一、Harbor最新版本安装和使用
1:环境基础需求
- 1)安装了docker(因为Harbor的所有组件都是由一个docker容器来组装成的)
- 2)安装了 docker-compose(Harbor是通过docker-compose管理和编排其他组件容器)
2:安装Harbor
2.1 下载安装包
安装包可以使用在线安装,也可以离线的安装.
- 离线下载安装包直接再管理或github上下载即可。 地址为:github.com/goharbor/ha…
当前最新的版本是2.3.2。
- 在线下载:
[root@localhost mydome]# wget https://github.com/goharbor/harbor/releases/download/v2.3.2/harbor-offline-installer-v2.3.2.tgz
docker-compose安装其他方式:
curl -L https://github.com/docker/compose/releases/download/v2.3.2/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose #下载二进制文件 如果需要安装其他版本的话,请修改上面命令中的版本号。
chmod +x /usr/local/bin/docker-compose #给予执行权限
docker-compose --version #查看版本
2.2 解压缩后进行安装
[root@localhost mydonw]# tar xf harbor-offline-installer-v2.3.2.tgz
[root@localhost mydonw]# ls
harbor harbor-offline-installer-v2.3.2.tgz
[root@localhost mydonw]# cd harbor
[root@localhost harbor]# ll
total 594380
-rw-r--r--. 1 root root 3361 Aug 18 16:51 common.sh
-rw-r--r--. 1 root root 608611132 Aug 18 16:52 harbor.v2.3.2.tar.gz
-rw-r--r--. 1 root root 7840 Aug 18 16:51 harbor.yml.tmpl
-rwxr-xr-x. 1 root root 2500 Aug 18 16:51 install.sh
-rw-r--r--. 1 root root 11347 Aug 18 16:51 LICENSE
-rwxr-xr-x. 1 root root 1881 Aug 18 16:51 prepare
[root@localhost harbor]#
2.3 配置信息说明和修改
2.3.1 配置信息文件说明:
# Configuration file of Harbor
# The IP address or hostname to access admin UI and registry service.
# DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
#########################################
# 设置仓库访问的地址域名,可以使用IP,然后下面HTTP配置对应的端口号
# 但是需要注意的点是:不要设置DO NOT use localhost or 127.0.0.1
# 不然别人无法访问
#########################################
hostname: 192.168.219.131
#########################################
# 如果配置是HTTP的话,这里需要设定HTTP使用的端口,使用的宿主机的端口
#########################################
# http related config
http:
# port for http, default is 80. If https enabled, this port will redirect to https port
port: 8056
#########################################
# 如果开启了HTTPs的话,需要配置好正确的正式的目录,不然会报错!
# certificate: /your/certificate/path 证书的对应的信息
# private_key: /your/private/key/path
#########################################
# https related config
#https:
# https port for harbor, default is 443
# port: 443
# The path of cert and key files for nginx
# certificate: /your/certificate/path
# private_key: /your/private/key/path
# # Uncomment following will enable tls communication between all harbor components
# internal_tls:
# # set enabled to true means internal tls is enabled
# enabled: true
# # put your cert and key files on dir
# dir: /etc/harbor/tls/internal
#########################################
# 代理的开启
#########################################
# Uncomment external_url if you want to enable external proxy
# And when it enabled the hostname will no longer used
# external_url: https://reg.mydomain.com:8433
#########################################
# 默认仓库的超级管理员的信息
# 默认账号为:ammin
# harbor_admin_password: Harbor12345 是默认的管理员密码
#########################################
# The initial password of Harbor admin
# It only works in first time to install harbor
# Remember Change the admin password from UI after launching Harbor.
harbor_admin_password: Harbor12345
#########################################
# 仓库数据库信息配置
# 数据库的密码:容器的中的数据库的密码
# 数据库的链接信息配置
#########################################
# Harbor DB configuration
database:
# The password for the root user of Harbor DB. Change this before any production use.
password: root123
# The maximum number of connections in the idle connection pool. If it <=0, no idle connections are retained.
max_idle_conns: 100
# The maximum number of open connections to the database. If it <= 0, then there is no limit on the number of open connections.
