基于CentOS搭建私有仓库harbor

环境:

操作系统:CentOS Linux 7 (Core)

内核: Linux 3.10.0-1160.el7.x86_64

目录

安装搭建harbor

[(1)安装docker编排工具docker compose](#(1)安装docker编排工具docker compose)

[(2)下载Harbor 安装包](#(2)下载Harbor 安装包)

(3)修改配置文件

(4)添加主机映射

安装启动harbor

安装后验证

使用Harbor

①访问浏览器

②登录

③新建一个项目

上传下载镜像到harbor仓库

(1)修改docker配置,添加harbor仓库为信任地址

(2)把要上传的镜像打上合适的标签

(3)登录harbor仓库

(4)上传镜像

(5)在harbor上验证上传成功

控制harbor服务

(1)暂停/取消暂停harbor服务

(2)关闭/开启harbor服务

安装搭建harbor

(1)安装docker编排工具docker compose

[root@node1 ~]# yum -y install epel-release #安装pip需要先安装epel-release包

[root@node1 ~]# yum install -y python-pip #安装pip

[root@node1 ~]# pip install --upgrade pip #升级pip

[root@node1 ~]# pip install docker-compose #安装docker-compose

[root@node1 ~]# docker-compose -v

/usr/local/lib/python3.6/site-packages/paramiko/transport.py:32: CryptographyDeprecationWarning: Python 3.6 is no longer supported by the Python core team. Therefore, support for it is deprecated in cryptography. The next release of cryptography will remove support for Python 3.6.

from cryptography.hazmat.backends import default_backend

docker-compose version 1.29.2, build unknown

若升级报错:

原因:

yum install python-pip时,CentOS7默认的python版本是2.7。它不支持更新到最新版本。

解决:

[root@node1 bin]# yum install -y python3-pip #安装python3的pip

[root@node1 bin]# pip3 install --upgrade pip -i https://pypi.tuna.tsinghua.edu.cn/simple #升级pip(需要使用pip3指令),-i 添加镜像源地址,提高下载速度

WARNING: Running pip install with root privileges is generally not a good idea. Try `pip3 install --user` instead.

[root@node1 bin]# pip3 install docker-compose -i https://pypi.tuna.tsinghua.edu.cn/simple

(2)下载Harbor 安装包

添加一块新硬盘格式化后挂载在/harbordata:

①添加sdb1磁盘

首先把虚拟机系统关机,在弹出的界面中单击添加按钮,新增一块硬件设备,如下图所示:

在虚拟机中模拟添加了硬盘设备后就应该能看到抽象成的硬盘设备文件了。按照udev 服务命名规则,第二个被识别的SCSI 设备应该会被保存为/dev/sdb,这个就是硬盘设备文件了。但在开始使用该硬盘之前还需要进行分区操作,例如从中取出一个10GB 的分区设备以供后面的操作使用。

fdisk 命令来尝试管理/dev/sdb 硬盘设备:

[root@node1 ~]# fdisk /dev/sdb

Welcome to fdisk (util-linux 2.23.2).

Changes will remain in memory only, until you decide to write them.

Be careful before using the write command.

Device does not contain a recognized partition table

Building a new DOS disklabel with disk identifier 0x67bd3d87.

Command (m for help): n

Partition type:

p primary (0 primary, 0 extended, 4 free)

e extended

Select (default p):

Using default response p

Partition number (1-4, default 1):

First sector (2048-41943039, default 2048):

Using default value 2048

Last sector, +sectors or +size{K,M,G} (2048-41943039, default 41943039): +10G

Partition 1 of type Linux and of size 10 GiB is set

Command (m for help): w

The partition table has been altered!

Calling ioctl() to re-read partition table.

Syncing disks.

在上述步骤执行完毕之后,Linux 系统会自动把这个硬盘主分区抽象成/dev/sdb1 设备文件。可以使用file 命令查看该文件的属性,但有些时候系统并没有自动把分区信息同步给Linux 内核,而且这种情况似乎还比较常见(但不能算作是严重的bug)。可以输入partprobe 命令手动将分区信息同步到内核,而且一般推荐连续两次执行该命令,效果会更好。如果使用这个命令都无法解决问题,那么就重启计算机。

[root@node1 ~]# file /dev/sdb1

/dev/sdb1: block special

[root@node1 ~]# partprobe

Warning: Unable to open /dev/sr0 read-write (Read-only file system). /dev/sr0 has been opened read-only.

[root@node1 ~]# partprobe

Warning: Unable to open /dev/sr0 read-write (Read-only file system). /dev/sr0 has been opened read-only.

[root@node1 ~]# file /dev/sdb1

/dev/sdb1: block special
②格式化和挂载

[root@node1 ~]# mkfs.ext4 /dev/sdb1

[root@node1 ~]# mkdir /harbordata

[root@node1 ~]# mount /dev/sdb1 /harbordata/

[root@node1 ~]# df -h

(3)修改配置文件

[root@node1 ~]# /harbordata/harbor

[root@node1 harbor]# cp harbor.yml.tmpl harbor.yml

[root@node1 harbor]# vim harbor.yml

修改hostname值和注释https为443的信息,如下

(4)添加主机映射

[root@node1 harbor]# tail -1 /etc/hosts

192.168.19.133 node1

安装启动harbor

[root@node1 harbor]# ./install.sh

安装后验证

①打开了一些端口

[root@node1 harbor]# ss -lntup | grep docker

tcp LISTEN 0 128 127.0.0.1:1514 *:* users:(("docker-proxy",pid=26691,fd=4))

tcp LISTEN 0 128 *:80 *:* users:(("docker-proxy",pid=27275,fd=4))

tcp LISTEN 0 128 [::]:80 [::]:* users:(("docker-proxy",pid=27279,fd=4))

