快速掌握Harbor仓库的搭建与维护
程序员文章站
2024-01-28 22:00:58
...
一、Harbor仓库的搭建
1.安装Harbor并使用
1.1保证docker-compose可以正常使用
[aaa@qq.com ~]# mv docker-compose /usr/local/bin
[aaa@qq.com ~]# chmod +x /usr/local/bin/docker-compose
[aaa@qq.com ~]# docker-compose version
docker-compose version 1.21.1, build 5a3f1a3
docker-py version: 3.3.0
CPython version: 3.6.5
OpenSSL version: OpenSSL 1.0.1t 3 May 2016
1.2harbor可以正常使用
[aaa@qq.com ~]# tar zxf harbor-offline-installer-v1.2.2.tgz -C /usr/local
1.3配置harbor文件
[aaa@qq.com ~]# vim /usr/local/harbor/harbor.cfg
hostname = 192.168.132.10 #第五行
1.4启动harbor
[aaa@qq.com ~]# cd /usr/local/harbor/
[aaa@qq.com harbor]# ll
总用量 527664
drwxr-xr-x. 3 root root 23 12月 1 16:05 common
-rw-r--r--. 1 root root 1163 10月 20 2017 docker-compose.clair.yml
-rw-r--r--. 1 root root 1988 10月 20 2017 docker-compose.notary.yml
-rw-r--r--. 1 root root 3191 10月 20 2017 docker-compose.yml #需要保证docker-compose正常使用的原因
-rw-r--r--. 1 root root 4304 10月 20 2017 harbor_1_1_0_template
-rw-r--r--. 1 root root 4343 12月 1 16:09 harbor.cfg
-rw-r--r--. 1 root root 539885476 10月 20 2017 harbor.v1.2.2.tar.gz
-rwxr-xr-x. 1 root root 5332 10月 20 2017 install.sh #启动文件
-rw-r--r--. 1 root root 371640 10月 20 2017 LICENSE
-rw-r--r--. 1 root root 482 10月 20 2017 NOTICE
-rwxr-xr-x. 1 root root 17592 10月 20 2017 prepare
-rwxr-xr-x. 1 root root 4550 10月 20 2017 upgrade
[aaa@qq.com harbor]# sh install.sh
1.5查看harbor启动镜像和容器
[aaa@qq.com harbor]# docker images #镜像
REPOSITORY TAG IMAGE ID CREATED SIZE
vmware/harbor-log v1.2.2 36ef78ae27df 3 years ago 200MB
vmware/harbor-jobservice v1.2.2 e2af366cba44 3 years ago 164MB
vmware/harbor-ui v1.2.2 39efb472c253 3 years ago 178MB
vmware/harbor-adminserver v1.2.2 c75963ec543f 3 years ago 142MB
vmware/harbor-db v1.2.2 ee7b9fa37c5d 3 years ago 329MB
vmware/nginx-photon 1.11.13 6cc5c831fc7f 3 years ago 144MB
vmware/registry 2.6.2-photon 5d9100e4350e 3 years ago 173MB
vmware/postgresql 9.6.4-photon c562762cbd12 3 years ago 225MB
vmware/clair v2.0.1-photon f04966b4af6c 3 years ago 297MB
vmware/harbor-notary-db mariadb-10.1.10 64ed814665c6 3 years ago 324MB
vmware/notary-photon signer-0.5.0 b1eda7d10640 3 years ago 156MB
vmware/notary-photon server-0.5.0 6e2646682e3c 3 years ago 157MB
photon 1.0 e6e4e4a2ba1b 4 years ago 128MB
[aaa@qq.com harbor]# docker ps -a #容器
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d3a3978e52b1 vmware/nginx-photon:1.11.13 "nginx -g 'daemon of…" 3 minutes ago Up 3 minutes 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp nginx
ff4d436d7250 vmware/harbor-jobservice:v1.2.2 "/harbor/harbor_jobs…" 3 minutes ago Up 3 minutes harbor-jobservice
5029566dbded vmware/harbor-ui:v1.2.2 "/harbor/harbor_ui" 3 minutes ago Up 3 minutes harbor-ui
939c101def9e vmware/registry:2.6.2-photon "/entrypoint.sh serv…" 3 minutes ago Up 3 minutes 5000/tcp registry
30b1f5374db5 vmware/harbor-db:v1.2.2 "docker-entrypoint.s…" 3 minutes ago Up 3 minutes 3306/tcp harbor-db
9a27823ae81d vmware/harbor-adminserver:v1.2.2 "/harbor/harbor_admi…" 3 minutes ago Up 3 minutes harbor-adminserver
08c178988e6f vmware/harbor-log:v1.2.2 "/bin/sh -c 'crond &…" 3 minutes ago Up 3 minutes 127.0.0.1:1514->514/tcp harbor-log
[aaa@qq.com harbor]# docker-compose ps #编排的容器
Name Command State Ports
------------------------------------------------------------------------------------------------------------------------------
harbor-adminserver /harbor/harbor_adminserver Up
harbor-db docker-entrypoint.sh mysqld Up 3306/tcp
harbor-jobservice /harbor/harbor_jobservice Up
