1.Docker部署
安装yum-utils包(包含 yum-config-manager应用)
# yum install -y yum-utils device-mapper-persistent-data lvm2
安装docker-ce.repo
# yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
开启nightly repositories
# yum-config-manager --enable docker-ce-nightly
开启test repositories
# yum-config-manager --enable docker-ce-test
安装指定版本的docker-ce,确认docker-ce-cli也部署了
# yum list docker-ce --showduplicates | sort -r
docker-ce.x86_64 3:23.0.0~rc.1-1.el8 docker-ce-test
docker-ce.x86_64 3:23.0.0~beta.1-1.el8 docker-ce-test
docker-ce.x86_64 3:22.06.0~beta.0-1.el8 docker-ce-test
docker-ce.x86_64 3:20.10.9-3.el8 docker-ce-test
docker-ce.x86_64 3:20.10.9-3.el8 docker-ce-stable
docker-ce.x86_64 3:20.10.8-3.el8 docker-ce-test
# yum install docker-ce-20.10.9
启动docker服务并设置自启动
# systemctl start docker.service
# systemctl enable docker.service
验证docker安装
# docker run hello-world
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
2db29710123e: Pull complete
Digest: sha256:aa0cc8055b82dc2509bed2e19b275c8f463506616377219d9642221ab53cf9fe
Status: Downloaded newer image for hello-world:latest
Hello from Docker!
This message shows that your installation appears to be working correctly.
To generate this message, Docker took the following steps:
1. The Docker client contacted the Docker daemon.
2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
(amd64)
3. The Docker daemon created a new container from that image which runs the
executable that produces the output you are currently reading.
4. The Docker daemon streamed that output to the Docker client, which sent it
to your terminal.
To try something more ambitious, you can run an Ubuntu container with:
$ docker run -it ubuntu bash
Share images, automate workflows, and more with a free Docker ID:
https://hub.docker.com/
For more examples and ideas, visit:
https://docs.docker.com/get-started/
2.配置Docker加速器
登录aliyun镜像加速器,获取镜像加速器地址信息
# tee /etc/docker/daemon.json <<-'EOF'
> {
> "registry-mirrors": ["https://lg384hnd.mirror.aliyuncs.com"]
> }
> EOF
{
"registry-mirrors": ["https://lg384hnd.mirror.aliyuncs.com"]
}
重新加载docker服务
# systemctl daemon-reload
# systemctl restart docker
查看加速器配置情况
# docker info
3.安装 Harbor
Harbor在物理机上部署是非常难的,而为了简化Harbor的应用,Harbor官方直接把Harbor做成了在容器中运行的应用,而且这个容器在Harbor中依赖类似redis、mysql、pgsql等很多存储系统,所以它需要编排很多容器协同起来工作,因此VMWare Harbor在部署和使用时,需要借助于Docker的单机编排工具( Docker compose)来实现。
Compose 是一个用于定义和运行多容器 Docker 应用程序的工具。使用 Compose,您可以使用 YAML 文件来配置应用程序的服务。然后,使用单个命令,从配置创建并启动所有服务。
安装docker-compose
# curl -L "https://github.com/docker/compose/releases/download/v2.15.1/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
# cd /usr/local/bin/
# ll docker-compose
# chmod +x docker-compose
# docker-compose --version
docker-compose version 2.15.1, build d4451659
# ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose
安装 harbor
# wget -c https://github.com/goharbor/harbor/releases/download/v2.3.2/harbor-offline-installer-v2.3.2.tgz
# tar xf harbor-offline-installer-v2.3.2.tgz
# cd harbor
# docker load -i harbor.v2.3.2.tar.gz
Loaded image: goharbor/redis-photon:v2.3.2
Loaded image: goharbor/nginx-photon:v2.3.2
Loaded image: goharbor/harbor-portal:v2.3.2
Loaded image: goharbor/trivy-adapter-photon:v2.3.2
Loaded image: goharbor/chartmuseum-photon:v2.3.2
Loaded image: goharbor/notary-signer-photon:v2.3.2
Loaded image: goharbor/harbor-core:v2.3.2
Loaded image: goharbor/harbor-log:v2.3.2
Loaded image: goharbor/harbor-registryctl:v2.3.2
Loaded image: goharbor/harbor-exporter:v2.3.2
Loaded image: goharbor/notary-server-photon:v2.3.2
Loaded image: goharbor/prepare:v2.3.2
Loaded image: goharbor/harbor-db:v2.3.2
Loaded image: goharbor/harbor-jobservice:v2.3.2
Loaded image: goharbor/registry-photon:v2.3.
