(目录)
背景
最近需要使用k8s来部署一点小东西,由于服务器在内网,无法直接访问互联网,方便起见,使用harbor部署一个本地仓库,本文介绍harbor仓库的部署方法,以及如何下载docker镜像,如何将docker镜像上传到本地服务器上。
安装Harbor
下载软件
在本地机器上下载软件
wget https://github.com/goharbor/harbor/releases/download/v2.10.0/harbor-offline-installer-v2.10.0.tgz
上传到服务器上
可以通过SecureCRT工具使用SFTP上传,在连接上右键,选择Connect SFTP Session,就会打开一个SFTP的新窗口,put harbor-offline-installer-v2.10.0.tgz
ls 查看服务器中的文件
lls 查看本地文件
cd 更改服务器的所在目录
lcd 更改本地所在目录
put 将本地文件上传到服务器
get 将服务器文件下载到本地
以下步骤均在服务器上操作
解压软件
mkdir /data/server tar -xf harbor-offline-installer-v2.10.0.tgz -C /data/server/
##加载镜像
cd /data/server/harbor/
docker load < harbor.v2.10.0.tar.gz
docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
goharbor/harbor-exporter v2.10.0 1d3fdd3d102d 2 weeks ago 106MB
goharbor/redis-photon v2.10.0 5083850c5206 2 weeks ago 165MB
goharbor/trivy-adapter-photon v2.10.0 5873942a56be 2 weeks ago 478MB
goharbor/harbor-registryctl v2.10.0 7a3b7d7d972c 2 weeks ago 149MB
goharbor/registry-photon v2.10.0 9baecb934ded 2 weeks ago 83.4MB
goharbor/nginx-photon v2.10.0 d1010aed334c 2 weeks ago 154MB
goharbor/harbor-log v2.10.0 518f000ddf00 2 weeks ago 164MB
goharbor/harbor-jobservice v2.10.0 4960b98063d3 2 weeks ago 140MB
goharbor/harbor-core v2.10.0 00c9a2f5729c 2 weeks ago 168MB
goharbor/harbor-portal v2.10.0 f3d83a4e7733 2 weeks ago 163MB
goharbor/harbor-db v2.10.0 8215768668f6 2 weeks ago 269MB
goharbor/prepare v2.10.0 2ac2fd8f7595 2 weeks ago 208MB
备份配置
cp harbor.yml{.tmpl,}
修改配置
# 我这里的服务器IP是192.168.139.131 主机名是harbor
# 建议使用一个自定义的长主机名,后面会说这个主机名有什么问题
vim harbor.yml
#修改主机名
hostname: harbor
http:
port: 80
# 注释掉ssl相关的部分
# https related config
#https:
# https port for harbor, default is 443
#port: 443
# The path of cert and key files for nginx
#certificate: /your/certificate/path
#private_key: /your/private/key/path
# 修改harbor的登录密码
harbor_admin_password: password
# 修改harbor的数据存储目录
data_volume: /data/server/harbor/data
配置harbor
./prepare
prepare base dir is set to /data/server/harbor
WARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. Please make sure to upgrade to https
Generated configuration file: /config/portal/nginx.conf
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/registryctl/config.yml
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
Generated and saved secret to file: /data/secret/keys/secretkey
Successfully called func: create_root_cert
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir
启动harbor
./install.sh
[Step 0]: checking if docker is installed ...
Note: docker version: 24.0.7
[Step 1]: checking docker-compose is installed ...
Note: Docker Compose version v2.21.0
[Step 2]: loading Harbor images ...
Loaded image: goharbor/trivy-adapter-photon:v2.10.0
Loaded image: goharbor/prepare:v2.10.0
Loaded image: goharbor/harbor-log:v2.10.0
Loaded image: goharbor/harbor-registryctl:v2.10.0
Loaded image: goharbor/nginx-photon:v2.10.0
Loaded image: goharbor/harbor-exporter:v2.10.0
Loaded image: goharbor/redis-photon:v2.10.0
Loaded image: goharbor/registry-photon:v2.10.0
Loaded image: goharbor/harbor-portal:v2.10.0
Loaded image: goharbor/harbor-core:v2.10.0
Loaded image: goharbor/harbor-db:v2.10.0
Loaded image: goharbor/harbor-jobservice:v2.10.0
[Step 3]: preparing environment ...
