一, 环境介绍
目标主机的先决条件
Harbor 被部署为多个 Docker 容器, 因此可以部署在任何支持 Docker 的 Linux 发行版上. 目标主机需要安装 Python,Docker 和 Docker Compose.
硬件
资源 | 容量 | 描述 |
---|---|---|
cpu | 最小 2cpu | 首选 4cpu |
memory | 最小 4GB | 首选 8GB |
disk | 最小 40GB | 首选 160GB |
软件
软件 | 版本 | 描述 |
---|---|---|
Python | 2.7 及以上 | linuxiso 自带 python2.7,此步骤可省略 |
Docker engine | 1.10 及以上 | 有关安装说明,请参阅:https://docs.docker.com/engine/installation/ |
Docker compose | 1.6.0 及以上 | 有关安装说明,请访问:https://docs.docker.com/compose/install/ |
Openssl | 最新 | 为 Harbor 生成证书和密钥 |
二, 安装
下载 harbor 软件包:
解压
- cd /home
- tar -zxvf harbor-offline-installer-v1.7.1.tgz
- yum update -y
耐心等待一会
安装 docekr 并配置加速器和镜像仓库地址
- yum install docker -y
- yum install VIM -y
- [[email protected] docker]# cd /etc/docker/
- [[email protected] docker]# ls
- certs.d daemon.JSON seccomp.JSON
- VIM daemon.JSON
- {
- "registry-mirrors": ["https://o3niohlb.mirror.aliyuncs.com/"],
- "insecure-registries": ["172.18.74.145"]
- }
这里注意 IP 地址前面不要加任何协议
否则会报错
- docker login 172.18.74.145
- Username: admin
- Password:
- Error response from daemon: Get https://172.18.74.145/v1/users/: dial tcp 172.18 .74.145:443: connect: connection refused
- systemctl daemon-reload
- systemctl enable docker
- systemctl start docker
- systemctl status docker
安装 docker-compose
- yum install epel-release -y
- yum install docker-compose -y
查看各软件版本
- [[email protected] ~]# openssl
- OpenSSL> version
- OpenSSL 1.0.2k-fips 26 Jan 2017
- OpenSSL> ^C
- [[email protected] ~]# python --version
- Python 2.7.5
- [[email protected] ~]#
- [[email protected] ~]# docker -v
- Docker version 1.13.1, build b2f74b2/1.13.1
- [[email protected] ~]# docker-compose -v
- docker-compose version 1.18.0, build 8dd22a9
- [[email protected] ~]#
编辑 harbor 配置文件
- cd /home/harbor/
- VIM harbor.cfg
- hostname = 172.18.74.145
安装 Harbor
- [[email protected] harbor]# ./install.sh
- [Step 0]: checking installation environment ...
- Note: docker version: 1.13.1
- Note: docker-compose version: 1.18.0
- [Step 1]: loading Harbor images ...
