欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页

快速掌握Harbor仓库的搭建与维护

程序员文章站 2024-01-28 22:00:58
...

一、Harbor仓库的搭建

1.安装Harbor并使用

  1.1保证docker-compose可以正常使用

[aaa@qq.com ~]# mv docker-compose /usr/local/bin
[aaa@qq.com ~]# chmod +x /usr/local/bin/docker-compose
[aaa@qq.com ~]# docker-compose version
docker-compose version 1.21.1, build 5a3f1a3
docker-py version: 3.3.0
CPython version: 3.6.5
OpenSSL version: OpenSSL 1.0.1t  3 May 2016

  1.2harbor可以正常使用


[aaa@qq.com ~]# tar zxf harbor-offline-installer-v1.2.2.tgz -C /usr/local

  1.3配置harbor文件

[aaa@qq.com ~]# vim /usr/local/harbor/harbor.cfg
hostname = 192.168.132.10 #第五行

  1.4启动harbor

[aaa@qq.com ~]# cd /usr/local/harbor/
[aaa@qq.com harbor]# ll
总用量 527664
drwxr-xr-x. 3 root root        23 12月  1 16:05 common
-rw-r--r--. 1 root root      1163 10月 20 2017 docker-compose.clair.yml
-rw-r--r--. 1 root root      1988 10月 20 2017 docker-compose.notary.yml
-rw-r--r--. 1 root root      3191 10月 20 2017 docker-compose.yml #需要保证docker-compose正常使用的原因
-rw-r--r--. 1 root root      4304 10月 20 2017 harbor_1_1_0_template
-rw-r--r--. 1 root root      4343 12月  1 16:09 harbor.cfg
-rw-r--r--. 1 root root 539885476 10月 20 2017 harbor.v1.2.2.tar.gz
-rwxr-xr-x. 1 root root      5332 10月 20 2017 install.sh #启动文件
-rw-r--r--. 1 root root    371640 10月 20 2017 LICENSE
-rw-r--r--. 1 root root       482 10月 20 2017 NOTICE
-rwxr-xr-x. 1 root root     17592 10月 20 2017 prepare
-rwxr-xr-x. 1 root root      4550 10月 20 2017 upgrade
[aaa@qq.com harbor]# sh install.sh

1.5查看harbor启动镜像和容器

[aaa@qq.com harbor]# docker images #镜像
REPOSITORY                  TAG                 IMAGE ID            CREATED             SIZE
vmware/harbor-log           v1.2.2              36ef78ae27df        3 years ago         200MB
vmware/harbor-jobservice    v1.2.2              e2af366cba44        3 years ago         164MB
vmware/harbor-ui            v1.2.2              39efb472c253        3 years ago         178MB
vmware/harbor-adminserver   v1.2.2              c75963ec543f        3 years ago         142MB
vmware/harbor-db            v1.2.2              ee7b9fa37c5d        3 years ago         329MB
vmware/nginx-photon         1.11.13             6cc5c831fc7f        3 years ago         144MB
vmware/registry             2.6.2-photon        5d9100e4350e        3 years ago         173MB
vmware/postgresql           9.6.4-photon        c562762cbd12        3 years ago         225MB
vmware/clair                v2.0.1-photon       f04966b4af6c        3 years ago         297MB
vmware/harbor-notary-db     mariadb-10.1.10     64ed814665c6        3 years ago         324MB
vmware/notary-photon        signer-0.5.0        b1eda7d10640        3 years ago         156MB
vmware/notary-photon        server-0.5.0        6e2646682e3c        3 years ago         157MB
photon                      1.0                 e6e4e4a2ba1b        4 years ago         128MB
[aaa@qq.com harbor]# docker ps -a #容器
CONTAINER ID        IMAGE                              COMMAND                  CREATED             STATUS              PORTS                                                              NAMES
d3a3978e52b1        vmware/nginx-photon:1.11.13        "nginx -g 'daemon of…"   3 minutes ago       Up 3 minutes        0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp   nginx
ff4d436d7250        vmware/harbor-jobservice:v1.2.2    "/harbor/harbor_jobs…"   3 minutes ago       Up 3 minutes                                                                           harbor-jobservice
5029566dbded        vmware/harbor-ui:v1.2.2            "/harbor/harbor_ui"      3 minutes ago       Up 3 minutes                                                                           harbor-ui
939c101def9e        vmware/registry:2.6.2-photon       "/entrypoint.sh serv…"   3 minutes ago       Up 3 minutes        5000/tcp                                                           registry
30b1f5374db5        vmware/harbor-db:v1.2.2            "docker-entrypoint.s…"   3 minutes ago       Up 3 minutes        3306/tcp                                                           harbor-db
9a27823ae81d        vmware/harbor-adminserver:v1.2.2   "/harbor/harbor_admi…"   3 minutes ago       Up 3 minutes                                                                           harbor-adminserver
08c178988e6f        vmware/harbor-log:v1.2.2           "/bin/sh -c 'crond &…"   3 minutes ago       Up 3 minutes        127.0.0.1:1514->514/tcp                                            harbor-log
[aaa@qq.com harbor]# docker-compose ps #编排的容器
       Name                     Command               State                                Ports
------------------------------------------------------------------------------------------------------------------------------
harbor-adminserver   /harbor/harbor_adminserver       Up
harbor-db            docker-entrypoint.sh mysqld      Up      3306/tcp
harbor-jobservice    /harbor/harbor_jobservice        Up
harbor-log           /bin/sh -c crond && rm -f  ...   Up      127.0.0.1:1514->514/tcp
harbor-ui            /harbor/harbor_ui                Up
nginx                nginx -g daemon off;             Up      0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp, 0.0.0.0:80->80/tcp
registry             /entrypoint.sh serve /etc/ ...   Up      5000/tcp

