Harbor仓库部署
Harbor简介
Harbor是由VMWare在Docker Registry的基础之上进行了二次封装,加进去了很多额外程序,而且提供了一个非常漂亮的web界面。
Project Harbor is an open source trusted cloud native registry project that stores, signs, and scans context.
Harbor extends the open source Docker Distribution by adding the functionalities usually required by users such as security, identity and management.
Harbor supports advanced features such as user management, access control, activity monitoring, and replication between instances.
Harbor的功能
Feathers:
- Multi-tenant content signing and validation
- Security and vulnerability analysis
- Audit logging
- Identity integration and role-based access control
- Image replication between instances
- Extensible API and graphical UI
- Internationalization(currently English and Chinese)
Docker compose
Harbor在物理机上部署是非常难的,而为了简化Harbor的应用,Harbor官方直接把Harbor做成了在容器中运行的应用,而且这个容器在Harbor中依赖类似redis、mysql、pgsql等很多存储系统,所以它需要编排很多容器协同起来工作,因此VMWare Harbor在部署和使用时,需要借助于Docker的单机编排工具(Docker compose)来实现。
Compose is a tool for defining and running multi-container Docker applications. With Compose, you use a YAML file to configure your application’s services. Then, with a single command, you create and start all the services from your configuration.
Harbor部署
安装docker-compose
[root@mei ~]# sudo curl -L "https://github.com/docker/compose/releases/download/1.28.5/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
给docker-compose增加执行权限
[root@mei ~]# sudo chmod +x /usr/local/bin/docker-compose
下载harbor的安装包
[root@mei ~]# wget https://github.com/goharbor/harbor/releases/download/v2.2.0/harbor-offline-installer-v2.2.0.tgz
安装openssl
[root@mei ~]# yum -y install openssl
解压harbor到/usr/local下
[root@mei ~]# tar xf harbor-offline-installer-v2.2.0.tgz -C /usr/local/
[root@mei ~]# cd /usr/local/harbor/
复制一个harbor.yml文件配置
[root@mei harbor]# cp harbor.yml.tmpl harbor.yml
[root@mei harbor]# ls
common docker-compose.yml harbor.yml install.sh prepare
common.sh harbor.v2.2.0.tar.gz harbor.yml.tmpl LICENSE startall.sh
[root@mei harbor]# vim harbor.yml
······ hostname: 192.168.170.155 #修改为当前主机的IP或域名
······ # https related config #注释https服务
# https:
# https port for harbor, default is 443
# port: 443
# The path of cert and key files for nginx
# certificate: /your/certificate/path
# private_key: /your/private/key/path
执行安装脚本
[root@mei harbor]# ./install.sh Note: docker version: 20.10.4 Note: docker-compose version: 1.28.5 ······ ✔ ----Harbor has been installed and started successfully.---- [root@yqh harbor]# ss -antl State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 0.0.0.0:22 0.0.0.0:* LISTEN 0 128 127.0.0.1:1514 0.0.0.0:* LISTEN 0 128 0.0.0.0:80 0.0.0.0:* LISTEN 0 128 [::]:22 [::]:*
[root@mei harbor]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 25cae749fa3d goharbor/nginx-photon:v2.2.0 "nginx -g 'daemon of…" 4 minutes ago Up 4 minutes (healthy) 0.0.0.0:80->8080/tcp nginx
使用docker-compose开启关闭
[root@mei ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 0.0.0.0:80 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 127.0.0.1:1514 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
[root@mei harbor]# docker-compose stop Stopping nginx ... done Stopping harbor-jobservice ... done Stopping harbor-core ... done Stopping harbor-db ... done Stopping redis ... done Stopping registry ... done Stopping registryctl ... done Stopping harbor-portal ... done Stopping harbor-log ... done [root@mei harbor]# ss -antl State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
[root@mei harbor]# docker-compose start
Starting log ... done
Starting registry ... done
Starting registryctl ... done
Starting postgresql ... done
Starting portal ... done
Starting redis ... done
Starting core ... done
Starting jobservice ... done
Starting proxy ... done
[root@mei harbor]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 0.0.0.0:80 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 127.0.0.1:1514 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
编写一个脚本让它开机自启动
[root@mei harbor]# vim startall.sh #!/bin/bash cd /usr/local/harbor docker-compose stop && docker-compose start 给脚本执行权限 [root@mei harbor]# chmod +x startall.sh [root@mei harbor]# ll startall.sh -rwxr-xr-x. 1 root root 78 Mar 9 16:38 startall.sh rc。local是系统开机最后一个执行的文件 [root@mei harbor]# ll /etc/rc.local lrwxrwxrwx. 1 root root 13 Mar 24 2020 /etc/rc.local -> rc.d/rc.local [root@mei harbor]# ll /etc/rc.d/rc.local -rw-r--r--. 1 root root 474 Mar 24 2020 /etc/rc.d/rc.local //被链接文件也需要有执行权限 [root@mei harbor]# chmod +x /etc/rc.d/rc.local [root@mei harbor]# ll /etc/rc.d/rc.local -rwxr-xr-x. 1 root root 474 Mar 24 2020 /etc/rc.d/rc.local //在/etc/rc.d/rc.local里加上执行启动脚本的命令,就会开启自动启动了 [root@mei harbor]# vim /etc/rc.d/rc.local #!/bin/bash /bin/bash /usr/local/harbor/startall.sh
重启测试
[root@mei harbor]# reboot [root@mei ~]# ss -antl State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 0.0.0.0:80 0.0.0.0:* LISTEN 0 128 0.0.0.0:22 0.0.0.0:* LISTEN 0 128 127.0.0.1:1514 0.0.0.0:* LISTEN 0 128 [::]:22 [::]:*
使用IP登录Harbor
浙公网安备 33010602011771号