Harbor介绍、整体架构和安装
文章目录
- Harbor介绍、整体架构和安装
- 1.Harbor介绍
- 2.Harbor 整体架构
- 3.安装Harbor
- 3.1 主机初始化
- 3.1.1 设置ip地址
- 3.1.2 配置镜像源
- 3.1.3 关闭防火墙
- 3.1.4 禁用SELinux
- 3.1.5 禁用swap
- 3.1.6 设置时区
- 3.2 安装docker
- 3.3 安装docker compose
- 3.4 下载Harbor安装包并解压缩
- 3.5 编辑配置文件 harbor.cfg
- 3.6 运行 harbor 安装脚本
- 3.7 实现开机自动启动 harbor
- 3.8 登录 harbor 主机网站
- 3.9 使用 harbor
- 3.9.1 建立项目
- 3.9.2 在客户端主机上命令行登录 harbor
- 3.9.3 给本地镜像打标签并上传到harbor
- 3.9.4 下载harbor的镜像
- 3.10 一键安装harbor脚本
- 3.10.1 基于docker二进制包一键安装Harbor脚本
- 3.10.2 基于docker镜像仓库一键安装harbor脚本
- 4.harbor 安全 https 配置
- 4.1 主机初始化
- 4.2 安装docker
- 4.3 安装docker compose
- 4.4 下载Harbor安装包并解压缩
- 4.5 生成私钥和证书
- 4.6 编辑配置文件 harbor.cfg
- 4.7 运行 harbor 安装脚本
- 4.8 实现开机自动启动 harbor
- 4.9 用https方式访问harbor网站
- 4.10 使用 harbor
- 4.10.1 建立项目
- 4.10.2 在客户端下载CA的证书
- 4.10.3 从客户端上传镜像
- 4.10.4 给本地镜像打标签并上传到harbor
- 4.10.5 下载harbor的镜像
- 4.11一键安装harbor脚本https方式
- 4.11.1 基于docker二进制包一键安装Harbor脚本https方式
- 4.11.2 基于docker镜像仓库一键安装Harbor脚本https方式
1.Harbor介绍
Harbor 是由 VMware 开源的一款云原生制品仓库,Harbor 的核心功能是存储和管理 Artifact。Harbor 允许用户用命令行工具对容器镜像及其他 Artifact 进行推送和拉取,并提供了图形管理界面帮助用户查看和管理这些 Artifact。在 Harbor 2.0 版本中,除容器镜像外,Harbor 对符合 OCI 规范的 Helm Chart、CNAB、OPA Bundle 等都提供了更多的支持。
2.Harbor 整体架构
图1-1 Harbor架构图
如上图所示是 Harbor 2.0 的架构图,从上到下可分为代理层、功能层和数据层。
- 代理层:代理层实质上是一个 Nginx 反向代理,负责接收不同类型的客户端请求,包括浏览器、用户脚本、Docker 等,并根据请求类型和 URI 转发给不同的后端服务进行处理。
- 功能层:
- Portal:是一个基于 Argular 的前端应用,提供 Harbor 用户访问的界面。
- Core:是 Harbor 中的核心组件,封装了 Harbor 绝大部分的业务逻辑。
- JobService:异步任务组件,负责 Harbor 中很多比较耗时的功能,比如 Artifact 复制、扫描、垃圾回收等。
- Docker Distribution:Harbor 通过 Distribution 实现 Artifact 的读写和存取等功能。
- RegistryCtl:Docker Distribution 的控制组件。
- Notary(可选):基于 TUF 提供镜像签名管理的功能。
- 扫描工具(可选):镜像的漏洞检测工具。
- ChartMuseum(可选):提供 API 管理非 OCI 规范的 Helm Chart,随着兼容 OCI 规范的 Helm Chart 在社区上被更广泛地接受,Helm Chart 能以 Artifact 的形式在 Harbor 中存储和管理,不再依赖 ChartMuseum,因此 Harbor 可能会在后续版本中移除对 ChartMuseum 的支持。
- 数据层:
- Redis:主要作为缓存服务存储一些生命周期较短的数据,同时对于 JobService 还提供了类似队列的功能。
- PostgreSQL:存储 Harbor 的应用数据,比如项目信息、用户与项目的关系、管理策略、配置信息、Artifact 的元数据等等。
- Artifact 存储:存储 Artifact 本身的内容,也就是每次推送镜像、Helm Chart 或其他 Artifact 时,数据最终存储的地方。默认情况下,Harbor 会把 Artifact 写入本地文件系统中。用户也可以修改配置,将 Artifact 存储在外部存储中,例如亚马逊的对象存储 S3、谷歌云存储 GCS、阿里云的对象存储 OSS 等等。
3.安装Harbor
Harbor提供了多种安装方式,其中包括在线安装、离线安装、源码安装及基于Helm Chart的安装。
- 在线安装:通过在线安装包安装Harbor,在安装过程中需要从Docker Hub获取预置的Harbor官方组件镜像。
- 离线安装:通过离线安装包安装 Harbor,从离线安装包中装载所需要的Harbor组件镜像。
- 源码安装:通过编译源码到本地安装Harbor。
- 基于Helm Chart的安装:通过Helm安装Harbor Helm Chart到Kubernetes集群。本章基于Ubuntu 18.04的基础环境来说明Harbor的每种安装方式。
- Operater安装:
Harbor Operator提供了可深度定制的能力,用户通过配置顶级CRD HarborCluster,根据实际需要定义和配置自己的 Harbor 组件。
前提要求:
表1-1 硬件要求
| 硬件 | 最小配置 | 推荐的配置 |
|---|---|---|
| CPU | 2 CPU | 4 CPU |
| 内存 | 4 GB | 8 GB |
| 硬盘 | 40 GB | 160 GB |
表1-2 软件要求
| 软件 | 版本 | 描述 |
|---|---|---|
| Docker Engine | 版本 20.10.10-ce+ 或更高版本 | 有关安装说明,请参阅 Docker 引擎文档:https://docs.docker.com/engine/installation/ |
| Docker Compose | docker-compose (v1.18.0+) 或 docker compose v2 (docker-compose-plugin) | 有关安装说明,请参阅 Docker Compose 文档:https://docs.docker.com/compose/install/ |
| OpenSSL | 最新的优先 | 用于为Harbor生成证书和密钥 |
表1-3 网络端口
| 端口 | 协议 | 描述 |
|---|---|---|
| 443 | https | Harbor 门户和核心 API 接受此端口上的 HTTPS 请求。您可以在配置文件中更改此端口。 |
| 4443 | https | 连接到 Harbor 的 Docker Content Trust 服务。您可以在配置文件中更改此端口。 |
| 80 | http | Harbor 门户和核心 API 接受此端口上的 HTTP 请求。您可以在配置文件中更改此端口。 |
3.1 主机初始化
3.1.1 设置ip地址
Rocky 9和CentOS Stream 9:
# Rocky 9和CentOS Stream 9默认支持修改网卡名。
[root@rocky9 ~]# grep 'plugins' /etc/NetworkManager/NetworkManager.conf
#plugins=keyfile,ifcfg-rh
# 因为网卡命名方式默认是keyfile,默认不支持修改网卡名,既然官方已经默认是keyfile那这里就不去更改网卡名了。[root@rocky9 ~]# ETHNAME=`ip addr | awk -F"[ :]" '/^2/{print $3}'`[root@rocky9 ~]# nmcli con delete ${ETHNAME} && nmcli connection add type ethernet con-name ${ETHNAME} ifname ${ETHNAME} ipv4.method manual ipv4.address "172.31.0.9/21" ipv4.gateway "172.31.0.2" ipv4.dns "223.5.5.5,180.76.76.76" autoconnect yes && nmcli con reload && nmcli con up ${ETHNAME}
# 172.31.0.9/21中172.31.0.9是ip地址,21是子网位数;172.31.0.2是网关地址;223.5.5.5, 180.76.76.76都是DNS,根据自己的需求修改。[root@rocky9 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope host valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000link/ether 00:0c:29:37:62:95 brd ff:ff:ff:ff:ff:ffaltname enp3s0inet 172.31.0.9/21 brd 172.31.7.255 scope global noprefixroute ens160valid_lft forever preferred_lft foreverinet6 fe80::51ca:fd5d:3552:677d/64 scope link noprefixroute valid_lft forever preferred_lft forever
# 可以看到ip地址已修改。
Rocky 8、CentOS Stream 8和CentOS 7:
# Rocky 8、CentOS Stream 8和CentOS 7支持修改网卡名。
[root@rocky8 ~]# grep 'plugins' /etc/NetworkManager/NetworkManager.conf
#plugins=ifcfg-rh
# 因为网卡命名方式默认是ifcfg-rh,支持修改网卡名。# 修改网卡名称配置文件
[root@rocky8 ~]# sed -ri.bak '/^GRUB_CMDLINE_LINUX=/s@"$@ net.ifnames=0 biosdevname=0"@' /etc/default/grub
[root@rocky8 ~]# grub2-mkconfig -o /boot/grub2/grub.cfg
Generating grub configuration file ...
