【Docker】Harbor 分布式仓库管理
一、Harbor 介绍
Harbor 是 VMware 公司开源的企业级 Docker Registry 项目,其目标是帮助用户迅速搭建一个企业级的 Docker Registry (私有仓库)服务。
Harbor以 Docker 公司开源的 Registry 为基础,提供了图形管理 UI 、基于角色的访问控制(Role Based AccessControl) 、AD/LDAP 集成、以及审计日志(Auditlogging) 等企业用户需求的功能,同时还原生支持中文。
Harbor 的每个组件都是以 Docker 容器的形式构建的,使用 docker-compose 来对它进行部署。用于部署 Harbor 的 docker-compose 模板位于 harbor/docker-compose.yml
Harbor的特性
- 基于角色控制:用户和仓库都是基于项目进行组织的,而用户在项目中可以拥有不同的权限。
- 基于镜像的复制策略:镜像可以在多个Harbor实例之间进行复制(同步)。
- 支持 LDAP/AD:Harbor 可以集成企业内部已有的 AD/LDAP(类似数据库的一张表),用于对已经存在的用户认证和管理。
- 镜像删除和垃圾回收:镜像可以被删除,也可以回收镜像占用的空间。
- 图形化用户界面:用户可以通过浏览器来浏览,搜索镜像仓库以及对项目进行管理。
- 审计管理:所有针对镜像仓库的操作都可以被记录追溯,用于审计管理。
- 支持 RESTful API:RESTful API 提供给管理员对于 Harbor 更多的操控, 使得与其它管理软件集成变得更容易。
- Harbor和docker registry的关系:Harbor实质上是对docker registry做了封装,扩展了自己的业务模板。
Harbor官方项目:https://github.com/goharbor
Harbor官方网站:https://goharbor.io/
Harbor官方文档:https://goharbor.io/docs/2.8.0/
二、Harbor 架构
如上图所示是 Harbor 2.0 的架构图,从上到下可分为代理层、功能层和数据层。
- 代理层:代理层实质上是一个 Nginx 反向代理,负责接收不同类型的客户端请求,包括浏览器、用户脚本、Docker 等,并根据请求类型和 URI 转发给不同的后端服务进行处理。
- 功能层:
- Portal:是一个基于 Argular 的前端应用,提供 Harbor 用户访问的界面。
- Core:是 Harbor 中的核心组件,封装了 Harbor 绝大部分的业务逻辑。
- JobService:异步任务组件,负责 Harbor 中很多比较耗时的功能,比如 Artifact 复制、扫描、垃圾回收等。
- Docker Distribution:Harbor 通过 Distribution 实现 Artifact 的读写和存取等功能。
- RegistryCtl:Docker Distribution 的控制组件。
- Notary(可选):基于 TUF 提供镜像签名管理的功能。
- 扫描工具(可选):镜像的漏洞检测工具。
- ChartMuseum(可选):提供 API 管理非 OCI 规范的 Helm Chart,随着兼容 OCI 规范的 Helm Chart 在社区上被更广泛地接受,Helm Chart 能以 Artifact 的形式在 Harbor 中存储和管理,不再依赖 ChartMuseum,因此 Harbor 可能会在后续版本中移除对 ChartMuseum 的支持。
- 数据层:
- Redis:主要作为缓存服务存储一些生命周期较短的数据,同时对于 JobService 还提供了类似队列的功能。
- PostgreSQL:存储 Harbor 的应用数据,比如项目信息、用户与项目的关系、管理策略、配置信息、Artifact 的元数据等等。
- Artifact 存储:存储 Artifact 本身的内容,也就是每次推送镜像、Helm Chart 或其他 Artifact 时,数据最终存储的地方。默认情况下,Harbor 会把 Artifact 写入本地文件系统中。用户也可以修改配置,将 Artifact 存储在外部存储中,例如亚马逊的对象存储 S3、谷歌云存储 GCS、阿里云的对象存储 OSS 等等。
三、Harbor 安装与配置
Harbor安装需要确保满足资源要求,磁盘必须大于40G,否则安装过程中会提示空间不足
1、安装Docker
[root@Harbor-Ubu1804-9:~]# cat docker_install_ubu1804_online.sh #!/bin/bash # #******************************************************************** #Author: janzen #Date: 2023-05-04 #FileName: docker_install_ubu1804_apt.sh #Description: The test script #Copyright (C): 2023 All rights reserved #******************************************************************** COLOR="echo -e \\033[1;31m" END="\033[m" DOCKER_VERSION="5:19.03.15~3-0~ubuntu-bionic" install_docker(){ $COLOR"准备安装 Docker......"$END sleep 10 apt update &> /dev/null apt install -y ca-certificates curl gnupg && \ install -m 0755 -d /etc/apt/keyrings && \ curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg && \ chmod a+r /etc/apt/keyrings/docker.gpg && \ echo \ "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \ "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | \ tee /etc/apt/sources.list.d/docker.list > /dev/null apt update $COLOR"Docker 可安装版本:"$END apt-cache madison docker-ce | awk '{ print $3 }' $COLOR"10 秒后即将安装:Docker-"$DOCKER_VERSION"版本"$END $COLOR"安装其他版本情使用 Ctrl+C 退出,重新选择版本"$END sleep 10 apt install -y docker-ce=$DOCKER_VERSION docker-ce-cli=$DOCKER_VERSION mkdir -p /etc/docker tee /etc/docker/daemon.json << 'EOF' { "registry-mirrors": ["https://hub-mirror.c.163.com","https://po3g231a.mirror.aliyuncs.com","https://docker.mirrors.ustc.edu.cn"] } EOF systemctl daemon-reload systemctl enable --now docker docker --version && $COLOR"Docker-"$DOCKER_VERSION"安装成功"$END || $COLOR"Docker-"$DOCKER_VERSION"安装失败"$END } dpkg -s docker-ce &> /dev/null && { $COLOR"Docker 已安装,程序退出"$END;exit; } || install_docker
[root@Harbor-Ubu1804-9:~]# bash docker_install_ubu1804_online.sh 准备安装 Docker...... Reading package lists... Done Building dependency tree Reading state information... Done ca-certificates is already the newest version (20211016ubuntu0.18.04.1). ca-certificates set to manually installed. curl is already the newest version (7.58.0-2ubuntu3.24). curl set to manually installed. The following additional packages will be installed: dirmngr gnupg-l10n gnupg-utils gpg gpg-agent gpg-wks-client gpg-wks-server gpgconf gpgsm gpgv Suggested packages: dbus-user-session pinentry-gnome3 tor parcimonie xloadimage scdaemon The following packages will be upgraded: dirmngr gnupg gnupg-l10n gnupg-utils gpg gpg-agent gpg-wks-client gpg-wks-server gpgconf gpgsm gpgv 11 upgraded, 0 newly installed, 0 to remove and 115 not upgraded. Need to get 0 B/2153 kB of archives. After this operation, 0 B of additional disk space will be used. (Reading database ... 108264 files and directories currently installed.) Preparing to unpack .../00-gpg-wks-client_2.2.4-1ubuntu1.6_amd64.deb ... Unpacking gpg-wks-client (2.2.4-1ubuntu1.6) over (2.2.4-1ubuntu1.3) ... Preparing to unpack .../01-dirmngr_2.2.4-1ubuntu1.6_amd64.deb ... Unpacking dirmngr (2.2.4-1ubuntu1.6) over (2.2.4-1ubuntu1.3) ... Preparing to unpack .../02-gpg_2.2.4-1ubuntu1.6_amd64.deb ... Unpacking gpg (2.2.4-1ubuntu1.6) over (2.2.4-1ubuntu1.3) ... Preparing to unpack .../03-gnupg-utils_2.2.4-1ubuntu1.6_amd64.deb ... Unpacking gnupg-utils (2.2.4-1ubuntu1.6) over (2.2.4-1ubuntu1.3) ... Preparing to unpack .../04-gnupg-l10n_2.2.4-1ubuntu1.6_all.deb ... Unpacking gnupg-l10n (2.2.4-1ubuntu1.6) over (2.2.4-1ubuntu1.3) ... Preparing to unpack .../05-gpg-agent_2.2.4-1ubuntu1.6_amd64.deb ... Unpacking gpg-agent (2.2.4-1ubuntu1.6) over (2.2.4-1ubuntu1.3) ... Preparing to unpack .../06-gpgsm_2.2.4-1ubuntu1.6_amd64.deb ... Unpacking gpgsm (2.2.4-1ubuntu1.6) over (2.2.4-1ubuntu1.3) ... Preparing to unpack .../07-gpgconf_2.2.4-1ubuntu1.6_amd64.deb ... Unpacking gpgconf (2.2.4-1ubuntu1.6) over (2.2.4-1ubuntu1.3) ... Preparing to unpack .../08-gnupg_2.2.4-1ubuntu1.6_amd64.deb ... Unpacking gnupg (2.2.4-1ubuntu1.6) over (2.2.4-1ubuntu1.3) ... Preparing to unpack .../09-gpg-wks-server_2.2.4-1ubuntu1.6_amd64.deb ... Unpacking gpg-wks-server (2.2.4-1ubuntu1.6) over (2.2.4-1ubuntu1.3) ... Preparing to unpack .../10-gpgv_2.2.4-1ubuntu1.6_amd64.deb ... Unpacking gpgv (2.2.4-1ubuntu1.6) over (2.2.4-1ubuntu1.3) ... Setting up gpgv (2.2.4-1ubuntu1.6) ... Setting up gpgconf (2.2.4-1ubuntu1.6) ... Setting up gpg-agent (2.2.4-1ubuntu1.6) ... Setting up gnupg-l10n (2.2.4-1ubuntu1.6) ... Setting up gpgsm (2.2.4-1ubuntu1.6) ... Setting up gnupg-utils (2.2.4-1ubuntu1.6) ... Setting up dirmngr (2.2.4-1ubuntu1.6) ... Setting up gpg (2.2.4-1ubuntu1.6) ... Setting up gpg-wks-server (2.2.4-1ubuntu1.6) ... Setting up gpg-wks-client (2.2.4-1ubuntu1.6) ... Setting up gnupg (2.2.4-1ubuntu1.6) ... Processing triggers for install-info (6.5.0.dfsg.1-2) ... Processing triggers for man-db (2.8.3-2ubuntu0.1) ... Hit:1 http://cn.archive.ubuntu.com/ubuntu bionic InRelease Hit:2 http://cn.archive.ubuntu.com/ubuntu bionic-updates InRelease Get:3 https://download.docker.com/linux/ubuntu bionic InRelease [64.4 kB] Hit:4 http://cn.archive.ubuntu.com/ubuntu bionic-backports InRelease Hit:5 http://cn.archive.ubuntu.com/ubuntu bionic-security InRelease Get:6 https://download.docker.com/linux/ubuntu bionic/stable amd64 Packages [36.6 kB] Fetched 101 kB in 1s (70.1 kB/s) Reading package lists... Done Building dependency tree Reading state information... Done 115 packages can be upgraded. Run 'apt list --upgradable' to see them. Docker 可安装版本: 5:23.0.5-1~ubuntu.18.04~bionic 5:23.0.4-1~ubuntu.18.04~bionic 5:23.0.3-1~ubuntu.18.04~bionic 5:23.0.2-1~ubuntu.18.04~bionic 5:23.0.1-1~ubuntu.18.04~bionic 5:23.0.0-1~ubuntu.18.04~bionic 5:20.10.24~3-0~ubuntu-bionic 5:20.10.23~3-0~ubuntu-bionic 5:20.10.22~3-0~ubuntu-bionic 5:20.10.21~3-0~ubuntu-bionic 5:20.10.20~3-0~ubuntu-bionic 5:20.10.19~3-0~ubuntu-bionic 5:20.10.18~3-0~ubuntu-bionic 5:20.10.17~3-0~ubuntu-bionic 5:20.10.16~3-0~ubuntu-bionic 5:20.10.15~3-0~ubuntu-bionic 5:20.10.14~3-0~ubuntu-bionic 5:20.10.13~3-0~ubuntu-bionic 5:20.10.12~3-0~ubuntu-bionic 5:20.10.11~3-0~ubuntu-bionic 5:20.10.10~3-0~ubuntu-bionic 5:20.10.9~3-0~ubuntu-bionic 5:20.10.8~3-0~ubuntu-bionic 5:20.10.7~3-0~ubuntu-bionic 5:20.10.6~3-0~ubuntu-bionic 5:20.10.5~3-0~ubuntu-bionic 5:20.10.4~3-0~ubuntu-bionic 5:20.10.3~3-0~ubuntu-bionic 5:20.10.2~3-0~ubuntu-bionic 5:20.10.1~3-0~ubuntu-bionic 5:20.10.0~3-0~ubuntu-bionic 5:19.03.15~3-0~ubuntu-bionic 5:19.03.14~3-0~ubuntu-bionic 5:19.03.13~3-0~ubuntu-bionic 5:19.03.12~3-0~ubuntu-bionic 5:19.03.11~3-0~ubuntu-bionic 5:19.03.10~3-0~ubuntu-bionic 5:19.03.9~3-0~ubuntu-bionic 5:19.03.8~3-0~ubuntu-bionic 5:19.03.7~3-0~ubuntu-bionic 5:19.03.6~3-0~ubuntu-bionic 5:19.03.5~3-0~ubuntu-bionic 5:19.03.4~3-0~ubuntu-bionic 5:19.03.3~3-0~ubuntu-bionic 5:19.03.2~3-0~ubuntu-bionic 5:19.03.1~3-0~ubuntu-bionic 5:19.03.0~3-0~ubuntu-bionic 5:18.09.9~3-0~ubuntu-bionic 5:18.09.8~3-0~ubuntu-bionic 5:18.09.7~3-0~ubuntu-bionic 5:18.09.6~3-0~ubuntu-bionic 5:18.09.5~3-0~ubuntu-bionic 5:18.09.4~3-0~ubuntu-bionic 5:18.09.3~3-0~ubuntu-bionic 5:18.09.2~3-0~ubuntu-bionic 5:18.09.1~3-0~ubuntu-bionic 5:18.09.0~3-0~ubuntu-bionic 18.06.3~ce~3-0~ubuntu 18.06.2~ce~3-0~ubuntu 18.06.1~ce~3-0~ubuntu 18.06.0~ce~3-0~ubuntu 18.03.1~ce~3-0~ubuntu 10 秒后即将安装:Docker-5:19.03.15~3-0~ubuntu-bionic版本 安装其他版本情使用 Ctrl+C 退出,重新选择版本 Reading package lists... Done Building dependency tree Reading state information... Done The following additional packages will be installed: aufs-tools cgroupfs-mount containerd.io libltdl7 pigz The following NEW packages will be installed: aufs-tools cgroupfs-mount containerd.io docker-ce docker-ce-cli libltdl7 pigz 0 upgraded, 7 newly installed, 0 to remove and 115 not upgraded. Need to get 95.5 MB of archives. After this operation, 414 MB of additional disk space will be used. Get:1 http://cn.archive.ubuntu.com/ubuntu bionic/universe amd64 pigz amd64 2.4-1 [57.4 kB] Get:2 https://download.docker.com/linux/ubuntu bionic/stable amd64 containerd.io amd64 1.6.20-1 [28.3 MB] Get:3 http://cn.archive.ubuntu.com/ubuntu bionic/universe amd64 aufs-tools amd64 1:4.9+20170918-1ubuntu1 [104 kB] Get:4 http://cn.archive.ubuntu.com/ubuntu bionic/universe amd64 cgroupfs-mount all 1.4 [6320 B] Get:5 http://cn.archive.ubuntu.com/ubuntu bionic/main amd64 libltdl7 amd64 2.4.6-2 [38.8 kB] Get:6 https://download.docker.com/linux/ubuntu bionic/stable amd64 docker-ce-cli amd64 5:19.03.15~3-0~ubuntu-bionic [44.2 MB] Get:7 https://download.docker.com/linux/ubuntu bionic/stable amd64 docker-ce amd64 5:19.03.15~3-0~ubuntu-bionic [22.8 MB] Fetched 95.5 MB in 19s (5086 kB/s) Selecting previously unselected package pigz. (Reading database ... 