一切正常就可以访问网站了,默认的账号是admin,密码是Harbor12345

快速掌握Harbor仓库的搭建与维护

快速掌握Harbor仓库的搭建与维护

2.管理Harbor

  2.1新建项目

快速掌握Harbor仓库的搭建与维护

注意,在新建项目时,如果不选择私有也会自动变为私有

快速掌握Harbor仓库的搭建与维护

想要公开需要自己重新设置

  2.2在宿主机登陆Harbor


[aaa@qq.com harbor]# docker login -u admin -p Harbor12345 http://127.0.0.1
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded
#登陆成功,此时可以上传或者下载镜像了

  2.3下载、上传镜像

[aaa@qq.com harbor]# docker pull httpd
Using default tag: latest
latest: Pulling from library/httpd
852e50cd189d: Pull complete
67d51c33d390: Pull complete
b0ad2a3b9567: Pull complete
136f1f71f30c: Pull complete
01f8ace29294: Pull complete
Digest: sha256:fddc534b7f6bb6197855be559244adb11907d569aae1283db8e6ce8bb8f6f456
Status: Downloaded newer image for httpd:latest
docker.io/library/httpd:latest
[aaa@qq.com harbor]# docker tag httpd:latest 127.0.0.1/ycx/httpd_ycx #上传前要先改标签
[aaa@qq.com ~]# docker push 127.0.0.1/ycx/httpd_ycx #上传
The push refers to repository [127.0.0.1/ycx/httpd_ycx]
c74375f55aa8: Pushed
211b9be55a20: Pushed
aa0b3e4b6d3b: Pushed
540171a10c83: Pushed
f5600c6330da: Pushed
latest: digest: sha256:4c7c70926e2f2e10a9f78b63f344c83ae97a22c7fefa96afed46c63e4e607c51 size: 1366

快速掌握Harbor仓库的搭建与维护

可以看到上传成功,不过以上操作都是在Harbor服务器本地操作。如果其他客户端想要上传镜像到Harbor则会报以下错误。因为Docker Registry交互默认使用的是HTTPS,但是搭建私有镜像默认使用的是 HTTP服务。

快速掌握Harbor仓库的搭建与维护

所以需要客户端修改配置文件

[aaa@qq.com ~]# vim /usr/lib/systemd/system/docker.service
ExecStart=/usr/bin/dockerd -H fd:// ---insecure-registry 192.168.132.10 --containerd=/run/containerd/containerd.sock #第14行
[aaa@qq.com ~]# systemctl daemon-reload
[aaa@qq.com ~]# systemctl restart docker
[aaa@qq.com ~]# docker login -u admin -p Harbor12345 http://192.168.132.10
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded
#可以正常登陆了

[aaa@qq.com ~]# docker tag 127.0.0.1/ycx/httpd_ycx:latest 192.168.132.10/ycx/httpd_ycx:v2
[aaa@qq.com ~]# docker push 192.168.132.10/ycx/httpd_ycx:v2
The push refers to repository [192.168.132.10/ycx/httpd_ycx]
c74375f55aa8: Layer already exists
211b9be55a20: Layer already exists
aa0b3e4b6d3b: Layer already exists
540171a10c83: Layer already exists
f5600c6330da: Layer already exists
v2: digest: sha256:4c7c70926e2f2e10a9f78b63f344c83ae97a22c7fefa96afed46c63e4e607c51 size: 1366

3.维护Harbor

可以使用 docker-compose 来管理 Harbor。一些有用的命令如下所示,必须在与 docker-compose.yml 相同的目录中运行。
修改 Harbor.cfg 配置文件
要更改 Harbour 的配置文件时,请先停止现有的 Harbor 实例并更新 Harbor.cfg;然
后运行 prepare 脚本来填充配置;最后重新创建并启动 Harbor 的实例。

  3.1创建Harbor用户并设置为项目的开发人员

快速掌握Harbor仓库的搭建与维护

快速掌握Harbor仓库的搭建与维护

快速掌握Harbor仓库的搭建与维护

在客户端登陆

[aaa@qq.com ~]# docker logout 192.168.132.10 #先退出之前登陆的admin
Removing login credentials for 192.168.132.10
[aaa@qq.com ~]# docker login 192.168.132.10 #登陆新建的用户
Username: ycx
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

这时候依然可以正常上传下载

  3.2移除Harbor服务容器同时保留镜像数据/数据库

[aaa@qq.com ~]# cd /usr/local/harbor/ #需要在Harbor中操作
[aaa@qq.com harbor]# docker-compose down -v
Stopping nginx              ... done
Stopping harbor-jobservice  ... done
Stopping harbor-ui          ... done
Stopping registry           ... done
Stopping harbor-db          ... done
Stopping harbor-adminserver ... done
Stopping harbor-log         ... done
Removing nginx              ... done
Removing harbor-jobservice  ... done
Removing harbor-ui          ... done
Removing registry           ... done
Removing harbor-db          ... done
Removing harbor-adminserver ... done
Removing harbor-log         ... done
Removing network harbor_harbor

如需重新部署,需要移除 Harbor服务容器全部数据、持久数据,如镜像,数据库等在宿主机的/data/目录下,日志在宿主机的/var/log/Harbor/目录下。

rm -rf /data/database/
rm -rf /data/registry/

 

相关标签: 私有仓库