前言
Harbor是一个用于存储和分发Docker镜像的企业级Registry服务器,虽然Docker官方也提供了公共的镜像仓库,但是从安全和效率等方面考虑,部署企业内部的私有环境Registry是非常必要的,Harbor和docker中央仓库的关系,就类似于nexus和Maven中央仓库的关系,Harbor除了存储和分发镜像外还具有用户管理,项目管理,配置管理和日志查询,高可用部署等主要功能。
安装Harbor
安装之前需要安装Docker和Docker-Compose,本文不再赘述。版本查看:
[root@localhost harbor]# docker version
Client: Docker Engine - CommunityVersion: 23.0.2API version: 1.42Go version: go1.19.7Git commit: 569dd73Built: Mon Mar 27 16:18:54 2023OS/Arch: linux/amd64Context: defaultServer: Docker Engine - CommunityEngine:Version: 23.0.2API version: 1.42 (minimum version 1.12)Go version: go1.19.7Git commit: 219f21bBuilt: Mon Mar 27 16:16:31 2023OS/Arch: linux/amd64Experimental: falsecontainerd:Version: 1.6.20GitCommit: 2806fc1057397dbaeefbea0e4e17bddfbd388f38runc:Version: 1.1.5GitCommit: v1.1.5-0-gf19387adocker-init:Version: 0.19.0GitCommit: de40ad0[root@localhost harbor]# docker compose version
Docker Compose version v2.20.2
下载Harbor压缩包并解压,
下载地址
如果虚拟机网络可以到底互联网,可以使用下载。
wget https://github.com/goharbor/harbor/releases/download/v2.8.3/harbor-offline-installer-v2.8.3.tgz
[root@localhost harbor]# ls
harbor-offline-installer-v2.8.3.tgz
[root@localhost harbor]# pwd
/root/harbor
[root@localhost harbor]# mkdir /opt/install
[root@localhost harbor]# tar -xzf harbor-offline-installer-v2.8.3.tgz -C /opt/install
修改Harbor的配置
[root@localhost harbor]# cd /opt/install/harbor
[root@localhost harbor]# ls
common.sh harbor.v2.8.3.tar.gz harbor.yml harbor.yml.tmpl input install.sh LICENSE prepare
[root@localhost harbor]# cp harbor.yml.tmpl harbor.yml[root@localhost harbor]# cat harbor.yml
# Configuration file of Harbor# The IP address or hostname to access admin UI and registry service.
# DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
hostname: 192.168.56.100# http related config
http:# port for http, default is 80. If https enabled, this port will redirect to https portport: 85
# https related config
https:# https port for harbor, default is 443
# port: 443
## The path of cert and key files for nginx
# certificate: /your/certificate/path
# private_key: /your/private/key/path
安装Harbor
[root@localhost harbor]# ./prepare
prepare base dir is set to /opt/install/harbor
Unable to find image 'goharbor/prepare:v2.8.3' locally
v2.8.3: Pulling from goharbor/prepare
64766fbe86f3: Pull complete
5e8573822658: Pull complete
b325f953ccaa: Pull complete
4a61406f052d: Pull complete
35af786c7219: Pull complete
9e054aa5e0c4: Pull complete
ac0b5dc3429a: Pull complete
c1fcbc663df3: Pull complete
35ef2e38ddee: Pull complete
2a411a6b181f: Pull complete
Digest: sha256:31b05f630675290977311f476bafba9406539c73aaa773f27fbe8a295cda184a
Status: Downloaded newer image for goharbor/prepare:v2.8.3
WARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. Please make sure to upgrade to https
Generated configuration file: /config/portal/nginx.conf
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/registryctl/config.yml
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
Generated and saved secret to file: /data/secret/keys/secretkey
Successfully called func: create_root_cert
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir
[root@localhost harbor]# ./install.sh[Step 0]: checking if docker is installed ...Note: docker version: 23.0.2[Step 1]: checking docker-compose is installed ...Note: Docker Compose version v2.20.2[Step 2]: loading Harbor images ...
