docker 官方提供的私有仓库 registry,用起来虽然简单 ,但在管理的功能上存在不足。 Harbor是一个用于存储和分发Docker镜像的企业级Registry服务器,harbor使用的是官方的docker registry(v2命名是distribution)服务去完成。harbor在docker distribution的基础上增加了一些安全、访问控制、管理的功能以满足企业对于镜像仓库的需求。
安装Harbor
- 安装harbor之前需要安装docker
- 由于 Harbor 是基于 Docker Registry V2 版本,所以 docker 版本必须 >=1.10.0 docker-compose >=1.6.0
- 下载最新版 Docker Compose wget -c https://github.com/docker/compose/releases/download/v2.24.6/docker-compose-linux-x86_64 -o /usr/local/bin/docker-compose
- 对二进制文件应用可执行权限: chmod +x /usr/local/bin/docker-compose
- 测试是否安装成功 docker-compose --version
安装Harbor安装包
wget -c https://github.com/goharbor/harbor/releases/download/v2.0.2/harbor-offline-installer-v2.8.4.tgz
解压:wget -c https://github.com/goharbor/harbor/releases/download/v2.0.2/harbor-offline-installer-v2.8.4.tgz
cd /usr/local/harbor/
cp harbor.yml.tmpl harbor.yml
vim harbor.yml
修改3个地方:hostname,密码,注释掉https(没有配置证书启动会报错)
运行安装脚本
# 运行安装脚本 # ./install.sh
Harbor上传镜像
新建项目
新建用户,并设置为openlab的维护人员
从另一台主机上传镜像
修改配置文件,并登陆
[root@node1 ~]# cat /etc/docker/daemon.json
{
"registry-mirrors": ["https://registry.docker-cn.com","http://hub-mirror.c.163.com"],
"live-restore": true,
"insecure-registries":["192.168.37.21:5000"],
"insecure-registries":["reg.openlab.cn"]
}
[root@node1 ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.37.31 reg.openlab.cn
[root@node1 ~]# systemctl daemon-reload
[root@node1 ~]# systemctl restart docker
[root@node1 ~]# docker login reg.openlab.cn
Username: tom
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
将要上传的镜像tag,并push
[root@node1 ~]# docker tag busybox:latest reg.openlab.cn/openlab/busybox:v1
[root@node1 ~]# docker push reg.openlab.cn/openlab/busybox:v1
Harbor下载镜像
从另一台主机下载,修改另一台主机的配置文件
[root@node2 ~]# cat /etc/docker/daemon.json
{
"insecure-registries":["192.168.37.21:5000"],
"insecure-registries":["reg.openlab.cn"]
}
[root@node2 ~]# systemctl daemon-reload
[root@node2 ~]# systemctl restart docker.service
[root@node2 ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.37.31 reg.openlab.cn
[root@node2 ~]# docker pull reg.openlab.cn/openlab/busybox:v1
Error response from daemon: unauthorized: unauthorized to access repository: openlab/busybox, action: pull: unauthorized to access repository: openlab/busybox, action: pull
由于是私有仓库,直接下载是没有权限的,必须登陆
[root@node2 ~]# docker login reg.openlab.cn
Username: tom
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
[root@node2 ~]# docker pull reg.openlab.cn/openlab/busybox:v1
v1: Pulling from openlab/busybox
3a2e9cc4b126: Pull complete
Digest: sha256:db16cd196b8a37ba5f08414e6f6e71003d76665a5eac160cb75ad3759d8b3e29
Status: Downloaded newer image for reg.openlab.cn/openlab/busybox:v1
[root@node2 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
ubuntu latest ca2b0f26964c 11 days ago 77.9MB
ubuntu 18.04 f9a80a55f492 9 months ago 63.2MB
reg.openlab.cn/openlab/busybox v1 ba5dc23f65d4 9 months ago 4.26MB