# ls
common.sh harbor.v2.3.2.tar.gz harbor.yml.tmpl install.sh LICENSE prepare
设置主机名
# echo "172.26.37.126 docker" >> /etc/hosts
# ping docker
PING docker (172.26.37.126) 56(84) bytes of data.
64 bytes from docker (172.26.37.126): icmp_seq=1 ttl=64 time=0.231 ms
64 bytes from docker (172.26.37.126): icmp_seq=2 ttl=64 time=0.069 ms
修改harbor配置文件
# cp harbor.yml.tmpl harbor.yml
# vi harbor.yml
# diff harbor.yml.tmpl harbor.yml
5c5
< hostname: reg.mydomain.com
---
> hostname: docker // 添加主机名
13,18c13,18
< https: // 注释掉证书,不使用证书就需要注释
< # https port for harbor, default is 443
< port: 443 // 注释
< # The path of cert and key files for nginx
< certificate: /your/certificate/path // 注释
< private_key: /your/private/key/path // 注释
---
> #https:
> # # https port for harbor, default is 443
> # port: 443
> # # The path of cert and key files for nginx
> # certificate: /your/certificate/path
> # private_key: /your/private/key/path
注意data目录:data_volume: /data
注意默认密码:harbor_admin_password: Harbor12345
创建目录
# mkdir -p /data /var/log/harbor
安装前检测
# ./prepare
prepare base dir is set to /root/harbor
WARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. Please make sure to upgrade to https
Generated configuration file: /config/portal/nginx.conf
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/registryctl/config.yml
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
Generated and saved secret to file: /data/secret/keys/secretkey
Successfully called func: create_root_cert
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir
安装
./install.sh
[Step 0]: checking if docker is installed ...
[Step 1]: checking docker-compose is installed ...
[Step 2]: loading Harbor images ...
[Step 3]: preparing environment ...
[Step 4]: preparing harbor configs ...
[Step 5]: starting Harbor ...
Creating network "harbor_harbor" with the default driver
Creating harbor-log ... done
Creating registry ... done
Creating harbor-db ... done
Creating registryctl ... done
Creating redis ... done
Creating harbor-portal ... done
Creating harbor-core ... done
Creating harbor-jobservice ... done
Creating nginx ... done
✔----Harbor has been installed and started successfully.----
# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
3fecf91546bc goharbor/harbor-jobservice:v2.3.2 "/harbor/entrypoint.鈥 3 minutes ago Up 3 minutes (healthy) harbor-jobservice
49d49cbac2c6 goharbor/nginx-photon:v2.3.2 "nginx -g 'daemon of鈥 3 minutes ago Up 3 minutes (healthy) 0.0.0.0:80->8080/tcp, :::80->8080/tcp nginx
568310d7122b goharbor/harbor-core:v2.3.2 "/harbor/entrypoint.鈥 3 minutes ago Up 3 minutes (healthy) harbor-core
c2adc20a3d2d goharbor/harbor-portal:v2.3.2 "nginx -g 'daemon of鈥 3 minutes ago Up 3 minutes (healthy) harbor-portal
38d7f57f58e8 goharbor/harbor-db:v2.3.2 "/docker-entrypoint.鈥 3 minutes ago Up 3 minutes (healthy) harbor-db