108264 files and directories currently installed.) Preparing to unpack .../0-pigz_2.4-1_amd64.deb ... Unpacking pigz (2.4-1) ... Selecting previously unselected package aufs-tools. Preparing to unpack .../1-aufs-tools_1%3a4.9+20170918-1ubuntu1_amd64.deb ... Unpacking aufs-tools (1:4.9+20170918-1ubuntu1) ... Selecting previously unselected package cgroupfs-mount. Preparing to unpack .../2-cgroupfs-mount_1.4_all.deb ... Unpacking cgroupfs-mount (1.4) ... Selecting previously unselected package containerd.io. Preparing to unpack .../3-containerd.io_1.6.20-1_amd64.deb ... Unpacking containerd.io (1.6.20-1) ... Selecting previously unselected package docker-ce-cli. Preparing to unpack .../4-docker-ce-cli_5%3a19.03.15~3-0~ubuntu-bionic_amd64.deb ... Unpacking docker-ce-cli (5:19.03.15~3-0~ubuntu-bionic) ... Selecting previously unselected package docker-ce. Preparing to unpack .../5-docker-ce_5%3a19.03.15~3-0~ubuntu-bionic_amd64.deb ... Unpacking docker-ce (5:19.03.15~3-0~ubuntu-bionic) ... Selecting previously unselected package libltdl7:amd64. Preparing to unpack .../6-libltdl7_2.4.6-2_amd64.deb ... Unpacking libltdl7:amd64 (2.4.6-2) ... Setting up aufs-tools (1:4.9+20170918-1ubuntu1) ... Setting up containerd.io (1.6.20-1) ... Created symlink /etc/systemd/system/multi-user.target.wants/containerd.service → /lib/systemd/system/containerd.service. Setting up cgroupfs-mount (1.4) ... Setting up libltdl7:amd64 (2.4.6-2) ... Setting up docker-ce-cli (5:19.03.15~3-0~ubuntu-bionic) ... Setting up pigz (2.4-1) ... Setting up docker-ce (5:19.03.15~3-0~ubuntu-bionic) ... Created symlink /etc/systemd/system/multi-user.target.wants/docker.service → /lib/systemd/system/docker.service. Created symlink /etc/systemd/system/sockets.target.wants/docker.socket → /lib/systemd/system/docker.socket. Processing triggers for libc-bin (2.27-3ubuntu1.5) ... Processing triggers for systemd (237-3ubuntu10.50) ... Processing triggers for man-db (2.8.3-2ubuntu0.1) ... Processing triggers for ureadahead (0.100.0-21) ... { "registry-mirrors": ["https://hub-mirror.c.163.com","https://po3g231a.mirror.aliyuncs.com","https://docker.mirrors.ustc.edu.cn"] } Synchronizing state of docker.service with SysV service script with /lib/systemd/systemd-sysv-install. Executing: /lib/systemd/systemd-sysv-install enable docker Docker version 19.03.15, build 99e3ed8919 Docker-5:19.03.15~3-0~ubuntu-bionic安装成功
2、安装 docker-compose
Harbor是使用docker-compose进行部署,必须先安装 docke-compose
2.1、通过pip安装,版本较新推荐使用
#apt安装python3-pip [root@Harbor-Ubu1804-9:~]# apt install -y python3-pip Reading package lists... Done Building dependency tree Reading state information... Done The following additional packages will be installed: dh-python libexpat1-dev libpython3-dev libpython3.6 libpython3.6-dev libpython3.6-minimal libpython3.6-stdlib python-pip-whl python3-crypto python3-dev python3-distutils python3-keyring python3-keyrings.alt python3-lib2to3 python3-secretstorage python3-setuptools python3-wheel python3-xdg python3.6 python3.6-dev python3.6-minimal Suggested packages: python-crypto-doc gnome-keyring libkf5wallet-bin gir1.2-gnomekeyring-1.0 python-secretstorage-doc python-setuptools-doc python3.6-venv python3.6-doc binfmt-support The following NEW packages will be installed: dh-python libexpat1-dev libpython3-dev libpython3.6-dev python-pip-whl python3-crypto python3-dev python3-distutils python3-keyring python3-keyrings.alt python3-lib2to3 python3-pip python3-secretstorage python3-setuptools python3-wheel python3-xdg python3.6-dev The following packages will be upgraded: libpython3.6 libpython3.6-minimal libpython3.6-stdlib python3.6 python3.6-minimal 5 upgraded, 17 newly installed, 0 to remove and 112 not upgraded. Need to get 48.2 MB/53.7 MB of archives. After this operation, 87.3 MB of additional disk space will be used. Get:1 http://cn.archive.ubuntu.com/ubuntu bionic-updates/main amd64 python3-lib2to3 all 3.6.9-1~18.04 [77.4 kB] Get:2 http://cn.archive.ubuntu.com/ubuntu bionic-updates/main amd64 python3-distutils all 3.6.9-1~18.04 [144 kB] Get:3 http://cn.archive.ubuntu.com/ubuntu bionic/main amd64 dh-python all 3.20180325ubuntu2 [89.2 kB] Get:4 http://cn.archive.ubuntu.com/ubuntu bionic-updates/main amd64 libexpat1-dev amd64 2.2.5-3ubuntu0.9 [124 kB] Get:5 http://cn.archive.ubuntu.com/ubuntu bionic-updates/main amd64 libpython3.6-dev amd64 3.6.9-1~18.04ubuntu1.12 [44.9 MB] Get:6 http://cn.archive.ubuntu.com/ubuntu bionic-updates/main amd64 libpython3-dev amd64 3.6.7-1~18.04 [7328 B] Get:7 http://cn.archive.ubuntu.com/ubuntu bionic-updates/universe amd64 python-pip-whl all 9.0.1-2.3~ubuntu1.18.04.8 [1653 kB] Get:8 http://cn.archive.ubuntu.com/ubuntu bionic/main amd64 python3-crypto amd64 2.6.1-8ubuntu2 [244 kB] Get:9 http://cn.archive.ubuntu.com/ubuntu bionic-updates/main amd64 python3.6-dev amd64 3.6.9-1~18.04ubuntu1.12 [511 kB] Get:10 http://cn.archive.ubuntu.com/ubuntu bionic-updates/main amd64 python3-dev amd64 3.6.7-1~18.04 [1288 B] Get:11 http://cn.archive.ubuntu.com/ubuntu bionic/main amd64 python3-secretstorage all 2.3.1-2 [12.1 kB] Get:12 http://cn.archive.ubuntu.com/ubuntu bionic/main amd64 python3-keyring all 10.6.0-1 [26.7 kB] Get:13 http://cn.archive.ubuntu.com/ubuntu bionic/main amd64 python3-keyrings.alt all 3.0-1 [16.6 kB] Get:14 http://cn.archive.ubuntu.com/ubuntu bionic-updates/universe amd64 python3-pip all 9.0.1-2.3~ubuntu1.18.04.8 [114 kB] Get:15 http://cn.archive.ubuntu.com/ubuntu bionic-updates/main amd64 python3-setuptools all 39.0.1-2ubuntu0.1 [248 kB] Get:16 http://cn.archive.ubuntu.com/ubuntu bionic-updates/universe amd64 python3-wheel all 0.30.0-0.2ubuntu0.1 [36.7 kB] Get:17 http://cn.archive.ubuntu.com/ubuntu bionic-updates/main amd64 python3-xdg all 0.25-4ubuntu1.1 [31.3 kB] Fetched 48.2 MB in 15s (3133 kB/s) (Reading database ... 108578 files and directories currently installed.) Preparing to unpack .../00-libpython3.6_3.6.9-1~18.04ubuntu1.12_amd64.deb ... Unpacking libpython3.6:amd64 (3.6.9-1~18.04ubuntu1.12) over (3.6.9-1~18.04ubuntu1.4) ... Preparing to unpack .../01-python3.6_3.6.9-1~18.04ubuntu1.12_amd64.deb ... Unpacking python3.6 (3.6.9-1~18.04ubuntu1.12) over (3.6.9-1~18.04ubuntu1.4) ... Preparing to unpack .../02-libpython3.6-stdlib_3.6.9-1~18.04ubuntu1.12_amd64.deb ... Unpacking libpython3.6-stdlib:amd64 (3.6.9-1~18.04ubuntu1.12) over (3.6.9-1~18.04ubuntu1.4) ... Preparing to unpack .../03-python3.6-minimal_3.6.9-1~18.04ubuntu1.12_amd64.deb ... Unpacking python3.6-minimal (3.6.9-1~18.04ubuntu1.12) over (3.6.9-1~18.04ubuntu1.4) ... Preparing to unpack .../04-libpython3.6-minimal_3.6.9-1~18.04ubuntu1.12_amd64.deb ... Unpacking libpython3.6-minimal:amd64 (3.6.9-1~18.04ubuntu1.12) over (3.6.9-1~18.04ubuntu1.4) ... Selecting previously unselected package python3-lib2to3. Preparing to unpack .../05-python3-lib2to3_3.6.9-1~18.04_all.deb ... Unpacking python3-lib2to3 (3.6.9-1~18.04) ... Selecting previously unselected package python3-distutils. Preparing to unpack .../06-python3-distutils_3.6.9-1~18.04_all.deb ... Unpacking python3-distutils (3.6.9-1~18.04) ... Selecting previously unselected package dh-python. Preparing to unpack .../07-dh-python_3.20180325ubuntu2_all.deb ... Unpacking dh-python (3.20180325ubuntu2) ... Selecting previously unselected package libexpat1-dev:amd64. Preparing to unpack .../08-libexpat1-dev_2.2.5-3ubuntu0.9_amd64.deb ... Unpacking libexpat1-dev:amd64 (2.2.5-3ubuntu0.9) ... Selecting previously unselected package libpython3.6-dev:amd64. Preparing to unpack .../09-libpython3.6-dev_3.6.9-1~18.04ubuntu1.12_amd64.deb ... Unpacking libpython3.6-dev:amd64 (3.6.9-1~18.04ubuntu1.12) ... Selecting previously unselected package libpython3-dev:amd64. Preparing to unpack .../10-libpython3-dev_3.6.7-1~18.04_amd64.deb ... Unpacking libpython3-dev:amd64 (3.6.7-1~18.04) ... Selecting previously unselected package python-pip-whl. Preparing to unpack .../11-python-pip-whl_9.0.1-2.3~ubuntu1.18.04.8_all.deb ... Unpacking python-pip-whl (9.0.1-2.3~ubuntu1.18.04.8) ... Selecting previously unselected package python3-crypto. Preparing to unpack .../12-python3-crypto_2.6.1-8ubuntu2_amd64.deb ... Unpacking python3-crypto (2.6.1-8ubuntu2) ... Selecting previously unselected package python3.6-dev. Preparing to unpack .../13-python3.6-dev_3.6.9-1~18.04ubuntu1.12_amd64.deb ... Unpacking python3.6-dev (3.6.9-1~18.04ubuntu1.12) ... Selecting previously unselected package python3-dev. Preparing to unpack .../14-python3-dev_3.6.7-1~18.04_amd64.deb ... Unpacking python3-dev (3.6.7-1~18.04) ... Selecting previously unselected package python3-secretstorage. Preparing to unpack .../15-python3-secretstorage_2.3.1-2_all.deb ... Unpacking python3-secretstorage (2.3.1-2) ... Selecting previously unselected package python3-keyring. Preparing to unpack .../16-python3-keyring_10.6.0-1_all.deb ... Unpacking python3-keyring (10.6.0-1) ... Selecting previously unselected package python3-keyrings.alt. Preparing to unpack .../17-python3-keyrings.alt_3.0-1_all.deb ... Unpacking python3-keyrings.alt (3.0-1) ... Selecting previously unselected package python3-pip. Preparing to unpack .../18-python3-pip_9.0.1-2.3~ubuntu1.18.04.8_all.deb ... Unpacking python3-pip (9.0.1-2.3~ubuntu1.18.04.8) ... Selecting previously unselected package python3-setuptools. Preparing to unpack .../19-python3-setuptools_39.0.1-2ubuntu0.1_all.deb ... Unpacking python3-setuptools (39.0.1-2ubuntu0.1) ... Selecting previously unselected package python3-wheel. Preparing to unpack .../20-python3-wheel_0.30.0-0.2ubuntu0.1_all.deb ... Unpacking python3-wheel (0.30.0-0.2ubuntu0.1) ... Selecting previously unselected package python3-xdg. Preparing to unpack .../21-python3-xdg_0.25-4ubuntu1.1_all.deb ... Unpacking python3-xdg (0.25-4ubuntu1.1) ... Setting up python-pip-whl (9.0.1-2.3~ubuntu1.18.04.8) ... Setting up python3-crypto (2.6.1-8ubuntu2) ... Setting up python3-xdg (0.25-4ubuntu1.1) ... Setting up python3-keyrings.alt (3.0-1) ... Setting up python3-wheel (0.30.0-0.2ubuntu0.1) ... Setting up libpython3.6-minimal:amd64 (3.6.9-1~18.04ubuntu1.12) ... Setting up libexpat1-dev:amd64 (2.2.5-3ubuntu0.9) ... Setting up python3-lib2to3 (3.6.9-1~18.04) ... Setting up python3-secretstorage (2.3.1-2) ... Setting up python3-distutils (3.6.9-1~18.04) ... Setting up libpython3.6-stdlib:amd64 (3.6.9-1~18.04ubuntu1.12) ... Setting up python3-keyring (10.6.0-1) ... Setting up python3.6-minimal (3.6.9-1~18.04ubuntu1.12) ... Setting up python3-pip (9.0.1-2.3~ubuntu1.18.04.8) ... Setting up python3-setuptools (39.0.1-2ubuntu0.1) ... Setting up dh-python (3.20180325ubuntu2) ... Setting up libpython3.6:amd64 (3.6.9-1~18.04ubuntu1.12) ... Setting up python3.6 (3.6.9-1~18.04ubuntu1.12) ... Setting up libpython3.6-dev:amd64 (3.6.9-1~18.04ubuntu1.12) ... Setting up python3.6-dev (3.6.9-1~18.04ubuntu1.12) ... Setting up libpython3-dev:amd64 (3.6.7-1~18.04) ... Setting up python3-dev (3.6.7-1~18.04) ... Processing triggers for man-db (2.8.3-2ubuntu0.1) ... Processing triggers for mime-support (3.60ubuntu1) ... Processing triggers for libc-bin (2.27-3ubuntu1.5) ... #升级pip3版本 [root@Harbor-Ubu1804-9:~]# python3 -m pip install --upgrade pip Collecting pip Downloading https://files.pythonhosted.org/packages/a4/6d/6463d49a933f547439d6b5b98b46af8742cc03ae83543e4d7688c2420f8b/pip-21.3.1-py3-none-any.whl (1.7MB) 100% |████████████████████████████████| 