简介
Docker容器应用的开发和运行离不开可靠的镜像管理,虽然Docker官方也提供了公共的镜像仓库,但是从安全和效率等方面考虑,部署我们私有环境内的Registry也是非常必要的。Harbor是由VMware公司开源的企业级的Docker Registry管理项目,它包括权限管理(RBAC)、LDAP、日志审核、管理界面、自我注册、镜像复制和中文支持等功能。
下载
可以去GitHub上下载
#下载地址,找到适合的版本
https://github.com/vmware/harbor/releases
#每个版本下面有 离线安装包、在线安装包,根据自己的情况下载
harbor-offline-installer-v1.10.15.tgz
harbor-online-installer-v1.10.15.tgz
[root@node1 ] tar -xf harbor-offline-installer-v1.10.15.tgz
[root@node1 ] cd harbor
[root@node1 harbor]# ll
总用量 626904
-rw-r--r--. 1 root root 3398 11月 21 10:35 common.sh
-rw-r--r--. 1 root root 641915778 11月 21 10:36 harbor.v1.10.15.tar.gz
-rw-r--r--. 1 root root 5882 11月 21 10:35 harbor.yml
-rwxr-xr-x. 1 root root 2284 11月 21 10:35 install.sh
-rw-r--r--. 1 root root 11347 11月 21 10:35 LICENSE
-rwxr-xr-x. 1 root root 1750 11月 21 10:35 prepare
安装
harbor软件安装要求
|
Software |
Version |
Description |
|
Docker engine |
Version 17.06.0-ce+ or higher |
For installation instructions, see Docker Engine documentation |
|
Docker Compose |
docker-compose (v1.18.0+) or docker compose v2 (docker-compose-plugin) |
For installation instructions, see Docker Compose documentation |
|
Openssl |
Latest is preferred |
Used to generate certificate and keys for Harbor |
Docker Engine的安装之前文档写过,现在说下Docker-Compose的安装
#docker-compose下载
https://github.com/docker/compose/releases
mv docker-compose-linux-x86_64 /usr/bin/docker-compose
chmod +x /usr/bin/docker-compose
[root@node1 bin]# docker-compose version
Docker Compose version v2.13.0
修改配置
#hostname 一定要改
hostname: 192.168.56.102
#https如果有证书的话就配置上,没有的话就注释掉
#https:
# # https port for harbor, default is 443
# port: 443
# # The path of cert and key files for nginx
# certificate: /your/certificate/path
# private_key: /your/private/key/path
启动
[root@node1 harbor]# ./install.sh
[Step 0]: checking if docker is installed ...
Note: docker version: 20.10.21
[Step 1]: checking docker-compose is installed ...
Note: docker-compose version: 2.13.0
[Step 2]: loading Harbor images ...
Loaded image: goharbor/nginx-photon:v1.10.15
Loaded image: goharbor/clair-adapter-photon:v1.10.15
Loaded image: goharbor/chartmuseum-photon:v1.10.15
Loaded image: goharbor/harbor-portal:v1.10.15
Loaded image: goharbor/harbor-core:v1.10.15
Loaded image: goharbor/clair-photon:v1.10.15
Loaded image: goharbor/registry-photon:v1.10.15
Loaded image: goharbor/notary-signer-photon:v1.10.15
Loaded image: goharbor/harbor-log:v1.10.15
Loaded image: goharbor/harbor-db:v1.10.15
Loaded image: goharbor/redis-photon:v1.10.15
Loaded image: goharbor/notary-server-photon:v1.10.15
Loaded image: goharbor/prepare:v1.10.15
Loaded image: goharbor/harbor-jobservice:v1.10.15
Loaded image: goharbor/harbor-registryctl:v1.10.15
[Step 3]: preparing environment ...
[Step 4]: preparing harbor configs ...
prepare base dir is set to /root/harbor
/usr/src/app/utils/configs.py:100: YAMLLoadWarning: calling yaml.load() without Loader=... is deprecated, as the default Loader is unsafe. Please read https://msg.pyyaml.org/load for full details.
configs = yaml.load(f)
WARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. Please make sure to upgrade to https
/usr/src/app/utils/configs.py:90: YAMLLoadWarning: calling yaml.load() without Loader=... is deprecated, as the default Loader is unsafe. Please read https://msg.pyyaml.org/load for full details.
versions = yaml.load(f)
Clearing the configuration file: /config/log/logrotate.conf
Clearing the configuration file: /config/log/rsyslog_docker.conf
Clearing the configuration file: /config/nginx/nginx.conf
Clearing the configuration file: /config/core/env
Clearing the configuration file: /config/core/app.conf
Clearing the configuration file: /config/registry/config.yml
Clearing the configuration file: /config/registryctl/env
Clearing the configuration file: /config/registryctl/config.yml
Clearing the configuration file: /config/db/env
Clearing the configuration file: /config/jobservice/env
Clearing the configuration file: /config/jobservice/config.yml
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
loaded secret from file: /secret/keys/secretkey
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir
Note: stopping existing Harbor instance ...
