一、Harbor介绍
Harbor是VMware公司开源的企业级Docker Registry项目。
项目地址:https://github.com/goharbor/harbor
安装要求
二、自签HTTPS证书
Docker安装及启动服务
[root@harbor1 ~]# yum install docker-ce -y [root@harbor1 ~]# systemctl start docker [root@harbor1 ~]# systemctl enable docker Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.
安装docker-compose
[root@node01 ~]# curl -L https://get.daocloud.io/docker/compose/releases/download/1.24.1/docker-compose-uname -s-uname -m > /usr/local/bin/docker-compose % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed BashCC++C#CSSGoHaskellHTMLJavaJavaScriptJSONJSXkotlinPHPPowerShellPythonRubyRustSQLSwiftTypeScriptXML 100 423 100 423 0 0 1574 0 --:--:-- --:--:-- --:--:-- 1572 100 15.4M 100 15.4M 0 0 5314k 0 0:00:02 0:00:02 --:--:-- 6117k [root@node01 ~]# chmod +x /usr/local/bin/docker-compose
Harbor 安装
[root@harbor1 ~]# mkdir harbor [root@harbor1 ~]# mkdir /data/cert -p [root@harbor1 ~]# cd /opt/software/ [root@harbor1 software]# tar xf harbor-offline-installer-v1.8.1.tgz [root@harbor1 software]# mv harbor/* /root/harbor/ [root@harbor1 software]# cd /root/harbor/ [root@harbor1 harbor]# ll total 551208 -rw-r--r--. 1 root root 564403568 Jun 17 11:30 harbor.v1.8.1.tar.gz -rw-r--r--. 1 root root 4519 Jun 17 11:29 harbor.yml -rwxr-xr-x. 1 root root 5088 Jun 17 11:29 install.sh -rw-r--r--. 1 root root 11347 Jun 17 11:29 LICENSE -rwxr-xr-x. 1 root root 1654 Jun 17 11:29 prepare
配置自签证书
[root@harbor1 ~]# cd /data/cert [root@harbor1 cert]# openssl req -newkey rsa:4096 -nodes -sha256 -keyout ca.key -x509 -days 365 -out ca.crt Generating a 4096 bit RSA private key ...........++ .............................................++ writing new private key to 'ca.key' You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. Country Name (2 letter code) [XX]:CN State or Province Name (full name) []: Locality Name (eg, city) [Default City]: Organization Name (eg, company) [Default Company Ltd]: Organizational Unit Name (eg, section) []: Common Name (eg, your name or your server's hostname) []:harbor1 Email Address []: [root@node01 cert]# openssl req -newkey rsa:4096 -nodes -sha256 -keyout harbor1.linuxplus.com.key -out harbor1.linuxplus.com.csr Generating a 4096 bit RSA private key ...........................................................................................++ ................................................................................................++ writing new private key to 'harbor1.linuxplus.com.key' You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. Country Name (2 letter code) [XX]:CN State or Province Name (full name) []: Locality Name (eg, city) [Default City]: Organization Name (eg, company) [Default Company Ltd]: Organizational Unit Name (eg, section) []: Common Name (eg, your name or your server's hostname) []:harbor1.linuxplus.com Email Address []: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: [root@harbor1 cert]# ls ca.crt ca.key harbor1.linuxplus.com.csr harbor1.linuxplus.com.key[root@harbor1 cert]# openssl x509 -req -days 365 -in reg.linuxplus.com.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out reg.linuxplus.com.crt Signature ok subject=/C=CN/L=Default City/O=Default Company Ltd/CN=harbor1.linuxplus.com Getting CA Private Key [root@harbor1 cert]# ca.crt ca.key ca.srl harbor1.linuxplus.com.crt harbor1.linuxplus.com.csr harbor1.linuxplus.com.key
三、安装配置harbor
