通過harbor搭建私有docker registry

流程：
- 安裝docker
- 安裝docker-compose
- 安裝harbor
- 修改docker啟動選項，使默認docker login為http
- 簡單使用示例
系統環境：
- CentOS 7.4.1708
- docker-ce 18.06.0-ce (client/server)
- docker-compose 1.16.1
  - 安裝路徑：/usr/local/bin/
- harbor v1.6.0
  - 安裝路徑：/usr/local/harbor/

一. 安裝docker

配置yum源
- 在/etc/yum.repos.d/目錄下創建docker.repo文件，並添加以下內容

[docker]
name=docker
enabled=1
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/x86_64/stable/
gpgcheck=0
enabled=1
複制代碼

執行以下命令安裝docker-ce，等待安裝完成即可

[[email protected] ~]# yum install -y docker-ce
複制代碼

二. 安裝docker-compose

下載二進制文件至指定路徑下、給予執行權限（不翻牆死慢）

curl -L https://github.com/docker/compose/releases/download/1.16.1/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
chmod + x /usr/local/bin/docker-compose
複制代碼

也可到github.com/docker/comp…
執行docker-compose需在包含docker-compose.yml（harbor自帶該文件）的目錄
驗證docker-compose是否安裝好

[[email protected] ~]# docker-compose version
docker-compose version 1.16.1, build 6d1ac21
docker-py version: 2.5.1
CPython version: 2.7.13
OpenSSL version: OpenSSL 1.0.1t 3 May 2016
複制代碼

卸載docker-compose

rm -rf /usr/local/bin/docker-compose
複制代碼

三. 安裝 Harbor

系統需求：
- docker：1.10.0+
- docker-compose：1.6.0+
- Python：2.7或更高
- Openssl：若使用https方式，需安裝最新版

1. 下載harbor安裝包

- Online installer:
- 下載鏈接：https://storage.googleapis.com/harbor-releases/harbor-offline-installer-v1.5.2.tgz
- md5: 49f5ce1cab8125e59d45af305b8f46fe
- Offline installer:
- 下載鏈接：https://storage.googleapis.com/harbor-releases/harbor-online-installer-v1.5.2.tgz
- md5: abd7a80c052cc10b3346062f65f96b96
複制代碼

2. 解壓安裝包至/usr/local/harbor/目錄下

3. 編輯harbor.cfg文件：

必須項：

hostname = reg.73go.com #IP地址或FQDN
ui_url_protocol = http
#通訊協議。默認docker pull/push通訊協議為https。若為https，需配置證書。
max_job_workers = 50 #最大工作進程（默認值）
db_password = root123 #harbor數據密碼（默認值）
customize_crt = on #默認on：准備脚本為registry的令牌的生成/驗證創建私鑰和根證書。
#off ：密鑰和根證書由外部存儲提供
ssl_cert = /data/cert/server.crt #SSL證書的路徑，僅在ui_url_protocol為https時有效
ssl_cert_key = /data/cert/server.key #SSL密鑰的路徑，僅在ui_url_protocol為https時有效
secretkey_path = /data #The path of secretkey storage
log_rotate_count = 50 #日志輪轉次數（保留多少次輪轉日志，使用默認值）
log_rotate_size = 200M #日志達到多大時執行輪轉操作（使用默認值）
複制代碼

可選項：

self_registration = off #禁止用戶注册
project_creation_restriction = adminonly #設置只有管理員可以創建項目
harbor_admin_password = centos #網頁登錄管理帳號的密碼，默認賬號密碼為：admin/Harbor12345
複制代碼

郵箱設置：
- 只有此處設置了郵箱設置，才允許用戶發送“密碼重置”電子郵件

email_server = smtp.mydomain.com
email_server_port = 25
email_identity =
email_username = [email protected]
email_password = abc
email_from = admin [email protected]
email_ssl = false
email_insecure = false
複制代碼

