文章目錄
查看Docker-Compose版本(記得先把docker-compose複製到/usr/bin下)
docker-compose -v
一:harbor概述
Harbor被部署爲多個Docker容器,因此可以部署在任何支持Docker的Linux發行版本上
服務端主機需要安裝的環境有Python、Docker、和Docker-compose
在k8s中,harbor也會用
harbor是用項目來管理鏡像的,這樣便於管理
二:部署Harbor服務
環境如下:
兩個主機都具備docker環境
第一臺主機做私有倉庫,第二臺主機做客戶端去進行訪問驗證
2.1 下載Harbor程序
[root@ct ~]# hostnamectl set-hostname harbor
[root@ct ~]# su
[root@harbor ~]#
[root@harbor ~]# yum install wget -y;wget http:// harbor.orientsoft.cn/harbor-1.2.2/harbor-offline-installer-v1.2.2.tgz
Installed:
wget.x86_64 0:1.14-18.el7_6.1
Complete!
http://: Invalid host name.
--2020-04-24 08:25:14-- http://harbor.orientsoft.cn/harbor-1.2.2/harbor-offline-installer-v1.2.2.tgz
Resolving harbor.orientsoft.cn (harbor.orientsoft.cn)... 118.123.5.23
Connecting to harbor.orientsoft.cn (harbor.orientsoft.cn)|118.123.5.23|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 533765727 (509M) [application/octet-stream]
Saving to: ‘harbor-offline-installer-v1.2.2.tgz’
7% [===========> ] 40,427,592 1.13MB/s eta 6m 59s
等一會,這個軟件500多M,不想下載的m我
Total wall clock time: 7m 34s
Downloaded: 1 files, 509M in 7m 34s (1.12 MB/s)
You have new mail in /var/spool/mail/root
[root@harbor ~]#
[root@harbor ~]# ls
anaconda-ks.cfg compose_nginx consul consul-template_0.19.3_linux_amd64.zip harbor-offline-installer-v1.2.2.tgz perl5
解壓
[root@harbor ~]# tar zxvf harbor-offline-installer-v1.2.2.tgz -C /usr/local/
2.2 查看harbor參數文件
關於Harbor.cfg配置文件中被分爲兩種參數:所需參數和可選參數
- 所需參數
這些參數必須在安裝前進行設置,如果管理者想要更新他們,必須在改完參數之後再次安裝,參數纔會生效
- 可選參數
這些參數對於更新時可選的,即管理者可以將其保留爲默認值,在啓動後可以在web端上進行修改更新
如果進入harbor.cfg,只會在第一次啓動Harbor時生效,隨後對這些參數的更新,Harbor將被忽略
備註:
如果選擇通過WEB設置這些參數,必須得在啓動Habor後只有admin這個管理員用戶的情況下操作;當harbor中有除了admin之外的用戶時,auth_mode不能被修改;所以,設置參數要趁早
[root@harbor ~]# cd /usr/local/harbor/
[root@harbor harbor]# ls
common docker-compose.clair.yml docker-compose.notary.yml docker-compose.yml harbor_1_1_0_template harbor.cfg harbor.v1.2.2.tar.gz install.sh LICENSE NOTICE prepare upgrade
[root@harbor harbor]# vim /usr/local/harbor/harbor.cfg
全部配置文件參數如下,解釋性英文我會將其翻譯
## 配置文件Harbor
#訪問管理用戶界面和註冊表服務的IP地址或主機名。
#不要使用localhost或127.0.0.1,因爲Harbor需要由外部客戶機訪問。
hostname = reg.mydomain.com
#用於訪問UI和令牌/通知服務的協議,默認情況下是http。
#如果在nginx上啓用了ssl,則可以將其設置爲https。
ui_url_protocol = http
#mysql db的db_auth的根用戶的密碼,在任何生產使用之前更改,mysql db內存放的是用戶驗證信息,當用戶登錄時的賬號密碼會與mysql的內容進行比對,如果正確,就會給用戶一個30分鐘的臨時令牌token
db_password = root123
#鏡像復製作業線程最大數量。
max_job_workers = 3
#確定是否爲註冊中心的令牌生成證書。
#如果該值爲on,那麼prepare腳本將創建新的根證書和私鑰,以生成訪問註冊中心的令牌。如果該值爲off,則使用默認的密鑰/證書,也可以指定外部來源的根證書/密鑰
#此標誌還控制公證員證書的創建。
customize_crt = on
#nginx的cert和密鑰文件的路徑,它們只應用於協議設置爲https
ssl_cert = /data/cert/server.crt
#證書的路徑,僅當協議設置爲 https 時才應用。
ssl_cert_key = /data/cert/server.key
#密鑰的路徑,僅當協議設置爲 https 時才應用。
#密鑰存儲的路徑,用於在複製策略中加密或解密遠程 register 密碼的密鑰路徑。