605bbb3e7f25 goharbor/redis-photon:v2.3.2 "redis-server /etc/r鈥 3 minutes ago Up 3 minutes (healthy) redis
1229c30f7581 goharbor/registry-photon:v2.3.2 "/home/harbor/entryp鈥 3 minutes ago Up 3 minutes (healthy) registry
0f481db488ac goharbor/harbor-registryctl:v2.3.2 "/home/harbor/start.鈥 3 minutes ago Up 3 minutes (healthy) registryctl
f06f459592c6 goharbor/harbor-log:v2.3.2 "/bin/sh -c /usr/loc鈥 3 minutes ago Up 3 minutes (healthy) 127.0.0.1:1514->10514/tcp harbor-log
# ll common docker-compose.yml
-rw-r--r--. 1 root root 5996 Jan 12 20:07 docker-compose.yml
common:
total 0
drwxr-xr-x. 11 root root 133 Jan 12 20:05 config
# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 127.0.0.1:1514 0.0.0.0:*
LISTEN 0 128 0.0.0.0:80 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:80 [::]:*
LISTEN 0 128 [::]:22 [::]:*
4.Web页面操作Harbor
1)使用系统账号登录
User:admin
Passwd:略
2)用户管理:创建用户
略
3)创建项目
harbor.png
5.Push Harbor仓库测试
配置Docker insecure-registries
修改docker启动insecure-registry地址
# cp -p /usr/lib/systemd/system/docker.service /usr/lib/systemd/system/docker.service.20230112
# vi /usr/lib/systemd/system/docker.service
# diff /usr/lib/systemd/system/docker.service /usr/lib/systemd/system/docker.service.20230112
13c13
< ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --insecure-registry=172.26.37.126:80
---
> ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
重启docker
# systemctl daemon-reload
# systemctl restart docker
docker登录Harbor测试
# docker login 172.26.37.126:80
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
docker push镜像到Harbor
查看镜像
# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
hello-world latest feb5d9fea6a5 15 months ago 13.3kB
tag镜像
# docker tag hello-world:latest 172.26.37.126:80/cmdb/hello-world:latest
查看镜像
# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
hello-world latest feb5d9fea6a5 15 months ago 13.3kB
172.26.37.126:80/cmdb/hello-world latest feb5d9fea6a5 15 months ago 13.3kB
push镜像
# docker push 172.26.37.126:80/cmdb/hello-world
Using default tag: latest
The push refers to repository [172.26.37.126:80/cmdb/hello-world]
e07ee1baac5f: Pushed
latest: digest: sha256:f54a58bc1aac5ea1a25d796ae155dc228b3f0e11d046ae276b39c4bf2f13d8c4 size: 525
Harbor仓库中查看push的镜像
harbor2.png
6.Harbor开机自启动配置
确认重启命令
# cd harbor/
# pwd
/root/harbor
停止harbor
# docker-compose stop
启动harbor
# docker-compose start
Starting log ... done
Starting registry ... done
Starting registryctl ... done
Starting postgresql ... done
Starting portal ... done
Starting redis ... done
Starting core ... done
Starting jobservice ... done
Starting proxy ... done
查看harbor启动状况,并登录web页面确认
# docker ps
创建自启动相关文件
新建启动脚本
# vim harbor_enable.sh
插入以下内容
# !/bin/bash
cd /root/harbor
docker-compose start
启动脚本赋予可执行权限
# chmod +x harbor_enable.sh
# ll harbor_enable.sh
-rwxr-xr-x. 1 root root 52 Jan 13 01:28 harbor_enable.sh
修改自启动文件
