Harbor私有镜像仓库离线部署-harbor 2.5.3
Harbor私有镜像仓库离线部署
- Harbor
- 一、部署
- 二、登录harbor界面
Harbor
Harbor是由VMWare公司开源的容器镜像仓库。事实上,Harbor是在Docker Registry上进行了相应的企业级扩展,从而获得了更加广泛的应用,这些新的企业级特性包括:管理用户界面,基于角色的访问控制 ,AD/LDAP集成以及审计日志等,足以满足基本企业需求。
服务器硬件配置:
最低要求:CPU2核/内存4G/硬盘40GB
推荐:CPU4核/内存8G/硬盘160GB
软件:
Docker CE 17.06版本+
Docker Compose 1.18版本+
Harbor安装有2种方式:
在线安装:从Docker Hub下载Harbor相关镜像,因此安装软件包非常小
离线安装:安装包包含部署相关的镜像,因此安装包比较大
官方:https://goharbor.io/
Github:https://github.com/goharbor/harbor
一、部署
1、上传下载好的Harbor包和docker-compose
[root@k8s-master ~]# ls
harbor-offline-installer-v2.5.3.tgz docker-compose-Linux-x86_64
[root@k8s-master ~]# mv docker-compose-Linux-x86_64 /usr/bin/docker-compose
[root@k8s-master ~]# chmod +x /usr/bin/docker-compose
2、安装Docker和Docker-compose(这里Docker实现安装好了)
[root@k8s-master ~]# docker-compose
返回码类似于这样
Define and run multi-container applications with Docker.
Usage:
docker-compose [-f <arg>...] [options] [COMMAND] [ARGS...]
docker-compose -h|--help
Options:
-f, --file FILE Specify an alternate compose file
(default: docker-compose.yml)
-p, --project-name NAME Specify an alternate project name
(default: directory name)
-c, --context NAME Specify a context name
--verbose Show more output
--log-level LEVEL Set log level (DEBUG, INFO, WARNING, ERROR, CRITICAL)
--no-ansi Do not print ANSI control characters
-v, --version Print version and exit
-H, --host HOST Daemon socket to connect to
--tls Use TLS; implied by --tlsverify
--tlscacert CA_PATH Trust certs signed only by this CA
--tlscert CLIENT_CERT_PATH Path to TLS certificate file
--tlskey TLS_KEY_PATH Path to TLS key file
--tlsverify Use TLS and verify the remote
--skip-hostname-check Don't check the daemon's hostname against the
name specified in the client certificate
--project-directory PATH Specify an alternate working directory
(default: the path of the Compose file)
--compatibility If set, Compose will attempt to convert keys
in v3 files to their non-Swarm equivalent
--env-file PATH Specify an alternate environment file
Commands:
