Harbor介绍、整体架构和安装

Harbor介绍、整体架构和安装

文章目录

  • Harbor介绍、整体架构和安装
  • 1.Harbor介绍
  • 2.Harbor 整体架构
  • 3.安装Harbor
    • 3.1 主机初始化
      • 3.1.1 设置ip地址
      • 3.1.2 配置镜像源
      • 3.1.3 关闭防火墙
      • 3.1.4 禁用SELinux
      • 3.1.5 禁用swap
      • 3.1.6 设置时区
    • 3.2 安装docker
    • 3.3 安装docker compose
    • 3.4 下载Harbor安装包并解压缩
    • 3.5 编辑配置文件 harbor.cfg
    • 3.6 运行 harbor 安装脚本
    • 3.7 实现开机自动启动 harbor
    • 3.8 登录 harbor 主机网站
    • 3.9 使用 harbor
      • 3.9.1 建立项目
      • 3.9.2 在客户端主机上命令行登录 harbor
      • 3.9.3 给本地镜像打标签并上传到harbor
      • 3.9.4 下载harbor的镜像
    • 3.10 一键安装harbor脚本
      • 3.10.1 基于docker二进制包一键安装Harbor脚本
      • 3.10.2 基于docker镜像仓库一键安装harbor脚本
  • 4.harbor 安全 https 配置
    • 4.1 主机初始化
    • 4.2 安装docker
    • 4.3 安装docker compose
    • 4.4 下载Harbor安装包并解压缩
    • 4.5 生成私钥和证书
    • 4.6 编辑配置文件 harbor.cfg
    • 4.7 运行 harbor 安装脚本
    • 4.8 实现开机自动启动 harbor
    • 4.9 用https方式访问harbor网站
    • 4.10 使用 harbor
      • 4.10.1 建立项目
      • 4.10.2 在客户端下载CA的证书
      • 4.10.3 从客户端上传镜像
      • 4.10.4 给本地镜像打标签并上传到harbor
      • 4.10.5 下载harbor的镜像
    • 4.11一键安装harbor脚本https方式
      • 4.11.1 基于docker二进制包一键安装Harbor脚本https方式
      • 4.11.2 基于docker镜像仓库一键安装Harbor脚本https方式

1.Harbor介绍

在这里插入图片描述

Harbor 是由 VMware 开源的一款云原生制品仓库,Harbor 的核心功能是存储和管理 Artifact。Harbor 允许用户用命令行工具对容器镜像及其他 Artifact 进行推送和拉取,并提供了图形管理界面帮助用户查看和管理这些 Artifact。在 Harbor 2.0 版本中,除容器镜像外,Harbor 对符合 OCI 规范的 Helm Chart、CNAB、OPA Bundle 等都提供了更多的支持。

2.Harbor 整体架构

在这里插入图片描述

图1-1 Harbor架构图

如上图所示是 Harbor 2.0 的架构图,从上到下可分为代理层、功能层和数据层。

  • 代理层:代理层实质上是一个 Nginx 反向代理,负责接收不同类型的客户端请求,包括浏览器、用户脚本、Docker 等,并根据请求类型和 URI 转发给不同的后端服务进行处理。
  • 功能层
    • Portal:是一个基于 Argular 的前端应用,提供 Harbor 用户访问的界面。
    • Core:是 Harbor 中的核心组件,封装了 Harbor 绝大部分的业务逻辑。
    • JobService:异步任务组件,负责 Harbor 中很多比较耗时的功能,比如 Artifact 复制、扫描、垃圾回收等。
    • Docker Distribution:Harbor 通过 Distribution 实现 Artifact 的读写和存取等功能。
    • RegistryCtl:Docker Distribution 的控制组件。
    • Notary(可选):基于 TUF 提供镜像签名管理的功能。
    • 扫描工具(可选):镜像的漏洞检测工具。
    • ChartMuseum(可选):提供 API 管理非 OCI 规范的 Helm Chart,随着兼容 OCI 规范的 Helm Chart 在社区上被更广泛地接受,Helm Chart 能以 Artifact 的形式在 Harbor 中存储和管理,不再依赖 ChartMuseum,因此 Harbor 可能会在后续版本中移除对 ChartMuseum 的支持。
  • 数据层
    • Redis:主要作为缓存服务存储一些生命周期较短的数据,同时对于 JobService 还提供了类似队列的功能。
    • PostgreSQL:存储 Harbor 的应用数据,比如项目信息、用户与项目的关系、管理策略、配置信息、Artifact 的元数据等等。
    • Artifact 存储:存储 Artifact 本身的内容,也就是每次推送镜像、Helm Chart 或其他 Artifact 时,数据最终存储的地方。默认情况下,Harbor 会把 Artifact 写入本地文件系统中。用户也可以修改配置,将 Artifact 存储在外部存储中,例如亚马逊的对象存储 S3、谷歌云存储 GCS、阿里云的对象存储 OSS 等等。

3.安装Harbor

Harbor提供了多种安装方式,其中包括在线安装、离线安装、源码安装及基于Helm Chart的安装。

  • 在线安装:通过在线安装包安装Harbor,在安装过程中需要从Docker Hub获取预置的Harbor官方组件镜像。
  • 离线安装:通过离线安装包安装 Harbor,从离线安装包中装载所需要的Harbor组件镜像。
  • 源码安装:通过编译源码到本地安装Harbor。
  • 基于Helm Chart的安装:通过Helm安装Harbor Helm Chart到Kubernetes集群。本章基于Ubuntu 18.04的基础环境来说明Harbor的每种安装方式。
  • Operater安装:Harbor Operator提供了可深度定制的能力,用户通过配置顶级CRD HarborCluster,根据实际需要定义和配置自己的 Harbor 组件。

前提要求:

表1-1 硬件要求

硬件最小配置推荐的配置
CPU2 CPU4 CPU
内存4 GB8 GB
硬盘40 GB160 GB

表1-2 软件要求

软件版本描述
Docker Engine版本 20.10.10-ce+ 或更高版本有关安装说明,请参阅 Docker 引擎文档:https://docs.docker.com/engine/installation/
Docker Composedocker-compose (v1.18.0+) 或 docker compose v2 (docker-compose-plugin)有关安装说明,请参阅 Docker Compose 文档:https://docs.docker.com/compose/install/
OpenSSL最新的优先用于为Harbor生成证书和密钥

表1-3 网络端口

端口协议描述
443httpsHarbor 门户和核心 API 接受此端口上的 HTTPS 请求。您可以在配置文件中更改此端口。
4443https连接到 Harbor 的 Docker Content Trust 服务。您可以在配置文件中更改此端口。
80httpHarbor 门户和核心 API 接受此端口上的 HTTP 请求。您可以在配置文件中更改此端口。

3.1 主机初始化

3.1.1 设置ip地址

Rocky 9和CentOS Stream 9:

# Rocky 9和CentOS Stream 9默认支持修改网卡名。
[root@rocky9 ~]# grep 'plugins' /etc/NetworkManager/NetworkManager.conf 
#plugins=keyfile,ifcfg-rh
# 因为网卡命名方式默认是keyfile,默认不支持修改网卡名,既然官方已经默认是keyfile那这里就不去更改网卡名了。[root@rocky9 ~]# ETHNAME=`ip addr | awk -F"[ :]" '/^2/{print $3}'`[root@rocky9 ~]# nmcli con delete ${ETHNAME} && nmcli connection add type ethernet con-name ${ETHNAME} ifname ${ETHNAME} ipv4.method manual ipv4.address "172.31.0.9/21" ipv4.gateway "172.31.0.2" ipv4.dns "223.5.5.5,180.76.76.76" autoconnect yes && nmcli con reload && nmcli con up ${ETHNAME}
# 172.31.0.9/21中172.31.0.9是ip地址,21是子网位数;172.31.0.2是网关地址;223.5.5.5, 180.76.76.76都是DNS,根据自己的需求修改。[root@rocky9 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope host valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000link/ether 00:0c:29:37:62:95 brd ff:ff:ff:ff:ff:ffaltname enp3s0inet 172.31.0.9/21 brd 172.31.7.255 scope global noprefixroute ens160valid_lft forever preferred_lft foreverinet6 fe80::51ca:fd5d:3552:677d/64 scope link noprefixroute valid_lft forever preferred_lft forever
# 可以看到ip地址已修改。

Rocky 8、CentOS Stream 8和CentOS 7:

# Rocky 8、CentOS Stream 8和CentOS 7支持修改网卡名。
[root@rocky8 ~]# grep 'plugins' /etc/NetworkManager/NetworkManager.conf 
#plugins=ifcfg-rh
# 因为网卡命名方式默认是ifcfg-rh,支持修改网卡名。# 修改网卡名称配置文件
[root@rocky8 ~]# sed -ri.bak '/^GRUB_CMDLINE_LINUX=/s@"$@ net.ifnames=0 biosdevname=0"@' /etc/default/grub
[root@rocky8 ~]# grub2-mkconfig -o /boot/grub2/grub.cfg
Generating grub configuration file ...
done# 修改网卡文件名
[root@rocky8 ~]# ETHNAME=`ip addr | awk -F"[ :]" '/^2/{print $3}'`
[root@rocky8 ~]# mv /etc/sysconfig/network-scripts/ifcfg-${ETHNAME} /etc/sysconfig/network-scripts/ifcfg-eth0[root@rocky8 ~]# shutdown -r now[root@rocky8 ~]# nmcli dev
DEVICE  TYPE      STATE      CONNECTION         
eth0    ethernet  connected  Wired connection 1 
lo      loopback  unmanaged  --
# 可以看到CONNECTION的名字是Wired connection 1,要改名才可以下面设置。[root@rocky8 ~]# ETHNAME=`ip addr | awk -F"[ :]" '/^2/{print $3}'`[root@rocky8 ~]# nmcli connection modify "Wired connection 1" con-name ${ETHNAME}
[root@rocky8 ~]# nmcli dev
DEVICE  TYPE      STATE      CONNECTION 
eth0    ethernet  connected  eth0       
lo      loopback  unmanaged  --  # 修改ip地址
[root@rocky8 ~]# nmcli con delete ${ETHNAME} && nmcli connection add type ethernet con-name ${ETHNAME} ifname ${ETHNAME} ipv4.method manual ipv4.address "172.31.0.8/21" ipv4.gateway "172.31.0.2" ipv4.dns "223.5.5.5,180.76.76.76" autoconnect yes && nmcli con reload && nmcli dev up eth0
# 172.31.0.8/21中172.31.0.8是ip地址,21是子网位数;172.31.0.2是网关地址;223.5.5.5, 180.76.76.76都是DNS,根据自己的需求修改。[root@rocky8 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope host valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000link/ether 00:0c:29:6f:65:d3 brd ff:ff:ff:ff:ff:ffaltname enp3s0altname ens160inet 172.31.0.8/21 brd 172.31.7.255 scope global noprefixroute eth0valid_lft forever preferred_lft foreverinet6 fe80::e9c9:aa93:4a58:2cc2/64 scope link noprefixroute valid_lft forever preferred_lft forever
# 重启系统后可以看到网卡名已经修改成eth0,ip地址也已修改。

Ubuntu:

# Ubuntu先启用root用户,并设置密码
raymond@ubuntu2204:~$ cat set_root_login.sh 
#!/bin/bashread -p "请输入密码: " PASSWORD
echo ${PASSWORD} |sudo -S sed -ri 's@#(PermitRootLogin )prohibit-password@\1yes@' /etc/ssh/sshd_config
sudo systemctl restart sshd
sudo -S passwd root <<-EOF
${PASSWORD}
${PASSWORD}
EOFraymond@ubuntu2204:~$ bash set_root_login.sh 
请输入密码: 123456
[sudo] password for raymond: New password: Retype new password: passwd: password updated successfullyraymond@ubuntu2204:~$ rm -rf set_root_login.sh# 使用root登陆,修改网卡名
root@ubuntu2204:~# sed -ri.bak '/^GRUB_CMDLINE_LINUX=/s@"$@net.ifnames=0 biosdevname=0"@' /etc/default/grub
root@ubuntu2204:~# grub-mkconfig -o /boot/grub/grub.cfg
Sourcing file `/etc/default/grub'
Sourcing file `/etc/default/grub.d/init-select.cfg'
Generating grub configuration file ...
Found linux image: /boot/vmlinuz-5.15.0-88-generic
Found initrd image: /boot/initrd.img-5.15.0-88-generic
Warning: os-prober will not be executed to detect other bootable partitions.
Systems on them will not be added to the GRUB boot configuration.
Check GRUB_DISABLE_OS_PROBER documentation entry.
done# Ubuntu 20.04设置ip地址
root@ubuntu2004:~# cat > /etc/netplan/00-installer-config.yaml <<-EOF
network:version: 2renderer: networkdethernets:eth0:dhcp4: nodhcp6: noaddresses: [172.31.0.20/21] gateway4: 172.31.0.2nameservers:addresses: [223.5.5.5, 180.76.76.76]
EOF
# 说明:Ubuntu20.04网卡配置文件是00-installer-config.yaml;172.31.0.20/21中172.31.0.20是ip地址,21是子网位数;172.31.0.2是网关地址;223.5.5.5, 180.76.76.76都是DNS,根据自己的需求修改。# Ubuntu 18.04设置ip地址
root@ubuntu1804:~# cat > /etc/netplan/01-netcfg.yaml <<-EOF
network:version: 2renderer: networkdethernets:eth0:dhcp4: nodhcp6: noaddresses: [172.31.0.18/21] gateway4: 172.31.0.2nameservers:addresses: [223.5.5.5, 180.76.76.76]
EOF
# 说明:Ubuntu18.04网卡配置文件是01-netcfg.yaml;172.31.0.18/21中172.31.0.18是ip地址,21是子网位数;172.31.0.2是网关地址;223.5.5.5, 180.76.76.76都是DNS,根据自己的需求修改。root@ubuntu2004:~# shutdown -r nowroot@ubuntu2004:~# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope host valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000link/ether 00:0c:29:e5:98:6f brd ff:ff:ff:ff:ff:ffinet 172.31.0.20/21 brd 172.31.7.255 scope global eth0valid_lft forever preferred_lft foreverinet6 fe80::20c:29ff:fee5:986f/64 scope link valid_lft forever preferred_lft forever
# 重启系统后可以看到网卡名已经修改成eth0,ip地址也已修改。# Ubuntu 22.04设置ip地址
root@ubuntu2204:~# cat > /etc/netplan/00-installer-config.yaml <<-EOF
network:version: 2renderer: networkdethernets:eth0:dhcp4: nodhcp6: noaddresses: [172.31.0.22/21]routes:- to: defaultvia: 172.31.0.2nameservers:addresses: [223.5.5.5, 180.76.76.76]
EOF
# 说明:Ubuntu 22.04网卡配置文件是00-installer-config.yaml;172.31.0.22/21中172.31.0.22是ip地址,21是子网位数;172.31.0.2是网关地址,Ubuntu 22.04设置网关地址的方法发生了改变,参考上面的方法;223.5.5.5, 180.76.76.76都是DNS,根据自己的需求修改。root@ubuntu2204:~# shutdown -r now# 重启后使用新设置的ip登陆
root@ubuntu2204:~# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope host valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000link/ether 00:0c:29:a7:be:f2 brd ff:ff:ff:ff:ff:ffaltname enp2s1altname ens33inet 172.31.0.22/21 brd 172.31.7.255 scope global eth0valid_lft forever preferred_lft foreverinet6 fe80::20c:29ff:fea7:bef2/64 scope link valid_lft forever preferred_lft forever
# 重启系统后可以看到网卡名已经修改成eth0,ip地址也已修改。

3.1.2 配置镜像源

Rocky 8和9:

