系统环境
- centos7.3
- docker-ce docker version: 18.03.0
- docker-compose version: 1.21.0
Install Docker CE
安装依赖包
- sudo yum install -y yum-utils \
- device-mapper-persistent-data \
- lvm2
添加仓库文件
- sudo yum-config-manager \
- --add-repo \
- https://download.docker.com/linux/centos/docker-ce.repo
安装 docker-ce
sudo yum install docker-ce -y
启动 docker-ce 和开机自启动
- sudo systemctl start docker
- sudo systemctl enable docker
测试 docker
sudo docker run hello-world
docker 官网安装手册 https://docs.docker.com/install/linux/docker-ce/centos/
安装 docker-compose
pip install docker-compose
pip install --upgrade backports.ssl_match_hostname
安装 compose 会安装一下东西
Successfully installed PyYAML-3.12 backports.ssl-match-hostname-3.5.0.1 cached-property-1.4.2 certifi-2018.4.16 chardet-3.0.4 docker-3.2.1 docker-compose-1.21.0 docker-pycreds-0.2.2 dockerpty-0.4.1 docopt-0.6.2 enum34-1.1.6 functools32-3.2.3.post2 idna-2.6 ipaddress-1.0.22 jsonschema-2.6.0 requests-2.18.4 six-1.11.0 texttable-0.9.1 urllib3-1.22 websocket-client-0.47.0
安装 harhor
创建证书
- # 创建证书目录
- mkdir -p /data/cert
- cd /data/cert/
- # 创建 CA 根证书
- openssl req -newkey rsa:4096 -nodes -sha256 -keyout ca.key -x509 -days 365 -out ca.crt -subj "/C=CN/L=shenzhen/O=yanconggod/CN=harbor-registry"
- # 生成一个证书签名, 设置访问域名为 harbor.yanconggod.cn
- openssl req -newkey rsa:4096 -nodes -sha256 -keyout harbor.yanconggod.cn.key -out server.csr -subj "/C=CN/L=shenzhen/O=yanconggod/CN=harbor.yanconggod.cn"
- # 生成主机的证书
openssl x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out harbor.yanconggod.cn.crt
harbor 官网配置 ssl 指南 https://github.com/vmware/harbor/blob/master/docs/configure_https.md
查看 openssl 生成的文件
[root@centos-docker cert]# ll
- total 24
- -rw-r--r--. 1 root root 1948 Apr 17 14:27 ca.crt
- -rw-r--r--. 1 root root 3276 Apr 17 14:27 ca.key
- -rw-r--r--. 1 root root 17 Apr 17 14:27 ca.srl
- -rw-r--r--. 1 root root 1838 Apr 17 14:27 harbor.yanconggod.cn.crt
- -rw-r--r--. 1 root root 3272 Apr 17 14:27 harbor.yanconggod.cn.key
- -rw-r--r--. 1 root root 1671 Apr 17 14:27 server.csr
下载 Harbor
所有版本的下载地址 https://github.com/vmware/harbor/releases
- wget http://harbor.orientsoft.cn/harbor-v1.4.0/harbor-offline-installer-v1.4.0.tgz
- tar -zxf harbor-offline-installer-v1.4.0.tgz
- cd harbor
更改 Harbor 配置文件
vim /opt/harbor/harbor.cfg
- [root@centos-docker harbor]# grep -Ev "^$|^[#;]" harbor.cfg
- # 指定私有仓库的主机名, 可以是 IP 地址, 也可以是域名
- hostname = 10.0.40.134
- # 用户访问私仓时使用的协议, 默认时 http, 配置成 https
- ui_url_protocol = https
- max_job_workers = 3
- customize_crt = on
- # 设置证书文件路径
- ssl_cert = /data/cert/harbor.yanconggod.cn.crt
- # 设置证书密钥文件路径
- ssl_cert_key = /data/cert/harbor.yanconggod.cn.key
- secretkey_path = /data
- admiral_url = NA
- log_rotate_count = 50
- log_rotate_size = 200M
- email_identity =
- email_server = smtp.mydomain.com
- email_server_port = 25
- email_username = sample_admin@mydomain.com
- email_password = abc
- email_from = admin <sample_admin@mydomain.com>
- email_ssl = false
- email_insecure = false
- # harbor 的管理员账户密码
- harbor_admin_password = Harbor12345
- auth_mode = db_auth
- ldap_url = ldaps://ldap.mydomain.com
- ldap_basedn = ou=people,dc=mydomain,dc=com
- ldap_uid = uid
- ldap_scope = 2
- ldap_timeout = 5
- ldap_verify_cert = true
- self_registration = on
- token_expiration = 30
- project_creation_restriction = everyone
- db_host = mysql
- # 指定 mysql 数据库管理员密码
- db_password = root123
- db_port = 3306
- db_user = root
- redis_url =
- clair_db_host = postgres
- clair_db_password = password
- clair_db_port = 5432
- clair_db_username = postgres
- clair_db = postgres
- uaa_endpoint = uaa.mydomain.org
- uaa_clientid = id
- uaa_clientsecret = secret
- uaa_verify_cert = true
- uaa_ca_cert = /path/to/ca.pem
- registry_storage_provider_name = filesystem
- registry_storage_provider_config =
安装 harbor
[root@centos-docker harbor]# ./install.sh
- [Step 0]: checking installation environment ...
