Docker分布式仓库部署

Harbor 是一个用于存储和分发 Docker 镜像的企业级 Registry 服务器,由 vmware 开源,其通过添加一些企业必需的功能特性,例如安全、标识和管理等,扩展了开源 Docker Distribution。作为一个企业级私有 Registry 服务器,Harbor 提供了更 好的性能和安全。提升用户使用 Registry 构建和运行环境传输镜像的效率。Harbor 支持安装在多个 Registry 节点的镜像资源复制,镜像全部保存在私有 Registry 中, 确保数据和知识产权在公司内部网络中管控,另外,Harbor 也提供了高级的安全 特性,诸如用户管理,访问控制和活动审计等。

vmware 官方开源服务列表地址 harbor 官方 github 地址 harbor 官方网址

一. Harbor 功能介绍

基于角色的访问控制:用户与 Docker 镜像仓库通过“项目”进行组织管理,一个用户可 以对多个镜像仓库在同一命名空间(project)里有不同的权限。 镜像复制:镜像可以在多个 Registry 实例中复制(同步)。尤其适合于负载均衡,高 可用,混合云和多云的场景。 图形化用户界面:用户可以通过浏览器来浏览,检索当前 Docker 镜像仓库,管理项目 和命名空间。 AD/LDAP 支:Harbor 可以集成企业内部已有的 AD/LDAP,用于鉴权认证管理。 审计管理:所有针对镜像仓库的操作都可以被记录追溯,用于审计管理。 国际化:已拥有英文、中文、德文、日文和俄文的本地化版本。更多的语言将会添加进来。 RESTful API - RESTful API:提供给管理员对于 Harbor 更多的操控, 使得与其它管 理软件集成变得更容易。 部署简单:提供在线和离线两种安装工具, 也可以安装到 vSphere 平台(OVA 方 式)虚拟设备。

 1nginx            harbor的一个反向代理组件,代理registryuitoken等服务。这个代理会转发
 2                   harbor web和docker client的各种请求到后端服务上
 3
 4harbor-adminserverharbor系统管理接口,可以修改系统配置以及获取系统信息。
 5harbor-db         存储项目的元数据、用户、规则、复制策略等信息。
 6harbor-jobservice harbor里面主要是为了镜像仓库之前同步使用的
 7harbor-log        收集其他harbor的日志信息
 8harbor-ui         一个用户界面模块,用来管理registry
 9registry          存储docker images的服务,并且提供pull/push服务
10redis             存储缓存信息
11webhook           registry中的image状态发生变化的时候去记录更新日志、复制等操作。
12token service     docker client进行pull/push的时候负责token的发放

二. Harbor 安装

Server1 安装 Docker

1[root@docker-server-node1 ~]# wget -O /etc/yum.repos.d/docker-ce.repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
2[root@docker-server-node1 ~]# yum install docker-ce -y
3[root@docker-server-node1 ~]# systemctl start docker

Server2 安装 Docker

1[root@docker-server-node2 ~]# wget -O /etc/yum.repos.d/docker-ce.repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
2[root@docker-server-node2 ~]# yum install docker-ce -y
3[root@docker-server-node2 ~]# systemctl start docker

下载 Harbor 安装包

本次使用当前 harbor 1.7.6 离线安装包,具体名称为 harbor-offline-installer-v1.7.6.tgz

离线安装包

推荐使用离线完整安装包

1[root@docker-server-node1 ~]# cd /usr/local/src/
2[root@docker-server-node1 src]# wget https://storage.googleapis.com/harbor-releases/release-1.7.0/harbor-offline-installer-v1.7.5.tgz

在线安装包

不推荐使用在线安装包安装,需要从网络下载全部所需文件

1[root@docker-server-node1 src]# wget
2https://github.com/vmware/harbor/releases/download/v1.7.5/harbor-online-
3installer-v1.10.1.tgz