4. 執行安裝脚本

這是已經安裝過又執行一次的結果，可以下載離線安裝包，也可以用鏡像加速。

[[email protected] ~]# cd /usr/local/harbor/
[[email protected] harbor]# ./install.sh
[Step 0]: checking installation environment ...
Note: docker version: 18.06.0
Note: docker-compose version: 1.16.1
[Step 1]: preparing environment ...
Clearing the configuration file: ./common/config/adminserver/env
Clearing the configuration file: ./common/config/ui/env
Clearing the configuration file: ./common/config/ui/app.conf
Clearing the configuration file: ./common/config/ui/private_key.pem
Clearing the configuration file: ./common/config/db/env
Clearing the configuration file: ./common/config/jobservice/env
Clearing the configuration file: ./common/config/jobservice/config.yml
Clearing the configuration file: ./common/config/registry/config.yml
Clearing the configuration file: ./common/config/registry/root.crt
Clearing the configuration file: ./common/config/nginx/nginx.conf
Clearing the configuration file: ./common/config/log/logrotate.conf
loaded secret from file: /data/secretkey
Generated configuration file: ./common/config/nginx/nginx.conf
Generated configuration file: ./common/config/adminserver/env
Generated configuration file: ./common/config/ui/env
Generated configuration file: ./common/config/registry/config.yml
Generated configuration file: ./common/config/db/env
Generated configuration file: ./common/config/jobservice/env
Generated configuration file: ./common/config/jobservice/config.yml
Generated configuration file: ./common/config/log/logrotate.conf
Generated configuration file: ./common/config/jobservice/config.yml
Generated configuration file: ./common/config/ui/app.conf
Generated certificate, key file: ./common/config/ui/private_key.pem, cert file: ./common/config/registry/root.crt
The configuration files are ready, please use docker-compose to start the service.
[Step 2]: checking existing instance of Harbor ...
Note: stopping existing Harbor instance ...
Removing nginx ... done
Removing harbor-jobservice ... done
Removing harbor-ui ... done
Removing redis ... done
Removing harbor-adminserver ... done
Removing registry ... done
Removing harbor-db ... done
Removing harbor-log ... done
Removing network harbor_harbor
[Step 3]: starting Harbor ...
Creating network "harbor_harbor" with the default driver
Creating harbor-log ...
Creating harbor-log ... done
Creating harbor-db ...
Creating redis ...
Creating harbor-adminserver ...
Creating registry ...
Creating harbor-db
Creating redis
Creating registry
Creating harbor-db ... done
Creating harbor-ui ...
Creating harbor-ui ... done
Creating harbor-jobservice ...
Creating nginx ...
Creating nginx
Creating nginx ... done
----Harbor has been installed and started successfully.----
Now you should be able to visit the admin portal at http://reg.73go.com.
For more details, please visit https://github.com/vmware/harbor .
複制代碼

5. 查看安裝好的harbor

[[email protected] harbor]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
45c849240289 vmware/harbor-jobservice:v1.5.2 "/harbor/start.sh" 2 minutes ago Up 2 minutes harbor-jobservice
24df8c8d740e vmware/nginx-photon:v1.5.2 "nginx -g 'daemon of…" 2 minutes ago Up 2 minutes (healthy) 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp nginx
49a2e63d33eb vmware/harbor-ui:v1.5.2 "/harbor/start.sh" 2 minutes ago Up 2 minutes (healthy) harbor-ui
44edfc92d5c2 vmware/harbor-adminserver:v1.5.2 "/harbor/start.sh" 2 minutes ago Up 2 minutes (healthy) harbor-adminserver
a2d2f2a08e77 vmware/registry-photon:v2.6.2-v1.5.2 "/entrypoint.sh serv…" 2 minutes ago Up 2 minutes (healthy) 5000/tcp registry
229dddfc0e34 vmware/redis-photon:v1.5.2 "docker-entrypoint.s…" 2 minutes ago Up 2 minutes 6379/tcp redis
97ac1f88d6a7 vmware/harbor-db:v1.5.2 "/usr/local/bin/dock…" 2 minutes ago Up 2 minutes (healthy) 3306/tcp harbor-db
d96f1ce61867 vmware/harbor-log:v1.5.2 "/bin/sh -c 'crond &…" 2 minutes ago Up 2 minutes 514/tcp, 127.0.0.1:1514->10514/tcp harbor-log
複制代碼

四. 用docker-compose管理harbor

docker-compose命令注釋

docker-compose
Define and run multi-container applications with Docker.
#定義並運行多個docker容器
Usage:
docker-compose [-f <arg>...] [options] [COMMAND] [ARGS...]
docker-compose -h|--help
Options:
-f, --file FILE Specify an alternate compose file (default: docker-compose.yml)
#指定配置文件，默認當前目錄下docker-compose.yml
--verbose Show more output
-v, --version Print version and exit
Commands:
down Stop and remove containers, networks, images, and volumes
#停止並删除容器、網絡、docker鏡像和卷組
kill Kill containers #關閉容器
logs View output from containers #顯示容器的日志
pause Pause services #暫停服務
ps List containers #顯示容器列錶
pull Pull service images #下載一個服務鏡像
push Push service images #推送一個服務鏡像至服務器
restart Restart services #重啟鏡像
rm Remove stopped containers #删除停止的窗口
run Run a one-off command #運行一個停止的命令
start Start services #啟動服務
stop Stop services #停止服務
top Display the running processes #顯示運行中的進程
unpause Unpause services #恢複暫停中的服務
up Create and start containers #創建並運行一個容器
version Show the Docker-Compose version information #顯示docker-compose的版本
複制代碼