done# 修改网卡文件名
[root@rocky8 ~]# ETHNAME=`ip addr | awk -F"[ :]" '/^2/{print $3}'`
[root@rocky8 ~]# mv /etc/sysconfig/network-scripts/ifcfg-${ETHNAME} /etc/sysconfig/network-scripts/ifcfg-eth0[root@rocky8 ~]# shutdown -r now[root@rocky8 ~]# nmcli dev
DEVICE TYPE STATE CONNECTION
eth0 ethernet connected Wired connection 1
lo loopback unmanaged --
# 可以看到CONNECTION的名字是Wired connection 1,要改名才可以下面设置。[root@rocky8 ~]# ETHNAME=`ip addr | awk -F"[ :]" '/^2/{print $3}'`[root@rocky8 ~]# nmcli connection modify "Wired connection 1" con-name ${ETHNAME}
[root@rocky8 ~]# nmcli dev
DEVICE TYPE STATE CONNECTION
eth0 ethernet connected eth0
lo loopback unmanaged -- # 修改ip地址
[root@rocky8 ~]# nmcli con delete ${ETHNAME} && nmcli connection add type ethernet con-name ${ETHNAME} ifname ${ETHNAME} ipv4.method manual ipv4.address "172.31.0.8/21" ipv4.gateway "172.31.0.2" ipv4.dns "223.5.5.5,180.76.76.76" autoconnect yes && nmcli con reload && nmcli dev up eth0
# 172.31.0.8/21中172.31.0.8是ip地址,21是子网位数;172.31.0.2是网关地址;223.5.5.5, 180.76.76.76都是DNS,根据自己的需求修改。[root@rocky8 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope host valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000link/ether 00:0c:29:6f:65:d3 brd ff:ff:ff:ff:ff:ffaltname enp3s0altname ens160inet 172.31.0.8/21 brd 172.31.7.255 scope global noprefixroute eth0valid_lft forever preferred_lft foreverinet6 fe80::e9c9:aa93:4a58:2cc2/64 scope link noprefixroute valid_lft forever preferred_lft forever
# 重启系统后可以看到网卡名已经修改成eth0,ip地址也已修改。
Ubuntu:
# Ubuntu先启用root用户,并设置密码
raymond@ubuntu2204:~$ cat set_root_login.sh
#!/bin/bashread -p "请输入密码: " PASSWORD
echo ${PASSWORD} |sudo -S sed -ri 's@#(PermitRootLogin )prohibit-password@\1yes@' /etc/ssh/sshd_config
sudo systemctl restart sshd
sudo -S passwd root <<-EOF
${PASSWORD}
${PASSWORD}
EOFraymond@ubuntu2204:~$ bash set_root_login.sh
请输入密码: 123456
[sudo] password for raymond: New password: Retype new password: passwd: password updated successfullyraymond@ubuntu2204:~$ rm -rf set_root_login.sh# 使用root登陆,修改网卡名
root@ubuntu2204:~# sed -ri.bak '/^GRUB_CMDLINE_LINUX=/s@"$@net.ifnames=0 biosdevname=0"@' /etc/default/grub
root@ubuntu2204:~# grub-mkconfig -o /boot/grub/grub.cfg
Sourcing file `/etc/default/grub'
Sourcing file `/etc/default/grub.d/init-select.cfg'
Generating grub configuration file ...
Found linux image: /boot/vmlinuz-5.15.0-88-generic
Found initrd image: /boot/initrd.img-5.15.0-88-generic
Warning: os-prober will not be executed to detect other bootable partitions.
Systems on them will not be added to the GRUB boot configuration.
Check GRUB_DISABLE_OS_PROBER documentation entry.
done# Ubuntu 20.04设置ip地址
root@ubuntu2004:~# cat > /etc/netplan/00-installer-config.yaml <<-EOF
network:version: 2renderer: networkdethernets:eth0:dhcp4: nodhcp6: noaddresses: [172.31.0.20/21] gateway4: 172.31.0.2nameservers:addresses: [223.5.5.5, 180.76.76.76]
EOF
# 说明:Ubuntu20.04网卡配置文件是00-installer-config.yaml;172.31.0.20/21中172.31.0.20是ip地址,21是子网位数;172.31.0.2是网关地址;223.5.5.5, 180.76.76.76都是DNS,根据自己的需求修改。# Ubuntu 18.04设置ip地址
root@ubuntu1804:~# cat > /etc/netplan/01-netcfg.yaml <<-EOF
network:version: 2renderer: networkdethernets:eth0:dhcp4: nodhcp6: noaddresses: [172.31.0.18/21] gateway4: 172.31.0.2nameservers:addresses: [223.5.5.5, 180.76.76.76]
EOF
# 说明:Ubuntu18.04网卡配置文件是01-netcfg.yaml;172.31.0.18/21中172.31.0.18是ip地址,21是子网位数;172.31.0.2是网关地址;223.5.5.5, 180.76.76.76都是DNS,根据自己的需求修改。root@ubuntu2004:~# shutdown -r nowroot@ubuntu2004:~# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope host valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000link/ether 00:0c:29:e5:98:6f brd ff:ff:ff:ff:ff:ffinet 172.31.0.20/21 brd 172.31.7.255 scope global eth0valid_lft forever preferred_lft foreverinet6 fe80::20c:29ff:fee5:986f/64 scope link valid_lft forever preferred_lft forever
# 重启系统后可以看到网卡名已经修改成eth0,ip地址也已修改。# Ubuntu 22.04设置ip地址
root@ubuntu2204:~# cat > /etc/netplan/00-installer-config.yaml <<-EOF
network:version: 2renderer: networkdethernets:eth0:dhcp4: nodhcp6: noaddresses: [172.31.0.22/21]routes:- to: defaultvia: 172.31.0.2nameservers:addresses: [223.5.5.5, 180.76.76.76]
EOF
# 说明:Ubuntu 22.04网卡配置文件是00-installer-config.yaml;172.31.0.22/21中172.31.0.22是ip地址,21是子网位数;172.31.0.2是网关地址,Ubuntu 22.04设置网关地址的方法发生了改变,参考上面的方法;223.5.5.5, 180.76.76.76都是DNS,根据自己的需求修改。root@ubuntu2204:~# shutdown -r now# 重启后使用新设置的ip登陆
root@ubuntu2204:~# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope host valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000link/ether 00:0c:29:a7:be:f2 brd ff:ff:ff:ff:ff:ffaltname enp2s1altname ens33inet 172.31.0.22/21 brd 172.31.7.255 scope global eth0valid_lft forever preferred_lft foreverinet6 fe80::20c:29ff:fea7:bef2/64 scope link valid_lft forever preferred_lft forever
# 重启系统后可以看到网卡名已经修改成eth0,ip地址也已修改。
3.1.2 配置镜像源
Rocky 8和9:
MIRROR=mirrors.sjtug.sjtu.edu.cn
sed -i.bak -e 's|^mirrorlist=|#mirrorlist=|g' -e 's|^#baseurl=http://dl.rockylinux.org/$contentdir|baseurl=https://'${MIRROR}'/rocky|g' /etc/yum.repos.d/[Rr]ocky*.repodnf clean all && dnf makecache
CentOS Stream 9:
cat update_mirror.pl
#!/usr/bin/perluse strict;
use warnings;
use autodie;# 要修改镜像源,请去修改url变量!