三.配置 Harbor

3.1 解压并编辑 harbor.cfg

 1[root@docker-server-node1 src]# tar -xf harbor-offline-installer-v1.7.6.tgz
 2[root@docker-server-node1 src]# ln -sv /usr/local/src/harbor /usr/local/
 3‘/usr/local/harbor’ -> ‘/usr/local/src/harbor’
 4
 5[root@docker-server-node1 src]# cd /usr/local/harbor/
 6[root@docker-server-node1 harbor]# ll
 7total 587744
 8drwxr-xr-x 3 root root        23 Feb 20 22:54 common
 9-rw-r--r-- 1 root root      3398 Feb 10 14:18 common.sh
10-rw-r--r-- 1 root root       939 Sep 12 11:27 docker-compose.chartmuseum.yml
11-rw-r--r-- 1 root root       975 Sep 12 11:27 docker-compose.clair.yml
12-rw-r--r-- 1 root root      1434 Sep 12 11:27 docker-compose.notary.yml
13-rw-r--r-- 1 root root      5608 Sep 12 11:27 docker-compose.yml
14drwxr-xr-x 2 root root        35 Feb 20 22:44 goharbor
15-rw-r--r-- 1 root root      8033 Sep 12 11:27 harbor.cfg
16-rw-r--r-- 1 root root 600483180 Sep 12 11:28 harbor.v1.7.6.tar.gz
17-rw-r--r-- 1 root root      5880 Feb 20 22:39 harbor.yml
18drwxr-xr-x 2 root root        24 Feb 20 22:44 input
19-rwxr-xr-x 1 root root      5739 Sep 12 11:27 install.sh
20-rw-r--r-- 1 root root     11347 Sep 12 11:27 LICENSE
21-rw-r--r-- 1 root root   1263409 Sep 12 11:27 open_source_license
22-rwxr-xr-x 1 root root     36337 Sep 12 11:27 prepare

3.2 更新 harbor 配置

3.2.1 首次部署更新操作

 1## 使用prepare脚本更新配置
 2[root@docker-server-node1 harbor]# ./prepare
 3Generated and saved secret to file: /data/secretkey
 4Generated configuration file: ./common/config/nginx/nginx.conf
 5Generated configuration file: ./common/config/adminserver/env
 6Generated configuration file: ./common/config/core/env
 7Generated configuration file: ./common/config/registry/config.yml
 8Generated configuration file: ./common/config/db/env
 9Generated configuration file: ./common/config/jobservice/env
10Generated configuration file: ./common/config/jobservice/config.yml
11Generated configuration file: ./common/config/log/logrotate.conf
12Generated configuration file: ./common/config/registryctl/env
13Generated configuration file: ./common/config/core/app.conf
14Generated certificate, key file: ./common/config/core/private_key.pem, cert file: ./common/config/registry/root.crt
15The configuration files are ready, please use docker-compose to start the service.

执行完毕后会在当前目录生成一个 docker-compose.yml 文件,用于配置数据目 录等配置信息。

1[root@docker-server-node1 harbor]# ll docker-compose.yml
2-rw-r--r-- 1 root root 5608 Sep 12 11:27 docker-compose.yml

3.2.2 后期修改配置操作

如果 harbor 运行一段时间之后需要更改配置,则步骤如下:

停止 harbor 编辑配置文件

1[root@docker-server-node1 harbor]# docker-compose stop
2[root@docker-server-node1 harbor]# vim harbor.cfg
3...

更新配置

 1[root@docker-server-node1 harbor]# ./prepare  # 使用该脚本更新配置,先删除,后再生成
 2Clearing the configuration file: ./common/config/adminserver/env
 3Clearing the configuration file: ./common/config/core/env
 4Clearing the configuration file: ./common/config/core/app.conf
 5Clearing the configuration file: ./common/config/core/private_key.pem
 6Clearing the configuration file: ./common/config/db/env
 7Clearing the configuration file: ./common/config/jobservice/env
 8Clearing the configuration file: ./common/config/jobservice/config.yml
 9Clearing the configuration file: ./common/config/registry/config.yml
10Clearing the configuration file: ./common/config/registry/root.crt
11Clearing the configuration file: ./common/config/registryctl/env
12Clearing the configuration file: ./common/config/registryctl/config.yml
13Clearing the configuration file: ./common/config/nginx/nginx.conf
14Clearing the configuration file: ./common/config/log/logrotate.conf
15loaded secret from file: /data/secretkey
16Generated configuration file: ./common/config/nginx/nginx.conf
17Generated configuration file: ./common/config/adminserver/env
18Generated configuration file: ./common/config/core/env
19Generated configuration file: ./common/config/registry/config.yml
20Generated configuration file: ./common/config/db/env
21Generated configuration file: ./common/config/jobservice/env
22Generated configuration file: ./common/config/jobservice/config.yml
23Generated configuration file: ./common/config/log/logrotate.conf
24Generated configuration file: ./common/config/registryctl/env
25Generated configuration file: ./common/config/core/app.conf
26Generated certificate, key file: ./common/config/core/private_key.pem, cert file: ./common/config/registry/root.crt
27The configuration files are ready, please use docker-compose to start the service.

