Harbor是一个用于存储和分发Docker镜像的企业级Registry服务器,通过添加一些企业必需的功能特性,例如安全、标识和管理等,扩展了开源Docker Distribution。作为一个企业级私有Registry服务器,Harbor提供了更好的性能和安全。提升用户使用Registry构建和运行环境传输镜像的效率。Harbor支持安装在多个Registry节点的镜像资源复制,镜像全部保存在私有Registry中, 确保数据和知识产权在公司内部网络中管控。另外,Harbor也提供了高级的安全特性,诸如用户管理,访问控制和活动审计等。
1、上传 harbor-offline-installer-v1.2.2.tgz 压缩包 到 /opt 目录,并解压
[root@harbor opt]# ll
总用量 521256
drwx--x--x 4 root root 28 8月 30 17:18 containerd
-rw-r--r-- 1 root root 533765727 8月 30 19:02 harbor-offline-installer-v1.2.2.tgz
drwxr-xr-x. 2 root root 6 10月 31 2018 rh
[root@harbor opt]# tar zxf harbor-offline-installer-v1.2.2.tgz -C /usr/local
2、配置 harbor 参数文件
[root@harbor opt]# cd /usr/local/harbor/
[root@harbor harbor]# ls
common docker-compose.notary.yml harbor_1_1_0_template harbor.v1.2.2.tar.gz LICENSE prepare
docker-compose.clair.yml docker-compose.yml harbor.cfg install.sh NOTICE upgrade
[root@harbor harbor]# vim harbor.cfg
1 ## Configuration file of Harbor
2
3 #The IP address or hostname to access admin UI and registry service.
4 #DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
5 hostname = 192.168.177.106
3、执行 install.sh 安装脚本
[root@harbor harbor]# sh install.sh
......省略部分内容
Creating network "harbor_harbor" with the default driver
Creating harbor-log ... done
Creating harbor-adminserver ... done
Creating registry ... done
Creating harbor-db ... done
Creating harbor-ui ... done
Creating harbor-jobservice ... done
Creating nginx ... done
✔ ----Harbor has been installed and started successfully.----
Now you should be able to visit the admin portal at http://192.168.177.106.
For more details, please visit https://github.com/vmware/harbor .
[root@harbor harbor]#
[root@harbor harbor]# docker-compose ps //docker-compose需要提前安装好
Name Command State Ports
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------
harbor-adminserver /harbor/harbor_adminserver Up
harbor-db docker-entrypoint.sh mysqld Up 3306/tcp
harbor-jobservice /harbor/harbor_jobservice Up
harbor-log /bin/sh -c crond && rm -f ... Up 127.0.0.1:1514->514/tcp
harbor-ui /harbor/harbor_ui Up
nginx nginx -g daemon off; Up 0.0.0.0:443->443/tcp,:::443->443/tcp, 0.0.0.0:4443->4443/tcp,:::4443->4443/tcp,
0.0.0.0:80->80/tcp,:::80->80/tcp
registry /entrypoint.sh serve /etc/ ... Up 5000/tcp
[root@harbor harbor]#
Harbor是通过docker compose来部署的,这也是为什么在装Harbor之前,需要安装docker-compose.接下来讲一下上图中设计到的各个模块的详细部分.
这几个容器通过Docker link的形式连接在一起,这样,在容器之间可以通过容器名字互相访问。对终端用户而言,只需要暴露proxy (即Nginx)的服务端口
4、在宿主机浏览器访问harbor页面
输入:192.168.177.106:80
用户名是 admin ,密码可以在harbor.cfg 配置文件中找到
5、测试镜像的上传下载
[root@harbor harbor]# docker pull cirros //拉取官方提供的测试镜像
Using default tag: latest
latest: Pulling from library/cirros
d0b405be7a32: Pull complete
bd054094a037: Pull complete
c6a00de1ec8a: Pull complete
Digest: sha256:1e695eb2772a2b511ccab70091962d1efb9501fdca804eb1d52d21c0933e7f47
Status: Downloaded newer image for cirros:latest
docker.io/library/cirros:latest
[root@harbor harbor]#
[root@harbor harbor]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
cirros latest f9cae1daf5f6 5 months ago 12.6MB
vmware/harbor-log v1.2.2 36ef78ae27df 3 years ago 200MB
vmware/harbor-jobservice v1.2.2 e2af366cba44 3 years ago 164MB
vmware/harbor-ui v1.2.2 39efb472c253 3 years ago 178MB
vmware/harbor-adminserver v1.2.2 c75963ec543f 3 years ago 142MB
vmware/harbor-db v1.2.2 ee7b9fa37c5d 3 years ago 329MB
vmware/nginx-photon 1.11.13 6cc5c831fc7f 3 years ago 144MB
......省略
[root@harbor harbor]# docker tag cirros:latest 192.168.177.106/test/cirros:test //上传镜像之前需要先打标签
[root@harbor harbor]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.177.106/test/cirros test f9cae1daf5f6 5 months ago 12.6MB
cirros latest f9cae1daf5f6 5 months ago 12.6MB
vmware/harbor-log v1.2.2 36ef78ae27df 3 years ago 200MB
vmware/harbor-jobservice v1.2.2 e2af366cba44 3 years ago 164MB
vmware/harbor-ui v1.2.2 39efb472c253 3 years ago 178MB
vmware/harbor-adminserver v1.2.2 c75963ec543f 3 years ago 142MB
vmware/harbor-db v1.2.2 ee7b9fa37c5d 3 years ago 329MB