my $url = 'mirrors.aliyun.com';
my $mirrors = "https://$url/centos-stream";if (@ARGV < 1) {die "Usage: $0 <filename1> <filename2> ...\n";
}while (my $filename = shift @ARGV) {my $backup_filename = $filename . '.bak';rename $filename, $backup_filename;open my $input, "<", $backup_filename;open my $output, ">", $filename;while (<$input>) {s/^metalink/# metalink/;if (m/^name/) {my (undef, $repo, $arch) = split /-/;$repo =~ s/^\s+|\s+$//g;($arch = defined $arch ? lc($arch) : '') =~ s/^\s+|\s+$//g;if ($repo =~ /^Extras/) {$_ .= "baseurl=${mirrors}/SIGs/\$releasever-stream/extras" . ($arch eq 'source' ? "/${arch}/" : "/\$basearch/") . "extras-common\n";} else {$_ .= "baseurl=${mirrors}/\$releasever-stream/$repo" . ($arch eq 'source' ? "/" : "/\$basearch/") . ($arch ne '' ? "${arch}/tree/" : "os") . "\n";}}print $output $_;}
}rpm -q perl &> /dev/null || { echo -e "\\033[01;31m "安装perl工具,请稍等..."\033[0m";yum -y install perl ; }perl ./update_mirror.pl /etc/yum.repos.d/centos*.repodnf clean all && dnf makecache
CentOS Stream 8:
MIRROR=mirrors.aliyun.com
sed -i.bak -e 's|^mirrorlist=|#mirrorlist=|g' -e 's|^#baseurl=http://mirror.centos.org/$contentdir|baseurl=https://'${MIRROR}'/centos|g' /etc/yum.repos.d/CentOS-*.repodnf clean all && dnf makecache
CentOS 7:
MIRROR=mirrors.aliyun.com
sed -i.bak -e 's|^mirrorlist=|#mirrorlist=|g' -e 's|^#baseurl=http://mirror.centos.org|baseurl=https://'${MIRROR}'|g' /etc/yum.repos.d/CentOS-*.repoyum clean all && yum makecache
Ubuntu 22.04和20.04:
MIRROR=mirrors.aliyun.com
OLD_MIRROR=`sed -rn "s@^deb http(.*)://(.*)/ubuntu/? $(lsb_release -cs) main.*@\2@p" /etc/apt/sources.list`sed -i.bak 's/'${OLD_MIRROR}'/'${MIRROR}'/g' /etc/apt/sources.listapt update
Ubuntu 18.04:
MIRROR=mirrors.aliyun.com
OLD_MIRROR=`sed -rn "s@^deb http(.*)://(.*)/ubuntu/? $(lsb_release -cs) main.*@\2@p" /etc/apt/sources.list`sed -i.bak 's/'${OLD_MIRROR}'/'${MIRROR}'/g' /etc/apt/sources.listSECURITY_MIRROR=`sed -rn "s@^deb http(.*)://(.*)/ubuntu $(lsb_release -cs)-security main.*@\2@p" /etc/apt/sources.list`sed -i.bak 's/'${SECURITY_MIRROR}'/'${MIRROR}'/g' /etc/apt/sources.listapt update
3.1.3 关闭防火墙
# Rocky和CentOS
systemctl disable --now firewalld# CentOS 7
systemctl disable --now NetworkManager# Ubuntu
systemctl disable --now ufw
3.1.4 禁用SELinux
#CentOS
setenforce 0
sed -i 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/selinux/config#Ubuntu
Ubuntu没有安装SELinux,不用设置
3.1.5 禁用swap
sed -ri 's/.*swap.*/#&/' /etc/fstab
swapoff -a# Ubuntu 20.04和22.04,执行下面命令
sed -ri 's/.*swap.*/#&/' /etc/fstab
SD_NAME=`lsblk|awk -F"[ └─]" '/SWAP/{printf $3}'`
systemctl mask dev-${SD_NAME}.swap
swapoff -a
3.1.6 设置时区
ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
echo 'Asia/Shanghai' >/etc/timezone#Ubuntu还要设置下面内容
cat >> /etc/default/locale <<-EOF
LC_TIME=en_DK.UTF-8
EOF
3.2 安装docker
这里使用"基于二进制包一键安装docker脚本"安装docker,docker的具体安装方法请参考博客“https://raymond.blog.csdn.net/article/details/135487838”。
[root@rocky9 ~]# cat install_docker_binary_v2.sh
#!/bin/bash
#
#*************************************************************************************************************
#Author: Raymond
#QQ: 88563128
#Date: 2024-01-17
#FileName: install_docker-binary_v2.sh
#URL: raymond.blog.csdn.net
#Description: install_docker-binary for CentOS 7 & CentOS Stream 8/9 & Ubuntu 18.04/20.04/22.04 & Rocky 8/9
#Copyright (C): 2024 All rights reserved
#*************************************************************************************************************
SRC_DIR=/usr/local/src
COLOR="echo -e \\033[01;31m"
END='\033[0m'
URL='https://mirrors.aliyun.com/docker-ce/linux/static/stable/x86_64/'
DOCKER_FILE=docker-24.0.7.tgzos(){OS_ID=`sed -rn '/^NAME=/s@.*="([[:alpha:]]+).*"$@\1@p' /etc/os-release`OS_RELEASE_VERSION=`sed -rn '/^VERSION_ID=/s@.*="?([0-9]+)\.?.*"?@\1@p' /etc/os-release`
}check_file (){cd ${SRC_DIR}if [ ${OS_ID} == "CentOS" -o ${OS_ID} == "Rocky" ] &> /dev/null;thenrpm -q wget &> /dev/null || { ${COLOR}"安装wget工具,请稍等..."${END};yum -y install wget &> /dev/null; }fiif [ ! -e ${DOCKER_FILE} ];then${COLOR}"缺少${DOCKER_FILE}文件,如果是离线包,请把文件放到${SRC_DIR}目录下"${END}${COLOR}'开始下载Docker二进制安装包'${END}wget ${URL}${DOCKER_FILE} || { ${COLOR}"Docker二进制安装包下载失败"${END}; exit; } else${COLOR}"相关文件已准备好"${END}fi
}install(){ [ -f /usr/bin/docker ] && { ${COLOR}"Docker已存在,安装失败"${END};exit; }${COLOR}"开始安装Docker,请稍等..."${END}tar xf ${DOCKER_FILE} mv docker/* /usr/bin/cat > /lib/systemd/system/docker.service <<-EOF
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target firewalld.service
Wants=network-online.target[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStart=/usr/bin/dockerd -H unix://var/run/docker.sock
ExecReload=/bin/kill -s HUP \$MAINPID
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
# Uncomment TasksMax if your systemd version supports it.
# Only systemd 226 and above support this version.
#TasksMax=infinity
TimeoutStartSec=0
# set delegate yes so that systemd does not reset the cgroups of docker containers
Delegate=yes
# kill only the docker process, not all processes in the cgroup
KillMode=process
# restart the docker process if it exits prematurely
Restart=on-failure
StartLimitBurst=3
StartLimitInterval=60s[Install]
WantedBy=multi-user.target
EOFmkdir -p /etc/dockercat > /etc/docker/daemon.json <<-EOF
{"registry-mirrors": ["https://registry.docker-cn.com","https://hub-mirror.c.163.com","https://docker.mirrors.ustc.edu.cn"],"data-root": "/data/docker","exec-opts": ["native.cgroupdriver=systemd"],"max-concurrent-downloads": 10,"max-concurrent-uploads": 5,"log-opts": {"max-size": "300m","max-file": "2" },"live-restore": true
}
EOFecho 'alias rmi="docker images -qa|xargs docker rmi -f"' >> ~/.bashrcecho 'alias rmc="docker ps -qa|xargs docker rm -f"' >> ~/.bashrcsystemctl daemon-reloadsystemctl enable --now docker &> /dev/nullsystemctl is-active docker &> /dev/null && ${COLOR}"Docker 服务启动成功"${END} || { ${COLOR}"Docker 启动失败"${END};exit; }docker version && ${COLOR}"Docker 安装成功"${END} || ${COLOR}"Docker 安装失败"${END}