176a9faee2d2: Loading layer [==================================================>] 6.176MB/6.176MB
7533b07674a0: Loading layer [==================================================>] 4.096kB/4.096kB
9ab27df52911: Loading layer [==================================================>] 3.072kB/3.072kB
457b8a810324: Loading layer [==================================================>] 17.57MB/17.57MB
8ade677a8a4b: Loading layer [==================================================>] 18.36MB/18.36MB
Loaded image: goharbor/registry-photon:v2.8.3
ae6af9dcdf7c: Loading layer [==================================================>] 6.171MB/6.171MB
d9b2d282124e: Loading layer [==================================================>] 9.098MB/9.098MB
71d01ecf12a5: Loading layer [==================================================>] 15.88MB/15.88MB
a93bf4c4de26: Loading layer [==================================================>] 29.29MB/29.29MB
d6ccdcf712be: Loading layer [==================================================>] 22.02kB/22.02kB
20d0340657f4: Loading layer [==================================================>] 15.88MB/15.88MB
Loaded image: goharbor/notary-server-photon:v2.8.3
7076e9de5fb2: Loading layer [==================================================>] 6.171MB/6.171MB
06edddd4eeea: Loading layer [==================================================>] 9.098MB/9.098MB
4c8df5f33db0: Loading layer [==================================================>] 14.47MB/14.47MB
7bf292abe752: Loading layer [==================================================>] 29.29MB/29.29MB
ac4de38627ae: Loading layer [==================================================>] 22.02kB/22.02kB
687c00954816: Loading layer [==================================================>] 14.47MB/14.47MB
Loaded image: goharbor/notary-signer-photon:v2.8.3
ab5bc430313c: Loading layer [==================================================>] 90.16MB/90.16MB
dc3ba398e48c: Loading layer [==================================================>] 3.584kB/3.584kB
d26b379ad813: Loading layer [==================================================>] 3.072kB/3.072kB
93e3e2322706: Loading layer [==================================================>] 2.56kB/2.56kB
0bf9c54793f1: Loading layer [==================================================>] 3.072kB/3.072kB
2742f8f52b00: Loading layer [==================================================>] 3.584kB/3.584kB
299dda8831bd: Loading layer [==================================================>] 20.48kB/20.48kB
Loaded image: goharbor/harbor-log:v2.8.3
02ddc8ed9baf: Loading layer [==================================================>] 85.6MB/85.6MB
377838d34c47: Loading layer [==================================================>] 3.072kB/3.072kB
1bda8bcd6461: Loading layer [==================================================>] 59.9kB/59.9kB
90ea325b2c6d: Loading layer [==================================================>] 61.95kB/61.95kB
Loaded image: goharbor/redis-photon:v2.8.3
3996ab5000eb: Loading layer [==================================================>] 9.188MB/9.188MB
03553e550818: Loading layer [==================================================>] 3.584kB/3.584kB
9f2717a623b0: Loading layer [==================================================>] 2.56kB/2.56kB
ce715e5a53cf: Loading layer [==================================================>] 47.46MB/47.46MB
9505353423e5: Loading layer [==================================================>] 48.25MB/48.25MB
Loaded image: goharbor/harbor-jobservice:v2.8.3
Loaded image: goharbor/prepare:v2.8.3
b99dc282b3c7: Loading layer [==================================================>] 9.188MB/9.188MB
786372442d5c: Loading layer [==================================================>] 3.584kB/3.584kB
c95eff9c3c92: Loading layer [==================================================>] 2.56kB/2.56kB
69a6620f70fd: Loading layer [==================================================>] 59.22MB/59.22MB
faee135ed65a: Loading layer [==================================================>] 5.632kB/5.632kB
b8228ebe38a4: Loading layer [==================================================>] 116.7kB/116.7kB
e2db669e8a7c: Loading layer [==================================================>] 44.03kB/44.03kB
1d973fccb394: Loading layer [==================================================>] 60.17MB/60.17MB
747dd0c43ef1: Loading layer [==================================================>] 2.56kB/2.56kB
Loaded image: goharbor/harbor-core:v2.8.3