1.7MB 310kB/s Installing collected packages: pip Found existing installation: pip 9.0.1 Not uninstalling pip at /usr/lib/python3/dist-packages, outside environment /usr Successfully installed pip-21.3.1 #pip3安装docker-compose [root@Harbor-Ubu1804-9:~]# pip3 install docker-compose WARNING: pip is being invoked by an old script wrapper. This will fail in a future version of pip. Please see https://github.com/pypa/pip/issues/5599 for advice on fixing the underlying issue. To avoid this problem you can invoke Python with '-m pip' instead of running pip directly. Collecting docker-compose Using cached docker_compose-1.29.2-py2.py3-none-any.whl (114 kB) Requirement already satisfied: PyYAML<6,>=3.10 in /usr/lib/python3/dist-packages (from docker-compose) (3.12) Collecting cached-property<2,>=1.2.0 Using cached cached_property-1.5.2-py2.py3-none-any.whl (7.6 kB) Collecting texttable<2,>=0.9.0 Using cached texttable-1.6.7-py2.py3-none-any.whl (10 kB) Requirement already satisfied: jsonschema<4,>=2.5.1 in /usr/lib/python3/dist-packages (from docker-compose) (2.6.0) Collecting dockerpty<1,>=0.4.1 Using cached dockerpty-0.4.1.tar.gz (13 kB) Preparing metadata (setup.py) ... done Collecting python-dotenv<1,>=0.13.0 Using cached python_dotenv-0.20.0-py3-none-any.whl (17 kB) Collecting distro<2,>=1.5.0 Using cached distro-1.8.0-py3-none-any.whl (20 kB) Collecting websocket-client<1,>=0.32.0 Using cached websocket_client-0.59.0-py2.py3-none-any.whl (67 kB) Collecting docker[ssh]>=5 Using cached docker-5.0.3-py2.py3-none-any.whl (146 kB) Collecting docopt<1,>=0.6.1 Using cached docopt-0.6.2.tar.gz (25 kB) Preparing metadata (setup.py) ... done Collecting requests<3,>=2.20.0 Using cached requests-2.27.1-py2.py3-none-any.whl (63 kB) Collecting paramiko>=2.4.2 Using cached paramiko-3.1.0-py3-none-any.whl (211 kB) Requirement already satisfied: six>=1.3.0 in /usr/lib/python3/dist-packages (from dockerpty<1,>=0.4.1->docker-compose) (1.11.0) Requirement already satisfied: urllib3<1.27,>=1.21.1 in /usr/lib/python3/dist-packages (from requests<3,>=2.20.0->docker-compose) (1.22) Requirement already satisfied: idna<4,>=2.5 in /usr/lib/python3/dist-packages (from requests<3,>=2.20.0->docker-compose) (2.6) Collecting charset-normalizer~=2.0.0 Using cached charset_normalizer-2.0.12-py3-none-any.whl (39 kB) Requirement already satisfied: certifi>=2017.4.17 in /usr/lib/python3/dist-packages (from requests<3,>=2.20.0->docker-compose) (2018.1.18) Collecting cryptography>=3.3 Downloading cryptography-40.0.2-cp36-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (3.7 MB) |████████████████████████████████| 3.7 MB 5.6 MB/s Collecting pynacl>=1.5 Downloading PyNaCl-1.5.0-cp36-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_24_x86_64.whl (856 kB) |████████████████████████████████| 856 kB 6.8 MB/s Collecting bcrypt>=3.2 Downloading bcrypt-4.0.1-cp36-abi3-manylinux_2_24_x86_64.whl (593 kB) |████████████████████████████████| 593 kB 6.1 MB/s Collecting cffi>=1.12 Downloading cffi-1.15.1-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.whl (402 kB) |████████████████████████████████| 402 kB 6.7 MB/s Collecting pycparser Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB) |████████████████████████████████| 118 kB 6.7 MB/s Building wheels for collected packages: dockerpty, docopt Building wheel for dockerpty (setup.py) ... done Created wheel for dockerpty: filename=dockerpty-0.4.1-py3-none-any.whl size=15382 sha256=33b5b9afbc2c8997e84638ac0042225a216ec8bacbbef30e38f9e25daaa57119 Stored in directory: /root/.cache/pip/wheels/61/8f/e3/247046231ee138b48be905e4a748d570630e1f3ec24632b00b Building wheel for docopt (setup.py) ... done Created wheel for docopt: filename=docopt-0.6.2-py2.py3-none-any.whl size=19852 sha256=2292e4aab1e61506744fc93262cc4e8b861f4895e7850d1c20acbb0ef4e6f779 Stored in directory: /root/.cache/pip/wheels/3f/2a/fa/4d7a888e69774d5e6e855d190a8a51b357d77cc05eb1c097c9 Successfully built dockerpty docopt Installing collected packages: pycparser, charset-normalizer, cffi, websocket-client, requests, pynacl, cryptography, bcrypt, paramiko, docker, texttable, python-dotenv, docopt, dockerpty, distro, cached-property, docker-compose Attempting uninstall: requests Found existing installation: requests 2.18.4 Uninstalling requests-2.18.4: Successfully uninstalled requests-2.18.4 Attempting uninstall: cryptography Found existing installation: cryptography 2.1.4 Uninstalling cryptography-2.1.4: Successfully uninstalled cryptography-2.1.4 Successfully installed bcrypt-4.0.1 cached-property-1.5.2 cffi-1.15.1 charset-normalizer-2.0.12 cryptography-40.0.2 distro-1.8.0 docker-5.0.3 docker-compose-1.29.2 dockerpty-0.4.1 docopt-0.6.2 paramiko-3.1.0 pycparser-2.21 pynacl-1.5.0 python-dotenv-0.20.0 requests-2.27.1 texttable-1.6.7 websocket-client-0.59.0 WARNING: Running pip as the 'root' user can result in broken permissions and conflicting behaviour with the system package manager. It is recommended to use a virtual environment instead: https://pip.pypa.io/warnings/venv #查看docker-compose版本 [root@Harbor-Ubu1804-9:~]# docker-compose --version /usr/local/lib/python3.6/dist-packages/paramiko/transport.py:32: CryptographyDeprecationWarning: Python 3.6 is no longer supported by the Python core team. Therefore, support for it is deprecated in cryptography. The next release of cryptography will remove support for Python 3.6. from cryptography.hazmat.backends import default_backend docker-compose version 1.29.2, build unknown
2.2、直接从github下载安装对应版本
官方github地址:https://github.com/docker/compose/releases
[root@Harbor-Ubu1804-10:~]# curl -L https://github.com/docker/compose/releases/download/v2.17.3/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0 100 51.9M 100 51.9M 0 0 15242 0 0:59:33 0:59:33 --:--:-- 11665 [root@Harbor-Ubu1804-10:~]# chmod +x /usr/local/bin/docker-compose [root@Harbor-Ubu1804-10:~]# docker-compose --version Docker Compose version v2.17.3
2.3、apt直接安装,版本较低,不推荐
ed: sha256:eeb6ee3f44bd0b5103bb561b4c16bcb82328cfe5809ab675bb17ab3a16c517c9 Deleted: sha256:174f5685490326fc0a1c0f5570b8663732189b327007e47ff13d2ca59673db02 Error: No such image: 0bb6d36c85ca Error: No such image: b9d392225b3e Error: No such image: 7614ae9453d1 Error: No such image: feb5d9fea6a5 [root@Docker-Ubu1804-p11:~]# df -Th Filesystem Type Size Used Avail Use% Mounted on udev devtmpfs 447M 0 447M 0% /dev tmpfs tmpfs 96M 924K 96M 1% /run /dev/mapper/ubuntu--vg-ubuntu--lv ext4 8.8G 6.7G 1.7G 81% / tmpfs tmpfs 480M 0 480M 0% /dev/shm tmpfs tmpfs 5.0M 0 5.0M 0% /run/lock tmpfs tmpfs 480M 0 480M 0% /sys/fs/cgroup /dev/sda2 ext4 974M 152M 755M 17% /boot tmpfs tmpfs 96M 0 96M 0% /run/user/1000 [root@Docker-Ubu1804-p11:~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES [root@Docker-Ubu1804-p11:~]# [root@Docker-Ubu1804-p11:~]# apt install -y docker-compose Reading package lists... Done Building dependency tree Reading state information... Done The following additional packages will be installed: docker-ce docker-ce-cli golang-docker-credential-helpers libpython-stdlib libpython2.7-minimal libpython2.7-stdlib libsecret-1-0 libsecret-common python python-asn1crypto python-backports.ssl-match-hostname python-cached-property python-certifi python-cffi-backend python-chardet python-cryptography python-docker python-dockerpty python-dockerpycreds python-docopt python-enum34 python-funcsigs python-functools32 python-idna python-ipaddress python-jsonschema python-minimal python-mock python-openssl python-pbr python-pkg-resources python-requests python-six python-texttable python-urllib3 python-websocket python-yaml python2.7 python2.7-minimal Suggested packages: python-doc python-tk python-cryptography-doc python-cryptography-vectors python-enum34-doc python-funcsigs-doc python-mock-doc python-openssl-doc python-openssl-dbg python-setuptools python-socks python-ntlm python2.7-doc binfmt-support Recommended packages: docker-ce-rootless-extras docker-buildx-plugin docker-compose-plugin docker.io The following NEW packages will be installed: docker-compose golang-docker-credential-helpers libpython-stdlib libpython2.7-minimal libpython2.7-stdlib libsecret-1-0 libsecret-common python python-asn1crypto python-backports.ssl-match-hostname python-cached-property python-certifi python-cffi-backend python-chardet python-cryptography python-docker python-dockerpty python-dockerpycreds python-docopt python-enum34 python-funcsigs python-functools32 python-idna python-ipaddress python-jsonschema python-minimal python-mock python-openssl python-pbr python-pkg-resources python-requests python-six python-texttable python-urllib3 python-websocket python-yaml python2.7 python2.7-minimal The following packages will be upgraded: docker-ce docker-ce-cli 2 upgraded, 38 newly installed, 0 to remove and 61 not upgraded. Need to get 41.3 MB of archives. After this operation, 135 MB disk space will be freed. Get:1 http://cn.archive.ubuntu.com/ubuntu bionic-updates/main amd64 libpython2.7-minimal amd64 2.7.17-1~18.04ubuntu1.11 [335 kB] Get:2 https://download.docker.com/linux/ubuntu bionic/stable amd64 docker-ce-cli amd64 5:23.0.5-1~ubuntu.18.04~bionic [13.2 MB] Get:3 http://cn.archive.ubuntu.com/ubuntu bionic-updates/main amd64 python2.7-minimal amd64 2.7.17-1~18.04ubuntu1.11 [1294 kB] Get:4 http://cn.archive.ubuntu.com/ubuntu bionic/main amd64 python-minimal amd64 2.7.15~rc1-1 [28.1 kB] Get:5 http://cn.archive.ubuntu.com/ubuntu bionic-updates/main amd64 libpython2.7-stdlib amd64 2.7.17-1~18.04ubuntu1.11 [1919 kB] Get:6 https://download.docker.com/linux/ubuntu bionic/stable amd64 docker-ce amd64 5:23.0.5-1~ubuntu.18.04~bionic [22.0 MB] Get:7 http://cn.archive.ubuntu.com/ubuntu bionic-updates/main amd64 python2.7 amd64 2.7.17-1~18.04ubuntu1.11 [248 kB] Get:8 http://cn.archive.ubuntu.com/ubuntu bionic/main amd64 libpython-stdlib amd64 2.7.15~rc1-1 [7620 B] Get:9 http://cn.archive.ubuntu.com/ubuntu bionic/main amd64 python amd64 2.7.15~rc1-1 [140 kB] Get:10 http://cn.archive.ubuntu.com/ubuntu bionic/universe amd64 python-backports.ssl-match-hostname all 3.5.0.1-1 [7024 B] Get:11 http://cn.archive.ubuntu.com/ubuntu bionic-updates/main amd64 python-pkg-resources all 39.0.1-2ubuntu0.1 [128 kB] Get:12 http://cn.archive.ubuntu.com/ubuntu bionic/universe amd64 python-cached-property all 1.3.1-1 [7568 B] Get:13 http://cn.archive.ubuntu.com/ubuntu bionic/main amd64 python-six all 1.11.0-2 [11.3 kB] Get:14 http://cn.archive.ubuntu.com/ubuntu bionic/main amd64 libsecret-common all 0.18.6-1 [4452 B] Get:15 http://cn.archive.ubuntu.com/ubuntu bionic/main amd64 libsecret-1-0 amd64 0.18.6-1 [94.6 kB] Get:16 http://cn.archive.ubuntu.com/ubuntu bionic-updates/universe amd64 golang-docker-credential-helpers amd64 0.5.0-2ubuntu0.1 [477 kB] Get:17 http://cn.archive.ubuntu.com/ubuntu bionic/universe amd64 python-dockerpycreds all 0.2.1-1 [4138 B] Get:18 http://cn.archive.ubuntu.com/ubuntu