启动 harbor

 1[root@docker-server-node1 harbor]# docker-compose start
 2Starting log         ... done
 3Starting registry    ... done
 4Starting registryctl ... done
 5Starting postgresql  ... done
 6Starting adminserver ... done
 7Starting core        ... done
 8Starting portal      ... done
 9Starting redis       ... done
10Starting jobservice  ... done
11Starting proxy       ... done

3.3 官方推荐的方式启动 harbor

3.3.1 部署

 1[root@docker-server-node1 harbor]# yum install python-pip –y
 2[root@docker-server-node1 harbor]# pip install docker-compose
 3......
 4gcc -pthread -fno-strict-aliasing -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -D_GNU_SOURCE -fPIC -fwrapv -DNDEBUG -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -D_GNU_SOURCE -fPIC -fwrapv -fPIC -I/usr/include/python2.7 -c _posixsubprocess.c -o build/temp.linux-x86_64-2.7/_posixsubprocess.o
 5    _posixsubprocess.c:16:20: fatal error: Python.h: No such file or directory  # 该错误是因为缺失python-devel
 6     #include "Python.h"
 7                        ^
 8    compilation terminated.
 9    error: command 'gcc' failed with exit status 1
10
11    ----------------------------------------
12Command "/usr/bin/python2 -u -c "import setuptools, tokenize;__file__='/tmp/pip-build-pn2G8c/subprocess32/setup.py';exec(compile(getattr(tokenize, 'open', open)(__file__).read().replace('\r\n', '\n'), __file__, 'exec'))" install --record /tmp/pip-U1nvER-record/install-record.txt --single-version-externally-managed --compile" failed with error code 1 in /tmp/pip-build-pn2G8c/subprocess32/
13You are using pip version 8.1.2, however version 20.0.2 is available.
14You should consider upgrading via the 'pip install --upgrade pip' command.
15
16## 安装python-devel
17[root@docker-server-node1 harbor]# yum install python-devel
18
19[root@docker-server-node1 harbor]# pip install docker-compose
20Collecting docker-compose
21......
22Running setup.py install for functools32 ... done
23  Running setup.py install for PyYAML ... done
24  Running setup.py install for pycparser ... done
25Successfully installed PyYAML-5.3 attrs-19.3.0 backports.shutil-get-terminal-size-1.0.0 bcrypt-3.1.7 cached-property-1.5.1 cffi-1.14.0 configparser-4.0.2 contextlib2-0.6.0.post1 cryptography-2.8 docker-4.2.0 docker-compose-1.25.4 enum34-1.1.6 functools32-3.2.3.post2 importlib-metadata-1.5.0 jsonschema-3.2.0 paramiko-2.7.1 pathlib2-2.3.5 pycparser-2.19 pynacl-1.3.0 pyrsistent-0.15.7 scandir-1.10.0 subprocess32-3.5.4 unknown-0.0.0 websocket-client-0.57.0
26
27
28[root@docker-server-node1 harbor]# ./install.sh  #官方构建harbor和启动方式,推荐此方法,会下载官方的docker 镜像
29[root@docker-server-node2 harbor]# ./install.sh
30
31[Step 0]: checking installation environment ...
32
33Note: docker version: 19.03.6
34
35Note: docker-compose version: 1.25.4
36
37[Step 1]: loading Harbor images ...
38b80136ee24a4: Loading layer [==================================================>]  34.25MB/34.25MB
391f2db9bc717e: Loading layer [==================================================>]  63.49MB/63.49MB
403ea31adb1f16: Loading layer [==================================================>]  52.48MB/52.48MB
4170134bbcd2db: Loading layer [==================================================>]  6.656kB/6.656kB
421f1b4fc154ff: Loading layer [==================================================>]  2.048kB/2.048kB
43f16fb7c6177e: Loading layer [==================================================>]   7.68kB/7.68kB
44c63d53b4b8d0: Loading layer [==================================================>]   2.56kB/2.56kB
45787514dd6c1a: Loading layer [==================================================>]   2.56kB/2.56kB
46381c81ec71b2: Loading layer [==================================================>]   2.56kB/2.56kB
47......
48[Step 2]: preparing environment ...
49Generated and saved secret to file: /data/secretkey
50Generated configuration file: ./common/config/nginx/nginx.conf
51Generated configuration file: ./common/config/adminserver/env
52Generated configuration file: ./common/config/core/env
53Generated configuration file: ./common/config/registry/config.yml
54Generated configuration file: ./common/config/db/env
55Generated configuration file: ./common/config/jobservice/env
56Generated configuration file: ./common/config/jobservice/config.yml
57Generated configuration file: ./common/config/log/logrotate.conf
58Generated configuration file: ./common/config/registryctl/env
59Generated configuration file: ./common/config/core/app.conf
60Generated certificate, key file: ./common/config/core/private_key.pem, cert file: ./common/config/registry/root.crt
61The configuration files are ready, please use docker-compose to start the service.
62
63
64[Step 3]: checking existing instance of Harbor ...
65
66
67[Step 4]: starting Harbor ...
68Creating network "harbor_harbor" with the default driver
69Creating harbor-log ... done
70Creating registry           ... done
71Creating harbor-db          ... done
72Creating registryctl        ... done
73Creating redis              ... done
74Creating harbor-adminserver ... done
75Creating harbor-core        ... done
76Creating harbor-portal      ... done
77Creating harbor-jobservice  ... done
78Creating nginx              ... done
79
80✔ ----Harbor has been installed and started successfully.----
81
82Now you should be able to visit the admin portal at http://192.168.100.19.
83For more details, please visit https://github.com/goharbor/harbor .

