跳转至

Harbor/registry镜像仓库部署

一 Harbor部署

1.1 安装docker

yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum install -y docker-ce yum-utils device-mapper-persistent-data lvm2
systemctl start docker

cat > /etc/docker/daemon.json << EOF
{
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
}
}
EOF

systemctl enable docker

1.2 安装docker-compose

systemctl enable docker

// 安装docker-compose
wget https://github.com/docker/compose/releases/download/1.29.2/docker-compose-Linux-x86_64
chmod +x docker-compose-Linux-x86_64
mv docker-compose-Linux-x86_64 docker-compose
mv docker-compose /usr/bin

1.3 下载harbor

进入harbor目录,修改harbor.yml配置文件,软件自带有一个tmpl的模板文件,可以通过复制此文件进行编辑。

wget https://github.com/goharbor/harbor/releases/download/v2.2.2/harbor-offline-installer-v2.2.2.tgz
tar -zxf harbor-offline-installer-v2.2.2.tgz
cd harbor
cp harbor.yml.tmpl harbor.yml

vim harbor.yml

# 修改完成后进行安装
./install.sh

1.4 停止和启动

因为Harbor是基于docker-compose服务编排的,所以通过 docker-compose启动或者关闭Harbor

docker-compose down

docker-compose up -d

二 registry

docker hub 公共镜像中有 registry 的镜像,直接从docker hub拉取。此操作在192.168.1.201上执行

mkdir /registry
docker run -p 5000:5000  --restart=always --name registry -v /registry/:/var/lib/registry -d registry

[root@img-tools registry]# docker pull centos:latest
[root@img-tools registry]# docker tag centos:latest 127.0.0.1:5000/mycentos:latest
[root@img-tools registry]# docker push 127.0.0.1:5000/mycentos:latest
The push refers to repository [127.0.0.1:5000/mycentos]
2653d992f4ef: Pushed
latest: digest: sha256:dbbacecc49b088458781c16f3775f2a2ec7521079034a7ba499c8b0bb7f86875 size: 529
[root@img-tools registry]# curl -X GET http://127.0.0.1:5000/v2/_catalog -k
{"repositories":["mycentos"]}

// 查看获取到镜像的Digest
[root@img-tools harbor]# curl -I -H "Accept: application/vnd.docker.distribution.manifest.v2+json" localhost:5000/v2/mycentos/manifests/latest
HTTP/1.1 200 OK
Content-Length: 529
Content-Type: application/vnd.docker.distribution.manifest.v2+json
Docker-Content-Digest: sha256:dbbacecc49b088458781c16f3775f2a2ec7521079034a7ba499c8b0bb7f86875
Docker-Distribution-Api-Version: registry/2.0
Etag: "sha256:dbbacecc49b088458781c16f3775f2a2ec7521079034a7ba499c8b0bb7f86875"
X-Content-Type-Options: nosniff
Date: Fri, 11 Jun 2021 09:15:55 GMT

// 查看宿主机信息

[root@img-tools ~]# tree /registry/docker/
/registry/docker/
└── registry
    └── v2
        ├── blobs
           └── sha256
               ├── 30
                  └── 300e315adb2f96afe5f0b2780b87f28ae95231fe3bdd1e16b9ba606307728f55
                      └── data
               ├── 7a
                  └── 7a0437f04f83f084b7ed68ad9c4a4947e12fc4e1b006b38129bac89114ec3621
                      └── data
               └── db
                   └── dbbacecc49b088458781c16f3775f2a2ec7521079034a7ba499c8b0bb7f86875
                       └── data
        └── repositories
            └── mycentos
                ├── _layers
                   └── sha256
                       ├── 300e315adb2f96afe5f0b2780b87f28ae95231fe3bdd1e16b9ba606307728f55
                          └── link
                       └── 7a0437f04f83f084b7ed68ad9c4a4947e12fc4e1b006b38129bac89114ec3621
                           └── link
                ├── _manifests
                   ├── revisions
                      └── sha256
                          └── dbbacecc49b088458781c16f3775f2a2ec7521079034a7ba499c8b0bb7f86875
                              └── link
                   └── tags
                       └── latest
                           ├── current
                              └── link
                           └── index
                               └── sha256
                                   └── dbbacecc49b088458781c16f3775f2a2ec7521079034a7ba499c8b0bb7f86875
                                       └── link
                └── _uploads

27 directories, 8 files


[root@img-tools registry]# curl -X GET http://127.0.0.1:5000/v2/_catalog -k
{"repositories":["mycentos"]}
[root@img-tools registry]# curl -X GET http://127.0.0.1:5000/v2/mycentos/tags/list
{"name":"mycentos","tags":["latest"]}



# 启用证书
mkdir -p /opt/docker/registry/certs
openssl req -newkey rsa:4096 -nodes -sha256 -keyout /opt/docker/registry/certs/domain.key -x509 -days 365 -out /opt/docker/registry/certs/domain.crt

[root@img-tools imgtools]# ll /opt/docker/registry/certs/
总用量 8
-rw-r--r-- 1 root root 2090 6月  11 18:10 domain.crt
-rw-r--r-- 1 root root 3272 6月  11 18:10 domain.key


docker run -p 5000:5000 --restart=always --name myregistry -v /registry/:/var/lib/registry -v /opt/docker/registry/certs:/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key -d registry


# 进行测试
[root@img-tools registry]# curl -X GET https://registryxl.com:5000/v2/mycentos/tags/list -k
{"name":"mycentos","tags":["latest"]}


# 添加基本验证
mkdir /opt/docker/registry/auth/
[root@img-tools registry]# htpasswd -Bbn admin admin > /opt/docker/registry/auth/htpasswd
[root@img-tools registry]# cat /opt/docker/registry/auth/htpasswd
admin:$2y$05$7Jy0VmD3I3HDBczRBgcoa.A8Kz4rxdtlM5lx5GrHdCSDk.DrSnUXO


启动带认证的 Docker Registry
REGISTRY_AUTH=htpasswd # 以 htpasswd 的方式认证
REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm # 注册认证
REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd # 认证的用户密码

# 启动 带不可信证书,待用户认证
docker run -p 5000:5000 --restart=always --name myregistry -v /registry/:/var/lib/registry -v /opt/docker/registry/certs:/certs -v /opt/docker/registry/auth/:/auth/ -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e "REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd"  -d registry


# 不带https,仅待用户认证
docker run -p 5000:5000 --restart=always --name myregistry -v /registry/:/var/lib/registry -v /opt/docker/registry/auth/:/auth/  -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e "REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd"  -d registry

# 不安全,
[root@img-tools ~]# curl -X GET registryxl.com:5000/v2/_catalog -uadmin
Enter host password for user 'admin':
{"repositories":["mycentos"]}


[root@img-tools registry]# docker login https://registryxl.com:5000
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded



[root@img-tools ~]# curl -X GET https://registryxl.com:5000/v2/_catalog -u admin -k
Enter host password for user 'admin':
{"repositories":["mycentos"]}

参考链接