harbor 仓库相关

小天天 · 2022-11-21 22:48:05

1）添加国内加速源
cat /etc/docker/daemon.json
{
"registry-mirrors":[
"https://docker.mirrors.ustc.edu.cn",
"https://hub-mirror.c.163.com"
]
}

2）修改docker代理
systemctl status docker
vi /usr/lib/systemd/system/docker.service
[Service]
Environment="HTTP_PROXY=http://proxy.example.com:80/"

最近编辑记录小天天 (2023-03-30 21:40:26)

小天天 · 2023-03-30 21:41:08

harbor 自定义证书

---harbor自定义证书--

---生成ca证书---
openssl genrsa -out ca.key 4096
openssl req -x509 -new -nodes -sha512 -days 3650 \
-subj "/C=CN/ST=Beijing/L=Beijing/O=Haidian/OU=Haidian/CN=*.toon.com" \
-key ca.key \
-out ca.crt

---生成服务器证书---
openssl genrsa -out server.key 4096

openssl req -sha512 -new \
-subj "/C=CN/ST=Beijing/L=Beijing/O=Haidian/OU=Haidian/CN=*.toon.com" \
-key server.key \
-out server.csr

cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names

[alt_names]
DNS.1=*.globetoon.com
DNS.2=hdnewreg.globetoon.com
EOF

openssl x509 -req -sha512 -days 3650 \
-extfile v3.ext \
-CA ca.crt -CAkey ca.key -CAcreateserial \
-in server.csr \
-out server.crt

---替换habor.yml----
certificate: /data/ssl/server.crt
private_key: /data/ssl/server.key

最近编辑记录小天天 (2023-03-30 21:41:28)

小天天 · 2023-03-30 21:45:06

harbor仓库升级重建

1）备份原仓库的数据

---导出镜像列表脚本---

#!/bin/bash
Harbor_Address=xxx.toon.com
Harbor_User=admin
Harbor_Passwd=Harbor12345
Images_File=harbor-images-`date '+%Y-%m-%d'`.txt
Tar_File=/backup/Harbor-backup/
set -x

# 获取所有镜像清单
Project_List=$(curl -u $Harbor_User:$Harbor_Passwd -H "Content-Type: application/json" -X GET https://$Harbor_Address/api/v2.0/projects -k | python -m json.tool | grep name | awk '/"name": /' | awk -F '"' '{print $4}')

for Project in $Project_List;do
Image_Names=$(curl -u $Harbor_User:$Harbor_Passwd -H "Content-Type: application/json" -X GET https://$Harbor_Address/api/v2.0/projects/$Project/repositories?page_size=100000 -k | python -m json.tool | grep name | awk '/"name": /' | awk -F '"' '{print $4}')
for Image in $Image_Names;do
Image_Tags=$(curl -u $Harbor_User:$Harbor_Passwd -H "Content-Type: application/json" -X GET https://$Harbor_Address/v2/$Image/tags/list -k)
lll=$(echo "$Image_Tags" |awk -F'tags' '{d=$NF} END{ gsub(/["|\[|\:|,|\]|\}]/," ",d); print d}' )
for Tag in $lll;do
#echo "$Harbor_Address/$Image:$Tag"
echo "$Harbor_Address/$Image:$Tag" >> harbor-images-`date '+%Y-%m-%d'`.txt
done
done
done

---备份数据---

cp -a /opt/harbor /opt/harbor.old
cp -a /data/hubdata/database /data/hubdata/database.old

---清空老数据---
rm -fr /data/hubdata/database

---启动新harbor版本---
cd /opt/harbor-new
./prepare
docker-compose up -d

---导入老仓库镜像数据脚本---

#!/bin/bash
#镜像处理脚本
#功能说明：
#1.从镜像清单里面获取镜像列表进行拉取镜像
#2.修改镜像tag，重新给镜像打tag
#3.将新tag的镜像push到harbor

#镜像清单images-trs-hrmty.txt存到数组
IMAGES_ARRAY=($(cat harbor-images01.txt))
#targetIP="***.toon.com"
#new_tag="bjt"
#计数器
count=1
#循环遍历镜像列表
for image in ${IMAGES_ARRAY[@]};do
#push镜像
echo "push第${count}个镜像: ${image}"
# docker pull ${image}
# a=$(echo ${image}|awk -F "/" '{print $3}')
# echo ${a}
#新镜像名
# new_image=${targetIP}"/"${new_tag}"/"${a}
#给镜像打新tag
# echo "打新镜像tag: ${new_image}"
# docker tag ${image} ${new_image}
#推送新镜像
# echo "推送新镜像: ${new_image}"
docker push ${image}
#清理旧镜像
# docker rmi ${image}
count=$((count+1))

done

最近编辑记录小天天 (2023-03-30 21:49:11)

小天天 · 2023-03-31 11:37:13

非harbor主机pull、push自定义仓库

1， /etc/docker/daemon.json
{
"insecure-registry":["xxx.toon.com"]
}

2,在/etc/docker/放置自定义server.crt
路径：
[root@harbor-46 etc]# tree docker/
docker/
├── certs.d
│ └── xxx.globetoon.com //必须跟证书里的域名一致
│ └── server.crt
├── daemon.json
└── key.json

拉新网 - 挖掘漏洞 - 线报平台

公告

#1 2022-11-21 22:48:05

harbor 仓库相关

#2 2023-03-30 21:41:08

Re: harbor 仓库相关

#3 2023-03-30 21:45:06

Re: harbor 仓库相关

#4 2023-03-31 11:37:13

Re: harbor 仓库相关

页脚