bionic/main amd64 python-certifi all 2018.1.18-2 [144 kB] Get:19 http://cn.archive.ubuntu.com/ubuntu bionic/main amd64 python-chardet all 3.0.4-1 [80.3 kB] Get:20 http://cn.archive.ubuntu.com/ubuntu bionic/main amd64 python-idna all 2.6-1 [32.4 kB] Get:21 http://cn.archive.ubuntu.com/ubuntu bionic-updates/main amd64 python-urllib3 all 1.22-1ubuntu0.18.04.2 [86.0 kB] Get:22 http://cn.archive.ubuntu.com/ubuntu bionic-updates/main amd64 python-requests all 2.18.4-2ubuntu0.1 [58.5 kB] Get:23 http://cn.archive.ubuntu.com/ubuntu bionic/universe amd64 python-websocket all 0.44.0-0ubuntu2 [30.7 kB] Get:24 http://cn.archive.ubuntu.com/ubuntu bionic/main amd64 python-ipaddress all 1.0.17-1 [18.2 kB] Get:25 http://cn.archive.ubuntu.com/ubuntu bionic/universe amd64 python-docker all 2.5.1-1 [69.0 kB] Get:26 http://cn.archive.ubuntu.com/ubuntu bionic/universe amd64 python-dockerpty all 0.4.1-1 [10.8 kB] Get:27 http://cn.archive.ubuntu.com/ubuntu bionic/universe amd64 python-docopt all 0.6.2-1build1 [25.6 kB] Get:28 http://cn.archive.ubuntu.com/ubuntu bionic/main amd64 python-enum34 all 1.1.6-2 [34.8 kB] Get:29 http://cn.archive.ubuntu.com/ubuntu bionic/main amd64 python-functools32 all 3.2.3.2-3 [10.8 kB] Get:30 http://cn.archive.ubuntu.com/ubuntu bionic/main amd64 python-funcsigs all 1.0.2-4 [13.5 kB] Get:31 http://cn.archive.ubuntu.com/ubuntu bionic/main amd64 python-pbr all 3.1.1-3ubuntu3 [53.7 kB] Get:32 http://cn.archive.ubuntu.com/ubuntu bionic/main amd64 python-mock all 2.0.0-3 [47.4 kB] Get:33 http://cn.archive.ubuntu.com/ubuntu bionic/main amd64 python-jsonschema all 2.6.0-2 [31.5 kB] Get:34 http://cn.archive.ubuntu.com/ubuntu bionic/universe amd64 python-texttable all 0.9.1-1 [8160 B] Get:35 http://cn.archive.ubuntu.com/ubuntu bionic/main amd64 python-yaml amd64 3.12-1build2 [115 kB] Get:36 http://cn.archive.ubuntu.com/ubuntu bionic/universe amd64 docker-compose all 1.17.1-2 [76.3 kB] Get:37 http://cn.archive.ubuntu.com/ubuntu bionic/main amd64 python-asn1crypto all 0.24.0-1 [72.7 kB] Get:38 http://cn.archive.ubuntu.com/ubuntu bionic/main amd64 python-cffi-backend amd64 1.11.5-1 [63.4 kB] Get:39 http://cn.archive.ubuntu.com/ubuntu bionic-updates/main amd64 python-cryptography amd64 2.1.4-1ubuntu1.4 [276 kB] Get:40 http://cn.archive.ubuntu.com/ubuntu bionic/main amd64 python-openssl all 17.5.0-1ubuntu1 [41.3 kB] Fetched 41.3 MB in 26s (1612 kB/s) Extracting templates from packages: 100% Selecting previously unselected package libpython2.7-minimal:amd64. (Reading database ... 108939 files and directories currently installed.) Preparing to unpack .../0-libpython2.7-minimal_2.7.17-1~18.04ubuntu1.11_amd64.deb ... Unpacking libpython2.7-minimal:amd64 (2.7.17-1~18.04ubuntu1.11) ... Selecting previously unselected package python2.7-minimal. Preparing to unpack .../1-python2.7-minimal_2.7.17-1~18.04ubuntu1.11_amd64.deb ... Unpacking python2.7-minimal (2.7.17-1~18.04ubuntu1.11) ... Selecting previously unselected package python-minimal. Preparing to unpack .../2-python-minimal_2.7.15~rc1-1_amd64.deb ... Unpacking python-minimal (2.7.15~rc1-1) ... Selecting previously unselected package libpython2.7-stdlib:amd64. Preparing to unpack .../3-libpython2.7-stdlib_2.7.17-1~18.04ubuntu1.11_amd64.deb ... Unpacking libpython2.7-stdlib:amd64 (2.7.17-1~18.04ubuntu1.11) ... Selecting previously unselected package python2.7. Preparing to unpack .../4-python2.7_2.7.17-1~18.04ubuntu1.11_amd64.deb ... Unpacking python2.7 (2.7.17-1~18.04ubuntu1.11) ... Selecting previously unselected package libpython-stdlib:amd64. Preparing to unpack .../5-libpython-stdlib_2.7.15~rc1-1_amd64.deb ... Unpacking libpython-stdlib:amd64 (2.7.15~rc1-1) ... Setting up libpython2.7-minimal:amd64 (2.7.17-1~18.04ubuntu1.11) ... Setting up python2.7-minimal (2.7.17-1~18.04ubuntu1.11) ... Linking and byte-compiling packages for runtime python2.7... Setting up python-minimal (2.7.15~rc1-1) ... Selecting previously unselected package python. (Reading database ... 109687 files and directories currently installed.) Preparing to unpack .../00-python_2.7.15~rc1-1_amd64.deb ... Unpacking python (2.7.15~rc1-1) ... Preparing to unpack .../01-docker-ce-cli_5%3a23.0.5-1~ubuntu.18.04~bionic_amd64.deb ... Unpacking docker-ce-cli (5:23.0.5-1~ubuntu.18.04~bionic) over (5:19.03.15~3-0~ubuntu-bionic) ... Preparing to unpack .../02-docker-ce_5%3a23.0.5-1~ubuntu.18.04~bionic_amd64.deb ... Unpacking docker-ce (5:23.0.5-1~ubuntu.18.04~bionic) over (5:19.03.15~3-0~ubuntu-bionic) ... Selecting previously unselected package python-backports.ssl-match-hostname. Preparing to unpack .../03-python-backports.ssl-match-hostname_3.5.0.1-1_all.deb ... Unpacking python-backports.ssl-match-hostname (3.5.0.1-1) ... Selecting previously unselected package python-pkg-resources. Preparing to unpack .../04-python-pkg-resources_39.0.1-2ubuntu0.1_all.deb ... Unpacking python-pkg-resources (39.0.1-2ubuntu0.1) ... Selecting previously unselected package python-cached-property. Preparing to unpack .../05-python-cached-property_1.3.1-1_all.deb ... Unpacking python-cached-property (1.3.1-1) ... Selecting previously unselected package python-six. Preparing to unpack .../06-python-six_1.11.0-2_all.deb ... Unpacking python-six (1.11.0-2) ... Selecting previously unselected package libsecret-common. Preparing to unpack .../07-libsecret-common_0.18.6-1_all.deb ... Unpacking libsecret-common (0.18.6-1) ... Selecting previously unselected package libsecret-1-0:amd64. Preparing to unpack .../08-libsecret-1-0_0.18.6-1_amd64.deb ... Unpacking libsecret-1-0:amd64 (0.18.6-1) ... Selecting previously unselected package golang-docker-credential-helpers. Preparing to unpack .../09-golang-docker-credential-helpers_0.5.0-2ubuntu0.1_amd64.deb ... Unpacking golang-docker-credential-helpers (0.5.0-2ubuntu0.1) ... Selecting previously unselected package python-dockerpycreds. Preparing to unpack .../10-python-dockerpycreds_0.2.1-1_all.deb ... Unpacking python-dockerpycreds (0.2.1-1) ... Selecting previously unselected package python-certifi. Preparing to unpack .../11-python-certifi_2018.1.18-2_all.deb ... Unpacking python-certifi (2018.1.18-2) ... Selecting previously unselected package python-chardet. Preparing to unpack .../12-python-chardet_3.0.4-1_all.deb ... Unpacking python-chardet (3.0.4-1) ... Selecting previously unselected package python-idna. Preparing to unpack .../13-python-idna_2.6-1_all.deb ... Unpacking python-idna (2.6-1) ... Selecting previously unselected package python-urllib3. Preparing to unpack .../14-python-urllib3_1.22-1ubuntu0.18.04.2_all.deb ... Unpacking python-urllib3 (1.22-1ubuntu0.18.04.2) ... Selecting previously unselected package python-requests. Preparing to unpack .../15-python-requests_2.18.4-2ubuntu0.1_all.deb ... Unpacking python-requests (2.18.4-2ubuntu0.1) ... Selecting previously unselected package python-websocket. Preparing to unpack .../16-python-websocket_0.44.0-0ubuntu2_all.deb ... Unpacking python-websocket (0.44.0-0ubuntu2) ... Selecting previously unselected package python-ipaddress. Preparing to unpack .../17-python-ipaddress_1.0.17-1_all.deb ... Unpacking python-ipaddress (1.0.17-1) ... Selecting previously unselected package python-docker. Preparing to unpack .../18-python-docker_2.5.1-1_all.deb ... Unpacking python-docker (2.5.1-1) ... Selecting previously unselected package python-dockerpty. Preparing to unpack .../19-python-dockerpty_0.4.1-1_all.deb ... Unpacking python-dockerpty (0.4.1-1) ... Selecting previously unselected package python-docopt. Preparing to unpack .../20-python-docopt_0.6.2-1build1_all.deb ... Unpacking python-docopt (0.6.2-1build1) ... Selecting previously unselected package python-enum34. Preparing to unpack .../21-python-enum34_1.1.6-2_all.deb ... Unpacking python-enum34 (1.1.6-2) ... Selecting previously unselected package python-functools32. Preparing to unpack .../22-python-functools32_3.2.3.2-3_all.deb ... Unpacking python-functools32 (3.2.3.2-3) ... Selecting previously unselected package python-funcsigs. Preparing to unpack .../23-python-funcsigs_1.0.2-4_all.deb ... Unpacking python-funcsigs (1.0.2-4) ... Selecting previously unselected package python-pbr. Preparing to unpack .../24-python-pbr_3.1.1-3ubuntu3_all.deb ... Unpacking python-pbr (3.1.1-3ubuntu3) ... Selecting previously unselected package python-mock. Preparing to unpack .../25-python-mock_2.0.0-3_all.deb ... Unpacking python-mock (2.0.0-3) ... Selecting previously unselected package python-jsonschema. Preparing to unpack .../26-python-jsonschema_2.6.0-2_all.deb ... Unpacking python-jsonschema (2.6.0-2) ... Selecting previously unselected package python-texttable. Preparing to unpack .../27-python-texttable_0.9.1-1_all.deb ... Unpacking python-texttable (0.9.1-1) ... Selecting previously unselected package python-yaml. Preparing to unpack .../28-python-yaml_3.12-1build2_amd64.deb ... Unpacking python-yaml (3.12-1build2) ... Selecting previously unselected package docker-compose. Preparing to unpack .../29-docker-compose_1.17.1-2_all.deb ... Unpacking docker-compose (1.17.1-2) ... Selecting previously unselected package python-asn1crypto. Preparing to unpack .../30-python-asn1crypto_0.24.0-1_all.deb ... Unpacking python-asn1crypto (0.24.0-1) ... Selecting previously unselected package python-cffi-backend. Preparing to unpack .../31-python-cffi-backend_1.11.5-1_amd64.deb ... Unpacking python-cffi-backend (1.11.5-1) ... Selecting previously unselected package python-cryptography. Preparing to unpack .../32-python-cryptography_2.1.4-1ubuntu1.4_amd64.deb ... Unpacking python-cryptography (2.1.4-1ubuntu1.4) ... Selecting previously unselected package python-openssl. Preparing to unpack .../33-python-openssl_17.5.0-1ubuntu1_all.deb ... Unpacking python-openssl (17.5.0-1ubuntu1) ... Setting up libsecret-common (0.18.6-1) ... Setting up docker-ce-cli (5:23.0.5-1~ubuntu.18.04~bionic) ... Setting up libsecret-1-0:amd64 (0.18.6-1) ... Setting up libpython2.7-stdlib:amd64 (2.7.17-1~18.04ubuntu1.11) ... Setting up docker-ce (5:23.0.5-1~ubuntu.18.04~bionic) ... Setting up python2.7 (2.7.17-1~18.04ubuntu1.11) ... Setting up libpython-stdlib:amd64 (2.7.15~rc1-1) ... Setting up golang-docker-credential-helpers (0.5.0-2ubuntu0.1) ... Setting up python (2.7.15~rc1-1) ... Setting up python-idna (2.6-1) ... Setting up python-texttable (0.9.1-1) ... Setting up python-functools32 (3.2.3.2-3) ... Setting up python-yaml (3.12-1build2) ... Setting up python-asn1crypto (0.24.0-1) ... Setting up python-certifi (2018.1.18-2) ... Setting up python-pkg-resources (39.0.1-2ubuntu0.1) ... Setting up python-backports.ssl-match-hostname (3.5.0.1-1) ... Setting up python-cffi-backend (1.11.5-1) ... Setting up python-six (1.11.0-2) ... Setting up python-dockerpty (0.4.1-1) ... Setting up python-pbr (3.1.1-3ubuntu3) ... update-alternatives: using /usr/bin/python2-pbr to provide /usr/bin/pbr (pbr) in auto mode Setting up python-enum34 (1.1.6-2) ... Setting up python-funcsigs (1.0.2-4) ... Setting up python-docopt (0.6.2-1build1) ... Setting up python-ipaddress (1.0.17-1) ... Setting up python-cached-property (1.3.1-1) ... Setting up python-urllib3 (1.22-1ubuntu0.18.04.2) ... Setting up python-chardet (3.0.4-1) ... Setting up python-dockerpycreds (0.2.1-1) ... Setting up python-mock (2.0.0-3) ... Setting up python-websocket (0.44.0-0ubuntu2) ... update-alternatives: using /usr/bin/python2-wsdump to provide /usr/bin/wsdump (wsdump) in auto mode Setting up python-cryptography (2.1.4-1ubuntu1.4) ... Setting up python-requests (2.18.4-2ubuntu0.1) ... Setting up python-jsonschema (2.6.0-2) ... update-alternatives: using /usr/bin/python2-jsonschema to provide /usr/bin/jsonschema (jsonschema) in auto mode Setting up python-openssl (17.5.0-1ubuntu1) ... Setting up python-docker (2.5.1-1) ... Setting up docker-compose (1.17.1-2) ... Processing triggers for systemd (237-3ubuntu10.57) ... Processing triggers for man-db (2.8.3-2ubuntu0.1) ... Processing triggers for mime-support (3.60ubuntu1) ... Processing triggers for ureadahead (0.100.0-21) ... Processing triggers for libc-bin (2.27-3ubuntu1.5) ... [root@Docker-Ubu1804-p11:~]# docker-compose --version docker-compose version 1.17.1, build unknown