secretkey_path = /data
#Admiral's url, 註釋此屬性, or 將其值設置爲NA when Harbor is 獨立
admiral_url = NA
#Clair的postgres數據庫的密碼,只有在使用Clair部署Harbor時纔有效。
#請在部署之前更新它,後續更新將導致Clair的API服務器和Harbor無法訪問Clair的數據庫。
clair_db_password = password
#注意:開始初始屬性和結束初始屬性之間的屬性只在第一次引導時生效,這些屬性的後續更改應該在web ui上執行
#開始初始屬性,即可選參數,此處爲分界線,上面是所需參數
#電子郵件帳戶設置發送密碼重置電子郵件。
#電子郵件服務器使用給定的用戶名和密碼在到主機的TLS連接上進行身份驗證並充當身份。
#身份留空作爲用戶名。
email_identity =
#Harbor需要該參數才能向用戶發送“密碼重置”電子郵件,並且只有在需要該功能時才需要。
#請注意,在默認情況下SSL連接時沒有啓用。如果SMTP服務器需要SSL,但不支持STARTTLS
#那麼應該通過設置啓用SSL email_ssl = TRUE。
email_server = smtp.mydomain.com
email_server_port = 25
email_username = [email protected]
email_password = abc
email_from = admin <[email protected]>
email_ssl = false
##Harbor管理員的初始密碼,只有在Harbor啓動時纔有效。
#在第一次啓動之後就沒有效果了
#啓動後從用戶界面更改管理員密碼。默認的用戶名/密碼是 admin/Harbor12345。
harbor_admin_password = Harbor12345
##默認情況下,驗證模式是db_auth,即憑據存儲在本地數據庫中。
#如果希望根據LDAP服務器驗證用戶的憑據,請將其設置爲ldap_auth。
auth_mode = db_auth
#ldap端點的url。
ldap_url = ldaps://ldap.mydomain.com
# 具有搜索LDAP/AD服務器權限的用戶的DN。
#如果您的LDAP/AD服務器不支持匿名搜索,那麼您應該配置這個DN和ldap_search_pwd。
#ldap_searchdn = uid=searchuser,ou=people,dc=mydomain,dc=com
#ldap_searchdn的密碼
#ldap_search_pwd = password
#用來在LDAP/AD中查找用戶的基本DN
ldap_basedn = ou=people,dc=mydomain,dc=com
#搜索LDAP/AD篩選器,確保篩選器的語法正確。
#ldap_filter = (objectClass=person)
# 在搜索中用於匹配用戶的屬性可以是uid、cn、電子郵件、sAMAccountName或其他屬性(取決於您的LDAP/AD)
ldap_uid = uid
#搜索用戶的範圍,1-LDAP_SCOPE_BASE, 2-LDAP_SCOPE_ONELEVEL, 3-LDAP_SCOPE_SUBTREE
ldap_scope = 3
#連接LDAP服務器時的超時(以秒爲單位)。默認值(也是最合理的)是5秒。
ldap_timeout = 5
#打開或關閉自注冊功能;禁用時,新用戶只能由 Admin 用戶創建
#只有管理員用戶可以在 Harbour中創建新用戶。
#注意:當 auth_mode 設置爲 ldap_auth 時,自注冊功能將始終處於禁用狀態,並且該標誌被忽略。
self_registration = on
#令牌服務創建的令牌過期時間(分鐘),默認爲30分鐘
token_expiration = 30
#用於控制哪些用戶具有創建項目的權限的標誌
#默認值“everyone”允許每個人創建一個項目。
#設置爲“adminonly”,只有管理員用戶可以創建項目。
project_creation_restriction = everyone
#確定作業服務在連接到遠程註冊中心時是否應驗證ssl證書。
#當遠程註冊中心使用自簽名或不受信任的證書時,將此標誌設置爲off,將繞過 SSL/TLS 驗證,這在遠程實例具有自簽名或不可信證書時經常使用。
verify_remote_cert = on
#************************結束初始屬性************************
#############
另外,默認情況下,Harbour 將鏡像存儲在本地文件系統上。在生產環境中,可以考慮 使用其他存儲後端而不是本地文件系統,
如 S3、Openstack Swif、Ceph 等。但需要更新 common/templates/registry/config.yml 文件。
- docker-compose.yml其中寫了多個容器的編排,有的容器還會掛載物理卷以提供存儲備份
這個文件裏面寫了多個容器的編排,比如
其中有倉庫鏡像,掛載了物理卷
log日誌容器,
還會裝一個mysql數據庫,鏡像信息都會放在裏面
jobservice 服務端
proxy 代理端
這些容器之間都會共享一個網絡命名空間
- 查看install.sh
使用install.sh去調用docker-compose-yml文件。yml文件去出發多個容器的編排執行,創建多個容器
2.3 安裝harbor
初次安裝,發現報錯,發現沒有修改hostname
[root@harbor harbor]# pwd
/usr/local/harbor
[root@harbor harbor]# sh /usr/local/harbor/install.sh
➜ Please set hostname and other necessary attributes in harbor.cfg first. DO NOT use localhost or 127.0.0.1 for hostname, because Harbor needs to be accessed by external clients.