build Build or rebuild services
config Validate and view the Compose file
create Create services
down Stop and remove containers, networks, images, and volumes
events Receive real time events from containers
exec Execute a command in a running container
help Get help on a command
images List images
kill Kill containers
logs View output from containers
pause Pause services
port Print the public port for a port binding
ps List containers
pull Pull service images
push Push service images
restart Restart services
rm Remove stopped containers
run Run a one-off command
scale Set number of containers for a service
start Start services
stop Stop services
top Display the running processes
unpause Unpause services
up Create and start containers
version Show the Docker-Compose version information
3、解压Harbor包
[root@k8s-master ~]# tar zxvf harbor-offline-installer-v2.5.3.tgz
返回码类似于这样
harbor/harbor.v2.5.3.tar.gz
harbor/prepare
harbor/LICENSE
harbor/install.sh
harbor/common.sh
harbor/harbor.yml.tmpl
4、配置harbor.yml参数
设置hostname和注销https
[root@k8s-master ~]# cd harbor
[root@k8s-master harbor]# ls
common.sh harbor.v2.5.3.tar.gz harbor.yml.tmpl install.sh LICENSE prepare
[root@k8s-master harbor]# cp harbor.yml.tmpl harbor.yml
[root@k8s-master harbor]# vi harbor.yml
# Configuration file of Harbor
# The IP address or hostname to access admin UI and registry service.
# DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
hostname: 192.168.237.123
# 本机IP地址
# http related config
http:
# port for http, default is 80. If https enabled, this port will redirect to https port
port: 80
# 暂时注销https
# https related config
#https:
# https port for harbor, default is 443
#port: 443
# The path of cert and key files for nginx
#certificate: /your/certificate/path
#private_key: /your/private/key/path
# # Uncomment following will enable tls communication between all harbor components
# internal_tls:
# # set enabled to true means internal tls is enabled
# enabled: true
# # put your cert and key files on dir
# dir: /etc/harbor/tls/internal
5、执行prepare和install
[root@k8s-master harbor]# ./prepare
类似于这样的返回码
prepare base dir is set to /root/harbor
Unable to find image 'goharbor/prepare:v2.5.3' locally
v2.5.3: Pulling from goharbor/prepare
cdd306291e3f: Pull complete
899708b6cf4a: Pull complete
5348cd9eea69: Pull complete
b26fbd0623df: Pull complete
8ef107bcedaf: Pull complete
45efdc863cd9: Pull complete
d109b36b1200: Pull complete
01920cccc2da: Pull complete
35df10b8b365: Pull complete
77422a9df465: Pull complete
Digest: sha256:1e3aae65de7a88dc0b541140940952657fdd1ab9b7bf64704d6b696b078dd1dc
Status: Downloaded newer image for goharbor/prepare:v2.5.3
WARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. Please make sure to upgrade to https
Generated configuration file: /config/portal/nginx.conf
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/registryctl/config.yml
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
Generated and saved secret to file: /data/secret/keys/secretkey
Successfully called func: create_root_cert
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir
执行install
[root@k8s-master harbor]# ./install.sh
返回码类似于这样
[Step 0]: checking if docker is installed ...
Note: docker version: 20.10.17
[Step 1]: checking docker-compose is installed ...
Note: docker-compose version: 1.26.0
[Step 2]: loading Harbor images ...
eb50d8bbd990: Loading layer 7.668MB/7.668MB
04e75300c772: Loading layer 7.362MB/7.362MB
e6830bb442bf: Loading layer 1MB/1MB
Loaded image: goharbor/harbor-portal:v2.5.3
7e761f0c6325: Loading layer 8.898MB/8.898MB
bea2d99bdd9a: Loading layer 3.584kB/3.584kB
7635b8507a3f: Loading layer 2.56kB/2.56kB
5374b1e2b14a: Loading layer 78.75MB/78.75MB
3c111582434e: Loading layer 5.632kB/5.632kB
c634a4d49b0c: Loading layer 102.9kB/102.9kB
4edf106f0e4f: Loading layer 15.87kB/15.87kB
732b0f7f2241: Loading layer 79.66MB/79.66MB
8191a56b80ca: Loading layer 2.56kB/2.56kB
Loaded image: goharbor/harbor-core:v2.5.3
005d5db57e06: Loading layer 119.7MB/119.7MB
0e3d87aacbc9: Loading layer 3.072kB/3.072kB
b4e26556ed44: Loading layer 59.9kB/59.9kB
55f587609a73: Loading layer 61.95kB/61.95kB
Loaded image: goharbor/redis-photon:v2.5.3
Loaded image: goharbor/prepare:v2.5.3
a86a26c0452a: Loading layer 1.096MB/1.096MB
1025dfd257d2: Loading layer 5.889MB/5.889MB
cd51e6d945dd: Loading layer 168.8MB/168.8MB
c68c45fe177d: Loading layer 16.58MB/16.58MB