3.3.2 查看本地镜像

 1[root@docker-server-node2 harbor]# docker images
 2REPOSITORY                                                 TAG                 IMAGE ID            CREATED             SIZE
 3goharbor/chartmuseum-photon                                v0.8.1-v1.7.6       ca4e65cc8cbf        5 months ago        114MB
 4goharbor/harbor-migrator                                   v1.7.6              bd65976b2563        5 months ago        680MB
 5goharbor/redis-photon                                      v1.7.6              477066fd0e02        5 months ago        109MB
 6goharbor/clair-photon                                      v2.0.8-v1.7.6       a65550304aa5        5 months ago        165MB
 7goharbor/notary-server-photon                              v0.6.1-v1.7.6       1bfca6aac750        5 months ago        136MB
 8goharbor/notary-signer-photon                              v0.6.1-v1.7.6       8535add7bfa5        5 months ago        133MB
 9goharbor/harbor-registryctl                                v1.7.6              bb06dcda87fa        5 months ago        103MB
10goharbor/registry-photon                                   v2.6.2-v1.7.6       8fa930eedbea        5 months ago        87.7MB
11goharbor/nginx-photon                                      v1.7.6              fea7c162d250        5 months ago        37MB
12goharbor/harbor-log                                        v1.7.6              f9b50bc6e136        5 months ago        82.6MB
13goharbor/harbor-jobservice                                 v1.7.6              cfac2ab2d45a        5 months ago        85.1MB
14goharbor/harbor-core                                       v1.7.6              37379145c410        5 months ago        96.6MB
15goharbor/harbor-portal                                     v1.7.6              eafab006217d        5 months ago        41.7MB
16goharbor/harbor-adminserver                                v1.7.6              2d91210e25ed        5 months ago        73.3MB

3.3.3 查看本地端口

 1[root@docker-server-node2 harbor]# ss -ntl
 2State      Recv-Q Send-Q                 Local Address:Port            Peer Address:Port
 3LISTEN     0      100                        127.0.0.1:25                         *:*
 4LISTEN     0      128                        127.0.0.1:9000                       *:*
 5LISTEN     0      1024                       127.0.0.1:1514                       *:*
 6LISTEN     0      50                                 *:3306                       *:*
 7LISTEN     0      128                                *:111                        *:*
 8LISTEN     0      128                                *:22                         *:*
 9LISTEN     0      100                            [::1]:25                      [::]:*
10LISTEN     0      1024                            [::]:443                     [::]:*
11LISTEN     0      1024                            [::]:4443                    [::]:*
12LISTEN     0      128                             [::]:111                     [::]:*
13LISTEN     0      1024                            [::]:80                      [::]:*
14LISTEN     0      128                             [::]:22                      [::]:*

