docker私库harbor的搭建
1、文件下载
# wget https://storage.googleapis.com/harbor-releases/harbor-online-installer-v1.5.1.tgz
安装官网参考
https://github.com/goharbor/harbor/blob/master/docs/installation_guide.md
2、安装docker-compose(pip方式)
yum添加源
# yum install epel-release -y
清空yum缓存文件
# yum clean all
安装python-pip
# yum install python-pip -y
安装docker-compost
# pip install -U docker-compose
查看docker-compose版本
# docker-compose -v
解压
# tar zxvf harbor-online-installer-v1.5.1.tgz
修改Harbor的配置文件
# vi harbor.cfg
只修改hostname选项其他不需要改动
## Configuration file of Harbor # hostname设置访问地址,可以使用ip、域名,不可以设置为127.0.0.1或localhost
hostname = 172.16.1.146 # 访问协议,默认是http,也可以设置https,如果设置https,则nginx ssl需要设置on
ui_url_protocol = http # mysql数据库root用户默认密码root123,实际使用时修改下
db_password = root123 # 是否开启自注册,on开启,off关闭,可以关闭掉。
self_registration = off # 启动Harbor后,管理员UI登录的密码,默认是Harbor12345
harbor_admin_password = Harbor12345 #镜像同步job数量
max_job_workers = customize_crt = on #https时候使用
ssl_cert = /data/cert/server.crt
ssl_cert_key = /data/cert/server.key
secretkey_path = /data
admiral_url = NA # 邮件设置,发送重置密码邮件时使用
email_identity =
email_server = smtp.mydomain.com
email_server_port =
email_username = sample_admin@mydomain.com
email_password = abc
email_from = admin <sample_admin@mydomain.com>
email_ssl = false # 认证方式,这里支持多种认证方式,如LADP、本次存储、数据库认证。默认是db_auth,mysql数据库认证
auth_mode = db_auth # LDAP认证时配置项
#ldap_url = ldaps://ldap.mydomain.com
#ldap_searchdn = uid=searchuser,ou=people,dc=mydomain,dc=com
#ldap_search_pwd = password
#ldap_basedn = ou=people,dc=mydomain,dc=com
#ldap_filter = (objectClass=person)
#ldap_uid = uid
#ldap_scope =
#ldap_timeout = # Token有效时间,默认30分钟
token_expiration = # 用户创建项目权限控制,默认是everyone(所有人),也可以设置为adminonly(只能管理员)
project_creation_restriction = everyone verify_remote_cert = on #日志数量
log_rotate_count = #单个日志大小
log_rotate_size = 200M
docker-compost配置修改(视情况修改)
修改页面端口
# vi docker-compose.yml
proxy:
image: vmware/nginx-photon:v1.5.1
container_name: nginx
restart: always
volumes:
- ./common/config/nginx:/etc/nginx:z
networks:
- harbor
ports:
#如果需要,可以修改对外端口为
# - 8888:80
- :
- :
- :
depends_on:
- mysql
- registry
- ui
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "proxy"
修改common/templates/registry/onfig.yml
# cd common/templates/registry/
# vi config.yml
注意:不需要做任何改动
version: 0.1
log:
level: info
fields:
service: registry
storage:
cache:
layerinfo: inmemory
$storage_provider_info
maintenance:
uploadpurging:
enabled: false
delete:
enabled: true
http:
addr: :
secret: placeholder
debug:
addr: localhost:
auth:
token:
issuer: harbor-token-issuer
#如果需要,可以添加端口8888
#realm: $public_url/service/token
rootcertbundle: /etc/registry/root.crt
service: harbor-registry
notifications:
endpoints:
- name: harbor
disabled: false
url: $ui_url/service/notifications
timeout: 3000ms
threshold:
backoff: 1s
修改docker-compose.yml
# vi docker-compose.yml
version: ''
services:
log:
image: vmware/harbor-log:v1.5.1
container_name: harbor-log
restart: always
volumes:
#harbor日志目录
- /var/log/harbor/:/var/log/docker/:z
- ./common/config/log/:/etc/logrotate.d/:z
ports:
- 127.0.0.1::
networks:
- harbor
registry:
image: vmware/registry-photon:v2.6.2-v1.5.1
container_name: registry
restart: always
volumes:
#registry存储目录
- /data/registry:/storage:z
- ./common/config/registry/:/etc/registry/:z
networks:
- harbor
ports:
- 5000:5000
environment:
- GODEBUG=netdns=cgo
command:
["serve", "/etc/registry/config.yml"]
depends_on:
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "registry"
mysql:
image: vmware/harbor-db:v1.5.1
container_name: harbor-db
restart: always
volumes:
- /data/database:/var/lib/mysql:z
networks:
- harbor
env_file:
- ./common/config/db/env
depends_on:
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "mysql"
adminserver:
image: vmware/harbor-adminserver:v1.5.1
container_name: harbor-adminserver
