podman加速器配置,harbor镜像仓库部署
Docker加速器
registries加速器
[root@localhost ~]# cat /etc/redhat-release
CentOS Stream release 8
[root@localhost ~]# cd /etc/containers/
[root@localhost containers]# ls
certs.d policy.json registries.conf.d storage.conf
oci registries.conf registries.d
[root@localhost containers]# vim registries.conf22 unqualified-search-registries = ["docker.io"]23 24 [[registry]]25 prefix="docker.io" // 表示去哪里拉26 location="l9h8fu9j.mirror.aliyuncs.com" // 加速器的位置27 28 # [[registry]][root@localhost ~]# podman pull nginx
Resolving "nginx" using unqualified-search registries (/etc/containers/registries.conf)
Trying to pull docker.io/library/nginx:latest...
Getting image source signatures
Copying blob ed835de16acd done
Copying blob 881ff011f1c9 done
Copying blob 44be98c0fab6 done
Copying blob 21e0df283cd6 done
Copying blob e5ae68f74026 done
Copying blob 77700c52c969 done
Copying config f652ca386e done
Writing manifest to image destination
Storing signatures
f652ca386ed135a4cbe356333e08ef0816f81b2ac8d0619af01e2b256837ed3e
[root@localhost ~]# podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/library/nginx latest f652ca386ed1 13 days ago 146 MB
Harbor部署
harbor官方文档(https://github.com/goharbor/harbor).
[root@localhost ~]# cd /etc/yum.repos.d/
[root@localhost yum.repos.d]# ls
CentOS-Stream-AppStream.repo CentOS-Stream-HighAvailability.repo
CentOS-Stream-BaseOS.repo CentOS-Stream-Media.repo
CentOS-Stream-Debuginfo.repo CentOS-Stream-PowerTools.repo
CentOS-Stream-Extras.repo CentOS-Stream-RealTime.repo
[root@localhost yum.repos.d]# curl -o docker-ce.repo https://mirrors.tuna.tsinghua.edu.cn/docker-ce/linux/centos/docker-ce.repo% Total % Received % Xferd Average Speed Time Time Time CurrentDload Upload Total Spent Left Speed0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:- 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:- 0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:- 0 0 0 0 0 0 0 0 --:--:-- 0:00:02 --:-100 1919 100 1919 0 0 551 0 0:00:03 0:00:03 --:-100 1919 100 1919 0 0 551 0 0:00:03 0:00:03 --:--:-- 550
[root@localhost yum.repos.d]# ls
CentOS-Stream-AppStream.repo CentOS-Stream-Media.repo
CentOS-Stream-BaseOS.repo CentOS-Stream-PowerTools.repo
CentOS-Stream-Debuginfo.repo CentOS-Stream-RealTime.repo
CentOS-Stream-Extras.repo docker-ce.repo
CentOS-Stream-HighAvailability.repo
[root@localhost yum.repos.d]# sed -i 's@https://download.docker.com@https://mirrors.tuna.tsinghua.edu.cn/docker-ce@g' docker-ce.repo
[root@localhost yum.repos.d]# yum clean all
21 文件已删除
[root@localhost yum.repos.d]# yum8 makecache
CentOS Stream 8 - AppStream 1.1 MB/s | 18 MB 00:16
CentOS Stream 8 - BaseOS 1.4 MB/s | 16 MB 00:11
CentOS Stream 8 - Extras 16 kB/s | 16 kB 00:00
Docker CE Stable - x86_64 24 kB/s | 19 kB 00:00
元数据缓存已建立。// 安装docker
[root@localhost ~]# dnf -y install docker-ce// 运行此命令以下载Docker Compose的当前稳定版本:
[root@localhost ~]# curl -L --fail https://github.com/docker/compose/releases/download/1.29.2/run.sh -o /usr/local/bin/docker-compose
[root@localhost ~]# ll /usr/local/bin/
总用量 4
-rw-r--r--. 1 root root 2585 12月 15 21:47 docker-compose
[root@localhost ~]# chmod +x /usr/local/bin/docker-compose
[root@localhost ~]# which docker-compose
/usr/local/bin/docker-compose
[root@localhost ~]# echo $PATH
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin// 上传harbor安装包并解压,然后修改配置文件
[root@localhost ~]# cd /usr/src/
[root@localhost src]# ls
debug harbor-offline-installer-v2.3.5.tgz kernels
[root@localhost src]# ls /usr/local/
bin etc games include lib lib64 libexec sbin share src
[root@localhost src]# tar xf harbor-offline-installer-v2.3.5.tgz -C /usr/local/
[root@localhost src]# ls /usr/local/
bin games include lib64 sbin src
etc harbor lib libexec share
[root@localhost src]# cd /usr/local/harbor/
[root@localhost harbor]# ls
common.sh harbor.yml.tmpl LICENSE
harbor.v2.3.5.tar.gz install.sh prepare
[root@localhost harbor]# cp harbor.yml.tmpl harbor.yml
[root@localhost harbor]# ls
common.sh harbor.yml install.sh prepare
harbor.v2.3.5.tar.gz harbor.yml.tmpl LICENSE// 本机添加域名解析
[root@registry ~]# hostname
registry.example.com
[root@registry ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.35.135 registry.example.com // 客户端添加域名解析
[root@localhost ~]# yum -y install docker-ce[root@localhost ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.35.135 registry.example.com// 检查是否能ping通
[root@localhost ~]# ping registry.example.com
PING registry.example.com (192.168.35.135) 56(84) bytes of data.
