搭建容器私有创库Harbor
2024-05-13 11:47:30
搭建容器私有创库Harbor
安装docker
关闭防火墙和selinux
[root@localhost ~]# systemctl disable --now firewalld
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.[root@localhost ~]# vim /etc/selinux/config SELINUX=disabled
[root@localhost ~]# reboot配置docker源
[root@localhost yum.repos.d]# curl -o docker-ce.repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo% Total % Received % Xferd Average Speed Time Time Time CurrentDload Upload Total Spent Left Speed0 0 0 0 0 0 0 0 --:--:100 2081 100 2081 0 0 9502 0 --:--:-- --:--:-- --:--:-- 9502
[root@localhost yum.repos.d]# cat docker-ce.repo安装docker
[root@localhost yum.repos.d]# yum -y install docker-ce配置镜像加速器
[root@localhost ~]# cat /etc/docker/daemon.json
{"registry-mirrors": ["https://k654a2v7.mirror.aliyuncs.com"]
}启动服务
[root@localhost ~]# systemctl enable --now docker
Created symlink /etc/systemd/system/multi-user.target.wants/docker.service → /usr/lib/systemd/system/docker.service.
[root@localhost ~]#
[root@localhost ~]# systemctl status docker
● docker.service - Docker Application Container EngineLoaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled)Active: active (running) since Thu 2021-12-16 20:36:37 CST; 46s agoDocs: https://docs.docker.comMain PID: 70497 (dockerd)Tasks: 9Memory: 33.5MCGroup: /system.slice/docker.service└─70497 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sockDec 16 20:36:36 localhost.localdomain dockerd[70497]: time="2021-12-16T20:36:36.560561254+08:00" level=warning msg="Your >
Dec 16 20:36:36 localhost.localdomain dockerd[70497]: time="2021-12-16T20:36:36.560588894+08:00" level=warning msg="Your >查看镜像加速器是否已启用
[root@localhost ~]# docker info
Client:Context: defaultDebug Mode: falsePlugins:app: Docker App (Docker Inc., v0.9.1-beta3)buildx: Docker Buildx (Docker Inc., v0.7.1-docker)scan: Docker Scan (Docker Inc., v0.12.0)Server:Containers: 0Running: 0Paused: 0Stopped: 0Images: 0Server Version: 20.10.12Storage Driver: overlay2Backing Filesystem: xfsSupports d_type: trueNative Overlay Diff: trueuserxattr: falseLogging Driver: json-fileCgroup Driver: cgroupfsCgroup Version: 1Plugins:Volume: localNetwork: bridge host ipvlan macvlan null overlayLog: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslogSwarm: inactiveRuntimes: io.containerd.runtime.v1.linux runc io.containerd.runc.v2Default Runtime: runcInit Binary: docker-initcontainerd version: 7b11cfaabd73bb80907dd23182b9347b4245eb5drunc version: v1.0.2-0-g52b36a2init version: de40ad0Security Options:seccompProfile: defaultKernel Version: 4.18.0-305.3.1.el8.x86_64Operating System: CentOS Linux 8OSType: linuxArchitecture: x86_64CPUs: 4Total Memory: 3.623GiBName: localhost.localdomainID: GJES:5FNC:EUM7:VDFY:3L7G:2IIB:OR25:TWYF:DQMT:HSOL:BDES:Y5ZHDocker Root Dir: /var/lib/dockerDebug Mode: falseRegistry: https://index.docker.io/v1/Labels:Experimental: falseInsecure Registries:127.0.0.0/8Registry Mirrors:https://k654a2v7.mirror.aliyuncs.com/ ####Live Restore Enabled: falsedockers服务以运行
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
[root@localhost ~]# 安装Harbor
docker官网
https://docs.docker.com/compose/install/
下载docker-compose包
[root@localhost ~]# curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose[root@localhost ~]# ls
anaconda-ks.cfg
docker-compose
[root@localhost ~]# mv docker-compose /usr/local/bin/
[root@localhost bin]# chmod +x docker-compose
[root@localhost bin]# ls
docker-compose给执行权限
[root@localhost ~]# which docker-compose
/usr/local/bin/docker-compose
[root@localhost ~]# [root@localhost ~]# docker-compose --version
docker-compose version 1.29.2, build 5becea4c下载harbor包
[root@localhost ~]# wget https://github.com/goharbor/harbor/releases/download/v2.3.5/harbor-offline-installer-v2.3.5.tgz
[root@localhost ~]# ls
anaconda-ks.cfg
harbor-offline-installer-v2.3.5.tgz
[root@localhost ~]# mv harbor-offline-installer-v2.3.5.tgz /usr/src/
[root@localhost ~]# cd /usr/src/
[root@localhost src]# ls
debug harbor-offline-installer-v2.3.5.tgz kernels解压
[root@localhost src]# tar xf harbor-offline-installer-v2.3.5.tgz -C /usr/local/
[root@localhost local]# ls
bin games include lib64 sbin src
etc harbor lib libexec share
[root@localhost src]# cd harbor/
[root@localhost harbor]# ls
LICENSE harbor.v2.3.5.tar.gz install.sh
common.sh harbor.yml.tmpl prepare修改主机名
[root@localhost ~]# hostnamectl set-hostname registry.example.com
[root@localhost ~]# bash
[root@registry ~]# hostname
registry.example.com给主机价格映射
[root@registry ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.244.146 registry.example.com
[root@registry ~]# ping registry.example.com
PING registry.example.com (192.168.244.146) 56(84) bytes of data.