- ae18db924eef: Loading layer 32.92 MB/32.92 MB
- 1c06074dba9c: Loading layer 8.955 MB/8.955 MB
- 7a719a639e34: Loading layer 3.072 kB/3.072 kB
- 49f7bca05da9: Loading layer 2.56 kB/2.56 kB
- e86d69bef97e: Loading layer 2.56 kB/2.56 kB
- 81e122d773f5: Loading layer 2.048 kB/2.048 kB
- 5fe5adb8cf31: Loading layer 22.8 MB/22.8 MB
- d760045419e4: Loading layer 22.8 MB/22.8 MB
- Loaded image: goharbor/registry-photon:v2.6.2-v1.7.1
- c0f668a21621: Loading layer 133.2 MB/133.2 MB
- f8cb0bf39ff2: Loading layer 684 MB/684 MB
- 444ac38a117b: Loading layer 7.68 kB/7.68 kB
- 2e16f24ac8bc: Loading layer 212 kB/212 kB
- Loaded image: goharbor/harbor-migrator:v1.7.1
- fa2dcaba747a: Loading layer 8.955 MB/8.955 MB
- eeaaf4c760eb: Loading layer 15.6 MB/15.6 MB
- 98ffd6175b61: Loading layer 18.94 kB/18.94 kB
- fc1db6c4f652: Loading layer 15.6 MB/15.6 MB
- Loaded image: goharbor/harbor-adminserver:v1.7.1
- 8d55a6a034d6: Loading layer 8.955 MB/8.955 MB
- 01ef68a17913: Loading layer 27.24 MB/27.24 MB
- f9258cfa4b48: Loading layer 5.632 kB/5.632 kB
- dcf5c61ede76: Loading layer 27.24 MB/27.24 MB
- Loaded image: goharbor/harbor-core:v1.7.1
- 1f65d10893c9: Loading layer 50.39 MB/50.39 MB
- 358f40be2091: Loading layer 3.584 kB/3.584 kB
- c7f3ef058d0b: Loading layer 3.072 kB/3.072 kB
- 154caf7c7173: Loading layer 4.096 kB/4.096 kB
- 42c7764aa777: Loading layer 3.584 kB/3.584 kB
- 023f3a96f324: Loading layer 10.24 kB/10.24 kB
- Loaded image: goharbor/harbor-log:v1.7.1
- a1b528067504: Loading layer 8.955 MB/8.955 MB
- 2d3d34f3ba5b: Loading layer 21.51 MB/21.51 MB
- a5da70777097: Loading layer 21.51 MB/21.51 MB
- Loaded image: goharbor/harbor-jobservice:v1.7.1
- ab31dfc84e9d: Loading layer 8.954 MB/8.954 MB
- b130423af762: Loading layer 13.43 MB/13.43 MB
- 357c059d0598: Loading layer 17.3 MB/17.3 MB
- fabc6edfac55: Loading layer 11.26 kB/11.26 kB
- cfaa3b5d445a: Loading layer 3.072 kB/3.072 kB
- 12c73a4b2c7a: Loading layer 30.72 MB/30.72 MB
- Loaded image: goharbor/notary-server-photon:v0.6.1-v1.7.1
- 50a6467bd619: Loading layer 113 MB/113 MB
- 6ae61fc91943: Loading layer 11.46 MB/11.46 MB
- 5c840c272f78: Loading layer 2.048 kB/2.048 kB
- 077d16ebcba8: Loading layer 48.13 kB/48.13 kB
- b822f5ff7858: Loading layer 3.072 kB/3.072 kB
- 4548140152fd: Loading layer 11.51 MB/11.51 MB
- Loaded image: goharbor/clair-photon:v2.0.7-v1.7.1
- 232024be30e3: Loading layer 3.39 MB/3.39 MB
- a73624ae3fad: Loading layer 4.721 MB/4.721 MB
- 96b8c5c532c3: Loading layer 3.584 kB/3.584 kB
- Loaded image: goharbor/harbor-portal:v1.7.1
- e2fd12afe6e8: Loading layer 63.31 MB/63.31 MB
- e973513bcb58: Loading layer 40.74 MB/40.74 MB
- 4f45af643b2b: Loading layer 6.656 kB/6.656 kB
- 54a84094f024: Loading layer 2.048 kB/2.048 kB
- 2d78cf8a687b: Loading layer 7.68 kB/7.68 kB
- e96067b83a72: Loading layer 2.56 kB/2.56 kB
- 38a7d304147f: Loading layer 2.56 kB/2.56 kB