}set_swap_limit(){if [ ${OS_RELEASE_VERSION} == "18" -o ${OS_RELEASE_VERSION} == "20" ];thengrep -q "swapaccount=1" /etc/default/grub && { ${COLOR}'"WARNING: No swap limit support"警告,已设置'${END};exit; }${COLOR}'设置Docker的"WARNING: No swap limit support"警告'${END}sed -ri '/^GRUB_CMDLINE_LINUX=/s@"$@ swapaccount=1"@' /etc/default/grubupdate-grub &> /dev/null${COLOR}"10秒后,机器会自动重启!"${END}sleep 10rebootfi
}main(){oscheck_fileinstallset_swap_limit
}main[root@rocky9 ~]# bash install_docker_binary_v2.sh[root@rocky9 ~]# docker version
Client:Version: 24.0.7API version: 1.43Go version: go1.20.10Git commit: afdd53bBuilt: Thu Oct 26 09:04:00 2023OS/Arch: linux/amd64Context: defaultServer: Docker Engine - CommunityEngine:Version: 24.0.7API version: 1.43 (minimum version 1.12)Go version: go1.20.10Git commit: 311b9ffBuilt: Thu Oct 26 09:05:28 2023OS/Arch: linux/amd64Experimental: falsecontainerd:Version: v1.7.6GitCommit: 091922f03c2762540fd057fba91260237ff86acbrunc:Version: 1.1.9GitCommit: v1.1.9-0-gccaecfcdocker-init:Version: 0.19.0GitCommit: de40ad0
3.3 安装docker compose
直接从github下载安装对应版本:https://github.com/docker/compose/releases。
图1-2 docker-compose下载
[root@rocky9 ~]# wget https://github.com/docker/compose/releases/download/v2.23.3/docker-compose-linux-x86_64[root@rocky9 ~]# mv docker-compose-linux-x86_64 /usr/bin/docker-compose
[root@rocky9 ~]# chmod +x /usr/bin/docker-compose[root@rocky9 ~]# docker-compose -v
Docker Compose version v2.23.3
3.4 下载Harbor安装包并解压缩
首先,获取Harbor的离线安装包,可从项目的官方发布网站GitHub获取,获取目录为github.com/goharbor/harbor/releases,如图3-1所示。注意:RC或者Pre-release版本并不适用于生产环境,仅适用于测试环境。
安装文档: https://goharbor.io/docs/2.10.0/install-config/
图1-2 Harbor安装包下载
方法1: 下载离线完整安装包,推荐使用。
图1-2“harbor-offline-installer-v2.10.0.tgz”是离线安装包。
[root@rocky9 ~]# wget https://github.com/goharbor/harbor/releases/download/v2.10.0/harbor-offline-installer-v2.10.0.tgz[root@rocky9 ~]# tar tvf /root/harbor-offline-installer-v2.10.0.tgz
-rw-r--r-- root/root 646285764 2023-12-14 14:39 harbor/harbor.v2.10.0.tar.gz
-rwxr-xr-x root/root 1882 2023-12-14 14:39 harbor/prepare
-rw-r--r-- root/root 11347 2023-12-14 14:39 harbor/LICENSE
-rwxr-xr-x root/root 1975 2023-12-14 14:39 harbor/install.sh
-rw-r--r-- root/root 3643 2023-12-14 14:39 harbor/common.sh
-rw-r--r-- root/root 13761 2023-12-14 14:39 harbor/harbor.yml.tmpl
可以看到在harbor离线安装包有如下文件。
- LICENSE:许可文件。
- common.sh:安装脚本的工具脚本。
- harbor.v2.10.0.tar.gz:各个功能组件的镜像文件压缩包。
- harbor.yml.tmpl:配置文件的模板,在配置好后需要将此文件的后缀名“tmpl”去掉或者复制生成新的文件harbor.yml。
- install.sh:安装脚本。
- prepare:准备脚本,将harbor.yml配置文件的内容注入各组件的配置文件中。
方法2: 下载在线安装包 ,比较慢,不是很推荐。
图1-2“harbor-online-installer-v2.10.0.tgz”是在线安装包。
[root@rocky9 ~]# wget https://github.com/goharbor/harbor/releases/download/v2.10.0/harbor-online-installer-v2.10.0.tgz[root@rocky9 ~]# tar tvf /root/harbor-online-installer-v2.10.0.tgz
-rwxr-xr-x root/root 1882 2023-12-14 14:41 harbor/prepare
-rw-r--r-- root/root 11347 2023-12-14 14:41 harbor/LICENSE
-rwxr-xr-x root/root 1975 2023-12-14 14:41 harbor/install.sh
-rw-r--r-- root/root 3643 2023-12-14 14:41 harbor/common.sh
-rw-r--r-- root/root 13761 2023-12-14 14:41 harbor/harbor.yml.tmpl
可以看到在harbo在线安装包有如下文件。
- LICENSE:许可文件。
- common.sh:安装脚本的工具脚本。
- harbor.yml.tmpl:配置文件的模板文件。
- install.sh:安装脚本。
- prepare:准备脚本,将配置文件的内容注入各组件的配置文件中。
从离线包和在线包可以看出,离线包比在线包多了一个“harbor/harbor.v2.10.0.tar.gz”文件,这个文件里是镜像文件,离线包安装的时候会导入镜像,而在线包会从镜像仓库去下载镜像,别的都没有什么区别,下面所有演示都使用离线包进行安装。
解压缩离线包
[root@rocky9 ~]# mkdir /apps[root@rocky9 ~]# tar xvf harbor-offline-installer-v2.10.0.tgz -C /apps/
harbor/harbor.v2.10.0.tar.gz
harbor/prepare
harbor/LICENSE
harbor/install.sh
harbor/common.sh
harbor/harbor.yml.tmpl
3.5 编辑配置文件 harbor.cfg
最新文档: https://goharbor.io/docs/2.10.0/install-config/configure-yml-file/
[root@rocky9 ~]# cd /apps/harbor/# Harbor从1.8.0版本起,配置文件的格式从harbor.cfg变更为harbor.yml,这样做既可以提供更好的可读性和可扩展性;还可以通过prepare容器实现对安装配置的集中管理,减少对用户基础环境的依赖。值得注意的是,如果基于harbor.cfg(1.8.0之前的版本)安装Harbor,则安装环境需要预先安装Python v2.7。# 获取Harbor在线、离线安装包后将其解压,从中可以看到harbor.yml.tmpl文件,该文件是Harbor的配置文件模版。用户可以把harbor.yml.tmpl文件复制并命名为harbor.yml,将harbor.yml文件作为安装Harbor的配置文件。注意:每次修改harbor.yml文件的配置后,都需要运行prepare脚本并重启Harbor才可生效。
[root@rocky9 harbor]# ls
common.sh harbor.v2.10.0.tar.gz harbor.yml.tmpl install.sh LICENSE prepare[root@rocky9 harbor]# mv harbor.yml.tmpl harbor.yml[root@rocky9 harbor]# vim harbor.yml
-bash: vim: command not found
# Rocky和CentOS默认没有安装vim。[root@rocky9 harbor]# dnf -y install vim[root@rocky9 harbor]# vim harbor.yml
...
# hostname指定要部署 Harbor 的目标主机的 IP 地址或完全限定域名 (FQDN)。这是您访问 Harbor Portal 和注册服务的地址。例如,192.168.1.10 或 reg.yourdomain.com。外部客户端必须可以访问注册表服务,因此请勿指定 localhost、127.0.0.1 或 0.0.0.0 作为主机名。
hostname: 172.31.0.9
...
# HTTP 和 HTTPS配置Harbor的网络访问协议,默认值为HTTPS。注意:如果选择安装Notary组件,则这里必须将Harbor的网络访问协议配置为HTTPS。配置HTTPS时需要提供SSL/TLS证书,并将证书和私钥文件的本机地址配置给certificate和private_key选项。
# 1.port:网络端口号,默认是443。
# 2.certificate:SSL/TLS证书文件的本机文件位置。
# 3.private_key:私钥文件的本机文件位置。
# 如果需要将网络协议更改为HTTP,则需要注释掉配置文件中的HTTPS配置部分:http:port: 80#注释下面几行
#https:# port: 443#certificate: /your/certificate/path#private_key: /your/private/key/path# harbor_admin_password配置Harbor的管理员密码的默认值为Harbor12345,建议在安装前更改此项。此项用于管理员登录Harbor,仅在第一次启动前有效,启动后更改将不起作用。如果后续需要更改管理员密码,则可以登录Harbor界面进行更改。
harbor_admin_password: 123456# 使用下面命令直接替换
HARBOR_INSTALL_DIR=/apps
NET_NAME=`ip addr |awk -F"[: ]" '/^2: e.*/{print $3}'`
IP=`ip addr show ${NET_NAME}| awk -F" +|/" '/global/{print $3}'`
HARBOR_ADMIN_PASSWORD=123456sed -ri.bak -e 's/^(hostname:) .*/\1 '${IP}'/' -e 's/^(https:)/#\1/' -e 's/ (port: 443)/# \1/' -e 's@ (certificate: .*)@# \1@' -e 's@ (private_key: .*)@# \1@' -e 's/^(harbor_admin_password:) .*/\1 '${HARBOR_ADMIN_PASSWORD}'/' ${HARBOR_INSTALL_DIR}/harbor/harbor.yml
3.6 运行 harbor 安装脚本
通过执行安装脚本install.sh启动安装。安装脚本的流程大致如下。
(1)环境检查,主要检查本机的Docker及docker-compose版本。
(2)载入离线镜像文件。
(3)准备配置文件并生成 docker-compose.yml文件。
(4)通过docker-compose启动Harbor的各组件容器。
# 先安装python
# rocky和CentOS
yum -y install python3# Ubuntu
apt -y install python3# --with-trivy:选择安装镜像扫描组件Trivy。
[root@rocky9 harbor]# ./install.sh --with-trivy[Step 0]: checking if docker is installed ...Note: docker version: 24.0.7[Step 1]: checking docker-compose is installed ...Note: docker-compose version: 2.23.3[Step 2]: loading Harbor images ...
