harborによるプライベートdocker registryの構築
一.dockerのインストール
[docker]
name=docker
enabled=1
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/x86_64/stable/
gpgcheck=0
enabled=1
[root@node ~]# yum install -y docker-ce
二.docker-composeのインストール
curl -L https://github.com/docker/compose/releases/download/1.16.1/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
chmod + x /usr/local/bin/docker-compose
[root@node ~]# docker-compose version
docker-compose version 1.16.1, build 6d1ac21
docker-py version: 2.5.1
CPython version: 2.7.13
OpenSSL version: OpenSSL 1.0.1t 3 May 2016
rm -rf /usr/local/bin/docker-compose
三.Harborのインストール
1.harborインストールパッケージのダウンロード
- Online installer:
- :https://storage.googleapis.com/harbor-releases/harbor-offline-installer-v1.5.2.tgz
- md5: 49f5ce1cab8125e59d45af305b8f46fe
- Offline installer:
- :https://storage.googleapis.com/harbor-releases/harbor-online-installer-v1.5.2.tgz
- md5: abd7a80c052cc10b3346062f65f96b96
2.インストールパッケージを/usr/local/harbor/ディレクトリに解凍する
3.harbor.の編集cfgファイル:
hostname = reg.lxk.com #IP FQDN
ui_url_protocol = http
# 。 docker pull/push https。 https, 。
max_job_workers = 50 # ( )
db_password = root123 #harbor ( )
customize_crt = on # on: registry / 。
#off :
ssl_cert = /data/cert/server.crt #SSL , ui_url_protocol https
ssl_cert_key = /data/cert/server.key #SSL , ui_url_protocol https
secretkey_path = /data #The path of secretkey storage
log_rotate_count = 50 # ( , )
log_rotate_size = 200M # ( )
self_registration = off #
project_creation_restriction = adminonly #
harbor_admin_password = centos # , :admin/Harbor12345
email_server = smtp.mydomain.com
email_server_port = 25
email_identity =
email_username = [email protected]
email_password = abc
email_from = admin [email protected]
email_ssl = false
email_insecure = false
4.インストールスクリプトの実行
[root@node ~]# cd /usr/local/harbor/
[root@node harbor]# ./install.sh
[Step 0]: checking installation environment ...
Note: docker version: 18.06.0
Note: docker-compose version: 1.16.1
[Step 1]: preparing environment ...
Clearing the configuration file: ./common/config/adminserver/env
Clearing the configuration file: ./common/config/ui/env
Clearing the configuration file: ./common/config/ui/app.conf
Clearing the configuration file: ./common/config/ui/private_key.pem
Clearing the configuration file: ./common/config/db/env
Clearing the configuration file: ./common/config/jobservice/env
Clearing the configuration file: ./common/config/jobservice/config.yml
Clearing the configuration file: ./common/config/registry/config.yml
Clearing the configuration file: ./common/config/registry/root.crt
Clearing the configuration file: ./common/config/nginx/nginx.conf
Clearing the configuration file: ./common/config/log/logrotate.conf
loaded secret from file: /data/secretkey
Generated configuration file: ./common/config/nginx/nginx.conf
Generated configuration file: ./common/config/adminserver/env
Generated configuration file: ./common/config/ui/env
Generated configuration file: ./common/config/registry/config.yml
Generated configuration file: ./common/config/db/env
Generated configuration file: ./common/config/jobservice/env
Generated configuration file: ./common/config/jobservice/config.yml
Generated configuration file: ./common/config/log/logrotate.conf
Generated configuration file: ./common/config/jobservice/config.yml
Generated configuration file: ./common/config/ui/app.conf
Generated certificate, key file: ./common/config/ui/private_key.pem, cert file: ./common/config/registry/root.crt
The configuration files are ready, please use docker-compose to start the service.
[Step 2]: checking existing instance of Harbor ...
Note: stopping existing Harbor instance ...
Removing nginx ... done
Removing harbor-jobservice ... done
Removing harbor-ui ... done
Removing redis ... done
Removing harbor-adminserver ... done
Removing registry ... done
Removing harbor-db ... done
Removing harbor-log ... done
Removing network harbor_harbor
[Step 3]: starting Harbor ...
Creating network "harbor_harbor" with the default driver
Creating harbor-log ...
Creating harbor-log ... done
Creating harbor-db ...
Creating redis ...
Creating harbor-adminserver ...
Creating registry ...
Creating harbor-db
Creating redis
Creating registry
Creating harbor-db ... done
Creating harbor-ui ...
Creating harbor-ui ... done
Creating harbor-jobservice ...
Creating nginx ...
Creating nginx
Creating nginx ... done
✔ ----Harbor has been installed and started successfully.----
Now you should be able to visit the admin portal at http://reg.lxk.com.
