Docker私有仓库Harbor v1.6.1安装

  • 环境

系统: CentOS 7.5.1804
内核: 4.18.7-1.el7.elrepo.x86_64

Docker-ce 18.09
docker-compose 1.23.1
Harbor v1.6.1
Harbor主机IP:192.168.1.3

Docker连接仓库的时候默认走的是HTTPS协议。
准备一个域名,并且申请个免费的通配证书。

!!!关闭防火墙和SELINUX!!!

  • 安装Docker和docker-compose

#安装Docker
wget -O /etc/yum.repos.d/docker-ce.repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

yum install -y docker-ce

mkdir /etc/docker/
cat << EOF > /etc/docker/daemon.json
{   "registry-mirrors": ["https://registry.docker-cn.com"],
    "live-restore": true,
    "default-shm-size": "128M",
    "max-concurrent-downloads": 10,
    "oom-score-adjust": -1000,
    "debug": false
}   
EOF

#配置相关的转发参数
cat <  /etc/sysctl.d/docker.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF

sysctl --system

#安装docker-compose
yum install -y python-pip
pip install docker-compose

systemctl daemon-reload
systemctl enable docker
systemctl restart docker

###############################################
[root@harbor ~]# docker -v
Docker version 18.09.0, build 4d60db4

[root@harbor ~]# docker-compose -v
docker-compose version 1.23.1, build b02f130

  • 下载Harbor

#发行版本:https://github.com/goharbor/harbor/releases
#下载online包,可能需要科学上网
cd $HOME
wget https://storage.googleapis.com/harbor-releases/harbor-online-installer-v1.6.1.tgz

#解压
tar -xf harbor-online-installer-v1.6.1.tgz
cd harbor

[root@harbor ~]# cd harbor/
[root@harbor harbor]# ll
total 1588
drwxr-xr-x 3 root root      23 Nov 13 15:03 common
-rw-r--r-- 1 root root     727 Nov  9 13:59 docker-compose.chartmuseum.yml
-rw-r--r-- 1 root root     777 Nov  9 13:59 docker-compose.clair.yml
-rw-r--r-- 1 root root    1258 Nov  9 13:59 docker-compose.notary.yml
-rw-r--r-- 1 root root    3589 Nov  9 13:59 docker-compose.yml
drwxr-xr-x 3 root root     136 Nov  9 13:59 ha
-rw-r--r-- 1 root root    7913 Nov  9 13:59 harbor.cfg
-rwxr-xr-x 1 root root    6162 Nov  9 13:59 install.sh
-rw-r--r-- 1 root root   10768 Nov  9 13:59 LICENSE
-rw-r--r-- 1 root root     482 Nov  9 13:59 NOTICE
-rw-r--r-- 1 root root 1535603 Nov  9 13:59 open_source_license
-rwxr-xr-x 1 root root   39496 Nov  9 13:59 prepare

#######################################################
harbor.cfg               #这就是harbor的配置文件了
install.sh               #安装脚本
docker-compose.yml       #docker-compose启动文件

  • 修改harbor.cfg文件

#配置文件详解:https://github.com/goharbor/harbor/blob/master/docs/installation_guide.md#configuring-harbor

#需要修改的有以下几项:

#hostname设置访问地址,可以使用ip、域名,不可以设置为127.0.0.1或localhost
hostname = registry.lotbrick.com

#访问协议,默认是http,也可以设置https
#如果启用了HTTPS,那么最好使用一个能够被浏览器认证的ssl证书,否则其他docker不信任该ssl证书,无法通讯
#如果启用的是HTTP,那么要在daemon.json配置中配置:insecure-registries字段,让docker与该仓库通讯时使用http协议
ui_url_protocol = https

#启动Harbor后,管理员UI登录的密码,默认是Harbor12345
harbor_admin_password = Harbor12345

#仓库复制时启动的线程数
max_job_workers = 3 

#SSL证书的路径,仅在协议设置为https时应用,宿主机路径
ssl_cert = /data/cert/server.crt
ssl_cert_key = /data/cert/server.key