# Note: the default number of connections is 1024 for postgres of harbor.
max_open_conns: 900
#########################################
# 仓库数据持久化的存放的路径
#########################################
# The default data volume
data_volume: /data/harbor/data
# Harbor Storage settings by default is using /data dir on local filesystem
# Uncomment storage_service setting If you want to using external storage
# storage_service:
# # ca_bundle is the path to the custom root ca certificate, which will be injected into the truststore
# # of registry's and chart repository's containers. This is usually needed when the user hosts a internal storage with self signed certificate.
# ca_bundle:
# # storage backend, default is filesystem, options include filesystem, azure, gcs, s3, swift and oss
# # for more info about this configuration please refer https://docs.docker.com/registry/configuration/
# filesystem:
# maxthreads: 100
# # set disable to true when you want to disable registry redirect
# redirect:
# disabled: false
# Trivy configuration
#
# Trivy DB contains vulnerability information from NVD, Red Hat, and many other upstream vulnerability databases.
# It is downloaded by Trivy from the GitHub release page https://github.com/aquasecurity/trivy-db/releases and cached
# in the local file system. In addition, the database contains the update timestamp so Trivy can detect whether it
# should download a newer version from the Internet or use the cached one. Currently, the database is updated every
# 12 hours and published as a new release to GitHub.
trivy:
# ignoreUnfixed The flag to display only fixed vulnerabilities
ignore_unfixed: false
# skipUpdate The flag to enable or disable Trivy DB downloads from GitHub
#
# You might want to enable this flag in test or CI/CD environments to avoid GitHub rate limiting issues.
# If the flag is enabled you have to download the `trivy-offline.tar.gz` archive manually, extract `trivy.db` and
# `metadata.json` files and mount them in the `/home/scanner/.cache/trivy/db` path.
skip_update: false
#
# insecure The flag to skip verifying registry certificate
insecure: false
# github_token The GitHub access token to download Trivy DB
#
# Anonymous downloads from GitHub are subject to the limit of 60 requests per hour. Normally such rate limit is enough
# for production operations. If, for any reason, it's not enough, you could increase the rate limit to 5000
# requests per hour by specifying the GitHub access token. For more details on GitHub rate limiting please consult
# https://developer.github.com/v3/#rate-limiting
#
# You can create a GitHub token by following the instructions in
# https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line
#
# github_token: xxx
jobservice:
# Maximum number of job workers in job service
max_job_workers: 10
notification:
# Maximum retry count for webhook job
webhook_job_max_retry: 10
chart:
# Change the value of absolute_url to enabled can enable absolute url in chart
absolute_url: disabled
# Log configurations
log:
# options are debug, info, warning, error, fatal
level: info
# configs for logs in local storage
local:
# Log files are rotated log_rotate_count times before being removed. If count is 0, old versions are removed rather than rotated.
rotate_count: 50
# Log files are rotated only if they grow bigger than log_rotate_size bytes. If size is followed by k, the size is assumed to be in kilobytes.
# If the M is used, the size is in megabytes, and if G is used, the size is in gigabytes. So size 100, size 100k, size 100M and size 100G
# are all valid.
rotate_size: 200M
# The directory on your host that store log
location: /var/log/harbor
# Uncomment following lines to enable external syslog endpoint.
# external_endpoint:
# # protocol used to transmit log to external endpoint, options is tcp or udp
# protocol: tcp
# # The host of external endpoint
# host: localhost
# # Port of external endpoint
# port: 5140
#This attribute is for migrator to detect the version of the .cfg file, DO NOT MODIFY!