docker-compose命令運行時需要配置文件docker-compose.yml，該文件在harbor目錄下，故運行docker-compose命令需要在/usr/local/harbor目錄。也可用-f選項指定compose文件。

例：使用-f參數指定docker-compose.yml文件

[[email protected] ~]# docker-compose -f /usr/local/harbor/docker-compose.yml ps
Name Command State Ports
------------------------------------------------------------------------------------------------------------------------------
harbor-adminserver /harbor/start.sh Up
harbor-db /usr/local/bin/docker-entr ... Up 3306/tcp
harbor-jobservice /harbor/start.sh Up
harbor-log /bin/sh -c crond && rsyslo ... Up 127.0.0.1:1514->10514/tcp, 514/tcp
harbor-ui /harbor/start.sh Up
nginx nginx -g daemon off; Up 0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp, 0.0.0.0:80->80/tcp
redis docker-entrypoint.sh redis ... Up 6379/tcp
registry /entrypoint.sh serve /etc/ ... Up 5000/tcp
複制代碼

例：不指定docker-compose.yml文件時會報錯

[[email protected] ~]# docker-compose ps
ERROR:
Can't find a suitable configuration file in this directory or any
parent. Are you in the right directory?
Supported filenames: docker-compose.yml, docker-compose.yaml
複制代碼

使用docker-compose管理容器：

[[email protected] harbor]# docker-compose ps #查看運行中的容器
Name Command State Ports
------------------------------------------------------------------------------------------------------------------------------
harbor-adminserver /harbor/start.sh Up
harbor-db /usr/local/bin/docker-entr ... Up 3306/tcp
harbor-jobservice /harbor/start.sh Up
harbor-log /bin/sh -c crond && rsyslo ... Up 127.0.0.1:1514->10514/tcp, 514/tcp
harbor-ui /harbor/start.sh Up
nginx nginx -g daemon off; Up 0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp, 0.0.0.0:80->80/tcp
redis docker-entrypoint.sh redis ... Up 6379/tcp
registry /entrypoint.sh serve /etc/ ... Up 5000/tcp
複制代碼

[[email protected] harbor]# docker-compose stop #關閉harbor各容器
Stopping harbor-jobservice ... done
Stopping nginx ... done
Stopping harbor-ui ... done
Stopping harbor-adminserver ... done
Stopping registry ... done
Stopping redis ... done
Stopping harbor-db ... done
Stopping harbor-log ... done
[[email protected] harbor]# docker-compose ps #查看當前各harbor container狀態
Name Command State Ports
----------------------------------------------------------------------
harbor-adminserver /harbor/start.sh Exit 137
harbor-db /usr/local/bin/docker-entr ... Exit 0
harbor-jobservice /harbor/start.sh Exit 137
harbor-log /bin/sh -c crond && rsyslo ... Exit 137
harbor-ui /harbor/start.sh Exit 137
nginx nginx -g daemon off; Exit 0
redis docker-entrypoint.sh redis ... Exit 0
registry /entrypoint.sh serve /etc/ ... Exit 137
[[email protected] harbor]# docker-compose start #該命令運行時會報錯，用restart就可以。
Starting log ... done
Starting redis ... error
Starting adminserver ... error
Starting registry ... error
Starting ui ... error
Starting mysql ... error
Starting jobservice ... error
Starting proxy ... error
ERROR: for mysql Cannot start service mysql: failed to initialize logging driver: dial tcp 127.0.0.1:1514: connect: connection refused
ERROR: for redis Cannot start service redis: failed to initialize logging driver: dial tcp 127.0.0.1:1514: connect: connection refused
ERROR: for registry Cannot start service registry: failed to initialize logging driver: dial tcp 127.0.0.1:1514: connect: connection refused
ERROR: for adminserver Cannot start service adminserver: failed to initialize logging driver: dial tcp 127.0.0.1:1514: connect: connection refused
複制代碼