- a36c0cb6a35a: Loading layer 2.56 kB/2.56 kB
- Loaded image: goharbor/harbor-db:v1.7.1
- b0c31ad64c85: Loading layer 65.01 MB/65.01 MB
- 22fbab41769e: Loading layer 3.072 kB/3.072 kB
- 7f28bf5373b2: Loading layer 59.9 kB/59.9 kB
- abb9969cff2a: Loading layer 61.95 kB/61.95 kB
- Loaded image: goharbor/Redis-photon:v1.7.1
- 933cd9a15fc5: Loading layer 3.39 MB/3.39 MB
- Loaded image: goharbor/nginx-photon:v1.7.1
- 6ee16a137af2: Loading layer 8.955 MB/8.955 MB
- 954443cb7d20: Loading layer 22.8 MB/22.8 MB
- 302a998137db: Loading layer 3.072 kB/3.072 kB
- e342723aef9b: Loading layer 7.465 MB/7.465 MB
- 4eeb61ed730b: Loading layer 30.26 MB/30.26 MB
- Loaded image: goharbor/harbor-registryctl:v1.7.1
- 5b40d957fafd: Loading layer 12.11 MB/12.11 MB
- 63489681dd6c: Loading layer 17.3 MB/17.3 MB
- 696209dcd336: Loading layer 11.26 kB/11.26 kB
- 8dc53997aa1f: Loading layer 3.072 kB/3.072 kB
- cb6d560a9958: Loading layer 29.41 MB/29.41 MB
- Loaded image: goharbor/notary-signer-photon:v0.6.1-v1.7.1
- dc1e16790c89: Loading layer 8.96 MB/8.96 MB
- 046c7e7a0100: Loading layer 35.08 MB/35.08 MB
- 8c8428e3d6c6: Loading layer 2.048 kB/2.048 kB
- ebb477ee35a2: Loading layer 3.072 kB/3.072 kB
- 19636f39e29d: Loading layer 35.08 MB/35.08 MB
- Loaded image: goharbor/chartmuseum-photon:v0.7.1-v1.7.1
- [Step 2]: preparing environment ...
- Generated and saved secret to file: /data/secretkey
- Generated configuration file: ./common/config/nginx/nginx.conf
- Generated configuration file: ./common/config/adminserver/env
- Generated configuration file: ./common/config/core/env
- Generated configuration file: ./common/config/registry/config.YAML
- Generated configuration file: ./common/config/db/env
- Generated configuration file: ./common/config/jobservice/env
- Generated configuration file: ./common/config/jobservice/config.YAML
- Generated configuration file: ./common/config/log/logrotate.conf
- Generated configuration file: ./common/config/registryctl/env
- Generated configuration file: ./common/config/core/App.conf
- Generated certificate, key file: ./common/config/core/private_key.pem, cert file : ./common/config/registry/root.crt
- Creating harbor-log ... done
- e.
- [Step 3]: checking existing instance of Harbor ...
- Creating harbor-db ... done
- Creating harbor-core ... done
- [Step 4]: starting Harbor ...
- Creating harbor-portal ... done
- Creating nginx ... done
- Creating registryctl ...
- Creating registry ...
- Creating harbor-adminserver ...
- Creating Redis ...
- Creating harbor-db ...
- Creating harbor-core ...
- Creating harbor-jobservice ...
- Creating harbor-portal ...
- Creating nginx ...
- ? ----Harbor has been installed and started successfully.----
- Now you should be able to visit the admin portal at http://172.18.74.145.
- For more details, please visit https://github.com/goharbor/harbor .
