群晖NAS部署harbor2.3.3以及docker服务管理

1,042 阅读8分钟

背景

  • 默认部署docker,可玩性很高
  • 群晖416Play,可以改装,更换为8G内存

安装完成harbor后,如何build run内网穿透服务的镜像

一、在群晖部署私有化镜像服务harbor 2.3.3

1.1 基本配置

➜  ~ ssh kk@192.168.50.204 -p33322

kk@hh:~$ ifconfig
root@hh:/volume1/server/source# uname -a
Linux hh 3.10.108 #41890 SMP Fri Jun 25 02:39:26 CST 2021 x86_64 GNU/Linux synology_braswell_416play
kk@hh:~$ uptime
 23:00:29 up  4:20,  1 user,  load average: 0.13, 0.25, 0.30 [IO: 0.13, 0.21, 0.21 CPU: 0.01, 0.04, 0.10]

kk@hh:~$ top
top - 23:00:36 up  4:20,  1 user,  load average: 0.20, 0.27, 0.30 [IO: 0.12, 0.21, 0.21 CPU: 0.08, 0.06, 0.11]
Tasks: 471 total,   1 running, 470 sleeping,   0 stopped,   0 zombie
%Cpu(s):  3.2 us,  2.4 sy,  0.0 ni, 94.0 id,  0.0 wa,  0.0 hi,  0.4 si,  0.0 st
GiB Mem :    7.718 total,    1.984 free,    0.930 used,    4.804 buff/cache
GiB Swap:    2.000 total,    2.000 free,    0.000 used.    6.340 avail Mem

kk@hh:~$ free -m
              total        used        free      shared  buff/cache   available
Mem:           7903         950        2033         218        4919        6493
Swap:          2047           0        2047

kk@hh:~$ df -h
Filesystem      Size  Used Avail Use% Mounted on
/dev/md0        2.3G  1.3G  896M  60% /
devtmpfs        3.9G     0  3.9G   0% /dev
tmpfs           3.9G  240K  3.9G   1% /dev/shm
tmpfs           3.9G   16M  3.9G   1% /run
tmpfs           3.9G     0  3.9G   0% /sys/fs/cgroup
tmpfs           3.9G  2.3M  3.9G   1% /tmp
tmpfs           791M     0  791M   0% /run/user/196791
/dev/md2        7.0T  4.8T  2.3T  69% /volume1

kk@hh:~$ docker -v
Docker version 20.10.3, build b455053

kk@hh:~$ docker-compose -v
docker-compose version 1.28.5, build 324b023a

1.2、准备

kk@hh:/volume1$ sudo su -
root@hh:~# cd /volume1/
root@hh:/volume1# mkdir -p harbor
root@hh:/volume1/harbor/harbor2.3.3# mkdir -p /volume1/development/docker/
root@hh:/volume1/harbor/harbor2.3.3# mkdir -p /volume1/development/harbor
root@hh:/volume1/harbor/harbor2.3.3# mkdir -p /volume1/development/harbor/logs
root@hh:/volume1/harbor/harbor2.3.3# mkdir -p /volume1/development/harbor/data
root@hh:/volume1/harbor/harbor2.3.3# mkdir -p /volume1/development/harbor/data/secret
root@hh:/volume1/harbor/harbor2.3.3# mkdir -p /volume1/development/harbor/common/config

root@hh:/volume1/harbor# tar zxvf harbor-offline-installer-v2.3.3.tgz
root@hh:/volume1/harbor# mv harbor harbor2.3.3
root@hh:/volume1/harbor/harbor2.3.3# cp harbor.yml.tmpl harbor.yml

root@hh:/volume1/harbor/harbor2.3.3# vim harbor.yml
hostname: *.*.*
  port: *
#https:
  #port: 443
  #certificate: /your/certificate/path
  #private_key: /your/private/key/path
data_volume: /volume1/development/harbor/data
    location: /volume1/development/harbor/logs