3.3.4 访问 web 管理界面

Server2:192.168.100.19

Server1:192.168.100.10

3.4 非官方推荐的方式启动 harbor

1[root@docker-server-node1 harbor]# docker-compose up -d

四. 配置 docker 使用 harbor 仓库

4.1 编辑 docker 启动文件并重启

 1[root@docker-server-node2 ~]# vim /usr/lib/systemd/system/docker.service
 2[Service]
 3Type=notify
 4# the default is not to use systemd for cgroups because the delegate issues still
 5# exists and systemd currently does not support the cgroup feature set required
 6# for containers run by docker
 7ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --insecure-registry 192.168.100.19:5000 --insecure-registry 192.168.100.10:5000
 8ExecReload=/bin/kill -s HUP $MAINPID
 9TimeoutSec=0
10RestartSec=2
11Restart=always
12
13[root@docker-server-node2 harbor]# systemctl daemon-reload
14[root@docker-server-node2 harbor]# systemctl restart docker
15[root@docker-server-node2 harbor]# docker-compose start

4.2 验证能否登陆

1[root@docker-server-node1 harbor]# docker login 192.168.100.19
2Username: admin
3Password:
4WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
5Configure a credential helper to remove this warning. See
6https://docs.docker.com/engine/reference/commandline/login/#credentials-store
7
8Login Succeeded

4.3 测试上传镜像

将之前单机仓库构构建的 Nginx 镜像上传到 harbor 服务器用于测试

 1## 贴tag
 2[root@docker-server-node1 harbor]# docker tag alpine:latest 192.168.100.10/library/alpine:latest
 3
 4## 登录
 5[root@docker-server-node1 harbor]# docker login 192.168.100.19
 6Username: admin
 7Password:
 8WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
 9Configure a credential helper to remove this warning. See
10https://docs.docker.com/engine/reference/commandline/login/#credentials-store
11
12Login Succeeded
13
14## 上传
15[root@docker-server-node2 harbor]# docker push 192.168.100.19/library/alpine:latest
16The push refers to repository [192.168.100.19/library/alpine]
175216338b40a7: Pushed
18latest: digest: sha256:ddba4d27a7ffc3f86dd6c2f92041af252a1f23a8e742c90e6e1297bfa1bc0c45 size: 528

web 界面确认

4.4 测试从 harbor 下载镜像使用

需要从 192.168.100.19 下载的 dockerd 都需要改启动文件加上 –insecure-registry 选项

 1[root@docker-server-node2 ~]# vim /usr/lib/systemd/system/docker.service
 2[Service]
 3Type=notify
 4# the default is not to use systemd for cgroups because the delegate issues still
 5# exists and systemd currently does not support the cgroup feature set required
 6# for containers run by docker
 7ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --insecure-registry 192.168.100.19:5000 --insecure-registry 192.168.100.10:5000
 8ExecReload=/bin/kill -s HUP $MAINPID
 9TimeoutSec=0
10RestartSec=2
11Restart=always
12
13[root@docker-server-node2 harbor]# systemctl daemon-reload
14[root@docker-server-node2 harbor]# systemctl restart docker
15[root@docker-server-node2 harbor]# docker-compose start

测试下载,点击复制 pull 命令

 1[root@docker-server-node2 harbor]# docker pull 192.168.100.19/library/alpine:latest
 2
 3[root@docker-server-node2 harbor]# docker pull 192.168.100.19/library/alpine:latest
 4latest: Pulling from library/alpine
 5Digest: sha256:ddba4d27a7ffc3f86dd6c2f92041af252a1f23a8e742c90e6e1297bfa1bc0c45
 6Status: Downloaded newer image for 192.168.100.19/library/alpine:latest
 7192.168.100.19/library/alpine:latest
 8
 9[root@docker-server-node2 src]# docker images
10[root@docker-server-node2 harbor]# docker images | grep alpine
11192.168.100.19/library/alpine                              latest              e7d92cdc71fe        5 weeks ago         5.59MB
12...
13
14[root@docker-server-node2 harbor]# docker run --rm -it 192.168.100.19/library/alpine:latest sh
15/ # cat /etc/issue
16Welcome to Alpine Linux 3.11
17Kernel \r on an \m (\l)
18
19/ #

