目录

1 HARBOR 的获取

1.1 下载软件包地址

1.2 HARBOR 的介绍

2 部署harbor

2.1 仓库端操作

2.1.1 修改harbor配置文件

2.1.2 生成服务端的证书与秘钥

2.1.3 管理HARBOR

2.1.4 查看是否运行

2.2 客户端操作

2.2.1 证书拷贝给客户端

 2.2.2 环境配置

2.2.3 批量读取本地镜像

2.2.4 批量打标签

2.2.5 批量上传打过标签的镜像

2.2.6 删除打过标签的镜像

3 编写自动化上传脚本

---

1 HARBOR 的获取

1.1 下载软件包地址

Releases · goharbor/harbor (github.com)https://github.com/goharbor/harbor/releases

1.2 HARBOR 的介绍

Harbor 是由vmware公司开源的企业级 Docker Registry 项目。

它提供了以下主要功能和特点：

1. 基于角色的访问控制（RBAC）：可以为不同的用户和用户组分配不同的权限，增强了安全性和管理的灵活性。

2. 镜像复制：支持在不同的 Harbor 实例之间复制镜像，方便在多个数据中心或环境中分发镜像。

3. 图形化用户界面（UI）：提供了直观的 Web 界面，便于管理镜像仓库、项目、用户等。

4. 审计日志：记录了对镜像仓库的各种操作，有助于追踪和审查活动。

5. 垃圾回收：可以清理不再使用的镜像，节省存储空间。

2 部署harbor

2.1 仓库端操作

2.1.1 修改harbor配置文件

[root@complete ~]# tar xzf harbor-offline-installer-v2.11.1.tgz 
[root@complete ~]# ls
公共  视频  文档  音乐  anaconda-ks.cfg        certs   harbor-offline-installer-v2.11.1.tgz
模板  图片  下载  桌面  busybox-latest.tar.gz  harbor  script

[root@complete ~]# cd harbor/
[root@complete harbor]# cp harbor.yml.tmpl harbor.yml

# 打开yml管理文件修改以下参数
[root@complete harbor]# vim harbor.yml

harbor_admin_password: 123456        # 设置管理员密码
hostname: reg.shuyan.com             # 设置本机主机名
  certificate: /data/certs/shuyan.crt    # 证书地址
  private_key: /data/certs/shuyan.key    # 私钥地址

2.1.2 生成服务端的证书与秘钥

[root@complete harbor]# mkdir /data/certs -p
[root@complete ~]# openssl req -newkey rsa:4096 \
-nodes -sha256 -keyout /data/certs/shuyan.key \
-addext "subjectAltName = DNS:reg.shuyan.com" \
-x509 -days 365 -out /data/certs/shuyan.crt
.......+.........+.........+..+.+.....+....+.....+.........+.......+..+...+....+.....+....+.....+....+......+..+...+.+...+..+.+..+......+......+...+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+.....+.......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+..+.......+........+......+..........+..+.........+..........+..................+......+..+...+.........+......+.......+..+.......+......+.....+....+.....+.+............+......+..............+......+............+.......+.....+.......+.....+..........+...........+.........................+............+..+...+...+.............+....................+.+..............+....+........+...+.+...+........+...+...................+.....+.......+..................+..+...............+.+.........+.....+......+...+..........+............+.....+.........+...+...............+.+.........+.......................+...+.......+.........+......+.....+...+....+........+.........+...+......................+......+.......................+.........+......+.......+.....+.......+..+.+..................+.................+...+.+.....................+..+.+.....+......+...+............+.+...+...........+.+..+.+...............+.....+..........+......+...+......+.....+.+...........+..........+..+...+...+....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
.......+...+..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...+++++++++++++++++++++++++++++++++++++++++++...+......+...............+.+...............+..............+.+.....+......+...............+.............+.........+........+.....+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:guangxi
Locality Name (eg, city) [Default City]:wu'zhou
Organization Name (eg, company) [Default Company Ltd]:docker
Organizational Unit Name (eg, section) []:shuyan
Common Name (eg, your name or your server's hostname) []:reg.shuyan.com
Email Address []:admin@shuayn.com