For more details, please visit https://github.com/vmware/harbor .
5.インストールされたharborの表示
[root@node harbor]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
45c849240289 vmware/harbor-jobservice:v1.5.2 "/harbor/start.sh" 2 minutes ago Up 2 minutes harbor-jobservice
24df8c8d740e vmware/nginx-photon:v1.5.2 "nginx -g 'daemon of…" 2 minutes ago Up 2 minutes (healthy) 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp nginx
49a2e63d33eb vmware/harbor-ui:v1.5.2 "/harbor/start.sh" 2 minutes ago Up 2 minutes (healthy) harbor-ui
44edfc92d5c2 vmware/harbor-adminserver:v1.5.2 "/harbor/start.sh" 2 minutes ago Up 2 minutes (healthy) harbor-adminserver
a2d2f2a08e77 vmware/registry-photon:v2.6.2-v1.5.2 "/entrypoint.sh serv…" 2 minutes ago Up 2 minutes (healthy) 5000/tcp registry
229dddfc0e34 vmware/redis-photon:v1.5.2 "docker-entrypoint.s…" 2 minutes ago Up 2 minutes 6379/tcp redis
97ac1f88d6a7 vmware/harbor-db:v1.5.2 "/usr/local/bin/dock…" 2 minutes ago Up 2 minutes (healthy) 3306/tcp harbor-db
d96f1ce61867 vmware/harbor-log:v1.5.2 "/bin/sh -c 'crond &…" 2 minutes ago Up 2 minutes 514/tcp, 127.0.0.1:1514->10514/tcp harbor-log
四.docker-composeでharborを管理する
docker-compose
Define and run multi-container applications with Docker.
# docker
Usage:
docker-compose [-f ...] [options] [COMMAND] [ARGS...]
docker-compose -h|--help
Options:
-f, --file FILE Specify an alternate compose file (default: docker-compose.yml)
# , docker-compose.yml
--verbose Show more output
-v, --version Print version and exit
Commands:
down Stop and remove containers, networks, images, and volumes
# 、 、docker
kill Kill containers #
logs View output from containers #
pause Pause services #
ps List containers #
pull Pull service images #
push Push service images #
restart Restart services #
rm Remove stopped containers #
run Run a one-off command #
start Start services #
stop Stop services #
top Display the running processes #
unpause Unpause services #
up Create and start containers #
version Show the Docker-Compose version information # docker-compose
例:-fパラメータを使用してdocker-composeを指定する.ymlファイル
[root@node ~]# docker-compose -f /usr/local/harbor/docker-compose.yml ps
Name Command State Ports
------------------------------------------------------------------------------------------------------------------------------
harbor-adminserver /harbor/start.sh Up
harbor-db /usr/local/bin/docker-entr ... Up 3306/tcp
harbor-jobservice /harbor/start.sh Up
harbor-log /bin/sh -c crond && rsyslo ... Up 127.0.0.1:1514->10514/tcp, 514/tcp
harbor-ui /harbor/start.sh Up
nginx nginx -g daemon off; Up 0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp, 0.0.0.0:80->80/tcp
redis docker-entrypoint.sh redis ... Up 6379/tcp
registry /entrypoint.sh serve /etc/ ... Up 5000/tcp
例:docker-composeを指定しない.ymlファイルが間違っています
[root@node ~]# docker-compose ps
ERROR:
Can't find a suitable configuration file in this directory or any
parent. Are you in the right directory?