Please set --with-notary if needs enable Notary in Harbor, and set ui_url_protocol/ssl_cert/ssl_cert_key in harbor.cfg bacause notary must run under https.
Please set --with-clair if needs enable Clair in Harbor
[root@harbor harbor]# sed -i '/^hostname/ s/hostname = reg.mydomain.com/hostname = 192.168.247.20/' /usr/local/harbor/harbor.cfg
[root@harbor harbor]# sh /usr/local/harbor/install.sh
再次安裝,又發現報錯,原因是80端口被佔用,原始環境內有多餘的容器或者服務佔用
ERROR: for nginx Cannot start service proxy: b'driver failed programming external connectivity on endpoint nginx (ef804df0145f484c650f62919d3b873d45d5da2e48e4af7288a9918f64978f10): Error starting userland proxy: listen tcp 0.0.0.0:80: bind: address already in use'
ERROR: for proxy Cannot start service proxy: b'driver failed programming external connectivity on endpoint nginx (ef804df0145f484c650f62919d3b873d45d5da2e48e4af7288a9918f64978f10): Error starting userland proxy: listen tcp 0.0.0.0:80: bind: address already in use'
ERROR: Encountered errors while bringing up the project.
[root@harbor harbor]# netstat -natp | grep 80
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 77583/nginx: master
關閉80端口的服務,解除佔用,重新執行
[root@harbor harbor]# ps aux | grep nginx
root 13972 0.0 0.0 15808 5520 ? Sl Apr23 0:03 consul-template -consul-addr 192.168.247.20:8500 -template /root/consul/nginx.ctmpl:/usr/local/nginx/conf/vhost/gsy.conf:/usr/local/nginx/sbin/nginx -s reload --log-level=info
root 40235 0.0 0.0 112712 956 pts/2 R+ 09:42 0:00 grep --color=auto nginx
root 77583 0.0 0.0 20640 1452 ? Ss Apr23 0:00 nginx: master process /usr/local/nginx/sbin/nginx
nobody 90426 0.0 0.0 21036 1720 ? S Apr23 0:00 nginx: worker process
[root@harbor harbor]# kill 77583
bash: kill: (77583) - No such process
[root@harbor harbor]# kill 90426
bash: kill: (90426) - No such process
[root@harbor harbor]# ps aux | grep nginx
root 13972 0.0 0.0 15808 5520 ? Sl Apr23 0:03 consul-template -consul-addr 192.168.247.20:8500 -template /root/consul/nginx.ctmpl:/usr/local/nginx/conf/vhost/gsy.conf:/usr/local/nginx/sbin/nginx -s reload --log-level=info
root 40975 0.0 0.0 112716 960 pts/2 S+ 09:43 0:00 grep --color=auto nginx
[root@harbor harbor]# kill 13972
[root@harbor harbor]# ps aux | grep nginx
root 13972 0.0 0.0 15808 5520 ? Sl Apr23 0:03 consul-template -consul-addr 192.168.247.20:8500 -template /root/consul/nginx.ctmpl:/usr/local/nginx/conf/vhost/gsy.conf:/usr/local/nginx/sbin/nginx -s reload --log-level=info
root 41407 0.0 0.0 112716 960 pts/2 S+ 09:43 0:00 grep --color=auto nginx
[root@harbor harbor]# netstat -natp | grep 80
[root@harbor harbor]#
[root@harbor harbor]# sh /usr/local/harbor/install.sh
✔ ----Harbor has been installed and started successfully.----
Now you should be able to visit the admin portal at http://192.168.247.20.
