04走进云计算-Docker私有仓库harbor

Harbor私有仓库介绍

Harbor 是为企业用户设计的容器镜像仓库开源项目,包括了权限管理(RBAC)、LDAP、审计、安全漏洞扫描、镜像验真、管理界面、自我注册、HA 等企业必需的功能,同时针对中国用户的特点,设计镜像复制和中文支持等功能。

官网:TP

Harbor安装部署

# 1.安装docker-compose
[root@db01 ~]# yum install -y docker-compose

# 2.检查是否安装成功
[root@db01 ~]# docker-compose version
docker-compose version 1.18.0, build 8dd22a9
docker-py version: 2.6.1
CPython version: 3.6.8
OpenSSL version: OpenSSL 1.0.2k-fips  26 Jan 2017

# 3.下载harbor安装包
wget https://github.com/goharbor/harbor/releases/download/v2.3.4/harbor-offline-installer-v2.3.4.tgz

# 4.解压
[root@db01 ~]# tar xf harbor-offline-installer-v1.9.0-rc1.tgz

# 5.修改配置文件
[root@db01 harbor]# vim /root/harbor/harbor.yml 
hostname: 10.0.0.51
harbor_admin_password: 123

# 6.安装harbor
[root@db01 harbor]# ./install.sh

没安装之前的配置文件

file

可能遇到的报错:磁盘空间不足

file

打开电饭煲访问:http://10.0.0.51/

file

排错思路

# 查看容器是否都起来了
[root@docker harbor]# docker ps
[root@docker harbor]# docker ps -q|wc -l
10

# 查看指定容器的报错
[root@docker harbor]# docker log -f [容器名]

# 用本机 curl 网页是否ping的通

# 查看防火墙、selinux、端口转发是否正常
[root@docker harbor]# echo "1" > /proc/sys/net/ipv4/ip_forward

Harbor的使用

# harbor的启停
[root@db01 harbor]# docker-compose stop
[root@db01 harbor]# docker-compose start
[root@db01 harbor]# docker-compose restart
# 后台启动容器
[root@db01 harbor]# docker-compose up -d

# 上传镜像到harbor
需要修改镜像名称
命名规则:
harbor地址/项目名称/镜像名称:标签
10.0.0.51/rowey/centos7:7

# docker修改镜像名称
[root@db01 harbor]# docker tag centos:7 centos7:v1

[root@db01 harbor]# docker tag centos:7 10.0.0.51/guanwang/centos7:v2

# 修改docker配置文件
{
  "bip": "192.168.200.1/24",
  "registry-mirrors": ["https://pgz00k39.mirror.aliyuncs.com"],
  "insecure-registries": ["http://10.0.0.51"]
}
[root@db01 harbor]# systemctl restart docker

# 重启可能导致容器关闭
[root@db01 harbor]# docker-compose restart

# 登录harbor
[root@db01 harbor]# docker login 10.0.0.51
Username: admin
Password: 
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

# 推送镜像
[root@db01 harbor]# docker push 10.0.0.51/guanwang/centos7:v2

file

file

file

Harbor拉镜像

需要做以下操作

# 1.修改配置文件
[root@db02 ~]# vim /etc/docker/daemon.json
{
  "registry-mirrors": ["https://pgz00k39.mirror.aliyuncs.com"],
  "insecure-registries": ["http://10.0.0.51"]
}

# 2.重启docker
[root@db02 ~]# systemctl restart docker

# 3.认证
[root@db02 ~]# docker login 10.0.0.51
Username: admin
Password: 
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

# 4.拉取镜像
[root@db02 ~]# docker pull 10.0.0.51/guanwang/centos7:v2
v2: Pulling from guanwang/centos7
Digest: sha256:dead07b4d8ed7e29e98de0f4504d87e8880d4347859d839686a31da35a3b532f
Status: Downloaded newer image for 10.0.0.51/guanwang/centos7:v2
10.0.0.51/guanwang/centos7:v2

自制镜像推送到Harbor

# 1.修改MySQL镜像名称
[root@db01 ~]# docker tag mysql:5.7 10.0.0.51/guanwang/mysql57:v1

# 2.推送镜像到 Harbor
[root@db01 ~]# docker push 10.0.0.51/guanwang/mysql57:v1

# 3.编写dockerfile
FROM centos:7
ADD php.tgz /opt
RUN rm -fr /etc/yum.repos.d/* \
    && curl -o /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo \
    && curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo \
    && sed -i '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo \
    && sed -i '/mirrors.cloud.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo \
    && yum install -y nginx \
    && yum localinstall -y /opt/*.rpm \
    && sed -i 's#user = apache#user = nginx#g' /etc/php-fpm.d/www.conf \
    && sed -i 's#group = apache#group = nginx#g' /etc/php-fpm.d/www.conf \
    && mkdir /code
COPY nginx.conf /etc/nginx/nginx.conf
COPY start.sh /start.sh
ADD latest.tar.gz /code/
RUN chown -R nginx.nginx /code \
    && rm -fr /opt/* \
    && yum clean all
EXPOSE 80
EXPOSE 9000
CMD ["/bin/sh","/start.sh"]

准备配置文件的列表

[root@db01  Dockerfile]# ll
total 34612
-rw-r--r-- 1 root root      855 Aug 15 17:57 Dockerfile
-rw-r--r-- 1 root root 15750424 May 13  2021 latest.tar.gz
-rw-r--r-- 1 root root     1127 Aug 15 17:44 nginx.conf
-rw-r--r-- 1 root root 19674604 Jun 12 19:55 php.tgz
-rw-r--r-- 1 root root      101 Aug 15 17:59 start.sh

[root@db01  Dockerfile]# cat nginx.conf
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 4096;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    include /etc/nginx/conf.d/*.conf;
    server {
        listen 80;
        server_name _;
        root /code/wordpress;
        index index.php index.html;

        location ~ \.php$ {
            root /code/wordpress;
            fastcgi_pass   127.0.0.1:9000;
            fastcgi_index  index.php;
            fastcgi_param  SCRIPT_FILENAME $document_root$fastcgi_script_name;
            include fastcgi_params;
        }
    }
}

[root@db01  Dockerfile]# cat start.sh 
#!/bin/bash

/usr/sbin/php-fpm --nodaemonize --fpm-config /etc/php-fpm.conf &
nginx -g "deamon off;"

file

# 自动构建镜像
[root@db01 Dockerfile]# docker build -t nginx_php:v1 .

[root@db01 Dockerfile]# docker build -t 10.0.0.51/guanwang/nginx_php:v1 .

## 改名
[root@db01 Dockerfile]# docker tag nginx_php:v1 10.0.0.51/guanwang/nginx_php:v1
[root@db01 Dockerfile]# docker push 10.0.0.51/guanwang/nginx_php:v1

### 部署项目

## 创建MySQL的数据目录
[root@db02 ~]# mkdir /data/mysql/data -p

## 启动MySQL
docker run \
--name wordpress-mysql57 \
-p 3306:3306 \
-v /data/mysql/data:/var/lib/mysql \
-e MYSQL_ROOT_PASSWORD=123 \
-e MYSQL_DATABASE=wordpress \
-e MYSQL_USER=wordpress \
-e MYSQL_PASSWORD=wordpress \
-d 192.168.3.250/guanwang/mysql57:v6 \
--character-set-server=utf8 \
--collation-server=utf8_general_ci

docker run \
--name wordpress-nginx-php \
--link wordpress-mysql57 \
-p 80:80 \
-d 192.168.3.250/guanwang/nginx_php:v6

file


山林不向四季起誓 荣枯随缘