当前位置:网站首页>Harbor Enterprise Mirror Warehouse Construction
Harbor Enterprise Mirror Warehouse Construction
2022-08-09 05:53:00 【MssGuo】
前言
环境:centos 7.9 harbor-offline-installer-v2.4.3.tgz
下载harbor版本
harbor的官网:https://goharbor.io/
,Click the download button to actually jump togithub上,https://github.com/goharbor/harbor/releases/
Just download the version you need. It can also be directly on the virtual machinewget https://github.com/goharbor/harbor/releases/download/v2.4.3/harbor-offline-installer-v2.4.3.tgz
联网下载.
Check the environment and create the certificate
查看官方安装文档:https://goharbor.io/docs/2.4.0/
Review installation prerequisites:https://goharbor.io/docs/2.4.0/install-config/installation-prereqs/,需要Docker engine Version 17.06.0-ce+ or higher 、
Docker Compose Version 1.18.0 or higher、Openssl Latest is preferred.
需要先安装docker、docker-compose,It is not reflected here,默认你已经安装好了docker和docker-compose,如果不会安装docker和docker-compose,请参考https://blog.csdn.net/MssGuo/article/details/122694156
.
[[email protected] ~]# mkdir /data #创建一个data目录,用作harbor的数据存储目录
[[email protected] ~]# mkdir /data/harbor/ssl/ -p #创建一个ssl目录,Used to store key files
#默认情况下,harbor如果要使用https登陆,需要有证书,可以自签证书
[[email protected] ~]#cd /data/harbor/ssl/ #进入/data/harbor/ssl/Directory to create certificates
[[email protected] ssl]# openssl genrsa -out ca.key 4096
[[email protected] ssl]# openssl req -x509 -new -nodes -sha512 -days 3650 \
-subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=xiaoming.com" \ #这里的xiaoming.com写上你的域名,No domain name is writtenip地址也可以
-key ca.key \
-out ca.crt
[[email protected] ~]# tar zxvf harbor-offline-installer-v2.4.3.tgz #Upload the installation package to the server and decompress the installation package
[[email protected] ~]# cd harbor #进入到解压后的目录
[[email protected] harbor]# cp harbor.yml.tmpl harbor.yml #将官方的harborMake a copy of the profile template asharbor的配置文件
harbor配置文件讲解
[[email protected] ~]# vim harbor.yml #编辑harbor.yml,具体修改如下所示
# Configuration file of Harbor
# The IP address or hostname to access admin UI and registry service.
# DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
hostname: 192.168.118.129 #这里配置ip地址或域名,The official recommendation is not to use itlocalhost or 127.0.0.1
# http related config
http:
# port for http, default is 80. If https enabled, this port will redirect to https port
port: 80 #这是http端口,默认80端口
# https related config
https:
# https port for harbor, default is 443
port: 443 #这是https端口,默认443端口,启动https需要有证书
# The path of cert and key files for nginx
certificate: /data/harbor/ssl/ca.crt #访问harbor的证书,Here you need to change to the certificate generated above
private_key: /data/harbor/ssl/ca.key #访问harbor的私钥,Here you need to change to the certificate generated above
# # Uncomment following will enable tls communication between all harbor components
# internal_tls: #是否启用Harbor组件之间的tls通信,默认禁用状态
# # set enabled to true means internal tls is enabled
# enabled: true
# # put your cert and key files on dir
# dir: /etc/harbor/tls/internal
# Uncomment external_url if you want to enable external proxy #是否启用外部代理
# And when it enabled the hostname will no longer used #如果启用,那么主机名将不再使用,默认禁用,值为外部代理的地址
# external_url: https://reg.mydomain.com:8433
# The initial password of Harbor admin #管理员admin的初始密码,默认为Harbor12345
# It only works in first time to install harbor #This initial password is only installed for the first timeharbor时起作用
# Remember Change the admin password from UI after launching Harbor.#登录Harbor UI管理界面后,为保证密码安全,强烈建议修改admin密码
harbor_admin_password: Harbor12345
# Harbor DB configuration #harbor数据库配置部分,harbor使用postgresql作为数据库
database:
# The password for the root user of Harbor DB. Change this before any production use.
password: root123 #数据库root用户的密码,生产环境建议修改
# The maximum number of connections in the idle connection pool. If it <=0, no idle connections are retained.
max_idle_conns: 100 #空闲连接池中的最大连接数,如果小于等于0,则不保留空闲连接
# The maximum number of open connections to the database. If it <= 0, then there is no limit on the number of open connections.