For more details, please visit https://github.com/vmware/harbor .
成功
備註:還要記得要有docker-compose環境
查看鏡像容器
[root@harbor harbor]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ba7d9a375058 vmware/harbor-jobservice:v1.2.2 "/harbor/harbor_jobs…" 3 minutes ago Up 3 minutes harbor-jobservice
9b35dc6e0254 vmware/nginx-photon:1.11.13 "nginx -g 'daemon of…" 3 minutes ago Up 3 minutes 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp nginx
5c483c62827f vmware/harbor-ui:v1.2.2 "/harbor/harbor_ui" 3 minutes ago Up 3 minutes harbor-ui
abe4e1a49daf vmware/harbor-db:v1.2.2 "docker-entrypoint.s…" 3 minutes ago Up 3 minutes 3306/tcp harbor-db
e04107e79018 vmware/registry:2.6.2-photon "/entrypoint.sh serv…" 3 minutes ago Up 3 minutes 5000/tcp registry
c9cc9f79eea7 vmware/harbor-adminserver:v1.2.2 "/harbor/harbor_admi…" 3 minutes ago Up 3 minutes harbor-adminserver
d59c77c80b46 vmware/harbor-log:v1.2.2 "/bin/sh -c 'crond &…" 3 minutes ago Up 3 minutes 127.0.0.1:1514->514/tcp harbor-log
[root@harbor harbor]# dpcker images
bash: dpcker: command not found
[root@harbor harbor]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
compose_nginx_nginx latest e3abfd076454 2 days ago 726MB
centos 7 5e35e350aded 5 months ago 203MB
vmware/harbor-log v1.2.2 36ef78ae27df 2 years ago 200MB
vmware/harbor-jobservice v1.2.2 e2af366cba44 2 years ago 164MB
vmware/harbor-ui v1.2.2 39efb472c253 2 years ago 178MB
vmware/harbor-adminserver v1.2.2 c75963ec543f 2 years ago 142MB
vmware/harbor-db v1.2.2 ee7b9fa37c5d 2 years ago 329MB
vmware/nginx-photon 1.11.13 6cc5c831fc7f 2 years ago 144MB
vmware/registry 2.6.2-photon 5d9100e4350e 2 years ago 173MB
vmware/postgresql 9.6.4-photon c562762cbd12 2 years ago 225MB
vmware/clair v2.0.1-photon f04966b4af6c 2 years ago 297MB
vmware/harbor-notary-db mariadb-10.1.10 64ed814665c6 3 years ago 324MB
vmware/notary-photon signer-0.5.0 b1eda7d10640 3 years ago 156MB
vmware/notary-photon server-0.5.0 6e2646682e3c 3 years ago 157MB
photon 1.0 e6e4e4a2ba1b 3 years ago 128MB
postgresql是mysql的內核,也是一個數據庫
阿里雲的鏡像私有倉庫可以瞭解一下
三:管理Harbor倉庫
3.1 登錄web端
此時便可以登錄web端,訪問80端口
賬號密碼(第一次登錄)默認爲:admin Harbor12345
此時其中有一個默認的項目libary,用戶身份時admin,可以創建用戶,創建項目
LDAP是目錄模式驗證
3.2 查看harbor相關容器
[root@harbor harbor]# docker-compose ps
Name Command State Ports
------------------------------------------------------------------------------------------------------------------------------
harbor-adminserver /harbor/harbor_adminserver Up
harbor-db docker-entrypoint.sh mysqld Up 3306/tcp
harbor-jobservice /harbor/harbor_jobservice Up
harbor-log /bin/sh -c crond && rm -f ... Up 127.0.0.1:1514->514/tcp
harbor-ui /harbor/harbor_ui Up
nginx nginx -g daemon off; Up 0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp, 0.0.0.0:80->80/tcp
registry /entrypoint.sh serve /etc/ ... Up 5000/tcp
備註:這條名字只能在/usr/local/harbor/下操作
[root@harbor harbor]# cd -
/root
[root@harbor ~]# docker-compose ps
ERROR:
Can't find a suitable configuration file in this directory or any
parent. Are you in the right directory?