1.3、安装

root@hh:/volume1/harbor/harbor2.3.3# ./prepare
prepare base dir is set to /volume1/harbor/harbor2.3.3
Unable to find image 'goharbor/prepare:v2.3.3' locally
v2.3.3: Pulling from goharbor/prepare
e20d08d67efd: Pull complete
7cdd799014e3: Pull complete
1a7a6ffde1e7: Pull complete
ba1573ea66a2: Pull complete
007ff2a787db: Pull complete
74900ef5fb34: Pull complete
53c10a4e327d: Pull complete
07ff92d28d5b: Pull complete
Digest: sha256:f32d9473283e5778fa65f78bda66679b8840749d2b899180cf6319be7a2f0b4b
Status: Downloaded newer image for goharbor/prepare:v2.3.3
docker: Error response from daemon: Bind mount failed: '/volume1/harbor/harbor2.3.3/common/config' does not exists.

# 报错,fix
root@hh:/volume1/harbor/harbor2.3.3# mkdir -p /volume1/harbor/harbor2.3.3/common/config

root@hh:/volume1/harbor/harbor2.3.3# ./prepare
prepare base dir is set to /volume1/harbor/harbor2.3.3
WARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. Please make sure to upgrade to https
Generated configuration file: /config/portal/nginx.conf
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/registryctl/config.yml
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
Generated and saved secret to file: /data/secret/keys/secretkey
Successfully called func: create_root_cert
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir

root@hh:/volume1/harbor/harbor2.3.3# ll common/config/
total 0
drwxr-xr-x 1 root  root  110 Nov 16 23:19 .
drwxr-xr-x 1 root  root   12 Nov 16 23:19 ..
drwxr-xr-x 1 root  root   46 Nov 16 23:19 core
drwxr-xr-x 1 root  root    6 Nov 16 23:19 db
drwxr-xr-x 1 10000 10000  26 Nov 16 23:19 jobservice
drwxr-xr-x 1 root  root   66 Nov 16 23:19 log
drwxr-xr-x 1 root  root   32 Nov 16 23:19 nginx
drwxr-xr-x 1 10000 10000  20 Nov 16 23:19 portal
drwxr-xr-x 1 root  root   32 Nov 16 23:19 registry
drwxr-xr-x 1 root  root   26 Nov 16 23:19 registryctl
drwxr-xr-x 1 root  root   36 Nov 16 23:19 shared

root@hh:/volume1/harbor/harbor2.3.3# ./install.sh
/volume1/harbor/harbor2.3.3/common.sh: line 13: tput: command not found
/volume1/harbor/harbor2.3.3/common.sh: line 14: tput: command not found
/volume1/harbor/harbor2.3.3/common.sh: line 15: tput: command not found
/volume1/harbor/harbor2.3.3/common.sh: line 17: tput: command not found
/volume1/harbor/harbor2.3.3/common.sh: line 18: tput: command not found
/volume1/harbor/harbor2.3.3/common.sh: line 19: tput: command not found
/volume1/harbor/harbor2.3.3/common.sh: line 20: tput: command not found
/volume1/harbor/harbor2.3.3/common.sh: line 21: tput: command not found

[Step 0]: checking if docker is installed ...

Note: docker version: 20.10.3

[Step 1]: checking docker-compose is installed ...