fa18680022f9: Loading layer 4.096kB/4.096kB
9f470cfcecff: Loading layer 6.144kB/6.144kB
d9d256f40e6f: Loading layer 3.072kB/3.072kB
f02862555d46: Loading layer 2.048kB/2.048kB
8cc2449c3a33: Loading layer 2.56kB/2.56kB
53e7545b8c1b: Loading layer 2.56kB/2.56kB
62fbef76d294: Loading layer 2.56kB/2.56kB
7e2d721c6c91: Loading layer 8.704kB/8.704kB
Loaded image: goharbor/harbor-db:v2.5.3
7b5e699985f2: Loading layer 5.755MB/5.755MB
17bb7303d841: Loading layer 90.86MB/90.86MB
146be4872a18: Loading layer 3.072kB/3.072kB
7f44df31c7df: Loading layer 4.096kB/4.096kB
ec5f15201a56: Loading layer 91.65MB/91.65MB
Loaded image: goharbor/chartmuseum-photon:v2.5.3
25ed0962037c: Loading layer 8.898MB/8.898MB
96bf61ca4a6d: Loading layer 3.584kB/3.584kB
faed05a35aaa: Loading layer 2.56kB/2.56kB
6b2cce967e64: Loading layer 90.8MB/90.8MB
47d73d2ec8c4: Loading layer 91.59MB/91.59MB
Loaded image: goharbor/harbor-jobservice:v2.5.3
1b8a5b56dd8f: Loading layer 5.755MB/5.755MB
ef6a1d16e324: Loading layer 4.096kB/4.096kB
60cf083bf2b3: Loading layer 17.34MB/17.34MB
54308a335bf1: Loading layer 3.072kB/3.072kB
b507f0c5f1e1: Loading layer 29.17MB/29.17MB
79b24972e581: Loading layer 47.31MB/47.31MB
Loaded image: goharbor/harbor-registryctl:v2.5.3
35239a1e0d7a: Loading layer 7.668MB/7.668MB
Loaded image: goharbor/nginx-photon:v2.5.3
e0776ca3d7c2: Loading layer 5.75MB/5.75MB
c90a80564f89: Loading layer 8.543MB/8.543MB
86c0504b8fcb: Loading layer 14.47MB/14.47MB
abde74115d1a: Loading layer 29.29MB/29.29MB
3ad37faaa958: Loading layer 22.02kB/22.02kB
1d3c37158629: Loading layer 14.47MB/14.47MB
Loaded image: goharbor/notary-signer-photon:v2.5.3
fa27c9d81dc3: Loading layer 127MB/127MB
9ca66cb9252f: Loading layer 3.584kB/3.584kB
09ce0e15f5ba: Loading layer 3.072kB/3.072kB
d0ba49c5841f: Loading layer 2.56kB/2.56kB
04623512f2e5: Loading layer 3.072kB/3.072kB
083acf89058c: Loading layer 3.584kB/3.584kB
5f2000f524c8: Loading layer 20.99kB/20.99kB
Loaded image: goharbor/harbor-log:v2.5.3
425045210126: Loading layer 8.898MB/8.898MB
a0ef3ff89e82: Loading layer 21.05MB/21.05MB
7facb153a2bf: Loading layer 4.608kB/4.608kB
ca36c2356dc0: Loading layer 21.84MB/21.84MB
Loaded image: goharbor/harbor-exporter:v2.5.3
abd4886cf446: Loading layer 5.755MB/5.755MB
a662294ced4c: Loading layer 4.096kB/4.096kB
e1e02d95f798: Loading layer 3.072kB/3.072kB
54535cb3135b: Loading layer 17.34MB/17.34MB
a8556cd12eb5: Loading layer 18.13MB/18.13MB
Loaded image: goharbor/registry-photon:v2.5.3
01427a3d3d67: Loading layer 5.75MB/5.75MB
5cd7cb12cabb: Loading layer 8.543MB/8.543MB
564dcad1be91: Loading layer 15.88MB/15.88MB
b3020f432a85: Loading layer 29.29MB/29.29MB
05bbf70fd214: Loading layer 22.02kB/22.02kB
7cb2819f6977: Loading layer 15.88MB/15.88MB
Loaded image: goharbor/notary-server-photon:v2.5.3
8cc02d219629: Loading layer 6.283MB/6.283MB
09856854b73c: Loading layer 4.096kB/4.096kB
c53bbce8e1c4: Loading layer 3.072kB/3.072kB
ca0011850458: Loading layer 91.21MB/91.21MB
0e7337dca995: Loading layer 12.65MB/12.65MB
c1e6b3a22dfd: Loading layer 104.6MB/104.6MB
Loaded image: goharbor/trivy-adapter-photon:v2.5.3
[Step 3]: preparing environment ...
[Step 4]: preparing harbor configs ...
prepare base dir is set to /root/harbor
WARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. Please make sure to upgrade to https
Clearing the configuration file: /config/portal/nginx.conf
Clearing the configuration file: /config/log/logrotate.conf
Clearing the configuration file: /config/log/rsyslog_docker.conf
Clearing the configuration file: /config/nginx/nginx.conf
Clearing the configuration file: /config/core/env
Clearing the configuration file: /config/core/app.conf
Clearing the configuration file: /config/registry/passwd
Clearing the configuration file: /config/registry/config.yml
Clearing the configuration file: /config/registryctl/env
Clearing the configuration file: /config/registryctl/config.yml
Clearing the configuration file: /config/db/env
Clearing the configuration file: /config/jobservice/env
Clearing the configuration file: /config/jobservice/config.yml
Generated configuration file: /config/portal/nginx.conf
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/registryctl/config.yml
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
loaded secret from file: /data/secret/keys/secretkey
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir
[Step 5]: starting Harbor ...