Supported filenames: docker-compose.yml, docker-compose.yaml
3.3 可以在本地終端使用docker push上傳鏡像
在本地通過 127.0.0.1 來登錄和推送鏡像。默認情況下, Register 服務器在端口 80 上偵聽。
指定192.168.247.20也可以
先登錄
[root@harbor ~]# docker login -u admin -p Harbor12345 http://127.0.0.1
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
下載一個小鏡像進行後續驗證操作,此時沒有指定倉庫名,默認從公網倉庫拉取鏡像
[root@harbor ~]# docker pull cirros
Status: Downloaded newer image for cirros:latest
[root@harbor ~]# docker images | grep cirros
cirros latest 3c82e4d066cf 6 weeks ago 12.6MB
接下來進行推送鏡像到倉庫內的操作
給其修改個標籤
[root@harbor ~]# docker tag cirros:latest 192.168.247.20/gsy/cirros:vers1
[root@harbor ~]# docker images | grep cirros
192.168.247.20/gsy/cirros vers1 3c82e4d066cf 6 weeks ago 12.6MB
cirros latest 3c82e4d066cf 6 weeks ago 12.6MB
然後上傳,發現連接拒絕,因爲沒有給其指定路徑,如何指定路徑後面會提及
[root@harbor ~]# docker push 192.168.247.20/gsy/cirros:vers1
The push refers to repository [192.168.247.20/gsy/cirros]
Get https://192.168.247.20/v2/: dial tcp 192.168.247.20:443: connect: connection refused
指定127.0.0.1迴環地址就可以直接上傳
[root@harbor ~]# docker tag cirros:latest 127.0.0.1/gsy/cirros:vers1
[root@harbor ~]# docker push 127.0.0.1/gsy/cirros:vers1
The push refers to repository [127.0.0.1/gsy/cirros]
858d98ac4893: Pushed
aa107a407592: Pushed
b993cfcfd8fd: Pushed
vers1: digest: sha256:c7d58d6d463247a2540b8c10ff012c34fd443426462e891b13119a9c66dfd28a size: 943
回到web界面查看情況
刷新下,出現鏡像
複製粘貼這條命令可以從倉庫內拉取鏡像,結果出現報錯
[root@harbor ~]# docker pull 192.168.247.20/gsy/cirros:vers1
Error response from daemon: Get https://192.168.247.20/v2/: dial tcp 192.168.247.20:443: connect: connection refused
[root@harbor ~]#
查看當前本地鏡像
[root@harbor ~]# docker images | grep cirros
192.168.247.20/gsy/cirros vers1 3c82e4d066cf 6 weeks ago 12.6MB
cirros latest 3c82e4d066cf 6 weeks ago 12.6MB
127.0.0.1/gsy/cirros vers1 3c82e4d066cf 6 weeks ago 12.6MB
先測試拉取127.0.0.1的,發現可以
[root@harbor ~]# docker pull 127.0.0.1/gsy/cirros:vers1
vers1: Pulling from gsy/cirros
Digest: sha256:c7d58d6d463247a2540b8c10ff012c34fd443426462e891b13119a9c66dfd28a
Status: Image is up to date for 127.0.0.1/gsy/cirros:vers1
127.0.0.1/gsy/cirros:vers1
先刪掉鏡像再確認測試
[root@harbor ~]# docker rmi 127.0.0.1/gsy/cirros:vers1
Untagged: 127.0.0.1/gsy/cirros:vers1
Untagged: 127.0.0.1/gsy/cirros@sha256:c7d58d6d463247a2540b8c10ff012c34fd443426462e891b13119a9c66dfd28a
[root@harbor ~]# docker rmi 192.168.247.20/gsy/cirros:vers1
Untagged: 192.168.247.20/gsy/cirros:vers1
[root@harbor ~]# docker images | grep cirros
cirros latest 3c82e4d066cf 6 weeks ago 12.6MB
[root@harbor ~]# docker pull 127.0.0.1/gsy/cirros:vers1
vers1: Pulling from gsy/cirros
Digest: sha256:c7d58d6d463247a2540b8c10ff012c34fd443426462e891b13119a9c66dfd28a
Status: Downloaded newer image for 127.0.0.1/gsy/cirros:vers1
127.0.0.1/gsy/cirros:vers1
[root@harbor ~]# docker pull 192.168.247.20/gsy/cirros:vers1