Note: docker-compose version: 1.28.5

[Step 2]: loading Harbor images ...
e51669d52249: Loading layer [==================================================>]  8.746MB/8.746MB
b3d26a157680: Loading layer [==================================================>]  11.64MB/11.64MB
ec138b1109ab: Loading layer [==================================================>]  1.688MB/1.688MB
Loaded image: goharbor/harbor-portal:v2.3.3
f7d71543bc1d: Loading layer [==================================================>]  9.914MB/9.914MB
36c8f3e3c429: Loading layer [==================================================>]  3.584kB/3.584kB
8fcd87c7f05a: Loading layer [==================================================>]   2.56kB/2.56kB
cc22cd586a85: Loading layer [==================================================>]  73.35MB/73.35MB
6eb34fc63781: Loading layer [==================================================>]  5.632kB/5.632kB
94653af49aa5: Loading layer [==================================================>]   93.7kB/93.7kB
7cf3cd0bfc44: Loading layer [==================================================>]  11.78kB/11.78kB
e4878af2caa5: Loading layer [==================================================>]  74.25MB/74.25MB
aad522d6b0ab: Loading layer [==================================================>]   2.56kB/2.56kB
Loaded image: goharbor/harbor-core:v2.3.3
6ae6341f66eb: Loading layer [==================================================>]  134.8MB/134.8MB
3b4205a10935: Loading layer [==================================================>]  3.584kB/3.584kB
a850b04a24a9: Loading layer [==================================================>]  3.072kB/3.072kB
65bcebca3beb: Loading layer [==================================================>]   2.56kB/2.56kB
f63759473f5f: Loading layer [==================================================>]  3.072kB/3.072kB
8a56b631be4a: Loading layer [==================================================>]  3.584kB/3.584kB
d0bc3d691b7a: Loading layer [==================================================>]  19.97kB/19.97kB
Loaded image: goharbor/harbor-log:v2.3.3
20d32109e78b: Loading layer [==================================================>]  9.914MB/9.914MB
a2f32f09482a: Loading layer [==================================================>]  17.71MB/17.71MB
aa99dcbbe2a3: Loading layer [==================================================>]  4.608kB/4.608kB
547800c15f7c: Loading layer [==================================================>]   18.5MB/18.5MB
Loaded image: goharbor/harbor-exporter:v2.3.3
472f02def10d: Loading layer [==================================================>]  6.816MB/6.816MB
191c94eb283a: Loading layer [==================================================>]  6.219MB/6.219MB
6b3dd54289a8: Loading layer [==================================================>]  15.88MB/15.88MB
f8ee433b75f6: Loading layer [==================================================>]  29.29MB/29.29MB
dec9d26040fa: Loading layer [==================================================>]  22.02kB/22.02kB
34daa1f190e4: Loading layer [==================================================>]  15.88MB/15.88MB
Loaded image: goharbor/notary-server-photon:v2.3.3
ad19e2c06950: Loading layer [==================================================>]  6.816MB/6.816MB
945fce278a88: Loading layer [==================================================>]  6.219MB/6.219MB
acc1cb25f3ce: Loading layer [==================================================>]  14.47MB/14.47MB
7a6f02d3c52e: Loading layer [==================================================>]  29.29MB/29.29MB
53d056ede183: Loading layer [==================================================>]  22.02kB/22.02kB
498456562533: Loading layer [==================================================>]  14.47MB/14.47MB
Loaded image: goharbor/notary-signer-photon:v2.3.3
51cb158b9713: Loading layer [==================================================>]   6.82MB/6.82MB
e6165ffc0886: Loading layer [==================================================>]  67.47MB/67.47MB
0eea6880ad2b: Loading layer [==================================================>]  3.072kB/3.072kB
36c026a8dac4: Loading layer [==================================================>]  4.096kB/4.096kB
19d0df750aa3: Loading layer [==================================================>]  68.26MB/68.26MB