MIRROR=mirrors.sjtug.sjtu.edu.cn
sed -i.bak -e 's|^mirrorlist=|#mirrorlist=|g' -e 's|^#baseurl=http://dl.rockylinux.org/$contentdir|baseurl=https://'${MIRROR}'/rocky|g' /etc/yum.repos.d/[Rr]ocky*.repodnf clean all && dnf makecache

CentOS Stream 9:

cat update_mirror.pl
#!/usr/bin/perluse strict;
use warnings;
use autodie;# 要修改镜像源,请去修改url变量!
my $url = 'mirrors.aliyun.com';
my $mirrors = "https://$url/centos-stream";if (@ARGV < 1) {die "Usage: $0 <filename1> <filename2> ...\n";
}while (my $filename = shift @ARGV) {my $backup_filename = $filename . '.bak';rename $filename, $backup_filename;open my $input, "<", $backup_filename;open my $output, ">", $filename;while (<$input>) {s/^metalink/# metalink/;if (m/^name/) {my (undef, $repo, $arch) = split /-/;$repo =~ s/^\s+|\s+$//g;($arch = defined $arch ? lc($arch) : '') =~ s/^\s+|\s+$//g;if ($repo =~ /^Extras/) {$_ .= "baseurl=${mirrors}/SIGs/\$releasever-stream/extras" . ($arch eq 'source' ? "/${arch}/" : "/\$basearch/") . "extras-common\n";} else {$_ .= "baseurl=${mirrors}/\$releasever-stream/$repo" . ($arch eq 'source' ? "/" : "/\$basearch/") . ($arch ne '' ? "${arch}/tree/" : "os") . "\n";}}print $output $_;}
}rpm -q perl &> /dev/null || { echo -e "\\033[01;31m "安装perl工具,请稍等..."\033[0m";yum -y install perl ; }perl ./update_mirror.pl /etc/yum.repos.d/centos*.repodnf clean all && dnf makecache

CentOS Stream 8:

MIRROR=mirrors.aliyun.com
sed -i.bak -e 's|^mirrorlist=|#mirrorlist=|g' -e 's|^#baseurl=http://mirror.centos.org/$contentdir|baseurl=https://'${MIRROR}'/centos|g' /etc/yum.repos.d/CentOS-*.repodnf clean all && dnf makecache

CentOS 7:

MIRROR=mirrors.aliyun.com
sed -i.bak -e 's|^mirrorlist=|#mirrorlist=|g' -e 's|^#baseurl=http://mirror.centos.org|baseurl=https://'${MIRROR}'|g' /etc/yum.repos.d/CentOS-*.repoyum clean all && yum makecache

Ubuntu 22.04和20.04:

MIRROR=mirrors.aliyun.com
OLD_MIRROR=`sed -rn "s@^deb http(.*)://(.*)/ubuntu/? $(lsb_release -cs) main.*@\2@p" /etc/apt/sources.list`sed -i.bak 's/'${OLD_MIRROR}'/'${MIRROR}'/g' /etc/apt/sources.listapt update

Ubuntu 18.04:

MIRROR=mirrors.aliyun.com
OLD_MIRROR=`sed -rn "s@^deb http(.*)://(.*)/ubuntu/? $(lsb_release -cs) main.*@\2@p" /etc/apt/sources.list`sed -i.bak 's/'${OLD_MIRROR}'/'${MIRROR}'/g' /etc/apt/sources.listSECURITY_MIRROR=`sed -rn "s@^deb http(.*)://(.*)/ubuntu $(lsb_release -cs)-security main.*@\2@p" /etc/apt/sources.list`sed -i.bak 's/'${SECURITY_MIRROR}'/'${MIRROR}'/g' /etc/apt/sources.listapt update

3.1.3 关闭防火墙

# Rocky和CentOS
systemctl disable --now firewalld# CentOS 7
systemctl disable --now NetworkManager# Ubuntu
systemctl disable --now ufw

3.1.4 禁用SELinux

#CentOS
setenforce 0
sed -i 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/selinux/config#Ubuntu
Ubuntu没有安装SELinux,不用设置

3.1.5 禁用swap

sed -ri 's/.*swap.*/#&/' /etc/fstab
swapoff -a# Ubuntu 20.04和22.04,执行下面命令
sed -ri 's/.*swap.*/#&/' /etc/fstab
SD_NAME=`lsblk|awk -F"[ └─]" '/SWAP/{printf $3}'`
systemctl mask dev-${SD_NAME}.swap
swapoff -a

3.1.6 设置时区

ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
echo 'Asia/Shanghai' >/etc/timezone#Ubuntu还要设置下面内容
cat >> /etc/default/locale <<-EOF
LC_TIME=en_DK.UTF-8
EOF

3.2 安装docker

这里使用"基于二进制包一键安装docker脚本"安装docker,docker的具体安装方法请参考博客“https://raymond.blog.csdn.net/article/details/135487838”。

[root@rocky9 ~]# cat install_docker_binary_v2.sh 
#!/bin/bash
#
#*************************************************************************************************************
#Author:        Raymond
#QQ:            88563128
#Date:          2024-01-17
#FileName:      install_docker-binary_v2.sh
#URL:           raymond.blog.csdn.net
#Description:   install_docker-binary for CentOS 7 & CentOS Stream 8/9 & Ubuntu 18.04/20.04/22.04 & Rocky 8/9
#Copyright (C): 2024 All rights reserved
#*************************************************************************************************************
SRC_DIR=/usr/local/src
COLOR="echo -e \\033[01;31m"
END='\033[0m'
URL='https://mirrors.aliyun.com/docker-ce/linux/static/stable/x86_64/'
DOCKER_FILE=docker-24.0.7.tgzos(){OS_ID=`sed -rn '/^NAME=/s@.*="([[:alpha:]]+).*"$@\1@p' /etc/os-release`OS_RELEASE_VERSION=`sed -rn '/^VERSION_ID=/s@.*="?([0-9]+)\.?.*"?@\1@p' /etc/os-release`
}check_file (){cd ${SRC_DIR}if [ ${OS_ID} == "CentOS" -o ${OS_ID} == "Rocky" ] &> /dev/null;thenrpm -q wget &> /dev/null || { ${COLOR}"安装wget工具,请稍等..."${END};yum -y install wget &> /dev/null; }fiif [ ! -e ${DOCKER_FILE} ];then${COLOR}"缺少${DOCKER_FILE}文件,如果是离线包,请把文件放到${SRC_DIR}目录下"${END}${COLOR}'开始下载Docker二进制安装包'${END}wget ${URL}${DOCKER_FILE} || { ${COLOR}"Docker二进制安装包下载失败"${END}; exit; } else${COLOR}"相关文件已准备好"${END}fi
}install(){ [ -f /usr/bin/docker ] && { ${COLOR}"Docker已存在,安装失败"${END};exit; }${COLOR}"开始安装Docker,请稍等..."${END}tar xf ${DOCKER_FILE} mv docker/* /usr/bin/cat > /lib/systemd/system/docker.service <<-EOF
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target firewalld.service
Wants=network-online.target[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStart=/usr/bin/dockerd -H unix://var/run/docker.sock
ExecReload=/bin/kill -s HUP \$MAINPID
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
# Uncomment TasksMax if your systemd version supports it.
# Only systemd 226 and above support this version.
#TasksMax=infinity
TimeoutStartSec=0
# set delegate yes so that systemd does not reset the cgroups of docker containers
Delegate=yes
# kill only the docker process, not all processes in the cgroup
KillMode=process
# restart the docker process if it exits prematurely
Restart=on-failure
StartLimitBurst=3
StartLimitInterval=60s[Install]
WantedBy=multi-user.target
EOFmkdir -p /etc/dockercat > /etc/docker/daemon.json <<-EOF
{"registry-mirrors": ["https://registry.docker-cn.com","https://hub-mirror.c.163.com","https://docker.mirrors.ustc.edu.cn"],"data-root": "/data/docker","exec-opts": ["native.cgroupdriver=systemd"],"max-concurrent-downloads": 10,"max-concurrent-uploads": 5,"log-opts": {"max-size": "300m","max-file": "2"  },"live-restore": true
}
EOFecho 'alias rmi="docker images -qa|xargs docker rmi -f"' >> ~/.bashrcecho 'alias rmc="docker ps -qa|xargs docker rm -f"' >> ~/.bashrcsystemctl daemon-reloadsystemctl enable --now docker &> /dev/nullsystemctl is-active docker &> /dev/null && ${COLOR}"Docker 服务启动成功"${END} || { ${COLOR}"Docker 启动失败"${END};exit; }docker version && ${COLOR}"Docker 安装成功"${END} || ${COLOR}"Docker 安装失败"${END}
}set_swap_limit(){if [ ${OS_RELEASE_VERSION} == "18" -o ${OS_RELEASE_VERSION} == "20" ];thengrep -q "swapaccount=1" /etc/default/grub && { ${COLOR}'"WARNING: No swap limit support"警告,已设置'${END};exit; }${COLOR}'设置Docker的"WARNING: No swap limit support"警告'${END}sed -ri '/^GRUB_CMDLINE_LINUX=/s@"$@ swapaccount=1"@' /etc/default/grubupdate-grub &> /dev/null${COLOR}"10秒后,机器会自动重启!"${END}sleep 10rebootfi
}main(){oscheck_fileinstallset_swap_limit
}main[root@rocky9 ~]# bash install_docker_binary_v2.sh[root@rocky9 ~]# docker version
Client:Version:           24.0.7API version:       1.43Go version:        go1.20.10Git commit:        afdd53bBuilt:             Thu Oct 26 09:04:00 2023OS/Arch:           linux/amd64Context:           defaultServer: Docker Engine - CommunityEngine:Version:          24.0.7API version:      1.43 (minimum version 1.12)Go version:       go1.20.10Git commit:       311b9ffBuilt:            Thu Oct 26 09:05:28 2023OS/Arch:          linux/amd64Experimental:     falsecontainerd:Version:          v1.7.6GitCommit:        091922f03c2762540fd057fba91260237ff86acbrunc:Version:          1.1.9GitCommit:        v1.1.9-0-gccaecfcdocker-init:Version:          0.19.0GitCommit:        de40ad0

3.3 安装docker compose

直接从github下载安装对应版本:https://github.com/docker/compose/releases。

t1-2

图1-2 docker-compose下载

[root@rocky9 ~]# wget https://github.com/docker/compose/releases/download/v2.23.3/docker-compose-linux-x86_64[root@rocky9 ~]# mv docker-compose-linux-x86_64 /usr/bin/docker-compose
[root@rocky9 ~]# chmod +x /usr/bin/docker-compose[root@rocky9 ~]# docker-compose -v
Docker Compose version v2.23.3

3.4 下载Harbor安装包并解压缩

首先,获取Harbor的离线安装包,可从项目的官方发布网站GitHub获取,获取目录为github.com/goharbor/harbor/releases,如图3-1所示。注意:RC或者Pre-release版本并不适用于生产环境,仅适用于测试环境。

安装文档: https://goharbor.io/docs/2.10.0/install-config/

t1-3

图1-2 Harbor安装包下载

方法1: 下载离线完整安装包,推荐使用。

图1-2“harbor-offline-installer-v2.10.0.tgz”是离线安装包。

[root@rocky9 ~]# wget https://github.com/goharbor/harbor/releases/download/v2.10.0/harbor-offline-installer-v2.10.0.tgz[root@rocky9 ~]# tar tvf /root/harbor-offline-installer-v2.10.0.tgz 
-rw-r--r-- root/root 646285764 2023-12-14 14:39 harbor/harbor.v2.10.0.tar.gz
-rwxr-xr-x root/root      1882 2023-12-14 14:39 harbor/prepare
-rw-r--r-- root/root     11347 2023-12-14 14:39 harbor/LICENSE
-rwxr-xr-x root/root      1975 2023-12-14 14:39 harbor/install.sh
-rw-r--r-- root/root      3643 2023-12-14 14:39 harbor/common.sh
-rw-r--r-- root/root     13761 2023-12-14 14:39 harbor/harbor.yml.tmpl

可以看到在harbor离线安装包有如下文件。

  • LICENSE:许可文件。
  • common.sh:安装脚本的工具脚本。
  • harbor.v2.10.0.tar.gz:各个功能组件的镜像文件压缩包。
  • harbor.yml.tmpl:配置文件的模板,在配置好后需要将此文件的后缀名“tmpl”去掉或者复制生成新的文件harbor.yml。
  • install.sh:安装脚本。
  • prepare:准备脚本,将harbor.yml配置文件的内容注入各组件的配置文件中。

方法2: 下载在线安装包 ,比较慢,不是很推荐。

图1-2“harbor-online-installer-v2.10.0.tgz”是在线安装包。

[root@rocky9 ~]# wget https://github.com/goharbor/harbor/releases/download/v2.10.0/harbor-online-installer-v2.10.0.tgz[root@rocky9 ~]# tar tvf /root/harbor-online-installer-v2.10.0.tgz 
-rwxr-xr-x root/root      1882 2023-12-14 14:41 harbor/prepare
-rw-r--r-- root/root     11347 2023-12-14 14:41 harbor/LICENSE
-rwxr-xr-x root/root      1975 2023-12-14 14:41 harbor/install.sh
-rw-r--r-- root/root      3643 2023-12-14 14:41 harbor/common.sh
-rw-r--r-- root/root     13761 2023-12-14 14:41 harbor/harbor.yml.tmpl

可以看到在harbo在线安装包有如下文件。

  • LICENSE:许可文件。
  • common.sh:安装脚本的工具脚本。
  • harbor.yml.tmpl:配置文件的模板文件。
  • install.sh:安装脚本。
  • prepare:准备脚本,将配置文件的内容注入各组件的配置文件中。

从离线包和在线包可以看出,离线包比在线包多了一个“harbor/harbor.v2.10.0.tar.gz”文件,这个文件里是镜像文件,离线包安装的时候会导入镜像,而在线包会从镜像仓库去下载镜像,别的都没有什么区别,下面所有演示都使用离线包进行安装。

解压缩离线包

[root@rocky9 ~]# mkdir /apps[root@rocky9 ~]# tar xvf harbor-offline-installer-v2.10.0.tgz -C /apps/
harbor/harbor.v2.10.0.tar.gz
harbor/prepare
harbor/LICENSE
harbor/install.sh
harbor/common.sh
harbor/harbor.yml.tmpl

3.5 编辑配置文件 harbor.cfg

最新文档: https://goharbor.io/docs/2.10.0/install-config/configure-yml-file/

[root@rocky9 ~]# cd /apps/harbor/# Harbor从1.8.0版本起,配置文件的格式从harbor.cfg变更为harbor.yml,这样做既可以提供更好的可读性和可扩展性;还可以通过prepare容器实现对安装配置的集中管理,减少对用户基础环境的依赖。值得注意的是,如果基于harbor.cfg(1.8.0之前的版本)安装Harbor,则安装环境需要预先安装Python v2.7。# 获取Harbor在线、离线安装包后将其解压,从中可以看到harbor.yml.tmpl文件,该文件是Harbor的配置文件模版。用户可以把harbor.yml.tmpl文件复制并命名为harbor.yml,将harbor.yml文件作为安装Harbor的配置文件。注意:每次修改harbor.yml文件的配置后,都需要运行prepare脚本并重启Harbor才可生效。
[root@rocky9 harbor]# ls
common.sh  harbor.v2.10.0.tar.gz  harbor.yml.tmpl  install.sh  LICENSE  prepare[root@rocky9 harbor]# mv harbor.yml.tmpl harbor.yml[root@rocky9 harbor]# vim harbor.yml
-bash: vim: command not found
# Rocky和CentOS默认没有安装vim。[root@rocky9 harbor]# dnf -y install vim[root@rocky9 harbor]# vim harbor.yml
...
# hostname指定要部署 Harbor 的目标主机的 IP 地址或完全限定域名 (FQDN)。这是您访问 Harbor Portal 和注册服务的地址。例如,192.168.1.10 或 reg.yourdomain.com。外部客户端必须可以访问注册表服务,因此请勿指定 localhost、127.0.0.1 或 0.0.0.0 作为主机名。
hostname: 172.31.0.9
...
# HTTP 和 HTTPS配置Harbor的网络访问协议,默认值为HTTPS。注意:如果选择安装Notary组件,则这里必须将Harbor的网络访问协议配置为HTTPS。配置HTTPS时需要提供SSL/TLS证书,并将证书和私钥文件的本机地址配置给certificate和private_key选项。
# 1.port:网络端口号,默认是443。
# 2.certificate:SSL/TLS证书文件的本机文件位置。
# 3.private_key:私钥文件的本机文件位置。
# 如果需要将网络协议更改为HTTP,则需要注释掉配置文件中的HTTPS配置部分:http:port: 80#注释下面几行
#https:#  port: 443#certificate: /your/certificate/path#private_key: /your/private/key/path# harbor_admin_password配置Harbor的管理员密码的默认值为Harbor12345,建议在安装前更改此项。此项用于管理员登录Harbor,仅在第一次启动前有效,启动后更改将不起作用。如果后续需要更改管理员密码,则可以登录Harbor界面进行更改。
harbor_admin_password: 123456# 使用下面命令直接替换
HARBOR_INSTALL_DIR=/apps
NET_NAME=`ip addr |awk -F"[: ]" '/^2: e.*/{print $3}'`
IP=`ip addr show ${NET_NAME}| awk -F" +|/" '/global/{print $3}'`
HARBOR_ADMIN_PASSWORD=123456sed -ri.bak -e 's/^(hostname:) .*/\1 '${IP}'/' -e 's/^(https:)/#\1/' -e 's/  (port: 443)/#  \1/' -e 's@  (certificate: .*)@#  \1@' -e 's@  (private_key: .*)@#  \1@' -e 's/^(harbor_admin_password:) .*/\1 '${HARBOR_ADMIN_PASSWORD}'/' ${HARBOR_INSTALL_DIR}/harbor/harbor.yml

3.6 运行 harbor 安装脚本

通过执行安装脚本install.sh启动安装。安装脚本的流程大致如下。

(1)环境检查,主要检查本机的Docker及docker-compose版本。

(2)载入离线镜像文件。

(3)准备配置文件并生成 docker-compose.yml文件。

(4)通过docker-compose启动Harbor的各组件容器。

# 先安装python
# rocky和CentOS
yum -y install python3# Ubuntu
apt -y install python3# --with-trivy:选择安装镜像扫描组件Trivy。
[root@rocky9 harbor]# ./install.sh --with-trivy[Step 0]: checking if docker is installed ...Note: docker version: 24.0.7[Step 1]: checking docker-compose is installed ...Note: docker-compose version: 2.23.3[Step 2]: loading Harbor images ...
ad00c0c1d948: Loading layer [==================================================>]  40.11MB/40.11MB
7570a78aea36: Loading layer [==================================================>]   9.08MB/9.08MB
04774e0e84f2: Loading layer [==================================================>]  4.096kB/4.096kB
8a42710a9f5a: Loading layer [==================================================>]  3.072kB/3.072kB
f1990e77f8e5: Loading layer [==================================================>]    197MB/197MB
172f5af926be: Loading layer [==================================================>]   17.6MB/17.6MB
2bef5dd17a10: Loading layer [==================================================>]  215.4MB/215.4MB
Loaded image: goharbor/trivy-adapter-photon:v2.10.0
8c10ac3a40a9: Loading layer [==================================================>]  89.84MB/89.84MB
cc741ba6af65: Loading layer [==================================================>]  65.11MB/65.11MB
7877ea7046dd: Loading layer [==================================================>]   13.2MB/13.2MB
3de91a0984fe: Loading layer [==================================================>]  65.54kB/65.54kB
4d2cda613456: Loading layer [==================================================>]   2.56kB/2.56kB
625b81c9e514: Loading layer [==================================================>]  1.536kB/1.536kB
6496ec4ce84e: Loading layer [==================================================>]  12.29kB/12.29kB
2b332fb0075b: Loading layer [==================================================>]  5.322MB/5.322MB
f8976ae46d77: Loading layer [==================================================>]  457.7kB/457.7kB
Loaded image: goharbor/prepare:v2.10.0
a36cb8a4e510: Loading layer [==================================================>]  126.1MB/126.1MB
fd72ef63aacc: Loading layer [==================================================>]  3.584kB/3.584kB
162d9960a2b9: Loading layer [==================================================>]  3.072kB/3.072kB
b71508b0d586: Loading layer [==================================================>]   2.56kB/2.56kB
18c685e189cb: Loading layer [==================================================>]  3.072kB/3.072kB
84690af2e82b: Loading layer [==================================================>]  3.584kB/3.584kB
8d7eb73e8207: Loading layer [==================================================>]  20.48kB/20.48kB
Loaded image: goharbor/harbor-log:v2.10.0
001da4979db8: Loading layer [==================================================>]  8.562MB/8.562MB
275281f671bf: Loading layer [==================================================>]  4.096kB/4.096kB
f6856e2d539f: Loading layer [==================================================>]   17.4MB/17.4MB
557317f3c1c5: Loading layer [==================================================>]  3.072kB/3.072kB
942b8c3060c6: Loading layer [==================================================>]  32.81MB/32.81MB
b2bc30e737e7: Loading layer [==================================================>]     51MB/51MB
Loaded image: goharbor/harbor-registryctl:v2.10.0
d5e5478da184: Loading layer [==================================================>]  116.8MB/116.8MB
Loaded image: goharbor/nginx-photon:v2.10.0
74a7f6a8de8c: Loading layer [==================================================>]  11.58MB/11.58MB
46523ccaf371: Loading layer [==================================================>]   27.6MB/27.6MB
3cea6b428022: Loading layer [==================================================>]  4.608kB/4.608kB
9815d4ae0f06: Loading layer [==================================================>]  28.39MB/28.39MB
Loaded image: goharbor/harbor-exporter:v2.10.0
7d7e15ae8ca1: Loading layer [==================================================>]  15.93MB/15.93MB
e13b0ff80947: Loading layer [==================================================>]  111.8MB/111.8MB
da74a4230588: Loading layer [==================================================>]  3.072kB/3.072kB
89240f6f343b: Loading layer [==================================================>]   59.9kB/59.9kB
7b00214da46a: Loading layer [==================================================>]  61.95kB/61.95kB
Loaded image: goharbor/redis-photon:v2.10.0
345fdbd05997: Loading layer [==================================================>]  8.562MB/8.562MB
5c4443929555: Loading layer [==================================================>]  4.096kB/4.096kB
605c9788ef17: Loading layer [==================================================>]  3.072kB/3.072kB
b2ab56de0e45: Loading layer [==================================================>]   17.4MB/17.4MB
950eb2734789: Loading layer [==================================================>]  18.19MB/18.19MB
Loaded image: goharbor/registry-photon:v2.10.0
7693164e30e0: Loading layer [==================================================>]  116.8MB/116.8MB
6b50b5d516aa: Loading layer [==================================================>]  6.531MB/6.531MB
5aea217650ad: Loading layer [==================================================>]  246.8kB/246.8kB
0b3de92ff70b: Loading layer [==================================================>]  1.477MB/1.477MB
Loaded image: goharbor/harbor-portal:v2.10.0
b79ac58f353c: Loading layer [==================================================>]  11.58MB/11.58MB
18c4c015e339: Loading layer [==================================================>]  3.584kB/3.584kB
c6eef6a39935: Loading layer [==================================================>]   2.56kB/2.56kB
03db56130352: Loading layer [==================================================>]  58.57MB/58.57MB
78c9748f2d29: Loading layer [==================================================>]  5.632kB/5.632kB
e1732f90232a: Loading layer [==================================================>]  123.4kB/123.4kB
6b733e4833c8: Loading layer [==================================================>]  80.38kB/80.38kB
fe6828cc147a: Loading layer [==================================================>]  59.56MB/59.56MB
8e1349c44768: Loading layer [==================================================>]   2.56kB/2.56kB
Loaded image: goharbor/harbor-core:v2.10.0
02b0385778eb: Loading layer [==================================================>]  15.93MB/15.93MB
ac2be26232ee: Loading layer [==================================================>]    175MB/175MB
1e3e9dba5eaa: Loading layer [==================================================>]  25.47MB/25.47MB
c7fa85d79c1c: Loading layer [==================================================>]  18.14MB/18.14MB
f9ef6596c7ce: Loading layer [==================================================>]   5.12kB/5.12kB
e35036cc139f: Loading layer [==================================================>]  6.144kB/6.144kB
0cb7ded8041a: Loading layer [==================================================>]  3.072kB/3.072kB
5d178abacde0: Loading layer [==================================================>]  2.048kB/2.048kB
67fe09fd709b: Loading layer [==================================================>]   2.56kB/2.56kB
d0b4aac335c4: Loading layer [==================================================>]   7.68kB/7.68kB
Loaded image: goharbor/harbor-db:v2.10.0
fced8697b2c7: Loading layer [==================================================>]  11.58MB/11.58MB
af968b902c26: Loading layer [==================================================>]  3.584kB/3.584kB
7caaebde63bc: Loading layer [==================================================>]   2.56kB/2.56kB
d6e3c7a6ef36: Loading layer [==================================================>]  44.96MB/44.96MB
bc8a8ef654ea: Loading layer [==================================================>]  45.75MB/45.75MB
Loaded image: goharbor/harbor-jobservice:v2.10.0[Step 3]: preparing environment ...[Step 4]: preparing harbor configs ...
prepare base dir is set to /apps/harbor
WARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. Please make sure to upgrade to https
Generated configuration file: /config/portal/nginx.conf
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/registryctl/config.yml
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
Generated and saved secret to file: /data/secret/keys/secretkey
Successfully called func: create_root_cert
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dirNote: stopping existing Harbor instance ...[Step 5]: starting Harbor ...
[+] Running 10/10✔ Network harbor_harbor        Created                                                                            0.1s ✔ Container harbor-log         Started                                                                            0.0s ✔ Container registry           Started                                                                            0.0s ✔ Container registryctl        Started                                                                            0.0s ✔ Container harbor-db          Started                                                                            0.0s ✔ Container redis              Started                                                                            0.1s ✔ Container harbor-portal      Started                                                                            0.1s ✔ Container harbor-core        Started                                                                            0.0s ✔ Container harbor-jobservice  Started                                                                            0.0s ✔ Container nginx              Started                                                                            0.0s 
✔ ----Harbor has been installed and started successfully.----
# 出现“Harbor has been installed and started successfully”提示表示安装成功。# 安装harbor后会自动开启很多相关容器
[root@rocky9 harbor]# docker  ps
CONTAINER ID   IMAGE                                 COMMAND                  CREATED              STATUS                        PORTS                                   NAMES
3a817cfd9507   goharbor/nginx-photon:v2.10.0         "nginx -g 'daemon of…"   About a minute ago   Up About a minute (healthy)   0.0.0.0:80->8080/tcp, :::80->8080/tcp   nginx
df27e94d1296   goharbor/harbor-jobservice:v2.10.0    "/harbor/entrypoint.…"   About a minute ago   Up About a minute (healthy)                                           harbor-jobservice
941e3a15c0d4   goharbor/harbor-core:v2.10.0          "/harbor/entrypoint.…"   About a minute ago   Up About a minute (healthy)                                           harbor-core
10adc7af6c45   goharbor/registry-photon:v2.10.0      "/home/harbor/entryp…"   About a minute ago   Up About a minute (healthy)                                           registry
c4ac6dec6b92   goharbor/harbor-portal:v2.10.0        "nginx -g 'daemon of…"   About a minute ago   Up About a minute (healthy)                                           harbor-portal
70e02abe9397   goharbor/harbor-db:v2.10.0            "/docker-entrypoint.…"   About a minute ago   Up About a minute (healthy)                                           harbor-db
8b6b13e0d369   goharbor/redis-photon:v2.10.0         "redis-server /etc/r…"   About a minute ago   Up About a minute (healthy)                                           redis
cd5347a97785   goharbor/harbor-registryctl:v2.10.0   "/home/harbor/start.…"   About a minute ago   Up About a minute (healthy)                                           registryctl
991b86237a43   goharbor/harbor-log:v2.10.0           "/bin/sh -c /usr/loc…"   About a minute ago   Up About a minute (healthy)   127.0.0.1:1514->10514/tcp               harbor-log

3.7 实现开机自动启动 harbor

[root@rocky9 harbor]# cat > /lib/systemd/system/harbor.service <<-EOF
[Unit]
Description=Harbor
After=docker.service systemd-networkd.service systemd-resolved.service
Requires=docker.service
Documentation=http://github.com/vmware/harbor[Service]
Type=simple
Restart=on-failure
RestartSec=5
ExecStart=/usr/bin/docker-compose -f /apps/harbor/docker-compose.yml up
ExecStop=/usr/bin/docker-compose -f /apps/harbor/docker-compose.yml down[Install]
WantedBy=multi-user.target
EOF[root@rocky9 harbor]# systemctl daemon-reload && systemctl enable harbor

3.8 登录 harbor 主机网站

用浏览器访问: http://172.31.0.9

  • 用户名: admin
  • 密码: 即前面harbor.yml中指定的密码

t1-4

图1-4 harbor登陆

t1-5

图1-5 harbor登陆后界面

3.9 使用 harbor

3.9.1 建立项目

harbor上必须先建立项目,才能上传镜像

在“项目”菜单下面选择“新建项目”。

t1-6

图1-6 新建项目

在“新建项目”窗口,设置“项目名称”为linux,勾选“访问级别”后面的“公开”选项,然后点“确定”。

t1-7

图1-7 新建项目2

可以看到下图已经新建了项目linux。

t1-8

图1-8 创建完项目后的界面

3.9.2 在客户端主机上命令行登录 harbor

[root@rocky9 ~]# vim /etc/docker/daemon.json 
{"registry-mirrors": ["https://registry.docker-cn.com","http://hub-mirror.c.163.com","https://docker.mirrors.ustc.edu.cn"],"insecure-registries": ["172.31.0.9"], # 设置非安全的镜像仓库"data-root": "/data/docker","exec-opts": ["native.cgroupdriver=systemd"],"max-concurrent-downloads": 10,"max-concurrent-uploads": 5,"log-opts": {"max-size": "300m","max-file": "2"  },"live-restore": true
}[root@rocky9 ~]# systemctl daemon-reload && systemctl restart docker[root@rocky9 ~]# docker-compose down
[root@rocky9 ~]# docker-compose up -d[root@rocky9 ~]# docker login 172.31.0.9
Username: admin
Password: 
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-storeLogin Succeeded[root@rocky9 ~]# cat .docker/config.json
{"auths": {"172.31.0.9": {"auth": "YWRtaW46MTIzNDU2"}}
}

3.9.3 给本地镜像打标签并上传到harbor

修改 images 的名称,不修改成指定格式无法将镜像上传到 harbor 仓库。

# 上传镜像前,必须先登录harbor[root@rocky9 ~]# docker pull alpine[root@rocky9 ~]# docker images |grep "alpine"
alpine                          latest    f8c20f8bbcb6   5 weeks ago   7.38MB[root@rocky9 ~]# docker tag alpine 172.31.0.9/linux/alpine[root@rocky9 ~]# docker images |grep "alpine"
172.31.0.9/linux/alpine         latest    f8c20f8bbcb6   5 weeks ago   7.38MB
alpine                          latest    f8c20f8bbcb6   5 weeks ago   7.38MB[root@rocky9 ~]# docker push 172.31.0.9/linux/alpine

访问harbor网站验证上传镜像成功。

在这里插入图片描述

图1-9 查看上传的镜像

3.9.4 下载harbor的镜像

在172.31.0.8的Rocky 8的主机上无需登录,即可下载镜像

首先要主机初始化和安装docker,安装方法参考3.1和3.2。

[root@rocky8 ~]# vim /etc/docker/daemon.json 
{"registry-mirrors": ["https://registry.docker-cn.com","http://hub-mirror.c.163.com","https://docker.mirrors.ustc.edu.cn"],"insecure-registries": ["172.31.0.9"], # 添加私有镜像仓库渎职"data-root": "/data/docker","exec-opts": ["native.cgroupdriver=systemd"],"max-concurrent-downloads": 10,"max-concurrent-uploads": 5,"log-opts": {"max-size": "300m","max-file": "2"  },"live-restore": true
}[root@rocky8 ~]# systemctl daemon-reload && systemctl restart docker[root@rocky8 ~]# docker images
REPOSITORY   TAG       IMAGE ID   CREATED   SIZE[root@rocky8 ~]# docker pull 172.31.0.9/linux/alpine[root@rocky8 ~]# docker images
REPOSITORY                TAG       IMAGE ID       CREATED       SIZE
172.31.0.9/linux/alpine   latest    f8c20f8bbcb6   5 weeks ago   7.38MB

3.10 一键安装harbor脚本

Shell脚本源码地址:

Gitee:https://gitee.com/raymond9/shell

Github:https://github.com/raymond999999/shell

可以去上面的Gitee或Github代码仓库拉取脚本。

3.10.1 基于docker二进制包一键安装Harbor脚本

[root@rocky9 ~]# cat install_harbor_http_v2_1.sh
#!/bin/bash
#
#******************************************************************************************************************
#Author:        Raymond
#QQ:            88563128
#Date:          2024-01-26
#FileName:      install_harbor_http_v2_1.sh
#URL:           raymond.blog.csdn.net
#Description:   install_harbor_http for CentOS 7 & CentOS Stream 8/9 & Ubuntu 18.04/20.04/22.04 & Rocky 8/9
#Copyright (C): 2024 All rights reserved
#******************************************************************************************************************
SRC_DIR=/usr/local/src
COLOR="echo -e \\033[01;31m"
END='\033[0m'URL='https://mirrors.aliyun.com/docker-ce/linux/static/stable/x86_64/'
DOCKER_FILE=docker-24.0.7.tgz# Docker Compose下载地址:“https://github.com/docker/compose/releases/download/v2.23.3/docker-compose-linux-x86_64”,请提前下载。
DOCKER_COMPOSE_FILE=docker-compose-linux-x86_64# Harbor下载地址:“https://github.com/goharbor/harbor/releases/download/v2.10.0/harbor-offline-installer-v2.10.0.tgz”,请提前下载。
HARBOR_FILE=harbor-offline-installer-v
HARBOR_VERSION=2.10.0
TAR=.tgz
HARBOR_INSTALL_DIR=/apps
NET_NAME=`ip addr |awk -F"[: ]" '/^2: e.*/{print $3}'`
IP=`ip addr show ${NET_NAME}| awk -F" +|/" '/global/{print $3}'`
HARBOR_ADMIN_PASSWORD=123456os(){OS_ID=`sed -rn '/^NAME=/s@.*="([[:alpha:]]+).*"$@\1@p' /etc/os-release`OS_RELEASE_VERSION=`sed -rn '/^VERSION_ID=/s@.*="?([0-9]+)\.?.*"?@\1@p' /etc/os-release`
}check_file (){cd ${SRC_DIR}if [ ${OS_ID} == "CentOS" -o ${OS_ID} == "Rocky" ] &> /dev/null;thenrpm -q wget &> /dev/null || { ${COLOR}"安装wget工具,请稍等..."${END};yum -y install wget &> /dev/null; }fiif [ ! -e ${DOCKER_FILE} ];then${COLOR}"缺少${DOCKER_FILE}文件,如果是离线包,请把文件放到${SRC_DIR}目录下"${END}${COLOR}'开始下载DOCKER二进制源码包'${END}wget ${URL}${DOCKER_FILE} || { ${COLOR}"DOCKER二进制安装包下载失败"${END}; exit; }elif [ ! -e ${DOCKER_COMPOSE_FILE} ];then${COLOR}"缺少${DOCKER_COMPOSE_FILE}文件,请把文件放到${SRC_DIR}目录下"${END}exitelif [ ! -e ${HARBOR_FILE}${HARBOR_VERSION}${TAR} ];then${COLOR}"缺少${HARBOR_FILE}${HARBOR_VERSION}${TAR}文件,请把文件放到${SRC_DIR}目录下"${END}exitelse${COLOR}"相关文件已准备好"${END}fi
}install_docker(){ ${COLOR}"开始安装Docker,请稍等..."${END}tar xf ${DOCKER_FILE}mv docker/* /usr/bin/cat > /lib/systemd/system/docker.service <<-EOF
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target firewalld.service
Wants=network-online.target[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStart=/usr/bin/dockerd -H unix://var/run/docker.sock
ExecReload=/bin/kill -s HUP \$MAINPID
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
# Uncomment TasksMax if your systemd version supports it.
# Only systemd 226 and above support this version.
#TasksMax=infinity
TimeoutStartSec=0
# set delegate yes so that systemd does not reset the cgroups of docker containers
Delegate=yes
# kill only the docker process, not all processes in the cgroup
KillMode=process
# restart the docker process if it exits prematurely
Restart=on-failure
StartLimitBurst=3
StartLimitInterval=60s[Install]
WantedBy=multi-user.target
EOFmkdir -p /etc/dockercat > /etc/docker/daemon.json <<-EOF
{"registry-mirrors": ["https://registry.docker-cn.com","https://hub-mirror.c.163.com","https://docker.mirrors.ustc.edu.cn"],"insecure-registries": ["${IP}"],"data-root": "/data/docker","exec-opts": ["native.cgroupdriver=systemd"],"max-concurrent-downloads": 10,"max-concurrent-uploads": 5,"log-opts": {"max-size": "300m","max-file": "2"  },"live-restore": true
}
EOFecho 'alias rmi="docker images -qa|xargs docker rmi -f"' >> ~/.bashrcecho 'alias rmc="docker ps -qa|xargs docker rm -f"' >> ~/.bashrcsystemctl daemon-reloadsystemctl enable --now docker &> /dev/nullsystemctl is-active docker &> /dev/null && ${COLOR}"Docker 服务启动成功"${END} || { ${COLOR}"Docker 启动失败"${END};exit; }docker version && ${COLOR}"Docker 安装成功"${END} || ${COLOR}"Docker 安装失败"${END}
}install_docker_compose(){${COLOR}"开始安装Docker Compose,请稍等..."${END}mv ${SRC_DIR}/${DOCKER_COMPOSE_FILE} /usr/bin/docker-composechmod +x /usr/bin/docker-composedocker-compose --version &&  ${COLOR}"Docker Compose 安装完成"${END} || ${COLOR}"Docker compose 安装失败"${END}
}install_harbor(){${COLOR}"开始安装Harbor,请稍等..."${END}[ -d ${HARBOR_INSTALL_DIR} ] || mkdir ${HARBOR_INSTALL_DIR}tar xf ${SRC_DIR}/${HARBOR_FILE}${HARBOR_VERSION}${TAR} -C ${HARBOR_INSTALL_DIR}/mv ${HARBOR_INSTALL_DIR}/harbor/harbor.yml.tmpl ${HARBOR_INSTALL_DIR}/harbor/harbor.ymlsed -ri.bak -e 's/^(hostname:) .*/\1 '${IP}'/' -e 's/^(https:)/#\1/' -e 's/  (port: 443)/#  \1/' -e 's@  (certificate: .*)@#  \1@' -e 's@  (private_key: .*)@#  \1@' -e 's/^(harbor_admin_password:) .*/\1 '${HARBOR_ADMIN_PASSWORD}'/' ${HARBOR_INSTALL_DIR}/harbor/harbor.ymlif [ ${OS_ID} == "CentOS" -o ${OS_ID} == "Rocky" ] &> /dev/null;thenrpm -q python3 &> /dev/null || { ${COLOR}"安装python3,请稍等..."${END};yum -y install python3 &> /dev/null; }elsedpkg -s python3 &>/dev/null || { ${COLOR}"安装python3,请稍等..."${END};apt -y install python3 &> /dev/null; }fi${HARBOR_INSTALL_DIR}/harbor/install.sh --with-trivy && ${COLOR}"Harbor 安装完成"${END} ||  ${COLOR}"Harbor 安装失败"${END}cat > /lib/systemd/system/harbor.service <<-EOF
[Unit]
Description=Harbor
After=docker.service systemd-networkd.service systemd-resolved.service
Requires=docker.service
Documentation=http://github.com/vmware/harbor[Service]
Type=simple
Restart=on-failure
RestartSec=5
ExecStart=/usr/bin/docker-compose -f /apps/harbor/docker-compose.yml up
ExecStop=/usr/bin/docker-compose -f /apps/harbor/docker-compose.yml down[Install]
WantedBy=multi-user.target
EOFsystemctl daemon-reload systemctl enable harbor &>/dev/null && ${COLOR}"Harbor已配置为开机自动启动"${END}
}set_swap_limit(){if [ ${OS_RELEASE_VERSION} == "18" -o ${OS_RELEASE_VERSION} == "20" ];thengrep -q "swapaccount=1" /etc/default/grub && { ${COLOR}'"WARNING: No swap limit support"警告,已设置'${END};exit; }${COLOR}'设置Docker的"WARNING: No swap limit support"警告'${END}sed -ri '/^GRUB_CMDLINE_LINUX=/s@"$@ swapaccount=1"@' /etc/default/grubupdate-grub &> /dev/null${COLOR}"10秒后,机器会自动重启"${END}sleep 10rebootfi
}main(){oscheck_file[ -f /usr/bin/docker ] && ${COLOR}"Docker已安装"${END} || install_docker[ -f /usr/bin/docker-compose ] && ${COLOR}"Docker Compose已安装"${END} || install_docker_composesystemctl is-active harbor &> /dev/null && ${COLOR}"Harbor已安装"${END} || install_harborset_swap_limit
}main

3.10.2 基于docker镜像仓库一键安装harbor脚本

[root@rocky9 ~]# cat install_harbor_http_v2_2.sh
#!/bin/bash
#
#******************************************************************************************************************
#Author:        Raymond
#QQ:            88563128
#Date:          2024-01-26
#FileName:      install_harbor_http_v2_2.sh
#URL:           raymond.blog.csdn.net
#Description:   install_harbor_http for CentOS 7 & CentOS Stream 8/9 & Ubuntu 18.04/20.04/22.04 & Rocky 8/9
#Copyright (C): 2024 All rights reserved
#******************************************************************************************************************
SRC_DIR=/usr/local/src
COLOR="echo -e \\033[01;31m"
END='\033[0m'DOCKER_VERSION=24.0.7
DOCKER_MAIN_VERSION=`echo ${DOCKER_VERSION} | awk -F'.' '{print $1}'`
URL='mirrors.aliyun.com'# Docker Compose下载地址:“https://github.com/docker/compose/releases/download/v2.23.3/docker-compose-linux-x86_64”,请提前下载。
DOCKER_COMPOSE_FILE=docker-compose-linux-x86_64# Harbor下载地址:“https://github.com/goharbor/harbor/releases/download/v2.10.0/harbor-offline-installer-v2.10.0.tgz”,请提前下载。
HARBOR_FILE=harbor-offline-installer-v
HARBOR_VERSION=2.10.0
TAR=.tgz
HARBOR_INSTALL_DIR=/apps
NET_NAME=`ip addr |awk -F"[: ]" '/^2: e.*/{print $3}'`
IP=`ip addr show ${NET_NAME}| awk -F" +|/" '/global/{print $3}'`
HARBOR_ADMIN_PASSWORD=123456os(){OS_ID=`sed -rn '/^NAME=/s@.*="([[:alpha:]]+).*"$@\1@p' /etc/os-release`OS_RELEASE_VERSION=`sed -rn '/^VERSION_ID=/s@.*="?([0-9]+)\.?.*"?@\1@p' /etc/os-release`
}check_file (){cd ${SRC_DIR}if [ ! -e ${DOCKER_COMPOSE_FILE} ];then${COLOR}"缺少${DOCKER_COMPOSE_FILE}文件,请把文件放到${SRC_DIR}目录下"${END}exitelif [ ! -e ${HARBOR_FILE}${HARBOR_VERSION}${TAR} ];then${COLOR}"缺少${HARBOR_FILE}${HARBOR_VERSION}${TAR}文件,请把文件放到${SRC_DIR}目录下"${END}exitelse${COLOR}"相关文件已准备好"${END}fi
}ubuntu_install_docker(){${COLOR}"开始安装Docker依赖包,请稍等..."${END}apt update &> /dev/nullapt -y install apt-transport-https ca-certificates curl software-properties-common &> /dev/nullcurl -fsSL https://${URL}/docker-ce/linux/ubuntu/gpg | sudo apt-key add - &> /dev/nulladd-apt-repository -y "deb [arch=amd64] https://${URL}/docker-ce/linux/ubuntu  $(lsb_release -cs) stable" &> /dev/null apt update &> /dev/null${COLOR}"Docker有以下版本"${END}apt-cache madison docker-ce${COLOR}"10秒后即将安装:Docker-"${DOCKER_VERSION}"版本......"${END}${COLOR}"如果想安装其它Docker版本,请按Ctrl+c键退出,修改版本再执行"${END}sleep 10${COLOR}"开始安装Docker,请稍等..."${END}if [ ${DOCKER_MAIN_VERSION} == "18" -o ${DOCKER_MAIN_VERSION} == "19" -o ${DOCKER_MAIN_VERSION} == "20" ];thenapt -y install docker-ce=5:${DOCKER_VERSION}~3-0~ubuntu-$(lsb_release -cs) docker-ce-cli=5:${DOCKER_VERSION}~3-0~ubuntu-$(lsb_release -cs) &> /dev/null || { ${COLOR}"apt源失败,请检查apt配置"${END};exit; }elseapt -y install docker-ce=5:${DOCKER_VERSION}-1~ubuntu.$(lsb_release -rs)~$(lsb_release -cs) docker-ce-cli=5:${DOCKER_VERSION}-1~ubuntu.$(lsb_release -rs)~$(lsb_release -cs) &> /dev/null || { ${COLOR}"apt源失败,请检查apt配置"${END};exit; }fi
}centos_install_docker(){${COLOR}"开始安装Docker依赖包,请稍等..."${END}yum -y install yum-utils &> /dev/nullyum-config-manager --add-repo https://${URL}/docker-ce/linux/centos/docker-ce.repo &> /dev/nullyum clean all &> /dev/nullyum makecache &> /dev/null${COLOR}"Docker有以下版本"${END}yum list docker-ce.x86_64 --showduplicates${COLOR}"10秒后即将安装:Docker-"${DOCKER_VERSION}"版本......"${END}${COLOR}"如果想安装其它Docker版本,请按Ctrl+c键退出,修改版本再执行"${END}sleep 10${COLOR}"开始安装Docker,请稍等..."${END}yum -y install docker-ce-${DOCKER_VERSION} docker-ce-cli-${DOCKER_VERSION} &> /dev/null || { ${COLOR}"yum源失败,请检查yum配置"${END};exit; }
}mirror_accelerator(){mkdir -p /etc/dockercat > /etc/docker/daemon.json <<-EOF
{"registry-mirrors": ["https://registry.docker-cn.com","https://hub-mirror.c.163.com","https://docker.mirrors.ustc.edu.cn"],"insecure-registries": ["${IP}"],"data-root": "/data/docker","exec-opts": ["native.cgroupdriver=systemd"],"max-concurrent-downloads": 10,"max-concurrent-uploads": 5,"log-opts": {"max-size": "300m","max-file": "2"  },"live-restore": true
}
EOFsystemctl daemon-reloadsystemctl enable --now dockersystemctl is-active docker &> /dev/null && ${COLOR}"Docker 服务启动成功"${END} || { ${COLOR}"Docker 启动失败"${END};exit; }docker version &&  ${COLOR}"Docker 安装成功"${END} || ${COLOR}"Docker 安装失败"${END}
}set_alias(){echo 'alias rmi="docker images -qa|xargs docker rmi -f"' >> ~/.bashrcecho 'alias rmc="docker ps -qa|xargs docker rm -f"' >> ~/.bashrc
}install_docker_compose(){${COLOR}"开始安装Docker Compose,请稍等..."${END}mv ${SRC_DIR}/${DOCKER_COMPOSE_FILE} /usr/bin/docker-composechmod +x /usr/bin/docker-composedocker-compose --version &&  ${COLOR}"Docker Compose 安装完成"${END} || ${COLOR}"Docker compose 安装失败"${END}
}install_harbor(){${COLOR}"开始安装Harbor,请稍等..."${END}[ -d ${HARBOR_INSTALL_DIR} ] || mkdir ${HARBOR_INSTALL_DIR}tar xf ${SRC_DIR}/${HARBOR_FILE}${HARBOR_VERSION}${TAR} -C ${HARBOR_INSTALL_DIR}/mv ${HARBOR_INSTALL_DIR}/harbor/harbor.yml.tmpl ${HARBOR_INSTALL_DIR}/harbor/harbor.ymlsed -ri.bak -e 's/^(hostname:) .*/\1 '${IP}'/' -e 's/^(https:)/#\1/' -e 's/  (port: 443)/#  \1/' -e 's@  (certificate: .*)@#  \1@' -e 's@  (private_key: .*)@#  \1@' -e 's/^(harbor_admin_password:) .*/\1 '${HARBOR_ADMIN_PASSWORD}'/' ${HARBOR_INSTALL_DIR}/harbor/harbor.ymlif [ ${OS_ID} == "CentOS" -o ${OS_ID} == "Rocky" ] &> /dev/null;thenrpm -q python3 &> /dev/null || { ${COLOR}"安装python3,请稍等..."${END};yum -y install python3 &> /dev/null; }elsedpkg -s python3 &>/dev/null || { ${COLOR}"安装python3,请稍等..."${END};apt -y install python3 &> /dev/null; }fi${HARBOR_INSTALL_DIR}/harbor/install.sh --with-trivy && ${COLOR}"Harbor 安装完成"${END} ||  ${COLOR}"Harbor 安装失败"${END}cat > /lib/systemd/system/harbor.service <<-EOF
[Unit]
Description=Harbor
After=docker.service systemd-networkd.service systemd-resolved.service
Requires=docker.service
Documentation=http://github.com/vmware/harbor[Service]
Type=simple
Restart=on-failure
RestartSec=5
ExecStart=/usr/bin/docker-compose -f /apps/harbor/docker-compose.yml up
ExecStop=/usr/bin/docker-compose -f /apps/harbor/docker-compose.yml down[Install]
WantedBy=multi-user.target
EOFsystemctl daemon-reload systemctl enable harbor &>/dev/null && ${COLOR}"Harbor已配置为开机自动启动"${END}
}set_swap_limit(){if [ ${OS_RELEASE_VERSION} == "18" -o ${OS_RELEASE_VERSION} == "20" ];thengrep -q "swapaccount=1" /etc/default/grub && { ${COLOR}'"WARNING: No swap limit support"警告,已设置'${END};exit; }${COLOR}'设置Docker的"WARNING: No swap limit support"警告'${END}sed -ri '/^GRUB_CMDLINE_LINUX=/s@"$@ swapaccount=1"@' /etc/default/grubupdate-grub &> /dev/null${COLOR}"10秒后,机器会自动重启"${END}sleep 10rebootfi
}main(){oscheck_fileif [ ${OS_ID} == "CentOS" -o ${OS_ID} == "Rocky" ] &> /dev/null;thenrpm -q docker-ce &> /dev/null && ${COLOR}"Docker已安装"${END} || centos_install_dockerelsedpkg -s docker-ce &>/dev/null && ${COLOR}"Docker已安装"${END} || ubuntu_install_dockerfi[ -f /etc/docker/daemon.json ] &>/dev/null && ${COLOR}"Docker镜像加速器已设置"${END} || mirror_acceleratorgrep -Eqoi "(.*rmi=|.*rmc=)" ~/.bashrc && ${COLOR}"Docker别名已设置"${END} || set_alias[ -f /usr/bin/docker-compose ] && ${COLOR}"Docker Compose已安装"${END} || install_docker_composesystemctl is-active harbor &> /dev/null && ${COLOR}"Harbor已安装"${END} || install_harborset_swap_limit
}main

4.harbor 安全 https 配置

harbor默认使用http,为了安全,可以使用https。

4.1 主机初始化

参考3.1里面的设置。

4.2 安装docker

[root@rocky9-2 ~]# cat install_docker-binary_v2.sh 
#!/bin/bash
#
#*************************************************************************************************************
#Author:        Raymond
#QQ:            88563128
#Date:          2024-01-17
#FileName:      install_docker-binary_v2.sh
#URL:           raymond.blog.csdn.net
#Description:   install_docker-binary for CentOS 7 & CentOS Stream 8/9 & Ubuntu 18.04/20.04/22.04 & Rocky 8/9
#Copyright (C): 2024 All rights reserved
#*************************************************************************************************************
SRC_DIR=/usr/local/src
COLOR="echo -e \\033[01;31m"
END='\033[0m'
URL='https://mirrors.aliyun.com/docker-ce/linux/static/stable/x86_64/'
DOCKER_FILE=docker-24.0.7.tgzos(){OS_ID=`sed -rn '/^NAME=/s@.*="([[:alpha:]]+).*"$@\1@p' /etc/os-release`OS_RELEASE_VERSION=`sed -rn '/^VERSION_ID=/s@.*="?([0-9]+)\.?.*"?@\1@p' /etc/os-release`
}check_file (){cd ${SRC_DIR}if [ ${OS_ID} == "CentOS" -o ${OS_ID} == "Rocky" ] &> /dev/null;thenrpm -q wget &> /dev/null || { ${COLOR}"安装wget工具,请稍等..."${END};yum -y install wget &> /dev/null; }fiif [ ! -e ${DOCKER_FILE} ];then${COLOR}"缺少${DOCKER_FILE}文件,如果是离线包,请把文件放到${SRC_DIR}目录下"${END}${COLOR}'开始下载Docker二进制安装包'${END}wget ${URL}${DOCKER_FILE} || { ${COLOR}"Docker二进制安装包下载失败"${END}; exit; } else${COLOR}"相关文件已准备好"${END}fi
}install(){ [ -f /usr/bin/docker ] && { ${COLOR}"Docker已存在,安装失败"${END};exit; }${COLOR}"开始安装Docker,请稍等..."${END}if [ ${OS_ID} == "CentOS" -o ${OS_ID} == "Rocky" ] &> /dev/null;thenrpm -q tar &> /dev/null || { ${COLOR}"安装tar工具,请稍等..."${END};yum -y install tar &> /dev/null; }fitar xf ${DOCKER_FILE} mv docker/* /usr/bin/cat > /lib/systemd/system/docker.service <<-EOF
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target firewalld.service
Wants=network-online.target[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStart=/usr/bin/dockerd -H unix://var/run/docker.sock
ExecReload=/bin/kill -s HUP \$MAINPID
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
# Uncomment TasksMax if your systemd version supports it.
# Only systemd 226 and above support this version.
#TasksMax=infinity
TimeoutStartSec=0
# set delegate yes so that systemd does not reset the cgroups of docker containers
Delegate=yes
# kill only the docker process, not all processes in the cgroup
KillMode=process
# restart the docker process if it exits prematurely
Restart=on-failure
StartLimitBurst=3
StartLimitInterval=60s[Install]
WantedBy=multi-user.target
EOFmkdir -p /etc/dockercat > /etc/docker/daemon.json <<-EOF
{"registry-mirrors": ["https://registry.docker-cn.com","https://hub-mirror.c.163.com","https://docker.mirrors.ustc.edu.cn"],"data-root": "/data/docker","exec-opts": ["native.cgroupdriver=systemd"],"max-concurrent-downloads": 10,"max-concurrent-uploads": 5,"log-opts": {"max-size": "300m","max-file": "2"  },"live-restore": true
}
EOFecho 'alias rmi="docker images -qa|xargs docker rmi -f"' >> ~/.bashrcecho 'alias rmc="docker ps -qa|xargs docker rm -f"' >> ~/.bashrcsystemctl daemon-reloadsystemctl enable --now docker &> /dev/nullsystemctl is-active docker &> /dev/null && ${COLOR}"Docker 服务启动成功"${END} || { ${COLOR}"Docker 启动失败"${END};exit; }docker version && ${COLOR}"Docker 安装成功"${END} || ${COLOR}"Docker 安装失败"${END}
}set_swap_limit(){if [ ${OS_RELEASE_VERSION} == "18" -o ${OS_RELEASE_VERSION} == "20" ];thengrep -q "swapaccount=1" /etc/default/grub && { ${COLOR}'"WARNING: No swap limit support"警告,已设置'${END};exit; }${COLOR}'设置Docker的"WARNING: No swap limit support"警告'${END}sed -ri '/^GRUB_CMDLINE_LINUX=/s@"$@ swapaccount=1"@' /etc/default/grubupdate-grub &> /dev/null${COLOR}"10秒后,机器会自动重启!"${END}sleep 10rebootfi
}main(){oscheck_fileinstallset_swap_limit
}main[root@rocky9-2 ~]# bash install_docker-binary_v2.sh[root@rocky9-2 ~]# docker version
Client:Version:           24.0.7API version:       1.43Go version:        go1.20.10Git commit:        afdd53bBuilt:             Thu Oct 26 09:04:00 2023OS/Arch:           linux/amd64Context:           defaultServer: Docker Engine - CommunityEngine:Version:          24.0.7API version:      1.43 (minimum version 1.12)Go version:       go1.20.10Git commit:       311b9ffBuilt:            Thu Oct 26 09:05:28 2023OS/Arch:          linux/amd64Experimental:     falsecontainerd:Version:          v1.7.6GitCommit:        091922f03c2762540fd057fba91260237ff86acbrunc:Version:          1.1.9GitCommit:        v1.1.9-0-gccaecfcdocker-init:Version:          0.19.0GitCommit:        de40ad0

4.3 安装docker compose

[root@rocky9-2 ~]# wget https://github.com/docker/compose/releases/download/v2.23.3/docker-compose-linux-x86_64[root@rocky9-2 ~]# mv docker-compose-linux-x86_64 /usr/bin/docker-compose
[root@rocky9-2 ~]# chmod +x /usr/bin/docker-compose[root@rocky9-2 ~]# docker-compose -v
Docker Compose version v2.23.3

4.4 下载Harbor安装包并解压缩

[root@rocky9-2 ~]# wget https://github.com/goharbor/harbor/releases/download/v2.10.0/harbor-offline-installer-v2.10.0.tgz[root@rocky9-2 ~]# mkdir /apps[root@rocky9-2 ~]# tar xvf harbor-offline-installer-v2.10.0.tgz -C /apps/
harbor/harbor.v2.10.0.tar.gz
harbor/prepare
harbor/LICENSE
harbor/install.sh
harbor/common.sh
harbor/harbor.yml.tmpl

4.5 生成私钥和证书

最新文档: https://goharbor.io/docs/2.10.0/install-config/configure-https/

[root@rocky9-2 ~]# touch /root/.rnd
[root@rocky9-2 ~]# mkdir /apps/harbor/certs/
[root@rocky9-2 ~]# cd /apps/harbor/certs/# 1.生成证书颁发机构证书
# 生成CA证书私钥
[root@rocky9-2 certs]# openssl genrsa -out ca.key 4096# 生成CA证书,请把下面的变量DOMAIN值改成自己的域名
[root@rocky9-2 certs]# DOMAIN=raymonds.cc[root@rocky9-2 certs]# openssl req -x509 -new -nodes -sha512 -days 3650 -subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=ca.${DOMAIN}" -key ca.key -out ca.crt# 2.生成服务器证书
# 生成私人密钥
[root@rocky9-2 certs]# openssl genrsa -out harbor.${DOMAIN}.key 4096# 生成证书签名请求(CSR)
[root@rocky9-2 certs]# openssl req -sha512 -new -subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=harbor.${DOMAIN}" -key harbor.${DOMAIN}.key -out harbor.${DOMAIN}.csr# 生成 x509 v3 扩展文件
[root@rocky9-2 certs]# cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names[alt_names]
DNS.1=${DOMAIN}
DNS.2=ca.${DOMAIN}
DNS.3=harbor.${DOMAIN}
EOF# 使用 v3.ext 文件为 Harbor 主机生成证书
[root@rocky9-2 certs]# openssl x509 -req -sha512 -days 3650 -extfile v3.ext -CA ca.crt -CAkey ca.key -CAcreateserial -in harbor.${DOMAIN}.csr -out harbor.${DOMAIN}.crt# 转换crt为cert,供Docker使用,Docker守护程序将.crt文件解释为CA证书,并将.cert文件解释为客户端证书
[root@rocky9-2 certs]# openssl x509 -inform PEM -in harbor.${DOMAIN}.crt -out harbor.${DOMAIN}.cert[root@rocky9-2 certs]# tree
-bash: tree: command not found
# 没有tree命令# 安装tree
[root@Rocky9-2 certs]# dnf -y install tree[root@rocky9-2 certs]# tree
.
├── ca.crt
├── ca.key
├── ca.srl
├── harbor.raymonds.cc.cert
├── harbor.raymonds.cc.crt
├── harbor.raymonds.cc.csr
├── harbor.raymonds.cc.key
└── v3.ext0 directories, 8 files

4.6 编辑配置文件 harbor.cfg

[root@Rocky9-2 certs]# cd ..
[root@Rocky9-2 harbor]# ls
certs  common.sh  harbor.v2.10.0.tar.gz  harbor.yml.tmpl  install.sh  LICENSE  prepare
[root@Rocky9-2 harbor]# mv harbor.yml.tmpl harbor.yml[root@Rocky9-2 harbor]# vim harbor.yml
-bash: vim: command not found
# Rocky和CentOS默认没有安装vim。[root@Rocky9-2 harbor]# dnf -y install vim[root@Rocky9-2 harbor]# vim harbor.yml
hostname: harbor.raymonds.cchttps:port: 443certificate: /apps/harbor/certs/harbor.raymonds.cc.crtprivate_key: /apps/harbor/certs/harbor.raymonds.cc.keyharbor_admin_password: 123456# 使用下面命令直接替换
HARBOR_INSTALL_DIR=/apps
HARBOR_ADMIN_PASSWORD=123456sed -ri.bak -e 's/^(hostname:) .*/\1 harbor.'''${DOMAIN}'''/' -e 's@  (certificate:) .*@  \1 '''${HARBOR_INSTALL_DIR}'''/harbor/certs/harbor.'''${DOMAIN}'''.crt@' -e 's@  (private_key:) .*@  \1 '''${HARBOR_INSTALL_DIR}'''/harbor/certs/harbor.'''${DOMAIN}'''.key@' -e 's/^(harbor_admin_password:) .*/\1 '''${HARBOR_ADMIN_PASSWORD}'''/' ${HARBOR_INSTALL_DIR}/harbor/harbor.yml