_version: 2.3.0
# Uncomment external_database if using external database.
# external_database:
# harbor:
# host: harbor_db_host
# port: harbor_db_port
# db_name: harbor_db_name
# username: harbor_db_username
# password: harbor_db_password
# ssl_mode: disable
# max_idle_conns: 2
# max_open_conns: 0
# notary_signer:
# host: notary_signer_db_host
# port: notary_signer_db_port
# db_name: notary_signer_db_name
# username: notary_signer_db_username
# password: notary_signer_db_password
# ssl_mode: disable
# notary_server:
# host: notary_server_db_host
# port: notary_server_db_port
# db_name: notary_server_db_name
# username: notary_server_db_username
# password: notary_server_db_password
# ssl_mode: disable
# Uncomment external_redis if using external Redis server
# external_redis:
# # support redis, redis+sentinel
# # host for redis: <host_redis>:<port_redis>
# # host for redis+sentinel:
# # <host_sentinel1>:<port_sentinel1>,<host_sentinel2>:<port_sentinel2>,<host_sentinel3>:<port_sentinel3>
# host: redis:6379
# password:
# # sentinel_master_set must be set to support redis+sentinel
# #sentinel_master_set:
# # db_index 0 is for core, it's unchangeable
# registry_db_index: 1
# jobservice_db_index: 2
# chartmuseum_db_index: 3
# trivy_db_index: 5
# idle_timeout_seconds: 30
# Uncomment uaa for trusting the certificate of uaa instance that is hosted via self-signed cert.
# uaa:
# ca_file: /path/to/ca
# Global proxy
# Config http proxy for components, e.g. http://my.proxy.com:3128
# Components doesn't need to connect to each others via http proxy.
# Remove component from `components` array if want disable proxy
# for it. If you want use proxy for replication, MUST enable proxy
# for core and jobservice, and set `http_proxy` and `https_proxy`.
# Add domain to the `no_proxy` field, when you want disable proxy
# for some special registry.
proxy:
http_proxy:
https_proxy:
no_proxy:
components:
- core
- jobservice
- trivy
# metric:
# enabled: false
# port: 9090
# path: /metrics
2.3.2 配置文件信息修改:
- 修改登入账号信息
- 修改请求hostanme
- 修改数据库配置项信息
- 修改存放harbor的持久化数据目录信息
备份一下配置文件信息:
[root@localhost harbor]# cp harbor.yml.tmpl harbor.yml
[root@localhost harbor]# nano harbor.yml
登入账号信息修改:
修改hostaname和使用的端口: 使用域名或ip地址
修改为:本地的虚拟机的IP和使用8056端口。
数据库配置项信息修改:
持久化数据目录存贮路径修改:
2.4 执行安装脚本,进行安装
[root@localhost harbor]# ./install.sh
安装过程中出现错误提示,并停止了! 错误信息为:
prepare base dir is set to /data/mydonw/harbor
Error happened in config validation...
ERROR:root:Error: The protocol is https but attribute ssl_cert is not set
应该是htts配置信息没配置对!修改配置文件信息,先注销HTTPS的,暂时不需要!
修改后再进行脚本安装!提示安装完成并启动完成!
2.5 查看启动相关服务信息
[root@localhost harbor]# docker ps |grep harbor
cca40a764d35 goharbor/nginx-photon:v2.3.2 "nginx -g 'daemon of…" Abo ut a minute ago Up 58 seconds (healthy) 0.0.0.0:8056->8080/tcp, :::8056- >8080/tcp nginx
73827976dfab goharbor/harbor-jobservice:v2.3.2 "/harbor/entrypoint.…" Abo ut a minute ago Up 58 seconds (healthy) harbor-jobservice
aaa8bf092c86 goharbor/harbor-core:v2.3.2 "/harbor/entrypoint.…" Abo ut a minute ago Up About a minute (healthy) harbor-core
d22058f67c82 goharbor/harbor-portal:v2.3.2 "nginx -g 'daemon of…" Abo ut a minute ago Up About a minute (healthy) harbor-portal
96835424fa77 goharbor/harbor-db:v2.3.2 "/docker-entrypoint.…" Abo ut a minute ago Up About a minute (healthy) harbor-db
7e115673e7e6 goharbor/redis-photon:v2.3.2 "redis-server /etc/r…" Abo ut a minute ago Up About a minute (healthy) redis
241327b6376b goharbor/registry-photon:v2.3.2 "/home/harbor/entryp…" Abo ut a minute ago Up About a minute (healthy) registry
3a1490d5dfc9 goharbor/harbor-registryctl:v2.3.2 "/home/harbor/start.…" Abo ut a minute ago Up About a minute (healthy) registryctl
f4c25d9e3a51 goharbor/harbor-log:v2.3.2 "/bin/sh -c /usr/loc…" Abo ut a minute ago Up About a minute (healthy) 127.0.0.1:1514->10514/tcp harbor-log
[root@localhost harbor]#
2.6 访问harbor WE登入界面,登入管理
访问的地址为:http://192.168.219.131:8056
登入账号信息是:admin 密码为:上面配置信息中的密码
2.7 配置docker能连接到我们的Harbot
因为Docker在1.3.X以后和docker registry交互默认使用的是HTTPS,但是我们的之前是注释了HTTPS,用的是http!需要修改一下,否则可能会出现:
[root@localhost harbor]# docker login 192.168.219.131:8056
Username: admin
Password:
Error response from daemon: Get "https://192.168.219.131:8056/v2/": http: server gave HTTP response to HTTPS client
[root@localhost harbor]#
修改Docker的配置文件/etc/docker/daemon.json :
{
"registry-mirrors": ["https://aiyf7r3a.mirror.aliyuncs.com"],
"insecure-registries":["192.168.219.131:8056"]
}
或者对外全部开放(不建议):
{
"registry-mirrors": ["https://aiyf7r3a.mirror.aliyuncs.com"],
"insecure-registries":["0.0.0.0/0"]
}
图示:
修改完成后要重启doker.