3、下载Harbor安装包并解压
官方github地址:https://github.com/goharbor/harbor/releases
3.1、下载并解压离线安装包
[root@Harbor-Ubu1804-9:~]# wget https://github.com/goharbor/harbor/releases/download/v2.8.0/harbor-offline-installer-v2.8.0.tgz --2023-05-04 06:44:13-- https://github.com/goharbor/harbor/releases/download/v2.8.0/harbor-offline-installer-v2.8.0.tgz Resolving github.com (github.com)... 20.205.243.166 Connecting to github.com (github.com)|20.205.243.166|:443... connected. HTTP request sent, awaiting response... 302 Found Location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/50613991/3264ff53-d69e-4d73-b601-285a81844054?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20230503%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20230503T224414Z&X-Amz-Expires=300&X-Amz-Signature=56f78b1f71515177b32050e70d8364172789ee7061978bff34970e8b9979e021&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=50613991&response-content-disposition=attachment%3B%20filename%3Dharbor-offline-installer-v2.8.0.tgz&response-content-type=application%2Foctet-stream [following] --2023-05-04 06:44:14-- https://objects.githubusercontent.com/github-production-release-asset-2e65be/50613991/3264ff53-d69e-4d73-b601-285a81844054?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20230503%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20230503T224414Z&X-Amz-Expires=300&X-Amz-Signature=56f78b1f71515177b32050e70d8364172789ee7061978bff34970e8b9979e021&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=50613991&response-content-disposition=attachment%3B%20filename%3Dharbor-offline-installer-v2.8.0.tgz&response-content-type=application%2Foctet-stream Resolving objects.githubusercontent.com (objects.githubusercontent.com)... 185.199.111.133 Connecting to objects.githubusercontent.com (objects.githubusercontent.com)|185.199.111.133|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 633942863 (605M) [application/octet-stream] Saving to: ‘harbor-offline-installer-v2.8.0.tgz’ harbor-offline-installer-v2.8.0.tgz 100%[===================================================================>] 604.57M 5.90MB/s in 1m 43s 2023-05-04 06:45:59 (5.85 MB/s) - ‘harbor-offline-installer-v2.8.0.tgz’ saved [633942863/633942863] [root@Harbor-Ubu1804-9:~]# ls disk.sh docker_install_ubu1804_online.sh harbor-offline-installer-v2.8.0.tgz issue os.version redis_install.sh system_info.sh [root@Harbor-Ubu1804-9:~]# mkdir /apps [root@Harbor-Ubu1804-9:~]# tar xvf harbor-offline-installer-v2.8.0.tgz -C /apps/ harbor/harbor.v2.8.0.tar.gz harbor/prepare harbor/LICENSE harbor/install.sh harbor/common.sh harbor/harbor.yml.tmpl [root@Harbor-Ubu1804-9:~]# tree /apps/ /apps/ └── harbor ├── LICENSE ├── common.sh ├── harbor.v2.8.0.tar.gz ├── harbor.yml.tmpl ├── install.sh └── prepare 1 directory, 6 files
3.2、下载并解压在线安装包
[root@Harbor-Ubu1804-10:~]# wget https://github.com/goharbor/harbor/releases/download/v2.8.0/harbor-online-installer-v2.8.0.tgz --2023-05-04 22:34:03-- https://github.com/goharbor/harbor/releases/download/v2.8.0/harbor-online-installer-v2.8.0.tgz Resolving github.com (github.com)... 20.205.243.166 Connecting to github.com (github.com)|20.205.243.166|:443... connected. HTTP request sent, awaiting response... 302 Found Location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/50613991/5b13b62e-9582-430d-937c-7add3750b641?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20230504%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20230504T143403Z&X-Amz-Expires=300&X-Amz-Signature=00160a898b7b7e86a791af42a75b2ac9f4b1ee834dfcf31b310ec10a7116c999&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=50613991&response-content-disposition=attachment%3B%20filename%3Dharbor-online-installer-v2.8.0.tgz&response-content-type=application%2Foctet-stream [following] --2023-05-04 22:34:04-- https://objects.githubusercontent.com/github-production-release-asset-2e65be/50613991/5b13b62e-9582-430d-937c-7add3750b641?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20230504%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20230504T143403Z&X-Amz-Expires=300&X-Amz-Signature=00160a898b7b7e86a791af42a75b2ac9f4b1ee834dfcf31b310ec10a7116c999&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=50613991&response-content-disposition=attachment%3B%20filename%3Dharbor-online-installer-v2.8.0.tgz&response-content-type=application%2Foctet-stream Resolving objects.githubusercontent.com (objects.githubusercontent.com)... 185.199.111.133, 185.199.109.133, 185.199.108.133, ... Connecting to objects.githubusercontent.com (objects.githubusercontent.com)|185.199.111.133|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 11022 (11K) [application/octet-stream] Saving to: ‘harbor-online-installer-v2.8.0.tgz’ harbor-online-installer-v2.8.0.tgz 100%[===================================================================>] 10.76K 56.5KB/s in 0.2s 2023-05-04 22:34:05 (56.5 KB/s) - ‘harbor-online-installer-v2.8.0.tgz’ saved [11022/11022] [root@Harbor-Ubu1804-10:~]# ls disk.sh docker-compose-Linux-x86_64.1 harbor-online-installer-v2.8.0.tgz os.version system_info.sh docker-compose-Linux-x86_64 docker_install_ubu1804_online.sh issue redis_install.sh [root@Harbor-Ubu1804-10:~]# mkdir /apps -p [root@Harbor-Ubu1804-10:~]# tar zxvf harbor-online-installer-v2.8.0.tgz -C /apps harbor/prepare harbor/LICENSE harbor/install.sh harbor/common.sh harbor/harbor.yml.tmpl [root@Harbor-Ubu1804-10:~]# tree /apps /apps └── harbor ├── LICENSE ├── common.sh ├── harbor.yml.tmpl ├── install.sh └── prepare 1 directory, 5 files
4、编辑配置文件 harbor.yml.tmpl 生成 harbor.yml
[root@Harbor-Ubu1804-9:~]# sed -e "/^hostname: .*$/c hostname: 10.0.0.10" \ -e "/harbor_admin_password: .*$/c harbor_admin_password: janzen" \ -e "/https:/s/^/#/" \ -e "/port: 443/s/^/#/" \ -e "/certificate:/s/^/#/" \ -e "/private_key:/s/^/#/" \ /apps/harbor/harbor.yml.tmpl > /apps/harbor/harbor.yml
5、运行Harbor安装脚本
5.1、离线安装包安装
[root@Harbor-Ubu1804-9:/apps/harbor]# ./install.sh [Step 0]: checking if docker is installed ... Note: docker version: 19.03.15 [Step 1]: checking docker-compose is installed ... /usr/local/lib/python3.6/dist-packages/paramiko/transport.py:32: CryptographyDeprecationWarning: Python 3.6 is no longer supported by the Python core team. Therefore, support for it is deprecated in cryptography. The next release of cryptography will remove support for Python 3.6. from cryptography.hazmat.backends import default_backend Note: docker-compose version: 1.29.2 [Step 2]: loading Harbor images ... Loaded image: goharbor/harbor-log:v2.8.0 Loaded image: goharbor/notary-signer-photon:v2.8.0 Loaded image: goharbor/harbor-registryctl:v2.8.0 Loaded image: goharbor/harbor-exporter:v2.8.0 Loaded image: goharbor/redis-photon:v2.8.0 Loaded image: goharbor/notary-server-photon:v2.8.0 Loaded image: goharbor/prepare:v2.8.0 Loaded image: goharbor/harbor-jobservice:v2.8.0 Loaded image: goharbor/trivy-adapter-photon:v2.8.0 Loaded image: goharbor/registry-photon:v2.8.0 Loaded image: goharbor/harbor-portal:v2.8.0 Loaded image: goharbor/harbor-core:v2.8.0 Loaded image: goharbor/harbor-db:v2.8.0 Loaded image: goharbor/nginx-photon:v2.8.0 [Step 3]: preparing environment ... [Step 4]: preparing harbor configs ... prepare base dir is set to /apps/harbor WARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. Please make sure to upgrade to https Generated configuration file: /config/portal/nginx.conf Generated configuration file: /config/log/logrotate.conf Generated configuration file: /config/log/rsyslog_docker.conf Generated configuration file: /config/nginx/nginx.conf Generated configuration file: /config/core/env Generated configuration file: /config/core/app.conf Generated configuration file: /config/registry/config.yml Generated configuration file: /config/registryctl/env Generated configuration file: /config/registryctl/config.yml Generated configuration file: /config/db/env Generated configuration file: /config/jobservice/env Generated configuration file: /config/jobservice/config.yml Generated and saved secret to file: /data/secret/keys/secretkey Successfully called func: create_root_cert Generated configuration file: /compose_location/docker-compose.yml Clean up the input dir Note: stopping existing Harbor instance ... /usr/local/lib/python3.6/dist-packages/paramiko/transport.py:32: CryptographyDeprecationWarning: Python 3.6 is no longer supported by the Python core team. Therefore, support for it is deprecated in cryptography. The next release of cryptography will remove support for Python 3.6. from cryptography.hazmat.backends import default_backend Removing network harbor_harbor WARNING: Network harbor_harbor not found. [Step 5]: starting Harbor ... /usr/local/lib/python3.6/dist-packages/paramiko/transport.py:32: CryptographyDeprecationWarning: Python 3.6 is no longer supported by the Python core team. Therefore, support for it is deprecated in cryptography. The next release of cryptography will remove support for Python 3.6. from cryptography.hazmat.backends import default_backend Creating network "harbor_harbor" with the default driver Creating harbor-log ... done Creating registry ... done Creating redis ... done Creating registryctl ... done Creating harbor-portal ... done Creating harbor-db ... done Creating harbor-core ... done Creating harbor-jobservice ... done Creating nginx ... done ✔ ----Harbor has been installed and started successfully.---- [root@Harbor-Ubu1804-9:/apps/harbor]#
5.2、在线安装包安装
