Rancher中拉取harbor仓库镜像
<p>images仓库是内网部署的私有,如何配置镜像凭证?
如果镜像仓库是私有的,你得在rancher 里配置镜像凭证,操作见官文如下:
<a href="https://www.showdoc.com.cn/963349270507135?page_id=5961078324051152">https://www.showdoc.com.cn/963349270507135?page_id=5961078324051152</a>
本文档以 harbor v2.1.2 版本 为例,v2.2.0版本的关键字已经发生变化,验证未通过,抽空需再次验证。</p>
<p>要想在 rancher 中使用 私有镜像仓库 harbor,先进行配置:</p>
<p>登录rancher,在集群中选 ‘user-cluster/Default’,选择‘Resources/Secrets’,选择‘RegistryCedentials’,点‘Add Registry’按钮,增加 harbor 私有镜像仓库</p>
<h1>一、Rancher中拉取镜像报错</h1>
<p>在rancher部署应用,拉取镜像时报错如下:</p>
<pre><code class="language-bash">docker pull harbor.hzsun.com/easytong/redis@sha256:c23e8246c42ac8cb59452eb112b75ef92bb8ce924204fbc2899f76ee88f38323</code></pre>
<p>报错</p>
<pre><code class="language-bash">ErrImagePull: rpc error: code = Unknown desc = Error response from daemon: unauthorized: unauthorized to access repository: easytong/redis, action: pull: unauthorized to access repository: easytong/redis, action: pull </code></pre>
<p>解决办法一:
原因是权限问题</p>
<pre><code class="language-bash">本地镜像仓库设置了权限,我的做法是将本地镜像仓库设置为公开即可。
操作步骤:
登录harbor,选择 项目/项目名easytong/配置管理/项目仓库勾选‘公开’:所有人都可访问公开的项目仓库。 </code></pre>
<p>也有不设置未公开的做法,就是在yaml里加入imagePullSecrets指定权限</p>
<p>解决办法二:
也有不设置未公开的做法,就是在yaml里加入imagePullSecrets指定权限</p>
<pre><code class="language-bash">待解决。。。</code></pre>
<h1>二. Harbor仓库(v2.1.2)拉取命令按钮显示sha256</h1>
<p>新增或重装,即:执行install.sh脚本,都需要做如下配置:
harbor仓库配置https/http后,拉取命令中显示sha256一长串字符,不方便实际使用,体验效果较差,故需做一定的改造。
原命令拉取:</p>
<pre><code class="language-bash">docker pull harbor.hzsun.com/easytong/redis@sha256:c23e8246c42ac8cb59452eb112b75ef92bb8ce924204fbc2899f76ee88f38323</code></pre>
<p>希望实现如下效果:</p>
<pre><code class="language-bash">docker pull harbor.hzsun.com/easytong/redis:6.0.9</code></pre>
<h2>1.查找 main.xxx.js 文件</h2>
<h3>1.1 查看harbor环境中运行的容器</h3>
<pre><code class="language-bash">[root@harbor-slave harbor]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
876eee8ecaf2 goharbor/nginx-photon:v2.1.2 "nginx -g 'daemon of…" 5 minutes ago Up 5 minutes (healthy) 0.0.0.0:80->8080/tcp, 0.0.0.0:443->8443/tcp nginx
ca5cedcfc344 goharbor/harbor-jobservice:v2.1.2 "/harbor/entrypoint.…" 5 minutes ago Up 5 minutes (healthy) harbor-jobservice
a1569e39258b goharbor/harbor-core:v2.1.2 "/harbor/entrypoint.…" 5 minutes ago Up 5 minutes (healthy) harbor-core
f31c9a72f095 goharbor/harbor-portal:v2.1.2 "nginx -g 'daemon of…" 5 minutes ago Up 5 minutes (healthy) harbor-portal
16f5739a64eb goharbor/harbor-registryctl:v2.1.2 "/home/harbor/start.…" 5 minutes ago Up 5 minutes (healthy) registryctl
103b7697f675 goharbor/redis-photon:v2.1.2 "redis-server /etc/r…" 5 minutes ago Up 5 minutes (healthy) redis
9944d484ccde goharbor/harbor-db:v2.1.2 "/docker-entrypoint.…" 5 minutes ago Up 5 minutes (healthy) harbor-db
870aa1a35296 goharbor/registry-photon:v2.1.2 "/home/harbor/entryp…" 5 minutes ago Up 5 minutes (healthy) registry
c50b94ed3a06 goharbor/harbor-log:v2.1.2 "/bin/sh -c /usr/loc…" 5 minutes ago Up 5 minutes (healthy) 127.0.0.1:1514->10514/tcp harbor-log</code></pre>
<h3>1.2 找到 harbor-portal 容器</h3>
<p>即上面倒数第二行,即<code>harbor-portal</code>所在的一行。</p>
<h3>1.3 进入 harbor-portal 容器</h3>
<pre><code class="language-bash">[root@harbor-slave harbor]# docker exec -it harbor-portal /bin/bash
nginx [ / ]$ cd /usr/share/nginx/html
nginx [ /usr/share/nginx/html ]$ ls -al
total 8620
drwxr-xr-x 1 root root 21 2020-12-09 09:15 .
drwxr-xr-x 1 root root 18 2020-12-09 09:15 ..
-rw-r--r-- 1 root root 149395 2020-12-09 09:15 3rdpartylicenses.txt
-rw-r--r-- 1 root root 11347 2020-12-09 09:04 LICENSE
-rw-r--r-- 1 root root 375069 2020-12-09 09:15 dark-theme.css
-rw-r--r-- 1 root root 7455 2020-12-09 09:15 favicon.ico
drwxr-xr-x 3 root root 18 2020-12-09 09:15 i18n
drwxr-xr-x 2 root root 220 2020-12-09 09:15 images
-rw-r--r-- 1 root root 856 2020-12-09 09:15 index.html
-rw-r--r-- 1 root root 389660 2020-12-09 09:15 light-theme.css
-rw-r--r-- 1 root root 5988999 2020-12-09 09:15 main.34cee70ac3f8ba62b6a9.js
-rw-r--r-- 1 root root 71509 2020-12-09 09:15 polyfills-es5.c04cfdffe6ecc730c69c.js
-rw-r--r-- 1 root root 1440 2020-12-09 09:15 runtime.9ad22a88fcc70a015907.js
-rw-r--r-- 1 root root 860407 2020-12-09 09:15 scripts.f4c015c4300c31a9a23c.js
-rw-r--r-- 1 root root 203 2020-12-09 09:15 setting.json
-rw-r--r-- 1 root root 532512 2020-12-09 09:15 styles.fd4a2ff060f99b077bef.css
-rw-r--r-- 1 root root 148732 2020-12-09 09:09 swagger.json
-rw-r--r-- 1 root root 169537 2020-12-09 09:04 swagger.yaml
-rw-r--r-- 1 root root 62537 2020-12-09 09:09 swagger2.json
-rw-r--r-- 1 root root 13548 2020-12-09 09:09 swagger3.json</code></pre>
<h3>1.4 找到文件 main.134274b61112e08c0007.js 并查找文件所在路径</h3>
<p>harbor不同版本此文件名是否不同,未做验证,但同版本在三台不同VM上验证结果文件名是相同。</p>
<pre><code class="language-bash">nginx [ /usr/share/nginx/html ]$ find / -name main.34cee70ac3f8ba62b6a9.js
find: No /etc/sudoers.d: Permission denied
find: No /proc/tty/driver: Permission denied
find: No /root: Permission denied
/usr/share/nginx/html/main.134274b61112e08c0007.js
find: No /var/cache/ldconfig: Permission denied</code></pre>
<h3>1.5 退出容器</h3>
<p>nginx [ /usr/share/nginx/html ]$ exit
exit</p>
<h2>2. 修改替换 main.xxx.js 文件</h2>
<h3>2.1 把容器中 main.xxx.js 复制到宿主机上</h3>
<p>退出容器后,
把容器中文件 /usr/share/nginx/html/main.34cee70ac3f8ba62b6a9.js 复制到宿主机上 /opt/harbor/common/config/nginx 目录下。</p>
<pre><code class="language-bash">[root@harbor-slave harbor]# cd /opt/harbor/common/config/nginx
[root@harbor-slave harbor]# docker cp harbor-portal:/usr/share/nginx/html/main.34cee70ac3f8ba62b6a9.js ./
[root@harbor-slave harbor]# chown 10000:10000 main.34cee70ac3f8ba62b6a9.js</code></pre>
<h3>2.2 修改 main.xxx.js 文件</h3>
<p>在宿主机上直接vim打开修改,只是文件有点大,操作上有点卡。</p>
<h3>2.3 替换字符</h3>
<p>搜索字符 <code>d.artifactPullCommands.forEach</code> <del>共找到两个,注意区分需要修改哪一个。</del>
将下面字符</p>
<pre><code class="language-bash">d.artifactPullCommands.forEach(function(t)(t.type === e.type && (e.pullCommand = t.pullCommand + " " + n.registryUrl + "/" + n.projectName + "/" + n.repoName + "@" + e.digest)</code></pre>
<p>更改为:</p>
<pre><code class="language-bash">d.artifactPullCommands.forEach(function(t)(t.type===e.type&&(e.pullCommand=t.pullCommand+" "+n.registryUrl+"/"+n.projectName+"/"+n.repoName+":"+e.tags[0].name)</code></pre>
<p>注意<code>关键字</code>替换:<code>+ "@" + e.digest</code> 替换为 <code>+":"+e.tags[0].name</code></p>
<h2>3. 修改 docker-compose 文件</h2>
<h3>3.1 修改docker-compose.yml文件</h3>
<p>修改文件,把main.xxx.js文件挂载进容器。
找到portal部分并在其中加入:</p>
<pre><code class="language-bash"> - type: bind
source: ./common/config/nginx/main.34cee70ac3f8ba62b6a9.js
target: /usr/share/nginx/html/main.34cee70ac3f8ba62b6a9.js</code></pre>
<p>注意:加入后格式对齐问题。</p>
<h2>4 重新部署harbor</h2>
<h3>4.1 重新部署harbor</h3>
<pre><code class="language-bash">docker-compose down -v
docker-compose up -d</code></pre>
<h2>5. 验证拉取命令是否修改成功</h2>
<p>登录/刷新页面,获取拉取命令,已经变为:</p>
<pre><code class="language-bash">docker pull harbor.hzsun.com/easytong/redis:6.0.9</code></pre>
<hr />
<p>结束</p>
<h2>此方法不可取,在容器删除后,重新创建就还原了。</h2>
<h2>2.1 退出容器在宿主机上查找mail.xxx.js文件</h2>
<pre><code class="language-bash">[root@harbor-slave harbor]# find / -name main.34cee70ac3f8ba62b6a9.js
/var/lib/docker/overlay2/2c846aa670b51095241121dea5a3b8d5cc827e41cc72a18ef9114aec3051be90/diff/usr/share/nginx/html/main.34cee70ac3f8ba62b6a9.js
/var/lib/docker/overlay2/e22f3f76fe242a3f49a981a8b5eced8bd57c987ea3d81e7d237b6bd91e11fbcd/merged/usr/share/nginx/html/main.34cee70ac3f8ba62b6a9.js</code></pre>
<p>查询结果有两条,第二条,即:xxxxxx/merged/xxxxxx 这一行。先备份,再修改</p>
<pre><code class="language-bash">cp /var/lib/docker/overlay2/e22f3f76fe242a3f49a981a8b5eced8bd57c987ea3d81e7d237b6bd91e11fbcd/merged/usr/share/nginx/html/main.34cee70ac3f8ba62b6a9.js /var/lib/docker/overlay2/e22f3f76fe242a3f49a981a8b5eced8bd57c987ea3d81e7d237b6bd91e11fbcd/merged/usr/share/nginx/html/main.34cee70ac3f8ba62b6a9.js.bak</code></pre>
<p>修改main.xxx.js
用vim打开,查找关键字 <code>artifactPullCommand</code> 参考下一步<code>2.3 替换字符操作</code>,替换后,不需要重启harbor,刷新页面即可。</p>
<p>参数资料
Harbor v2.0.2拉取命令按钮显示是sha256</p>
<p>其它说明:手工临时替换mail.xxx.js后不需重启,刷新harbor页面即生效。</p>