關於服務啟動報錯的原因：

guy-hub該項目issue上有提到這個問題的，原因是日志服務未先啟動而其它服務需要先到日志服務器注册，所以會造成端口訪問拒絕。解决方法沒有，答主只說後續會關注。

[[email protected] harbor]# docker-compose restart #使用restart可以正常啟動，但是有時也會報錯，多來兩次就好了。
Restarting harbor-jobservice ... done
Restarting nginx ... done
Restarting harbor-ui ... done
Restarting harbor-adminserver ... done
Restarting registry ... done
Restarting redis ... done
Restarting harbor-db ... done
Restarting harbor-log ... done
複制代碼

五. 測試訪問harbor

在瀏覽器輸入 reg.73go.com，請大家根據自己的配置情况輸入訪問的域名；
默認賬號密碼： admin / Harbor12345 登錄後修改密碼

六. 測試上傳和下載鏡像

docker registry通訊協議默認為https，需要配置證書。若未配置證書，需要做以下修改：

[[email protected] ~]# vim /usr/lib/systemd/system/docker.service
ExecStart=/usr/bin/dockerd --insecure-registry reg.73go.com
#在ExecStart後面加上--insecure-registry reg.73go.com
#後面的reg.73go.com為harbor.cfg中hostname配置的值
複制代碼

重載systemd並重啟docker

# systemctl daemon-reload
# systemctl restart docker
複制代碼

創建一個Dockerfile文件

[[email protected] ~]# mkdir test
[[email protected] ~]# cd test/
[[email protected] test]# vim Dockerfile
# vim Dockerfile
FROM centos:centos7.1.1503
ENV TZ "Asia/Shanghai"
複制代碼

創建鏡像

[[email protected] test]# docker build -t reg.73go.com/library/centos7.1:v0.1 ./
Sending build context to Docker daemon 2.048kB
Step 1/2 : FROM centos:centos7.1.1503
---> fbe8925ecf55
Step 2/2 : ENV TZ "Asia/Shanghai"
---> Using cache
---> 930eec2ed889
Successfully built 930eec2ed889
Successfully tagged reg.73go.com/library/centos7.1:v0.1
複制代碼

登錄到reg.73go.com並push鏡像

[[email protected] harbor]# docker login reg.73go.com
Authenticating with existing credentials...
#以現有證書認證
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
#警告！你的密碼會以明文保存在/root/.docker/config.json
Configure a credential helper to remove this warning. See
#配置證書就會不再顯示該警告
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
#詳情請看這網址
Login Succeeded
#登錄成功
[[email protected] harbor]# docker tag 9432976b676f reg.73go.com/library/swaggerapi/swagger-ui:latest
#給已存在的鏡像打標簽
[[email protected] harbor]# docker push reg.73go.com/library/swaggerapi/swagger-ui:latest
#把打好標簽的鏡像push至私有registry
The push refers to repository [reg.73go.com/library/swaggerapi/swagger-ui]
47c77f5f4ee4: Pushed
ab4588773347: Pushed
5382149040dc: Pushed
a8d7d0b05699: Pushed
a9031380f2d7: Pushed
7105cc56962c: Pushed
latest: digest: sha256:0b5457c35fa0b21c08780dd84afe3f27525bee462261dff9b8e08a1e70414109 size: 1571
複制代碼

驗證鏡像文件是否已push至私有registry

打好標簽的鏡像文件已保存至reg.73go.com的library下

用局域網中另外一臺機器下載鏡像

安裝docker
修改/usr/lib/systemd/system/docker.service
點擊圖中圖標即可複制docker pull命令，至shell下粘貼即可。

[[email protected] ~]# docker pull reg.73go.com/library/swaggerapi/swagger-ui:latest
#命令中的內容是由上圖中直接複制而來，不必進行任何修改。
latest: Pulling from library/swaggerapi/swagger-ui
f4900964ff56: Pull complete
6f8087d9ed5d: Pull complete
31023fcfba5a: Pull complete
8c462391de19: Pull complete
ba9c0a3c3f9a: Pull complete
6a4540734666: Pull complete
Digest: sha256:0b5457c35fa0b21c08780dd84afe3f27525bee462261dff9b8e08a1e70414109
Status: Downloaded newer image for reg.73go.com/library/swaggerapi/swagger-ui:latest
[[email protected] ~]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
reg.73go.com/library/centos7.1 0.1 930eec2ed889 23 hours ago 212MB
reg.73go.com/library/swaggerapi/swagger-ui latest 9432976b676f 6 days ago 15.4MB
複制代碼