[root@Harbor-Ubu1804-10:~]# bash /apps/harbor/install.sh [Step 0]: checking if docker is installed ... Note: docker version: 19.03.15 [Step 1]: checking docker-compose is installed ... Note: docker-compose version: 2.17.3 [Step 2]: preparing environment ... [Step 3]: preparing harbor configs ... prepare base dir is set to /apps/harbor Unable to find image 'goharbor/prepare:v2.8.0' locally v2.8.0: Pulling from goharbor/prepare bf71dcb41a4d: Pull complete 484253c2f382: Pull complete e74d2a96ccb2: Pull complete 01db2f770c78: Pull complete b560365c90c1: Pull complete 1f3dd0d587a1: Pull complete 838bdf6426be: Pull complete 51525c7a4951: Pull complete 7afee3de0d7c: Pull complete 3613dc8f55e8: Pull complete Digest: sha256:2e3945da3cf6e444177e1c99b46e302fd89a61b24dd9787df3b9d2713ab1b6c3 Status: Downloaded newer image for goharbor/prepare:v2.8.0 WARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. Please make sure to upgrade to https Generated configuration file: /config/portal/nginx.conf Generated configuration file: /config/log/logrotate.conf Generated configuration file: /config/log/rsyslog_docker.conf Generated configuration file: /config/nginx/nginx.conf Generated configuration file: /config/core/env Generated configuration file: /config/core/app.conf Generated configuration file: /config/registry/config.yml Generated configuration file: /config/registryctl/env Generated configuration file: /config/registryctl/config.yml Generated configuration file: /config/db/env Generated configuration file: /config/jobservice/env Generated configuration file: /config/jobservice/config.yml Generated and saved secret to file: /data/secret/keys/secretkey Successfully called func: create_root_cert Generated configuration file: /compose_location/docker-compose.yml Clean up the input dir Note: stopping existing Harbor instance ... [Step 4]: starting Harbor ... [+] Running 60/25 ✔ log 7 layers [⣿⣿⣿⣿⣿⣿⣿] 0B/0B Pulled 57.8s ✔ registry 6 layers [⣿⣿⣿⣿⣿⣿] 0B/0B Pulled 7.4s ✔ redis 4 layers [⣿⣿⣿⣿] 0B/0B Pulled 40.9s ✔ proxy 1 layers [⣿] 0B/0B Pulled 874.6s ✔ registryctl 6 layers [⣿⣿⣿⣿⣿⣿] 0B/0B Pulled 20.4s ✔ postgresql 10 layers [⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿] 0B/0B Pulled 144.4s ✔ core 9 layers [⣿⣿⣿⣿⣿⣿⣿⣿⣿] 0B/0B Pulled 41.3s ✔ jobservice 5 layers [⣿⣿⣿⣿⣿] 0B/0B Pulled 96.2s ✔ portal 3 layers [⣿⣿⣿] 0B/0B Pulled 54.7s [+] Running 10/10 ✔ Network harbor_harbor Created 0.1s ✔ Container harbor-log Started 1.5s ✔ Container redis Started 5.0s ✔ Container registryctl Started 2.9s ✔ Container harbor-db Started 4.3s ✔ Container harbor-portal Started 4.1s ✔ Container registry Started 4.2s ✔ Container harbor-core Started 5.6s ✔ Container nginx Started 7.5s ✔ Container harbor-jobservice Started 7.6s ✔ ----Harbor has been installed and started successfully.----
6、实现开机自启动
6.1、systemd
[root@Harbor-Ubu1804-9:/apps/harbor]# vim /lib/systemd/system/harbor.service [root@Harbor-Ubu1804-9:/apps/harbor]# cat /lib/systemd/system/harbor.service [Unit] Description=Harbor After=docker.service systemd-networkd.service systemd-reslove.service Requires=docker.service Documentation=http://github.com/vmware/harbor [Service] Type=simple Restart=on-failure RestartSec=5 ExecStart=/usr/local/bin/docker-compose -f /apps/harbor/docker-compose.yml up ExecStop=/usr/local/bin/docker-compose -f /apps/harbor/docker-compose.yml down [Install] WantedBy=multi-user.target [root@Harbor-Ubu1804-9:/apps/harbor]# systemctl daemon-reload [root@Harbor-Ubu1804-9:/apps/harbor]# systemctl enable --now harbor.service Created symlink /etc/systemd/system/multi-user.target.wants/harbor.service → /lib/systemd/system/harbor.service.
7、访问 Harbor Web界面
四、Harbor 单机使用配置
1、创建项目
2、命令行登录Harbor
[root@Docker-Ubu1804-p11:~]# docker login 10.0.0.10 Username: admin Password: Error response from daemon: Get https://10.0.0.10/v2/: dial tcp 10.0.0.10:443: connect: connection refused
#提示需要使用https协议访问,但是由于目标harbor并未开启SSL认证,修改docker默认配置允许对目标使用http协议访问
修改仓库连接使用协议
#方法一:修改 daemon.json 配置允许使用http协议访问 [root@Docker-Ubu1804-p11:~]# sed -i.bak "/{/a \"insecure-registries\" : [\"10.0.0.10\",\"10.0.0.9\"]," /etc/docker/daemon.json [root@Docker-Ubu1804-p11:~]# cat /etc/docker//daemon.json { "insecure-registries" : ["10.0.0.10","10.0.0.9"], "registry-mirrors": ["https://hub-mirror.c.163.com","https://po3g231a.mirror.aliyuncs.com","https://docker.mirrors.ustc.edu.cn"], "bip": "172.17.1.1/24", "fixed-cidr": "172.17.1.0/24" } [root@Docker-Ubu1804-p11:~]# systemctl daemon-reload [root@Docker-Ubu1804-p11:~]# systemctl restart docker [root@Docker-Ubu1804-p11:~]# docker login 10.0.0.10 Username: admin Password: WARNING! Your password will be stored unencrypted in /root/.docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store Login Succeeded #方法二:修改docker.service文件 [root@Docker-Ubu1804-p11:~]# sed -i.bak '/ExecStart=/s/$/ --insecure-registry "10.0.0.9"/' /lib/systemd/system/docker.service [root@Docker-Ubu1804-p11:~]# sed -i.bak '/ExecStart=/s/$/ --insecure-registry "10.0.0.10"/' /lib/systemd/system/docker.service [root@Docker-Ubu1804-p11:~]# cat /lib/systemd/system/docker.service [Unit] Description=Docker Application Container Engine Documentation=https://docs.docker.com BindsTo=containerd.service After=network-online.target firewalld.service containerd.service Wants=network-online.target Requires=docker.socket [Service] Type=notify # the default is not to use systemd for cgroups because the delegate issues still # exists and systemd currently does not support the cgroup feature set required # for containers run by docker ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --insecure-registry "10.0.0.9" --insecure-registry "10.0.0.10" ExecReload=/bin/kill -s HUP $MAINPID TimeoutSec=0 RestartSec=2 Restart=always # Note that StartLimit* options were moved from "Service" to "Unit" in systemd 229. # Both the old, and new location are accepted by systemd 229 and up, so using the old location # to make them work for either version of systemd. StartLimitBurst=3 # Note that StartLimitInterval was renamed to StartLimitIntervalSec in systemd 230. # Both the old, and new name are accepted by systemd 230 and up, so using the old name to make # this option work for either version of systemd. StartLimitInterval=60s # Having non-zero Limit*s causes performance problems due to accounting overhead # in the kernel. We recommend using cgroups to do container-local accounting. LimitNOFILE=infinity LimitNPROC=infinity LimitCORE=infinity # Comment TasksMax if your systemd version does not support it. # Only systemd 226 and above support this option. TasksMax=infinity # set delegate yes so that systemd does not reset the cgroups of docker containers Delegate=yes # kill only the docker process, not all processes in the cgroup KillMode=process [Install] WantedBy=multi-user.target [root@Docker-Ubu1804-p11:~]# systemctl daemon-reload ; systemctl restart docker [root@Docker-Ubu1804-p11:~]# docker login 10.0.0.10 Username: admin Password: WARNING! Your password will be stored unencrypted in /root/.docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store Login Succeeded [root@Docker-Ubu1804-p11:~]# docker login 10.0.0.9 Authenticating with existing credentials... WARNING! Your password will be stored unencrypted in /root/.docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store Login Succeeded
3、对本地进行打标签并上传到Harbor
修改image名称,不使用指定格式命名image无法进行上传
image标准命名格式:仓库地址:<仓库端口 默认80>/项目名/image名称:<版本信息 默认latest>
[root@Docker-Ubu1804-p11:~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE janzen/app1 latest f65a9531bfc7 7 days ago 572MB janzen/app1 v3.0 f65a9531bfc7 7 days ago 572MB janzen/nginx-centos7 1.20.1-v2.0 4919aacb5ea0 7 days ago 562MB janzen/centos7 v1.0 b9d392225b3e 10 days ago 529MB mysql latest 8189e588b0e8 2 weeks ago 564MB busybox 1.36 7cfbbec8963d 6 weeks ago 4.86MB busybox 1.35.0 a711f05d3384 16 months ago 1.24MB busybox latest beae173ccac6 16 months ago 1.24MB nginx latest 605c77e624dd 16 months ago 141MB redis latest 7614ae9453d1 16 months ago 113MB alpine latest c059bfaa849c 17 months ago 5.59MB redis 5.0.14-alpine3.14 2089be2db78e 17 months ago 29.4MB ubuntu 18.04 5a214d77f5d7 19 months ago 63.1MB hello-world latest feb5d9fea6a5 19 months ago 13.3kB centos 7 eeb6ee3f44bd 19 months ago 204MB [root@Docker-Ubu1804-p11:~]# docker tag janzen/centos7:v1.0 10.0.0.10/janzen/centos7:v1.0 [root@Docker-Ubu1804-p11:~]# docker tag janzen/centos7:v1.0 10.0.0.10/janzen/centos7 [root@Docker-Ubu1804-p11:~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE janzen/app1 latest f65a9531bfc7 7 days ago 572MB janzen/app1 v3.0 f65a9531bfc7 7 days ago 572MB janzen/nginx-centos7 1.20.1-v2.0 4919aacb5ea0 7 days ago 562MB 10.0.0.10/janzen/centos7 latest b9d392225b3e 10 days ago 529MB 10.0.0.10/janzen/centos7 v1.0 b9d392225b3e 10 days ago 529MB janzen/centos7 v1.0 b9d392225b3e 10 days ago 529MB mysql latest 8189e588b0e8 2 weeks ago 564MB busybox 1.36 7cfbbec8963d 6 weeks ago 4.86MB busybox 1.35.0 a711f05d3384 16 months ago 1.24MB busybox latest beae173ccac6 16 months ago 1.24MB nginx latest 605c77e624dd 16 months ago 141MB redis latest 7614ae9453d1 16 months ago 113MB alpine latest c059bfaa849c 17 months ago 5.59MB redis 5.0.14-alpine3.14 2089be2db78e 17 months ago 29.4MB ubuntu 18.04 5a214d77f5d7 19 months ago 63.1MB hello-world latest feb5d9fea6a5 19 months ago 13.3kB centos 7 eeb6ee3f44bd 19 months ago 204MB
[root@Docker-Ubu1804-p11:~]# docker push 10.0.0.10/janzen/centos7 The push refers to repository [10.0.0.10/janzen/centos7] ae552106ea81: Pushed 174f56854903: Pushed latest: digest: sha256:51a4e1432a50d31261ca2a34d565f0cbbfd7cc17fd0bd6162516899c851cfff3 size: 742 ae552106ea81: Layer already exists 174f56854903: Layer already exists v1.0: digest: sha256:51a4e1432a50d31261ca2a34d565f0cbbfd7cc17fd0bd6162516899c851cfff3 size: 742 [root@Docker-Ubu1804-p11:~]# docker push 10.0.0.10/janzen/centos7:v1.0 The push refers to repository [10.0.0.10/janzen/centos7] ae552106ea81: Layer already exists 174f56854903: Layer already exists v1.0: digest: sha256:51a4e1432a50d31261ca2a34d565f0cbbfd7cc17fd0bd6162516899c851cfff3 size: 742
4、下载Harbor上的镜像
[root@temp-ubuntu-1804-server:~]# docker pull 10.0.0.10/janzen/centos7 Using default tag: latest latest: Pulling from janzen/centos7 2d473b07cdd5: Pull complete b92dee35c852: Pull complete Digest: sha256:51a4e1432a50d31261ca2a34d565f0cbbfd7cc17fd0bd6162516899c851cfff3 Status: Downloaded newer image for 10.0.0.10/janzen/centos7:latest 10.0.0.10/janzen/centos7:latest [root@temp-ubuntu-1804-server:~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE 10.0.0.10/janzen/centos7 latest b9d392225b3e 10 days ago 529MB
5、修改Harbor配置
方法一:/apps/harbor/prepare
