[Docker7]Harbor
Docker Harbor
harbor
download harbor offline tar package
wget https://github.com/vmware/harbor/releases/download/v1.2.2/harbor-offline-installer-v1.2.2.tgz -o /home/marion/docker
tar xf /home/marion/docker/harbor-offline-installer-v1.2.2.tgz
cd /home/marion/docker/harbor
修改harbor配置文件
hostname=www.proharbor.com
添加域名解析
vim /etc/hosts
## append this
10.0.0.128 www.proharbor.com
## 检查是否正常
ping www.proharbor.com
创建自签证书
mkdir /home/marion/docker/harbor/newcert
cd /home/marion/docker/harbor/newcert
openssl req -newkey rsa:4096 -nodes -sha256 -keyout ca.key -x509 -days 365 -out ca.crt
openssl req -newkey rsa:4096 -nodes -sha256 -keyout proharbor.com.key -out proharbor.com.csr
openssl x509 -req -days 3650 -in proharbor.com.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out proharbor.com.crt
mkdir -pv /etc/docker/certs.d/www.proharbor.com
cp /home/marion/docker/harbor/newcert/ca.crt /etc/docker/certs.d/www.proharbor.com/
cp /home/marion/docker/harbor/newcert/proharbor.com.crt /usr/local/share/ca-certificates/www.proharbor.com.crt
update-ca-certificates
更新配置文件
- 更新harbor.cfg
hostname = www.proharbor.com
ui_url_protocol = https
ssl_cert = /home/marion/docker/harbor/newcert/proharbor.com.crt
ssl_cert_key = /home/marion/docker/harbor/newcert/proharbor.com.key
- 更新docker-compose.yml
# 创建本地仓库镜像的存储目录
cd /home/marion/docker/harbor
mkdir /home/marion/harborregistry/
vim docker-compose.yml
# ------以下是docker-compose.yml修改后的内容------
version: '2'
services:
log:
image: vmware/harbor-log:v1.2.2
container_name: harbor-log
restart: always
volumes:
- /var/log/harbor/:/var/log/docker/:z
ports:
- 127.0.0.1:1514:514
networks:
- harbor
registry:
image: registry:2.4.1
container_name: registry
restart: always
volumes:
- /home/marion/harborregistry:/storage:z
- ./common/config/registry/:/etc/registry/:z
networks:
- harbor
environment:
- GODEBUG=netdns=cgo
command:
["serve", "/etc/registry/config.yml"]
depends_on:
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "registry"
mysql:
image: vmware/harbor-db:v1.2.2
container_name: harbor-db
restart: always
volumes:
- /data/database:/var/lib/mysql:z
networks:
- harbor
env_file:
- ./common/config/db/env
depends_on:
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "mysql"
adminserver:
image: vmware/harbor-adminserver:v1.2.2
container_name: harbor-adminserver
env_file:
- ./common/config/adminserver/env
restart: always
volumes:
- /data/config/:/etc/adminserver/config/:z
- /data/secretkey:/etc/adminserver/key:z
- /data/:/data/:z
networks:
- harbor
depends_on:
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "adminserver"
ui:
image: vmware/harbor-ui:v1.2.2
container_name: harbor-ui
env_file:
- ./common/config/ui/env
restart: always
volumes:
- ./common/config/ui/app.conf:/etc/ui/app.conf:z
- ./common/config/ui/private_key.pem:/etc/ui/private_key.pem:z
- /data/secretkey:/etc/ui/key:z
- /data/ca_download/:/etc/ui/ca/:z
- /data/psc/:/etc/ui/token/:z
networks:
- harbor
depends_on:
- log
- adminserver
- registry
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "ui"
jobservice:
image: vmware/harbor-jobservice:v1.2.2
container_name: harbor-jobservice
env_file:
- ./common/config/jobservice/env
restart: always
volumes:
- /data/job_logs:/var/log/jobs:z
- ./common/config/jobservice/app.conf:/etc/jobservice/app.conf:z
- /data/secretkey:/etc/jobservice/key:z
networks:
- harbor
depends_on:
- ui
- adminserver
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "jobservice"
proxy:
image: vmware/nginx-photon:1.11.13
container_name: nginx
restart: always
volumes:
- ./common/config/nginx:/etc/nginx:z
networks:
- harbor
ports:
- 80:80
- 443:443
- 4443:4443
depends_on:
- mysql
- registry
- ui
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "proxy"
networks:
harbor:
external: false
- 仓库根目录配置文件
这个文件可以看到容器中镜像存储的根目录,根据此可以把其共享到docker host
version: 0.1
log:
level: debug
fields:
service: registry
storage:
cache:
layerinfo: inmemory
filesystem:
rootdirectory: /storage
maintenance:
uploadpurging:
enabled: false
delete:
enabled: true
http:
addr: :5000
secret: placeholder
debug:
addr: localhost:5001
auth:
token:
issuer: harbor-token-issuer
realm: https://www.proharbor.com/service/token
rootcertbundle: /etc/registry/root.crt
service: harbor-registry
notifications:
endpoints:
- name: harbor
disabled: false
url: http://ui/service/notifications
timeout: 3000ms
threshold: 5
backoff: 1s
安装harbor以及notary,clair
cd /home/marion/docker/harbor/
sudo ./install.sh --with-notary --with-clair
#关闭harbor所有的容器(必须在含有docker-compose.yml文件的目录下执行)
docker-compose -f ./docker-compose.yml -f ./docker-compose.notary.yml -f ./docker-compose.clair.yml down -v
#启动harbor相关的所有容器(必须在含有docker-compose.yml文件的目录下执行)
docker-compose -f ./docker-compose.yml -f ./docker-compose.notary.yml -f ./docker-compose.clair.yml up -d
验证查看
- 打开浏览器,输入https://www.proharbor.com
- 用户名/密码:admin/Harbor12345(默认的)
- 打开终端:
docker login www.proharbor.com,admin/Harbor12345
查看日志
#日志路径各不相同,具体路径根据docker-compose.yml或者*/harbor/common/目录下的配置文件进行确定
cd /var/log/harbor
push/pull
#push
root@dockermaster:/home/marion/docker/harbor# docker tag redis www.proharbor.com/harborssl/redis:dev
root@dockermaster:/home/marion/docker/harbor# docker push www.proharbor.com/harborssl/redis:dev
The push refers to a repository [www.proharbor.com/harborssl/redis]
d112bb627859: Pushed
265ab1ac61ec: Pushed
2341e66d779d: Pushed
9503917b6420: Pushed
aa84bbcc6553: Pushed
29d71372a492: Pushed
dev: digest: sha256:b707a0c39062f1769c8e16069015e1ba839add849deb441428fc0c1deee67c36 size: 1571
#pull
root@dockermaster:/home/marion/docker/harbor# docker pull www.proharbor.com/harborssl/redis:dev
dev: Pulling from harborssl/redis
Digest: sha256:b707a0c39062f1769c8e16069015e1ba839add849deb441428fc0c1deee67c36
Status: Downloaded newer image for www.proharbor.com/harborssl/redis:dev