# Note: the default number of connections is 1024 for postgres of harbor.
max_open_conns: 900 #The maximum number of connections to open a database,如果小于等于0,则对打开的连接数没有限制
# The default data volume
data_volume: /data #数据存储目录,harbor中的每个组件的数据都存储在该指定路径下的子目录中
# Harbor Storage settings by default is using /data dir on local filesystem #HarborThe storage defaults to the local file system/data目录
# Uncomment storage_service setting If you want to using external storage #如果需要使用外部存储,则将该部分的注释去掉,生产环境建议使用外部存储
# storage_service:
# # ca_bundle is the path to the custom root ca certificate, which will be injected into the truststore
# # of registry's and chart repository's containers. This is usually needed when the user hosts a internal storage with self signed certificate.
# ca_bundle: #自定义根ca证书的路径,该证书将被注入信任库
# # storage backend, default is filesystem, options include filesystem, azure, gcs, s3, swift and oss
# # for more info about this configuration please refer https://docs.docker.com/registry/configuration/
# filesystem: #存储后端,默认为文件系统,选项包括文件系统、azure、gcs、s3、swift、NFS和oss存储
# maxthreads: 100
# # set disable to true when you want to disable registry redirect
# redirect: #是否启用重定向
# disabled: false
# Trivy configuration
#
# Trivy DB contains vulnerability information from NVD, Red Hat, and many other upstream vulnerability databases.
# It is downloaded by Trivy from the GitHub release page https://github.com/aquasecurity/trivy-db/releases and cached
# in the local file system. In addition, the database contains the update timestamp so Trivy can detect whether it
# should download a newer version from the Internet or use the cached one. Currently, the database is updated every
# 12 hours and published as a new release to GitHub.
trivy:
# ignoreUnfixed The flag to display only fixed vulnerabilities
ignore_unfixed: false
# skipUpdate The flag to enable or disable Trivy DB downloads from GitHub
#
# You might want to enable this flag in test or CI/CD environments to avoid GitHub rate limiting issues.
# If the flag is enabled you have to download the `trivy-offline.tar.gz` archive manually, extract `trivy.db` and
# `metadata.json` files and mount them in the `/home/scanner/.cache/trivy/db` path.
skip_update: false
#
# The offline_scan option prevents Trivy from sending API requests to identify dependencies.
# Scanning JAR files and pom.xml may require Internet access for better detection, but this option tries to avoid it.
# For example, the offline mode will not try to resolve transitive dependencies in pom.xml when the dependency doesn't
# exist in the local repositories. It means a number of detected vulnerabilities might be fewer in offline mode.
# It would work if all the dependencies are in local.
# This option doesn’t affect DB download. You need to specify "skip-update" as well as "offline-scan" in an air-gapped environment.
offline_scan: false
#
# insecure The flag to skip verifying registry certificate
insecure: false
# github_token The GitHub access token to download Trivy DB
#
# Anonymous downloads from GitHub are subject to the limit of 60 requests per hour. Normally such rate limit is enough
# for production operations. If, for any reason, it's not enough, you could increase the rate limit to 5000
# requests per hour by specifying the GitHub access token. For more details on GitHub rate limiting please consult
# https://developer.github.com/v3/#rate-limiting
#
# You can create a GitHub token by following the instructions in
# https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line
#
# github_token: xxx
jobservice:
# Maximum number of job workers in job service
max_job_workers: 10 #job服务的最大数量
notification:
# Maximum retry count for webhook job
webhook_job_max_retry: 10 # webhook job的最大重试次数
chart: #harbor不仅可以存储镜像,还可以存Chart,当helm服务器使用
# Change the value of absolute_url to enabled can enable absolute url in chart
absolute_url: disabled #是否启用
# Log configurations
log: #日志相关配置
# options are debug, info, warning, error, fatal
level: info #日志级别
# configs for logs in local storage
local:
# Log files are rotated log_rotate_count times before being removed. If count is 0, old versions are removed rather than rotated.
rotate_count: 50
# Log files are rotated only if they grow bigger than log_rotate_size bytes. If size is followed by k, the size is assumed to be in kilobytes.