[+] Running 7/7
⠿ Container registryctl Removed 0.3s
⠿ Container harbor-portal Removed 0.6s
⠿ Container registry Removed 0.5s
⠿ Container redis Removed 0.2s
⠿ Container harbor-db Removed 0.1s
⠿ Container harbor-log Removed 0.2s
⠿ Network harbor_harbor Removed 1.8s
[Step 5]: starting Harbor ...
[+] Running 10/10
⠿ Network harbor_harbor Created 2.0s
⠿ Container harbor-log Started 23.3s
⠿ Container registryctl Started 51.2s
⠿ Container harbor-db Started 45.9s
⠿ Container harbor-portal Started 45.9s
⠿ Container redis Started 50.5s
⠿ Container registry Started 48.1s
⠿ Container harbor-core Started 93.3s
⠿ Container nginx Started 137.1s
⠿ Container harbor-jobservice Started 137.0s
✔ ----Harbor has been installed and started successfully.----
[root@node1 harbor]# netstat -nptl|grep docker
tcp 0 0 127.0.0.1:1514 0.0.0.0:* LISTEN 16069/docker-proxy
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 19160/docker-proxy
tcp6 0 0 :::34058 :::* LISTEN 1917/cri-dockerd
tcp6 0 0 :::80 :::* LISTEN 19165/docker-proxy
如何使用
访问Harbor的web页面
默认密码在harbor.yml配置文件里面有Harbor12345,可以自己修改
Harbor
创建了一个叫Service的Project
Harbor 上传镜像
好的,拿我之前制作的一个镜像做实验,我来上传一个镜像到harbor
[root@node1 harbor]# docker images|grep tomcat
tomcat_service v1 698a3608f716 4 days ago 597MB
#重新给镜像打Tag
[root@node1 harbor]# docker tag tomcat_service:v1 192.168.56.102:80/service/tomcat_service:v1
[root@node1 harbor]# docker images|grep tomcat
192.168.56.102:80/service/tomcat_service v1 698a3608f716 4 days ago 597MB
tomcat_service v1 698a3608f716 4 days ago 597MB
#登录镜像仓库
[root@node1 harbor]# docker login 192.168.56.102:80
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
#上传镜像
[root@node1 harbor]# docker push 192.168.56.102:80/service/tomcat_service:v1
The push refers to repository [192.168.56.102:80/service/tomcat_service]
6e50863d4d2c: Pushed
f1e03e779144: Pushed
ec8a95ba0fce: Pushed
5f70bf18a086: Pushed
9ba94a407dec: Pushed
1dd3462f431e: Pushed
897373918b5d: Pushed
174f56854903: Pushed
v1: digest: sha256:16c4cf8c06cece2c54b9683bc260f6d8bc35876f6d13c2086acbd73b8e5dd618 size: 2193
去Harbor的web上看看有没有传上去,OK了
Harbor 镜像
如何重新启动Harbor
#停止Harbor
[root@node1 harbor]# docker-compose -f docker-compose.yml stop
[+] Running 9/9
⠿ Container harbor-jobservice Stopped 0.1s
⠿ Container registryctl Stopped 23.9s
⠿ Container nginx Stopped 21.2s
⠿ Container harbor-portal Stopped 0.1s
⠿ Container harbor-core Stopped 0.1s
⠿ Container harbor-db Stopped 0.0s
⠿ Container registry Stopped 0.0s
⠿ Container redis Stopped 2.7s
⠿ Container harbor-log Stopped
#启动Harbor
[root@node1 harbor]# docker-compose -f docker-compose.yml start
[+] Running 9/9
⠿ Container harbor-log Started 5.6s
⠿ Container harbor-portal Started 63.5s
⠿ Container registryctl Started 93.0s
⠿ Container harbor-db Started 96.9s
⠿ Container redis Started 119.6s
⠿ Container registry Started 115.7s
⠿ Container harbor-core Started 122.7s
⠿ Container nginx Started 271.2s
⠿ Container harbor-jobservice Started