根据Harbor官方描述:
Harbor是一个用于存储和分发Docker镜像的企业级Registry服务器,通过添加一些企业必需的功能特性,例如安全、标识和管理等,扩展了开源Docker Distribution。作为一个企业级私有Registry服务器,Harbor提供了更好的性能和安全。提升用户使用Registry构建和运行环境传输镜像的效率。Harbor支持安装在多个Registry节点的镜像资源复制,镜像全部保存在私有Registry中, 确保数据和知识产权在公司内部网络中管控。另外,Harbor也提供了高级的安全特性,诸如用户管理,访问控制和活动审计等。
部署环境:
centos-7.4 192.168.55.34
Docker version 1.13.
docker-compose version 1.21.
harbor-offline-installer-v1.5.0.tgz
安装docker-compose
方式1:
curl -L https://github.com/docker/compose/releases/download/1.9.0/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
方式2:
wget https://bootstrap.pypa.io/get-pip.py
python get-pip.py
pip install docker-compose
安装docker
yum install docker -y
vim /etc/systemd/system/docker.service
-----------------------------------------------------
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target firewalld.service
Wants=network-online.target
[Service]
Type=notify
ExecStart=/usr/bin/dockerd --insecure-registry=192.168.55.34
ExecReload=/bin/kill -s HUP $MAINPID
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
TimeoutStartSec=
Delegate=yes
KillMode=process
Restart=on-failure
StartLimitBurst=
StartLimitInterval=60s
[Install]
WantedBy=multi-user.target
-----------------------------------------------------
说明: docker 需要上传 push 镜像,需要在 docker 中配置 --insecure-registry
docker加速
curl -sSL https://get.daocloud.io/daotools/set_mirror.sh | sh -s http://db411c61.m.daocloud.io #会生成 /etc/docker/daemon.json 文件
启动docker
systemctl daemon-reload
systemctl enable docker
systemctl start docker
systemctl status docker
安装harbor
harbor下载地址:
http://harbor.orientsoft.cn/
tar -xf harbor-offline-installer-v1.5.0.tgz
mv harbor /opt/
cd /opt/harbor/
vim harbor.cfg
-----------------------------------------------------
hostname = 192.168.55.34
#这里只是简单的测试,所以只编辑这一行,其他的默认不做修改;当然也可以根据你自己的实际情况做修改!
-----------------------------------------------------
执行安装脚本:
./instsll.sh
说明:安装报错 找不到docker-proxy 、 docker-runc
执行 ln -s /usr/libexec/docker/docker-runc-current /usr/bin/docker-runc
ln -s /usr/libexec/docker/docker-proxy-current /usr/bin/docker-proxy
Harbor容器的stop与start:
cd /opt/harbor/
docker-compose stop/start
到此便安装完成了,直接打开浏览器登陆即可:
默认用户密码是:admin/Harbor12345 #密码 /opt/harbor/harbor.cfg harbor_admin_password参数
harbor上传镜像
[root@docker2 /opt/tools/harbor ::&&]#docker login -u admin -p Harbor12345 http://192.168.159.34/v2 #账号密码: admin/Harbor12345
Username: admin
Password:
Login Succeeded
[root@docker2 /opt/tools/harbor ::&&]#docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/centos latest 49f7960eb7e4 weeks ago MB
docker tag docker.io/centos 192.168.55.34/linux/centos6:1.0 #打个镜像tag
docker push 192.168.55.34/linux/centos6:1.0 #上传镜像
说明: 格式为: userip/项目名/image名字:版本号 (项目名需要在webui 提前建好)
harbor修改端口号
原文地址: https://www.cnblogs.com/huangjc/p/6420355.html
、修改docker-compose.yml文件映射为1180端口:
cat /opt/harbor/docker-compose.yml
-----------------------------------------------------------------
version: ''
services:
log:
image: vmware/harbor-log:v1.5.0
container_name: harbor-log
restart: always
volumes:
- /var/log/harbor/:/var/log/docker/:z
- ./common/config/log/:/etc/logrotate.d/:z
ports:
- 127.0.0.1::
networks:
- harbor
registry:
image: vmware/registry-photon:v2.6.2-v1.5.0
container_name: registry
restart: always
volumes:
- /data/registry:/storage:z
- ./common/config/registry/:/etc/registry/:z
networks:
- harbor
