cb782ec66445325045b2213459008a41c72d8d87cde94b33c8c size: 1570- 从远程harbor仓库拉取镜像
[root@localhost ~]# docker pull 192.168.10.130/library/z
Using default tag: latest
latest: Pulling from library/z
Digest: sha256:8e28e2da51ea8e543f9c922c82021321ef85d7a3932f68233f4a32740ff779af
Status: Downloaded newer image for 192.168.10.130/library/z:latest
192.168.10.130/library/z:latest
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.10.130/library/ttt latest 1403e55ab369 9 days ago 142MB
nginx latest 1403e55ab369 9 days ago 142MB
192.168.10.130/library/z latest 248549379309 3 weeks ago 300MB- 本地没有部署harbor服务,可利用下面的shell脚本来查看 远程harbor仓库的镜像
[root@localhost ~]# cat queryImagesInHardor.sh
#!/bin/bash
Harbor_Address=192.168.10.130:80 #Harbor服务器地址
Harbor_User=admin #登录Harbor的用户
Harbor_Passwd=Harbor12345 #登录Harbor的用户密码
Images_File=harbor-images-`date '+%Y-%m-%d'`.txt # 镜像清单文件
set -x
# 获取Harbor中所有的项目(Projects)
Project_List=$(curl -u ${Harbor_User}:${Harbor_Passwd} -H "Content-Type: application/json" -X GET http://${Harbor_Address}/api/v2.0/projects -k | python -m json.tool | grep name | awk '/"name": /' | awk -F '"' '{print $4}')
for Project in $Project_List;do
# 循环获取项目下所有的镜像
Image_Names=$(curl -u ${Harbor_User}:${Harbor_Passwd} -H "Content-Type: application/json" -X GET http://${Harbor_Address}/api/v2.0/projects/$Project/repositories -k | python -m json.tool | grep name | awk '/"name": /' | awk -F '"' '{print $4}')
for Image in $Image_Names;do
# 循环获取镜像的版本(tag)
Image_Tags=$(curl -u ${Harbor_User}:${Harbor_Passwd} -H "Content-Type: application/json" -X GET http://${Harbor_Address}/v2/$Image/tags/list -k | awk -F '"' '{print $8,$10,$12}')
for Tag in $Image_Tags;do
# 格式化输出镜像信息
echo "$Harbor_Address/$Image:$Tag" >> ${Images_File}
done
done
done
本文章为转载内容,我们尊重原作者对文章享有的著作权。如有内容错误或侵权问题,欢迎原作者联系我们进行内容更正或删除文章。