systemctl restart docker
再登入:
[root@localhost harbor]# docker login 192.168.219.131:8056
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
3:镜像推送到harbor私服基本准备
3.1 用户信息新建
3.2 新建镜像仓库项目,用于存放项目镜像
3.3 分配仓库项目绑定相关成员账号
(管理员的可以直接推,不需要绑定成员)
3.4 查看镜像推送相关命令规划
在项目中标记镜像:
docker tag SOURCE_IMAGE[:TAG] 192.168.219.131:8056/zyx_docker/REPOSITORY[:TAG]
推送镜像到当前项目:
docker push 192.168.219.131:8056/zyx_docker/REPOSITORY[:TAG]
Helm 推送命令
在项目中标记 chart
helm chart save CHART_PATH 192.168.219.131:8056/zyx_docker/REPOSITORY[:TAG]
推送 chart 到当前项目
helm chart push 192.168.219.131:8056/zyx_docker/REPOSITORY[:TAG]
CNAB 推送命令
推送 CNAB 到当前项目
cnab-to-oci push CNAB_PATH --target 192.168.219.131:8056/zyx_docker/REPOSITORY[:TAG] --auto-update-bundle
3.5 本机上私有仓库基本的操作
- 第一步是就是先登入(这里使用管理员登入先,也可以使用新建的账号信息)
docker login 192.168.219.131:8056
- 查看本地的有哪些镜像:
- 给镜像打标签:
将镜像drone/agent:latest 标记为 drone/agent:v3 镜像。
[root@localhost harbor]# docker tag drone/agent:latest drone/agent:v3
- 给镜像打标签并push推送本地镜像到私有仓库:
推送镜像规范:docker push 注册用户名/镜像名
在项目中标记镜像:
docker tag SOURCE_IMAGE[:TAG] 192.168.219.131:8056/zyx_docker/REPOSITORY[:TAG]
推送镜像到当前项目:
docker push 192.168.219.131:8056/zyx_docker/REPOSITORY[:TAG]
示例: 第一步先按要求把镜像修改为制定的格式:
root@localhost harbor]# docker tag drone/agent:v3 192.168.219.131:8056/zyx_docker/drone/agent:v3
[root@localhost harbor]# docker images
第二步 推送镜像到当前项目:
[root@localhost harbor]# docker push 192.168.219.131:8056/zyx_docker/drone/agent:v3
The push refers to repository [192.168.219.131:8056/zyx_docker/drone/agent]
edc2f156270e: Pushed
22089f22c4c3: Pushed
a38e4a9d8800: Pushed
f1b5933fe4b5: Pushed
v3: digest: sha256:13524befdf2fdb5dc9881e1e254536dcb4df9ccf37c6a60d19c9f1a5f4d64c49 size: 1156
[root@localhost harbor]#
第三步:查看我们的项目仓库
可以查看镜像详情:
查看拉取镜像命令:
docker pull 192.168.219.131:8056/zyx_docker/drone/agent@sha256:13524befdf2fdb5dc9881e1e254536dcb4df9ccf37c6a60d19c9f1a5f4d64c49
开启一个新的虚拟机验证测试拉取镜像:
[root@localhost ~]# docker pull 192.168.219.131:8056/zyx_docker/drone/agent:v3
Error response from daemon: Get https://192.168.219.131:8056/v2/: http: server gave HTTP response to HTTPS client
[root@localhost ~]#
提示错误,原因新的虚拟主机还没配置我们的doker支持HTTP的访问:
编辑daemon.json文件,加上insecure-registries的配置
nano /etc/docker/daemon.json
{
"registry-mirrors": ["https://aiyf7r3a.mirror.aliyuncs.com"],
"insecure-registries":["192.168.219.131:8056"]
}
修改完成后要重启doker.