Creating network "harbor_harbor" with the default driver
Creating harbor-log ... done
Creating harbor-db ... done
Creating harbor-portal ... done
Creating redis ... done
Creating registryctl ... done
Creating registry ... done
Creating harbor-core ... done
Creating harbor-jobservice ... done
Creating nginx ... done
✔ ----Harbor has been installed and started successfully.----
6、现在就可以使用docker-compose进行管理服务
[root@k8s-master harbor]# docker-compose ps
Name Command State Ports
--------------------------------------------------------------------------------------------------------
harbor-core /harbor/entrypoint.sh Up (healthy)
harbor-db /docker-entrypoint.sh 96 13 Up (healthy)
harbor-jobservice /harbor/entrypoint.sh Up (healthy)
harbor-log /bin/sh -c /usr/local/bin/ ... Up (healthy) 127.0.0.1:1514->10514/tcp
harbor-portal nginx -g daemon off; Up (healthy)
nginx nginx -g daemon off; Up (healthy) 0.0.0.0:80->8080/tcp,:::80->8080/tcp
redis redis-server /etc/redis.conf Up (healthy)
registry /home/harbor/entrypoint.sh Up (healthy)
registryctl /home/harbor/start.sh Up (healthy)
二、登录harbor界面
登录Harbor界面(本机IP:192.168.237.123)
Harbor的初始用户和密码如下:
用户:admin
密码:Harbor12345
1、配置可信任(如果配置了https可略过)
[root@k8s-master harbor]# vi /etc/docker/daemon.json
{
"registry-mirrors": ["https://b9pmyelo.mirror.aliyuncs.com"],
"exec-opts": ["native.cgroupdriver=systemd"],
"insecure-registries": ["192.168.237.123"]
}
[root@k8s-master harbor]# systemctl restart docker
docker info查看是否成功
[root@k8s-master harbor]# docker info
Client:
Context: default
Debug Mode: false
Plugins:
app: Docker App (Docker Inc., v0.9.1-beta3)
buildx: Docker Buildx (Docker Inc., v0.8.2-docker)
scan: Docker Scan (Docker Inc., v0.17.0)
Server:
Containers: 51
Running: 19
Paused: 0
Stopped: 32
Images: 31
Server Version: 20.10.17
Storage Driver: overlay2
Backing Filesystem: xfs
Supports d_type: true
Native Overlay Diff: true
userxattr: false
Logging Driver: json-file
Cgroup Driver: systemd
Cgroup Version: 1
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 10c12954828e7c7c9b6e0ea9b0c02b01407d3ae1
runc version: v1.1.2-0-ga916309
init version: de40ad0
Security Options:
seccomp
Profile: default
Kernel Version: 3.10.0-693.el7.x86_64
Operating System: CentOS Linux 7 (Core)
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 1.938GiB
Name: k8s-master
ID: E2UL:O42J:TGS4:KJP2:FBE2:LO3W:FARJ:MG5V:777C:7RCG:YJMY:DOJ4
Docker Root Dir: /var/lib/docker
Debug Mode: false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
192.168.237.123
127.0.0.0/8
Registry Mirrors:
https://b9pmyelo.mirror.aliyuncs.com/
Live Restore Enabled: false
关注点
Insecure Registries:
192.168.237.123
拉起重启后挂掉的docker-compose
[root@k8s-master harbor]# docker-compose up -d
harbor-log is up-to-date
Starting harbor-db ... done
Starting redis ... done
Starting registryctl ... done
Starting registry ... done
Starting harbor-portal ... done
Starting harbor-core ... done
Starting nginx ... done
Starting harbor-jobservice ... done
查看docker-compose服务
[root@k8s-master harbor]# docker-compose ps
Name Command State Ports
--------------------------------------------------------------------------------------------------------
harbor-core /harbor/entrypoint.sh Up (healthy)
harbor-db /docker-entrypoint.sh 96 13 Up (healthy)
harbor-jobservice /harbor/entrypoint.sh Up (healthy)
harbor-log /bin/sh -c /usr/local/bin/ ... Up (healthy) 127.0.0.1:1514->10514/tcp
harbor-portal nginx -g daemon off; Up (healthy)
nginx nginx -g daemon off; Up (healthy) 0.0.0.0:80->8080/tcp,:::80->8080/tcp
redis redis-server /etc/redis.conf Up (healthy)
registry /home/harbor/entrypoint.sh Up (healthy)
registryctl /home/harbor/start.sh Up (healthy)