Harbor离线安装

harbor离线安装

安装环境及版本如下：

• 系统centos7.9
• doker版本docker-ce-20.10.17
• docker-compose版本v2.10.2
• harbor版本v2.6.0
• harbor数据路径/harbor-data
• 访问域名harbor.domain.com

预安装docker和docker-compose

yum install -y yum-utils
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
yum install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin

systemctl start docker
systemctl enable docker

curl -O https://github.com/docker/compose/releases/download/v2.10.2/docker-compose-linux-x86_64
mv docker-compose-linux-x86_64 /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose

下载harbor安装包

在页面https://github.com/goharbor/harbor/releases下载对于版本包，这里以v2.6.0为例,

harbor-offline-installer-v2.6.0.tgz
harbor-offline-installer-v2.6.0.tgz.asc

验证包

gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys 644FF454C0B4115C
gpg -v --keyserver hkps://keyserver.ubuntu.com --verify harbor-offline-installer-v2.6.0.tgz.asc

安装

vim /etc/hosts

127.0.0.1   harbor.domain.com
127.0.0.1   harbor.domain
127.0.0.1   harbor

配置https证书

生成证书颁发机构证书

openssl genrsa -out ca.key 4096

openssl req -x509 -new -nodes -sha512 -days 3650 \
	-subj "/C=CN/ST=Guangdong/L=Shenzhen/O=greene/OU=Personal/CN=harbor.domain.com" \
	-key ca.key \
	-out ca.crt

openssl genrsa -out harbor.domain.com.key 4096

生成服务器证书

openssl req -sha512 -new \
    -subj "/C=CN/ST=Guangdong/L=Shenzhen/O=greene/OU=Personal/CN=harbor.domain.com" \
    -key harbor.domain.com.key \
    -out harbor.domain.com.csr

cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names

[alt_names]
DNS.1=harbor.domain.com
DNS.2=harbor.domain
DNS.3=harbor
EOF

openssl x509 -req -sha512 -days 3650 \
    -extfile v3.ext \
    -CA ca.crt -CAkey ca.key -CAcreateserial \
    -in harbor.domain.com.csr \
    -out harbor.domain.com.crt

向Harbor和Docker提供证书

cp harbor.domain.com.crt /etc/ssl/certs/
cp harbor.domain.com.key /etc/ssl/certs/

openssl x509 -inform PEM -in harbor.domain.com.crt -out harbor.domain.com.cert

mkdir -p /etc/docker/certs.d/harbor.domain.com
cp harbor.domain.com.cert /etc/docker/certs.d/harbor.domain.com/
cp harbor.domain.com.key /etc/docker/certs.d/harbor.domain.com/
cp ca.crt /etc/docker/certs.d/harbor.domain.com/

重启docker

systemctl restart docker

配置harbor启动

tar -xvf harbor-offline-installer-v2.6.0.tgz
cd harbor
cp harbor.yml.tmpl harbor.yml

vim harbor.yml

修改如下配置即可

hostname: harbor.domain.com
https:
  certificate: /etc/ssl/certs/harbor.domain.com.crt
  private_key: /etc/ssl/certs/harbor.domain.com.key

开始安装并启动harbor

./install.sh

登录验证，Harbor的用户和默认密码是admin/Harbor12345

docker客户端配置

创建证书目录，将上述harbor服务端的ca.crt证书拷贝到目录下

mkdir -p /etc/docker/certs.d/harbor.domain.com

重启客户端docker即可

systemctl restart docker

批量拉取和推送指定版本的镜像

#!/bin/bash

# 接收多个 source_image:version 作为参数
source_images_and_versions=("$@")

# 检查是否没有传入 source_image:version
if [ ${#source_images_and_versions[@]} -eq 0 ]; then
    echo "Usage: $0 <source_image1:version1> <source_image2:version2> ..."
    exit 1
fi

# 循环遍历每个传入的 source_image:version
for image_version in "${source_images_and_versions[@]}"
do
    # 分割镜像名称和版本
    source_image=$(echo $image_version | cut -d: -f1)
    version=$(echo $image_version | cut -d: -f2)

    # 拉取指定的源镜像版本
    docker pull $source_image:$version

    # 获取本地所有版本的源镜像，确保匹配整个单词
    local_images=$(docker images --format "{{.Repository}}:{{.Tag}}" | grep -w "$source_image")

    # 循环遍历版本列表，为每个版本的源镜像创建新标签，然后推送到仓库
    for image in $local_images
    do
        original_image=$image
        new_image="harbor.domain.com/library/$original_image"

        # 为原始镜像创建新标签
        docker tag $original_image $new_image

        # 推送新标签的镜像到仓库
        docker push $new_image

        # 删除本地新标签的镜像（可选，根据需求）
        docker rmi $new_image
        docker rmi $original_image
    done
done