docker: 搭建 harbor 镜像仓库

harbor

企业级内网镜像管理软件，加速拉取镜像速度，web 页面管理方便。

系统优化

systemctl stop NetworkManager
systemctl disable NetworkManager
iptables -F
systemctl restart docker

安装docker

[root@test05 ~]# yum install -y docker-compose docker

[root@test05 ~]# docker-compose version
docker-compose version 1.18.0, build 8dd22a9
docker-py version: 2.6.1
CPython version: 3.6.8
OpenSSL version: OpenSSL 1.0.2k-fips  26 Jan 2017

下载软件

mkdir /data && cd /data

# mv /tmp/harbor-offline-installer-v2.10.0.tgz .

# wget https://github.com/goharbor/harbor/releases/download/v2.10.0/harbor-offline-installer-v2.10.0.tgz

安装

tar xvf harbor-offline-installer-v2.10.0.tgz 

mkdir -p  /data/harbor/ssl &&  cd /data/harbor/ssl

配置证书

openssl genrsa -out ca.key 3072  # 一路回车

openssl req -new -x509 -days 36500 -key ca.key -out ca.pem  # 一路回车

openssl genrsa -out harbor.key  3072  # 一路回车

openssl req -new -key harbor.key -out harbor.csr  # 一路回车

openssl x509 -req -in harbor.csr -CA ca.pem -CAkey ca.key -CAcreateserial -out harbor.pem -days 36500  # 一路回车

修改配置

[root@test05 harbor]# cd /data/harbor/

[root@test05 harbor]# cp harbor.yml.tmpl harbor.yml

[root@test05 harbor]# vim  harbor.yml
# 改以下几个地方即可
hostname: 10.10.8.66
  certificate: /data/harbor/ssl/harbor.pem
  private_key: /data/harbor/ssl/harbor.key
  
harbor_admin_password: your-admin-password

默认的账号密码：admin/Harbor12345

脚本安装

[root@test05 harbor]# ./install.sh 
。。。
✔ ----Harbor has been installed and started successfully.----

配置开机自启动

[root@test05 harbor]# cat >/etc/profile.d/harborup.sh<<'EOF'
#!/bin/bash

cd /data/harbor
docker-compose stop; sleep 60s; docker-compose up -d >> /dev/null 2>&1  &
EOF

[root@test05 harbor]# chmod 700 /etc/profile.d/harborup.sh
[root@test05 harbor]# source   /etc/profile.d/harborup.sh   # 会重启

访问 https://10.10.8.66

默认的账号密码：admin/Harbor12345

web 使用

创建项目 ------> 项目名称(test) ------> 访问级别(勾选公开) ------> 确定即可

其他机器配置使用

配置私有地址

[root@test01 ~]# cat >/etc/docker/daemon.json<<'EOF'
{
    "registry-mirrors": [
        "http://hub-mirror.c.163.com",
        "https://docker.mirrors.ustc.edu.cn",
        "https://registry.docker-cn.com"
    ],
    "insecure-registries": ["10.10.8.66","harbor"],


    "exec-opts": ["native.cgroupdriver=systemd"]  
}
EOF

[root@test01 ~]# systemctl restart docker

登录账号

[root@test01 ~]# docker login 10.10.8.66
Username: admin
Password: 
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

打标签

docker tag 10.10.8.66:5000/elasticsearch:6.8.1  10.10.8.66/test/elasticsearch:6.8.1

上传镜像

docker push 10.10.8.66/test/elasticsearch:6.8.1

拉取镜像

docker pull 10.10.8.66/test/elasticsearch:6.8.1