harbor部署实录

harbor部署实录

环境准备

工具	版本号
Docker	20.10.16
Docker compose	1.18.0

Docker && Docker compose 安装

harbor部署在docker中，部署过程可以参考之前文档中docker部署的部分：Kubernetes集群部署实录

 # 清除旧版本docker
[root@k8s-master ~] yum remove docker docker-client docker-client-latest docker-common docker-latest docker-latest-logrotate docker-logrotate docker-engine
# yum源中添加docker下载镜像
[root@k8s-master ~] yum install -y yum-utils
[root@k8s-master ~] yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
# 安装指定版本docker 和 docker-compose
[root@k8s-master ~] yum install -y docker-ce-20.10.16 docker-ce-cli-20.10.16 containerd.io docker-compose docker-compose-plugin
# 启动docker
[root@k8s-master ~] systemctl enable docker && systemctl start docker
Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.
# 配置docker镜像源为国内源
[root@k8s-master ~] tee /etc/docker/daemon.json <<-'EOF'
{
  "registry-mirrors": ["https://docker.mirrors.ustc.edu.cn"]
}
EOF
# 重启docker
[root@k8s-master ~] systemctl restart docker

harbor 部署

Harbor github文档

关闭防火墙和 selinux

# 关闭防火墙
[root@k8s-master ~] systemctl stop firewalld
[root@k8s-master ~] systemctl disable firewalld
[root@k8s-master ~] iptables -F
# 确认防火墙状态
[root@k8s-master ~] systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
   Active: inactive (dead)
     Docs: man:firewalld(1)

# 关闭SELinux
[root@k8s-master ~] sed -i "s/^SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
[root@k8s-master ~] sed -i "s/^SELINUX=permissive/SELINUX=disabled/g" /etc/selinux/config
# 确认SELinux状态
[root@k8s-master ~] setenforce 0
setenforce: SELinux is disabled

下载 harbor包

Harbor下载地址

md5验证：

[root@upaamytg harbor-install]# md5sum harbor-offline-installer-v2.6.0.tgz 
42a4eb69627eea467235981508d7434f  harbor-offline-installer-v2.6.0.tgz

确保值与md5sum中的一致

解压安装

[root@upaamytg harbor-install] tar -zxf harbor-offline-installer-v2.6.0.tgz -C /usr/local/
[root@upaamytg harbor-install] cd /usr/local/harbor/
[root@upaamytg harbor] mv harbor.yml.tmpl harbor.yml
[root@upaamytg harbor] vim harbor.yml

设置hostname为本机IP，给个可用端口

注销https

修改admin密码

[root@upaamytg harbor] ./prepare # 生成配置文件
[root@upaamytg harbor] vim docker-compose.yml # 修改 harbor 端口

[root@upaamytg harbor] ./install.sh
[root@upaamytg harbor] vim /etc/docker/daemon.json
# 写入内容：
{
"registry-mirrors": ["http://172.16.0.52:8006"],
"insecure-registries":["172.16.0.52:8006"]}
}
# 重启docker
[root@upaamytg harbor] systemctl restart docker
[root@upaamytg harbor] systemctl status docker
● docker.service - Docker Application Container Engine
   Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled)
   Active: active (running) since Fri 2022-09-16 11:33:23 CST; 3s ago
     Docs: https://docs.docker.com
 Main PID: 22291 (dockerd)
    Tasks: 45
   Memory: 79.4M
   CGroup: /system.slice/docker.service
           ├─22291 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
           ├─22459 /usr/bin/docker-proxy -proto tcp -host-ip 127.0.0.1 -host-port 1514 -container-ip 172.18.0.3 -container-port 10514
           ├─22952 /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 80 -container-ip 172.18.0.2 -container-port 8080
           └─22959 /usr/bin/docker-proxy -proto tcp -host-ip :: -host-port 80 -container-ip 172.18.0.2 -container-port 8080