ad00c0c1d948: Loading layer [==================================================>] 40.11MB/40.11MB
7570a78aea36: Loading layer [==================================================>] 9.08MB/9.08MB
04774e0e84f2: Loading layer [==================================================>] 4.096kB/4.096kB
8a42710a9f5a: Loading layer [==================================================>] 3.072kB/3.072kB
f1990e77f8e5: Loading layer [==================================================>] 197MB/197MB
172f5af926be: Loading layer [==================================================>] 17.6MB/17.6MB
2bef5dd17a10: Loading layer [==================================================>] 215.4MB/215.4MB
Loaded image: goharbor/trivy-adapter-photon:v2.10.0
8c10ac3a40a9: Loading layer [==================================================>] 89.84MB/89.84MB
cc741ba6af65: Loading layer [==================================================>] 65.11MB/65.11MB
7877ea7046dd: Loading layer [==================================================>] 13.2MB/13.2MB
3de91a0984fe: Loading layer [==================================================>] 65.54kB/65.54kB
4d2cda613456: Loading layer [==================================================>] 2.56kB/2.56kB
625b81c9e514: Loading layer [==================================================>] 1.536kB/1.536kB
6496ec4ce84e: Loading layer [==================================================>] 12.29kB/12.29kB
2b332fb0075b: Loading layer [==================================================>] 5.322MB/5.322MB
f8976ae46d77: Loading layer [==================================================>] 457.7kB/457.7kB
Loaded image: goharbor/prepare:v2.10.0
a36cb8a4e510: Loading layer [==================================================>] 126.1MB/126.1MB
fd72ef63aacc: Loading layer [==================================================>] 3.584kB/3.584kB
162d9960a2b9: Loading layer [==================================================>] 3.072kB/3.072kB
b71508b0d586: Loading layer [==================================================>] 2.56kB/2.56kB
18c685e189cb: Loading layer [==================================================>] 3.072kB/3.072kB
84690af2e82b: Loading layer [==================================================>] 3.584kB/3.584kB
8d7eb73e8207: Loading layer [==================================================>] 20.48kB/20.48kB
Loaded image: goharbor/harbor-log:v2.10.0
001da4979db8: Loading layer [==================================================>] 8.562MB/8.562MB
275281f671bf: Loading layer [==================================================>] 4.096kB/4.096kB
f6856e2d539f: Loading layer [==================================================>] 17.4MB/17.4MB
557317f3c1c5: Loading layer [==================================================>] 3.072kB/3.072kB
942b8c3060c6: Loading layer [==================================================>] 32.81MB/32.81MB
b2bc30e737e7: Loading layer [==================================================>] 51MB/51MB
Loaded image: goharbor/harbor-registryctl:v2.10.0
d5e5478da184: Loading layer [==================================================>] 116.8MB/116.8MB
Loaded image: goharbor/nginx-photon:v2.10.0
74a7f6a8de8c: Loading layer [==================================================>] 11.58MB/11.58MB
46523ccaf371: Loading layer [==================================================>] 27.6MB/27.6MB
3cea6b428022: Loading layer [==================================================>] 4.608kB/4.608kB
9815d4ae0f06: Loading layer [==================================================>] 28.39MB/28.39MB
Loaded image: goharbor/harbor-exporter:v2.10.0
7d7e15ae8ca1: Loading layer [==================================================>] 15.93MB/15.93MB
e13b0ff80947: Loading layer [==================================================>] 111.8MB/111.8MB
da74a4230588: Loading layer [==================================================>] 3.072kB/3.072kB
89240f6f343b: Loading layer [==================================================>] 59.9kB/59.9kB
7b00214da46a: Loading layer [==================================================>] 61.95kB/61.95kB
Loaded image: goharbor/redis-photon:v2.10.0
345fdbd05997: Loading layer [==================================================>] 8.562MB/8.562MB
5c4443929555: Loading layer [==================================================>] 4.096kB/4.096kB
605c9788ef17: Loading layer [==================================================>] 3.072kB/3.072kB
b2ab56de0e45: Loading layer [==================================================>] 17.4MB/17.4MB
950eb2734789: Loading layer [==================================================>] 18.19MB/18.19MB
Loaded image: goharbor/registry-photon:v2.10.0
7693164e30e0: Loading layer [==================================================>] 116.8MB/116.8MB
6b50b5d516aa: Loading layer [==================================================>] 6.531MB/6.531MB
5aea217650ad: Loading layer [==================================================>] 246.8kB/246.8kB
0b3de92ff70b: Loading layer [==================================================>] 1.477MB/1.477MB
Loaded image: goharbor/harbor-portal:v2.10.0
b79ac58f353c: Loading layer [==================================================>] 11.58MB/11.58MB
18c4c015e339: Loading layer [==================================================>] 3.584kB/3.584kB
c6eef6a39935: Loading layer [==================================================>] 2.56kB/2.56kB
03db56130352: Loading layer [==================================================>] 58.57MB/58.57MB
78c9748f2d29: Loading layer [==================================================>] 5.632kB/5.632kB
e1732f90232a: Loading layer [==================================================>] 123.4kB/123.4kB
6b733e4833c8: Loading layer [==================================================>] 80.38kB/80.38kB
fe6828cc147a: Loading layer [==================================================>] 59.56MB/59.56MB
8e1349c44768: Loading layer [==================================================>] 2.56kB/2.56kB
Loaded image: goharbor/harbor-core:v2.10.0
02b0385778eb: Loading layer [==================================================>] 15.93MB/15.93MB
ac2be26232ee: Loading layer [==================================================>] 175MB/175MB
1e3e9dba5eaa: Loading layer [==================================================>] 25.47MB/25.47MB
c7fa85d79c1c: Loading layer [==================================================>] 18.14MB/18.14MB
f9ef6596c7ce: Loading layer [==================================================>] 5.12kB/5.12kB
e35036cc139f: Loading layer [==================================================>] 6.144kB/6.144kB
0cb7ded8041a: Loading layer [==================================================>] 3.072kB/3.072kB
5d178abacde0: Loading layer [==================================================>] 2.048kB/2.048kB
67fe09fd709b: Loading layer [==================================================>] 2.56kB/2.56kB
d0b4aac335c4: Loading layer [==================================================>] 7.68kB/7.68kB
Loaded image: goharbor/harbor-db:v2.10.0
fced8697b2c7: Loading layer [==================================================>] 11.58MB/11.58MB
af968b902c26: Loading layer [==================================================>] 3.584kB/3.584kB
7caaebde63bc: Loading layer [==================================================>] 2.56kB/2.56kB
d6e3c7a6ef36: Loading layer [==================================================>] 44.96MB/44.96MB
bc8a8ef654ea: Loading layer [==================================================>] 45.75MB/45.75MB
Loaded image: goharbor/harbor-jobservice:v2.10.0[Step 3]: preparing environment ...[Step 4]: preparing harbor configs ...
prepare base dir is set to /apps/harbor
WARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. Please make sure to upgrade to https
Generated configuration file: /config/portal/nginx.conf
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/registryctl/config.yml
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
Generated and saved secret to file: /data/secret/keys/secretkey
Successfully called func: create_root_cert
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dirNote: stopping existing Harbor instance ...[Step 5]: starting Harbor ...