# vim /etc/rc.local
插入如下内容
/bin/bash /root/harbor/harbor_enable.sh
# ll /etc/rc.local
lrwxrwxrwx. 1 root root 13 Apr 19 2022 /etc/rc.local -> rc.d/rc.local
# ll /etc/rc.d/rc.local
-rw-r--r--. 1 root root 514 Jan 13 01:30 /etc/rc.d/rc.local
# chmod +x /etc/rc.local
# ll /etc/rc.d/rc.local
-rwxr-xr-x. 1 root root 514 Jan 13 01:30 /etc/rc.d/rc.local
重启服务器并查看启动后Harbor状况
重启服务器
# reboot
查看容器状况
# docker ps
登录Harbor web页面确认
7.问题处理
1)docker服务重启导致harbor-core无法正常完成启动
docker服务重启后,harbor-core状态为(health: starting)
# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
49d49cbac2c6 goharbor/nginx-photon:v2.3.2 "nginx -g 'daemon of鈥 4 hours ago Up 2 minutes (healthy) 0.0.0.0:80->8080/tcp, :::80->8080/tcp nginx
568310d7122b goharbor/harbor-core:v2.3.2 "/harbor/entrypoint.鈥 4 hours ago Up 16 seconds (health: starting) harbor-core
c2adc20a3d2d goharbor/harbor-portal:v2.3.2 "nginx -g 'daemon of鈥 4 hours ago Up 2 minutes (healthy) harbor-portal
38d7f57f58e8 goharbor/harbor-db:v2.3.2 "/docker-entrypoint.鈥 4 hours ago Up 2 minutes (healthy) harbor-db
1229c30f7581 goharbor/registry-photon:v2.3.2 "/home/harbor/entryp鈥 4 hours ago Up 2 minutes (healthy) registry
f06f459592c6 goharbor/harbor-log:v2.3.2 "/bin/sh -c /usr/loc鈥 4 hours ago Up 2 minutes (healthy) 127.0.0.1:1514->10514/tcp harbor-log
进入harbor目录
# cd ~/harbor
使用docker-compose来重启容器
# docker-compose up -d
查看各个容器状况
# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
3fecf91546bc goharbor/harbor-jobservice:v2.3.2 "/harbor/entrypoint.鈥 4 hours ago Up About a minute (healthy) harbor-jobservice
49d49cbac2c6 goharbor/nginx-photon:v2.3.2 "nginx -g 'daemon of鈥 4 hours ago Up 4 minutes (healthy) 0.0.0.0:80->8080/tcp, :::80->8080/tcp nginx
568310d7122b goharbor/harbor-core:v2.3.2 "/harbor/entrypoint.鈥 4 hours ago Up About a minute (healthy) harbor-core
c2adc20a3d2d goharbor/harbor-portal:v2.3.2 "nginx -g 'daemon of鈥 4 hours ago Up 4 minutes (healthy) harbor-portal
38d7f57f58e8 goharbor/harbor-db:v2.3.2 "/docker-entrypoint.鈥 4 hours ago Up 4 minutes (healthy) harbor-db
605bbb3e7f25 goharbor/redis-photon:v2.3.2 "redis-server /etc/r鈥 4 hours ago Up About a minute (healthy) redis
1229c30f7581 goharbor/registry-photon:v2.3.2 "/home/harbor/entryp鈥 4 hours ago Up 4 minutes (healthy) registry
0f481db488ac goharbor/harbor-registryctl:v2.3.2 "/home/harbor/start.鈥 4 hours ago Up About a minute (healthy) registryctl
f06f459592c6 goharbor/harbor-log:v2.3.2 "/bin/sh -c /usr/loc鈥 4 hours ago Up 4 minutes (healthy) 127.0.0.1:1514->10514/tcp harbor-log
参考URL:
https://github.com/goharbor/harbor/releases/
https://github.com/goharbor/harbor
https://goharbor.io/docs/2.7.0/install-config/
https://docs.docker.com/compose/
https://cr.console.aliyun.com/cn-hangzhou/instances/mirrors
https://github.com/docker/compose/releases
https://blog.csdn.net/qq_40213055/article/details/122997250
