Docker harbor安装

环境要求

目录

harbor可以部署在任何支持Docker的Linux发行版上,系统需要安装docker和docker compose

docker compose 安装

硬件要求

资源 容量
CPU 2CPU
MEM 4GB
Disk 40GB

软件要求

软件 版本
Docker engine version 17.03.0-ce+ or higher
Docker Compose version 1.18.0 or higher
Openssl latest is preferred

安装

docker及docker compose需要提前装好,此处不在介绍。

  1. 下载安装程序
  2. 配置harbor.yml
  3. 运行install.sh并启动harbor

下载安装程序

harbor安装可以使用在线安装或者离线安装。在线安装需要联网所以体积非常小,离线安装的包比较大。

[root@node1 ~]# wget https://storage.googleapis.com/harbor-releases/release-1.8.0/harbor-online-installer-v1.8.0.tgz

[root@node1 ~]# tar -zxvf harbor-online-installer-v1.8.0.tgz 
harbor/prepare
harbor/LICENSE
harbor/install.sh
harbor/harbor.yml
[root@node1 ~]#

配置harbor

配置参数位于harbor.yml

更改harbor.yml中的hostname为主机名,或域名

[root@node1 harbor]# cat harbor.yml |grep hostname
# The IP address or hostname to access admin UI and registry service.
hostname: 192.168.49.135
# And when it enabled the hostname will no longer used
[root@node1 harbor]#

安装并启动harbor

[root@node1 harbor]# ./install.sh

[Step 0]: checking installation environment ...

Note: docker version: 18.09.6

Note: docker-compose version: 1.24.0


[Step 1]: preparing environment ...
prepare base dir is set to /root/harbor
Unable to find image 'goharbor/prepare:v1.8.0' locally
v1.8.0: Pulling from goharbor/prepare
4e360eca2e60: Pull complete 
cd3c4c42d48b: Pull complete 
647e8efbf475: Pull complete 
79272af3d010: Pull complete 
1aec5eb71578: Pull complete 
1a29af1ecc2c: Pull complete 
e382cb5c1ecb: Pull complete 
Digest: sha256:c590164ae2c54e360642b1174c8ad90306b05ca0582f02f35889346c113e555d
Status: Downloaded newer image for goharbor/prepare:v1.8.0
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
Generated and saved secret to file: /secret/keys/secretkey
Generated certificate, key file: /secret/core/private_key.pem, cert file: /secret/registry/root.crt
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir



[Step 2]: starting Harbor ...
Creating network "harbor_harbor" with the default driver
Pulling log (goharbor/harbor-log:v1.8.0)...
v1.8.0: Pulling from goharbor/harbor-log
4e360eca2e60: Already exists
19719f801952: Pull complete
1b26f237e309: Pull complete
a7cf4af5e27b: Pull complete
cd70ec1f0903: Pull complete
3c6107a6066b: Pull complete
f5c172b30a43: Pull complete
3609dae2ce51: Pull complete
Digest: sha256:ebe674ba07a4b8ad892e50940d63461bca5441f6597cd10eb492818a3860cf9b
Status: Downloaded newer image for goharbor/harbor-log:v1.8.0
Pulling registry (goharbor/registry-photon:v2.7.1-patch-2819-v1.8.0)...
v2.7.1-patch-2819-v1.8.0: Pulling from goharbor/registry-photon
4e360eca2e60: Already exists
019e3b299790: Pull complete
955e0a4401e7: Pull complete
1139d007f6cd: Pull complete
869f8b832100: Pull complete
4aee74a3468c: Pull complete
Digest: sha256:03200ae6dc7deca56e22381b8337cc69d840c56cf0b3feaa9e06fbac31bb55f3
Status: Downloaded newer image for goharbor/registry-photon:v2.7.1-patch-2819-v1.8.0
Pulling registryctl (goharbor/harbor-registryctl:v1.8.0)...
v1.8.0: Pulling from goharbor/harbor-registryctl
4e360eca2e60: Already exists
ab085a36c7cd: Pull complete
571257e86b35: Pull complete
2867800b1257: Pull complete
90f61d3f1446: Pull complete
67e540c6f39c: Pull complete
c902509ccb9f: Pull complete
Digest: sha256:6beeb6cf191cf2abe8145ed53d0127448f6d2317825e5475ded680f304ce52e3
Status: Downloaded newer image for goharbor/harbor-registryctl:v1.8.0
Pulling postgresql (goharbor/harbor-db:v1.8.0)...
v1.8.0: Pulling from goharbor/harbor-db
4e360eca2e60: Already exists
cac78cdfc92b: Pull complete
9f8852fe17a9: Pull complete
c5e3ae0f4818: Pull complete
7c33673c6790: Pull complete
0acede6fcad2: Pull complete
3ed5e1a94c43: Pull complete
d9664b433f2f: Pull complete
6e77542b7dfc: Pull complete
Digest: sha256:2991653910717c0fe11e03dd5cdf19be42dfa221abbf5d529ff0ad534f6297bc
Status: Downloaded newer image for goharbor/harbor-db:v1.8.0
Pulling core (goharbor/harbor-core:v1.8.0)...
v1.8.0: Pulling from goharbor/harbor-core
4e360eca2e60: Already exists
c066267eb2b9: Pull complete
932afda2a169: Pull complete
7ed16fb7e79a: Pull complete
d09137d80617: Pull complete
588769341947: Pull complete
Digest: sha256:7899f284617bb051180adf6c3aedd140a519d9092b8986dd9058d4dcec0d31de
Status: Downloaded newer image for goharbor/harbor-core:v1.8.0
Pulling portal (goharbor/harbor-portal:v1.8.0)...
v1.8.0: Pulling from goharbor/harbor-portal
4e360eca2e60: Already exists
407631badd44: Pull complete
48732609a31b: Pull complete
7990fc5850c8: Pull complete
7791f3309bed: Pull complete
912a71f3fbcb: Pull complete
Digest: sha256:f84ec78616f9e99c6355ee93567f17a6727b3b7cd548ab64702977f75ac506cf
Status: Downloaded newer image for goharbor/harbor-portal:v1.8.0
Pulling redis (goharbor/redis-photon:v1.8.0)...
v1.8.0: Pulling from goharbor/redis-photon
4e360eca2e60: Already exists
b08cc3be5c43: Pull complete
a750a309c85d: Pull complete
49b2d8335a1a: Pull complete
31e8f89dc042: Pull complete
Digest: sha256:1e2ce8e6a852713d789c6315642d1483d1efdb4acee4699817810bef219ec93d
Status: Downloaded newer image for goharbor/redis-photon:v1.8.0
Pulling jobservice (goharbor/harbor-jobservice:v1.8.0)...
v1.8.0: Pulling from goharbor/harbor-jobservice
4e360eca2e60: Already exists
b9ac5e1016a6: Pull complete
37913733f07f: Pull complete
98baf7450120: Pull complete
Digest: sha256:8ca82f98c8e970b41214793e1d9d99caaf1f84fe3a33ae510be6580b50c53ea2
Status: Downloaded newer image for goharbor/harbor-jobservice:v1.8.0
Pulling proxy (goharbor/nginx-photon:v1.8.0)...
v1.8.0: Pulling from goharbor/nginx-photon
4e360eca2e60: Already exists
985391e9918d: Pull complete
Digest: sha256:9c7c9ca3d34e5872743577ce911cabce9965935261f3b53de4196ce394504799
Status: Downloaded newer image for goharbor/nginx-photon:v1.8.0
Creating harbor-log ... done
Creating registryctl ... done
Creating redis       ... done
Creating harbor-db   ... done
Creating registry    ... done
Creating harbor-core ... done
Creating harbor-portal     ... done
Creating harbor-jobservice ... done
Creating nginx             ... done

✔ ----Harbor has been installed and started successfully.----

Now you should be able to visit the admin portal at http://192.168.49.135. 
For more details, please visit https://github.com/goharbor/harbor .