[Step 4]: preparing harbor configs ...
prepare base dir is set to /data/server/harbor
WARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. Please make sure to upgrade to https
Clearing the configuration file: /config/portal/nginx.conf
Clearing the configuration file: /config/log/logrotate.conf
Clearing the configuration file: /config/log/rsyslog_docker.conf
Clearing the configuration file: /config/nginx/nginx.conf
Clearing the configuration file: /config/core/env
Clearing the configuration file: /config/core/app.conf
Clearing the configuration file: /config/registry/passwd
Clearing the configuration file: /config/registry/config.yml
Clearing the configuration file: /config/registryctl/env
Clearing the configuration file: /config/registryctl/config.yml
Clearing the configuration file: /config/db/env
Clearing the configuration file: /config/jobservice/env
Clearing the configuration file: /config/jobservice/config.yml
Generated configuration file: /config/portal/nginx.conf
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/registryctl/config.yml
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
loaded secret from file: /data/secret/keys/secretkey
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir
Note: stopping existing Harbor instance ...
[Step 5]: starting Harbor ...
[+] Running 10/10
✔ Network harbor_harbor Created 6.0s
✔ Container harbor-log Started 0.1s
✔ Container redis Started 0.2s
✔ Container harbor-portal Started 0.2s
✔ Container harbor-db Started 0.2s
✔ Container registryctl Started 0.2s
✔ Container registry Started 0.1s
✔ Container harbor-core Started 0.1s
✔ Container harbor-jobservice Started 0.1s
✔ Container nginx Started 0.1s
✔ ----Harbor has been installed and started successfully.----
检查效果
docker-compose ps
Name Command State Ports
-------------------------------------------------------------------------------------------------
harbor-core /harbor/entrypoint.sh Up
harbor-db /docker-entrypoint.sh 13 14 Up
harbor-jobservice /harbor/entrypoint.sh Up
harbor-log /bin/sh -c /usr/local/bin/ ... Up 127.0.0.1:1514->10514/tcp
harbor-portal nginx -g daemon off; Up
nginx nginx -g daemon off; Up 0.0.0.0:80->8080/tcp,:::80->8080/tcp
redis redis-server /etc/redis.conf Up
registry /home/harbor/entrypoint.sh Up
registryctl /home/harbor/start.sh Up
配置服务启动
服务启动文件
# 注意将file修改为与之前配置的harbor.yml中的data_volume目录一致
vi /usr/lib/systemd/system/harbor.service
[Unit]
Description=Harbor
After=docker.service systemd-network.service systemd-resolved.service
Requires=docker.service
Documentation=http://github.com/vmware/harbor
[Service]
Restart=on-failure
RestartSec=5
Type=simple
ExecStart=/usr/bin/docker-compose --file /data/server/harbor/docker-compose.yml up
