制品库 - 云原生制品库Harbor
Harbor 简介
Harbor 是一个用于存储和分发 Docker 镜像的企业级 Registry 服务器,可以用来构建企业内部的 Docker 镜像仓库。
具有企业需要的一些功能特性,如镜像同步复制、漏洞扫描和权限管理等。
安装 Harbor
下载和解压
使用离线方式进行安装,需先下载离线包
https://github.com/goharbor/harbor/releases/download/v2.11.1/harbor-offline-installer-v2.11.1.tgz
[root@node200 ~]# docker compose version
Docker Compose version v2.29.2
[root@node200 ~]#
[root@node200 ~]# docker-compose -v
Docker Compose version v2.29.2
[root@node200 ~]#
[root@node200 ~]# uname -a
Linux node200 5.14.0-427.33.1.el9_4.x86_64 #1 SMP PREEMPT_DYNAMIC Wed Aug 28 17:34:59 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux
[root@node200 ~]#
[root@node200 ~]# cat /etc/system-release
Rocky Linux release 9.4 (Blue Onyx)
[root@node200 ~]#
[root@node200 ~]# wget https://github.com/goharbor/harbor/releases/download/v2.11.1/harbor-offline-installer-v2.11.1.tgz
[root@node200 ~]#
[root@node200 ~]# tar -xzvf harbor-offline-installer-v2.11.1.tgz
harbor/harbor.v2.11.1.tar.gz
harbor/prepare
harbor/LICENSE
harbor/install.sh
harbor/common.sh
harbor/harbor.yml.tmpl
[root@node200 ~]# ll
total 642772
-rw-------. 1 root root 1457 Aug 30 10:55 anaconda-ks.cfg
drwxr-xr-x 2 root root 123 Sep 6 11:43 harbor
-rw-r--r-- 1 root root 658192407 Aug 21 10:27 harbor-offline-installer-v2.11.1.tgz
[root@node200 ~]#
[root@node200 ~]# tree -L 3 -h harbor
harbor
├── [ 3.6K] common.sh
├── [ 632M] harbor.v2.11.1.tar.gz
├── [ 14K] harbor.yml.tmpl
├── [ 1.9K] install.sh
├── [ 11K] LICENSE
└── [ 1.8K] prepare
0 directories, 6 files
[root@node200 ~]#
配置安装文件
- 创建和修改 harbor.yml 文件
- 更改 hostname、port的配置
- 注释https相关内容,需要时再配置
[root@node200 ~]# cd harbor/
[root@node200 harbor]# ll
total 646848
-rw-r--r-- 1 root root 3646 Aug 15 18:07 common.sh
-rw-r--r-- 1 root root 662330539 Aug 15 18:07 harbor.v2.11.1.tar.gz
-rw-r--r-- 1 root root 14270 Aug 15 18:07 harbor.yml.tmpl
-rwxr-xr-x 1 root root 1975 Aug 15 18:07 install.sh
-rw-r--r-- 1 root root 11347 Aug 15 18:07 LICENSE
-rwxr-xr-x 1 root root 1882 Aug 15 18:07 prepare
[root@node200 harbor]#
[root@node200 harbor]# cp harbor.yml.tmpl harbor.yml
[root@node200 harbor]# vim harbor.yml
[root@node200 harbor]#
[root@node200 harbor]# diff harbor.yml harbor.yml.tmpl
5c5
< hostname: 192.168.16.200
---
> hostname: reg.mydomain.com
10c10
< port: 8888
---
> port: 80
13c13
< # https:
---
> https:
15c15
< # port: 443
---
> port: 443
17,18c17,18
< # certificate: /your/certificate/path
< # private_key: /your/private/key/path
---
> certificate: /your/certificate/path
> private_key: /your/private/key/path
[root@node200 harbor]#
运行安装脚本
[root@node200 harbor]# ./install.sh --help
Note: Please set hostname and other necessary attributes in harbor.yml first. DO NOT use localhost or 127.0.0.1 for hostname, because Harbor needs to be accessed by external clients.
Please set --with-trivy if needs enable Trivy in Harbor.
Please do NOT set --with-chartmuseum, as chartmusuem has been deprecated and removed.
Please do NOT set --with-notary, as notary has been deprecated and removed.
[root@node200 harbor]#
[root@node200 harbor]# ./install.sh
[Step 0]: checking if docker is installed ...
Note: docker version: 27.2.0
[Step 1]: checking docker-compose is installed ...
Note: Docker Compose version v2.29.2
[Step 2]: loading Harbor images ...
Loaded image: goharbor/prepare:v2.11.1
Loaded image: goharbor/harbor-db:v2.11.1
Loaded image: goharbor/harbor-exporter:v2.11.1
Loaded image: goharbor/redis-photon:v2.11.1
Loaded image: goharbor/nginx-photon:v2.11.1
Loaded image: goharbor/harbor-portal:v2.11.1
Loaded image: goharbor/harbor-core:v2.11.1
Loaded image: goharbor/harbor-log:v2.11.1
Loaded image: goharbor/harbor-jobservice:v2.11.1
Loaded image: goharbor/harbor-registryctl:v2.11.1
Loaded image: goharbor/registry-photon:v2.11.1
Loaded image: goharbor/trivy-adapter-photon:v2.11.1
[Step 3]: preparing environment ...
[Step 4]: preparing harbor configs ...
prepare base dir is set to /root/harbor
WARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. Please make sure to upgrade to https
Generated configuration file: /config/portal/nginx.conf
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/registryctl/config.yml
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
Generated and saved secret to file: /data/secret/keys/secretkey
Successfully called func: create_root_cert
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir
Note: stopping existing Harbor instance ...
WARN[0000] /root/harbor/docker-compose.yml: the attribute `version` is obsolete, it will be ignored, please remove it to avoid potential confusion
[Step 5]: starting Harbor ...
WARN[0000] /root/harbor/docker-compose.yml: the attribute `version` is obsolete, it will be ignored, please remove it to avoid potential confusion
[+] Running 10/10
✔ Network harbor_harbor Created 0.1s
✔ Container harbor-log Started 0.6s
✔ Container registryctl Started 1.5s
✔ Container registry Started 1.3s
✔ Container harbor-db Started 1.4s
✔ Container harbor-portal Started 1.4s
✔ Container redis Started 1.2s
✔ Container harbor-core Started 1.7s
✔ Container nginx Started 2.3s
✔ Container harbor-jobservice Started 2.2s
✔ ----Harbor has been installed and started successfully.----
[root@node200 harbor]#
验证安装
[root@node200 harbor]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
goharbor/harbor-exporter v2.11.1 cdf68efc001e 3 weeks ago 114MB
goharbor/redis-photon v2.11.1 acf90a312d47 3 weeks ago 170MB
goharbor/trivy-adapter-photon v2.11.1 24a8273e807a 3 weeks ago 339MB
goharbor/harbor-registryctl v2.11.1 43fca2a06374 3 weeks ago 168MB
goharbor/registry-photon v2.11.1 9da6663b36f2 3 weeks ago 90.3MB
goharbor/nginx-photon v2.11.1 193a1b77b7d4 3 weeks ago 159MB
goharbor/harbor-log v2.11.1 2752e033bfbb 3 weeks ago 169MB
goharbor/harbor-jobservice v2.11.1 a8005a88b3dc 3 weeks ago 165MB
goharbor/harbor-core v2.11.1 eaf65baad3f6 3 weeks ago 191MB
goharbor/harbor-portal v2.11.1 f58813018a49 3 weeks ago 167MB
goharbor/harbor-db v2.11.1 be56f8030c48 3 weeks ago 277MB
goharbor/prepare v2.11.1 1d00ffdb2e67 3 weeks ago 216MB
hello-world latest d2c94e258dcb 16 months ago 13.3kB
[root@node200 harbor]#
[root@node200 harbor]# docker-compose ls
NAME STATUS CONFIG FILES
harbor running(7) /root/harbor/docker-compose.yml
[root@node200 harbor]#
[root@node200 harbor]# docker-compose ps
WARN[0000] /root/harbor/docker-compose.yml: the attribute `version` is obsolete, it will be ignored, please remove it to avoid potential confusion
NAME IMAGE COMMAND SERVICE CREATED STATUS PORTS
harbor-core goharbor/harbor-core:v2.11.1 "/harbor/entrypoint.…" core 2 minutes ago Up 2 minutes (healthy)
harbor-db goharbor/harbor-db:v2.11.1 "/docker-entrypoint.…" postgresql 2 minutes ago Up 2 minutes (healthy)
harbor-jobservice goharbor/harbor-jobservice:v2.11.1 "/harbor/entrypoint.…" jobservice 2 minutes ago Up 2 minutes (healthy)
harbor-log goharbor/harbor-log:v2.11.1 "/bin/sh -c /usr/loc…" log 2 minutes ago Up 2 minutes (healthy) 127.0.0.1:1514->10514/tcp
harbor-portal goharbor/harbor-portal:v2.11.1 "nginx -g 'daemon of…" portal 2 minutes ago Up 2 minutes (healthy)
nginx goharbor/nginx-photon:v2.11.1 "nginx -g 'daemon of…" proxy 2 minutes ago Up 2 minutes (healthy) 0.0.0.0:8888->8080/tcp, :::8888->8080/tcp
redis goharbor/redis-photon:v2.11.1 "redis-server /etc/r…" redis 2 minutes ago Up 2 minutes (healthy)
registry goharbor/registry-photon:v2.11.1 "/home/harbor/entryp…" registry 2 minutes ago Up 2 minutes (healthy)
registryctl goharbor/harbor-registryctl:v2.11.1 "/home/harbor/start.…" registryctl 2 minutes ago Up 2 minutes (healthy)
[root@node200 harbor]#
登录Harbor页面
harbor.yml 配置文件中包含登录地址和账号信息
- 登录页面地址:http://192.168.16.200:8888/
- 用户名和密码为 admin 和 Harbor12345
推送镜像
设置仓库地址
编辑/etc/docker/daemon.json设置允许访问的 HTTP 仓库地址
mkdir -p /etc/docker
cat > /etc/docker/daemon.json << EOF
{
"registry-mirrors": ["https://docker.mirrors.ustc.edu.cn","https://mirror.iscas.ac.cn"],
"insecure-registries":["192.168.16.200:8888"]
}
EOF
systemctl daemon-reload
systemctl restart docker
修改镜像tag
[root@node200 ~]# docker images |grep hello
hello-world latest d2c94e258dcb 16 months ago 13.3kB
[root@node200 ~]#
[root@node200 ~]# docker tag hello-world:latest 192.168.16.200:8888/library/hello-world:1.0
[root@node200 ~]#
[root@node200 ~]# docker images |grep hello
192.168.16.200:8888/library/hello-world 1.0 d2c94e258dcb 16 months ago 13.3kB
hello-world latest d2c94e258dcb 16 months ago 13.3kB
[root@node200 ~]#
推送镜像到 Harbor
[root@node200 ~]# docker login 192.168.16.200:8888
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credential-stores
Login Succeeded
[root@node200 ~]#
[root@node200 ~]# docker push 192.168.16.200:8888/library/hello-world:1.0
The push refers to repository [192.168.16.200:8888/library/hello-world]
ac28800ec8bb: Pushed
1.0: digest: sha256:d37ada95d47ad12224c205a938129df7a3e52345828b4fa27b03a98825d1e2e7 size: 524
[root@node200 ~]#
在Harbor上查看推送的镜像
拉取镜像、删除镜像和注销登录
[root@node200 ~]# docker images |grep hello
192.168.16.200:8888/library/hello-world 1.0 d2c94e258dcb 16 months ago 13.3kB
hello-world latest d2c94e258dcb 16 months ago 13.3kB
[root@node200 ~]#
[root@node200 ~]# docker rmi 192.168.16.200:8888/library/hello-world # 删除本地镜像,如果不指定tag,默认为latest
Error response from daemon: No such image: 192.168.16.200:8888/library/hello-world:latest
[root@node200 ~]#
[root@node200 ~]# docker rmi 192.168.16.200:8888/library/hello-world:1.0 # 只是删除了本地镜像,Harbor上的镜像仍然存在
Untagged: 192.168.16.200:8888/library/hello-world:1.0
Untagged: 192.168.16.200:8888/library/hello-world@sha256:d37ada95d47ad12224c205a938129df7a3e52345828b4fa27b03a98825d1e2e7
[root@node200 ~]#
[root@node200 ~]# docker images |grep hello
hello-world latest d2c94e258dcb 16 months ago 13.3kB
[root@node200 ~]#
[root@node200 ~]# docker pull 192.168.16.200:8888/library/hello-world:1.0 # 拉取镜像
1.0: Pulling from library/hello-world
Digest: sha256:d37ada95d47ad12224c205a938129df7a3e52345828b4fa27b03a98825d1e2e7
Status: Downloaded newer image for 192.168.16.200:8888/library/hello-world:1.0
192.168.16.200:8888/library/hello-world:1.0
[root@node200 ~]#
[root@node200 ~]# docker images |grep hello
192.168.16.200:8888/library/hello-world 1.0 d2c94e258dcb 16 months ago 13.3kB
hello-world latest d2c94e258dcb 16 months ago 13.3kB
[root@node200 ~]#
[root@node200 ~]# docker logout 192.168.16.200:8888 # 注销登录
Removing login credentials for 192.168.16.200:8888
[root@node200 ~]#
[root@node200 ~]#
重新启动 Harbor
- 删除原有 Harbor 容器:
docker-compose down -v - 重新启动 Harbor:
docker-compose up -d - Harbor 数据文件默认是挂载在宿主机的 /data 目录下,删除 Harbor 容器并不会丢失数据。
[root@node200 ~]# ll /data
total 0
drwxr-xr-x 2 10000 10000 6 Sep 6 14:24 ca_download
drwx------ 3 systemd-coredump input 18 Sep 6 14:24 database
drwxr-xr-x 2 10000 10000 89 Sep 6 15:00 job_logs
drwxr-xr-x 2 systemd-coredump input 22 Sep 6 16:04 redis
drwxr-xr-x 3 10000 10000 20 Sep 6 15:35 registry
drwxr-xr-x 5 root root 46 Sep 6 14:24 secret
[root@node200 ~]#
行动是绝望的解药!
欢迎转载和引用,但请在明显处保留原文链接和原作者信息!
本博客内容多为个人工作与学习的记录,少数内容来自于网络并略有修改,已尽力标明原文链接和转载说明。如有冒犯,即刻删除!
以所舍,求所得,有所获,方所成。