4.7 运行 harbor 安装脚本

# 先安装python
# rocky和CentOS
yum -y install python3# Ubuntu
apt -y install python3# --with-trivy:选择安装镜像扫描组件Trivy。
[root@rocky9-2 harbor]# ./install.sh --with-trivy[Step 0]: checking if docker is installed ...Note: docker version: 24.0.7[Step 1]: checking docker-compose is installed ...Note: docker-compose version: 2.23.3[Step 2]: loading Harbor images ...
ad00c0c1d948: Loading layer [==================================================>]  40.11MB/40.11MB
7570a78aea36: Loading layer [==================================================>]   9.08MB/9.08MB
04774e0e84f2: Loading layer [==================================================>]  4.096kB/4.096kB
8a42710a9f5a: Loading layer [==================================================>]  3.072kB/3.072kB
f1990e77f8e5: Loading layer [==================================================>]    197MB/197MB
172f5af926be: Loading layer [==================================================>]   17.6MB/17.6MB
2bef5dd17a10: Loading layer [==================================================>]  215.4MB/215.4MB
Loaded image: goharbor/trivy-adapter-photon:v2.10.0
8c10ac3a40a9: Loading layer [==================================================>]  89.84MB/89.84MB
cc741ba6af65: Loading layer [==================================================>]  65.11MB/65.11MB
7877ea7046dd: Loading layer [==================================================>]   13.2MB/13.2MB
3de91a0984fe: Loading layer [==================================================>]  65.54kB/65.54kB
4d2cda613456: Loading layer [==================================================>]   2.56kB/2.56kB
625b81c9e514: Loading layer [==================================================>]  1.536kB/1.536kB
6496ec4ce84e: Loading layer [==================================================>]  12.29kB/12.29kB
2b332fb0075b: Loading layer [==================================================>]  5.322MB/5.322MB
f8976ae46d77: Loading layer [==================================================>]  457.7kB/457.7kB
Loaded image: goharbor/prepare:v2.10.0
a36cb8a4e510: Loading layer [==================================================>]  126.1MB/126.1MB
fd72ef63aacc: Loading layer [==================================================>]  3.584kB/3.584kB
162d9960a2b9: Loading layer [==================================================>]  3.072kB/3.072kB
b71508b0d586: Loading layer [==================================================>]   2.56kB/2.56kB
18c685e189cb: Loading layer [==================================================>]  3.072kB/3.072kB
84690af2e82b: Loading layer [==================================================>]  3.584kB/3.584kB
8d7eb73e8207: Loading layer [==================================================>]  20.48kB/20.48kB
Loaded image: goharbor/harbor-log:v2.10.0
001da4979db8: Loading layer [==================================================>]  8.562MB/8.562MB
275281f671bf: Loading layer [==================================================>]  4.096kB/4.096kB
f6856e2d539f: Loading layer [==================================================>]   17.4MB/17.4MB
557317f3c1c5: Loading layer [==================================================>]  3.072kB/3.072kB
942b8c3060c6: Loading layer [==================================================>]  32.81MB/32.81MB
b2bc30e737e7: Loading layer [==================================================>]     51MB/51MB
Loaded image: goharbor/harbor-registryctl:v2.10.0
d5e5478da184: Loading layer [==================================================>]  116.8MB/116.8MB
Loaded image: goharbor/nginx-photon:v2.10.0
74a7f6a8de8c: Loading layer [==================================================>]  11.58MB/11.58MB
46523ccaf371: Loading layer [==================================================>]   27.6MB/27.6MB
3cea6b428022: Loading layer [==================================================>]  4.608kB/4.608kB
9815d4ae0f06: Loading layer [==================================================>]  28.39MB/28.39MB
Loaded image: goharbor/harbor-exporter:v2.10.0
7d7e15ae8ca1: Loading layer [==================================================>]  15.93MB/15.93MB
e13b0ff80947: Loading layer [==================================================>]  111.8MB/111.8MB
da74a4230588: Loading layer [==================================================>]  3.072kB/3.072kB
89240f6f343b: Loading layer [==================================================>]   59.9kB/59.9kB
7b00214da46a: Loading layer [==================================================>]  61.95kB/61.95kB
Loaded image: goharbor/redis-photon:v2.10.0
345fdbd05997: Loading layer [==================================================>]  8.562MB/8.562MB
5c4443929555: Loading layer [==================================================>]  4.096kB/4.096kB
605c9788ef17: Loading layer [==================================================>]  3.072kB/3.072kB
b2ab56de0e45: Loading layer [==================================================>]   17.4MB/17.4MB
950eb2734789: Loading layer [==================================================>]  18.19MB/18.19MB
Loaded image: goharbor/registry-photon:v2.10.0
7693164e30e0: Loading layer [==================================================>]  116.8MB/116.8MB
6b50b5d516aa: Loading layer [==================================================>]  6.531MB/6.531MB
5aea217650ad: Loading layer [==================================================>]  246.8kB/246.8kB
0b3de92ff70b: Loading layer [==================================================>]  1.477MB/1.477MB
Loaded image: goharbor/harbor-portal:v2.10.0
b79ac58f353c: Loading layer [==================================================>]  11.58MB/11.58MB
18c4c015e339: Loading layer [==================================================>]  3.584kB/3.584kB
c6eef6a39935: Loading layer [==================================================>]   2.56kB/2.56kB
03db56130352: Loading layer [==================================================>]  58.57MB/58.57MB
78c9748f2d29: Loading layer [==================================================>]  5.632kB/5.632kB
e1732f90232a: Loading layer [==================================================>]  123.4kB/123.4kB
6b733e4833c8: Loading layer [==================================================>]  80.38kB/80.38kB
fe6828cc147a: Loading layer [==================================================>]  59.56MB/59.56MB
8e1349c44768: Loading layer [==================================================>]   2.56kB/2.56kB
Loaded image: goharbor/harbor-core:v2.10.0
02b0385778eb: Loading layer [==================================================>]  15.93MB/15.93MB
ac2be26232ee: Loading layer [==================================================>]    175MB/175MB
1e3e9dba5eaa: Loading layer [==================================================>]  25.47MB/25.47MB
c7fa85d79c1c: Loading layer [==================================================>]  18.14MB/18.14MB
f9ef6596c7ce: Loading layer [==================================================>]   5.12kB/5.12kB
e35036cc139f: Loading layer [==================================================>]  6.144kB/6.144kB
0cb7ded8041a: Loading layer [==================================================>]  3.072kB/3.072kB
5d178abacde0: Loading layer [==================================================>]  2.048kB/2.048kB
67fe09fd709b: Loading layer [==================================================>]   2.56kB/2.56kB
d0b4aac335c4: Loading layer [==================================================>]   7.68kB/7.68kB
Loaded image: goharbor/harbor-db:v2.10.0
fced8697b2c7: Loading layer [==================================================>]  11.58MB/11.58MB
af968b902c26: Loading layer [==================================================>]  3.584kB/3.584kB
7caaebde63bc: Loading layer [==================================================>]   2.56kB/2.56kB
d6e3c7a6ef36: Loading layer [==================================================>]  44.96MB/44.96MB
bc8a8ef654ea: Loading layer [==================================================>]  45.75MB/45.75MB
Loaded image: goharbor/harbor-jobservice:v2.10.0[Step 3]: preparing environment ...[Step 4]: preparing harbor configs ...
prepare base dir is set to /apps/harbor
Generated configuration file: /config/portal/nginx.conf
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/registryctl/config.yml
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
Generated and saved secret to file: /data/secret/keys/secretkey
Successfully called func: create_root_cert
Generated configuration file: /config/trivy-adapter/env
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dirNote: stopping existing Harbor instance ...[Step 5]: starting Harbor ...
[+] Running 11/11✔ Network harbor_harbor        Created                                                                            0.1s ✔ Container harbor-log         Started                                                                            0.0s ✔ Container harbor-db          Started                                                                            0.1s ✔ Container redis              Started                                                                            0.1s ✔ Container registry           Started                                                                            0.1s ✔ Container registryctl        Started                                                                            0.0s ✔ Container harbor-portal      Started                                                                            0.1s ✔ Container trivy-adapter      Started                                                                            0.0s ✔ Container harbor-core        Started                                                                            0.0s ✔ Container nginx              Started                                                                            0.0s ✔ Container harbor-jobservice  Started                                                                            0.0s 
✔ ----Harbor has been installed and started successfully.----✔ ----Harbor has been installed and started successfully.----
# 出现“Harbor has been installed and started successfully”提示表示安装成功。[root@rocky9 harbor]# docker-compose ps
NAME                IMAGE                                   COMMAND                  SERVICE         CREATED              STATUS                        PORTS
harbor-core         goharbor/harbor-core:v2.10.0            "/harbor/entrypoint.…"   core            About a minute ago   Up About a minute (healthy)   
harbor-db           goharbor/harbor-db:v2.10.0              "/docker-entrypoint.…"   postgresql      About a minute ago   Up About a minute (healthy)   
harbor-jobservice   goharbor/harbor-jobservice:v2.10.0      "/harbor/entrypoint.…"   jobservice      About a minute ago   Up About a minute (healthy)   
harbor-log          goharbor/harbor-log:v2.10.0             "/bin/sh -c /usr/loc…"   log             About a minute ago   Up About a minute (healthy)   127.0.0.1:1514->10514/tcp
harbor-portal       goharbor/harbor-portal:v2.10.0          "nginx -g 'daemon of…"   portal          About a minute ago   Up About a minute (healthy)   
nginx               goharbor/nginx-photon:v2.10.0           "nginx -g 'daemon of…"   proxy           About a minute ago   Up About a minute (healthy)   0.0.0.0:80->8080/tcp, :::80->8080/tcp, 0.0.0.0:443->8443/tcp, :::443->8443/tcp
redis               goharbor/redis-photon:v2.10.0           "redis-server /etc/r…"   redis           About a minute ago   Up About a minute (healthy)   
registry            goharbor/registry-photon:v2.10.0        "/home/harbor/entryp…"   registry        About a minute ago   Up About a minute (healthy)   
registryctl         goharbor/harbor-registryctl:v2.10.0     "/home/harbor/start.…"   registryctl     About a minute ago   Up About a minute (healthy)   
trivy-adapter       goharbor/trivy-adapter-photon:v2.10.0   "/home/scanner/entry…"   trivy-adapter   About a minute ago   Up About a minute (healthy) 

4.8 实现开机自动启动 harbor

[root@rocky9-2 harbor]# cat > /lib/systemd/system/harbor.service <<-EOF
[Unit]
Description=Harbor
After=docker.service systemd-networkd.service systemd-resolved.service
Requires=docker.service
Documentation=http://github.com/vmware/harbor[Service]
Type=simple
Restart=on-failure
RestartSec=5
ExecStart=/usr/bin/docker-compose -f /apps/harbor/docker-compose.yml up
ExecStop=/usr/bin/docker-compose -f /apps/harbor/docker-compose.yml down[Install]
WantedBy=multi-user.target
EOF[root@rocky9-2 harbor]# systemctl daemon-reload && systemctl enable harbor

4.9 用https方式访问harbor网站

在windows系统C:\Windows\System32\drivers\etc\hosts文件里,添加下面内容

172.31.0.19 harbor.raymonds.cc

在浏览器输入“harbor.raymonds.cc”,然后选择“高级”。

在这里插入图片描述

图1-10 访问harbor

选择下面的“继续访问harbor.raymonds.cc”。

t1-11

图1-11 访问harbor2

输入用户名和密码,选择“登陆”。

在这里插入图片描述

图1-12 登陆harbor

图1-13就是harbor登陆后的界面。

t1-13

图1-13 harbor登陆后的界面

图1-14就是harbor.raymonds.cc网址的证书。

t1-14

图1-14 harbor网址证书

4.10 使用 harbor

4.10.1 建立项目

harbor上必须先建立项目,才能上传镜像

在“项目”菜单下面选择“新建项目”。

t1-15

图1-15 新建项目

在“新建项目”窗口,设置“项目名称”为linux,勾选“访问级别”后面的“公开”选项,然后点“确定”。

在这里插入图片描述

图1-16 新建项目

可以看到下图已经新建了项目linux。

t1-17

图1-17 创建完项目后的界面

4.10.2 在客户端下载CA的证书

直接上传镜像会报错

[root@rocky9-2 harbor]# cat >> /etc/hosts <<-EOF
172.31.0.19 harbor.raymonds.cc
EOF# 没有证书验证,直接登录失败
[root@rocky9-2 harbor]# docker login harbor.raymonds.cc
Username: admin
Password: 
.Error response from daemon: Get "https://harbor.raymonds.cc/v2/": tls: failed to verify certificate: x509: certificate signed by unknown authority

在客户端下载ca的证书

[root@rocky9-2 harbor]# mkdir -pv /etc/docker/certs.d/harbor.${DOMAIN}
mkdir: created directory '/etc/docker/certs.d'
mkdir: created directory '/etc/docker/certs.d/harbor.raymonds.cc'[root@rocky9-2 harbor]# scp -r /apps/harbor/certs/{harbor.${DOMAIN}.cert,harbor.${DOMAIN}.key,ca.crt} /etc/docker/certs.d/harbor.${DOMAIN}[root@rocky9 certs]# tree /etc/docker/certs.d/harbor.${DOMAIN}
/etc/docker/certs.d/harbor.raymonds.cc/
├── ca.crt
├── harbor.raymonds.cc.cert
└── harbor.raymonds.cc.key0 directories, 3 files

4.10.3 从客户端上传镜像

# 先登录系统
[root@rocky9 certs]# docker login harbor.raymonds.cc
Username: admin
Password: 
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-storeLogin Succeeded[root@rocky9-2 harbor]# cat ~/.docker/config.json
{"auths": {"harbor.raymonds.cc": {"auth": "YWRtaW46MTIzNDU2"}}
}

4.10.4 给本地镜像打标签并上传到harbor

修改 images 的名称,不修改成指定格式无法将镜像上传到 harbor 仓库

[root@Rocky9-2 harbor]# docker pull alpine[root@Rocky9-2 harbor]# docker images |grep "alpine"
alpine                          latest    f8c20f8bbcb6   5 weeks ago   7.38MB[root@Rocky9-2 harbor]# docker tag alpine harbor.raymonds.cc/linux/alpine
[root@Rocky9-2 harbor]# docker images |grep "alpine"
alpine                            latest    f8c20f8bbcb6   5 weeks ago   7.38MB
harbor.raymonds.cc/linux/alpine   latest    f8c20f8bbcb6   5 weeks ago   7.38MB[root@rocky9-2 harbor]# docker push harbor.raymonds.cc/linux/alpine
Using default tag: latest
The push refers to repository [harbor.raymonds.cc/linux/alpine]
5af4f8f59b76: Pushed 
latest: digest: sha256:13b7e62e8df80264dbb747995705a986aa530415763a6c58f84a3ca8af9a5bcd size: 528

访问harbor网站验证上传镜像成功

在这里插入图片描述

图1-18 查看上传的镜像

4.10.5 下载harbor的镜像

在172.31.0.8的Rocky 8的主机上无需登录,即可下载镜像

首先要主机初始化和安装docker,安装方法参考4.1和4.2。

[root@rocky8 ~]# cat >> /etc/hosts <<-EOF
172.31.0.19 harbor.raymonds.cc
EOF[root@rocky8 ~]# docker pull harbor.raymonds.cc/linux/alpine
Using default tag: latest
Error response from daemon: Get "https://harbor.raymonds.cc/v2/": tls: failed to verify certificate: x509: certificate signed by unknown authority
# 没有证书不能推送镜像。[root@rocky8 ~]# DOMAIN=raymonds.cc
[root@rocky8 ~]# mkdir -pv /etc/docker/certs.d/harbor.${DOMAIN}
mkdir: created directory '/etc/docker/certs.d'
mkdir: created directory '/etc/docker/certs.d/harbor.raymonds.cc'[root@Rocky9-2 harbor]# scp -r /apps/harbor/certs/{harbor.${DOMAIN}.cert,harbor.${DOMAIN}.key,ca.crt} 172.31.0.8:/etc/docker/certs.d/harbor.${DOMAIN}/[root@rocky8 ~]# tree /etc/docker/certs.d/harbor.${DOMAIN}/
-bash: tree: command not found
[root@rocky8 ~]# dnf -y install tree[root@rocky8 ~]# tree /etc/docker/certs.d/harbor.${DOMAIN}/
/etc/docker/certs.d/harbor.raymonds.cc/
├── ca.crt
├── harbor.raymonds.cc.cert
└── harbor.raymonds.cc.key0 directories, 3 files[root@rocky8 ~]# docker pull harbor.raymonds.cc/linux/alpine
Using default tag: latest
latest: Pulling from linux/alpine
661ff4d9561e: Pull complete 
Digest: sha256:13b7e62e8df80264dbb747995705a986aa530415763a6c58f84a3ca8af9a5bcd
Status: Downloaded newer image for harbor.raymonds.cc/linux/alpine:latest
harbor.raymonds.cc/linux/alpine:latest[root@rocky8 ~]# docker images
REPOSITORY                        TAG       IMAGE ID       CREATED       SIZE
harbor.raymonds.cc/linux/alpine   latest    f8c20f8bbcb6   5 weeks ago   7.38MB

4.11一键安装harbor脚本https方式

Shell脚本源码地址:

Gitee:https://gitee.com/raymond9/shell

Github:https://github.com/raymond999999/shell

可以去上面的Gitee或Github代码仓库拉取脚本。

4.11.1 基于docker二进制包一键安装Harbor脚本https方式

[root@rocky9-2 ~]# cat install_harbor_https_v2_1.sh
#!/bin/bash
#
#******************************************************************************************************************
#Author:        Raymond
#QQ:            88563128
#Date:          2024-01-26
#FileName:      install_harbor_https_v2_1.sh
#URL:           raymond.blog.csdn.net
#Description:   install_harbor_https for CentOS 7 & CentOS Stream 8/9 & Ubuntu 18.04/20.04/22.04 & Rocky 8/9
#Copyright (C): 2024 All rights reserved
#******************************************************************************************************************
SRC_DIR=/usr/local/src
COLOR="echo -e \\033[01;31m"
END='\033[0m'URL='https://mirrors.aliyun.com/docker-ce/linux/static/stable/x86_64/'
DOCKER_FILE=docker-24.0.7.tgz# Docker Compose下载地址:“https://github.com/docker/compose/releases/download/v2.23.3/docker-compose-linux-x86_64”,请提前下载。
DOCKER_COMPOSE_FILE=docker-compose-linux-x86_64# Harbor下载地址:“https://github.com/goharbor/harbor/releases/download/v2.10.0/harbor-offline-installer-v2.10.0.tgz”,请提前下载。
HARBOR_FILE=harbor-offline-installer-v
HARBOR_VERSION=2.10.0
TAR=.tgz
HARBOR_INSTALL_DIR=/apps
DOMAIN=raymonds.cc
HARBOR_ADMIN_PASSWORD=123456os(){OS_ID=`sed -rn '/^NAME=/s@.*="([[:alpha:]]+).*"$@\1@p' /etc/os-release`OS_RELEASE_VERSION=`sed -rn '/^VERSION_ID=/s@.*="?([0-9]+)\.?.*"?@\1@p' /etc/os-release`
}check_file (){cd ${SRC_DIR}if [ ${OS_ID} == "CentOS" -o ${OS_ID} == "Rocky" ] &> /dev/null;thenrpm -q wget &> /dev/null || { ${COLOR}"安装wget工具,请稍等..."${END};yum -y install wget &> /dev/null; }fiif [ ! -e ${DOCKER_FILE} ];then${COLOR}"缺少${DOCKER_FILE}文件,如果是离线包,请把文件放到${SRC_DIR}目录下"${END}${COLOR}'开始下载DOCKER二进制源码包'${END}wget ${URL}${DOCKER_FILE} || { ${COLOR}"DOCKER二进制安装包下载失败"${END}; exit; }elif [ ! -e ${DOCKER_COMPOSE_FILE} ];then${COLOR}"缺少${DOCKER_COMPOSE_FILE}文件,请把文件放到${SRC_DIR}目录下"${END}exitelif [ ! -e ${HARBOR_FILE}${HARBOR_VERSION}${TAR} ];then${COLOR}"缺少${HARBOR_FILE}${HARBOR_VERSION}${TAR}文件,请把文件放到${SRC_DIR}目录下"${END}exitelse${COLOR}"相关文件已准备好"${END}fi
}install_docker(){ ${COLOR}"开始安装Docker,请稍等..."${END}tar xf ${DOCKER_FILE}mv docker/* /usr/bin/cat > /lib/systemd/system/docker.service <<-EOF
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target firewalld.service
Wants=network-online.target[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStart=/usr/bin/dockerd -H unix://var/run/docker.sock
ExecReload=/bin/kill -s HUP \$MAINPID
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
# Uncomment TasksMax if your systemd version supports it.
# Only systemd 226 and above support this version.
#TasksMax=infinity
TimeoutStartSec=0
# set delegate yes so that systemd does not reset the cgroups of docker containers
Delegate=yes
# kill only the docker process, not all processes in the cgroup
KillMode=process
# restart the docker process if it exits prematurely
Restart=on-failure
StartLimitBurst=3
StartLimitInterval=60s[Install]
WantedBy=multi-user.target
EOFmkdir -p /etc/dockercat > /etc/docker/daemon.json <<-EOF
{"registry-mirrors": ["https://registry.docker-cn.com","https://hub-mirror.c.163.com","https://docker.mirrors.ustc.edu.cn"],"data-root": "/data/docker","exec-opts": ["native.cgroupdriver=systemd"],"max-concurrent-downloads": 10,"max-concurrent-uploads": 5,"log-opts": {"max-size": "300m","max-file": "2"  },"live-restore": true
}
EOFecho 'alias rmi="docker images -qa|xargs docker rmi -f"' >> ~/.bashrcecho 'alias rmc="docker ps -qa|xargs docker rm -f"' >> ~/.bashrcsystemctl daemon-reloadsystemctl enable --now docker &> /dev/nullsystemctl is-active docker &> /dev/null && ${COLOR}"Docker 服务启动成功"${END} || { ${COLOR}"Docker 启动失败"${END};exit; }docker version && ${COLOR}"Docker 安装成功"${END} || ${COLOR}"Docker 安装失败"${END}
}install_docker_compose(){${COLOR}"开始安装Docker Compose,请稍等..."${END}mv ${SRC_DIR}/${DOCKER_COMPOSE_FILE} /usr/bin/docker-composechmod +x /usr/bin/docker-composedocker-compose --version &&  ${COLOR}"Docker Compose 安装完成"${END} || ${COLOR}"Docker compose 安装失败"${END}
}install_harbor(){${COLOR}"开始安装Harbor,请稍等..."${END}[ -d ${HARBOR_INSTALL_DIR} ] || mkdir ${HARBOR_INSTALL_DIR}tar xf ${SRC_DIR}/${HARBOR_FILE}${HARBOR_VERSION}${TAR} -C ${HARBOR_INSTALL_DIR}/# 生成私钥和证书touch /root/.rndmkdir /apps/harbor/certs/cd /apps/harbor/certs/openssl genrsa -out ca.key 4096openssl req -x509 -new -nodes -sha512 -days 3650 -subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=ca.${DOMAIN}" -key ca.key -out ca.crtopenssl genrsa -out harbor.${DOMAIN}.key 4096openssl req -sha512 -new -subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=harbor.${DOMAIN}" -key harbor.${DOMAIN}.key -out harbor.${DOMAIN}.csrcat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names[alt_names]
DNS.1=${DOMAIN}
DNS.2=ca.${DOMAIN}
DNS.3=harbor.${DOMAIN}
EOFopenssl x509 -req -sha512 -days 3650 -extfile v3.ext -CA ca.crt -CAkey ca.key -CAcreateserial -in harbor.${DOMAIN}.csr -out harbor.${DOMAIN}.crtopenssl x509 -inform PEM -in harbor.${DOMAIN}.crt -out harbor.${DOMAIN}.certmv ${HARBOR_INSTALL_DIR}/harbor/harbor.yml.tmpl ${HARBOR_INSTALL_DIR}/harbor/harbor.ymlsed -ri.bak -e 's/^(hostname:) .*/\1 harbor.'''${DOMAIN}'''/' -e 's@  (certificate:) .*@  \1 '''${HARBOR_INSTALL_DIR}'''/harbor/certs/harbor.'''${DOMAIN}'''.crt@' -e 's@  (private_key:) .*@  \1 '''${HARBOR_INSTALL_DIR}'''/harbor/certs/harbor.'''${DOMAIN}'''.key@' -e 's/^(harbor_admin_password:) .*/\1 '''${HARBOR_ADMIN_PASSWORD}'''/' ${HARBOR_INSTALL_DIR}/harbor/harbor.ymlif [ ${OS_ID} == "CentOS" -o ${OS_ID} == "Rocky" ] &> /dev/null;thenrpm -q python3 &> /dev/null || { ${COLOR}"安装python3,请稍等..."${END};yum -y install python3 &> /dev/null; }elsedpkg -s python3 &>/dev/null || { ${COLOR}"安装python3,请稍等..."${END};apt -y install python3 &> /dev/null; }fi${HARBOR_INSTALL_DIR}/harbor/install.sh --with-trivy && ${COLOR}"Harbor 安装完成"${END} ||  ${COLOR}"Harbor 安装失败"${END}cat > /lib/systemd/system/harbor.service <<-EOF
[Unit]
Description=Harbor
After=docker.service systemd-networkd.service systemd-resolved.service
Requires=docker.service
Documentation=http://github.com/vmware/harbor[Service]
Type=simple
Restart=on-failure
RestartSec=5
ExecStart=/usr/bin/docker-compose -f /apps/harbor/docker-compose.yml up
ExecStop=/usr/bin/docker-compose -f /apps/harbor/docker-compose.yml down[Install]
WantedBy=multi-user.target
EOFsystemctl daemon-reload systemctl enable harbor &>/dev/null && ${COLOR}"Harbor已配置为开机自动启动"${END}
}set_swap_limit(){if [ ${OS_RELEASE_VERSION} == "18" -o ${OS_RELEASE_VERSION} == "20" ];thengrep -q "swapaccount=1" /etc/default/grub && { ${COLOR}'"WARNING: No swap limit support"警告,已设置'${END};exit; }${COLOR}'设置Docker的"WARNING: No swap limit support"警告'${END}sed -ri '/^GRUB_CMDLINE_LINUX=/s@"$@ swapaccount=1"@' /etc/default/grubupdate-grub &> /dev/null${COLOR}"10秒后,机器会自动重启"${END}sleep 10rebootfi
}main(){oscheck_file[ -f /usr/bin/docker ] && ${COLOR}"Docker已安装"${END} || install_docker[ -f /usr/bin/docker-compose ] && ${COLOR}"Docker Compose已安装"${END} || install_docker_composesystemctl is-active harbor &> /dev/null && ${COLOR}"Harbor已安装"${END} || install_harborset_swap_limit
}main

4.11.2 基于docker镜像仓库一键安装Harbor脚本https方式

[root@rocky9-2 ~]# cat install_harbor_https_v2_2.sh
#!/bin/bash
#
#******************************************************************************************************************
#Author:        Raymond
#QQ:            88563128
#Date:          2024-01-26
#FileName:      install_harbor_https_v2_2.sh
#URL:           raymond.blog.csdn.net
#Description:   install_harbor_https for CentOS 7 & CentOS Stream 8/9 & Ubuntu 18.04/20.04/22.04 & Rocky 8/9
#Copyright (C): 2024 All rights reserved
#******************************************************************************************************************
SRC_DIR=/usr/local/src
COLOR="echo -e \\033[01;31m"
END='\033[0m'DOCKER_VERSION=24.0.7
DOCKER_MAIN_VERSION=`echo ${DOCKER_VERSION} | awk -F'.' '{print $1}'`
URL='mirrors.aliyun.com'# Docker Compose下载地址:“https://github.com/docker/compose/releases/download/v2.23.3/docker-compose-linux-x86_64”,请提前下载。
DOCKER_COMPOSE_FILE=docker-compose-linux-x86_64# Harbor下载地址:“https://github.com/goharbor/harbor/releases/download/v2.10.0/harbor-offline-installer-v2.10.0.tgz”,请提前下载。
HARBOR_FILE=harbor-offline-installer-v
HARBOR_VERSION=2.10.0
TAR=.tgz
HARBOR_INSTALL_DIR=/apps
DOMAIN=raymonds.cc
HARBOR_ADMIN_PASSWORD=123456os(){OS_ID=`sed -rn '/^NAME=/s@.*="([[:alpha:]]+).*"$@\1@p' /etc/os-release`OS_RELEASE_VERSION=`sed -rn '/^VERSION_ID=/s@.*="?([0-9]+)\.?.*"?@\1@p' /etc/os-release`
}check_file (){cd ${SRC_DIR}if [ ! -e ${DOCKER_COMPOSE_FILE} ];then${COLOR}"缺少${DOCKER_COMPOSE_FILE}文件,请把文件放到${SRC_DIR}目录下"${END}exitelif [ ! -e ${HARBOR_FILE}${HARBOR_VERSION}${TAR} ];then${COLOR}"缺少${HARBOR_FILE}${HARBOR_VERSION}${TAR}文件,请把文件放到${SRC_DIR}目录下"${END}exitelse${COLOR}"相关文件已准备好"${END}fi
}ubuntu_install_docker(){${COLOR}"开始安装Docker依赖包,请稍等..."${END}apt update &> /dev/nullapt -y install apt-transport-https ca-certificates curl software-properties-common &> /dev/nullcurl -fsSL https://${URL}/docker-ce/linux/ubuntu/gpg | sudo apt-key add - &> /dev/nulladd-apt-repository -y "deb [arch=amd64] https://${URL}/docker-ce/linux/ubuntu  $(lsb_release -cs) stable" &> /dev/null apt update &> /dev/null${COLOR}"Docker有以下版本"${END}apt-cache madison docker-ce${COLOR}"10秒后即将安装:Docker-"${DOCKER_VERSION}"版本......"${END}${COLOR}"如果想安装其它Docker版本,请按Ctrl+c键退出,修改版本再执行"${END}sleep 10${COLOR}"开始安装Docker,请稍等..."${END}if [ ${DOCKER_MAIN_VERSION} == "18" -o ${DOCKER_MAIN_VERSION} == "19" -o ${DOCKER_MAIN_VERSION} == "20" ];thenapt -y install docker-ce=5:${DOCKER_VERSION}~3-0~ubuntu-$(lsb_release -cs) docker-ce-cli=5:${DOCKER_VERSION}~3-0~ubuntu-$(lsb_release -cs) &> /dev/null || { ${COLOR}"apt源失败,请检查apt配置"${END};exit; }elseapt -y install docker-ce=5:${DOCKER_VERSION}-1~ubuntu.$(lsb_release -rs)~$(lsb_release -cs) docker-ce-cli=5:${DOCKER_VERSION}-1~ubuntu.$(lsb_release -rs)~$(lsb_release -cs) &> /dev/null || { ${COLOR}"apt源失败,请检查apt配置"${END};exit; }fi
}centos_install_docker(){${COLOR}"开始安装Docker依赖包,请稍等..."${END}yum -y install yum-utils &> /dev/nullyum-config-manager --add-repo https://${URL}/docker-ce/linux/centos/docker-ce.repo &> /dev/nullyum clean all &> /dev/nullyum makecache &> /dev/null${COLOR}"Docker有以下版本"${END}yum list docker-ce.x86_64 --showduplicates${COLOR}"10秒后即将安装:Docker-"${DOCKER_VERSION}"版本......"${END}${COLOR}"如果想安装其它Docker版本,请按Ctrl+c键退出,修改版本再执行"${END}sleep 10${COLOR}"开始安装Docker,请稍等..."${END}yum -y install docker-ce-${DOCKER_VERSION} docker-ce-cli-${DOCKER_VERSION} &> /dev/null || { ${COLOR}"yum源失败,请检查yum配置"${END};exit; }
}mirror_accelerator(){mkdir -p /etc/dockercat > /etc/docker/daemon.json <<-EOF
{"registry-mirrors": ["https://registry.docker-cn.com","https://hub-mirror.c.163.com","https://docker.mirrors.ustc.edu.cn"],"data-root": "/data/docker","exec-opts": ["native.cgroupdriver=systemd"],"max-concurrent-downloads": 10,"max-concurrent-uploads": 5,"log-opts": {"max-size": "300m","max-file": "2"  },"live-restore": true
}
EOFsystemctl daemon-reloadsystemctl enable --now dockersystemctl is-active docker &> /dev/null && ${COLOR}"Docker 服务启动成功"${END} || { ${COLOR}"Docker 启动失败"${END};exit; }docker version &&  ${COLOR}"Docker 安装成功"${END} || ${COLOR}"Docker 安装失败"${END}
}set_alias(){echo 'alias rmi="docker images -qa|xargs docker rmi -f"' >> ~/.bashrcecho 'alias rmc="docker ps -qa|xargs docker rm -f"' >> ~/.bashrc
}install_docker_compose(){${COLOR}"开始安装Docker Compose,请稍等..."${END}mv ${SRC_DIR}/${DOCKER_COMPOSE_FILE} /usr/bin/docker-composechmod +x /usr/bin/docker-composedocker-compose --version &&  ${COLOR}"Docker Compose 安装完成"${END} || ${COLOR}"Docker compose 安装失败"${END}
}install_harbor(){${COLOR}"开始安装Harbor,请稍等..."${END}[ -d ${HARBOR_INSTALL_DIR} ] || mkdir ${HARBOR_INSTALL_DIR}tar xf ${SRC_DIR}/${HARBOR_FILE}${HARBOR_VERSION}${TAR} -C ${HARBOR_INSTALL_DIR}/# 生成私钥和证书touch /root/.rndmkdir /apps/harbor/certs/cd /apps/harbor/certs/openssl genrsa -out ca.key 4096openssl req -x509 -new -nodes -sha512 -days 3650 -subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=ca.${DOMAIN}" -key ca.key -out ca.crtopenssl genrsa -out harbor.${DOMAIN}.key 4096openssl req -sha512 -new -subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=harbor.${DOMAIN}" -key harbor.${DOMAIN}.key -out harbor.${DOMAIN}.csrcat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names[alt_names]
DNS.1=${DOMAIN}
DNS.2=ca.${DOMAIN}
DNS.3=harbor.${DOMAIN}
EOFopenssl x509 -req -sha512 -days 3650 -extfile v3.ext -CA ca.crt -CAkey ca.key -CAcreateserial -in harbor.${DOMAIN}.csr -out harbor.${DOMAIN}.crtopenssl x509 -inform PEM -in harbor.${DOMAIN}.crt -out harbor.${DOMAIN}.certmv ${HARBOR_INSTALL_DIR}/harbor/harbor.yml.tmpl ${HARBOR_INSTALL_DIR}/harbor/harbor.ymlsed -ri.bak -e 's/^(hostname:) .*/\1 harbor.'''${DOMAIN}'''/' -e 's@  (certificate:) .*@  \1 '''${HARBOR_INSTALL_DIR}'''/harbor/certs/harbor.'''${DOMAIN}'''.crt@' -e 's@  (private_key:) .*@  \1 '''${HARBOR_INSTALL_DIR}'''/harbor/certs/harbor.'''${DOMAIN}'''.key@' -e 's/^(harbor_admin_password:) .*/\1 '''${HARBOR_ADMIN_PASSWORD}'''/' ${HARBOR_INSTALL_DIR}/harbor/harbor.ymlif [ ${OS_ID} == "CentOS" -o ${OS_ID} == "Rocky" ] &> /dev/null;thenrpm -q python3 &> /dev/null || { ${COLOR}"安装python3,请稍等..."${END};yum -y install python3 &> /dev/null; }elsedpkg -s python3 &>/dev/null || { ${COLOR}"安装python3,请稍等..."${END};apt -y install python3 &> /dev/null; }fi${HARBOR_INSTALL_DIR}/harbor/install.sh --with-trivy && ${COLOR}"Harbor 安装完成"${END} ||  ${COLOR}"Harbor 安装失败"${END}cat > /lib/systemd/system/harbor.service <<-EOF
[Unit]
Description=Harbor
After=docker.service systemd-networkd.service systemd-resolved.service
Requires=docker.service
Documentation=http://github.com/vmware/harbor[Service]
Type=simple
Restart=on-failure
RestartSec=5
ExecStart=/usr/bin/docker-compose -f /apps/harbor/docker-compose.yml up
ExecStop=/usr/bin/docker-compose -f /apps/harbor/docker-compose.yml down[Install]
WantedBy=multi-user.target
EOFsystemctl daemon-reload systemctl enable harbor &>/dev/null && ${COLOR}"Harbor已配置为开机自动启动"${END}
}set_swap_limit(){if [ ${OS_RELEASE_VERSION} == "18" -o ${OS_RELEASE_VERSION} == "20" ];thengrep -q "swapaccount=1" /etc/default/grub && { ${COLOR}'"WARNING: No swap limit support"警告,已设置'${END};exit; }${COLOR}'设置Docker的"WARNING: No swap limit support"警告'${END}sed -ri '/^GRUB_CMDLINE_LINUX=/s@"$@ swapaccount=1"@' /etc/default/grubupdate-grub &> /dev/null${COLOR}"10秒后,机器会自动重启"${END}sleep 10rebootfi
}main(){oscheck_fileif [ ${OS_ID} == "CentOS" -o ${OS_ID} == "Rocky" ] &> /dev/null;thenrpm -q docker-ce &> /dev/null && ${COLOR}"Docker已安装"${END} || centos_install_dockerelsedpkg -s docker-ce &>/dev/null && ${COLOR}"Docker已安装"${END} || ubuntu_install_dockerfi[ -f /etc/docker/daemon.json ] &>/dev/null && ${COLOR}"Docker镜像加速器已设置"${END} || mirror_acceleratorgrep -Eqoi "(.*rmi=|.*rmc=)" ~/.bashrc && ${COLOR}"Docker别名已设置"${END} || set_alias[ -f /usr/bin/docker-compose ] && ${COLOR}"Docker Compose已安装"${END} || install_docker_composesystemctl is-active harbor &> /dev/null && ${COLOR}"Harbor已安装"${END} || install_harborset_swap_limit
}main

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处:http://www.mzph.cn/news/672730.shtml

如若内容造成侵权/违法违规/事实不符,请联系多彩编程网进行投诉反馈email:809451989@qq.com,一经查实,立即删除!

相关文章

kafka 文件存储机制

文章目录 1. 思考四个问题&#xff1a;1.1 topic中partition存储分布&#xff1a;1.2 partiton中文件存储方式&#xff1a;1.3 partiton中segment文件存储结构&#xff1a;1.4 在partition中如何通过offset查找message: 2. kafka日志存储参数配置 Topic是逻辑上的概念&#xff…

EMC学习笔记(二十二)降低EMI的PCB设计指南(二)

降低EMI的PCB设计指南&#xff08;二&#xff09; 1.电源和地概述2.电感量3.两层板和四层板4.单层和双层设计中的微控制器接地5.信号返回地6.模拟、数字信号与大功率电源7.模拟电源引脚和模拟参考电源8.四层板电源设计参考注意事项 tips&#xff1a;资料主要来自网络&#xff0…

外汇天眼:Vistova──假投顾带单获利400%,黑平台一再拖延不出金

在这个物价高涨的时代&#xff0c;愈来愈人意识到投资抗通胀的重要性&#xff0c;但因缺乏相关的专业知识而感到迷茫&#xff0c;甚至因此误信诈骗集团保证获利、稳赚不赔的话术&#xff0c;蒙受极大的金钱损失。 不久前&#xff0c;一位投资人向外汇天眼爆料Vistova这平台&…

tkinter绘制组件(41)——菜单按钮

tkinter绘制组件&#xff08;41&#xff09;——菜单按钮 引言布局函数结构按钮部分菜单显示完整代码函数 效果测试代码最终效果 github项目pip下载结语 引言 TinUI5的新控件&#xff0c;菜单按钮&#xff0c;menubutton。 这是一个与TinUI菜单&#xff08;menubar&#xff0…

DAC调节DCDC输出电压的电路方案分析

BUCK型电源芯片的调压方式分析 1、前题 BUCK型的电源芯片非常多&#xff0c;常用的如LM2576、LM2596等等&#xff0c;这种芯片优点很多&#xff0c;比如功率大、体积小、效率高等。这种芯片一般都可以通过电阻分压的方式设定反馈脚VFB的电压来改变电源芯片的输出电压。但最近…

Ubuntu22.04切换系统cuda版本

由于最近项目要求的cuda版本有差异&#xff0c;而在Ubuntu中可以通过切换cuda来满足需求&#xff0c;现记录如下。 1、按照 Ubuntu22.04与深度学习配置 中的cuda安装章节&#xff0c;将需要的cuda版本下载到本地并进行安装。 2、cuda安装完成后修改bashrc文件内容 sudo gedit …

kmp算法板子及例题

对板子的详细解释见&#xff1a;pecco:kmp 板子 void get_pmt(const string& p) {//求pmt数组for (int i 1, j 0;i < p.size();i) {while (j && p[i] ! p[j])j pmt[j - 1];if (p[i] p[j])j;pmt[i] j;} }void kmp(const string& s, const string&…

Java之网络编程

什么是计算机网络 是指将地理位置不同的具有独立功能的计算机设备通过通信连接起来&#xff0c;在网络操作系统、网络管理软件及网络通讯协议的管理与协调下&#xff0c;实现资源共享与信息传递的计算机系统 网络通讯的两个要素 通讯双方的网络地址 1.ip 2.端口号 通过ip端…

DAY14之二叉树理论基础及递归遍历和迭代遍历

理论基础 满二叉树 满二叉树&#xff1a;如果一棵二叉树只有度为0的结点和度为2的结点&#xff0c;并且度为0的结点在同一层上&#xff0c;则这棵二叉树为满二叉树。 如图所示&#xff1a; 这棵二叉树为满二叉树&#xff0c;也可以说深度为k&#xff0c;有2^k-1个节点的二叉…

CX341A 安装驱动与刷固件

参考 驱动安装1 DPDK编译&#xff1a;支持Mellanox 25Gbps网卡 - 知乎 NVIDIA Mellanox CX网卡固件、驱动系列操作 - 知乎 驱动安装2 Mellanox网卡驱动安装指南 Mellanox OFED_崇尚匀速 追求极致的技术博客_51CTO博客 驱动与固件&#xff1a; 家用万兆网络指南 6 - 比…

深度学习入门笔记(二)神经元的结构

神经网络的基本单元是神经元&#xff0c;本节我们介绍神经元的结构。 2.1 神经元 一个神经元是由下面 5 部分组成的&#xff1a; 输入&#xff1a;x1,x2,…,xk。权重&#xff1a;w1,w2,…,wk。权重的个数与神经元输入的个数相同。偏移项&#xff1a;可省略。激活函数&#…

【已解决】onnx转换为rknn置信度大于1,图像出现乱框问题解决

前言 环境介绍&#xff1a; 1.编译环境 Ubuntu 18.04.5 LTS 2.RKNN版本 py3.8-rknn2-1.4.0 3.单板 迅为itop-3568开发板 一、现象 采用yolov5训练并将pt转换为onnx&#xff0c;再将onnx采用py3.8-rknn2-1.4.0推理转换为rknn出现置信度大于1&#xff0c;并且图像乱框问题…

MySQL之建表操作

华子目录 表操作创建表数据类型文本类型数值类型日期/时间类型Bit数据类型常见数据类型 MySQL存储引擎创建表的三个操作创建表时指定存储引擎&#xff0c;字符集&#xff0c;校对规则&#xff0c;行格式 查看表显示数据库中所有表显示数据库中表的信息&#xff08;表结构&#…

函数的连续与间断【高数笔记】

【连续】 分类&#xff0c;分几个&#xff1f;每类特点&#xff1f; 连续条件&#xff0c;是同时满足还是只需其一&#xff1f; 【间断】 分类&#xff0c;分几个大类&#xff0c;又分几个小类&#xff1f;每类特点&#xff1f; 间断条件&#xff0c;是同时满足还是只需其一&am…

芯片设计方法学之--握手

1.面向对象 本文主要介绍握手的基本概念&#xff0c;读者可通过该篇文章对握手有个基本概念。也借此机会发表下自己对流水线中的握手反压的一些愚见。更深的理解可期待后续更新&#xff1b; 2. 握手简介 举个简单例子&#xff1b; 上图中sender拉高vld发送有效的数据给recei…

44、WEB攻防——通用漏洞RCE代码执行多层面检测利用

文章目录 RCE分类&#xff1a; REC代码执行&#xff1a;引用脚本代码解析执行。例如&#xff0c;eval(phpinfo();)以php脚本解析phpinfo();。RCE命令执行&#xff1a;脚本调用操作系统命令。例如&#xff0c;system(ver)&#xff0c;命令执行能执行系统命令。 RCE漏洞对象&am…

相机图像质量研究(6)常见问题总结:光学结构对成像的影响--对焦距离

系列文章目录 相机图像质量研究(1)Camera成像流程介绍 相机图像质量研究(2)ISP专用平台调优介绍 相机图像质量研究(3)图像质量测试介绍 相机图像质量研究(4)常见问题总结&#xff1a;光学结构对成像的影响--焦距 相机图像质量研究(5)常见问题总结&#xff1a;光学结构对成…

Linux的打包压缩与解压缩---tar、xz、zip、unzip

最近突然用到了许久不用的压缩解压缩命令&#xff0c;真的陌生&#xff0c; 哈哈&#xff0c;记录一下&#xff0c;后续就不用搜索了。 tar的打包 tar -cvf 压缩有的文件名称 需要压缩的文件或文件夹tar -cvf virtualbox.tar virtualbox/ tar -zcvf virtualbox.tar virtualbo…

家政小程序开发,重塑家政服务体验

随着科技的飞速发展&#xff0c;小程序已经成为我们日常生活中不可或缺的一部分。而家政服务作为社会生活的重要环节&#xff0c;其数字化转型也正在逐步加速。本文将探讨家政小程序开发的重要性、功能特点以及如何提升用户体验。 一、家政小程序开发的重要性 家政服务行业在…