部署docker私有仓库Harbor

一、环境说明

操作系统：centos 7.5

软件版本：harbor 1.8.2

二、软件安装

1.安装前准备

# systemctl disable firewalld.service
# systemctl stop firewalld.service
# sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
# setenforce 0
# hostnamectl --static set-hostname  docker-Harbor

安装docker-ce，再次不熬述

2.下载并解压harbor

# wget https://github.com/goharbor/harbor/releases/download/v1.8.2/harbor-offline-installer-v1.8.2.tgz
# mkdir /opt/software
# tar -xvf harbor-offline-installer-v1.8.2.tgz -C /opt/software

3.安装docker compose

方法一

＃ curl -L https://github.com/docker/compose/releases/download/1.24.1/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
＃ chmod +x /usr/local/bin/docker-compose
＃ docker-compose --version
docker-compose version 1.24.1, build f46880fe

方法二

# yum -y install epel-release python-pip
# pip install docker-compose
# docker-compose --version
docker-compose version 1.22.0, build f46880fe

4.生成ssl证书文件

# mkdir {harbor安装路径}/cert && cd {harbor安装路径}/cert

# openssl genrsa -out ca.key 4096
# openssl req -x509 -new -nodes -sha512 -days 36500 \
  -subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=yourdomain" \
  -key ca.key \
  -out ca.crt

# openssl genrsa -out yourdomain.key 4096
# openssl req -sha512 -new \
  -subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=yourdomain" \
  -key yourdomain.key \
  -out yourdomain.csr

# cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names

[alt_names]
DNS.1=yourdomain
DNS.3=hostname
EOF

# openssl x509 -req -sha512 -days 36500 \
  -extfile v3.ext \
  -CA ca.crt -CAkey ca.key -CAcreateserial \
  -in yourdomain.csr \
  -out yourdomain.crt

# openssl x509 -inform PEM -in yourdomain.crt -out yourdomain.cert

5.修改配置文件

# vi /opt/software/harbor/harbor.yml
hostname: {harbor自定义域名}

http:
  # port for http, default is 80. If https enabled, this port will redirect to https port
  port: {harbor http端口}
# https related config
https:
  # https port for harbor, default is 443
  port: {harbor https端口}
  # The path of cert and key files for nginx  
  certificate: {harbor安装路径}/cert/yourdomain.crt}
  private_key: {harbor安装路径}/cert/yourdomain.key}

harbor_admin_password: {harbor登录密码}

database:
  # The password for the root user of Harbor DB. Change this before any production use.
  password: {harbor数据库登录密码}

data_volume: {harbor数据存储位置}

6.安装harbor

# cd /opt/software/harbor
# ./prepare
# ./install.sh

[Step 0]: checking installation environment ...

Note: docker version: 18.03.1

Note: docker-compose version: 1.24.1

[Step 1]: loading Harbor images ...

查看生成的images和开发的端口

[root@harbor harbor]# docker images
REPOSITORY                                        TAG                        IMAGE ID            CREATED             SIZE
goharbor/chartmuseum-photon                       v0.9.0-v1.8.2              e72f3e685a37        5 weeks ago         130MB
goharbor/harbor-migrator                          v1.8.2                     c11a64ae3a1e        5 weeks ago         361MB
goharbor/redis-photon                             v1.8.2                     18036ee471bc        5 weeks ago         107MB
goharbor/clair-photon                             v2.0.8-v1.8.2              68de68a40e66        5 weeks ago         164MB
goharbor/notary-server-photon                     v0.6.1-v1.8.2              90cf28ef3a84        5 weeks ago         135MB
goharbor/notary-signer-photon                     v0.6.1-v1.8.2              e9b49ea8ed32        5 weeks ago         132MB
goharbor/harbor-registryctl                       v1.8.2                     ad798fd6e618        5 weeks ago         96.5MB
goharbor/registry-photon                          v2.7.1-patch-2819-v1.8.2   081bfb3dc181        5 weeks ago         81.6MB
goharbor/nginx-photon                             v1.8.2                     1592a48daeac        5 weeks ago         36.2MB
goharbor/harbor-log                               v1.8.2                     42ad5ef672dd        5 weeks ago         81.8MB
goharbor/harbor-jobservice                        v1.8.2                     623ed0095966        5 weeks ago         119MB
goharbor/harbor-core                              v1.8.2                     03d6daab10c7        5 weeks ago         135MB
goharbor/harbor-portal                            v1.8.2                     41e264a7980b        5 weeks ago         43.2MB
goharbor/harbor-db                                v1.8.2                     927ecd68ee1f        5 weeks ago         144MB
goharbor/prepare                                  v1.8.2                     b0d62cc7683d        5 weeks ago         145MB

# netstat -lntp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 127.0.0.1:1514          0.0.0.0:*               LISTEN      1601/docker-proxy         
tcp6       0      0 :::443                  :::*                    LISTEN      1733/docker-proxy   
tcp6       0      0 :::80                   :::*                    LISTEN      1745/docker-proxy 

7.访问登录harbor(https://{harbor主机ip})，默认用户名/密码:admin/Harbor12345

8.修改需要与harbor连接的各docker节点配置文件

# vi /etc/docker/daemon.json 
{
  "registry-mirrors": ["https://wghlmi3i.mirror.aliyuncs.com"],
  "insecure-registries":["{harbor主机IP:port}"]
}

# systemctl restart docker

9.harbor镜像操作

镜像打标签

docker tag SOURCE_IMAGE[:TAG] {harbor主机域名:port}/library/IMAGE[:TAG]

推送镜像

# docker login {harbor主机域名:port} -u {harbor登录用户名} -p {harbor密码}  //登入harbor在docekr client各主机执行
Login Succeeded
# docker push {harbor主机域名:port}/library/IMAGE[:TAG]

# docker logout    //登出harbor

拉取镜像

# docker pull {harbor主机域名:port}/library/IMAGE[:TAG]