64 bytes from registry.example.com (192.168.244.146): icmp_seq=1 ttl=64 time=0.100 ms
64 bytes from registry.example.com (192.168.244.146): icmp_seq=2 ttl=64 time=0.046 ms
^C
--- registry.example.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1052ms
rtt min/avg/max/mdev = 0.046/0.073/0.100/0.027 ms修改配置文件
[root@localhost harbor]# cp harbor.yml.tmpl harbor.yml
[root@localhost harbor]# ls
LICENSE harbor.yml prepare
common.sh harbor.yml.tmpl
harbor.v2.3.5.tar.gz install.sh
[root@localhost harbor]# vim harbor.yml
.......
hostname: registry.example.com# http related config
http:# port for http, default is 80. If https enabled, this port will redirect to https portport: 80
.......
harbor_admin_password: Harbor12345 #登录密码
# https related config
#https: #注释# https port for harbor, default is 443# port: 443# The path of cert and key files for nginx# certificate: /your/certificate/path #注释#private_key: /your/private/key/path #注释查看有没有镜像,然后看看安装之后会出现什么?
[root@registry harbor]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
[root@registry harbor]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@registry harbor]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@registry harbor]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
安装 harbor
[root@registry harbor]# ls
LICENSE harbor.yml prepare
common.sh harbor.yml.tmpl
harbor.v2.3.5.tar.gz install.sh
[root@registry harbor]# ./install.sh
.....
.....
Creating network "harbor_harbor" with the default driver
Creating harbor-log ... done
Creating registryctl ... done
Creating harbor-db ... done
Creating harbor-portal ... done
Creating redis ... done
Creating registry ... done
Creating harbor-core ... done
Creating nginx ... done
Creating harbor-jobservice ... done
✔ ----Harbor has been installed and started successfully.----查看镜像
[root@registry ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
goharbor/harbor-exporter v2.3.5 1730c6f650e2 6 days ago 81.9MB
goharbor/chartmuseum-photon v2.3.5 47004f032938 6 days ago 179MB
goharbor/redis-photon v2.3.5 3d0cedc89a0d 6 days ago 156MB
goharbor/trivy-adapter-photon v2.3.5 5c0212e98070 6 days ago 133MB
goharbor/notary-server-photon v2.3.5 f20a76c65359 6 days ago 111MB
goharbor/notary-signer-photon v2.3.5 b9fa38eef4d7 6 days ago 108MB
goharbor/harbor-registryctl v2.3.5 7a52567a76ca 6 days ago 133MB
goharbor/registry-photon v2.3.5 cf22d3e386b8 6 days ago 82.6MB
goharbor/nginx-photon v2.3.5 5e3b6d9ce11a 6 days ago 45.7MB
goharbor/harbor-log v2.3.5 a03e4bc963d6 6 days ago 160MB
goharbor/harbor-jobservice v2.3.5 2ac32df5a2e0 6 days ago 211MB
goharbor/harbor-core v2.3.5 23baee01156f 6 days ago 193MB
goharbor/harbor-portal v2.3.5 bb545cdedf5a 6 days ago 58.9MB
goharbor/harbor-db v2.3.5 9826c57a5749 6 days ago 221MB
goharbor/prepare v2.3.5 a1ceaabe47b2 6 days ago 255MB#查看容器
[root@registry ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
4671e2e6e6be goharbor/nginx-photon:v2.3.5 "nginx -g 'daemon of…" About a minute ago Up About a minute (healthy) 0.0.0.0:80->8080/tcp, :::80->8080/tcp nginx