2.1.3 管理HARBOR

管理harbor的容器：

[root@rockynode-1 harbor]# docker compose stop

[root@rockynode-1 harbor]# docker compose up -d

2.1.4 查看是否运行

[root@complete harbor]# docker compose -f /root/harbor/docker-compose.yml ps 
WARN[0000] /root/harbor/docker-compose.yml: the attribute `version` is obsolete, it will be ignored, please remove it to avoid potential confusion 
NAME                IMAGE                                 COMMAND                   SERVICE       CREATED       STATUS                 PORTS
harbor-core         goharbor/harbor-core:v2.11.1          "/harbor/entrypoint.…"   core          4 hours ago   Up 4 hours (healthy)   
harbor-db           goharbor/harbor-db:v2.11.1            "/docker-entrypoint.…"   postgresql    4 hours ago   Up 4 hours (healthy)   
harbor-jobservice   goharbor/harbor-jobservice:v2.11.1    "/harbor/entrypoint.…"   jobservice    4 hours ago   Up 4 hours (healthy)   
harbor-log          goharbor/harbor-log:v2.11.1           "/bin/sh -c /usr/loc…"   log           4 hours ago   Up 4 hours (healthy)   127.0.0.1:1514->10514/tcp
harbor-portal       goharbor/harbor-portal:v2.11.1        "nginx -g 'daemon of…"   portal        4 hours ago   Up 4 hours (healthy)   
nginx               goharbor/nginx-photon:v2.11.1         "nginx -g 'daemon of…"   proxy         4 hours ago   Up 4 hours (healthy)   0.0.0.0:80->8080/tcp, :::80->8080/tcp, 0.0.0.0:443->8443/tcp, :::443->8443/tcp
redis               goharbor/redis-photon:v2.11.1         "redis-server /etc/r…"   redis         4 hours ago   Up 4 hours (healthy)   
registry            goharbor/registry-photon:v2.11.1      "/home/harbor/entryp…"   registry      4 hours ago   Up 4 hours (healthy)   
registryctl         goharbor/harbor-registryctl:v2.11.1   "/home/harbor/start.…"   registryctl   4 hours ago   Up 4 hours (healthy)   

 

其中library为默认的仓库，在里面的镜像不需要指定仓库名拉取镜像

2.2 客户端操作

2.2.1 证书拷贝给客户端

[root@complete harbor]# scp /data/certs/shuyan.crt root@192.168.239.10:~

 2.2.2 环境配置

# 删除原有的镜像
[root@rockynode-1 ~]# docker rmi `docker images | awk 'BEGIN{FS=" "} {if(NR>1)print $3}'`


[root@rockynode-1 ~]# mkdir -p /etc/docker/certs.d/reg.shuyan.com/
[root@rockynode-1 ~]# cp shuyan.crt /etc/docker/certs.d/reg.shuyan.com/

[root@rockynode-1 ~]# systemctl restart docker

# 增加客户端的域名解析
[root@rockynode-1 ~]# vim /etc/hosts 
192.168.239.20  reg.shuyan.com

2.2.3 批量读取本地镜像

# 批量读取镜像

[root@rockynode-1 docker-page]# ls
busybox-latest.tar.gz  game2048.tar.gz                      mario.tar.gz       nginx-latest.tar.gz       ubuntu-latest.tar.gz
centos-7.tar.gz        haproxy-2.3.tar.gz                   mysql-5.7.tar.gz   phpmyadmin-latest.tar.gz
debian11.tar.gz        harbor-offline-installer-v2.5.4.tgz  nginx-1.23.tar.gz  registry.tag.gz

[root@rockynode-1 docker-page]# for i in `ls`;do docker load -i $i;done

[root@rockynode-1 docker-page]# docker images 
REPOSITORY                        TAG       IMAGE ID       CREATED         SIZE
nginx                             latest    5ef79149e0ec   2 weeks ago     188MB
phpmyadmin                        latest    2b39e17532a1   2 weeks ago     562MB
ubuntu                            latest    edbfe74c41f8   4 weeks ago     78.1MB
mysql                             5.7       5107333e08a8   8 months ago    501MB
registry                          latest    cfb4d9904335   11 months ago   25.4MB
nginx                             1.23      a7be6198544f   15 months ago   142MB
busybox                           latest    65ad0d468eb1   15 months ago   4.26MB
haproxy                           2.3       7ecd3fda00f4   2 years ago     99.4MB
centos                            7         eeb6ee3f44bd   2 years ago     204MB
timinglee/game2048                latest    19299002fdbe   7 years ago     55.5MB
timinglee/mario                   latest    9a35a9e43e8c   9 years ago     198MB
gcr.io/distroless/base-debian11   latest    2a6de77407bf   N/A             20.6MB

2.2.4 批量打标签

[root@rockynode-1 ~]# docker images | awk '{if(NR>1) system("docker tag "$1":"$2" reg.shuyan.com/library/"$1":"$2"")}'