五.实现 harbor 高可用

Harbor 有两种高可用实现方式:
基于共享存储实现
基于镜像复制实现

Harbor 支持基于策略的 Docker 镜像复制功能,这类似于 MySQL 的主从同步, 其可以实现不同的数据中心、不同的运行环境之间同步镜像,并提供友好的管理 界面,大大简化了实际运维中的镜像管理工作,已经有用很多互联网公司使用 harbor 搭建内网 docker 仓库的案例,并且还有实现了双向复制的案列。

5.1 新部署一台 harbor 服务器

Server1:192.168.100.10

此处 Server1 为从 Harbor,主 Harbor 为 Server2:192.168.100.19 主在向从复制镜像时,需要从 Harbor 有相同的镜像仓库名。此实验都使 用默认的 library。

部署:

 1[root@docker-server-node1 src]# pwd
 2/usr/local/src
 3[root@docker-server-node1 src]# tar xf harbor-offline-installer-v1.7.6.tgz
 4[root@docker-server-node1 local]# ln -s /usr/local/src/harbor /usr/local/harbor
 5[root@docker-server-node1 harbor]# pwd
 6/usr/local/harbor
 7[root@docker-server-node1 harbor]# ll
 8total 587744
 9drwxr-xr-x 4 root root        37 Feb 20 23:00 common
10-rw-r--r-- 1 root root      3398 Feb 10 14:18 common.sh
11-rw-r--r-- 1 root root       939 Sep 12 11:27 docker-compose.chartmuseum.yml
12-rw-r--r-- 1 root root       975 Sep 12 11:27 docker-compose.clair.yml
13-rw-r--r-- 1 root root      1434 Sep 12 11:27 docker-compose.notary.yml
14-rw-r--r-- 1 root root      5608 Sep 12 11:27 docker-compose.yml
15drwxr-xr-x 2 root root        35 Feb 20 22:44 goharbor
16-rw-r--r-- 1 root root      8016 Feb 20 23:11 harbor.cfg
17-rw-r--r-- 1 root root 600483180 Sep 12 11:28 harbor.v1.7.6.tar.gz
18-rw-r--r-- 1 root root      5880 Feb 20 22:39 harbor.yml
19drwxr-xr-x 2 root root        24 Feb 20 22:44 input
20-rwxr-xr-x 1 root root      5739 Sep 12 11:27 install.sh
21-rw-r--r-- 1 root root     11347 Sep 12 11:27 LICENSE
22-rw-r--r-- 1 root root   1263409 Sep 12 11:27 open_source_license
23-rwxr-xr-x 1 root root     36337 Sep 12 11:27 prepare
24
25[root@docker-server-node1 harbor]# ./prepare
26......
27
28[root@docker-server-node1 harbor]# ./install.sh
29......

从 Harbor 部署好的样子:

5.3 在主 Harbor 默认的 library 参考添加复制规则

从 harbor 的 library 仓库,与主 harbor 仓库名称 library 一致。当然, 也可以创建新的仓库,主从的仓库名保持一致即可。

在主 Harbor Server2:192.168.100.19 的仓库管理添加从 Harbor 作为目标:

在主 Harbor Server2:192.168.100.19 的 library 添加复制规则:

5.4 查看主 harbor 同步情况

5.5 从 harbor 查看镜像

5.6 在从 harbor 仓库下载镜像使用

从 Harbor 上将同步的 alpine 镜像 pull 下来测试

 1[root@docker-server-node1 ~]# docker pull 192.168.100.10/library/alpine:latest
 2latest: Pulling from library/alpine
 3c9b1b535fdd9: Already exists
 4Digest: sha256:ddba4d27a7ffc3f86dd6c2f92041af252a1f23a8e742c90e6e1297bfa1bc0c45
 5Status: Downloaded newer image for 192.168.100.10/library/alpine:latest
 6192.168.100.10/library/alpine:latest
 7
 8[root@docker-server-node1 ~]# docker images | grep alpine
 9192.168.100.10/library/alpine                  latest              e7d92cdc71fe        5 weeks ago         5.59MB
10...
11
12[root@docker-server-node1 ~]# docker run -it --rm 192.168.100.10/library/alpine:latest sh
13/ # cat /etc/issue
14Welcome to Alpine Linux 3.11
15Kernel \r on an \m (\l)
16
17/ #

