基于CentOS搭建私有仓库harbor

$root@node1 \~\]# yum -y install epel-release #安装pip需要先安装epel-release包 \[root@node1 \~\]# yum install -y python-pip #安装pip \[root@node1 \~\]# pip install --upgrade pip #升级pip \[root@node1 \~\]# pip install docker-compose #安装docker-compose \[root@node1 \~\]# docker-compose -v /usr/local/lib/python3.6/site-packages/paramiko/transport.py:32: CryptographyDeprecationWarning: Python 3.6 is no longer supported by the Python core team. Therefore, support for it is deprecated in cryptography. The next release of cryptography will remove support for Python 3.6. from cryptography.hazmat.backends import default_backend docker-compose version 1.29.2, build unknown 若升级报错： ![](https://file.jishuzhan.net/article/1694592813871665154/1e921fe701d745a2a218a69f0eb7a104.png) 原因： `yum install python-pip`时，CentOS7默认的python版本是2.7。它不支持更新到最新版本。解决： \[root@node1 bin\]# yum install -y python3-pip #安装python3的pip \[root@node1 bin\]# pip3 install --upgrade pip -i https://pypi.tuna.tsinghua.edu.cn/simple #升级pip（需要使用pip3指令），-i 添加镜像源地址，提高下载速度 WARNING: Running pip install with root privileges is generally not a good idea. Try \`pip3 install --user\` instead. \[root@node1 bin\]# pip3 install docker-compose -i https://pypi.tuna.tsinghua.edu.cn/simple$

（2）下载Harbor 安装包

添加一块新硬盘格式化后挂载在/harbordata：

①添加sdb1磁盘

首先把虚拟机系统关机，在弹出的界面中单击添加按钮，新增一块硬件设备，如下图所示：

在虚拟机中模拟添加了硬盘设备后就应该能看到抽象成的硬盘设备文件了。按照udev 服务命名规则，第二个被识别的SCSI 设备应该会被保存为/dev/sdb，这个就是硬盘设备文件了。但在开始使用该硬盘之前还需要进行分区操作，例如从中取出一个10GB 的分区设备以供后面的操作使用。

用fdisk 命令来尝试管理/dev/sdb 硬盘设备：
$root@node1 \~\]# fdisk /dev/sdb Welcome to fdisk (util-linux 2.23.2). Changes will remain in memory only, until you decide to write them. Be careful before using the write command. Device does not contain a recognized partition table Building a new DOS disklabel with disk identifier 0x67bd3d87. Command (m for help): **n** Partition type: p primary (0 primary, 0 extended, 4 free) e extended Select (default p): Using default response p Partition number (1-4, default 1): First sector (2048-41943039, default 2048): Using default value 2048 Last sector, +sectors or +size{K,M,G} (2048-41943039, default 41943039): **+10G** Partition 1 of type Linux and of size 10 GiB is set Command (m for help): **w** The partition table has been altered! Calling ioctl() to re-read partition table. Syncing disks. 在上述步骤执行完毕之后，Linux 系统会自动把这个硬盘主分区抽象成/dev/sdb1 设备文件。可以使用file 命令查看该文件的属性，但有些时候系统并没有自动把分区信息同步给Linux 内核，而且这种情况似乎还比较常见（但不能算作是严重的bug）。可以输入partprobe 命令手动将分区信息同步到内核，而且一般推荐连续两次执行该命令，效果会更好。如果使用这个命令都无法解决问题，那么就重启计算机。 \[root@node1 \~\]# file /dev/sdb1 /dev/sdb1: block special \[root@node1 \~\]# partprobe Warning: Unable to open /dev/sr0 read-write (Read-only file system). /dev/sr0 has been opened read-only. \[root@node1 \~\]# partprobe Warning: Unable to open /dev/sr0 read-write (Read-only file system). /dev/sr0 has been opened read-only. \[root@node1 \~\]# file /dev/sdb1 /dev/sdb1: block special **②格式化和挂载** \[root@node1 \~\]# mkfs.ext4 /dev/sdb1 \[root@node1 \~\]# mkdir /harbordata \[root@node1 \~\]# mount /dev/sdb1 /harbordata/ \[root@node1 \~\]# df -h ![](https://file.jishuzhan.net/article/1694592813871665154/ad575d9443ae4ab48d5e804cce4c1be8.png)$

（3）修改配置文件

$root@node1 \~\]# /harbordata/harbor \[root@node1 harbor\]# cp harbor.yml.tmpl harbor.yml \[root@node1 harbor\]# vim harbor.yml 修改hostname值和注释https为443的信息，如下 ![](https://file.jishuzhan.net/article/1694592813871665154/72fe5e5f431e4beda17c6626085ba1c8.png)$