ExecStop=/usr/bin/docker-compose --file /data/server/harbor/docker-compose.yml down
[Install]
WantedBy=multi-user.target
启动服务并设置开机自启动
systemctl enable --now harbor.service
使用Harbor
使用管理员账号登录Harbor
我这里的服务器IP是192.168.139.131 主机名是harbor
使用浏览器访问http://192.168.139.131,进去登录页面,默认管理账号是admin,密码是在harbor.yml中x修改过的harbor_admin_password,输入用户名和密码后点击登录
创建普通用户
下面我们创建一个普通用户,点击左侧系统管理-用户管理,然后点击创建用户,输入信息点击确定创建用户
使用普通账号登录Harbor
点击右上角的用户名,退出,然后使用刚刚创建的普通账号登录
创建项目
点击新建项目,输入项目名称,如果想在下载镜像时不需要用户名和密码的话,访问级别就选择公开
这里项目名称可以参考镜像名称,例如swr.cn-south-1.myhuaweicloud.com/starsl.cn/nginx-consul镜像,就可以创建一个项目,名称是starsl.cn
上传镜像文件到Harbor仓库
下载镜像(能联网的机器操作)
修改docker的镜像仓库
默认docker中docker.io中下载镜像文件,一般国内是无法访问这个地址的,所以需要修改镜像仓库源
# 修改镜像仓库
vim /etc/docker/daemon.json
{
"registry-mirrors": [
"https://registry.docker-cn.com", "http://hub-mirror.c.163.com",
"https://docker.mirrors.ustc.edu.cn"
]}
# 重启docker服务
systemctl restart docker
下载镜像并保存为文件
# 下载镜像 docker pull 镜像名称:TAG 如果省略:TAG的话,默认下载latest
docker pull quay.io/ansible/awx-operator:2.10.0
# 查看镜像
docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
quay.io/ansible/awx-operator 2.10.0 081905374722 2 days ago 553MB
# 将镜像保存为文件
docker save quay.io/ansible/awx-operator:2.10.0 -o awx-operator
# 文件上传到服务器
略
上传镜像到本地仓库
修改镜像仓库
服务器上需要将我们之前配置好的Harbor仓库配置为docker的仓库,由于我们在安装Harbor的时候没有使用SSL,这里要修改一下,
# 修改镜像仓库
vim /etc/docker/daemon.json
{
"insecure-registries": ["harbor","harbor:80"],
"exec-opts": ["native.cgroupdriver=systemd"] #这一行是k8s相关的配置,不用的话可以不写,主要是提醒JSON格式一定要正确。
}
# 重启docker服务
systemctl restart docker
加载镜像
# 从文件中加载镜像
docker load -i awx-operator
# 查看镜像 可以看到quay.io/ansible/awx-operator这个镜像已经加载到服务器上了
docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
quay.io/ansible/awx-operator 2.10.0 081905374722 2 days ago 553MB
上传镜像
当镜像文件加载到本地后,其实就可以直接使用了,不过为了方便其他内网服务器也能使用这个镜像,将这个镜像上传到harbor仓库中
修改镜像tag
在镜像文件的名称中,格式是仓库地址/项目名称/镜像名称,以上面的镜像举例
quay.io/ansible/awx-operator # 完整名称
quay.io # 仓库地址(可省略)
ansible # 项目名称
awx-operator # 镜像名称
那么要将镜像上传到harbor仓库的话,就需要修改镜像的名称,将仓库地址修改为harbor仓库地址,使用以下命令修改
# 这里在harbor仓库名后面加了:80,是由于仓库地址是可以省略的,如果第一位不带域名或者端口号,会默认在前面加上docker.io去上传镜像。所以之前在配置harbor的时候建议使用带域名的主机名,当然,不带域名也能用,在镜像名中加上端口号也可以。
docker tag quay.io/ansible/awx-operator:2.10.0 harbor:80/ansible/awx-operator:2.10.0
批量修改镜像tag的小技巧
# 查询所有包含registry.aliyuncs.com仓库名称的镜像
# 将registry.aliyuncs.com修改为harbor:80
docker images |grep registry.aliyuncs.com|awk '{printf "docker tag "$1":"$2" ",gsub(/registry.aliyuncs.com/,"harbor:80",$1);print $1":"$2}'|bash
# 删除所有registry.aliyuncs.com的镜像
docker images |grep "registry.aliyuncs.com" |awk '{print "docker image rm "$1":"$2" "}'|bash
上传镜像
在上传镜像之前,记得在网页上创建好对应名称的项目
# 登录镜像仓库
docker login harbor -u test
# 上传镜像
docker push harbor:80/ansible/awx-operator:2.10.0
注意事项
在部署harbor时,尽量使用带域名的主机名,如果只用短主机名而不带域名的话,需要在修改镜像tag时加上端口号,否则会默认上传到docker.io仓库,无法正常上传镜像。