env_file:
- ./common/config/adminserver/env
restart: always
volumes:
- /data/config/:/etc/adminserver/config/:z
- /data/secretkey:/etc/adminserver/key:z
- /data/:/data/:z
networks:
- harbor
depends_on:
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "adminserver"
ui:
image: vmware/harbor-ui:v1.5.1
container_name: harbor-ui
env_file:
- ./common/config/ui/env
restart: always
volumes:
- ./common/config/ui/app.conf:/etc/ui/app.conf:z
- ./common/config/ui/private_key.pem:/etc/ui/private_key.pem:z
- ./common/config/ui/certificates/:/etc/ui/certificates/:z
- /data/secretkey:/etc/ui/key:z
- /data/ca_download/:/etc/ui/ca/:z
- /data/psc/:/etc/ui/token/:z
networks:
- harbor
depends_on:
- log
- adminserver
- registry
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "ui"
jobservice:
image: vmware/harbor-jobservice:v1.5.1
container_name: harbor-jobservice
env_file:
- ./common/config/jobservice/env
restart: always
volumes:
- /data/job_logs:/var/log/jobs:z
- ./common/config/jobservice/config.yml:/etc/jobservice/config.yml:z
networks:
- harbor
depends_on:
- redis
- ui
- adminserver
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "jobservice"
redis:
image: vmware/redis-photon:v1.5.1
container_name: redis
restart: always
volumes:
- /data/redis:/data
networks:
- harbor
depends_on:
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "redis"
proxy:
image: vmware/nginx-photon:v1.5.1
container_name: nginx
restart: always
volumes:
- ./common/config/nginx:/etc/nginx:z
networks:
- harbor
ports:
#如果需要,可以修改对外端口为
# - 8888:80
- :
- :
- :
depends_on:
- mysql
- registry
- ui
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "proxy"
networks:
harbor:
external: false
安装
[root@localhost harbor]# sudo ./install.sh --with-clair
# docker-compose ps
由于是http,直接登录会报错
[root@localhost harbor]# docker login 192.168.100.117
Username: admin
Password:
Error response from daemon: Get https://192.168.100.117/v2/: dial tcp 192.168.100.117:443: connect: connection refused
客户端配置修改
免https修改
修改/etc/docker/daemon.json,添加{"insecure-registries":["192.168.100.117"]}
# echo '{"insecure-registries":["192.168.100.117"]}' >> /etc/docker/daemon.json
# cat /etc/docker/daemon.json
# systemctl daemon-reload
# systemctl restart docker
再次登录
# docker-compose ps
# docker login 192.168.100.117
[root@localhost harbor]# docker login 192.168.100.117
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store Login Succeeded
页面访问
启动完成后,我们访问刚设置的hostname即可http://192.168.100.117/,默认是80端口,如果端口占用,我们可以去修改docker-compose.yml文件中,对应服务的端口映射。
http://192.168.100.117/harbor/sign-in
页面正常访问
用户名:admin
密码:Harbor12345
新建一个项目
查看如何push镜像到demo-project
# docker images
打标签并且上传
给镜像打tag
# docker tag centos:latest 192.168.100.117/demo-project/centos:latest
push到仓库
# docker push 192.168.100.117/demo-project/centos:latest
# docker images
查看是否成功
删除本地镜像,重新下载
# docker rmi 192.168.100.117/demo-project/centos
# docker pull 192.168.100.117/demo-project/centos
启动之后停止或启动harbor的话,可以使用命令:
$ sudo docker-compose -f ./docker-compose.yml -f ./docker-compose.chartmuseum.yml [ up|down|ps|stop|start ]
# sudo docker-compose -f /root/harbor/docker-compose.yml -f /root/harbor/docker-compose.clair.yml start
# sudo docker-compose -f /root/harbor/docker-compose.yml -f /root/harbor/docker-compose.clair.yml stop
更多使用说明参考:
https://github.com/vmware/harbor/blob/master/docs/user_guide.md
参考博客:
harbor安装和简单使用
https://blog.csdn.net/qq_30062125/article/details/82772087
docker私库harbor的搭建
https://www.cnblogs.com/smilezgy/p/9545553.html
docker镜像仓库harbor之搭建及配置
https://blog.csdn.net/aixiaoyang168/article/details/73549898
centos7.3搭建harbor
https://blog.csdn.net/qq12547345/article/details/79482468
docker私库harbor的搭建的更多相关文章
- docker私库Harbor部署(转载)
系统环境 centos7.3docker-ce docker version: 18.03.0docker-compose version: 1.21.0 Install Docker CE 安装依赖 ...