Loaded image: goharbor/chartmuseum-photon:v2.3.3
a0872a3f88df: Loading layer [==================================================>]  1.096MB/1.096MB
2b8d48b5f7c7: Loading layer [==================================================>]  5.888MB/5.888MB
ad905cf3a1a5: Loading layer [==================================================>]    183MB/183MB
f84b9ef01e55: Loading layer [==================================================>]  15.59MB/15.59MB
14f697c9fd55: Loading layer [==================================================>]  4.096kB/4.096kB
a202e8e3f0da: Loading layer [==================================================>]  6.144kB/6.144kB
776f6e1f67ab: Loading layer [==================================================>]  3.072kB/3.072kB
8643b56b215d: Loading layer [==================================================>]  2.048kB/2.048kB
bab53c5e367c: Loading layer [==================================================>]   2.56kB/2.56kB
79d344c9e509: Loading layer [==================================================>]   2.56kB/2.56kB
4617b16f20ea: Loading layer [==================================================>]   2.56kB/2.56kB
3416932ea58a: Loading layer [==================================================>]  8.704kB/8.704kB
Loaded image: goharbor/harbor-db:v2.3.3
35eb5a5faf13: Loading layer [==================================================>]  6.821MB/6.821MB
4aa5b9ade884: Loading layer [==================================================>]  4.096kB/4.096kB
7b5a794abd0b: Loading layer [==================================================>]  19.02MB/19.02MB
20cde1a949a9: Loading layer [==================================================>]  3.072kB/3.072kB
fd449fc699ad: Loading layer [==================================================>]  25.43MB/25.43MB
6d827096a056: Loading layer [==================================================>]  45.24MB/45.24MB
Loaded image: goharbor/harbor-registryctl:v2.3.3
3eda76466bec: Loading layer [==================================================>]  130.6MB/130.6MB
9cbeb3eb5055: Loading layer [==================================================>]  3.072kB/3.072kB
9a38627e2870: Loading layer [==================================================>]   59.9kB/59.9kB
ad0ed7ec2e59: Loading layer [==================================================>]  61.95kB/61.95kB
Loaded image: goharbor/redis-photon:v2.3.3
74091fea1265: Loading layer [==================================================>]  6.821MB/6.821MB
843394c6da0f: Loading layer [==================================================>]  4.096kB/4.096kB
bb0a5ff2fa1f: Loading layer [==================================================>]  3.072kB/3.072kB
61b2c36e04b1: Loading layer [==================================================>]  19.02MB/19.02MB
9c192b468053: Loading layer [==================================================>]  19.81MB/19.81MB
Loaded image: goharbor/registry-photon:v2.3.3
f21b010a959b: Loading layer [==================================================>]  9.914MB/9.914MB
667273a17250: Loading layer [==================================================>]  3.584kB/3.584kB
85b2c3f7c37e: Loading layer [==================================================>]   2.56kB/2.56kB
cf8a2e29273a: Loading layer [==================================================>]  82.47MB/82.47MB
3f2e9c55c29a: Loading layer [==================================================>]  83.26MB/83.26MB
Loaded image: goharbor/harbor-jobservice:v2.3.3
71d027ba4de6: Loading layer [==================================================>]  8.746MB/8.746MB
Loaded image: goharbor/nginx-photon:v2.3.3
Loaded image: goharbor/prepare:v2.3.3
2f899218d2b6: Loading layer [==================================================>]  7.359MB/7.359MB
301671e975f5: Loading layer [==================================================>]  4.096kB/4.096kB
24b181880185: Loading layer [==================================================>]  3.072kB/3.072kB
007e67bf3a3e: Loading layer [==================================================>]  31.52MB/31.52MB
f8a68e126cbf: Loading layer [==================================================>]  11.39MB/11.39MB
85920120ad25: Loading layer [==================================================>]   43.7MB/43.7MB
Loaded image: goharbor/trivy-adapter-photon:v2.3.3