1122996461e4: Loading layer [==================================================>] 6.176MB/6.176MB
c11d210da0c1: Loading layer [==================================================>] 4.096kB/4.096kB
7abff3111e9b: Loading layer [==================================================>] 17.57MB/17.57MB
569fe4e2f2c9: Loading layer [==================================================>] 3.072kB/3.072kB
bca259d7c630: Loading layer [==================================================>] 31.01MB/31.01MB
2dda2be83cfd: Loading layer [==================================================>] 49.37MB/49.37MB
Loaded image: goharbor/harbor-registryctl:v2.8.3
825a82984415: Loading layer [==================================================>] 82.12MB/82.12MB
Loaded image: goharbor/nginx-photon:v2.8.3
39074d649f8c: Loading layer [==================================================>] 6.707MB/6.707MB
688b64470d74: Loading layer [==================================================>] 4.096kB/4.096kB
320f85b1e3eb: Loading layer [==================================================>] 3.072kB/3.072kB
dde1dfb74607: Loading layer [==================================================>] 194.8MB/194.8MB
229337a9e8cc: Loading layer [==================================================>] 14.1MB/14.1MB
8c74af69019d: Loading layer [==================================================>] 209.7MB/209.7MB
Loaded image: goharbor/trivy-adapter-photon:v2.8.3
74b07281d2e5: Loading layer [==================================================>] 82.12MB/82.12MB
751e146c3c0f: Loading layer [==================================================>] 6.1MB/6.1MB
2cbfa90aca6d: Loading layer [==================================================>] 1.233MB/1.233MB
Loaded image: goharbor/harbor-portal:v2.8.3
3a8f210ea3e0: Loading layer [==================================================>] 116.2MB/116.2MB
06434a1eae73: Loading layer [==================================================>] 25.18MB/25.18MB
0923361e26b9: Loading layer [==================================================>] 5.12kB/5.12kB
e4658596b9ef: Loading layer [==================================================>] 6.144kB/6.144kB
350bc2e11862: Loading layer [==================================================>] 3.072kB/3.072kB
54847be3f348: Loading layer [==================================================>] 2.048kB/2.048kB
67296b765de0: Loading layer [==================================================>] 2.56kB/2.56kB
136c1f931ee8: Loading layer [==================================================>] 2.56kB/2.56kB
c44a36e8102e: Loading layer [==================================================>] 2.56kB/2.56kB
60bcea6b0ccb: Loading layer [==================================================>] 9.728kB/9.728kB
Loaded image: goharbor/harbor-db:v2.8.3
85c2b8de0e50: Loading layer [==================================================>] 9.188MB/9.188MB
1fd29ea96459: Loading layer [==================================================>] 26.04MB/26.04MB
9154b665386d: Loading layer [==================================================>] 4.608kB/4.608kB
9e173c1e037d: Loading layer [==================================================>] 26.83MB/26.83MB
Loaded image: goharbor/harbor-exporter:v2.8.3[Step 3]: preparing environment ...[Step 4]: preparing harbor configs ...
prepare base dir is set to /opt/install/harbor
WARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. Please make sure to upgrade to https
Clearing the configuration file: /config/portal/nginx.conf
Clearing the configuration file: /config/log/logrotate.conf
Clearing the configuration file: /config/log/rsyslog_docker.conf
Clearing the configuration file: /config/nginx/nginx.conf
Clearing the configuration file: /config/core/env
Clearing the configuration file: /config/core/app.conf
Clearing the configuration file: /config/registry/passwd
Clearing the configuration file: /config/registry/config.yml
Clearing the configuration file: /config/registryctl/env
Clearing the configuration file: /config/registryctl/config.yml
Clearing the configuration file: /config/db/env
Clearing the configuration file: /config/jobservice/env
Clearing the configuration file: /config/jobservice/config.yml
Generated configuration file: /config/portal/nginx.conf
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/registryctl/config.yml
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
loaded secret from file: /data/secret/keys/secretkey
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dirNote: stopping existing Harbor instance ...[Step 5]: starting Harbor ...