从上面可以看出 Harbor 是基于多个容器的服务
查看一下镜像, 会发现多了好多, 这些都是刚才安装 Harbor 的过程中拉取的镜像
- [[email protected] harbor]# docker images
- REPOSITORY TAG IMAGE ID CREATED SIZE
- goharbor/chartmuseum-photon v0.7.1-v1.7.1 f61c186d5b1b 4 months ago 111 MB
- goharbor/harbor-migrator v1.7.1 9ec6467899b6 4 months ago 799 MB
- goharbor/Redis-photon v1.7.1 c7aa92fb1c26 4 months ago 96.3 MB
- goharbor/clair-photon v2.0.7-v1.7.1 832461eef7dd 4 months ago 165 MB
- goharbor/notary-server-photon v0.6.1-v1.7.1 382cd390eaff 4 months ago 102 MB
- goharbor/notary-signer-photon v0.6.1-v1.7.1 76486e1aa1a2 4 months ago 99.6 MB
- goharbor/harbor-registryctl v1.7.1 aefea98e6f92 4 months ago 101 MB
- goharbor/registry-photon v2.6.2-v1.7.1 13b348ffd0c9 4 months ago 86.4 MB
- goharbor/nginx-photon v1.7.1 9b9520572494 4 months ago 35.5 MB
- goharbor/harbor-log v1.7.1 0744800d7a4c 4 months ago 81 MB
- goharbor/harbor-jobservice v1.7.1 db96ce6ed531 4 months ago 83.8 MB
- goharbor/harbor-core v1.7.1 8f253c0f9d50 4 months ago 95.2 MB
- goharbor/harbor-portal v1.7.1 b50162ab177a 4 months ago 40.2 MB
- goharbor/harbor-adminserver v1.7.1 22d66cccedba 4 months ago 72 MB
- goharbor/harbor-db v1.7.1 c2a95254c0bf 4 months
至此 Harbor 的安装就完成了, 访问 ip 直接就可以看到 harbor 的登陆页面, Harbor 的默认登录名是 admin, 密码是 Harbor123456, 可以登陆进去修改密码.
三, 管理
登陆到 harbor
- [[email protected] harbor]# docker login 172.18.74.145
- Username: admin
- Password:
- Login Succeeded
拉取 alpine 镜像
- [[email protected] harbor]# docker pull alpine
- [[email protected] harbor]# docker images
- REPOSITORY TAG IMAGE ID CREATED SIZE
- docker.io/alpine latest cdf98d1859c1 4 weeks ago 5.53 MB
给镜像打标签, 注意打标签的格式为 镜像仓库名称 / 项目名 / 镜像名: 版本号,
- [[email protected] harbor]# docker tag docker.io/alpine:latest 172.18.74.145/library/alpine:latest
- [[email protected] harbor]# docker images
- REPOSITORY TAG IMAGE ID CREATED SIZE
- 172.18.74.145/library/alpine latest cdf98d1859c1 4 weeks ago 5.53 MB
- docker.io/alpine latest cdf98d1859c1 4 weeks ago 5.53 MB
将镜像推送至 harbor
- [[email protected] harbor]# docker push 172.18.74.145/library/alpine:latest
- The push refers to a repository [172.18.74.145/library/alpine]
- a464c54f93a9: Pushed
- latest: digest: sha256:5c40b3c27b9f13c873fefb2139765c56ce97fd50230f1f2d5c91e55dec171907 size: 528
查看
在默认的 library 项目里有我们刚才上传的镜像, 下载数为 0, 我们 pull 一下看看下载数的变化
- [[email protected] harbor]# docker pull 172.18.74.145/library/alpine
- Using default tag: latest
- Trying to pull repository 172.18.74.145/library/alpine ...
- latest: Pulling from 172.18.74.145/library/alpine
- Digest: sha256:5c40b3c27b9f13c873fefb2139765c56ce97fd50230f1f2d5c91e55dec171907
- Status: Image is up to date for 172.18.74.145/library/alpine:latest
下载数 + 1
停止 Harbor
此命令会把所以 harbor 容器删除, 但不会删除镜像
- [[email protected] harbor]# docker-compose down -v
- Stopping nginx ... done
- Stopping harbor-portal ... done
- Stopping harbor-jobservice ... done
- Stopping harbor-core ... done
- Stopping Redis ... done
- Stopping harbor-db ... done
- Stopping registry ... done
- Stopping harbor-adminserver ... done
- Stopping registryctl ... done
- Stopping harbor-log ... done
- Removing nginx ... done
- Removing harbor-portal ... done
- Removing harbor-jobservice ... done
- Removing harbor-core ... done
- Removing Redis ... done
- Removing harbor-db ... done
- Removing registry ... done
- Removing harbor-adminserver ... done
- Removing registryctl ... done
- Removing harbor-log ... done
- Removing network harbor_harbor
可以看到所有的容器都停止并删除了, 而镜像还存在.