9501d9e8ff8d goharbor/harbor-jobservice:v2.3.5 "/harbor/entrypoint.…" About a minute ago Up About a minute (healthy) harbor-jobservice
11427e6f6f9e goharbor/harbor-core:v2.3.5 "/harbor/entrypoint.…" About a minute ago Up About a minute (healthy) harbor-core
672b9aad2325 goharbor/harbor-portal:v2.3.5 "nginx -g 'daemon of…" About a minute ago Up About a minute (healthy) harbor-portal
8fb6a28dbb21 goharbor/redis-photon:v2.3.5 "redis-server /etc/r…" About a minute ago Up About a minute (healthy) redis
aea2c3d16635 goharbor/registry-photon:v2.3.5 "/home/harbor/entryp…" About a minute ago Up About a minute (healthy) registry
3e3b5244543d goharbor/harbor-registryctl:v2.3.5 "/home/harbor/start.…" About a minute ago Up About a minute (healthy) registryctl
5666e465232b goharbor/harbor-db:v2.3.5 "/docker-entrypoint.…" About a minute ago Up About a minute (healthy) harbor-db
e8afa8c07a7d goharbor/harbor-log:v2.3.5 "/bin/sh -c /usr/loc…" About a minute ago Up About a minute (healthy) 127.0.0.1:1514->10514/tcp harbor-log查看一下生成的文文件
#安装之前
[root@registry harbor]# ls
LICENSE harbor.yml prepare
common.sh harbor.yml.tmpl
harbor.v2.3.5.tar.gz install.sh
#安装之后
[root@registry harbor]# ls
LICENSE docker-compose.yml harbor.yml.tmpl
common harbor.v2.3.5.tar.gz install.sh
common.sh harbor.yml prepare查看端口
[root@registry harbor]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 127.0.0.1:1514 0.0.0.0:*
LISTEN 0 128 0.0.0.0:80 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:80 [::]:*
LISTEN 0 128 [::]:22 [::]:*
用网页访问
用户名:admin
密码:Harbor12345 #可以在/usr/local/harbor/harbor.yml文件中修改密码
创建项目并指定使用用户
设置开机自启
[root@registry harbor]# cat start.sh
#!/bin/bashcd /usr/local/harbor/
docker-compose start
[root@registry harbor]# ls
LICENSE harbor.v2.3.5.tar.gz prepare
common harbor.yml start.sh
common.sh harbor.yml.tmpl
docker-compose.yml install.sh
[root@registry harbor]# chmod +x start.sh
[root@registry harbor]# ls
LICENSE harbor.v2.3.5.tar.gz prepare
common harbor.yml start.sh
common.sh harbor.yml.tmpl
docker-compose.yml install.sh[root@registry harbor]# cat /etc/rc.local
#!/bin/bash
# THIS FILE IS ADDED FOR COMPATIBILITY PURPOSES
#
# It is highly advisable to create own systemd services or udev rules
# to run scripts during boot instead of using this file.
#
# In contrast to previous versions due to parallel execution during boot
# this script will NOT be run after all other services.
#
# Please note that you must run 'chmod +x /etc/rc.d/rc.local' to ensure
# that this script will be executed during boot.touch /var/lock/subsys/local
/bin/bash -c /usr/local/harbor/start.sh #添加此行[root@server1 ~]# docker login registry.example.com
Username: admin
Password:
Error response from daemon: Get "https://registry.example.com/v2/": dial tcp 192.168.244.146:443: connect: connection refused
[root@server1 ~]# ping registry.example.com
PING registry.example.com (192.168.244.146) 56(84) bytes of data.