Supported filenames: docker-compose.yml, docker-compose.yaml
[root@node harbor]# docker-compose ps #
Name Command State Ports
------------------------------------------------------------------------------------------------------------------------------
harbor-adminserver /harbor/start.sh Up
harbor-db /usr/local/bin/docker-entr ... Up 3306/tcp
harbor-jobservice /harbor/start.sh Up
harbor-log /bin/sh -c crond && rsyslo ... Up 127.0.0.1:1514->10514/tcp, 514/tcp
harbor-ui /harbor/start.sh Up
nginx nginx -g daemon off; Up 0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp, 0.0.0.0:80->80/tcp
redis docker-entrypoint.sh redis ... Up 6379/tcp
registry /entrypoint.sh serve /etc/ ... Up 5000/tcp
[root@node harbor]# docker-compose stop # harbor
Stopping harbor-jobservice ... done
Stopping nginx ... done
Stopping harbor-ui ... done
Stopping harbor-adminserver ... done
Stopping registry ... done
Stopping redis ... done
Stopping harbor-db ... done
Stopping harbor-log ... done
[root@node harbor]# docker-compose ps # harbor container
Name Command State Ports
----------------------------------------------------------------------
harbor-adminserver /harbor/start.sh Exit 137
harbor-db /usr/local/bin/docker-entr ... Exit 0
harbor-jobservice /harbor/start.sh Exit 137
harbor-log /bin/sh -c crond && rsyslo ... Exit 137
harbor-ui /harbor/start.sh Exit 137
nginx nginx -g daemon off; Exit 0
redis docker-entrypoint.sh redis ... Exit 0
registry /entrypoint.sh serve /etc/ ... Exit 137
[root@node harbor]# docker-compose start # , restart 。
Starting log ... done
Starting redis ... error
Starting adminserver ... error
Starting registry ... error
Starting ui ... error
Starting mysql ... error
Starting jobservice ... error
Starting proxy ... error
ERROR: for mysql Cannot start service mysql: failed to initialize logging driver: dial tcp 127.0.0.1:1514: connect: connection refused
ERROR: for redis Cannot start service redis: failed to initialize logging driver: dial tcp 127.0.0.1:1514: connect: connection refused
ERROR: for registry Cannot start service registry: failed to initialize logging driver: dial tcp 127.0.0.1:1514: connect: connection refused
ERROR: for adminserver Cannot start service adminserver: failed to initialize logging driver: dial tcp 127.0.0.1:1514: connect: connection refused
guy-hubこのプロジェクトissueでこの問題に言及したのは、ログサービスが開始されず、他のサービスがログサーバに登録する必要があるため、ポートアクセスが拒否されるためです.解決策はなく、回答者は後続が注目すると言っただけだ.
[root@node harbor]# docker-compose restart # restart , , 。
Restarting harbor-jobservice ... done
Restarting nginx ... done
Restarting harbor-ui ... done
Restarting harbor-adminserver ... done
Restarting registry ... done
Restarting redis ... done
Restarting harbor-db ... done
Restarting harbor-log ... done
五.テストアクセスharbor
六.ミラーのアップロードとダウンロードのテスト
[root@node ~]# vim /usr/lib/systemd/system/docker.service
ExecStart=/usr/bin/dockerd --insecure-registry reg.lxk.com
# ExecStart --insecure-registry reg.lxk.com
# reg.lxk.com harbor.cfg hostname
[root@node test]# systemctl daemon-reload
[root@node test]# systemctl restart docker
[root@node ~]# mkdir test
[root@node ~]# cd test/
[root@node test]# vim Dockerfile
# vim Dockerfile
FROM centos:centos7.1.1503
ENV TZ "Asia/Shanghai"
[root@node test]# docker build -t reg.lxk.com/library/centos7.1:v0.1 ./
Sending build context to Docker daemon 2.048kB
Step 1/2 : FROM centos:centos7.1.1503
---> fbe8925ecf55
Step 2/2 : ENV TZ "Asia/Shanghai"
---> Using cache
---> 930eec2ed889
Successfully built 930eec2ed889
Successfully tagged reg.lxk.com/library/centos7.1:v0.1
[root@node harbor]# docker login reg.lxk.com
Authenticating with existing credentials...
#
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
# ! /root/.docker/config.json
Configure a credential helper to remove this warning. See
#
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
#
Login Succeeded
#
[root@node harbor]# docker tag 9432976b676f reg.lxk.com/library/swaggerapi/swagger-ui:latest
#
[root@node harbor]# docker push reg.lxk.com/library/swaggerapi/swagger-ui:latest
# push registry
The push refers to repository [reg.lxk.com/library/swaggerapi/swagger-ui]
47c77f5f4ee4: Pushed
ab4588773347: Pushed
5382149040dc: Pushed
a8d7d0b05699: Pushed
a9031380f2d7: Pushed
7105cc56962c: Pushed
latest: digest: sha256:0b5457c35fa0b21c08780dd84afe3f27525bee462261dff9b8e08a1e70414109 size: 1571
[root@node ~]# docker pull reg.lxk.com/library/swaggerapi/swagger-ui:latest
# , 。
latest: Pulling from library/swaggerapi/swagger-ui
f4900964ff56: Pull complete
6f8087d9ed5d: Pull complete
31023fcfba5a: Pull complete
8c462391de19: Pull complete
ba9c0a3c3f9a: Pull complete
6a4540734666: Pull complete
Digest: sha256:0b5457c35fa0b21c08780dd84afe3f27525bee462261dff9b8e08a1e70414109
Status: Downloaded newer image for reg.lxk.com/library/swaggerapi/swagger-ui:latest
[root@node ~]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
reg.lxk.com/library/centos7.1 0.1 930eec2ed889 23 hours ago 212MB
reg.lxk.com/library/swaggerapi/swagger-ui latest 9432976b676f 6 days ago 15.4MB