- [[email protected] harbor]# docker ps -a
- CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
- [[email protected] harbor]# docker images
- REPOSITORY TAG IMAGE ID CREATED SIZE
- 172.18.74.145/library/alpine latest cdf98d1859c1 4 weeks ago 5.53 MB
- docker.io/alpine latest cdf98d1859c1 4 weeks ago 5.53 MB
- goharbor/chartmuseum-photon v0.7.1-v1.7.1 f61c186d5b1b 4 months ago 111 MB
- goharbor/harbor-migrator v1.7.1 9ec6467899b6 4 months ago 799 MB
- goharbor/Redis-photon v1.7.1 c7aa92fb1c26 4 months ago 96.3 MB
- goharbor/clair-photon v2.0.7-v1.7.1 832461eef7dd 4 months ago 165 MB
- goharbor/notary-server-photon v0.6.1-v1.7.1 382cd390eaff 4 months ago 102 MB
- goharbor/notary-signer-photon v0.6.1-v1.7.1 76486e1aa1a2 4 months ago 99.6 MB
- goharbor/harbor-registryctl v1.7.1 aefea98e6f92 4 months ago 101 MB
- goharbor/registry-photon v2.6.2-v1.7.1 13b348ffd0c9 4 months ago 86.4 MB
- goharbor/nginx-photon v1.7.1 9b9520572494 4 months ago 35.5 MB
- goharbor/harbor-log v1.7.1 0744800d7a4c 4 months ago 81 MB
- goharbor/harbor-jobservice v1.7.1 db96ce6ed531 4 months ago 83.8 MB
- goharbor/harbor-core v1.7.1 8f253c0f9d50 4 months ago 95.2 MB
- goharbor/harbor-portal v1.7.1 b50162ab177a 4 months ago 40.2 MB
- goharbor/harbor-adminserver v1.7.1 22d66cccedba 4 months ago 72 MB
- goharbor/harbor-db v1.7.1 c2a95254c0bf 4 months ago 133 MB
自定义配置 Harbor 监听端口
- [[email protected] harbor]# cd /home/harbor
- [[email protected] harbor]# VIM docker-compose.YAML
- proxy:
- image: goharbor/nginx-photon:v1.7.1
- container_name: nginx
- restart: always
- cap_drop:
- - ALL
- cap_add:
- - CHOWN
- - SETGID
- - SETUID
- - NET_BIND_SERVICE
- volumes:
- - ./common/config/nginx:/etc/nginx:z
- networks:
- - harbor
- dns_search: .
- ports:
- - 8888:80 // 这里可以把映射到本地的端口改为 8888
- - 443:443
- - 4443:4443
- depends_on:
- - PostgreSQL
- - registry
- - core
- - portal
- - log
- logging:
- driver: "syslog"
- options:
- syslog-address: "tcp://127.0.0.1:1514"
- tag: "proxy"
要更改 Harbor 的配置, 要停止现有的 Harbor 实例并更新 harbor.cfg, 使用 prepare 命令重新加载配置
- VIM harbor.cfg
- hostname=172.18.74.145:8888
- ./prepare
开启 Harbor
- [[email protected] harbor]# docker-compose up -d
- Creating harbor-portal ... done
- Creating nginx ... done
- Creating Redis ...
- Creating harbor-adminserver ...
- Creating registry ...
- Creating registryctl ...
- Creating harbor-db ...
- Creating harbor-core ...
- Creating harbor-portal ...
- Creating harbor-jobservice ...
- Creating nginx ...