Error response from daemon: Get https://192.168.247.20/v2/: dial tcp 192.168.247.20:443: connect: connection refused
You have new mail in /var/spool/mail/root
[root@harbor ~]# docker images | grep cirros
127.0.0.1/gsy/cirros vers1 3c82e4d066cf 6 weeks ago 12.6MB
cirros latest 3c82e4d066cf 6 weeks ago 12.6MB
發現此時以本地終端127.0.0.1的端口去上傳拉取鏡像都沒問題,但是使用客戶端身份的方式手段去拉取上傳鏡像會出現問題
四:使用客戶端以admin身份去登錄
[root@client ~]# docker login http://192.168.247.20
Username: admin
Password:
Error response from daemon: Get https://192.168.247.20/v2/: dial tcp 192.168.247.20:443: connect: connection refused
也出現相同報錯
出現這問題的原因 Docker Registry 交互默認使用的是 HTTPS,但是搭建私有鏡
像默認使用的是 HTTP 服務
問題解決思路如下:
[root@client ~]# vim /usr/lib/systemd/system/docker.service
ExecStart=/usr/bin/dockerd -H fd:// --insecure-registry 192.168.247.20 --containerd=/run/containerd/containerd.sock
[root@client ~]# systemctl daemon-reload
[root@client ~]# systemctl restart docker
重新嘗試,記得密碼要輸全
[root@client ~]# docker login http://192.168.247.20
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
成功
下面是退出倉庫操作
[root@client ~]# docker logout http://192.168.247.20
Removing login credentials for 192.168.247.20
此時先測試拉取鏡像,成功
root@client ~]# docker pull 192.168.247.20/gsy/cirros:vers1
vers1: Pulling from gsy/cirros
f513001ba4ab: Pull complete
8da581cc9286: Pull complete
856628d95d17: Pull complete
Digest: sha256:c7d58d6d463247a2540b8c10ff012c34fd443426462e891b13119a9c66dfd28a
Status: Downloaded newer image for 192.168.247.20/gsy/cirros:vers1
192.168.247.20/gsy/cirros:vers1
[root@client ~]#
[root@client ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest e791337790a6 6 days ago 127MB
httpd latest bdc169d27d36 7 days ago 166MB
192.168.247.20/gsy/cirros vers1 3c82e4d066cf 6 weeks ago 12.6MB
gliderlabs/registrator latest 3b59190c6c80 4 years ago 23.8MB
上傳鏡像nginx
[root@client ~]# docker tag nginx:latest 192.168.247.20/gsy/vers1
[root@client ~]# docker push 192.168.247.20/gsy/vers1
The push refers to repository [192.168.247.20/gsy/vers1]
be91fceb796e: Pushed
919b6770519b: Pushed
b60e5c3bcef2: Pushed
latest: digest: sha256:6b3b6c113f98e901a8b1473dee4c268cf37e93d72bc0a01e57c65b4ab99e58ee size: 948
[root@client ~]#
到web查看
五:維護管理harbor——docker-compose
可以使用 docker-compose 來管理 Harbor。一些有用的命令如下所示,必須在與 docker-compose.yml 相同的目錄中運行。
要更改 Harbor 的配置文件時,必須先停止現有的 Harbor 實例並更新 Harbor.cfg;然後運行 prepare 腳本來填充配置;最後重新創建並啓動 Harbor 的實例。
5.1docker-compose down -v——此時容器全部關閉刪除
[root@harbor harbor]# docker-compose down -v
Stopping harbor-jobservice ... done
Stopping nginx ... done
Stopping harbor-ui ... done
Stopping harbor-db ... done
Stopping registry ... done
Stopping harbor-adminserver ... done
Stopping harbor-log ... done
Removing harbor-jobservice ... done
Removing nginx ... done
Removing harbor-ui ... done
Removing harbor-db ... done
Removing registry ... done
Removing harbor-adminserver ... done
Removing harbor-log ... done
Removing network harbor_harbor
[root@harbor harbor]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
5.2 然後編輯/usr/local/harbor/harbor/cfg
5.3 ./prepare重新填充配置
備註:使用harbor過程中,不要關閉防火牆,因爲harbor需要用到防火牆的DNAT規則
[root@harbor harbor]# ./prepare
#只能用./prepare,不能用sh prepare
此時容器還都未起來
[root@harbor harbor]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
5.4 docker-compose up -d——開啓
[root@harbor harbor]# docker-compose up -d
Creating network "harbor_harbor" with the default driver
Creating harbor-log ... done
Creating registry ... done
Creating harbor-db ... done
Creating harbor-adminserver ... done
Creating harbor-ui ... done
Creating harbor-jobservice ... done
Creating nginx ... done
[root@harbor harbor]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
94630e81bb21 vmware/harbor-jobservice:v1.2.2 "/harbor/harbor_jobs…" 11 seconds ago Up 10 seconds harbor-jobservice
e68e275ba6c5 vmware/nginx-photon:1.11.13 "nginx -g 'daemon of…" 11 seconds ago Up 10 seconds 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp nginx
278c281594c9 vmware/harbor-ui:v1.2.2 "/harbor/harbor_ui" 11 seconds ago Up 10 seconds harbor-ui
b7adea7dfc28 vmware/registry:2.6.2-photon "/entrypoint.sh serv…" 12 seconds ago Up 11 seconds 5000/tcp registry
b587a5b5a4f9 vmware/harbor-db:v1.2.2 "docker-entrypoint.s…" 12 seconds ago Up 11 seconds 3306/tcp harbor-db
8fbb66df3206 vmware/harbor-adminserver:v1.2.2 "/harbor/harbor_admi…" 12 seconds ago Up 11 seconds harbor-adminserver
b282d0c45952 vmware/harbor-log:v1.2.2 "/bin/sh -c 'crond &…" 12 seconds ago Up 12 seconds 127.0.0.1:1514->514/tcp harbor-log
[root@harbor harbor]#
六:創建harbor用戶
在web端可以創建用戶
可以將用戶添加到項目中
管理員當然權限最大,這裏測試一下開發人員
在客戶端以gsy身份去登錄,測試開發人員具有的權限
[root@client ~]# docker login http://192.168.247.20
Username: gsy
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
打標籤,上傳,成功
[root@client ~]# docker tag nginx:latest 192.168.247.20/gsy/nginx:gsy1
[root@client ~]# docker push 192.168.247.20/gsy/nginx:gsy1
The push refers to repository [192.168.247.20/gsy/nginx]
be91fceb796e: Mounted from gsy/vers1
919b6770519b: Mounted from gsy/vers1
b60e5c3bcef2: Mounted from gsy/vers1
gsy1: digest: sha256:6b3b6c113f98e901a8b1473dee4c268cf37e93d72bc0a01e57c65b4ab99e58ee size: 948
查看web
可以上傳鏡像,再測試拉取鏡像
[root@client ~]# docker pull 192.168.247.20/gsy/nginx:gsy1
gsy1: Pulling from gsy/nginx
Digest: sha256:6b3b6c113f98e901a8b1473dee4c268cf37e93d72bc0a01e57c65b4ab99e58ee
Status: Downloaded newer image for 192.168.247.20/gsy/nginx:gsy1
192.168.247.20/gsy/nginx:gsy1
也可以正常使用拉取鏡像和上傳鏡像
七:遷移harbor數據
首先docker-compose down -v關閉Harbor倉庫
然後拷貝harbor全部數據、持久數據,如鏡像,數據庫等在宿主機的/data/目錄下,日誌在宿主機的
/var/log/Harbor/目錄下。
將數據直接拉取到目標服務器的對應路徑下重新部署即可
/data/database/ 數據庫內容,比如身份驗證數據
/data/registry/ 鏡像文件內容