[root@Harbor-Ubu1804-10:~]# systemctl stop harbor.service [root@Harbor-Ubu1804-10:~]# vim /apps/harbor/harbor.yml http: # port for http, default is 80. If https enabled, this port will redirect to https port port: 8080 [root@Harbor-Ubu1804-10:~]# /apps/harbor/prepare prepare base dir is set to /apps/harbor WARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. Please make sure to upgrade to https Clearing the configuration file: /config/registryctl/env Clearing the configuration file: /config/registryctl/config.yml Clearing the configuration file: /config/core/app.conf Clearing the configuration file: /config/core/env Clearing the configuration file: /config/portal/nginx.conf Clearing the configuration file: /config/log/rsyslog_docker.conf Clearing the configuration file: /config/log/logrotate.conf Clearing the configuration file: /config/registry/passwd Clearing the configuration file: /config/registry/config.yml Clearing the configuration file: /config/jobservice/env Clearing the configuration file: /config/jobservice/config.yml Clearing the configuration file: /config/nginx/nginx.conf Clearing the configuration file: /config/db/env Generated configuration file: /config/portal/nginx.conf Generated configuration file: /config/log/logrotate.conf Generated configuration file: /config/log/rsyslog_docker.conf Generated configuration file: /config/nginx/nginx.conf Generated configuration file: /config/core/env Generated configuration file: /config/core/app.conf Generated configuration file: /config/registry/config.yml Generated configuration file: /config/registryctl/env Generated configuration file: /config/registryctl/config.yml Generated configuration file: /config/db/env Generated configuration file: /config/jobservice/env Generated configuration file: /config/jobservice/config.yml loaded secret from file: /data/secret/keys/secretkey Generated configuration file: /compose_location/docker-compose.yml Clean up the input dir [root@Harbor-Ubu1804-10:~]# systemctl start harbor.service [root@Harbor-Ubu1804-10:~]# ss -ntlp State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 127.0.0.1:1514 0.0.0.0:* users:(("docker-proxy",pid=123526,fd=4)) LISTEN 0 128 127.0.0.53%lo:53 0.0.0.0:* users:(("systemd-resolve",pid=836,fd=13)) LISTEN 0 128 0.0.0.0:22 0.0.0.0:* users:(("sshd",pid=928,fd=3)) LISTEN 0 128 127.0.0.1:6010 0.0.0.0:* users:(("sshd",pid=1376,fd=10)) LISTEN 0 128 *:8080 *:* users:(("docker-proxy",pid=124252,fd=4)) LISTEN 0 128 [::]:22 [::]:* users:(("sshd",pid=928,fd=4)) LISTEN 0 128 [::1]:6010 [::]:* users:(("sshd",pid=1376,fd=9))
方法二:/apps/harbor/install.sh
[root@Harbor-Ubu1804-10:~]# vim /apps/harbor/harbor.yml http: port: 80 [root@Harbor-Ubu1804-10:~]# /apps/harbor/install.sh [Step 0]: checking if docker is installed ... Note: docker version: 19.03.15 [Step 1]: checking docker-compose is installed ... Note: docker-compose version: 2.17.3 [Step 2]: preparing environment ... [Step 3]: preparing harbor configs ... prepare base dir is set to /apps/harbor WARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. Please make sure to upgrade to https Clearing the configuration file: /config/registryctl/env Clearing the configuration file: /config/registryctl/config.yml Clearing the configuration file: /config/core/app.conf Clearing the configuration file: /config/core/env Clearing the configuration file: /config/portal/nginx.conf Clearing the configuration file: /config/log/rsyslog_docker.conf Clearing the configuration file: /config/log/logrotate.conf Clearing the configuration file: /config/registry/passwd Clearing the configuration file: /config/registry/config.yml Clearing the configuration file: /config/registry/root.crt Clearing the configuration file: /config/jobservice/env Clearing the configuration file: /config/jobservice/config.yml Clearing the configuration file: /config/nginx/nginx.conf Clearing the configuration file: /config/db/env Generated configuration file: /config/portal/nginx.conf Generated configuration file: /config/log/logrotate.conf Generated configuration file: /config/log/rsyslog_docker.conf Generated configuration file: /config/nginx/nginx.conf Generated configuration file: /config/core/env Generated configuration file: /config/core/app.conf Generated configuration file: /config/registry/config.yml Generated configuration file: /config/registryctl/env Generated configuration file: /config/registryctl/config.yml Generated configuration file: /config/db/env Generated configuration file: /config/jobservice/env Generated configuration file: /config/jobservice/config.yml loaded secret from file: /data/secret/keys/secretkey Generated configuration file: /compose_location/docker-compose.yml Clean up the input dir Note: stopping existing Harbor instance ... [+] Running 10/10 ✔ Container nginx Removed 0.5s ✔ Container harbor-jobservice Removed 0.4s ✔ Container registryctl Removed 10.3s ✔ Container harbor-portal Removed 0.4s ✔ Container harbor-core Removed 0.4s ✔ Container harbor-db Removed 0.7s ✔ Container registry Removed 0.4s ✔ Container redis Removed 0.5s ✔ Container harbor-log Removed 10.3s ✔ Network harbor_harbor Removed 0.1s [Step 4]: starting Harbor ... [+] Running 10/10 ✔ Network harbor_harbor Created 0.1s ✔ Container harbor-log Started 1.3s ✔ Container registryctl Started 3.9s ✔ Container harbor-db Started 3.2s ✔ Container redis Started 3.0s ✔ Container harbor-portal Started 5.5s ✔ Container registry Started 4.2s ✔ Container harbor-core Started 4.5s ✔ Container nginx Started 6.5s ✔ Container harbor-jobservice Started 6.0s ✔ ----Harbor has been installed and started successfully.---- [root@Harbor-Ubu1804-10:~]# ss -ntlp State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 127.0.0.1:1514 0.0.0.0:* users:(("docker-proxy",pid=126673,fd=4)) LISTEN 0 128 127.0.0.53%lo:53 0.0.0.0:* users:(("systemd-resolve",pid=836,fd=13)) LISTEN 0 128 0.0.0.0:22 0.0.0.0:* users:(("sshd",pid=928,fd=3)) LISTEN 0 128 127.0.0.1:6010 0.0.0.0:* users:(("sshd",pid=1376,fd=10)) LISTEN 0 128 *:80 *:* users:(("docker-proxy",pid=127375,fd=4)) LISTEN 0 128 [::]:22 [::]:* users:(("sshd",pid=928,fd=4)) LISTEN 0 128 [::1]:6010 [::]:* users:(("sshd",pid=1376,fd=9))
6、一键镜像打标签并上传
#!/bin/bash # #******************************************************************** #Author: janzen #Date: 2023-05-05 #FileName: #Description: The test script #Copyright (C): 2023 All rights reserved #******************************************************************** ERR="echo -e \033[1;31m" SUCC="echo -e \033[1;32m" WARN="echo -e \033[1;33m" END="\033[m" DOCS(){ echo "$0 <OPTIONS> [IMAGE] <TAG:-latest>" echo "<OPTIONS>:" echo "" echo "-h show this page" echo "-b build image from .DockerFile, default; false" echo "-i <HostIP> set host ip, default: 10.0.0.9" echo "-u <UserNmae> set username, default: admin" echo "-p <UserPasswd> set password, default: janzen" echo "-r <registry> registry, default: janzen" exit } image_tag() { [ `docker images $HOST/$REGISTRY/$IMAGE_NAME:$TAG -q` ] && { $WARN"$HOST/$REGISTRY/$IMAGE_NAME:$TAG is exist"$END;return; } || [ `docker images $IMAGE_NAME:$TAG -q` ] && docker tag $IMAGE_NAME:$TAG $HOST/$REGISTRY/$IMAGE_NAME:$TAG || [ `docker images $REGISTRY\/$IMAGE_NAME:$TAG -q` ] && docker tag $REGISTRY/$IMAGE_NAME:$TAG $HOST/$REGISTRY/$IMAGE_NAME:$TAG || { $ERR"$IMAGE_NAME:$TAG not exist,if you want build image Please Usage $0 -b [IMAGE] <TAG:-latest>"$END; DOCS;} } while getopts 'hbi:u:p:r:' OPT; do case $OPT in b) BUILD=true ;; i) HOST=${OPTARG} ;; u) REGISTRY_USER=${OPTARG} ;; p) PASSWD=${OPTARG} ;; r) REGISTRY=${OPTARG} ;; h) DOCS ;; ?) DOCS ;; esac done shift $(($OPTIND - 1)) IMAGE_NAME=$1 TAG=$2 TAG=${TAG:-latest} HOST=${HOST:-"10.0.0.9"} REGISTRY_USER=${REGISTRY_USER:-admin} PASSWD=${PASSWD:-janzen} REGISTRY=${REGISTRY:-janzen} [ $BUILD ] && docker build -t $HOST/$REGISTRY/$IMAGE_NAME:$TAG . || image_tag && $SUCC"Tag Image successd"$END docker login $HOST -u $REGISTRY_USER -p $PASSWD && { docker push $HOST/$REGISTRY/$IMAGE_NAME:$TAG; $SUCC"push $HOST/$REGISTRY/$IMAGE_NAME:$TAG to $HOST successed"$END;} || $ERR"login $HOST faild"$END
五、Harbor 分布式集群配置
1、准备两台Harbor服务器
Harbor09
Harbor10
2、在两台Harbor上创建同样的仓库
3、在 Harbor09 的仓库管理中 添加Harbor10仓库信息
4、在 Harbor09 添加复制规则
每分钟自动从 Harbor10 上同步全部镜像
手动执行触发 复制规则
5、验证镜像上传及删除
从客户端上传镜像到Harbor10
[root@Docker-Ubu1804-p11:~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE janzen/app1 latest f65a9531bfc7 8 days ago 572MB janzen/app1 v3.0 f65a9531bfc7 8 days ago 572MB janzen/nginx-centos7 1.20.1-v2.0 4919aacb5ea0 8 days ago 562MB 10.0.0.10/janzen/centos7 latest b9d392225b3e 10 days ago 529MB 10.0.0.10/janzen/centos7 v1.0 b9d392225b3e 10 days ago 529MB janzen/centos7 v1.0 b9d392225b3e 10 days ago 529MB mysql latest 8189e588b0e8 2 weeks ago 564MB busybox 1.36 7cfbbec8963d 6 weeks ago 4.86MB busybox 1.35.0 a711f05d3384 16 months ago 1.24MB busybox latest beae173ccac6 16 months ago 1.24MB nginx latest 605c77e624dd 16 months ago 141MB redis latest 7614ae9453d1 16 months ago 113MB alpine latest c059bfaa849c 17 months ago 5.59MB redis 5.0.14-alpine3.14 2089be2db78e 17 months ago 29.4MB ubuntu 18.04 5a214d77f5d7 19 months ago 63.1MB hello-world latest feb5d9fea6a5 19 months ago 13.3kB centos 7 eeb6ee3f44bd 19 months ago 204MB [root@Docker-Ubu1804-p11:~]# docker tag janzen/nginx-centos7:1.20.1-v2.0 10.0.0.10/janzen/nginx-centos7:1.20.1-v2.0 [root@Docker-Ubu1804-p11:~]# docker tag janzen/nginx-centos7:1.20.1-v2.0 10.0.0.10/janzen/nginx-centos7 [root@Docker-Ubu1804-p11:~]# docker push 10.0.0.10/janzen/nginx-centos7 The push refers to repository [10.0.0.10/janzen/nginx-centos7] b82538224854: Pushed 174f56854903: Mounted from janzen/centos7 1.20.1-v2.0: digest: sha256:36213ec0d340a5c174e8e7811de648044034dd7ec6a2511a6eadde9d4ac18e37 size: 742 b82538224854: Layer already exists 174f56854903: Layer already exists latest: digest: sha256:36213ec0d340a5c174e8e7811de648044034dd7ec6a2511a6eadde9d4ac18e37 size: 742 [root@Docker-Ubu1804-p11:~]# docker push 10.0.0.10/janzen/nginx-centos7:1.20.1-v2.0 The push refers to repository [10.0.0.10/janzen/nginx-centos7] b82538224854: Layer already exists 174f56854903: Layer already exists 1.20.1-v2.0: digest: sha256:36213ec0d340a5c174e8e7811de648044034dd7ec6a2511a6eadde9d4ac18e37 size: 742
查看Harbor10上的项目内容
查看Harbor09上的项目内容
6、在Harbor10上重复 1-4 操作,并添加基于事件的push策略,实现双向同步