- Note: docker version: 18.03.0
- Note: docker-compose version: 1.21.0
- [Step 1]: loading Harbor images ...
- 651f69aef02c: Loading layer 135.8MB/135.8MB
- 40a1aad64343: Loading layer 23.24MB/23.24MB
- 3fe2713e4072: Loading layer 12.16MB/12.16MB
- ba3a1eb0e375: Loading layer 17.3MB/17.3MB
- 447427ec5e1a: Loading layer 15.87kB/15.87kB
- 4ccb4026663c: Loading layer 3.072kB/3.072kB
- 16faa95946a1: Loading layer 29.46MB/29.46MB
- Loaded image: vmware/notary-server-photon:v0.5.1-v1.4.0
- fa7ba9fd42c9: Loading layer 10.95MB/10.95MB
- 4e400f9ae23e: Loading layer 17.3MB/17.3MB
- 2802fb27c88b: Loading layer 15.87kB/15.87kB
- e6367a4e1e1e: Loading layer 3.072kB/3.072kB
- 8ece8dfcdd98: Loading layer 28.24MB/28.24MB
- Loaded image: vmware/notary-signer-photon:v0.5.1-v1.4.0
- a7dd1a8afcaf: Loading layer 396.7MB/396.7MB
- 05adebbe496f: Loading layer 9.216kB/9.216kB
- 86eb534949fa: Loading layer 9.216kB/9.216kB
- d7f127c69380: Loading layer 7.68kB/7.68kB
- 5ac1c4dc5ee9: Loading layer 1.536kB/1.536kB
- d0bec56b5b1a: Loading layer 9.728kB/9.728kB
- 4bbe83860556: Loading layer 2.56kB/2.56kB
- e526f9e6769f: Loading layer 3.072kB/3.072kB
- Loaded image: vmware/harbor-db:v1.4.0
- 1cff102bbda2: Loading layer 154.1MB/154.1MB
- 04c9f3e07de1: Loading layer 10.75MB/10.75MB
- 7b6c7bf54f5c: Loading layer 2.048kB/2.048kB
- 42f8acdb7fe3: Loading layer 48.13kB/48.13kB
- 5b6299d0a1df: Loading layer 10.8MB/10.8MB
- Loaded image: vmware/clair-photon:v2.0.1-v1.4.0
- 6534131f457c: Loading layer 94.76MB/94.76MB
- 73f582101e4b: Loading layer 6.656kB/6.656kB
- 86d847823c48: Loading layer 6.656kB/6.656kB
- Loaded image: vmware/postgresql-photon:v1.4.0
- 5cd250d5a352: Loading layer 23.24MB/23.24MB
- ad3fd52b54f3: Loading layer 14.99MB/14.99MB
- 13b1e24cc368: Loading layer 14.99MB/14.99MB
- Loaded image: vmware/harbor-adminserver:v1.4.0
- c26c69706710: Loading layer 23.24MB/23.24MB
- 223f6fe02cc8: Loading layer 23.45MB/23.45MB
- 1fc843c8698a: Loading layer 7.168kB/7.168kB
- e09293610ee7: Loading layer 10.39MB/10.39MB
- d59f9780b1d8: Loading layer 23.44MB/23.44MB
- Loaded image: vmware/harbor-ui:v1.4.0
- dd4753242e59: Loading layer 73.07MB/73.07MB
- 95aed61ca251: Loading layer 3.584kB/3.584kB
- 1864f9818562: Loading layer 3.072kB/3.072kB
- da2a19f80b81: Loading layer 4.096kB/4.096kB
- 058531639e75: Loading layer 3.584kB/3.584kB
- a84e69fb619b: Loading layer 10.24kB/10.24kB
- Loaded image: vmware/harbor-log:v1.4.0
- b1056051f246: Loading layer 23.24MB/23.24MB
- 07678065e08b: Loading layer 19.19MB/19.19MB
- a2d9bdb8f5fb: Loading layer 19.19MB/19.19MB
- Loaded image: vmware/harbor-jobservice:v1.4.0
- 7f58ce57cd5e: Loading layer 4.805MB/4.805MB
- Loaded image: vmware/nginx-photon:v1.4.0
- 4c8965978b77: Loading layer 23.24MB/23.24MB
- 1466c942edde: Loading layer 2.048kB/2.048kB
- ac5c17331735: Loading layer 2.048kB/2.048kB
- 86824c7c466a: Loading layer 2.048kB/2.048kB
- fd3bd0e70d67: Loading layer 22.8MB/22.8MB
- b02195d77636: Loading layer 22.8MB/22.8MB
- Loaded image: vmware/registry-photon:v2.6.2-v1.4.0