可以看到 harbor 容器又都启动了
- [[email protected] harbor]# docker ps
- CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
- e913e767568e goharbor/nginx-photon:v1.7.1 "nginx -g'daemon ..." 10 seconds ago Up 7 seconds (health: starting) 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp nginx
- 8b1c95d68041 goharbor/harbor-jobservice:v1.7.1 "/harbor/start.sh" 12 seconds ago Up 9 seconds harbor-jobservice
- 39f48c79e914 goharbor/harbor-portal:v1.7.1 "nginx -g'daemon ..." 12 seconds ago Up 9 seconds (health: starting) 80/tcp harbor-portal
- c0735c7ecad8 goharbor/harbor-core:v1.7.1 "/harbor/start.sh" 13 seconds ago Up 11 seconds (health: starting) harbor-core
- fd0830a7e6f9 goharbor/harbor-db:v1.7.1 "/entrypoint.sh po..." 16 seconds ago Up 12 seconds (health: starting) 5432/tcp harbor-db
- ab7efc2bee1b goharbor/harbor-registryctl:v1.7.1 "/harbor/start.sh" 16 seconds ago Up 12 seconds (health: starting) registryctl
- 01623abd77c2 goharbor/registry-photon:v2.6.2-v1.7.1 "/entrypoint.sh /e..." 16 seconds ago Up 12 seconds (health: starting) 5000/tcp registry
- 9ccbf668088b goharbor/harbor-adminserver:v1.7.1 "/harbor/start.sh" 16 seconds ago Up 12 seconds (health: starting) harbor-adminserver
- d35fbc13ca00 goharbor/Redis-photon:v1.7.1 "docker-entrypoint..." 16 seconds ago Up 14 seconds 6379/tcp Redis
- 1933f2a457c4 goharbor/harbor-log:v1.7.1 "/bin/sh -c /usr/l..." 17 seconds ago Up 15 seconds (health: starting) 127.0.0.1:1514->10514/tcp harbor-log
浏览器访问 ip:8888
默认情况下, 注册表数据保留在主机的 / data / 目录中, 即使 Harbor 的容器被移除和 / 或重新创建, 此数据仍保持不变.
- [[email protected] ~]# cd /data/
- [[email protected] data]# ls
- ca_download config database job_logs psc Redis registry secretkey
- [[email protected] data]# cd registry/
- [[email protected] registry]# tree
- .
└── docker
└── registry
└── v2
├── blobs
│ └── sha256
│ ├── 5c
│ │ └── 5c40b3c27b9f13c873fefb2139765c56ce97fd50230f1f2d5c91e55dec171907
│ │ └── data
│ ├── bd
│ │ └── bdf0201b3a056acc4d6062cc88cd8a4ad5979983bfb640f15a145e09ed985f92
│ │ └── data
│ └── cd
│ └── cdf98d1859c1beb33ec70507249d34bacf888d59c24df3204057f9a6c758dddb
│ └── data
└── repositories
└── library
└── alpine
├── _layers
│ └── sha256
│ ├── bdf0201b3a056acc4d6062cc88cd8a4ad5979983bfb640f15a145e09ed985f92
│ │ └── link
│ └── cdf98d1859c1beb33ec70507249d34bacf888d59c24df3204057f9a6c758dddb
│ └── link
├── _manifests
│ ├── revisions
│ │ └── sha256
│ │ └── 5c40b3c27b9f13c873fefb2139765c56ce97fd50230f1f2d5c91e55dec171907
│ │ └── link
│ └── tags
│ └── latest
│ ├── current
│ │ └── link
│ └── index
│ └── sha256
│ └── 5c40b3c27b9f13c873fefb2139765c56ce97fd50230f1f2d5c91e55dec171907
│ └── link
└── _uploads
29 directories, 8 files
此外, Harbor 使用 rsyslog 来收集每个容器中的日志, 默认情况下, 这些日志文件存储在主机的 / var/log/harbor / 下
可根据这些日志文件进行故障排除
- [[email protected] registry]# cd /var/log/harbor/
- [[email protected] harbor]# ls
- adminserver.log core.log jobservice.log portal.log PostgreSQL.log proxy.log Redis.log registryctl.log registry.log
来源: http://www.bubuko.com/infodetail-3051884.html