# If the M is used, the size is in megabytes, and if G is used, the size is in gigabytes. So size 100, size 100k, size 100M and size 100G
# are all valid.
rotate_size: 200M
# The directory on your host that store log
location: /var/log/harbor #日志存放位置
# Uncomment following lines to enable external syslog endpoint. #是否启用外部系统日志
# external_endpoint:
# # protocol used to transmit log to external endpoint, options is tcp or udp
# protocol: tcp #用于将日志传输到外部端点的协议,选项为tcp或udp
# # The host of external endpoint
# host: localhost #外部主机的地址(主机IP)
# # Port of external endpoint
# port: 5140 #外部主机的端口号
#This attribute is for migrator to detect the version of the .cfg file, DO NOT MODIFY!
_version: 2.4.0
# Uncomment external_database if using external database. #是否使用外部数据库,To use please uncomment below
# external_database: #外部数据库配置
# harbor:
# host: harbor_db_host #外部数据库ip地址
# port: harbor_db_port #External database port
# db_name: harbor_db_name #数据库名
# username: harbor_db_username #用户名
# password: harbor_db_password #密码
# ssl_mode: disable #是否启用SSL模式
# max_idle_conns: 2 #最大空闲连接数
# max_open_conns: 0 #最大连接数,0表不限制
# notary_signer:
# host: notary_signer_db_host
# port: notary_signer_db_port
# db_name: notary_signer_db_name
# username: notary_signer_db_username
# password: notary_signer_db_password
# ssl_mode: disable
# notary_server:
# host: notary_server_db_host
# port: notary_server_db_port
# db_name: notary_server_db_name
# username: notary_server_db_username
# password: notary_server_db_password
# ssl_mode: disable
# Uncomment external_redis if using external Redis server #启用外部redisThe cache server is uncommented below
# external_redis:
# # support redis, redis+sentinel
# # host for redis: <host_redis>:<port_redis>
# # host for redis+sentinel:
# # <host_sentinel1>:<port_sentinel1>,<host_sentinel2>:<port_sentinel2>,<host_sentinel3>:<port_sentinel3>
# host: redis:6379 # redis的地址:端口
# password: # 连接外部redis服务的密码
# # sentinel_master_set must be set to support redis+sentinel
# #sentinel_master_set:
# # db_index 0 is for core, it's unchangeable
# registry_db_index: 1
# jobservice_db_index: 2
# chartmuseum_db_index: 3
# trivy_db_index: 5
# idle_timeout_seconds: 30
# Uncomment uaa for trusting the certificate of uaa instance that is hosted via self-signed cert.
# uaa:
# ca_file: /path/to/ca
# Global proxy
# Config http proxy for components, e.g. http://my.proxy.com:3128
# Components doesn't need to connect to each others via http proxy.
# Remove component from `components` array if want disable proxy
# for it. If you want use proxy for replication, MUST enable proxy
# for core and jobservice, and set `http_proxy` and `https_proxy`.
# Add domain to the `no_proxy` field, when you want disable proxy
# for some special registry.
proxy:
http_proxy:
https_proxy:
no_proxy:
components:
- core
- jobservice
- trivy
# metric:
# enabled: false
# port: 9090
# path: /metrics
# Trace related config
# only can enable one trace provider(jaeger or otel) at the same time,
# and when using jaeger as provider, can only enable it with agent mode or collector mode.
# if using jaeger collector mode, uncomment endpoint and uncomment username, password if needed
# if using jaeger agetn mode uncomment agent_host and agent_port
# trace:
# enabled: true
# # set sample_rate to 1 if you wanna sampling 100% of trace data; set 0.5 if you wanna sampling 50% of trace data, and so forth