（4）添加主机映射

$root@node1 harbor\]# tail -1 /etc/hosts 192.168.19.133 node1$

安装启动harbor

$root@node1 harbor\]# ./install.sh$

安装后验证

①打开了一些端口
$root@node1 harbor\]# ss -lntup \| grep docker tcp LISTEN 0 128 127.0.0.1:1514 \*:\* users:(("docker-proxy",pid=26691,fd=4)) tcp LISTEN 0 128 \*:80 \*:\* users:(("docker-proxy",pid=27275,fd=4)) tcp LISTEN 0 128 \[::\]:80 \[::\]:\* users:(("docker-proxy",pid=27279,fd=4)) ②harbor实际就是启动了一些docker服务 \[root@node1 harbor\]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES be75291d7f54 goharbor/nginx-photon:v2.8.4 "nginx -g 'daemon of..." About a minute ago Up About a minute (healthy) 0.0.0.0:80-\>8080/tcp, :::80-\>8080/tcp nginx 8391933a9bd0 goharbor/harbor-jobservice:v2.8.4 "/harbor/entrypoint...." About a minute ago Up 58 seconds (healthy) harbor-jobservice d4be8400acb4 goharbor/harbor-core:v2.8.4 "/harbor/entrypoint...." About a minute ago Up About a minute (healthy) harbor-core$

使用Harbor

①访问浏览器

②登录

初始密码在harbor.cfg 文件有记录

③新建一个项目

上传下载镜像到harbor仓库

（1）修改docker配置，添加harbor仓库为信任地址，重启docker

$root@node1 harbor\]# cat /etc/docker/daemon.json { "registry-mirrors": \["http://registry.docker-cn.com"\], "insecure-registries": \["192.168.169.133:8081"\], "insecure-registries": \["node1:8081"$
}

（2）把要上传的镜像打上合适的标签

$root@node1 harbor\]# docker tag goharbor/harbor-db:v2.8.4 node1:80/test/harbor-db:v2.8.4 \[root@node1 harbor\]# docker image ls \| grep test node1:80/test/harbor-db v2.8.4 5b8af16d7420 6 days ago 174MB$

（3）登录harbor仓库

$root@node1 harbor\]# docker login node1:8081 Username: admin Password: WARNING! Your password will be stored unencrypted in /root/.docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store Login Succeeded$

（4）上传镜像

$root@node1 harbor\]# docker push node1:8081/test/harbor-db:v2.8.4 The push refers to repository \[node1:80/test/harbor-db$
b91c1501abe9: Pushed

e30935897ec8: Pushed

7600d3f327f6: Pushed

04498149158d: Pushed

8dd9b9af7425: Pushed

6f34146f1977: Pushed

98c144348806: Pushed

22c2b4c49c70: Pushed

b4faf8a74f36: Pushed

627fc8f29b12: Pushed

a074a02dfff1: Pushed

v2.8.4: digest: sha256:f887f9197510e86e3c8a82235c1d170f7a3bc93b4823028077e2565ca27e17c3 size: 2612

（5）在harbor上验证上传成功

（6）拉取harbor中的镜像

#删除原本镜像
$root@node1 harbor\]# docker rmi node1:8081/test/harbor-db:v2.8.4 Untagged: node1:8081/test/harbor-db:v2.8.4 Untagged: node1:8081/test/harbor-db@sha256:f887f9197510e86e3c8a82235c1d170f7a3bc93b4823028077e2565ca27e17c3 #验证是否删除 \[root@node1 harbor\]# docker image ls node1:8081/test/harbor-db:v2.8.4 REPOSITORY TAG IMAGE ID CREATED SIZE #拉取镜像 \[root@node1 harbor\]# docker pull node1:8081/test/harbor-db:v2.8.4 v2.8.4: Pulling from test/harbor-db Digest: sha256:f887f9197510e86e3c8a82235c1d170f7a3bc93b4823028077e2565ca27e17c3 Status: Downloaded newer image for node1:8081/test/harbor-db:v2.8.4 node1:80/test/harbor-db:v2.8.4 #验证是否拉取成功 \[root@node1 harbor\]# docker image ls node1:8081/test/harbor-db:v2.8.4 REPOSITORY TAG IMAGE ID CREATED SIZE node1:8081/test/harbor-db v2.8.4 5b8af16d7420 6 days ago 174MB$

控制harbor服务

在harbor安装路径下，使用docker-compose命令对harbor进行控制

（1）暂停/取消暂停harbor服务

docker-compose pause

docker-compose unpause

（2）关闭/开启harbor服务

docker-compose stop

docker-compose start