environment:
- GODEBUG=netdns=cgo
command:
["serve", "/etc/registry/config.yml"]
depends_on:
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "registry"
mysql:
image: vmware/harbor-db:v1.5.0
container_name: harbor-db
restart: always
volumes:
- /data/database:/var/lib/mysql:z
networks:
- harbor
env_file:
- ./common/config/db/env
depends_on:
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "mysql"
adminserver:
image: vmware/harbor-adminserver:v1.5.0
container_name: harbor-adminserver
env_file:
- ./common/config/adminserver/env
restart: always
volumes:
- /data/config/:/etc/adminserver/config/:z
- /data/secretkey:/etc/adminserver/key:z
- /data/:/data/:z
networks:
- harbor
depends_on:
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "adminserver"
ui:
image: vmware/harbor-ui:v1.5.0
container_name: harbor-ui
env_file:
- ./common/config/ui/env
restart: always
volumes:
- ./common/config/ui/app.conf:/etc/ui/app.conf:z
- ./common/config/ui/private_key.pem:/etc/ui/private_key.pem:z
- ./common/config/ui/certificates/:/etc/ui/certificates/:z
- /data/secretkey:/etc/ui/key:z
- /data/ca_download/:/etc/ui/ca/:z
- /data/psc/:/etc/ui/token/:z
networks:
- harbor
depends_on:
- log
- adminserver
- registry
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "ui"
jobservice:
image: vmware/harbor-jobservice:v1.5.0
container_name: harbor-jobservice
env_file:
- ./common/config/jobservice/env
restart: always
volumes:
- /data/job_logs:/var/log/jobs:z
- ./common/config/jobservice/config.yml:/etc/jobservice/config.yml:z
networks:
- harbor
depends_on:
- redis
- ui
- adminserver
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "jobservice"
redis:
image: vmware/redis-photon:v1.5.0
container_name: redis
restart: always
volumes:
- /data/redis:/data
networks:
- harbor
depends_on:
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "redis"
proxy:
image: vmware/nginx-photon:v1.5.0
container_name: nginx
restart: always
volumes:
- ./common/config/nginx:/etc/nginx:z
networks:
- harbor
ports:
- 1180:80
- :
- :
depends_on:
- mysql
- registry
- ui
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "proxy"
networks:
harbor:
external: false
------------------------------------------------------------------
、修改common/templates/registry/config.yml文件加入1180端口:
cat /opt/harbor/common/templates/registry/config.yml
------------------------------------------------------------------
version: 0.1
log:
level: info
fields:
service: registry
storage:
cache:
layerinfo: inmemory
$storage_provider_info
maintenance:
uploadpurging:
enabled: false
delete:
enabled: true
http:
addr: :
secret: placeholder
debug:
addr: localhost:
auth:
token:
issuer: harbor-token-issuer
realm: $public_url:1180/service/token
rootcertbundle: /etc/registry/root.crt
service: harbor-registry
notifications:
endpoints:
- name: harbor
disabled: false
url: $ui_url/service/notifications
timeout: 3000ms
threshold:
backoff: 1s
------------------------------------------------------------------
、停止harbor,重新启动并生成配置文件:
#docker-compose stop
# ./install.sh
、修改docker启动文件,设置信任的主机与端口:
#vim /etc/systemd/system/docker.service 修改如下一行
ExecStart=/usr/bin/dockerd --insecure-registry=192.168.55.34:1180
、重新启动docker:
systemctl daemon-reload
systemctl restart docker.service
. 最后,测试验证:
# docker login 192.168.55.34:
Username: admin
Password: Harbor12345
Login Succeeded