[root@harbor1 harbor]# vim harbor.yml hostname: harbor1.linuxplus.com http: port for http, default is 80. If https enabled, this port will redirect to https port port: 80 https: port: 443 certificate: /data/cert/harbor1.linuxplus.com.crt private_key: /data/cert/harbor1.linuxplus.com.key harbor_admin_password: Harbor12345 database: The password for the root user of Harbor DB. Change this before any production use. password: root123 data_volume: /data clair: The interval of clair updaters, the unit is hour, set to 0 to disable the updaters. updaters_interval: 12 Config http proxy for Clair, e.g. http://my.proxy.com:3128 Clair doesn't need to connect to harbor internal components via http proxy. http_proxy: https_proxy: no_proxy: 127.0.0.1,localhost,core,registry jobservice: Maximum number of job workers in job service max_job_workers: 10 chart: Change the value of absolute_url to enabled can enable absolute url in chart absolute_url: disabled log: options are debug, info, warning, error, fatal level: info Log files are rotated log_rotate_count times before being removed. If count is 0, old versions are removed rather than rotated. rotate_count: 50 Log files are rotated only if they grow bigger than log_rotate_size bytes. If size is followed by k, the size is assumed to be in kilobytes. If the M is used, the size is in megabytes, and if G is used, the size is in gigabytes. So size 100, size 100k, size 100M and size 100G are all valid. rotate_size: 200M The directory on your host that store log location: /var/log/harbor _version: 1.8.0 [root@harbor1 harbor]# ./install.sh [Step 0]: checking installation environment ... Note: docker version: 18.09.8 Note: docker-compose version: 1.24.1 [Step 1]: loading Harbor images ... ba58b7bb3f17: Loading layer [==================================================>] 33.32MB/33.32MB 1351a2c39b77: Loading layer [==================================================>] 8.967MB/8.967MB 13b531e88128: Loading layer [==================================================>] 46.85MB/46.85MB 664abb325748: Loading layer [==================================================>] 5.632kB/5.632kB 9f20c7a04d55: Loading layer [==================================================>] 27.14kB/27.14kB 594e8fcaaae3: Loading layer [==================================================>] 46.85MB/46.85MB Loaded image: goharbor/harbor-core:v1.8.1 779e79e64bef: Loading layer [==================================================>] 8.968MB/8.968MB 8a9aeb8fc32b: Loading layer [==================================================>] 3.072kB/3.072kB a4ae88938e21: Loading layer [==================================================>] 20.1MB/20.1MB 28b6b0ffc1f1: Loading layer [==================================================>] 3.072kB/3.072kB c1e7908f331a: Loading layer [==================================================>] 7.465MB/7.465MB a19f7fb04672: Loading layer [==================================================>] 27.56MB/27.56MB Loaded image: goharbor/harbor-registryctl:v1.8.1 54861210f3e5: Loading layer [==================================================>] 73.51MB/73.51MB 501c77bcbdac: Loading layer [==================================================>] 3.072kB/3.072kB 7d3ce9039ed2: Loading layer [==================================================>] 59.9kB/59.9kB 7bba9a15dc1c: Loading layer [==================================================>] 61.95kB/61.95kB Loaded image: goharbor/redis-photon:v1.8.1 fc559a3fef74: Loading layer [==================================================>] 8.967MB/8.967MB ee2a0fed7764: Loading layer [==================================================>] 5.143MB/5.143MB 900c7f7491cb: Loading layer [==================================================>] 15.13MB/15.13MB f0a444f2ab35: Loading layer [==================================================>] 26.47MB/26.47MB c5f0e5f3f9f4: Loading layer [==================================================>] 22.02kB/22.02kB 26506d175699: Loading layer [==================================================>] 3.072kB/3.072kB 47bcfef1acb5: Loading layer [==================================================>] 46.74MB/46.74MB Loaded image: goharbor/notary-server-photon:v0.6.1-v1.8.1 1b052a5ea7be: Loading layer [==================================================>] 8.972MB/8.972MB f4fa6cca061e: Loading layer [==================================================>] 35.77MB/35.77MB c5dc6f364e18: Loading layer [==================================================>] 2.048kB/2.048kB b79be0e51f9b: Loading layer [==================================================>] 3.072kB/3.072kB 82899453e467: Loading layer [==================================================>] 35.77MB/35.77MB Loaded image: goharbor/chartmuseum-photon:v0.8.1-v1.8.1 7674fdf3aec8: Loading layer [==================================================>] 63.36MB/63.36MB f89719511663: Loading layer [==================================================>] 49.81MB/49.81MB 746254f5dca5: Loading layer [==================================================>] 6.656kB/6.656kB 3669f0dbd54b: Loading layer [==================================================>] 2.048kB/2.048kB d0c83bbc6fd5: Loading layer [==================================================>] 7.68kB/7.68kB a7cb2e952968: Loading layer [==================================================>] 2.56kB/2.56kB 563892d38354: Loading layer [==================================================>] 2.56kB/2.56kB 95da7578c175: Loading layer [==================================================>] 2.56kB/2.56kB Loaded image: goharbor/harbor-db:v1.8.1 d4f0ba4c6978: Loading layer [==================================================>] 8.967MB/8.967MB f20b432a6985: Loading layer [==================================================>] 38.81MB/38.81MB 16b52efd4bf9: Loading layer [==================================================>] 38.81MB/38.81MB Loaded image: goharbor/harbor-jobservice:v1.8.1 61982ee954e7: Loading layer [==================================================>] 3.548MB/3.548MB Loaded image: goharbor/nginx-photon:v1.8.1 195156f64002: Loading layer [==================================================>] 8.968MB/8.968MB 6f093bbedbfe: Loading layer [==================================================>] 3.072kB/3.072kB 4ecbf9bd0f9b: Loading layer [==================================================>] 2.56kB/2.56kB 970d58a16ac9: Loading layer [==================================================>] 20.1MB/20.1MB fe6015e1e3fc: Loading layer [==================================================>] 20.1MB/20.1MB Loaded image: goharbor/registry-photon:v2.7.1-patch-2819-v1.8.1 b0feb119f01c: Loading layer [==================================================>] 343.7MB/343.7MB 4c5027462195: Loading layer [==================================================>] 106.5kB/106.5kB Loaded image: goharbor/harbor-migrator:v1.8.1 d3d89de23de4: Loading layer [==================================================>] 2.56kB/2.56kB d6cb22cc0142: Loading layer [==================================================>] 1.536kB/1.536kB 45c2997b6abf: Loading layer [==================================================>] 68.74MB/68.74MB ece1a297b8bf: Loading layer [==================================================>] 39.75MB/39.75MB 270978aebbde: Loading layer [==================================================>] 144.4kB/144.4kB 475e8090da36: Loading layer [==================================================>] 3.005MB/3.005MB Loaded image: goharbor/prepare:v1.8.1 085f0cf72aa7: Loading layer [==================================================>] 3.548MB/3.548MB 5050c82f527e: Loading layer [==================================================>] 6.569MB/6.569MB 50bcc42e4e95: Loading layer [==================================================>] 160.8kB/160.8kB 1b057a9ff0e2: Loading layer [==================================================>] 215kB/215kB 107182cd08af: Loading layer [==================================================>] 3.584kB/3.584kB Loaded image: goharbor/harbor-portal:v1.8.1 b3e2294bd95f: Loading layer [==================================================>] 50.51MB/50.51MB e680ad267b80: Loading layer [==================================================>] 3.584kB/3.584kB f15b30041974: Loading layer [==================================================>] 3.072kB/3.072kB ade63a9f91ea: Loading layer [==================================================>] 2.56kB/2.56kB 22574174ff2f: Loading layer [==================================================>] 3.072kB/3.072kB b6e99a8f129f: Loading layer [==================================================>] 3.584kB/3.584kB 75b8d23356d1: Loading layer [==================================================>] 12.29kB/12.29kB Loaded image: goharbor/harbor-log:v1.8.1 60d61848f566: Loading layer [==================================================>] 13.72MB/13.72MB 6301ffbcd8c1: Loading layer [==================================================>] 26.47MB/26.47MB e31c20fcae09: Loading layer [==================================================>] 22.02kB/22.02kB ce48b434a471: Loading layer [==================================================>] 3.072kB/3.072kB acaabaff778a: Loading layer [==================================================>] 45.33MB/45.33MB Loaded image: goharbor/notary-signer-photon:v0.6.1-v1.8.1 f606e390eada: Loading layer [==================================================>] 113MB/113MB 39c63b1a9659: Loading layer [==================================================>] 10.94MB/10.94MB fcbb83300f3e: Loading layer [==================================================>] 2.048kB/2.048kB 2d3a6f2b11a0: Loading layer [==================================================>] 48.13kB/48.13kB e268609393f5: Loading layer [==================================================>] 3.072kB/3.072kB a9aed4bfce3f: Loading layer [==================================================>] 10.99MB/10.99MB Loaded image: goharbor/clair-photon:v2.0.8-v1.8.1 [Step 2]: preparing environment ... prepare base dir is set to /opt/harbor Clearing the configuration file: /config/log/logrotate.conf Clearing the configuration file: /config/nginx/nginx.conf Clearing the configuration file: /config/cert/server.key Clearing the configuration file: /config/cert/server.crt Clearing the configuration file: /config/core/env Clearing the configuration file: /config/core/app.conf Clearing the configuration file: /config/registry/config.yml Clearing the configuration file: /config/registry/root.crt Clearing the configuration file: /config/registryctl/env Clearing the configuration file: /config/registryctl/config.yml Clearing the configuration file: /config/db/env Clearing the configuration file: /config/jobservice/env Clearing the configuration file: /config/jobservice/config.yml Generated configuration file: /config/log/logrotate.conf Generated configuration file: /config/nginx/nginx.conf Generated configuration file: /config/core/env Generated configuration file: /config/core/app.conf Generated configuration file: /config/registry/config.yml Generated configuration file: /config/registryctl/env Generated configuration file: /config/db/env Generated configuration file: /config/jobservice/env Generated configuration file: /config/jobservice/config.yml loaded secret from file: /secret/keys/secretkey Generated configuration file: /compose_location/docker-compose.yml Clean up the input dir [Step 3]: starting Harbor ... Creating harbor-log ... done Creating redis ... done Creating registry ... done Creating registryctl ... done Creating harbor-db ... done Creating harbor-core ... done Creating harbor-portal ... done Creating harbor-jobservice ... done Creating nginx ... done ✔ ----Harbor has been installed and started successfully.---- Now you should be able to visit the admin portal at https://harbor1.linuxplus.com. For more details, please visit https://github.com/goharbor/harbor . [root@node01 harbor]# docker-compose ps Name Command State Ports BashCC++C#CSSGoHaskellHTMLJavaJavaScriptJSONJSXkotlinPHPPowerShellPythonRubyRustSQLSwiftTypeScriptXML harbor-core /harbor/start.sh Up (healthy) harbor-db /entrypoint.sh postgres Up (healthy) 5432/tcp harbor-jobservice /harbor/start.sh Up harbor-log /bin/sh -c /usr/local/bin/ ... Up (healthy) 127.0.0.1:1514->10514/tcp harbor-portal nginx -g daemon off; Up (healthy) 80/tcp nginx nginx -g daemon off; Up (healthy) 0.0.0.0:443->443/tcp, 0.0.0.0:80->80/tcp redis docker-entrypoint.sh redis ... Up 6379/tcp registry /entrypoint.sh /etc/regist ... Up (healthy) 5000/tcp registryctl /harbor/start.sh Up (healthy)
访问:(user:admin,password:Harbor12345)
四、docker主机从harbor上传下载镜像
[root@db100 ~]# mkdir /data/cert -p [root@db100 ~]# scp 172.16.216.102:/data/cert/harbor1.linuxplus.com.crt /etc/docker/certs.d/harbor1.linuxplus.com/ The authenticity of host '172.16.216.102 (172.16.216.102)' can't be established. ECDSA key fingerprint is SHA256:RSjZGjpxNF+3FfNVScnO7si+ixmb5cvjEQChMZANJl8. ECDSA key fingerprint is MD5:91:c5:3d:0a:22:4a:51:9b:b6:57:04:c8:f4:10:df:fd. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '172.16.216.102' (ECDSA) to the list of known hosts. root@172.16.216.102's password: harbor1.linuxplus.com.crt 100% 1854 1.4MB/s 00:00 [root@db100 docker]# vim /usr/lib/systemd/system/docker.service ExecStart=/usr/bin/dockerd --insecure-registry 172.16.216.102:443 -H fd:// --containerd=/run/containerd/containerd.sock [root@db100 docker]# systemctl daemon-reload [root@db100 docker]# systemctl restart docker [root@db100 docker]# docker info Client: Debug Mode: false Server: Containers: 0 Running: 0 Paused: 0 Stopped: 0 Images: 0 Server Version: 19.03.0 Storage Driver: overlay2 Backing Filesystem: xfs Supports d_type: true Native Overlay Diff: true Logging Driver: json-file Cgroup Driver: cgroupfs Plugins: Volume: local Network: bridge host ipvlan macvlan null overlay Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog Swarm: inactive Runtimes: runc Default Runtime: runc Init Binary: docker-init containerd version: 894b81a4b802e4eb2a91d1ce216b8817763c29fb runc version: 425e105d5a03fabd737a126ad93d62a9eeede87f init version: fec3683 Security Options: seccomp Profile: default Kernel Version: 3.10.0-862.11.6.el7.x86_64 Operating System: CentOS Linux 7 (Core) OSType: linux Architecture: x86_64 CPUs: 1 Total Memory: 974.5MiB Name: db100.linuxplus.com ID: 4SS3:X52G:MGS2:TV6W:PAHP:5ZTE:X3V4:ZDHW:GCIQ:TUY3:23U5:26EU Docker Root Dir: /var/lib/docker Debug Mode: false Registry: https://index.docker.io/v1/ Labels: Experimental: false Insecure Registries: 172.16.216.102:443 127.0.0.0/8 Live Restore Enabled: false [root@db100 data]# docker login 172.16.216.102:443 Username: stuart Password: WARNING! Your password will be stored unencrypted in /root/.docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store Login Succeeded [root@db100 data]# docker logout 172.16.216.102:443 Removing login credentials for 172.16.216.102:443 [root@db100 ~]# docker tag nginx:latest 172.16.216.102:443/nginx/nginx:latest [root@db100 ~]# docker push 172.16.216.102:443/nginx/nginx:latest The push refers to repository [172.16.216.102:443/nginx/nginx] 589561a3ffb4: Pushed ef7dbb0cfc81: Pushed d56055da3352: Pushed latest: digest: sha256:f83b2ffd963ac911f9e638184c8d580cc1f3139d5c8c33c87c3fb90aebdebf76 size: 948 [root@db100 ~]# docker pull 172.16.216.102:443/nginx/nginx Using default tag: latest latest: Pulling from nginx/nginx 0a4690c5d889: Pull complete 9719afee3eb7: Pull complete 44446b456159: Pull complete Digest: sha256:f83b2ffd963ac911f9e638184c8d580cc1f3139d5c8c33c87c3fb90aebdebf76 Status: Downloaded newer image for 172.16.216.102:443/nginx/nginx:latest 172.16.216.102:443/nginx/nginx:latest [root@db100 ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE 172.16.216.102:443/nginx/nginx latest 98ebf73aba75 5 days ago 109MB
[root@db100 ~]# mkdir /data/cert -p
[root@db100 ~]# scp 172.16.216.102:/data/cert/harbor1.linuxplus.com.crt /etc/docker/certs.d/harbor1.linuxplus.com/
The authenticity of host '172.16.216.102 (172.16.216.102)' can't be established.