- Loaded image: vmware/photon:1.0
- Loaded image: vmware/mariadb-photon:v1.4.0
- 454c81edbd3b: Loading layer 135.2MB/135.2MB
- e99db1275091: Loading layer 395.4MB/395.4MB
- 051e4ee23882: Loading layer 9.216kB/9.216kB
- 6cca4437b6f6: Loading layer 9.216kB/9.216kB
- 1d48fc08c8bc: Loading layer 7.68kB/7.68kB
- 0419724fd942: Loading layer 1.536kB/1.536kB
- 526b2156bd7a: Loading layer 637.8MB/637.8MB
- 9ebf6900ecbd: Loading layer 78.34kB/78.34kB
- Loaded image: vmware/harbor-db-migrator:1.4
- [Step 2]: preparing environment ...
- Generated and saved secret to file: /data/secretkey
- Generated configuration file: ./common/config/nginx/nginx.conf
- Generated configuration file: ./common/config/adminserver/env
- Generated configuration file: ./common/config/ui/env
- Generated configuration file: ./common/config/registry/config.yml
- Generated configuration file: ./common/config/db/env
- Generated configuration file: ./common/config/jobservice/env
- Generated configuration file: ./common/config/log/logrotate.conf
- Generated configuration file: ./common/config/jobservice/app.conf
- Generated configuration file: ./common/config/ui/app.conf
- Generated certificate, key file: ./common/config/ui/private_key.pem, cert file: ./common/config/registry/root.crt
- The configuration files are ready, please use docker-compose to start the service.
- [Step 3]: checking existing instance of Harbor ...
- [Step 4]: starting Harbor ...
- Creating network "harbor_harbor" with the default driver
- Creating harbor-log ... done
Creating harbor-db ... done
Creating harbor-adminserver ... done
- Creating registry ... done
- Creating harbor-ui ... done
- Creating nginx ... done
Creating harbor-jobservice ... done
----Harbor has been installed and started successfully.----
Now you should be able to visit the admin portal at https://10.0.40.134.
For more details, please visit https://github.com/vmware/harbor .
web 登陆 Harhor
创建多一个公开仓库和私有仓库
docker 客户端上传镜像
docker 客户端能访问 web 页面即可
- #docker 登陆 Harbor 私库
- [root@docker-test ~]# docker login -u admin -p Harbor12345 10.0.40.134
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
Login Succeeded
[root@docker-test ~]#
docker 拉取最新的 nginx 镜像
[root@docker-test ~]# docker pull nginx
- Using default tag: latest
- latest: Pulling from library/nginx
- 2a72cbf407d6: Pull complete
- 04b2d3302d48: Pull complete
- e7f619103861: Pull complete
- Digest: sha256:18156dcd747677b03968621b2729d46021ce83a5bc15118e5bcced925fb4ebb9
- Status: Downloaded newer image for nginx:latest
打标签并上传到私有仓库
- [root@docker-test ~]# docker tag nginx:latest 10.0.40.134/library/ningx:v1.0
- [root@docker-test ~]# docker push 10.0.40.134/library/ningx:v1.0
- The push refers to a repository [10.0.40.134/library/ningx]
- 77e23640b533: Pushed
- 757d7bb101da: Pushed
- 3358360aedad: Pushed
- v1.0: digest: sha256:d903fe3076f89ad76afe1cbd0e476d9692d79b3835895b5b3541654c85422bf1 size: 948
参考:
Docker--------Harbor http://www.mamicode.com/info-detail-1855980.html
来源: http://blog.51cto.com/yanconggod/2104447