systemctl restart docker
再拉取:
[root@localhost ~]# docker pull 192.168.219.131:8056/zyx_docker/drone/agent:v3
Error response from daemon: unauthorized: unauthorized to access repository: zyx_docker/drone/agent, action: pull: unauthorized to access repository: zyx_docker/drone/agent, action: pull
[root@localhost ~]#
是因为没登入,需要先登入才能拉取(使用新建的账号登入)
[root@localhost ~]# docker login 192.168.219.131:8056
Username: zyx123456
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
[root@localhost ~]#
再拉取一次镜像:
查看拉取结果:
二、结合Drone进行推送镜像的配置
上一小节的实践请参考地址为:
Fastapi框架(18)Fastapi容器化部署+Drone 完整的CI示例简单全过程(仅用于演示流程)
以下的操作是基于上小节的基础进行扩展滴!
1 修改流水线配置
上一小节我们的已经完成简单的流水任务的执行,但是缺少了推送到私有仓库的步骤!
我们再上一小节的基础新增以下流水线配置信息,如图示:
推送部分的流水线信息:
# 推送镜像到镜像
- name: pushstructure
image: plugins/docker
settings:
dockerfile: Dockerfile
registry: 192.168.219.131:8056
repo: 192.168.219.131:8056/zyx_docker/fatest_api
username: zyx123456
password: Abc123456789
tags:
- 'latest'
when:
branch: master
event: [ push ]
示例格式:
- name: pushup
image: plugins/docker
settings:
dockerfile: dockerfile路径(当前的路径下的./也可以)
registry: harbor_server_ip
repo: harbor_server_ip/项目名称/镜像名称
username: harbor账号
password: harbor密码
tags:
- 'latest'
insecure: true
# auto_tag: true 自动打标签
volumes:
- name: docker
path: /var/run/docker.sock
一些流水参数信息辅助参考信息: 以下的信息来自来源:blog.csdn.net/kikajack/ar…
# Secret 手册
- `docker_username`:使用此用户名进行身份验证
- `docker_password`:使用此密码进行身份验证
# []()Parameter 手册
- registry:向这个 registry 进行验证
- username:使用此用户名进行身份验证
- password:使用此密码进行身份验证
- repo:用于存储镜像的仓库名
- tags:用于镜像的仓库的 tag
- dockerfile:要使用的 dockerfile,默认是 `Dockerfile`
- auth:registry 的身份验证 token
- context:要使用的上下文路径,默认为 git 仓库的根目录
- target:要使用的构建目标,必须在 dockerfile 中定义
- force_tag=false:替换现有的匹配到的镜像的 tag
- insecure=false:启用对此 registry 的不安全通信
- mirror:使用 registry 镜像,而不是直接从 Docker 默认的 Hub 中获取镜像
- bip=false:用于传递 bridge IP
- custom_dns:为容器设置自定义 DNS 服务器
- storage_driver:支持 aufs,overlay 或 vfs 驱动程序
- build_args:自定义参数传递给 docker build
- auto_tag=false:根据 git 分支和 git 标签自动生成标签名称
- auto_tag_suffix:用这个后缀生成标签名称
- debug, launch_debug:以详细调试模式启动 docker 守护进程
更新完成后,开始执行推送新的push到我们的gogs仓库,让它执行!但是执行到我们的新增的使用image: plugins/docker进行镜像打包推送的时候也会遇到https的问题:
主要原因镜像内的docker容器因为没有配置允许使用HTTP的问题,默认使用的是https的方式了: 错误:
\
+ /usr/local/bin/dockerd --data-root /var/lib/docker --host=unix:///var/run/docker.sock 0s
2Detected registry credentials 1s
3 2s
4Error response from daemon: Get https://192.168.219.131:8056/v2/: dial tcp 192.168.219.131:8056: connect: connection refused 2s
5 2s
6time="2021-08-25T09:10:30Z" level=fatal msg="Error authenticating: exit status 1"
2 解决容器内的HTTPS问题
根据上面复制参考信息尝试解决,开启: insecure: true
即便宿主机是配置了全部允许:
再重新构建话,查看,这次是变为了http,但是还是一样的无法访问:
原因是我们的私服仓库已经停止了!!!坑爹!改配置的时候,忘了重新启动了!
