docker开源仓库Harbor部署笔记

Harbor介绍
Harbor是Vmvare团队开发的开源企业级registry仓库，相比docker官方拥有更丰富的权限权利和完善的架构设计，适用大规模docker集群部署提供仓库服务。
项目地址：https://github.com/vmware/harbor

环境说明：

ip地址: 10.20.9.223
系统版本: CentOS Linux release 7.3

1、关闭防火墙：

#systemctl disable firewalld.service
#systemctl stop firewalld.service

2、设置主机名：

#hostnamectl --static set-hostname  docker-Harbor-registry

3、安装docker：

# yum install docker -y

4、安装compose

Harbor是通过docker的compose项目部署的，需要安装compose，幸好compost 在git上提供了安装指令：

# curl -L https://github.com/docker/compose/releases/download/1.18.0/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose

# chmod +x /usr/local/bin/docker-compose   #设置执行权限
# docker-compose --version  #查看安装是否程成功
docker-compose version 1.18., build 8dd22a9

5、Harbor软件安装

#wget http://harbor.orientsoft.cn/harbor-v1.3.0-rc4/harbor-offline-installer-v1.3.0-rc4.tgz
解压文件
#tar -zxf harbor-offline-installer-v1.3.0-rc4.tgz -C /usr/local

#解压后的文件夹是harbor

解压完成后：修改配置文件harbor.conf，主要就是hostname修改

此处我们只修改hostname=10.20.9.223（私有仓库主机ip）

安装

[root@docker-Harbor-registry harbor]# ./install.sh 

he configuration files are ready, please use docker-compose to start the service.

Creating harbor-log ... done
[Step ]: checking existing instance of Harbor ...

Creating registry ... done
Creating harbor-ui ... done
Creating network "harbor_harbor" with the default driver
Creating nginx ... done
Creating harbor-db ...
Creating registry ...
Creating harbor-adminserver ...
Creating harbor-ui ...
Creating nginx ...
Creating harbor-jobservice ... 

? ----Harbor has been installed and started successfully.----

Now you should be able to visit the admin portal at http://10.20.9.223.
For more details, please visit https://github.com/vmware/harbor .

[root@docker-Harbor-registry harbor]# 

此时我们可以在浏览器中输入：http://10.20.9.223进入harbor web管理后台,默认的帐号密码是admin, Harbor12345（如果你没有修改harbor.cfg中的harbor_admin_password）

6、查看是否启动成功(执行命令要切换到harbor的安装目录执行，本例中为/usr/local/harbor)：

[root@docker-Harbor-registry harbor]# docker-compose ps
       Name                     Command               State                                Ports
------------------------------------------------------------------------------------------------------------------------------
harbor-adminserver   /harbor/start.sh                 Up
harbor-db            /usr/local/bin/docker-entr ...   Up      /tcp
harbor-jobservice    /harbor/start.sh                 Up
harbor-log           /bin/sh -c /usr/local/bin/ ...   Up      127.0.0.1:->/tcp
harbor-ui            /harbor/start.sh                 Up
nginx                nginx -g daemon off;             Up      0.0.0.0:->/tcp, 0.0.0.0:->/tcp, 0.0.0.0:->/tcp
registry             /entrypoint.sh serve /etc/ ...   Up      /tcp
[root@docker-Harbor-registry harbor]# 

使用命令行登录harbor镜像仓库时，报错如下:

[root@docker-Harbor-registry harbor]# docker login 10.20.9.223
Username: admin
Password:
Error response from daemon: Get https://10.20.9.223/v1/users/: dial tcp 10.20.9.223:443: getsockopt: connection refused
[root@docker-Harbor-registry harbor]# 

解决方案：修改docekr文件参数

# vim /etc/sysconfig/docker 添加如下参数：

OPTIONS='--insecure-registry=10.20.9.223'

或者修改/etc/docker/daemon.json文件也可以

vim /etc/docker/daemon.json
{ "insecure-registries":["10.20.9.223"] }

或者修改 /usr/lib/systemd/system/docker.service即可，三者选其一即可.

ExecStart=/usr/bin/dockerd-current \
          --add-registry=10.20.9.223 --insecure-registry=10.20.9.223
#在ExecStart=/usr/bin/dockerd-current出添加-add-registry和--insecure-registry参数.

使用docker info验证：

执行:

# docker info

输出最后一行有：

Registries: 10.20.9.223 (insecure), docker.io (secure)

重启docker服务

# systemctl daemon-reload
# systemctl restart docker.service

重启harbor服务

[root@docker-Harbor-registry harbor]# docker-compose restart

再次登录

[root@docker-Harbor-registry harbor]# docker login 10.20.9.223
Username: admin
Password:
Login Succeeded
[root@docker-Harbor-registry harbor]# 

至此Harbor仓库部署完成，Harbor web访问访问也是正常的.

二、推送测试：将本地镜像推送到docker私有仓库：

1、向Harbor推一个镜像:

.首先登录Harbor的web界面并创建一个项目common.org
需要把项目设为公开
然后把需要上传的镜像命名为 ip:端口/项目名/镜像名:版本号 必须谨记。

2、查看本地的镜像：

[root@docker-node ~]# docker images
REPOSITORY                                            TAG                 IMAGE ID            CREATED             SIZE
docker.io/mysql                                       latest              a8a59477268d         weeks ago          MB
docker.io/nginx                                       latest              ae513a47849c         weeks ago          MB
docker.io/centos                                      latest              e934aafc2206         weeks ago          MB

3.给centos镜像打tag:

# docker tag docker.io/centos:latest 10.20.9.223/common.org/centos7:latest

4、推送至Harbor：

[root@docker-Harbor-registry ~]# docker push 10.20.9.223/common.org/centos7:latest
The push refers to a repository [10.20.9.223/common.org/centos7]
43e653f84b79: Pushed
latest: digest: sha256:191c883e479a7da2362b2d54c0840b2e8981e5ab62e11ab925abf8808d3d5d44 size:
[root@docker-Harbor-registry ~]# 

5、登录Harbor web页面查看common.org项目下的镜像，如果common.org目录下存在centos7镜像，则说明推送成功.

三、从Harbor私有仓库上拉取一个镜像到客户机.

如果其他主机要拉取harbor仓库的镜像，也需要修改docker的配置文件，添加如下参数即可，并重启服务,其中ip为harbor仓库的地址.

# vim /etc/sysconfig/docker

OPTIONS='--insecure-registry=10.20.9.223'

在客户端机器登陆harbor服务器，如果认证成功，即可以上传下载.

[root@dockr-client~]# docker login 10.20.9.223
Username (admin): admin
Password:
Login Succeeded
[root@dockr-client~]#

执行拉取镜像命令：

[root@docker-node ~]# docker pull 10.20.9.223/common.org/centos7:latest
Trying to pull repository 10.20.9.223/common.org/centos7 ...
latest: Pulling from 10.20.9.223/common.org/centos7
Digest: sha256:191c883e479a7da2362b2d54c0840b2e8981e5ab62e11ab925abf8808d3d5d44
Status: Image is up to date for 10.20.9.223/common.org/centos7:latest
[root@docker-node ~]#

如果想查看harbor仓库的有哪些镜像,直接在http://10.20.9.223/harbor 界面就可以搜索到镜像列表.

参考文档：　　　　

　　https://blog.csdn.net/cuipengchong/article/details/68496627
　　http://www.cnblogs.com/netsa/p/8124708.html
　　https://www.cnblogs.com/hh2737/p/7483855.html
　　https://www.cnblogs.com/Javame/p/7389093.html