标签:core compose syslog Harbor cap harbor docker config
文章目录
一、安装docker-compose 工具
github地址:https://github.com/docker/compose/releases/tag/1.25.3
在linux终端执行如下命令:
curl -L https://github.com/docker/compose/releases/download/1.25.3/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
安装成功后,检验docker-compose版本:
docker-compose -v
二、安装Harbor
1. 从github上获取要安装的Harbor版本
https://github.com/goharbor/harbor/releases
可以直接使用wget 工具拉取 1.7.0的线下版本的。
wget https://storage.googleapis.com/harbor-releases/release-1.7.0/harbor-offline-installer-v1.7.4.tgz
下载完成后,在本目录就能看到安装包:
解压安装包:
tar zxf harbor-offline-installer-v1.7.4.tgz
解压成功后,我们只需要在配置文件中harbor.cfg 中修改hostname即可,修改成本机的ip地址。
切换至 Harbor目录,执行 ./install.sh命令
2. 编辑docker的主配置文件docker.service文件
centos查看docker的主配置文件的默认路径:
cat /usr/lib/systemd/system/docker.service
ubuntu 查看docker的主配置文件的默认路径:
cat /lib/systemd/system/docker.service
vim docker.service在 ExecStart 后面添加--insecure-registry 116.62.146.90
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --insrcure-registry 116.62.146.90
重新加载配置后,重启docker:
~# systemctl daemon-reload
~# service docker restart
启动成功后,切换到Harbor的安装目录,执行命令, 使用docker-compose 启动Harbor:
docker-compose start
完整启动后,应包有以下镜像:
启动成功后,访问ip地址即可!
停止命令, 在Harbor的安装目录执行:
docker-compose stop
3. docker-compose.yml
安装好Harbor后,可以发现根目录下的docker-compose.yml,里面配置了 搭建Harbor需要的所有工具, 主要包含如下模块和工具: nginx、harbor-jobservice、 harbor-portal、harbor-core、registry、registryctl、redis、 harbor-db、 harbor-log。
version: '2'
services:
log:
image: goharbor/harbor-log:v1.7.4
container_name: harbor-log
restart: always
dns_search: .
cap_drop:
- ALL
cap_add:
- CHOWN
- DAC_OVERRIDE
- SETGID
- SETUID
volumes:
- /var/log/harbor/:/var/log/docker/:z
- ./common/config/log/:/etc/logrotate.d/:z
ports:
- 127.0.0.1:1514:10514
networks:
- harbor
registry:
image: goharbor/registry-photon:v2.6.2-v1.7.4
container_name: registry
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
volumes:
- /data/registry:/storage:z
- ./common/config/registry/:/etc/registry/:z
- ./common/config/custom-ca-bundle.crt:/harbor_cust_cert/custom-ca-bundle.crt:z
networks:
- harbor
dns_search: .
depends_on:
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "registry"
registryctl:
image: goharbor/harbor-registryctl:v1.7.4
container_name: registryctl
env_file:
- ./common/config/registryctl/env
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
volumes:
- /data/registry:/storage:z
- ./common/config/registry/:/etc/registry/:z
- ./common/config/registryctl/config.yml:/etc/registryctl/config.yml:z
networks:
- harbor
dns_search: .
depends_on:
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "registryctl"
postgresql:
image: goharbor/harbor-db:v1.7.4
container_name: harbor-db
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- DAC_OVERRIDE
- SETGID
- SETUID
volumes:
- /data/database:/var/lib/postgresql/data:z
networks:
- harbor
dns_search: .
env_file:
- ./common/config/db/env
depends_on:
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "postgresql"
adminserver:
image: goharbor/harbor-adminserver:v1.7.4
container_name: harbor-adminserver
env_file:
- ./common/config/adminserver/env
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
volumes:
- /data/config/:/etc/adminserver/config/:z
- /data/secretkey:/etc/adminserver/key:z
- /data/:/data/:z
networks:
- harbor
dns_search: .
depends_on:
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "adminserver"
core:
image: goharbor/harbor-core:v1.7.4
container_name: harbor-core
env_file:
- ./common/config/core/env
restart: always
cap_drop:
- ALL
cap_add:
- SETGID
- SETUID
volumes:
- ./common/config/core/app.conf:/etc/core/app.conf:z
- ./common/config/core/private_key.pem:/etc/core/private_key.pem:z
- ./common/config/core/certificates/:/etc/core/certificates/:z
- /data/secretkey:/etc/core/key:z
- /data/ca_download/:/etc/core/ca/:z
- /data/psc/:/etc/core/token/:z
- /data/:/data/:z
networks:
- harbor
dns_search: .
depends_on:
- log
- adminserver
- registry
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "core"
portal:
image: goharbor/harbor-portal:v1.7.4
container_name: harbor-portal
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
- NET_BIND_SERVICE
networks:
- harbor
dns_search: .
depends_on:
- log
- core
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "portal"
jobservice:
image: goharbor/harbor-jobservice:v1.7.4
container_name: harbor-jobservice
env_file:
- ./common/config/jobservice/env
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
volumes:
- /data/job_logs:/var/log/jobs:z
- ./common/config/jobservice/config.yml:/etc/jobservice/config.yml:z
networks:
- harbor
dns_search: .
depends_on:
- redis
- core
- adminserver
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "jobservice"
redis:
image: goharbor/redis-photon:v1.7.4
container_name: redis
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
volumes:
- /data/redis:/var/lib/redis
networks:
- harbor
dns_search: .
depends_on:
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "redis"
proxy:
image: goharbor/nginx-photon:v1.7.4
container_name: nginx
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
- NET_BIND_SERVICE
volumes:
- ./common/config/nginx:/etc/nginx:z
networks:
- harbor
dns_search: .
ports:
- 80:80
- 443:443
- 4443:4443
depends_on:
- postgresql
- registry
- core
- portal
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "proxy"
networks:
harbor:
external: false
三、使用Harbor仓库管理镜像
1. 配置私有仓库
安装好Harbor后,我们接下来就可以配置Harbor镜像仓库
2. 访问搭好的私有仓库
有可能在登录的时候出现警告提示,登录不上的问题:WARNING! Using --password via the CLI is insecure. Use --password-stdin.
因为docker registry 默认的交互式 Https协议的,解决方法只需要在docker.service主配置文件中添加一行命令--insecure-registry 116.62.146.90
注: --in一定要在 --containerd 后面添加。
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --insecure-registry 116.62.146.90
登录远程仓库:
docker login -u admin -p Harbor12345 116.62.146.90
标签:core,compose,syslog,Harbor,cap,harbor,docker,config 来源: https://blog.csdn.net/qq_33036061/article/details/115293724
本站声明: 1. iCode9 技术分享网(下文简称本站)提供的所有内容,仅供技术学习、探讨和分享; 2. 关于本站的所有留言、评论、转载及引用,纯属内容发起人的个人观点,与本站观点和立场无关; 3. 关于本站的所有言论和文字,纯属内容发起人的个人观点,与本站观点和立场无关; 4. 本站文章均是网友提供,不完全保证技术分享内容的完整性、准确性、时效性、风险性和版权归属;如您发现该文章侵犯了您的权益,可联系我们第一时间进行删除; 5. 本站为非盈利性的个人网站,所有内容不会用来进行牟利,也不会利用任何形式的广告来间接获益,纯粹是为了广大技术爱好者提供技术内容和技术思想的分享性交流网站。