重启我们的Harbor的服务进入到我们的harbor解压的目录下:
[root@localhost harbor]# ls
common common.sh docker-compose.yml harbor.v2.3.2.tar.gz harbor.yml harbor.yml.tmpl install.sh LICENSE prepare
[root@localhost harbor]#
然后使用使用docker-compose进行管理:
- 停止harbor,停止容器
docker-compose stop
- 启动容器
docker-compose up -d
然后再次的进行流水线的一次执行:
3:完整新可执行流水线(含镜像推送私服)
完整新的流水线配置文件信息.drone.yml:
kind: pipeline # 定义对象类型,还有secret和signature两种类型
type: docker # 定义流水线类型,还有kubernetes、exec、ssh等类型
name: 测试克隆 # 定义流水线名称
# 自订购克隆工作区路径-仅是临时的工作区,执行完成流水线后会自动的进行关闭
workspace:
path: /drone/src
steps: # 定义流水线执行步骤,这些步骤将顺序执行
# 将当前拉取下来的工作区内(克隆下来的)的文件,转移到宿主机上
- name: code-scp
image: appleboy/drone-scp
settings:
host: 192.168.219.131 # 远程连接地址
username: root # 远程连接账号
password: 123456
port: 22 # 远程连接端口
# 转移到宿主机的某个目录下
target: /data/fatest
# 拷贝当前工作区内的相关的所有文件(git拉取下来的项目文件)
source: .
# 推送镜像到镜像
- name: pushstructure
image: plugins/docker
settings:
dockerfile: Dockerfile
registry: 192.168.219.131:8056
repo: 192.168.219.131:8056/zyx_docker/fatest_api
username: zyx123456
password: Abc123456789
insecure: true
tags:
- 'latest'
when:
branch: master
event: [ push ]
# 部署项目
- name: code-deploy
image: appleboy/drone-ssh # 链接宿主机的SSH插件镜像
settings:
host: 192.168.219.131 # 远程连接地址
username: root # 远程连接账号
password: 123456
port: 22 # 远程连接端口
# 相关的命令的执行
script:
- cd /data/fatest
# 每次发布更新代码都需要重新构建新的镜像!因为我们的代码是复制到镜像里面去的!
#- docker-compose stop && echo y | docker-compose rm && docker rmi fatest_api:latest
- docker-compose stop && docker-compose up -d --build
# 不要这样写!- docker-compose up --build && docker-compose up -d
- name: notify
image: drillster/drone-email
settings:
host: smtp.qq.com # 例如 smtp.qq.com
port: 465 # 例如QQ邮箱端口465
username: # 邮箱用户名
from_secret: qqzhanghao
password: # 邮箱密码
from_secret: qqpassword
subject: "Drone build: [{{ build.status }}] {{ repo.name }} ({{ repo.branch }}) #{{ build.number }}"
from: 308711822@qq.com
skip_verify: true
recipients_only: true # 只发送给指定邮件收件人,不默认发送给流水线创建人;
recipients: [ 308711822@qq.com]
when: # 执行条件
status: [ changed, failure, success]
等待流水执行完成后,执行成功后:
查看我们的仓库,已经推送上来了!:
以上仅仅是个人结合自己的实际需求,做学习的实践笔记!如有笔误!欢迎批评指正!感谢各位大佬!
结尾
END
简书:www.jianshu.com/u/d6960089b…
公众号:微信搜【小儿来一壶枸杞酒泡茶】
小钟同学 | 文 【原创】【欢迎一起学习交流】| QQ:308711822