64 bytes from registry.example.com (192.168.244.146): icmp_seq=1 ttl=64 time=0.415 ms
64 bytes from registry.example.com (192.168.244.146): icmp_seq=2 ttl=64 time=0.120 ms
64 bytes from registry.example.com (192.168.244.146): icmp_seq=3 ttl=64 time=0.581 ms
^C
--- registry.example.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 32ms
rtt min/avg/max/mdev = 0.120/0.372/0.581/0.190 msYAML模板文件语法
默认的模板文件是docker-compose.yml,其中定义的每个服务都必须通过image指令指定镜像或build指令(需要Dockerfile)来自动构建。
其他大部分都跟docker run 中类似。 如果使用build指令,在Dockerfile中设置的选项(例如:CMD,EXPOSE,VOLUME,ENV等)将自动被获取,无需在docker-compose.yml中再次被设置。
image
指定为镜像名称或镜像ID。如果镜像不存在,Compose将尝试从互联网拉取这个镜像,例如: image: ubuntu image:
orchardup/postgresql image: a4bc65fd
build
指定Dockerfile所在文件夹的路径。Compose将会利用他自动构建这个镜像,然后使用这个镜像。
build: ./dir
command
覆盖容器启动后默认执行的命令。
command: bundle exec thin -p 3000
links
链接到其他服务容器,使用服务名称(同时作为别名)或服务别名(SERVICE:ALIAS)都可以
links:- db- db:database- redis
注意:使用别名会自动在服务器中的/etc/hosts 里创建,如:172.17.2.186 db,相应的环境变量也会被创建。
external_links
链接到docker-compose.yml外部的容器,甚至并非是Compose管理的容器。参数格式和links类似。 external_links:
- redis_1- project_db_1:mysql- project_db_2:sqlserver
ports
暴露端口信息。 宿主机器端口:容器端口(HOST:CONTAINER)格式或者仅仅指定容器的端口(宿主机器将会随机分配端口)都可以。
ports:- "3306"- "8080:80"- "127.0.0.1:8090:8001"
注意:当使用 HOST:CONTAINER 格式来映射端口时,如果你使用的容器端口小于 60 你可能会得到错误得结果,因为 YAML 将会解析 xx:yy 这种数字格式为 60 进制。所以建议采用字符串格式。
expose
暴露端口,与posts不同的是expose只可以暴露端口而不能映射到主机,只供外部服务连接使用;仅可以指定内部端口为参数。
expose:- "3000"- "8000"
volumes
设置卷挂载的路径。可以设置宿主机路径:容器路径(host:container)或加上访问模式(host:container:ro)ro就是readonly的意思,只读模式。
volumes:- /var/lib/mysql:/var/lib/mysql- /configs/mysql:/etc/configs/:ro
volunes_from
挂载另一个服务或容器的所有数据卷。
volumes_from:- service_name- container_name
environment
设置环境变量。可以属于数组或字典两种格式。 如果只给定变量的名称则会自动加载它在Compose主机上的值,可以用来防止泄露不必要的数据。
environment:- RACK_ENV=development- SESSION_SECRET
env_file
从文件中获取环境变量,可以为单独的文件路径或列表。 如果通过docker-compose -f FILE指定了模板文件,则env_file中路径会基于模板文件路径。 如果有变量名称与environment指令冲突,则以后者为准。
env_file: .env
env_file:- ./common.env- ./apps/web.env- /opt/secrets.env
环境变量文件中每一行都必须有注释,支持#开头的注释行。
# common.env: Set Rails/Rack environment
RACK_ENV=development
extends
基于已有的服务进行服务扩展。例如我们已经有了一个webapp服务,模板文件为common.yml.
# common.yml
webapp:
build: ./webapp
environment:
\ - DEBUG=false
\ - SEND_EMAILS=false
编写一个新的 development.yml 文件,使用 common.yml 中的 webapp 服务进行扩展。 development.yml
web:
extends:
file: common.yml
service: webapp:ports:\ - "8080:80"links:\ - dbenvelopment:- DEBUG=truedb:image: mysql:5.7
后者会自动继承common.yml中的webapp服务及相关的环境变量。
net
设置网络模式。使用和docker client 的 --net 参数一样的值。
# 容器默认连接的网络,是所有Docker安装时都默认安装的docker0网络.
net: "bridge"
# 容器定制的网络栈.
net: "none"
# 使用另一个容器的网络配置
net: "container:[name or id]"
# 在宿主网络栈上添加一个容器,容器中的网络配置会与宿主的一样
net: "host"
Docker会为每个节点自动创建三个网络: 网络名称 作用 bridge 容器默认连接的网络,是所有Docker安装时都默认安装的docker0网络 none 容器定制的网络栈 host 在宿主网络栈上添加一个容器,容器中的网络配置会与宿主的一样 附录: 操作名称 命令 创建网络 docker network create -d bridge mynet 查看网络列表 docker network ls
pid
和宿主机系统共享进程命名空间,打开该选项的容器可以相互通过进程id来访问和操作。
pid: "host"
dns
配置DNS服务器。可以是一个值,也可以是一个列表。
dns: 114.114.114.114
dns:- 114.114.114.114- 9.9.9.9
cap_add,cap_drop
添加或放弃容器的Linux能力(Capability)。
cap_add:- ALL
cap_drop:- NET_ADMIN- SYS_ADMIN
装的docker0网络.
net: "bridge"
# 容器定制的网络栈.
net: "none"
# 使用另一个容器的网络配置
net: "container:[name or id]"
# 在宿主网络栈上添加一个容器,容器中的网络配置会与宿主的一样
net: "host"
Docker会为每个节点自动创建三个网络: 网络名称 作用 bridge 容器默认连接的网络,是所有Docker安装时都默认安装的docker0网络 none 容器定制的网络栈 host 在宿主网络栈上添加一个容器,容器中的网络配置会与宿主的一样 附录: 操作名称 命令 创建网络 docker network create -d bridge mynet 查看网络列表 docker network ls
pid
和宿主机系统共享进程命名空间,打开该选项的容器可以相互通过进程id来访问和操作。
pid: "host"
dns
配置DNS服务器。可以是一个值,也可以是一个列表。
dns: 114.114.114.114
dns:- 114.114.114.114- 9.9.9.9
cap_add,cap_drop
添加或放弃容器的Linux能力(Capability)。
cap_add:- ALL
cap_drop:- NET_ADMIN- SYS_ADMIN
搭建容器私有创库Harbor相关推荐
- docker---仓库(docker hub,搭建docker私有仓库,harbor仓库)
一.docker仓库: Docker 仓库是用来包含镜像的位置,Docker提供一个注册服务器(Register)来保存多个仓库,每个仓库又可以包含多个具备不同tag的镜像. Docker运行中使用的 ...
- 阿里云ubuntu版本搭建本地私有厂库
首先安装好docker,这是基础,假设你的云主机的公网地址是172.163.10.1 1.在本地下载registry镜像: docker pull registry 2.使用registry镜像创建一 ...
- docker搭建harbor私有镜像库
创建harbor私有镜像库 一.部署准备: harbor软件包 在部署节点上: 1)解压harbor的软件包将harbor目录下所有文件发送到/opt/目录下 tar zxvf harbor-offl ...
- Docker容器私有仓库——Harbor私有仓库的搭建
Docker容器私有仓库--Harbor私有仓库的搭建 一.Harbor介绍 1.Harbor概念 2.Harbor的核心组件 3.Harbor的优点 二.Harbor搭建的环境准备 1.当前Harb ...
- 基于https搭建habor私有库
基于https搭建habor私有库 1.编辑/etc/docker/daemon.json文件,如果文件不存在,则新建该文件,在该文件中加入:"insecure-registries&quo ...
- 前端人员如何在linux服务器上搭建npm私有库
为什么要搭建npm私有库? 为了方便下载时,公共包走npmjs,私有包走内部服务器. npm包下载的速度较慢,搭建npm私有库之后,会先操作私有库中是否有缓存,有缓存直接走缓存,而不用重新再去请求一遍 ...
- Docker容器之搭建本地私有仓库
Docker容器之搭建本地私有仓库 前言 一.首先下载registry镜像 二.在daemon.json文件中添加私有镜像仓库的地址并重启 三.创建registry容器并开放端口 四.给镜像打标签后上 ...
- 搭建CocoaPods私有库
基于git搭建CocoaPods私有库 1.创建并设置一个私有的Spec Repo. 2.创建Pod的所需要的项目工程文件,并且有可访问的项目版本控制地址. 3.创建Pod所对应的podspec文件. ...
- satis 搭建 Composer 私有库的方法
安装 satis 命令行下执行: php create-project composer/satis --stability=dev --keep-vcs . 配置 创建 satis.json 文件, ...
- docker 私有仓库与Harbor
文章目录 一: 搭建本地私有仓库 1.1 下载registry 镜像,添加镜像地址 1.1.1 下载registry 镜像 1.1.2 在daemon.json 文件中添加私有镜像仓库地址 1.2 运 ...
最新文章
- AI闯入法律界,第一步是当律师的得力助手
- xml笔记整理_基础概括
- 深入浅出mysql gtid_深入理解MySQL GTID
- 基于JavaScript实现网页计算器
- 腾讯云服务器 - 定时备份MariaDB/MySQL
- (转)贝莱德,从0到6万亿
- VC++ MFC 经典教程 – 基础篇
- 纪念概率学界最后一位集大成者——钟开莱
- 安装kali的过程以及菜咩学到的基础知识
- 计算机网络:家庭无线网组建方案
- WINVNC源码分析(三)——omni_thread库
- 计算机放音乐声音小在吗调,笔记本外放声音太小怎么办?-电脑教程
- 005_HTML制作炫酷登录界面(CSS精灵图、背景图片局部显示)
- 关于SuperSlide插件的使用
- 基于Multisim的AM信号包络检波器
- CCPC-Wannafly Winter Camp Day8 (Div2, onsite)
- WEB前端 使用 IcoMoon
- python 投掷筛子游戏
- SwiftUI 让用户更便捷在 App Store 为 App 打分和评价的超详细介绍
- 《Effective Java》——学习笔记(泛型枚举和注解)