[+] Running 10/10✔ Network harbor_harbor Created 0.0s ✔ Container harbor-log Started 0.4s ✔ Container harbor-portal Started 1.1s ✔ Container registryctl Started 1.1s ✔ Container redis Started 0.9s ✔ Container registry Started 0.9s ✔ Container harbor-db Started 1.0s ✔ Container harbor-core Started 1.3s ✔ Container harbor-jobservice Started 1.6s ✔ Container nginx Started 1.6s
✔ ----Harbor has been installed and started successfully.----
查看docker compose状态:
[root@localhost harbor]# docker compose ls
NAME STATUS CONFIG FILES
harbor running(9) /opt/install/harbor/docker-compose.yml
常用启动停止命令
--启动
docker compose -f /opt/install/harbor/harbor.yml up -d
--停止
docker compose -f /opt/install/harbor/harbor.yml stop
--重启
docker compose -f /opt/install/harbor/harbor.yml restart
创建Harbor用户和项目
http://192.168.56.100:85/
创建项目:tensquare
创建用户:XXXX 密码:XXXX
项目分配用户:
选择对应的角色:
角色 | 权限说明 |
---|---|
访客 | 对于指定项目拥有只读权限 |
开发人员 | 对于指定项目拥有读写权限 |
维护人员 | 对于指定项目拥有读写权限,创建 Webhooks |
项目管理员 | 除了读写权限,同时拥有用户管理/镜像扫描等管理权限 |
把镜像上传到Harbor
下面演示将192.168.56.100机器上的镜像webapp001上传到位于192.168.56.100机器上的Harbor。
在production-server机器上完成下面步骤:
(1) 把Harbor地址加入到Docker信任列表
# vim /etc/docker/daemon.json
{"registry-mirrors":["https://zydiol88.mirror.aliyuncs.com"],"insecure-registries":["192.168.56.100:85"]
}(2) 重启docker
systemctl restart docker(3) 登录Harbor
[root@localhost harbor]# docker login -u 用户名 -p 密码 192.168.56.100:85
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-storeLogin Succeeded(4) 给需要上传到Harbor的镜像打标签
docker tag webapp001:V1 192.168.56.100:85/tensquare/webapp001:v1.0(5) 推送镜像到Harbor
[root@localhost ~]# docker push 192.168.56.100:85/tensquare/webapp001:v1.0
The push refers to repository [192.168.56.100:85/tensquare/webapp001]
f732db36266b: Pushed
ceaf9e1ebef5: Pushed
9b9b7f3d56a0: Pushed
f1b5933fe4b5: Pushed
v1.0: digest: sha256:e29e461e556f9cae489d8af98380799497f7fe31089d9a9df051fcc3a6f3e9ae size: 1159
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.56.100:85/tensquare/webapp001 v1.0 d0b3485e2db7 3 months ago 122MB
webapp001 V1 d0b3485e2db7 3 months ago 122MB
webapp001 latest d0b3485e2db7 3 months ago 122MB
xlrl/mantisbt latest 95dc52690259 3 months ago 571MB
jenkinsci/blueocean latest 04540a0bb985 10 months ago 579MB
fjudith/draw.io latest 7905aa0f7047 2 years ago 684MB
从Harbor下载镜像
在需要从Harbor上拉取镜像的机器需要完成如下步骤
(1) 安装Docker,并启动Docker(2) 把Harbor地址加入到Docker信任列表
# vim /etc/docker/daemon.json
{"registry-mirrors":["https://zydiol88.mirror.aliyuncs.com"],"insecure-registries":["192.168.56.100:85"]
}(3) 重启docker
systemctl restart docker(4) 登录Harbor
[root@localhost docker]# docker login -u huan2.xu -p Hww911226 192.168.56.100:85
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-storeLogin Succeeded(5) 拉取镜像
[root@localhost docker]# docker pull 192.168.56.100:85/tensquare/webapp001@sha256:e29e461e556f9cae489d8af98380799497f7fe31089d9a9df051fcc3a6f3e9ae
192.168.56.100:85/tensquare/webapp001@sha256:e29e461e556f9cae489d8af98380799497f7fe31089d9a9df051fcc3a6f3e9ae: Pulling from tensquare/webapp001
e7c96db7181b: Pull complete
f910a506b6cb: Pull complete
c2274a1a0e27: Pull complete
521c03dac675: Pull complete
Digest: sha256:e29e461e556f9cae489d8af98380799497f7fe31089d9a9df051fcc3a6f3e9ae
Status: Downloaded newer image for 192.168.56.100:85/tensquare/webapp001@sha256:e29e461e556f9cae489d8af98380799497f7fe31089d9a9df051fcc3a6f3e9ae
192.168.56.100:85/tensquare/webapp001@sha256:e29e461e556f9cae489d8af98380799497f7fe31089d9a9df051fcc3a6f3e9ae
[root@localhost docker]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.56.100:85/tensquare/webapp001 <none> d0b3485e2db7 3 months ago 122MB