64 bytes from registry.example.com (192.168.35.135): icmp_seq=1 ttl=64 time=0.722 ms
64 bytes from registry.example.com (192.168.35.135): icmp_seq=2 ttl=64 time=0.481 ms
64 bytes from registry.example.com (192.168.35.135): icmp_seq=3 ttl=64 time=0.522 ms
^Z
[1]+ 已停止 ping registry.example.com// 把hostname改成当前主机的域名
[root@localhost harbor]# vim harbor.yml
....... 此处省略多行5 hostname: registry.example.com
.......此处省略多行
// 这里因为我们没有证书所以把它注释掉,如果你有证书,把证书的位置写上去就可以了13 #https:14 # https port for harbor, default is 44315 # port: 44316 # The path of cert and key files for nginx17 # certificate: /your/certificate/path18 # private_key: /your/private/key/path
........此处省略多行34 harbor_admin_password: Harbor12345 // 管理员的密码,这个是登录harbor网页的密码35 36 # Harbor DB configuration37 database: // 数据库38 # The password for the root user of Harbor DB. Change this bef ore any production use.39 password: root123 // 数据库密码40 # The maximum number of connections in the idle connection poo l. If it <=0, no idle connections are retained.41 max_idle_conns: 100 // 最大的空闲连接数100个42 # The maximum number of open connections to the database. If i t <= 0, then there is no limit on the number of open connections .43 # Note: the default number of connections is 1024 for postgres of harbor.44 max_open_conns: 900 // 最大的打开连接数是900个45 46 # The default data volume47 data_volume: /data // 数据存放位置;如果说是自己搭建仓库的话,就要放到一个共享存储的挂载点上去
........此处省略多行
118 rotate_size: 200M // 日志滚动,当日志超过200M就滚动一次,一个日志文件最多200M
.........此处省略多行// 关闭防火墙和selinux
[root@registry ~]# cat /etc/selinux/config # This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted[root@registry ~]# systemctl disable --now firewalld
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@registry ~]# setenforce 0// 执行install安装
[root@localhost harbor]# ./install.sh
........此处省略多行
[Step 5]: starting Harbor ...
Creating network "harbor_harbor" with the default driver
Creating harbor-log ... done
Creating registryctl ... done
Creating redis ... done
Creating harbor-portal ... done
Creating harbor-db ... done
Creating registry ... done
Creating harbor-core ... done
Creating nginx ... done
Creating harbor-jobservice ... done
✔ ----Harbor has been installed and started successfully.----[root@localhost harbor]# systemctl enable --now docker
Created symlink /etc/systemd/system/multi-user.target.wants/docker.service → /usr/lib/systemd/system/docker.service.// 查看镜像
[root@registry ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
goharbor/harbor-exporter v2.3.5 1730c6f650e2 5 days ago 81.9MB
goharbor/chartmuseum-photon v2.3.5 47004f032938 5 days ago 179MB
goharbor/redis-photon v2.3.5 3d0cedc89a0d 5 days ago 156MB
goharbor/trivy-adapter-photon v2.3.5 5c0212e98070 5 days ago 133MB
goharbor/notary-server-photon v2.3.5 f20a76c65359 5 days ago 111MB
goharbor/notary-signer-photon v2.3.5 b9fa38eef4d7 5 days ago 108MB
goharbor/harbor-registryctl v2.3.5 7a52567a76ca 5 days ago 133MB
goharbor/registry-photon v2.3.5 cf22d3e386b8 5 days ago 82.6MB
goharbor/nginx-photon v2.3.5 5e3b6d9ce11a 5 days ago 45.7MB
goharbor/harbor-log v2.3.5 a03e4bc963d6 5 days ago 160MB
goharbor/harbor-jobservice v2.3.5 2ac32df5a2e0 5 days ago 211MB
goharbor/harbor-core v2.3.5 23baee01156f 5 days ago 193MB
goharbor/harbor-portal v2.3.5 bb545cdedf5a 5 days ago 58.9MB
goharbor/harbor-db v2.3.5 9826c57a5749 5 days ago 221MB
goharbor/prepare v2.3.5 a1ceaabe47b2 5 days ago 255MB
docker/compose 1.29.2 32d8a4638cd8 7 months ago 76.2MB// 查看所有容器
[root@registry ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ca44feb62716 goharbor/nginx-photon:v2.3.5 "nginx -g 'daemon of…" 8 minutes ago Up 8 minutes (unhealthy) 0.0.0.0:80->8080/tcp, :::80->8080/tcp nginx
bf8c8b306fbc goharbor/harbor-jobservice:v2.3.5 "/harbor/entrypoint.…" 8 minutes ago Up 8 minutes (unhealthy) harbor-jobservice
e04652ae7b14 goharbor/harbor-core:v2.3.5 "/harbor/entrypoint.…" 8 minutes ago Up 8 minutes (unhealthy) harbor-core