六.实现 harbor 双向同步

在从 Harbor(192.168.100.10)创建复制规则,将上传到从 Harbor 的镜像同步到 主 Harbor(192.168.100.19),两边都在 library 仓库创建复制规则。

6.1 在 docker 客户端导入 centos 基础镜像

在从 Harbor 的 docker 导入 centos 镜像,用于同步准备

1[root@docker-server-node1 ~]# docker load -i /opt/centos-latest-image.tar.gz
20683de282177: Loading layer [==================================================>]  244.9MB/244.9MB
3Loaded image: centos:latest
4[root@docker-server-node1 ~]# docker images
5REPOSITORY                                     TAG                 IMAGE ID            CREATED             SIZE
6centos                                         latest              470671670cac        5 weeks ago         237MB
7...
8

6.2 贴 tag

1[root@docker-server-node1 ~]# docker tag centos:latest 192.168.100.10/library/centos:latest
2
3[root@docker-server-node1 ~]# docker images | grep centos
4192.168.100.10/library/centos                  latest              470671670cac        5 weeks ago         237MB
5centos                                         latest              470671670cac        5 weeks ago         237MB
6

6.3 上传到从 harbor

1[root@docker-server-node1 ~]# docker push 192.168.100.10/library/centos:latest
2The push refers to repository [192.168.100.10/library/centos]
30683de282177: Pushed
4latest: digest: sha256:9e0c275e0bcb495773b10a18e499985d782810e47b4fce076422acb4bc3da3dd size: 529

6.4 到从 harbor 确认

6.5 在从 harbor 创建同步规则

规则方式与主 harbor 相同,写对方的 IP+用户名密码,然后点测试连接,确认可 以测试连接通过。

同样,创建规则时的目标要到仓库管理项去配置:新建目标

6.6 到主 harbor 确认

6.7 docker 端测试

 1[root@docker-server-node2 harbor]# docker images | grep centos
 2[root@docker-server-node2 harbor]# docker pull 192.168.100.19/library/centos:latest
 3latest: Pulling from library/centos
 48a29a15cefae: Pull complete
 5Digest: sha256:9e0c275e0bcb495773b10a18e499985d782810e47b4fce076422acb4bc3da3dd
 6Status: Downloaded newer image for 192.168.100.19/library/centos:latest
 7192.168.100.19/library/centos:latest
 8[root@docker-server-node2 harbor]# docker run --rm -it 192.168.100.19/library/centos:latest bash
 9[root@63e4aa284f50 /]# cat /etc/issue
10\S
11Kernel \r on an \m
12
13

6.8 harbor https 配置

 1# openssl genrsa -out /usr/local/src/harbor/certs/harbor-ca.key 2048
 2# openssl req -x509 -new -nodes -key /usr/local/src/harbor/certs/harbor-ca.key  -subj "/CN=harbor.suosuoli.local -days 7120 -out /usr/local/src/harbor/certs/harbor-ca.crt
 3
 4# vim harbor.cfg
 5  hostname = harbor.suosuoli.local
 6  ui_url_protocol = https
 7  ssl_cert = /usr/local/src/harbor/certs/harbor-ca.crt
 8ssl_cert_key = /usr/local/src/harbor/certs/harbor-ca.key
 9harbor_admin_password = stevenux
10## ./install.sh
11# yum install docker-ce-18.06.3.ce-3.el7.x86_64.rpm
12# yum install docker-compose
13# mkdir /etc/docker/certs.d/harbor.suosuoli.local -p
14# cp certs/harbor-ca.crt  /etc/docker/certs.d/harbor.suosuli.local/
15# docker login harbor.suosuoli.local

Docker镜像构建和使用
K8s集群部署