#密钥存储路径,如:仓库复制的密钥
secretkey_path = /data

#邮件设置,发送重置密码邮件时使用
email_identity = 
email_server = smtp.mydomain.com
email_server_port = 25
email_username = [email protected]
email_password = abc
email_from = admin 
email_ssl = false

#认证方式,这里支持多种认证方式,如LADP、本次存储、数据库认证。默认是db_auth,mysql数据库认证
auth_mode = db_auth

#是否开启自注册
self_registration = on

#Token有效时间,默认30分钟
token_expiration = 30

#用户创建项目权限控制,默认是everyone(所有人),也可以设置为adminonly(只能管理员)
project_creation_restriction = everyone

  • 安装Harbor

#将私钥和证书重命名并放入/data/cert文件夹

mkdir -pv /data/cert

####################################################################
[root@harbor cert]# pwd
/data/cert
[root@harbor cert]# ll
total 8
-rw-r--r-- 1 root root 3575 Nov 10 14:43 server.crt
-rw-r--r-- 1 root root 1675 Nov 10 14:43 server.key
[root@harbor cert]#

#执行install.sh安装

cd $HOME/harbor
docker-compose pull
./install.sh

docker ps -a

#检查harbor的状态,确认所有的容器都处于up的状态
[root@harbor harbor]# docker ps -a
CONTAINER ID        IMAGE                                    COMMAND                  CREATED              STATUS                        PORTS                                                              NAMES
1949a6ca748c        goharbor/harbor-jobservice:v1.6.1        "/harbor/start.sh"       About a minute ago   Up About a minute                                                                                harbor-jobservice
162f83595512        goharbor/nginx-photon:v1.6.1             "nginx -g 'daemon of…"   About a minute ago   Up About a minute (healthy)   0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp   nginx
46049917eebc        goharbor/harbor-ui:v1.6.1                "/harbor/start.sh"       About a minute ago   Up About a minute (healthy)                                                                      harbor-ui
d53e5cf18b05        goharbor/redis-photon:v1.6.1             "docker-entrypoint.s…"   2 minutes ago        Up About a minute             6379/tcp                                                           redis
7f33cfd0d7ee        goharbor/harbor-adminserver:v1.6.1       "/harbor/start.sh"       2 minutes ago        Up About a minute (healthy)                                                                      harbor-adminserver
585f5fd7886d        goharbor/registry-photon:v2.6.2-v1.6.1   "/entrypoint.sh /etc…"   2 minutes ago        Up About a minute (healthy)   5000/tcp                                                           registry
7f6f7925306d        goharbor/harbor-db:v1.6.1                "/entrypoint.sh post…"   2 minutes ago        Up About a minute (healthy)   5432/tcp                                                           harbor-db
927fd00420fe        goharbor/harbor-log:v1.6.1               "/bin/sh -c /usr/loc…"   2 minutes ago        Up About a minute (healthy)   127.0.0.1:1514->10514/tcp                                          harbor-log
[root@harbor harbor]#


  • Web页面配置

#修改windows的hosts文件,把registry.lotbrick.com指向到harbor主机的IP
#打开浏览器输入地址
#默认账号是:admin,密码是:Harbor12345
#登陆上去创建一个test仓库做测试






  • 测试上传image到仓库

#修改harbor主机的hosts,在harbor主机做测试
cat << EOF >> /etc/hosts
192.168.1.3  registry.lotbrick.com
EOF

#pull一个alpine镜像下来
docker pull alpine
docker images

#修改alpine镜像的tag
#修改后的格式:仓库地址/仓库名/镜像名:标签
docker tag alpine:latest registry.lotbrick.com/test/alpine:latest

#登陆仓库并上传镜像
docker login registry.lotbrick.com
docker push registry.lotbrick.com/test/alpine:latest

#打开web页面,查看镜像是否上传成功




  • 换台机器尝试pull镜像

#同样,要修改一下hosts文件
cat << EOF >> /etc/hosts
192.168.1.3  registry.lotbrick.com
EOF

#尝试pull
docker pull registry.lotbrick.com/test/alpine:latest

转载于:https://blog.51cto.com/bigboss/2316525

你可能感兴趣的:(Docker私有仓库Harbor v1.6.1安装)