Sep 16 11:33:22 upaamytg.novalocal dockerd[22291]: time="2022-09-16T11:33:22.842350796+08:00" level=error msg="failed to start container" container=53e5de8231c9e60595...n refused"
Sep 16 11:33:23 upaamytg.novalocal dockerd[22291]: time="2022-09-16T11:33:23.318075732+08:00" level=error msg="5de8d02639f140e6ae7843bb33d575c4cc3ef6b7f1117f2f58178a3...container"
Sep 16 11:33:23 upaamytg.novalocal dockerd[22291]: time="2022-09-16T11:33:23.318140344+08:00" level=error msg="failed to start container" container=5de8d02639f140e6ae...n refused"
Sep 16 11:33:23 upaamytg.novalocal dockerd[22291]: time="2022-09-16T11:33:23.808833737+08:00" level=info msg="Loading containers: done."
Sep 16 11:33:23 upaamytg.novalocal dockerd[22291]: time="2022-09-16T11:33:23.908567489+08:00" level=info msg="Docker daemon" commit=f756502 graphdriver(s)=overlay2 ve...n=20.10.16
Sep 16 11:33:23 upaamytg.novalocal dockerd[22291]: time="2022-09-16T11:33:23.908722346+08:00" level=info msg="Daemon has completed initialization"
Sep 16 11:33:23 upaamytg.novalocal systemd[1]: Started Docker Application Container Engine.
Sep 16 11:33:23 upaamytg.novalocal dockerd[22291]: time="2022-09-16T11:33:23.969543192+08:00" level=info msg="API listen on /var/run/docker.sock"
Sep 16 11:33:24 upaamytg.novalocal dockerd[22291]: time="2022-09-16T11:33:24.296301378+08:00" level=info msg="ignoring event" container=5c39f216f0360a2450b7a57c514989...askDelete"
Sep 16 11:33:25 upaamytg.novalocal dockerd[22291]: time="2022-09-16T11:33:25.680869410+08:00" level=info msg="ignoring event" container=5c39f216f0360a2450b7a57c514989...askDelete"
Hint: Some lines were ellipsized, use -l to show in full.

[root@upaamytg harbor] pwd
/usr/local/harbor
[root@upaamytg harbor] docker-compose ps
      Name                     Command                 State                Ports          
-------------------------------------------------------------------------------------------
harbor-core         /harbor/entrypoint.sh            Exit 128                              
harbor-db           /docker-entrypoint.sh 96 13      Up                                    
harbor-jobservice   /harbor/entrypoint.sh            Exit 128                              
harbor-log          /bin/sh -c /usr/local/bin/ ...   Up           127.0.0.1:1514->10514/tcp
harbor-portal       nginx -g daemon off;             Exit 128                              
nginx               nginx -g daemon off;             Restarting                            
redis               redis-server /etc/redis.conf     Exit 128                              
registry            /home/harbor/entrypoint.sh       Exit 2                                
registryctl         /home/harbor/start.sh            Exit 137

# 重启 docker-compose
[root@upaamytg harbor]# docker-compose stop
Stopping nginx      ... done
Stopping harbor-db  ... done
Stopping harbor-log ... done
[root@upaamytg harbor]# docker-compose up -d
Recreating harbor-log ... done
Recreating registry ... done
Recreating redis ... done
Recreating registryctl ... done
Recreating harbor-portal ... done
Recreating harbor-db ... done
Recreating harbor-core ... done
Recreating harbor-jobservice ... done
Recreating nginx ... done

# 确认一下服务状态
[root@upaamytg harbor] docker-compose ps
      Name                     Command               State                  Ports                
-------------------------------------------------------------------------------------------------
harbor-core         /harbor/entrypoint.sh            Up                                          
harbor-db           /docker-entrypoint.sh 96 13      Up                                          
harbor-jobservice   /harbor/entrypoint.sh            Up                                          
harbor-log          /bin/sh -c /usr/local/bin/ ...   Up      127.0.0.1:1514->10514/tcp           
harbor-portal       nginx -g daemon off;             Up                                          
nginx               nginx -g daemon off;             Up      0.0.0.0:80->8080/tcp,:::80->8080/tcp
redis               redis-server /etc/redis.conf     Up                                          
registry            /home/harbor/entrypoint.sh       Up                                          
registryctl         /home/harbor/start.sh            Up

网页测试

使用浏览器访问172.16.0.52:8006 或 172.16.0.52:80 （前面已做端口映射）

使用设置的admin账号密码登录

成功