vmware/nginx-photon 1.11.13 6cc5c831fc7f 3 years ago 144MB
......省略
[root@harbor harbor]# docker login -u admin -p Harbor http://192.168.177.106 //登录harbor
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
Error response from daemon: Get "https://192.168.177.106/v2/": dial tcp 192.168.177.106:443: connect: connection refused
//报错原因:默认登陆的是443端口,而我们并没有启用
[root@harbor harbor]#
解决登录报错
[root@harbor harbor]# vim /usr/lib/systemd/system/docker.service
//跳转到13行,添加 --insecure-registry 192.168.177.106
13 ExecStart=/usr/bin/dockerd -H fd:// --insecure-registry 192.168.177.106 --containerd=/run/containerd/containerd.sock
[root@harbor harbor]# systemctl daemon-reload
[root@harbor harbor]# systemctl restart docker
登录harbor仓库
[root@harbor harbor]# docker-compose ps //登录之前查看harbor的所有容器状态是否都是UP状态
Name Command State Ports
----------------------------------------------------------------------------------------
harbor-adminserver /harbor/harbor_adminserver Up
harbor-db docker-entrypoint.sh mysqld Up 3306/tcp
harbor-jobservice /harbor/harbor_jobservice Up
harbor-log /bin/sh -c crond && rm -f ... Up 127.0.0.1:1514->514/tcp
harbor-ui /harbor/harbor_ui Up
nginx nginx -g daemon off; Exit 128
registry /entrypoint.sh serve /etc/ ... Exit 2
[root@harbor harbor]# docker-compose up -d //发现nginx和registry退出了,需要重新启动
harbor-log is up-to-date
harbor-adminserver is up-to-date
harbor-db is up-to-date
Starting registry ... done
harbor-ui is up-to-date
Starting nginx ...
Starting nginx ... done
[root@harbor harbor]# docker login -u admin -p Harbor12345 http://192.168.177.106 //登录harbor
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded //登录成功
[root@harbor harbor]#
测试推送镜像到harbor仓库
[root@harbor harbor]# docker push 192.168.177.106/test/cirros:test
The push refers to repository [192.168.177.106/test/cirros]
984ad441ec3d: Pushed
f0a496d92efa: Pushed
e52d19c3bee2: Pushed
test: digest: sha256:483f15ac97d03dc3d4dcf79cf71ded2e099cf76c340f3fdd0b3670a40a198a22 size: 943
[root@harbor harbor]#
[root@harbor harbor]# docker rmi 192.168.177.106/test/cirros:test
Untagged: 192.168.177.106/test/cirros:test
Untagged: 192.168.177.106/test/cirros@sha256:483f15ac97d03dc3d4dcf79cf71ded2e099cf76c340f3fdd0b3670a40a198a22
[root@harbor harbor]# docker rmi cirros:latest
Untagged: cirros:latest
Untagged: cirros@sha256:1e695eb2772a2b511ccab70091962d1efb9501fdca804eb1d52d21c0933e7f47
Deleted: sha256:f9cae1daf5f682cb6403a766b3e6afd73a102296910f27ea1ec392b54dc0c188
Deleted: sha256:b6a4b8a7f1df2b043c77d6e745f69bba4a7aacbb0b4838ecde454ed0168a83e5
Deleted: sha256:96b1d95161fdf5dadd619c5f06ae9fa0c80bd501747ddad3da110439df019880
Deleted: sha256:e52d19c3bee2bad632c72694ab1239f360f52e989629969eb7e51b66c32430fa
[root@harbor harbor]# docker pull 192.168.177.106/test/cirros:test
test: Pulling from test/cirros
d0b405be7a32: Pull complete
bd054094a037: Pull complete
c6a00de1ec8a: Pull complete
Digest: sha256:483f15ac97d03dc3d4dcf79cf71ded2e099cf76c340f3fdd0b3670a40a198a22
Status: Downloaded newer image for 192.168.177.106/test/cirros:test
192.168.177.106/test/cirros:test
[root@harbor harbor]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.177.106/test/cirros test f9cae1daf5f6 5 months ago 12.6MB
vmware/harbor-log v1.2.2 36ef78ae27df 3 years ago 200MB
vmware/harbor-jobservice v1.2.2 e2af366cba44 3 years ago 164MB
vmware/harbor-ui v1.2.2 39efb472c253 3 years ago 178MB
vmware/harbor-adminserver v1.2.2 c75963ec543f 3 years ago 142MB
vmware/harbor-db v1.2.2 ee7b9fa37c5d 3 years ago 329MB
vmware/nginx-photon 1.11.13 6cc5c831fc7f 3 years ago 144MB
vmware/registry 2.6.2-photon 5d9100e4350e 4 years ago 173MB
vmware/postgresql 9.6.4-photon c562762cbd12 4 years ago 225MB
vmware/clair v2.0.1-photon f04966b4af6c 4 years ago 297MB
vmware/harbor-notary-db mariadb-10.1.10 64ed814665c6 4 years ago 324MB
vmware/notary-photon signer-0.5.0 b1eda7d10640 4 years ago 156MB
vmware/notary-photon server-0.5.0 6e2646682e3c 4 years ago 157MB
photon 1.0 e6e4e4a2ba1b 5 years ago 128MB
[root@harbor harbor]#