[+] Running 10/10✔ Network harbor_harbor Created 0.1s ✔ Container harbor-log Started 0.0s ✔ Container registry Started 0.0s ✔ Container registryctl Started 0.0s ✔ Container harbor-db Started 0.0s ✔ Container redis Started 0.1s ✔ Container harbor-portal Started 0.1s ✔ Container harbor-core Started 0.0s ✔ Container harbor-jobservice Started 0.0s ✔ Container nginx Started 0.0s
✔ ----Harbor has been installed and started successfully.----
# 出现“Harbor has been installed and started successfully”提示表示安装成功。# 安装harbor后会自动开启很多相关容器
[root@rocky9 harbor]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
3a817cfd9507 goharbor/nginx-photon:v2.10.0 "nginx -g 'daemon of…" About a minute ago Up About a minute (healthy) 0.0.0.0:80->8080/tcp, :::80->8080/tcp nginx
df27e94d1296 goharbor/harbor-jobservice:v2.10.0 "/harbor/entrypoint.…" About a minute ago Up About a minute (healthy) harbor-jobservice
941e3a15c0d4 goharbor/harbor-core:v2.10.0 "/harbor/entrypoint.…" About a minute ago Up About a minute (healthy) harbor-core
10adc7af6c45 goharbor/registry-photon:v2.10.0 "/home/harbor/entryp…" About a minute ago Up About a minute (healthy) registry
c4ac6dec6b92 goharbor/harbor-portal:v2.10.0 "nginx -g 'daemon of…" About a minute ago Up About a minute (healthy) harbor-portal
70e02abe9397 goharbor/harbor-db:v2.10.0 "/docker-entrypoint.…" About a minute ago Up About a minute (healthy) harbor-db
8b6b13e0d369 goharbor/redis-photon:v2.10.0 "redis-server /etc/r…" About a minute ago Up About a minute (healthy) redis
cd5347a97785 goharbor/harbor-registryctl:v2.10.0 "/home/harbor/start.…" About a minute ago Up About a minute (healthy) registryctl
991b86237a43 goharbor/harbor-log:v2.10.0 "/bin/sh -c /usr/loc…" About a minute ago Up About a minute (healthy) 127.0.0.1:1514->10514/tcp harbor-log
3.7 实现开机自动启动 harbor
[root@rocky9 harbor]# cat > /lib/systemd/system/harbor.service <<-EOF
[Unit]
Description=Harbor
After=docker.service systemd-networkd.service systemd-resolved.service
Requires=docker.service
Documentation=http://github.com/vmware/harbor[Service]
Type=simple
Restart=on-failure
RestartSec=5
ExecStart=/usr/bin/docker-compose -f /apps/harbor/docker-compose.yml up
ExecStop=/usr/bin/docker-compose -f /apps/harbor/docker-compose.yml down[Install]
WantedBy=multi-user.target
EOF[root@rocky9 harbor]# systemctl daemon-reload && systemctl enable harbor
3.8 登录 harbor 主机网站
用浏览器访问: http://172.31.0.9
- 用户名: admin
- 密码: 即前面harbor.yml中指定的密码
图1-4 harbor登陆
图1-5 harbor登陆后界面
3.9 使用 harbor
3.9.1 建立项目
harbor上必须先建立项目,才能上传镜像
在“项目”菜单下面选择“新建项目”。
图1-6 新建项目
在“新建项目”窗口,设置“项目名称”为linux,勾选“访问级别”后面的“公开”选项,然后点“确定”。
图1-7 新建项目2
可以看到下图已经新建了项目linux。
图1-8 创建完项目后的界面
3.9.2 在客户端主机上命令行登录 harbor
[root@rocky9 ~]# vim /etc/docker/daemon.json
{"registry-mirrors": ["https://registry.docker-cn.com","http://hub-mirror.c.163.com","https://docker.mirrors.ustc.edu.cn"],"insecure-registries": ["172.31.0.9"], # 设置非安全的镜像仓库"data-root": "/data/docker","exec-opts": ["native.cgroupdriver=systemd"],"max-concurrent-downloads": 10,"max-concurrent-uploads": 5,"log-opts": {"max-size": "300m","max-file": "2" },"live-restore": true
}[root@rocky9 ~]# systemctl daemon-reload && systemctl restart docker[root@rocky9 ~]# docker-compose down
[root@rocky9 ~]# docker-compose up -d[root@rocky9 ~]# docker login 172.31.0.9
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-storeLogin Succeeded[root@rocky9 ~]# cat .docker/config.json
{"auths": {"172.31.0.9": {"auth": "YWRtaW46MTIzNDU2"}}
}
3.9.3 给本地镜像打标签并上传到harbor
修改 images 的名称,不修改成指定格式无法将镜像上传到 harbor 仓库。
# 上传镜像前,必须先登录harbor[root@rocky9 ~]# docker pull alpine[root@rocky9 ~]# docker images |grep "alpine"
alpine latest f8c20f8bbcb6 5 weeks ago 7.38MB[root@rocky9 ~]# docker tag alpine 172.31.0.9/linux/alpine[root@rocky9 ~]# docker images |grep "alpine"
172.31.0.9/linux/alpine latest f8c20f8bbcb6 5 weeks ago 7.38MB
alpine latest f8c20f8bbcb6 5 weeks ago 7.38MB[root@rocky9 ~]# docker push 172.31.0.9/linux/alpine
访问harbor网站验证上传镜像成功。
图1-9 查看上传的镜像
3.9.4 下载harbor的镜像
在172.31.0.8的Rocky 8的主机上无需登录,即可下载镜像
首先要主机初始化和安装docker,安装方法参考3.1和3.2。
[root@rocky8 ~]# vim /etc/docker/daemon.json
{"registry-mirrors": ["https://registry.docker-cn.com","http://hub-mirror.c.163.com","https://docker.mirrors.ustc.edu.cn"],"insecure-registries": ["172.31.0.9"], # 添加私有镜像仓库渎职"data-root": "/data/docker","exec-opts": ["native.cgroupdriver=systemd"],"max-concurrent-downloads": 10,"max-concurrent-uploads": 5,"log-opts": {"max-size": "300m","max-file": "2" },"live-restore": true
}[root@rocky8 ~]# systemctl daemon-reload && systemctl restart docker[root@rocky8 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE[root@rocky8 ~]# docker pull 172.31.0.9/linux/alpine[root@rocky8 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
172.31.0.9/linux/alpine latest f8c20f8bbcb6 5 weeks ago 7.38MB
3.10 一键安装harbor脚本
Shell脚本源码地址:
Gitee:https://gitee.com/raymond9/shell
Github:https://github.com/raymond999999/shell
可以去上面的Gitee或Github代码仓库拉取脚本。
3.10.1 基于docker二进制包一键安装Harbor脚本
[root@rocky9 ~]# cat install_harbor_http_v2_1.sh
#!/bin/bash
#
#******************************************************************************************************************
#Author: Raymond
#QQ: 88563128
#Date: 2024-01-26
#FileName: install_harbor_http_v2_1.sh
#URL: raymond.blog.csdn.net
#Description: install_harbor_http for CentOS 7 & CentOS Stream 8/9 & Ubuntu 18.04/20.04/22.04 & Rocky 8/9
#Copyright (C): 2024 All rights reserved
#******************************************************************************************************************
SRC_DIR=/usr/local/src
COLOR="echo -e \\033[01;31m"
END='\033[0m'URL='https://mirrors.aliyun.com/docker-ce/linux/static/stable/x86_64/'
DOCKER_FILE=docker-24.0.7.tgz# Docker Compose下载地址:“https://github.com/docker/compose/releases/download/v2.23.3/docker-compose-linux-x86_64”,请提前下载。
DOCKER_COMPOSE_FILE=docker-compose-linux-x86_64# Harbor下载地址:“https://github.com/goharbor/harbor/releases/download/v2.10.0/harbor-offline-installer-v2.10.0.tgz”,请提前下载。
HARBOR_FILE=harbor-offline-installer-v
HARBOR_VERSION=2.10.0
TAR=.tgz
HARBOR_INSTALL_DIR=/apps
NET_NAME=`ip addr |awk -F"[: ]" '/^2: e.*/{print $3}'`
IP=`ip addr show ${NET_NAME}| awk -F" +|/" '/global/{print $3}'`
HARBOR_ADMIN_PASSWORD=123456os(){OS_ID=`sed -rn '/^NAME=/s@.*="([[:alpha:]]+).*"$@\1@p' /etc/os-release`OS_RELEASE_VERSION=`sed -rn '/^VERSION_ID=/s@.*="?([0-9]+)\.?.*"?@\1@p' /etc/os-release`
}check_file (){cd ${SRC_DIR}if [ ${OS_ID} == "CentOS" -o ${OS_ID} == "Rocky" ] &> /dev/null;thenrpm -q wget &> /dev/null || { ${COLOR}"安装wget工具,请稍等..."${END};yum -y install wget &> /dev/null; }fiif [ ! -e ${DOCKER_FILE} ];then${COLOR}"缺少${DOCKER_FILE}文件,如果是离线包,请把文件放到${SRC_DIR}目录下"${END}${COLOR}'开始下载DOCKER二进制源码包'${END}wget ${URL}${DOCKER_FILE} || { ${COLOR}"DOCKER二进制安装包下载失败"${END}; exit; }elif [ ! -e ${DOCKER_COMPOSE_FILE} ];then${COLOR}"缺少${DOCKER_COMPOSE_FILE}文件,请把文件放到${SRC_DIR}目录下"${END}exitelif [ ! -e ${HARBOR_FILE}${HARBOR_VERSION}${TAR} ];then${COLOR}"缺少${HARBOR_FILE}${HARBOR_VERSION}${TAR}文件,请把文件放到${SRC_DIR}目录下"${END}exitelse${COLOR}"相关文件已准备好"${END}fi
}install_docker(){ ${COLOR}"开始安装Docker,请稍等..."${END}tar xf ${DOCKER_FILE}mv docker/* /usr/bin/cat > /lib/systemd/system/docker.service <<-EOF
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target firewalld.service
Wants=network-online.target[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStart=/usr/bin/dockerd -H unix://var/run/docker.sock
