二进制安装habor

参考：https://github.com/opsnull/follow-me-install-kubernetes-cluster/blob/master/11.%E9%83%A8%E7%BD%B2Harbor-Registry.md

官方地址
compose
https://github.com/docker/compose/releases

habor
https://github.com/vmware/harbor/releases

1.安装 docker-compose  和 harbor

# 下载docker-compose 1.24.0
curl -L https://github.com/docker/compose/releases/download/1.24.0/docker-compose-Linux-x86_64 -o docker-compose-Linux-x86_64
cp docker-compose-Linux-x86_64 /opt/k8s/bin/docker-compose
chmod a+x  /opt/k8s/bin/docker-compose
#安装 docker-compose
cp docker-compose-Linux-x86_64 /opt/k8s/bin/docker-compose
chmod 755 /opt/k8s/bin/docker-compose



#harbor-offline-installer-v1.7.5
wget  --continue https://storage.googleapis.com/harbor-releases/release-1.7.0/harbor-offline-installer-v1.7.5.tgz
# 解压安装包
tar zxvf harbor-offline-installer-v1.7.5.tgz
# 导入镜像
/opt/k8s/bin/docker load -i harbor/harbor.v1.7.5.tar.gz

 

2.创建 habor nginx 使用的 x509 证书

$ cat > harbor-csr.json <<EOF
{
  "CN": "harbor",
  "hosts": [
    "127.0.0.1",
    "10.120.5.85",
    "10.120.5.86"
  ],
  "key": {
    "algo": "rsa",
    "size": 2048
  },
  "names": [
    {
      "C": "CN",
      "ST": "BeiJing",
      "L": "BeiJing",
      "O": "k8s",
      "OU": "xxaxcfa234m"
    }
  ]
}
EOF

• hosts 指定使用该证书的节点，如果后续使用域名访问，还需要添加域名

3.生成证书和私钥

cfssl gencert -ca=/etc/kubernetes/cert/ca.pem \
  -ca-key=/etc/kubernetes/cert/ca-key.pem \
  -config=/etc/kubernetes/cert/ca-config.json \
  -profile=kubernetes harbor-csr.json | cfssljson -bare harbor

配置证书

[k8s@e120005085 cert]$ ls harbor*
harbor.csr  harbor-csr.json  harbor-key.pem  harbor.pem
[k8s@e120005085 cert]$ sudo mkdir -p /etc/harbor/ssl
[k8s@e120005085 cert]$ sudo cp harbor*.pem /etc/harbor/ssl

4.配置文件

[k8s@e120005085]$ cd /home/k8s/k8s/harbor/harbor

[k8s@e120005085 harbor]$ sudo diff harbor.cfg.bak harbor.cfg
8c8
< hostname = reg.mydomain.com
---
> hostname = 10.0.0.1
12c12,13
< ui_url_protocol = http
---
> #ui_url_protocol = http
> ui_url_protocol = https
24,25c25,28
< ssl_cert = /data/cert/server.crt
< ssl_cert_key = /data/cert/server.key
---
> #ssl_cert = /data/cert/server.crt
> #ssl_cert_key = /data/cert/server.key
> ssl_cert = /etc/harbor/ssl/harbor.pem
> ssl_cert_key = /etc/harbor/ssl/harbor-key.pem

5.开始安装 harbor

[root@e120005085 harbor]# sh install.sh

[Step 0]: checking installation environment ...

Note: docker version: 18.09.5

Note: docker-compose version: 1.24.0

[Step 1]: loading Harbor images ...
Loaded image: goharbor/harbor-adminserver:v1.7.5
Loaded image: goharbor/harbor-portal:v1.7.5
Loaded image: goharbor/harbor-db:v1.7.5
Loaded image: goharbor/registry-photon:v2.6.2-v1.7.5
Loaded image: goharbor/harbor-migrator:v1.7.5
Loaded image: goharbor/harbor-core:v1.7.5
Loaded image: goharbor/harbor-log:v1.7.5
Loaded image: goharbor/redis-photon:v1.7.5
Loaded image: goharbor/nginx-photon:v1.7.5
Loaded image: goharbor/harbor-registryctl:v1.7.5
Loaded image: goharbor/chartmuseum-photon:v0.8.1-v1.7.5
Loaded image: goharbor/harbor-jobservice:v1.7.5
Loaded image: goharbor/notary-server-photon:v0.6.1-v1.7.5
Loaded image: goharbor/notary-signer-photon:v0.6.1-v1.7.5
Loaded image: goharbor/clair-photon:v2.0.8-v1.7.5


[Step 2]: preparing environment ...
Generated and saved secret to file: /data/secretkey
Generated configuration file: ./common/config/nginx/nginx.conf
Generated configuration file: ./common/config/adminserver/env
Generated configuration file: ./common/config/core/env
Generated configuration file: ./common/config/registry/config.yml
Generated configuration file: ./common/config/db/env
Generated configuration file: ./common/config/jobservice/env
Generated configuration file: ./common/config/jobservice/config.yml
Generated configuration file: ./common/config/log/logrotate.conf
Generated configuration file: ./common/config/registryctl/env
Generated configuration file: ./common/config/core/app.conf
Generated certificate, key file: ./common/config/core/private_key.pem, cert file: ./common/config/registry/root.crt
The configuration files are ready, please use docker-compose to start the service.


[Step 3]: checking existing instance of Harbor ...


[Step 4]: starting Harbor ...
Creating network "harbor_harbor" with the default driver
Creating harbor-log ... done
Creating registry           ... done
Creating harbor-db          ... done
Creating redis              ... done
Creating harbor-adminserver ... done
Creating registryctl        ... done
Creating harbor-core        ... done
Creating harbor-jobservice  ... done
Creating harbor-portal      ... done
Creating nginx              ... done

✔ ----Harbor has been installed and started successfully.----

Now you should be able to visit the admin portal at http://10.0.0.1.
For more details, please visit https://github.com/goharbor/harbor .

 

6. 日志和数据目录

使用 docker logs 或者 docker-compose logs 看不到日志

# 日志目录
[e120005085]$ ls /var/log/harbor
adminserver.log  jobservice.log  mysql.log  proxy.log  registry.log  ui.log
# 数据目录，包括数据库、镜像仓库
[e120005085]$ ls /data/
ca_download  config  database  job_logs registry  secretkey

 7.其他操作

$ # 停止 harbor
$ docker-compose down -v
$ # 修改配置
$ vim harbor.cfg
$ # 更修改的配置更新到 docker-compose.yml 文件
$ ./prepare
Clearing the configuration file: ./common/config/ui/app.conf
Clearing the configuration file: ./common/config/ui/env
Clearing the configuration file: ./common/config/ui/private_key.pem
Clearing the configuration file: ./common/config/db/env
Clearing the configuration file: ./common/config/registry/root.crt
Clearing the configuration file: ./common/config/registry/config.yml
Clearing the configuration file: ./common/config/jobservice/app.conf
Clearing the configuration file: ./common/config/jobservice/env
Clearing the configuration file: ./common/config/nginx/cert/admin.pem
Clearing the configuration file: ./common/config/nginx/cert/admin-key.pem
Clearing the configuration file: ./common/config/nginx/nginx.conf
Clearing the configuration file: ./common/config/adminserver/env
loaded secret from file: /data/secretkey
Generated configuration file: ./common/config/nginx/nginx.conf
Generated configuration file: ./common/config/adminserver/env
Generated configuration file: ./common/config/ui/env
Generated configuration file: ./common/config/registry/config.yml
Generated configuration file: ./common/config/db/env
Generated configuration file: ./common/config/jobservice/env
Generated configuration file: ./common/config/jobservice/app.conf
Generated configuration file: ./common/config/ui/app.conf
Generated certificate, key file: ./common/config/ui/private_key.pem, cert file: ./common/config/registry/root.crt
The configuration files are ready, please use docker-compose to start the service.
$ sudo chmod -R 666 common ## 防止容器进程没有权限读取生成的配置
$ # 启动 harbor
$ docker-compose up -d