# 查看所有镜像
[root@rockynode-1 ~]# docker images 
REPOSITORY                                               TAG       IMAGE ID       CREATED         SIZE
nginx                                                    latest    5ef79149e0ec   2 weeks ago     188MB
reg.shuyan.com/library/nginx                             latest    5ef79149e0ec   2 weeks ago     188MB
phpmyadmin                                               latest    2b39e17532a1   2 weeks ago     562MB
reg.shuyan.com/library/phpmyadmin                        latest    2b39e17532a1   2 weeks ago     562MB
ubuntu                                                   latest    edbfe74c41f8   4 weeks ago     78.1MB
reg.shuyan.com/library/ubuntu                            latest    edbfe74c41f8   4 weeks ago     78.1MB
mysql                                                    5.7       5107333e08a8   8 months ago    501MB
reg.shuyan.com/library/mysql                             5.7       5107333e08a8   8 months ago    501MB
registry                                                 latest    cfb4d9904335   11 months ago   25.4MB
reg.shuyan.com/library/registry                          latest    cfb4d9904335   11 months ago   25.4MB
nginx                                                    1.23      a7be6198544f   15 months ago   142MB
reg.shuyan.com/library/nginx                             1.23      a7be6198544f   15 months ago   142MB
busybox                                                  latest    65ad0d468eb1   15 months ago   4.26MB
reg.shuyan.com/library/busybox                           latest    65ad0d468eb1   15 months ago   4.26MB
haproxy                                                  2.3       7ecd3fda00f4   2 years ago     99.4MB
reg.shuyan.com/library/haproxy                           2.3       7ecd3fda00f4   2 years ago     99.4MB
centos                                                   7         eeb6ee3f44bd   2 years ago     204MB
reg.shuyan.com/library/centos                            7         eeb6ee3f44bd   2 years ago     204MB
timinglee/game2048                                       latest    19299002fdbe   7 years ago     55.5MB
reg.shuyan.com/library/timinglee/game2048                latest    19299002fdbe   7 years ago     55.5MB
timinglee/mario                                          latest    9a35a9e43e8c   9 years ago     198MB
reg.shuyan.com/library/timinglee/mario                   latest    9a35a9e43e8c   9 years ago     198MB
gcr.io/distroless/base-debian11                          latest    2a6de77407bf   N/A             20.6MB
reg.shuyan.com/library/gcr.io/distroless/base-debian11   latest    2a6de77407bf   N/A             20.6MB

# 查看打过标签的镜像
[root@rockynode-1 ~]# docker images | awk '/reg.shuyan.com/{print $1":"$2}'
reg.shuyan.com/library/nginx:latest
reg.shuyan.com/library/phpmyadmin:latest
reg.shuyan.com/library/ubuntu:latest
reg.shuyan.com/library/mysql:5.7
reg.shuyan.com/library/registry:latest
reg.shuyan.com/library/nginx:1.23
reg.shuyan.com/library/busybox:latest
reg.shuyan.com/library/haproxy:2.3
reg.shuyan.com/library/centos:7
reg.shuyan.com/library/timinglee/game2048:latest
reg.shuyan.com/library/timinglee/mario:latest
reg.shuyan.com/library/gcr.io/distroless/base-debian11:latest

2.2.5 批量上传打过标签的镜像

# 将标签赋值给变量
 ~]# reg_shuyan=$(docker images | awk  -v store="$store" \
> -v ip="$hub_ip" '$1 ~ ip "/"store"/" {print $1":"$2}')

# 遍历变量批量上传
 ~]# for i in $reg_shuyan
> do
>     docker push $i
> done

2.2.6 删除打过标签的镜像

~]# docker images | awk '$1 ~ /reg\.shuyan\.com/ {print $1":"$2}'

3 编写自动化上传脚本

# 演示
[root@rockynode-1 ~]# reg_shuyan=$(docker images | awk '/reg.shuyan.com/{print $1":"$2}')
[root@rockynode-1 ~]# echo -e "$reg_shuyan"
reg.shuyan.com/library/nginx:latest
reg.shuyan.com/library/phpmyadmin:latest
reg.shuyan.com/library/ubuntu:latest
reg.shuyan.com/library/mysql:5.7
reg.shuyan.com/library/registry:latest
reg.shuyan.com/library/nginx:1.23
reg.shuyan.com/library/busybox:latest
reg.shuyan.com/library/haproxy:2.3
reg.shuyan.com/library/centos:7
reg.shuyan.com/library/timinglee/game2048:latest
reg.shuyan.com/library/timinglee/mario:latest
reg.shuyan.com/library/gcr.io/distroless/base-debian11:latest



[root@rockynode-1 script]# vim hub.sh

#!/bin/bash

hub_ip=reg.shuyan.com
store=shuyan
docker images | awk -v ip="$hub_ip" -v store="$store" 'NR > 1 {
    system("docker tag " $1 ":" $2 " " ip "/"store"/" $1 ":" $2)
}'

reg_shuyan=$(docker images | awk  -v store="$store" -v ip="$hub_ip" '$1 ~ ip "/"store"/" {print $1":"$2}')

for i in $reg_shuyan; do
    docker push $i
done

docker rmi $(docker images | awk -v ip="$hub_ip" -v store="$store" '$1 ~ ip "/"store"/" {print $1":"$2}')