ExecReload=/bin/kill -s HUP \$MAINPID
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
# Uncomment TasksMax if your systemd version supports it.
# Only systemd 226 and above support this version.
#TasksMax=infinity
TimeoutStartSec=0
# set delegate yes so that systemd does not reset the cgroups of docker containers
Delegate=yes
# kill only the docker process, not all processes in the cgroup
KillMode=process
# restart the docker process if it exits prematurely
Restart=on-failure
StartLimitBurst=3
StartLimitInterval=60s[Install]
WantedBy=multi-user.target
EOFmkdir -p /etc/dockercat > /etc/docker/daemon.json <<-EOF
{"registry-mirrors": ["https://registry.docker-cn.com","https://hub-mirror.c.163.com","https://docker.mirrors.ustc.edu.cn"],"insecure-registries": ["${IP}"],"data-root": "/data/docker","exec-opts": ["native.cgroupdriver=systemd"],"max-concurrent-downloads": 10,"max-concurrent-uploads": 5,"log-opts": {"max-size": "300m","max-file": "2" },"live-restore": true
}
EOFecho 'alias rmi="docker images -qa|xargs docker rmi -f"' >> ~/.bashrcecho 'alias rmc="docker ps -qa|xargs docker rm -f"' >> ~/.bashrcsystemctl daemon-reloadsystemctl enable --now docker &> /dev/nullsystemctl is-active docker &> /dev/null && ${COLOR}"Docker 服务启动成功"${END} || { ${COLOR}"Docker 启动失败"${END};exit; }docker version && ${COLOR}"Docker 安装成功"${END} || ${COLOR}"Docker 安装失败"${END}
}install_docker_compose(){${COLOR}"开始安装Docker Compose,请稍等..."${END}mv ${SRC_DIR}/${DOCKER_COMPOSE_FILE} /usr/bin/docker-composechmod +x /usr/bin/docker-composedocker-compose --version && ${COLOR}"Docker Compose 安装完成"${END} || ${COLOR}"Docker compose 安装失败"${END}
}install_harbor(){${COLOR}"开始安装Harbor,请稍等..."${END}[ -d ${HARBOR_INSTALL_DIR} ] || mkdir ${HARBOR_INSTALL_DIR}tar xf ${SRC_DIR}/${HARBOR_FILE}${HARBOR_VERSION}${TAR} -C ${HARBOR_INSTALL_DIR}/mv ${HARBOR_INSTALL_DIR}/harbor/harbor.yml.tmpl ${HARBOR_INSTALL_DIR}/harbor/harbor.ymlsed -ri.bak -e 's/^(hostname:) .*/\1 '${IP}'/' -e 's/^(https:)/#\1/' -e 's/ (port: 443)/# \1/' -e 's@ (certificate: .*)@# \1@' -e 's@ (private_key: .*)@# \1@' -e 's/^(harbor_admin_password:) .*/\1 '${HARBOR_ADMIN_PASSWORD}'/' ${HARBOR_INSTALL_DIR}/harbor/harbor.ymlif [ ${OS_ID} == "CentOS" -o ${OS_ID} == "Rocky" ] &> /dev/null;thenrpm -q python3 &> /dev/null || { ${COLOR}"安装python3,请稍等..."${END};yum -y install python3 &> /dev/null; }elsedpkg -s python3 &>/dev/null || { ${COLOR}"安装python3,请稍等..."${END};apt -y install python3 &> /dev/null; }fi${HARBOR_INSTALL_DIR}/harbor/install.sh --with-trivy && ${COLOR}"Harbor 安装完成"${END} || ${COLOR}"Harbor 安装失败"${END}cat > /lib/systemd/system/harbor.service <<-EOF
[Unit]
Description=Harbor
After=docker.service systemd-networkd.service systemd-resolved.service
Requires=docker.service
Documentation=http://github.com/vmware/harbor[Service]
Type=simple
Restart=on-failure
RestartSec=5
ExecStart=/usr/bin/docker-compose -f /apps/harbor/docker-compose.yml up
ExecStop=/usr/bin/docker-compose -f /apps/harbor/docker-compose.yml down[Install]
WantedBy=multi-user.target
EOFsystemctl daemon-reload systemctl enable harbor &>/dev/null && ${COLOR}"Harbor已配置为开机自动启动"${END}
}set_swap_limit(){if [ ${OS_RELEASE_VERSION} == "18" -o ${OS_RELEASE_VERSION} == "20" ];thengrep -q "swapaccount=1" /etc/default/grub && { ${COLOR}'"WARNING: No swap limit support"警告,已设置'${END};exit; }${COLOR}'设置Docker的"WARNING: No swap limit support"警告'${END}sed -ri '/^GRUB_CMDLINE_LINUX=/s@"$@ swapaccount=1"@' /etc/default/grubupdate-grub &> /dev/null${COLOR}"10秒后,机器会自动重启"${END}sleep 10rebootfi
}main(){oscheck_file[ -f /usr/bin/docker ] && ${COLOR}"Docker已安装"${END} || install_docker[ -f /usr/bin/docker-compose ] && ${COLOR}"Docker Compose已安装"${END} || install_docker_composesystemctl is-active harbor &> /dev/null && ${COLOR}"Harbor已安装"${END} || install_harborset_swap_limit
}main
3.10.2 基于docker镜像仓库一键安装harbor脚本
[root@rocky9 ~]# cat install_harbor_http_v2_2.sh
#!/bin/bash
#
#******************************************************************************************************************
#Author: Raymond
#QQ: 88563128
#Date: 2024-01-26
#FileName: install_harbor_http_v2_2.sh
#URL: raymond.blog.csdn.net
#Description: install_harbor_http for CentOS 7 & CentOS Stream 8/9 & Ubuntu 18.04/20.04/22.04 & Rocky 8/9
#Copyright (C): 2024 All rights reserved
#******************************************************************************************************************
SRC_DIR=/usr/local/src
COLOR="echo -e \\033[01;31m"
END='\033[0m'DOCKER_VERSION=24.0.7
DOCKER_MAIN_VERSION=`echo ${DOCKER_VERSION} | awk -F'.' '{print $1}'`
URL='mirrors.aliyun.com'# Docker Compose下载地址:“https://github.com/docker/compose/releases/download/v2.23.3/docker-compose-linux-x86_64”,请提前下载。
DOCKER_COMPOSE_FILE=docker-compose-linux-x86_64# Harbor下载地址:“https://github.com/goharbor/harbor/releases/download/v2.10.0/harbor-offline-installer-v2.10.0.tgz”,请提前下载。
HARBOR_FILE=harbor-offline-installer-v
HARBOR_VERSION=2.10.0
TAR=.tgz
HARBOR_INSTALL_DIR=/apps
NET_NAME=`ip addr |awk -F"[: ]" '/^2: e.*/{print $3}'`
IP=`ip addr show ${NET_NAME}| awk -F" +|/" '/global/{print $3}'`
HARBOR_ADMIN_PASSWORD=123456os(){OS_ID=`sed -rn '/^NAME=/s@.*="([[:alpha:]]+).*"$@\1@p' /etc/os-release`OS_RELEASE_VERSION=`sed -rn '/^VERSION_ID=/s@.*="?([0-9]+)\.?.*"?@\1@p' /etc/os-release`
}check_file (){cd ${SRC_DIR}if [ ! -e ${DOCKER_COMPOSE_FILE} ];then${COLOR}"缺少${DOCKER_COMPOSE_FILE}文件,请把文件放到${SRC_DIR}目录下"${END}exitelif [ ! -e ${HARBOR_FILE}${HARBOR_VERSION}${TAR} ];then${COLOR}"缺少${HARBOR_FILE}${HARBOR_VERSION}${TAR}文件,请把文件放到${SRC_DIR}目录下"${END}exitelse${COLOR}"相关文件已准备好"${END}fi
}ubuntu_install_docker(){${COLOR}"开始安装Docker依赖包,请稍等..."${END}apt update &> /dev/nullapt -y install apt-transport-https ca-certificates curl software-properties-common &> /dev/nullcurl -fsSL https://${URL}/docker-ce/linux/ubuntu/gpg | sudo apt-key add - &> /dev/nulladd-apt-repository -y "deb [arch=amd64] https://${URL}/docker-ce/linux/ubuntu $(lsb_release -cs) stable" &> /dev/null apt update &> /dev/null${COLOR}"Docker有以下版本"${END}apt-cache madison docker-ce${COLOR}"10秒后即将安装:Docker-"${DOCKER_VERSION}"版本......"${END}${COLOR}"如果想安装其它Docker版本,请按Ctrl+c键退出,修改版本再执行"${END}sleep 10${COLOR}"开始安装Docker,请稍等..."${END}if [ ${DOCKER_MAIN_VERSION} == "18" -o ${DOCKER_MAIN_VERSION} == "19" -o ${DOCKER_MAIN_VERSION} == "20" ];thenapt -y install docker-ce=5:${DOCKER_VERSION}~3-0~ubuntu-$(lsb_release -cs) docker-ce-cli=5:${DOCKER_VERSION}~3-0~ubuntu-$(lsb_release -cs) &> /dev/null || { ${COLOR}"apt源失败,请检查apt配置"${END};exit; }elseapt -y install docker-ce=5:${DOCKER_VERSION}-1~ubuntu.$(lsb_release -rs)~$(lsb_release -cs) docker-ce-cli=5:${DOCKER_VERSION}-1~ubuntu.$(lsb_release -rs)~$(lsb_release -cs) &> /dev/null || { ${COLOR}"apt源失败,请检查apt配置"${END};exit; }fi