②harbor实际就是启动了一些docker服务

[root@node1 harbor]# docker ps

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES

be75291d7f54 goharbor/nginx-photon:v2.8.4 "nginx -g 'daemon of..." About a minute ago Up About a minute (healthy) 0.0.0.0:80->8080/tcp, :::80->8080/tcp nginx

8391933a9bd0 goharbor/harbor-jobservice:v2.8.4 "/harbor/entrypoint...." About a minute ago Up 58 seconds (healthy) harbor-jobservice

d4be8400acb4 goharbor/harbor-core:v2.8.4 "/harbor/entrypoint...." About a minute ago Up About a minute (healthy) harbor-core

使用Harbor

①访问浏览器

②登录

初始密码在harbor.cfg 文件有记录

③新建一个项目

上传下载镜像到harbor仓库

(1)修改docker配置,添加harbor仓库为信任地址,重启docker

[root@node1 harbor]# cat /etc/docker/daemon.json

{

"registry-mirrors": ["http://registry.docker-cn.com"],

"insecure-registries": ["192.168.169.133:8081"],

"insecure-registries": ["node1:8081"]

}

(2)把要上传的镜像打上合适的标签

[root@node1 harbor]# docker tag goharbor/harbor-db:v2.8.4 node1:80/test/harbor-db:v2.8.4

[root@node1 harbor]# docker image ls | grep test

node1:80/test/harbor-db v2.8.4 5b8af16d7420 6 days ago 174MB

(3)登录harbor仓库

[root@node1 harbor]# docker login node1:8081

Username: admin

Password:

WARNING! Your password will be stored unencrypted in /root/.docker/config.json.

Configure a credential helper to remove this warning. See

https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

(4)上传镜像

[root@node1 harbor]# docker push node1:8081/test/harbor-db:v2.8.4

The push refers to repository [node1:80/test/harbor-db]

b91c1501abe9: Pushed

e30935897ec8: Pushed

7600d3f327f6: Pushed

04498149158d: Pushed

8dd9b9af7425: Pushed

6f34146f1977: Pushed

98c144348806: Pushed

22c2b4c49c70: Pushed

b4faf8a74f36: Pushed

627fc8f29b12: Pushed

a074a02dfff1: Pushed

v2.8.4: digest: sha256:f887f9197510e86e3c8a82235c1d170f7a3bc93b4823028077e2565ca27e17c3 size: 2612

(5)在harbor上验证上传成功

(6)拉取harbor中的镜像

#删除原本镜像

[root@node1 harbor]# docker rmi node1:8081/test/harbor-db:v2.8.4

Untagged: node1:8081/test/harbor-db:v2.8.4

Untagged: node1:8081/test/harbor-db@sha256:f887f9197510e86e3c8a82235c1d170f7a3bc93b4823028077e2565ca27e17c3

#验证是否删除

[root@node1 harbor]# docker image ls node1:8081/test/harbor-db:v2.8.4

REPOSITORY TAG IMAGE ID CREATED SIZE

#拉取镜像

[root@node1 harbor]# docker pull node1:8081/test/harbor-db:v2.8.4

v2.8.4: Pulling from test/harbor-db

Digest: sha256:f887f9197510e86e3c8a82235c1d170f7a3bc93b4823028077e2565ca27e17c3

Status: Downloaded newer image for node1:8081/test/harbor-db:v2.8.4

node1:80/test/harbor-db:v2.8.4

#验证是否拉取成功

[root@node1 harbor]# docker image ls node1:8081/test/harbor-db:v2.8.4

REPOSITORY TAG IMAGE ID CREATED SIZE

node1:8081/test/harbor-db v2.8.4 5b8af16d7420 6 days ago 174MB

控制harbor服务

在harbor安装路径下,使用docker-compose命令对harbor进行控制

(1)暂停/取消暂停harbor服务

docker-compose pause

docker-compose unpause

(2)关闭/开启harbor服务

docker-compose stop

docker-compose start

相关推荐
胡八一7 天前
解决/var/lib/docker(默认的 Docker 数据目录)占用较大,并且所在磁盘空间不足
docker·harbor
warrah8 天前
生产环境迁移——harbor篇
harbor
Echo flower12 天前
jenkins harbor安装
云原生·harbor
秋意零1 个月前
Harbor安装、HTTPS配置、修改端口后不可访问?
运维·云计算·harbor·harbor相关
lwprain1 个月前
安装支持ssl的harbor 2.1.4 docker 19.03.8 docker-compose 1.24.0
网络协议·ssl·harbor
lu云之东1 个月前
Harbor2.11.1生成自签证和配置HTTPS访问
网络协议·http·docker·https·harbor
空城.依旧2 个月前
快速学习开源 Docker 镜像仓库 Harbor
学习·docker·开源·harbor
丁总学Java3 个月前
docker -私有镜像仓库 - harbor安装
运维·docker·容器·harbor
塔克拉玛攻城狮4 个月前
containerd:配置https私有镜像仓库的最新方法
containerd·harbor
一个在高校打杂的4 个月前
解决ssl certificates updated-生成环境中的实例
linux·ssl·harbor