[Step 3]: preparing environment ...

[Step 4]: preparing harbor configs ...
prepare base dir is set to /volume1/harbor/harbor2.3.3
^@WARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. Please make sure to upgrade to https
Clearing the configuration file: /config/portal/nginx.conf
Clearing the configuration file: /config/log/logrotate.conf
Clearing the configuration file: /config/log/rsyslog_docker.conf
Clearing the configuration file: /config/nginx/nginx.conf
Clearing the configuration file: /config/core/env
Clearing the configuration file: /config/core/app.conf
Clearing the configuration file: /config/registry/passwd
Clearing the configuration file: /config/registry/config.yml
Clearing the configuration file: /config/registryctl/env
Clearing the configuration file: /config/registryctl/config.yml
Clearing the configuration file: /config/db/env
Clearing the configuration file: /config/jobservice/env
Clearing the configuration file: /config/jobservice/config.yml
Generated configuration file: /config/portal/nginx.conf
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/registryctl/config.yml
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
loaded secret from file: /data/secret/keys/secretkey
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir



[Step 5]: starting Harbor ...
Creating network "harbor233_harbor" with the default driver
Creating harbor-log ... done
Creating registry      ... done
Creating harbor-portal ... done
Creating redis         ... done
Creating registryctl   ... done
Creating harbor-db     ... done
Creating harbor-core   ... done
Creating nginx             ... done
Creating harbor-jobservice ... done
 ----Harbor has been installed and started successfully.----

1.4、验证与新建项目

root@hh:/volume1/harbor/harbor2.3.3# docker images
root@hh:/volume1/harbor/harbor2.3.3# docker ps

1.5、harbor若后续配置需要修改,并需要生效步骤

# 此处为修改hostname
root@hh:/volume1/harbor/harbor2.3.3# vim harbor.yml
hostname: 192.168.50.204

root@hh:/volume1/harbor/harbor2.3.3# ./prepare
# 这里并不会删除原有镜像、数据

root@hh:/volume1/harbor/harbor2.3.3# docker-compose down -v

root@hh:/volume1/harbor/harbor2.3.3# docker-compose up -d
  • 以上,并不会删除原有配置、镜像仓库等。放心执行。

二、提交镜像至群晖harbor私有源

2.1、Error response from daemon: Get "": http: server gave HTTP response to HTTPS client

- 群晖的服务管理方式不同,需要注意指令。

root@hh:/volume1/harbor/harbor2.3.3# docker login http://192.168.50.204:33080
Username: admin
Password:
Error response from daemon: Get "https://192.168.50.204:33080/v2/": http: server gave HTTP response to HTTPS client

root@hh:/volume1/harbor/harbor2.3.3# echo '{ "insecure-registries":["192.168.50.204:33080"] }' > /etc/docker/daemon.json
root@hh:/volume1/harbor/harbor2.3.3# cat /etc/docker/daemon.json
{ "insecure-registries":["192.168.50.204:33080"] }
root@hh:/volume1/harbor/harbor2.3.3# systemctl restart docker
Failed to restart docker.service: Unit docker.service failed to load: No such file or directory.

# 群晖 服务重启
root@hh:/volume1/harbor/harbor2.3.3# systemctl restart pkgctl-Docker.service

root@hh:~# ps -ef | grep docker
root      2906  9251  0 Nov16 ?        00:00:00 /usr/bin/cnid_dbd -F /etc/afp.conf -p /volume1/docker -t 9 -l 4 -u kk
root     24702     1  2 01:38 ?        00:00:03 /var/packages/Docker/target/usr/bin/dockerd --config-file /var/packages/Docker/etc/dockerd.json

# 群晖 默认docker配置文件不在 /etc/docker/daemon.json
root@hh:~# rm -rf /etc/docker/daemon.json
root@hh:~# vim /var/packages/Docker/etc/dockerd.json
增加
   "insecure-registries" : ["192.168.50.204:33080"]
# json结构,增加1行,上一行需要增加,   

root@hh:~# systemctl restart pkgctl-Docker.service
^@Job for pkgctl-Docker.service failed. See "systemctl status pkgctl-Docker.service" and "journalctl -xe" for details.

root@hh:~# journalctl -xe
Nov 17 01:45:05 hh dockerd[31459]: unable to configure the Docker daemon with file /var/packages/Docker/etc/dockerd.json: invalid character '"' after object key:value pair   

root@hh:~# systemctl restart pkgctl-Docker.service

root@hh:/volume1/harbor/harbor2.3.3# docker login 192.168.50.204:33080
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

root@hh:/volume1/harbor/harbor2.3.3# docker push 192.168.50.204:33080/mynas/npc:v0.26.10_v4

三、在群晖docker图形化里run私有化镜像

  • 安装docker的spk

3.1、私有化镜像清单

image.png

3.2、网络,建议选择同Docker Host

image.png

3.3、环境,默认环境变量

image.png

3.4、存储空间,挂载。同 -v 指令。

image.png

image.png

3.5、环境变量,同 -e 指令。

image.png

参考:

harbor: