1、文件下载
# wget https://storage.googleapis.com/harbor-releases/harbor-online-installer-v1.5.1.tgz
安装官网参考
https://github.com/goharbor/harbor/blob/master/docs/installation_guide.md
2、安装docker-compose(pip方式)
yum添加源
# yum install epel-release -y
清空yum缓存文件
# yum clean all
安装python-pip
# yum install python-pip -y
安装docker-compost
# pip install -U docker-compose
查看docker-compose版本
# docker-compose -v
解压
# tar zxvf harbor-online-installer-v1.5.1.tgz
修改Harbor的配置文件
# vi harbor.cfg
只修改hostname选项其他不需要改动
## Configuration file of Harbor # hostname设置访问地址,可以使用ip、域名,不可以设置为127.0.0.1或localhost
hostname = 172.16.1.146 # 访问协议,默认是http,也可以设置https,如果设置https,则nginx ssl需要设置on
ui_url_protocol = http # mysql数据库root用户默认密码root123,实际使用时修改下
db_password = root123 # 是否开启自注册,on开启,off关闭,可以关闭掉。
self_registration = off # 启动Harbor后,管理员UI登录的密码,默认是Harbor12345
harbor_admin_password = Harbor12345 #镜像同步job数量
max_job_workers = customize_crt = on #https时候使用
ssl_cert = /data/cert/server.crt
ssl_cert_key = /data/cert/server.key
secretkey_path = /data
admiral_url = NA # 邮件设置,发送重置密码邮件时使用
email_identity =
email_server = smtp.mydomain.com
email_server_port =
email_username = sample_admin@mydomain.com
email_password = abc
email_from = admin <sample_admin@mydomain.com>
email_ssl = false # 认证方式,这里支持多种认证方式,如LADP、本次存储、数据库认证。默认是db_auth,mysql数据库认证
auth_mode = db_auth # LDAP认证时配置项
#ldap_url = ldaps://ldap.mydomain.com
#ldap_searchdn = uid=searchuser,ou=people,dc=mydomain,dc=com
#ldap_search_pwd = password
#ldap_basedn = ou=people,dc=mydomain,dc=com
#ldap_filter = (objectClass=person)
#ldap_uid = uid
#ldap_scope =
#ldap_timeout = # Token有效时间,默认30分钟
token_expiration = # 用户创建项目权限控制,默认是everyone(所有人),也可以设置为adminonly(只能管理员)
project_creation_restriction = everyone verify_remote_cert = on #日志数量
log_rotate_count = #单个日志大小
log_rotate_size = 200M
docker-compost配置修改(视情况修改)
修改页面端口
# vi docker-compose.yml
proxy:
image: vmware/nginx-photon:v1.5.1
container_name: nginx
restart: always
volumes:
- ./common/config/nginx:/etc/nginx:z
networks:
- harbor
ports:
#如果需要,可以修改对外端口为
# - 8888:80
- :
- :
- :
depends_on:
- mysql
- registry
- ui
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "proxy"
修改common/templates/registry/onfig.yml
# cd common/templates/registry/
# vi config.yml
注意:不需要做任何改动
version: 0.1
log:
level: info
fields:
service: registry
storage:
cache:
layerinfo: inmemory
$storage_provider_info
maintenance:
uploadpurging:
enabled: false
delete:
enabled: true
http:
addr: :
secret: placeholder
debug:
addr: localhost:
auth:
token:
issuer: harbor-token-issuer
#如果需要,可以添加端口8888
#realm: $public_url/service/token
rootcertbundle: /etc/registry/root.crt
service: harbor-registry
notifications:
endpoints:
- name: harbor
disabled: false
url: $ui_url/service/notifications
timeout: 3000ms
threshold:
backoff: 1s
修改docker-compose.yml
# vi docker-compose.yml
version: ''
services:
log:
image: vmware/harbor-log:v1.5.1
container_name: harbor-log
restart: always
volumes:
#harbor日志目录
- /var/log/harbor/:/var/log/docker/:z
- ./common/config/log/:/etc/logrotate.d/:z
ports:
- 127.0.0.1::
networks:
- harbor
registry:
image: vmware/registry-photon:v2.6.2-v1.5.1
container_name: registry
restart: always
volumes:
#registry存储目录
- /data/registry:/storage:z
- ./common/config/registry/:/etc/registry/:z
networks:
- harbor
ports:
- 5000:5000
environment:
- GODEBUG=netdns=cgo
command:
["serve", "/etc/registry/config.yml"]
depends_on:
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "registry"
mysql:
image: vmware/harbor-db:v1.5.1
container_name: harbor-db
restart: always
volumes:
- /data/database:/var/lib/mysql:z
networks:
- harbor
env_file:
- ./common/config/db/env
depends_on:
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "mysql"
adminserver:
image: vmware/harbor-adminserver:v1.5.1
container_name: harbor-adminserver
env_file:
- ./common/config/adminserver/env
restart: always
volumes:
- /data/config/:/etc/adminserver/config/:z
- /data/secretkey:/etc/adminserver/key:z
- /data/:/data/:z
networks:
- harbor
depends_on:
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "adminserver"
ui:
image: vmware/harbor-ui:v1.5.1
container_name: harbor-ui
env_file:
- ./common/config/ui/env
restart: always
volumes:
- ./common/config/ui/app.conf:/etc/ui/app.conf:z
- ./common/config/ui/private_key.pem:/etc/ui/private_key.pem:z
- ./common/config/ui/certificates/:/etc/ui/certificates/:z
- /data/secretkey:/etc/ui/key:z
- /data/ca_download/:/etc/ui/ca/:z
- /data/psc/:/etc/ui/token/:z
networks:
- harbor
depends_on:
- log
- adminserver
- registry
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "ui"
jobservice:
image: vmware/harbor-jobservice:v1.5.1
container_name: harbor-jobservice
env_file:
- ./common/config/jobservice/env
restart: always
volumes:
- /data/job_logs:/var/log/jobs:z
- ./common/config/jobservice/config.yml:/etc/jobservice/config.yml:z
networks:
- harbor
depends_on:
- redis
- ui
- adminserver
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "jobservice"
redis:
image: vmware/redis-photon:v1.5.1
container_name: redis
restart: always
volumes:
- /data/redis:/data
networks:
- harbor
depends_on:
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "redis"
proxy:
image: vmware/nginx-photon:v1.5.1
container_name: nginx
restart: always
volumes:
- ./common/config/nginx:/etc/nginx:z
networks:
- harbor
ports:
#如果需要,可以修改对外端口为
# - 8888:80
- :
- :
- :
depends_on:
- mysql
- registry
- ui
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "proxy"
networks:
harbor:
external: false
安装
[root@localhost harbor]# sudo ./install.sh --with-clair
# docker-compose ps
由于是http,直接登录会报错
[root@localhost harbor]# docker login 192.168.100.117
Username: admin
Password:
Error response from daemon: Get https://192.168.100.117/v2/: dial tcp 192.168.100.117:443: connect: connection refused
客户端配置修改
免https修改
修改/etc/docker/daemon.json,添加{"insecure-registries":["192.168.100.117"]}
# echo '{"insecure-registries":["192.168.100.117"]}' >> /etc/docker/daemon.json
# cat /etc/docker/daemon.json
# systemctl daemon-reload
# systemctl restart docker
再次登录
# docker-compose ps
# docker login 192.168.100.117
[root@localhost harbor]# docker login 192.168.100.117
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store Login Succeeded
页面访问
启动完成后,我们访问刚设置的hostname即可http://192.168.100.117/,默认是80端口,如果端口占用,我们可以去修改docker-compose.yml文件中,对应服务的端口映射。
http://192.168.100.117/harbor/sign-in
页面正常访问
用户名:admin
密码:Harbor12345
新建一个项目
查看如何push镜像到demo-project
# docker images
打标签并且上传
给镜像打tag
# docker tag centos:latest 192.168.100.117/demo-project/centos:latest
push到仓库
# docker push 192.168.100.117/demo-project/centos:latest
# docker images
查看是否成功
删除本地镜像,重新下载
# docker rmi 192.168.100.117/demo-project/centos
# docker pull 192.168.100.117/demo-project/centos
启动之后停止或启动harbor的话,可以使用命令:
$ sudo docker-compose -f ./docker-compose.yml -f ./docker-compose.chartmuseum.yml [ up|down|ps|stop|start ]
# sudo docker-compose -f /root/harbor/docker-compose.yml -f /root/harbor/docker-compose.clair.yml start
# sudo docker-compose -f /root/harbor/docker-compose.yml -f /root/harbor/docker-compose.clair.yml stop
更多使用说明参考:
https://github.com/vmware/harbor/blob/master/docs/user_guide.md
参考博客:
harbor安装和简单使用
https://blog.csdn.net/qq_30062125/article/details/82772087
docker私库harbor的搭建
https://www.cnblogs.com/smilezgy/p/9545553.html
docker镜像仓库harbor之搭建及配置
https://blog.csdn.net/aixiaoyang168/article/details/73549898
centos7.3搭建harbor
https://blog.csdn.net/qq12547345/article/details/79482468