[root@Docker-Ubu1804-p11:~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE janzen/app1 latest f65a9531bfc7 8 days ago 572MB janzen/app1 v3.0 f65a9531bfc7 8 days ago 572MB 10.0.0.10/janzen/nginx-centos7 1.20.1-v2.0 4919aacb5ea0 8 days ago 562MB 10.0.0.10/janzen/nginx-centos7 latest 4919aacb5ea0 8 days ago 562MB janzen/nginx-centos7 1.20.1-v2.0 4919aacb5ea0 8 days ago 562MB 10.0.0.10/janzen/centos7 latest b9d392225b3e 10 days ago 529MB 10.0.0.10/janzen/centos7 v1.0 b9d392225b3e 10 days ago 529MB janzen/centos7 v1.0 b9d392225b3e 10 days ago 529MB mysql latest 8189e588b0e8 2 weeks ago 564MB busybox 1.36 7cfbbec8963d 6 weeks ago 4.86MB busybox 1.35.0 a711f05d3384 16 months ago 1.24MB busybox latest beae173ccac6 16 months ago 1.24MB nginx latest 605c77e624dd 16 months ago 141MB redis latest 7614ae9453d1 16 months ago 113MB alpine latest c059bfaa849c 17 months ago 5.59MB redis 5.0.14-alpine3.14 2089be2db78e 17 months ago 29.4MB ubuntu 18.04 5a214d77f5d7 19 months ago 63.1MB hello-world latest feb5d9fea6a5 19 months ago 13.3kB centos 7 eeb6ee3f44bd 19 months ago 204MB [root@Docker-Ubu1804-p11:~]# docker tag janzen/app1:v3.0 10.0.0.9/janzen/app1:v3.0 [root@Docker-Ubu1804-p11:~]# docker tag janzen/app1:v3.0 10.0.0.9/janzen/app1 [root@Docker-Ubu1804-p11:~]# docker push 10.0.0.9/janzen/app1 The push refers to repository [10.0.0.9/janzen/app1] f04a4d2ea341: Layer already exists 188c1c5e9297: Layer already exists b82538224854: Layer already exists 174f56854903: Layer already exists latest: digest: sha256:c2ff655ee6b16bf088a522ad0868067a6be61167d75b37664d9bc34bf6b3e2ea size: 1161 f04a4d2ea341: Layer already exists 188c1c5e9297: Layer already exists b82538224854: Layer already exists 174f56854903: Layer already exists v3.0: digest: sha256:c2ff655ee6b16bf088a522ad0868067a6be61167d75b37664d9bc34bf6b3e2ea size: 1161 [root@Docker-Ubu1804-p11:~]# docker push 10.0.0.9/janzen/app1:v3.0 The push refers to repository [10.0.0.9/janzen/app1] f04a4d2ea341: Layer already exists 188c1c5e9297: Layer already exists b82538224854: Layer already exists 174f56854903: Layer already exists v3.0: digest: sha256:c2ff655ee6b16bf088a522ad0868067a6be61167d75b37664d9bc34bf6b3e2ea size: 1161 [root@Docker-Ubu1804-p11:~]#
六、Harbor 安全之https配置
官方配置HTTPS文档:https://goharbor.io/docs/2.8.0/install-config/configure-https/
1、生成CA证书,并给Harbor主机颁发证书
#创建存放私钥和证书的目录 [root@Harbor-Ubu1804-9:~]# mkdir /apps/harbor/certs [root@Harbor-Ubu1804-9:~]# cd /apps/harbor/certs/ #生成CA证书 [root@Harbor-Ubu1804-9:/apps/harbor/certs]# openssl req -newkey rsa:4096 -nodes -sha256 -keyout ca.key -x509 -subj "/CN=ca.janzen.com" -days 365 -out ca.crt Can't load /root/.rnd into RNG 139892179550656:error:2406F079:random number generator:RAND_load_file:Cannot open file:../crypto/rand/randfile.c:88:Filename=/root/.rnd Generating a RSA private key .............................................................................................................................................................................................................++++ ...................++++ writing new private key to 'ca.key' -----
#生成Harbor证书申请 [root@Harbor-Ubu1804-9:/apps/harbor/certs]# openssl req -newkey rsa:4096 -nodes -sha256 -keyout harbor.janzen.com.key -subj "/CN=harbor.janzen.com" -out harbor.janzen.com.csr Can't load /root/.rnd into RNG 140464486539712:error:2406F079:random number generator:RAND_load_file:Cannot open file:../crypto/rand/randfile.c:88:Filename=/root/.rnd Generating a RSA private key .................................................................................................................................++++ ......................................................................................++++ writing new private key to 'harbor.janzen.com.key' ----- #给Harbor颁发证书 [root@Harbor-Ubu1804-9:/apps/harbor/certs]# openssl x509 -req -in harbor.janzen.com.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out harbor.janzen.com.crt Signature ok subject=CN = harbor.janzen.com Getting CA Private Key [root@Harbor-Ubu1804-9:/apps/harbor/certs]# tree /apps/harbor/certs/ /apps/harbor/certs/ ├── ca.crt ├── ca.key ├── ca.srl ├── harbor.janzen.com.crt ├── harbor.janzen.com.csr └── harbor.janzen.com.key 0 directories, 6 files
#配置x509 v3 版本的 SAN证书 [root@Harbor-Ubu1804-9:/apps/harbor/certs]# cat > v3.ext <<-EOF authorityKeyIdentifier=keyid,issuer basicConstraints=CA:FALSE keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment extendedKeyUsage = serverAuth subjectAltName = @alt_names [alt_names] DNS.1=janzen.com DNS.2=harbor.janzen.com EOF [root@Harbor-Ubu1804-9:/apps/harbor/certs]# openssl x509 -req -extfile v3.ext -in harbor.janzen.com.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out harbor.janzen.com.crt Signature ok subject=CN = harbor.janzen.com Getting CA Private Key
2、配置Harbor启用HTTPS
#修改Harbor配置文件 [root@Harbor-Ubu1804-9:~]# vim /apps/harbor/harbor.yml
hostname: harbor.janzen.com https: # https port for harbor, default is 443 port: 443 # The path of cert and key files for nginx certificate: /apps/harbor/certs/harbor.janzen.com.crt private_key: /apps/harbor/certs/harbor.janzen.com.key #停用Harbor服务(针对已安装Harbor,未安装情况下直接执行安装即可) [root@Harbor-Ubu1804-9:~]# docker-compose -f /apps/harbor/docker-compose.yml down /usr/local/lib/python3.6/dist-packages/paramiko/transport.py:32: CryptographyDeprecationWarning: Python 3.6 is no longer supported by the Python core team. Therefore, support for it is deprecated in cryptography. The next release of cryptography will remove support for Python 3.6. from cryptography.hazmat.backends import default_backend Stopping harbor-jobservice ... done Stopping nginx ... done Stopping harbor-core ... done Stopping registry ... done Stopping redis ... done Stopping harbor-db ... done Stopping registryctl ... done Stopping harbor-portal ... done Stopping harbor-log ... done Removing harbor-jobservice ... done Removing nginx ... done Removing harbor-core ... done Removing registry ... done Removing redis ... done Removing harbor-db ... done Removing registryctl ... done Removing harbor-portal ... done Removing harbor-log ... done Removing network harbor_harbor #执行配置更新 [root@Harbor-Ubu1804-9:~]# /apps/harbor/prepare prepare base dir is set to /apps/harbor Clearing the configuration file: /config/registryctl/env Clearing the configuration file: /config/registryctl/config.yml Clearing the configuration file: /config/core/app.conf Clearing the configuration file: /config/core/env Clearing the configuration file: /config/portal/nginx.conf Clearing the configuration file: /config/log/rsyslog_docker.conf Clearing the configuration file: /config/log/logrotate.conf Clearing the configuration file: /config/registry/passwd Clearing the configuration file: /config/registry/config.yml Clearing the configuration file: /config/registry/root.crt Clearing the configuration file: /config/jobservice/env Clearing the configuration file: /config/jobservice/config.yml Clearing the configuration file: /config/nginx/nginx.conf Clearing the configuration file: /config/db/env Generated configuration file: /config/portal/nginx.conf Generated configuration file: /config/log/logrotate.conf Generated configuration file: /config/log/rsyslog_docker.conf Generated configuration file: /config/nginx/nginx.conf Generated configuration file: /config/core/env Generated configuration file: /config/core/app.conf Generated configuration file: /config/registry/config.yml Generated configuration file: /config/registryctl/env Generated configuration file: /config/registryctl/config.yml Generated configuration file: /config/db/env Generated configuration file: /config/jobservice/env Generated configuration file: /config/jobservice/config.yml loaded secret from file: /data/secret/keys/secretkey Generated configuration file: /compose_location/docker-compose.yml Clean up the input dir #重新启动Harbor服务 [root@Harbor-Ubu1804-9:~]# docker-compose -f /apps/harbor/docker-compose.yml up -d /usr/local/lib/python3.6/dist-packages/paramiko/transport.py:32: CryptographyDeprecationWarning: Python 3.6 is no longer supported by the Python core team. Therefore, support for it is deprecated in cryptography. The next release of cryptography will remove support for Python 3.6. from cryptography.hazmat.backends import default_backend Creating network "harbor_harbor" with the default driver Creating harbor-log ... done Creating registryctl ... done Creating redis ... done Creating harbor-portal ... done Creating registry ... done Creating harbor-db ... done Creating harbor-core ... done Creating harbor-jobservice ... done Creating nginx ... done
3、客户端下载CA证书
#未使用x509 v3 版本证书出现以下报错 [root@Docker-Ubu1804-p11:~]# docker login haobor.janzen.com Authenticating with existing credentials... Login did not succeed, error: Error response from daemon: Get "https://harbor.janzen.com/v2/": x509: cannot validate certificate for harbor.janzen.com because it doesn't contain any IP SANs Username (admin): admin Password: Error response from daemon: Get "https://harbor.janzen.com/v2/": x509: cannot validate certificate for harbor.janzen.com because it doesn't contain any SANs
#客户端未配置证书,出现以下报错 [root@Docker-Ubu1804-p11:~]# docker login harbor.janzen.com Authenticating with existing credentials... Login did not succeed, error: Error response from daemon: Get "https://harbor.janzen.com/v2/": x509: certificate signed by unknown authority Username (admin): admin Password: Error response from daemon: Get "https://harbor.janzen.com/v2/": x509: certificate signed by unknown authority
#在客户端下载之前生成的CA证书
[root@Docker-Ubu1804-p11:~]# mkdir -pv /etc/docker/certs.d/harbor.janzen.com/ mkdir: created directory '/etc/docker/certs.d' mkdir: created directory '/etc/docker/certs.d/harbor.janzen.com/' [root@Docker-Ubu1804-p11:~]# scp -r 10.0.0.9:/apps/harbor/certs/ca.crt /etc/docker/certs.d/harbor.janzen.com/ca.crt root@10.0.0.9's password: ca.crt
[root@Docker-Ubu1804-p11:~]# docker login harbor.janzen.com Username: admin Password: WARNING! Your password will be stored unencrypted in /root/.docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store Login Succeeded
4、浏览器通过 https 协议访问 Harbor站点 
5、客户端使用 https 协议上传和下载镜像
#拉取镜像
[root@Docker-Ubu1804-p11:~]# docker pull harbor.janzen.com/janzen/centos7
Using default tag: latest
latest: Pulling from janzen/centos7
2d473b07cdd5: Pull complete
b0ed90275bd0: Pull complete
Digest: sha256:c77e9270bf47f226ddb76d00a6abf1c645c165efc18121a648279a4c9ae4443e
Status: Downloaded newer image for harbor.janzen.com/janzen/centos7:latest
harbor.janzen.com/janzen/centos7:latest
[root@Docker-Ubu1804-p11:~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
harbor.janzen.com/janzen/centos7 latest f3ad589cce4c 30 hours ago 289MB
Successfully built 1a1060e6ff30
Successfully tagged harbor.janzen.com/janzen/centos7:v1.3
Tag Image successd
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
#镜像打包并上传
[root@Docker-Ubu1804-p11:/images/system/centos]# image_push
:latest not exist,if you want build image Please Usage /usr/bin/image_push -b [IMAGE] <TAG:-latest>
/usr/bin/image_push <OPTIONS> [IMAGE] <TAG:-latest>
<OPTIONS>:
-h show this page
-b build image from .DockerFile, default; false
-i <HostIP> set host ip, default: 10.0.0.9
-u <UserNmae> set username, default: admin
-p <UserPasswd> set password, default: janzen
-r <registry> registry, default: janzen
[root@Docker-Ubu1804-p11:/images/system/centos]# image_push -b -i harbor.janzen.com centos7 v1.3
Login Succeeded
The push refers to repository [harbor.janzen.com/janzen/centos7]
89022798c4bb: Pushed
174f56854903: Layer already exists
v1.3: digest: sha256:53b65e68f90a0564704a9c3c6ef2ab435ad45e6495c21eefedf1eefa160960b0 size: 742
push harbor.janzen.com/janzen/centos7:v1.3 to harbor.janzen.com successed