ECDSA key fingerprint is SHA256:RSjZGjpxNF+3FfNVScnO7si+ixmb5cvjEQChMZANJl8.
ECDSA key fingerprint is MD5:91:c5:3d:0a:22:4a:51:9b:b6:57:04:c8:f4:10:df:fd.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.16.216.102' (ECDSA) to the list of known hosts.
root@172.16.216.102's password:
harbor1.linuxplus.com.crt 100% 1854 1.4MB/s 00:00
[root@db100 docker]# vim /usr/lib/systemd/system/docker.service
ExecStart=/usr/bin/dockerd --insecure-registry 172.16.216.102:443 -H fd:// --containerd=/run/containerd/containerd.sock
[root@db100 docker]# systemctl daemon-reload
[root@db100 docker]# systemctl restart docker
[root@db100 docker]# docker info
Client:
Debug Mode: false
Server:
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 0
Server Version: 19.03.0
Storage Driver: overlay2
Backing Filesystem: xfs
Supports d_type: true
Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 894b81a4b802e4eb2a91d1ce216b8817763c29fb
runc version: 425e105d5a03fabd737a126ad93d62a9eeede87f
init version: fec3683
Security Options:
seccomp
Profile: default
Kernel Version: 3.10.0-862.11.6.el7.x86_64
Operating System: CentOS Linux 7 (Core)
OSType: linux
Architecture: x86_64
CPUs: 1
Total Memory: 974.5MiB
Name: db100.linuxplus.com
ID: 4SS3:X52G:MGS2:TV6W:PAHP:5ZTE:X3V4:ZDHW:GCIQ:TUY3:23U5:26EU
Docker Root Dir: /var/lib/docker
Debug Mode: false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
172.16.216.102:443
127.0.0.0/8
Live Restore Enabled: false
[root@db100 data]# docker login 172.16.216.102:443
Username: stuart
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
[root@db100 data]# docker logout 172.16.216.102:443
Removing login credentials for 172.16.216.102:443
[root@db100 ~]# docker tag nginx:latest 172.16.216.102:443/nginx/nginx:latest
[root@db100 ~]# docker push 172.16.216.102:443/nginx/nginx:latest
The push refers to repository [172.16.216.102:443/nginx/nginx]
589561a3ffb4: Pushed
ef7dbb0cfc81: Pushed
d56055da3352: Pushed
latest: digest: sha256:f83b2ffd963ac911f9e638184c8d580cc1f3139d5c8c33c87c3fb90aebdebf76 size: 948
[root@db100 ~]# docker pull 172.16.216.102:443/nginx/nginx
Using default tag: latest
latest: Pulling from nginx/nginx
0a4690c5d889: Pull complete
9719afee3eb7: Pull complete
44446b456159: Pull complete
Digest: sha256:f83b2ffd963ac911f9e638184c8d580cc1f3139d5c8c33c87c3fb90aebdebf76
Status: Downloaded newer image for 172.16.216.102:443/nginx/nginx:latest
172.16.216.102:443/nginx/nginx:latest
[root@db100 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
172.16.216.102:443/nginx/nginx latest 98ebf73aba75 5 days ago 109MB
错误:
[root@node01 harbor]# docker rmi nginx:1.14-alpine Error: No such image: nginx:1.14-alpine
解决方法:
[root@node01 harbor]# systemctl stop docker [root@node01 harbor]# rm -rf /var/lib/docker [root@node01 harbor]# systemctl start docker [root@node01 harbor]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE
免责声明:本站发布的内容(图片、视频和文字)以原创、转载和分享为主,文章观点不代表本网站立场,如果涉及侵权请联系站长邮箱:is@yisu.com进行举报,并提供相关证据,一经查实,将立刻删除涉嫌侵权内容。