- ubuntu16搭建docker私库
测试环境如下: 一.docker的安装 安装方法请查看这里的 安装教程 二.设置普通用户 1. centos的设置方法 $ sudo gpasswd -a docker ${USER} 2. ubun ...
- Docker镜像仓库Harbor之搭建及配置
目录 Harbor介绍环境.软件准备Harbor服务搭建Harbor跨数据复制配置FAQ1.Harbor 介绍 Docker容器应用的开发和运行离不开可靠的镜像管理,虽然Docker官方也提供了公共的 ...
- Easypack容器系列之:Nexus 3:Docker私库
Nexus作为私库管理最为流行的工具之中的一个,用于包的管理和Docker镜像管理的私库管理场景中非经常常使用.Easypack利用最新版本号的oss版Nexus作为基础镜像用于提供相似服务. 本文将 ...
- ubuntu 14.04 https 形式安装docker 私有库 harbor
起始目录/root,root 登陆后,直接在该目录进行下面的命令 下载harbor 预编译包 0.4.5 准备通过域名 reg.server.com 来访问镜像库所以需要在/etc/hosts 文件中 ...
- Docker: vmware企业级docker镜像私服--Harbor的搭建
1.下载harbor,地址https://github.com/vmware/harbor2.进入harbor-master/Deploy目录,修改harbor.cfg文件,主要修改以下信息 ...
- Docker4-docker私库的搭建及常用方法-docker-registry方式
一.简单介绍 前面已经介绍,可以使用Docker Hub公共仓库,但是大多数情况企业都需要创建一个本地仓库供自己使用.这里介绍几种搭建私库的方法 私库的好处有几点 1.节约带宽 2.可以自己定制系统 ...
- Docker version 1.12.5建立registry私库
sudo docker run -d -p 5000:5000 -v /opt/data/registry:/var/lib/registry registry :前面的是宿主机的地址(/opt/da ...
- mesos+marathon+zookeeper的docker管理集群亲手搭建实例(环境Centos6.8)
资源:3台centos6.8虚拟机 4cpu 8G内存 ip 10.19.54.111-113 1台centos6.8虚拟机2cpu 8G ip 10.19.53.55 1.System Requir ...
随机推荐
- hdu4289 Control 最大流最小割
You, the head of Department of Security, recently received a top-secret information that a group of ...
- 使用tailor 轻松方便的集成web 框架react&&vue
tailor 是一款很方便的layout 服务,类似facebook 的bigpipe,我们可以使用此工具 方便的集成各类web 框架,实现micro-fronteds 开发 参考demo https ...
- 02HDFS架构
https://www.cnblogs.com/zhoujingyu/p/5040957.html https://blog.csdn.net/firstchange/article/details/ ...
- mysql全备和增量备份以及恢复过程(percona工具)
实验环境 系统环境,内核版本和xtrabackup工具版本 [root@linux-node1 mysql]# cat /etc/redhat-release CentOS Linux release ...
- Zabbix-2.4-安装-2
zabbix自定义报警-动作 打开资产自动接收 这里看到主机资产有数据了,这里的数据,就是来自下面的关联 上面的数据就是设置login-user时候设置的关联 有些关联显示的慢,比如下面 ...
- href="javacript:;" href="javacript:void(0);" href="#"区别。。。
一.href="javacript:;" 这种用法不正确,这么用的话会出现浏览器访问“javascript:;”这个地址的现象: 二.href="javacript:v ...
- .ajax向后台传递数组(转)
js部分代码 //创建一个测试数组 var boxIds = new Array(); boxIds.push(12182); boxIds.push(12183); boxIds.push(1218 ...
- 'ascii' codec can't encode characters in position 0-2: ordinal not in range(128)
问题 rds_content = "{}, 执行了变更,sql语句:{}".format(ExecuteTime, sqls) 'ascii' codec can't encode ...
- Spark代码Eclipse远程调试
我们在编写Spark Application或者是阅读源码的时候,我们很想知道代码的运行情况,比如参数设置的是否正确等等.用Logging方式来调试是一个可以选择的方式,但是,logging方式调试代 ...
- Sql Server Report Service 的部署问题(Reporting Service 2014為什麼不需要IIS就可以運行)
http://www.cnblogs.com/syfblog/p/4651621.html Sql Server Report Service 的部署问题 近期在研究SSRS部署问题,因为以前也用到过 ...