# sample_rate: 1
# # # namespace used to differenciate different harbor services
# # namespace:
# # # attributes is a key value dict contains user defined attributes used to initialize trace provider
# # attributes:
# # application: harbor
# # # jaeger should be 1.26 or newer.
# # jaeger:
# # endpoint: http://hostname:14268/api/traces
# # username:
# # password:
# # agent_host: hostname
# # # export trace data by jaeger.thrift in compact mode
# # agent_port: 6831
# # otel:
# # endpoint: hostname:4318
# # url_path: /v1/traces
# # compression: false
# # insecure: true
# # timeout: 10s
安装harbor
配置文件修改完成,我们开始安装harbor,如下所示:
[[email protected] harbor]# ./prepare #先执行./prepare检查一下,看看有没有报错,If there is an error, it will be resolved
prepare base dir is set to /root/harbor
Unable to find image 'goharbor/prepare:v2.4.3' locally
v2.4.3: Pulling from goharbor/prepare
9fc3011f8f61: Pull complete
eb8eda8a9731: Pull complete
77da97ebcff1: Pull complete
8f78fd5a419a: Pull complete
5fef0d95753f: Pull complete
36dec2a7f11d: Pull complete
1d33225e2038: Pull complete
6421e1da01ae: Pull complete
Digest: sha256:a34acf3f79ac5b1b31b695435f6eb948eb3c50bc967c020058c31bcf1425be08
Status: Downloaded newer image for goharbor/prepare:v2.4.3
Generated configuration file: /config/portal/nginx.conf
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/registryctl/config.yml
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
Generated and saved secret to file: /data/secret/keys/secretkey
Successfully called func: create_root_cert
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir
[[email protected] harbor]# ./install.sh #The above check gives no error,Just start the installation
[Step 0]: checking if docker is installed ...
Note: docker version: 20.10.9
[Step 1]: checking docker-compose is installed ...
Note: docker-compose version: 1.18.0
[Step 2]: loading Harbor images ...
................................
Loaded image: goharbor/chartmuseum-photon:v2.4.3
[Step 3]: preparing environment ...
[Step 4]: preparing harbor configs ...
prepare base dir is set to /root/harbor
Clearing the configuration file: /config/portal/nginx.conf
Clearing the configuration file: /config/log/logrotate.conf
Clearing the configuration file: /config/log/rsyslog_docker.conf
Clearing the configuration file: /config/nginx/nginx.conf
Clearing the configuration file: /config/core/env
Clearing the configuration file: /config/core/app.conf
Clearing the configuration file: /config/registry/passwd
Clearing the configuration file: /config/registry/config.yml
Clearing the configuration file: /config/registryctl/env
Clearing the configuration file: /config/registryctl/config.yml
Clearing the configuration file: /config/db/env
Clearing the configuration file: /config/jobservice/env
Clearing the configuration file: /config/jobservice/config.yml
Generated configuration file: /config/portal/nginx.conf
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/registryctl/config.yml
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
Creating harbor-log ... done
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir
Creating redis ... done
Creating harbor-core ... done
Creating network "harbor_harbor" with the default driver
Creating nginx ... done
Creating registryctl ...
Creating harbor-db ...
Creating registry ...
Creating harbor-portal ...
Creating redis ...
Creating harbor-core ...
Creating nginx ...
Creating harbor-jobservice ...
----Harbor has been installed and started successfully.---- #Finally see this one shows that the installation is complete,表示harbor安装成功
网页登录
网页输入https://ip地址,Select Continue below
输入账号密码即可登录,账号是admin ,密码是harbor.ymlThe initial password configured in the file
It is strongly recommended to change the default password immediately,Otherwise it is vulnerable to attack
启动、停止harbor
#harborAlso started using a container,如下所示,查看harbor的容器
[[email protected] ~]# docker ps -a #查看harbor的容器,显示启动了9个容器
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
97841cf6c2d9 goharbor/harbor-jobservice:v2.4.3 "/harbor/entrypoint.…" 42 minutes ago Up 42 minutes (healthy) harbor-jobservice
dee0a10dd2a9 goharbor/nginx-photon:v2.4.3 "nginx -g 'daemon of…" 42 minutes ago Up 42 minutes (healthy) 0.0.0.0:80->8080/tcp, :::80->8080/tcp, 0.0.0.0:443->8443/tcp, :::443->8443/tcp nginx
358552731a7c goharbor/harbor-core:v2.4.3 "/harbor/entrypoint.…" 42 minutes ago Up 42 minutes (healthy) harbor-core
576686126dba goharbor/redis-photon:v2.4.3 "redis-server /etc/r…" 42 minutes ago Up 42 minutes (healthy) redis
67be92debee1 goharbor/harbor-portal:v2.4.3 "nginx -g 'daemon of…" 42 minutes ago Up 42 minutes (healthy) harbor-portal
e507864c7150 goharbor/registry-photon:v2.4.3 "/home/harbor/entryp…" 42 minutes ago Up 42 minutes (healthy) registry
1836823f54c8 goharbor/harbor-registryctl:v2.4.3 "/home/harbor/start.…" 42 minutes ago Up 42 minutes (healthy) registryctl
54ae00f87d97 goharbor/harbor-db:v2.4.3 "/docker-entrypoint.…" 42 minutes ago Up 42 minutes (healthy) harbor-db
97639626f2fe goharbor/harbor-log:v2.4.3 "/bin/sh -c /usr/loc…" 42 minutes ago Up 42 minutes (healthy) 127.0.0.1:1514->10514/tcp harbor-log
[[email protected] ~]#
#停止harbor
[[email protected] ~]# cd /root/harbor #进入到harborthe installation directory to start and stop,有一个docker-compose.yml文件
[[email protected] harbor]# docker-compose down -v #停止harbor
Stopping harbor-jobservice ... done
Stopping nginx ... done
Stopping harbor-core ... done
Stopping redis ... done
Stopping harbor-portal ... done
Stopping registry ... done
Stopping registryctl ... done
Stopping harbor-db ... done
Stopping harbor-log ... done
Removing harbor-jobservice ... done
Removing nginx ... done
Removing harbor-core ... done
Removing redis ... done
Removing harbor-portal ... done
Removing registry ... done
Removing registryctl ... done
Removing harbor-db ... done
Removing harbor-log ... done
Removing network harbor_harbor
[[email protected] harbor]#
#启动harbor
[[email protected] ~]# cd /root/harbor #进入到harborthe installation directory to start and stop,有一个docker-compose.yml文件
[[email protected] harbor]# docker-compose up -d #启动harbor
Creating harbor-log ... done
Creating network "harbor_harbor" with the default driver
Creating harbor-log ...
Creating harbor-db ... done
Creating harbor-core ... done
Creating nginx ... done
Creating registryctl ...
Creating harbor-portal ...
Creating registry ...
Creating redis ...
Creating harbor-db ...
Creating harbor-core ...
Creating nginx ...
Creating harbor-jobservice ...
[[email protected] harbor]#
docker推送镜像到harbor镜像仓库、docker从harbor镜像仓库下载镜像
下面来验证docker推送镜像到harbor镜像仓库、docker从harbor镜像仓库下载镜像,如下:
First create our own private repository on the page(默认有一个library公开仓库),Here a call is createdmy_harbor的私有仓库.
1、添加仓库地址、重启docker
Do the following on a server that needs to upload images to the mirror repository or download images from the mirror repository,This server is also to be installeddocker的.
#在/etc/docker/daemon.jsonThe file adds the mirror warehouse address
[[email protected] ~]# cat /etc/docker/daemon.json
{
"registry-mirrors": ["https://b9pmyelo.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"],
"insecure-registries": ["192.168.44.133:443"] #添加这一句,Add the mirror repository address port to docker daemon
}
[[email protected] ~]#
[[email protected] ~]# systemctl restart docker #要重启docker服务
2、登录镜像仓库、退出镜像仓库
[[email protected] ~]# docker login -u admin 192.168.44.133:443 #使用docker loginCommand login create view,Specify the repository address port
Password: #输入账号密码
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded #Shows that the login was successful
#We can see from the above successful login information,Account passwords are stored in /root/.docker/config.json下
[[email protected] ~]# cat /root/.docker/config.json #查看config.json,It saves our login account password information
{
"auths": {
"192.168.44.133:443": {
#This is our warehouse address account password,This encryption method is actually usedbase64加密的,不安全
"auth": "YWRtaW46SGFyYm9yMTIzNDU="
}
}
}
[[email protected] ~]# echo "YWRtaW46SGFyYm9yMTIzNDU=" | base64 -d #使用base64Decryption can clearly see the account password
admin:Harbor12345[[email protected] ~]#
#为了安全,We need to log out in time
[[email protected] ~]# docker logout 192.168.44.133:443 #Log out of our mirror repository
Removing login credentials for 192.168.44.133:443
[[email protected] ~]# cat /root/.docker/config.json #查看/root/.docker/config.json,No login information
{
"auths": {
}
}
[[email protected] ~]#
3、推送镜像到远程harbor仓库
#There is one on this machinebusybox:latest的镜像,We're going to push it to oursharbor镜像仓库
#First we have to label the image,标签格式为:镜像仓库域名/仓库名/镜像:tag ,这种格式是固定的,Because we will use it laterdocker pushWhen the default is to push
# Sent to such a warehouse address
[[email protected] ~]# docker tag busybox:latest 192.168.44.133:443/my_harbor/busybox:1.0.2 #为镜像打标签
[[email protected] ~]# docker images #View tagged images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.44.133:443/my_harbor/busybox 1.0.2 beae173ccac6 7 months ago 1.24MB
[[email protected] ~]#
#推送镜像到harbor镜像仓库,The premise is that you have logged in to the mirror warehouse
[[email protected] ~]# docker push 192.168.44.133:443/my_harbor/busybox:1.0.2 #推送镜像到harbor镜像仓库
The push refers to repository [192.168.44.133:443/my_harbor/busybox]
01fd6df81c8e: Pushed
1.0.2: digest: sha256:62ffc2ed7554e4c6d360bce40bbcf196573dd27c4ce080641a2c59867e732dee size: 527
4、下载镜像,从harborDownload mirrors from remote mirror repositories
[[email protected] ~]# docker rmi 192.168.44.133:443/my_harbor/busybox:1.0.2 #先删除busybox:1.0.2镜像
Untagged: 192.168.44.133:443/my_harbor/busybox:1.0.2
[[email protected] ~]# docker images 192.168.44.133:443/my_harbor/busybox:1.0.2 #现在已经没有busybox:1.0.2这个镜像了
REPOSITORY TAG IMAGE ID CREATED SIZE
[[email protected] ~]#
[[email protected] ~]#
[[email protected] ~]# docker pull 192.168.44.133:443/my_harbor/busybox:1.0.2 #下载busybox:1.0.2镜像,It has been successfully downloaded
1.0.2: Pulling from my_harbor/busybox
Digest: sha256:62ffc2ed7554e4c6d360bce40bbcf196573dd27c4ce080641a2c59867e732dee
Status: Downloaded newer image for 192.168.44.133:443/my_harbor/busybox:1.0.2
192.168.44.133:443/my_harbor/busybox:1.0.2
[[email protected] ~]# docker images 192.168.44.133:443/my_harbor/busybox:1.0.2 #It has been successfully downloadedbusybox:1.0.2镜像
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.44.133:443/my_harbor/busybox 1.0.2 beae173ccac6 7 months ago 1.24MB
[[email protected] ~]#
总结
1、前提条件:安装好docker、docker-compose
[[email protected] ~]# mkdir /data #创建一个data目录,用作harbor的数据存储目录
[[email protected] ~]# mkdir /data/harbor/ssl/ -p #在data目录下创建一个ssl目录,Used to store key files
#默认情况下,harbor如果要使用https登陆,需要有证书,可以自签证书
[[email protected] ~]# cd /data/harbor/ssl/ #切换目录
[[email protected] ssl]# openssl genrsa -out ca.key 4096
[[email protected] ssl]# openssl req -x509 -new -nodes -sha512 -days 3650 \
-subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=xiaoming.com" \ #这里的xiaoming.com写上你的域名,No domain name is writtenip地址也可以
-key ca.key \
-out ca.crt
[[email protected] ~]# tar zxvf harbor-offline-installer-v2.4.3.tgz #Upload the installation package to the server and decompress the installation package
[[email protected] ~]# cd harbor #进入到解压后的目录
[[email protected] harbor]# cp harbor.yml.tmpl harbor.yml #将官方的harborMake a copy of the profile template asharbor的配置文件
2、编辑harbor.yml配置文件
# Mainly modify the following nodes,Other parameters are modified according to the actual situation:
hostname: 192.168.118.129 #这里配置ip地址或域名,The official recommendation is not to use itlocalhost or 127.0.0.1
certificate: /data/harbor/ssl/ca.crt #访问harbor的证书,Here you need to change to the certificate generated above
private_key: /data/harbor/ssl/ca.key #访问harbor的私钥,Here you need to change to the certificate generated above
3、安装harbor
[[email protected] ~]# cd harbor #进入到解压后的harbor目录
[[email protected] harbor]# ./prepare #先执行./prepare检查一下,看看有没有报错,If there is an error, it will be resolved
[[email protected] harbor]# ./install.sh #The above check gives no error,Just start the installation
4、网页登录
网页输入https://ip地址,The default account isadmin,初始密码是harbor.ymlThe initial password set in the file
Create your own private mirror repository
5、启动、停止harbor
#harborAlso started using a container,如下所示,查看harbor的容器
[[email protected] ~]# docker ps -a #查看harbor的容器,显示启动了9个容器
#启动停止harborhave to enterharbor的安装目录,因为里面有一个docker-compose.yml文件
#停止harbor
[[email protected] ~]# cd /root/harbor
[[email protected] harbor]# docker-compose down -v #停止harbor
#启动harbor
[[email protected] ~]# cd /root/harbor
[[email protected] harbor]# docker-compose up -d #启动harbor
6、推送镜像到harbor远程仓库、从harborDownload mirrors from remote mirror repositories
(1)、添加仓库地址、重启docker
Do the following on a server that needs to upload images to the mirror repository or download images from the mirror repository,This server is also to be installeddocker的
#在/etc/docker/daemon.jsonThe file adds the mirror warehouse address
[[email protected] ~]# vim /etc/docker/daemon.json
{
"registry-mirrors": ["https://b9pmyelo.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"],
"insecure-registries": ["192.168.44.133:443"] #添加这一句,Add the mirror repository address port to docker daemon
}
[[email protected] ~]# systemctl restart docker #要重启docker服务
(2)、登录镜像仓库、退出镜像仓库
[[email protected] ~]# docker login -u admin 192.168.44.133:443 #使用docker loginCommand login create view,Specify the repository address port
[[email protected] ~]# docker logout 192.168.44.133:443 #Log out of our mirror repository
(3)、推送镜像到远程harbor仓库
#There is one on this machinebusybox:latest的镜像,We're going to push it to oursharbor镜像仓库
#First we have to label the image,标签格式为:镜像仓库域名/仓库名/镜像:tag ,这种格式是固定的,Because we will use it laterdocker pushWhen the default is to push
# Sent to such a warehouse address
[[email protected] ~]# docker tag busybox:latest 192.168.44.133:443/my_harbor/busybox:1.0.2 #为镜像打标签
#推送镜像到harbor镜像仓库,The premise is that you have logged in to the mirror warehouse
[[email protected] ~]# docker push 192.168.44.133:443/my_harbor/busybox:1.0.2 #推送镜像到harbor镜像仓库
The push refers to repository [192.168.44.133:443/my_harbor/busybox]
01fd6df81c8e: Pushed
1.0.2: digest: sha256:62ffc2ed7554e4c6d360bce40bbcf196573dd27c4ce080641a2c59867e732dee size: 527
(4)、下载镜像,从harborDownload mirrors from remote mirror repositories
[[email protected] ~]# docker pull 192.168.44.133:443/my_harbor/busybox:1.0.2 #下载busybox:1.0.2镜像,It has been successfully downloaded
1.0.2: Pulling from my_harbor/busybox
Digest: sha256:62ffc2ed7554e4c6d360bce40bbcf196573dd27c4ce080641a2c59867e732dee
Status: Downloaded newer image for 192.168.44.133:443/my_harbor/busybox:1.0.2
192.168.44.133:443/my_harbor/busybox:1.0.2
边栏推荐
猜你喜欢
随机推荐
A day to learn a public company: Sophia
使用Redis zset做消息队列
5年测试开发工程师感悟——写给还在迷茫中的朋友
直播平台怎么搭建,设置状态栏颜色、沉浸式状态栏
面向6G的欠采样相移键控可见光调制方案
2022牛客多校联赛第七场 题解
Kubernetes apparmor profile
【过一下18】超参数优化
【Word】Add subscripts to the text of Word at the same time
Shell 文本三剑客 (grep、sed、awk)
The difference between LDO and DC-DC
S7-200SMART PLC Modbus TCP communication
二分搜索篇
22年下高项论文题目预测
分布式定时任务框架 xxl-job 源码解析
STM32学习笔记(PWM输出)
2022-08-08 顾宇佳 学习笔记
C语言如何给函数传二维数组?
How to pass a two-dimensional array to a function in C language?
直播源码开发,点击扫描跳转到扫码页面