ae35ac65a7e0 goharbor/harbor-db:v2.3.5 "/docker-entrypoint.…" 8 minutes ago Up 8 minutes (healthy) harbor-db
374d1fc61f23 goharbor/registry-photon:v2.3.5 "/home/harbor/entryp…" 8 minutes ago Up 8 minutes (healthy) registry
94ef4c3938ad goharbor/harbor-portal:v2.3.5 "nginx -g 'daemon of…" 8 minutes ago Up 8 minutes (healthy) harbor-portal
b97ddcacdf5a goharbor/redis-photon:v2.3.5 "redis-server /etc/r…" 8 minutes ago Up 8 minutes (healthy) redis
579474e057fa goharbor/harbor-registryctl:v2.3.5 "/home/harbor/start.…" 8 minutes ago Up 8 minutes (healthy) registryctl
a646fbc29f95 goharbor/harbor-log:v2.3.5 "/bin/sh -c /usr/loc…" 8 minutes ago Up 8 minutes (healthy) 127.0.0.1:1514->10514/tcp harbor-log
// 开启docker服务,关闭客户端防火墙和selinux
[root@localhost ~]# systemctl enable --now docker
[root@localhost ~]# systemctl disabled firewalld.service
[root@localhost ~]# setenforce 0[root@localhost ~]# cat /etc/docker/daemon.json
{"insecure-registries": ["registry.example.com"]
}
[root@localhost ~]# systemctl restart docker// 登录
[root@localhost ~]# docker login registry.example.com
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-storeLogin Succeeded[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
[root@localhost ~]# docker pull busybox
Using default tag: latest
latest: Pulling from library/busybox
3cb635b06aa2: Pull complete
Digest: sha256:b5cfd4befc119a590ca1a81d6bb0fa1fb19f1fbebd0397f25fae164abe1e8a6a
Status: Downloaded newer image for busybox:latest
docker.io/library/busybox:latest
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
busybox latest ffe9d497c324 7 days ago 1.24MB
[root@localhost ~]# docker tag busybox:latest registry.example.com/library/busybox:v0.1
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
busybox latest ffe9d497c324 7 days ago 1.24MB
registry.example.com/library/busybox v0.1 ffe9d497c324 7 days ago 1.24MB
[root@localhost ~]# docker push registry.example.com/library/busybox:v0.1
The push refers to repository [registry.example.com/library/busybox]
64cac9eaf0da: Pushed
v0.1: digest: sha256:50e44504ea4f19f141118a8a8868e6c5bb9856efa33f2183f5ccea7ac62aacc9 size: 527
// 删除
[root@localhost ~]# docker rmi registry.example.com/library/busybox:v0.1
Untagged: registry.example.com/library/busybox:v0.1
Untagged: registry.example.com/library/busybox@sha256:50e44504ea4f19f141118a8a8868e6c5bb9856efa33f2183f5ccea7ac62aacc9
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
busybox latest ffe9d497c324 7 days ago 1.24MB// 拉镜像
[root@localhost ~]# docker pull registry.example.com/library/busybox:v0.1
v0.1: Pulling from library/busybox
Digest: sha256:50e44504ea4f19f141118a8a8868e6c5bb9856efa33f2183f5ccea7ac62aacc9
Status: Downloaded newer image for registry.example.com/library/busybox:v0.1
registry.example.com/library/busybox:v0.1// 查看
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
busybox latest ffe9d497c324 7 days ago 1.24MB
registry.example.com/library/busybox v0.1 ffe9d497c324 7 days ago 1.24MB
[root@localhost ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 127.0.0.1:1514 0.0.0.0:*
LISTEN 0 128 0.0.0.0:80 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 128 [::]:80 [::]:* [root@localhost harbor]# docker-compose stop
Stopping harbor-jobservice ... done
Stopping nginx ... done
Stopping harbor-core ... done
Stopping registryctl ... done
Stopping redis ... done
Stopping harbor-portal ... done
Stopping harbor-db ... done
Stopping registry ... done
Stopping harbor-log ... done[root@localhost ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 127.0.0.1:1514 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:* [root@localhost harbor]# docker-compose start
Starting log ... done
Starting registry ... done
Starting registryctl ... done
Starting postgresql ... done
Starting portal ... done
Starting redis ... done
Starting core ... done
Starting jobservice ... done
Starting proxy ... done
[root@localhost harbor]# pwd
/usr/local/harbor