harbor-log /bin/sh -c crond && rm -f ... Up 127.0.0.1:1514->514/tcp
harbor-ui /harbor/harbor_ui Up
nginx nginx -g daemon off; Up 0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp, 0.0.0.0:80->80/tcp
registry /entrypoint.sh serve /etc/ ... Up 5000/tcp
一切正常就可以访问网站了,默认的账号是admin,密码是Harbor12345
2.管理Harbor
2.1新建项目
注意,在新建项目时,如果不选择私有也会自动变为私有
想要公开需要自己重新设置
2.2在宿主机登陆Harbor
[aaa@qq.com harbor]# docker login -u admin -p Harbor12345 http://127.0.0.1
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
#登陆成功,此时可以上传或者下载镜像了
2.3下载、上传镜像
[aaa@qq.com harbor]# docker pull httpd
Using default tag: latest
latest: Pulling from library/httpd
852e50cd189d: Pull complete
67d51c33d390: Pull complete
b0ad2a3b9567: Pull complete
136f1f71f30c: Pull complete
01f8ace29294: Pull complete
Digest: sha256:fddc534b7f6bb6197855be559244adb11907d569aae1283db8e6ce8bb8f6f456
Status: Downloaded newer image for httpd:latest
docker.io/library/httpd:latest
[aaa@qq.com harbor]# docker tag httpd:latest 127.0.0.1/ycx/httpd_ycx #上传前要先改标签
[aaa@qq.com ~]# docker push 127.0.0.1/ycx/httpd_ycx #上传
The push refers to repository [127.0.0.1/ycx/httpd_ycx]
c74375f55aa8: Pushed
211b9be55a20: Pushed
aa0b3e4b6d3b: Pushed
540171a10c83: Pushed
f5600c6330da: Pushed
latest: digest: sha256:4c7c70926e2f2e10a9f78b63f344c83ae97a22c7fefa96afed46c63e4e607c51 size: 1366
可以看到上传成功,不过以上操作都是在Harbor服务器本地操作。如果其他客户端想要上传镜像到Harbor则会报以下错误。因为Docker Registry交互默认使用的是HTTPS,但是搭建私有镜像默认使用的是 HTTP服务。
所以需要客户端修改配置文件
[aaa@qq.com ~]# vim /usr/lib/systemd/system/docker.service
ExecStart=/usr/bin/dockerd -H fd:// ---insecure-registry 192.168.132.10 --containerd=/run/containerd/containerd.sock #第14行
[aaa@qq.com ~]# systemctl daemon-reload
[aaa@qq.com ~]# systemctl restart docker
[aaa@qq.com ~]# docker login -u admin -p Harbor12345 http://192.168.132.10
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
#可以正常登陆了
[aaa@qq.com ~]# docker tag 127.0.0.1/ycx/httpd_ycx:latest 192.168.132.10/ycx/httpd_ycx:v2
[aaa@qq.com ~]# docker push 192.168.132.10/ycx/httpd_ycx:v2
The push refers to repository [192.168.132.10/ycx/httpd_ycx]
c74375f55aa8: Layer already exists
211b9be55a20: Layer already exists
aa0b3e4b6d3b: Layer already exists
540171a10c83: Layer already exists
f5600c6330da: Layer already exists
v2: digest: sha256:4c7c70926e2f2e10a9f78b63f344c83ae97a22c7fefa96afed46c63e4e607c51 size: 1366
3.维护Harbor
可以使用 docker-compose 来管理 Harbor。一些有用的命令如下所示,必须在与 docker-compose.yml 相同的目录中运行。
修改 Harbor.cfg 配置文件
要更改 Harbour 的配置文件时,请先停止现有的 Harbor 实例并更新 Harbor.cfg;然
后运行 prepare 脚本来填充配置;最后重新创建并启动 Harbor 的实例。
3.1创建Harbor用户并设置为项目的开发人员
在客户端登陆
[aaa@qq.com ~]# docker logout 192.168.132.10 #先退出之前登陆的admin
Removing login credentials for 192.168.132.10
[aaa@qq.com ~]# docker login 192.168.132.10 #登陆新建的用户
Username: ycx
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
这时候依然可以正常上传下载
3.2移除Harbor服务容器同时保留镜像数据/数据库
[aaa@qq.com ~]# cd /usr/local/harbor/ #需要在Harbor中操作
[aaa@qq.com harbor]# docker-compose down -v
Stopping nginx ... done
Stopping harbor-jobservice ... done
Stopping harbor-ui ... done
Stopping registry ... done
Stopping harbor-db ... done
Stopping harbor-adminserver ... done
Stopping harbor-log ... done
Removing nginx ... done
Removing harbor-jobservice ... done
Removing harbor-ui ... done
Removing registry ... done
Removing harbor-db ... done
Removing harbor-adminserver ... done
Removing harbor-log ... done
Removing network harbor_harbor
如需重新部署,需要移除 Harbor服务容器全部数据、持久数据,如镜像,数据库等在宿主机的/data/目录下,日志在宿主机的/var/log/Harbor/目录下。
rm -rf /data/database/
rm -rf /data/registry/