启动后用浏览器访问http://192.168.49.135(hostname处填写的值)
默认用户名,密码为 admin/Harbor12345

到这安装结束

harbor管理

Harbor 的日常运维管理是通过docker-compose来完成的。管理命令需要在docker-compose.yml文件所在目录执行

停止harbor

```script
[root@node1 harbor]# docker-compose stop
Stopping nginx             ... done
Stopping harbor-jobservice ... done
Stopping harbor-portal     ... done
Stopping harbor-core       ... done
Stopping registry          ... done
Stopping harbor-db         ... done
Stopping redis             ... done
Stopping registryctl       ... done
Stopping harbor-log        ... done
[root@node1 harbor]#
```

启动harbor

```script
[root@node1 harbor]# docker-compose start
Starting log         ... done
Starting registry    ... done
Starting registryctl ... done
Starting postgresql  ... done
Starting core        ... done
Starting portal      ... done
Starting redis       ... done
Starting jobservice  ... done
Starting proxy       ... done
[root@node1 harbor]# 
```

测试上传和下载

  1. docker默认使用https,这里需要改一下docker,支持http

    [root@node1 harbor]# vim /etc/docker/daemon.json
[root@node1 harbor]# cat /etc/docker/daemon.json 
{ "insecure-registries":["http://192.168.49.135"] }
[root@node1 harbor]#systemctl restart docker.service
[root@node1 harbor]#

如果harbor和docker客户端在一台服务器上,上边的操作会关闭harbor,记得重启harbor

[root@node1 harbor]# docker-compose start
Starting log         ... done
Starting registry    ... done
Starting registryctl ... done
Starting postgresql  ... done
Starting core        ... done
Starting portal      ... done
Starting redis       ... done
Starting jobservice  ... done
Starting proxy       ... done

  2. 在harbor创建项目

  3. 登录harbor

    [root@node1 harbor]# docker login 192.168.49.135
Username: admin
Password: 
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded
[root@node1 harbor]#

  4. 上传

    上传准备好的image
[root@node1 harbor]# docker push 192.168.49.135/nginx/nginx:v1
The push refers to repository [192.168.49.135/nginx/nginx]
332fa54c5886: Pushed 
6ba094226eea: Pushed 
6270adb5794c: Pushed 
v1: digest: sha256:e770165fef9e36b990882a4083d8ccf5e29e469a8609bb6b2e3b47d9510e2c8d size: 948
[root@node1 harbor]#

  5. 下载

    [root@node1 harbor]# docker pull 192.168.49.135/nginx/nginx:v1
v1: Pulling from nginx/nginx
Digest: sha256:e770165fef9e36b990882a4083d8ccf5e29e469a8609bb6b2e3b47d9510e2c8d
Status: Image is up to date for 192.168.49.135/nginx/nginx:v1
[root@node1 harbor]#

参数

有两类参数,必须参数、可选参数

  • 系统级参数
    • 系统级参数必须在配置文件中更改,更改后需要执行install.sh重新安装harbor
  • 用户级参数
    • 第一次启动harbor后在web页面更新。在harbor注册或创建新用户之前需要设置auth_mode。当系统中有用户(除了默认的管理用户)时auth_mode不能更改

核心参数

  • hostname:用于访问web页面和registry service的名称。可以是IP地址或者是域名
  • data_volume:存储harbor数据的位置
  • harbor_admin_password:管理员的初始密码,只在第一次启动时生效。默认用户名密码admin/Harbor12345
  • database:与本地数据库相关的配置
    • password:harbor db root用户的密码
  • jobservice
    • max_job_workers:job service中复制进程的最大数量
  • log
    • level
    • rotate_count
    • rotate_size
    • location:存储日志的目录

可选参数

  • http
    • port
  • https
    • port
    • certificate
    • private_key
  • external_url:代理地址,启用后hostname不在生效

......

参考
https://github.com/goharbor/harbor/blob/master/docs/installation_guide.md

posted @ 2019-05-30 15:37  漂泊的蒲公英  阅读(5856)  评论(0编辑  收藏  举报