}centos_install_docker(){${COLOR}"开始安装Docker依赖包,请稍等..."${END}yum -y install yum-utils &> /dev/nullyum-config-manager --add-repo https://${URL}/docker-ce/linux/centos/docker-ce.repo &> /dev/nullyum clean all &> /dev/nullyum makecache &> /dev/null${COLOR}"Docker有以下版本"${END}yum list docker-ce.x86_64 --showduplicates${COLOR}"10秒后即将安装:Docker-"${DOCKER_VERSION}"版本......"${END}${COLOR}"如果想安装其它Docker版本,请按Ctrl+c键退出,修改版本再执行"${END}sleep 10${COLOR}"开始安装Docker,请稍等..."${END}yum -y install docker-ce-${DOCKER_VERSION} docker-ce-cli-${DOCKER_VERSION} &> /dev/null || { ${COLOR}"yum源失败,请检查yum配置"${END};exit; }
}mirror_accelerator(){mkdir -p /etc/dockercat > /etc/docker/daemon.json <<-EOF
{"registry-mirrors": ["https://registry.docker-cn.com","https://hub-mirror.c.163.com","https://docker.mirrors.ustc.edu.cn"],"insecure-registries": ["${IP}"],"data-root": "/data/docker","exec-opts": ["native.cgroupdriver=systemd"],"max-concurrent-downloads": 10,"max-concurrent-uploads": 5,"log-opts": {"max-size": "300m","max-file": "2" },"live-restore": true
}
EOFsystemctl daemon-reloadsystemctl enable --now dockersystemctl is-active docker &> /dev/null && ${COLOR}"Docker 服务启动成功"${END} || { ${COLOR}"Docker 启动失败"${END};exit; }docker version && ${COLOR}"Docker 安装成功"${END} || ${COLOR}"Docker 安装失败"${END}
}set_alias(){echo 'alias rmi="docker images -qa|xargs docker rmi -f"' >> ~/.bashrcecho 'alias rmc="docker ps -qa|xargs docker rm -f"' >> ~/.bashrc
}install_docker_compose(){${COLOR}"开始安装Docker Compose,请稍等..."${END}mv ${SRC_DIR}/${DOCKER_COMPOSE_FILE} /usr/bin/docker-composechmod +x /usr/bin/docker-composedocker-compose --version && ${COLOR}"Docker Compose 安装完成"${END} || ${COLOR}"Docker compose 安装失败"${END}
}install_harbor(){${COLOR}"开始安装Harbor,请稍等..."${END}[ -d ${HARBOR_INSTALL_DIR} ] || mkdir ${HARBOR_INSTALL_DIR}tar xf ${SRC_DIR}/${HARBOR_FILE}${HARBOR_VERSION}${TAR} -C ${HARBOR_INSTALL_DIR}/mv ${HARBOR_INSTALL_DIR}/harbor/harbor.yml.tmpl ${HARBOR_INSTALL_DIR}/harbor/harbor.ymlsed -ri.bak -e 's/^(hostname:) .*/\1 '${IP}'/' -e 's/^(https:)/#\1/' -e 's/ (port: 443)/# \1/' -e 's@ (certificate: .*)@# \1@' -e 's@ (private_key: .*)@# \1@' -e 's/^(harbor_admin_password:) .*/\1 '${HARBOR_ADMIN_PASSWORD}'/' ${HARBOR_INSTALL_DIR}/harbor/harbor.ymlif [ ${OS_ID} == "CentOS" -o ${OS_ID} == "Rocky" ] &> /dev/null;thenrpm -q python3 &> /dev/null || { ${COLOR}"安装python3,请稍等..."${END};yum -y install python3 &> /dev/null; }elsedpkg -s python3 &>/dev/null || { ${COLOR}"安装python3,请稍等..."${END};apt -y install python3 &> /dev/null; }fi${HARBOR_INSTALL_DIR}/harbor/install.sh --with-trivy && ${COLOR}"Harbor 安装完成"${END} || ${COLOR}"Harbor 安装失败"${END}cat > /lib/systemd/system/harbor.service <<-EOF
[Unit]
Description=Harbor
After=docker.service systemd-networkd.service systemd-resolved.service
Requires=docker.service
Documentation=http://github.com/vmware/harbor[Service]
Type=simple
Restart=on-failure
RestartSec=5
ExecStart=/usr/bin/docker-compose -f /apps/harbor/docker-compose.yml up
ExecStop=/usr/bin/docker-compose -f /apps/harbor/docker-compose.yml down[Install]
WantedBy=multi-user.target
EOFsystemctl daemon-reload systemctl enable harbor &>/dev/null && ${COLOR}"Harbor已配置为开机自动启动"${END}
}set_swap_limit(){if [ ${OS_RELEASE_VERSION} == "18" -o ${OS_RELEASE_VERSION} == "20" ];thengrep -q "swapaccount=1" /etc/default/grub && { ${COLOR}'"WARNING: No swap limit support"警告,已设置'${END};exit; }${COLOR}'设置Docker的"WARNING: No swap limit support"警告'${END}sed -ri '/^GRUB_CMDLINE_LINUX=/s@"$@ swapaccount=1"@' /etc/default/grubupdate-grub &> /dev/null${COLOR}"10秒后,机器会自动重启"${END}sleep 10rebootfi
}main(){oscheck_fileif [ ${OS_ID} == "CentOS" -o ${OS_ID} == "Rocky" ] &> /dev/null;thenrpm -q docker-ce &> /dev/null && ${COLOR}"Docker已安装"${END} || centos_install_dockerelsedpkg -s docker-ce &>/dev/null && ${COLOR}"Docker已安装"${END} || ubuntu_install_dockerfi[ -f /etc/docker/daemon.json ] &>/dev/null && ${COLOR}"Docker镜像加速器已设置"${END} || mirror_acceleratorgrep -Eqoi "(.*rmi=|.*rmc=)" ~/.bashrc && ${COLOR}"Docker别名已设置"${END} || set_alias[ -f /usr/bin/docker-compose ] && ${COLOR}"Docker Compose已安装"${END} || install_docker_composesystemctl is-active harbor &> /dev/null && ${COLOR}"Harbor已安装"${END} || install_harborset_swap_limit
}main
4.harbor 安全 https 配置
harbor默认使用http,为了安全,可以使用https。
4.1 主机初始化
参考3.1里面的设置。
4.2 安装docker
[root@rocky9-2 ~]# cat install_docker-binary_v2.sh
#!/bin/bash
#
#*************************************************************************************************************
#Author: Raymond
#QQ: 88563128
#Date: 2024-01-17
#FileName: install_docker-binary_v2.sh
#URL: raymond.blog.csdn.net
#Description: install_docker-binary for CentOS 7 & CentOS Stream 8/9 & Ubuntu 18.04/20.04/22.04 & Rocky 8/9
#Copyright (C): 2024 All rights reserved
#*************************************************************************************************************
SRC_DIR=/usr/local/src
COLOR="echo -e \\033[01;31m"
END='\033[0m'
URL='https://mirrors.aliyun.com/docker-ce/linux/static/stable/x86_64/'
DOCKER_FILE=docker-24.0.7.tgzos(){OS_ID=`sed -rn '/^NAME=/s@.*="([[:alpha:]]+).*"$@\1@p' /etc/os-release`OS_RELEASE_VERSION=`sed -rn '/^VERSION_ID=/s@.*="?([0-9]+)\.?.*"?@\1@p' /etc/os-release`
}check_file (){cd ${SRC_DIR}if [ ${OS_ID} == "CentOS" -o ${OS_ID} == "Rocky" ] &> /dev/null;thenrpm -q wget &> /dev/null || { ${COLOR}"安装wget工具,请稍等..."${END};yum -y install wget &> /dev/null; }fiif [ ! -e ${DOCKER_FILE} ];then${COLOR}"缺少${DOCKER_FILE}文件,如果是离线包,请把文件放到${SRC_DIR}目录下"${END}${COLOR}'开始下载Docker二进制安装包'${END}wget ${URL}${DOCKER_FILE} || { ${COLOR}"Docker二进制安装包下载失败"${END}; exit; } else${COLOR}"相关文件已准备好"${END}fi
}install(){ [ -f /usr/bin/docker ] && { ${COLOR}"Docker已存在,安装失败"${END};exit; }${COLOR}"开始安装Docker,请稍等..."${END}if [ ${OS_ID} == "CentOS" -o ${OS_ID} == "Rocky" ] &> /dev/null;thenrpm -q tar &> /dev/null || { ${COLOR}"安装tar工具,请稍等..."${END};yum -y install tar &> /dev/null; }fitar xf ${DOCKER_FILE} mv docker/* /usr/bin/cat > /lib/systemd/system/docker.service <<-EOF
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target firewalld.service
Wants=network-online.target[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStart=/usr/bin/dockerd -H unix://var/run/docker.sock
ExecReload=/bin/kill -s HUP \$MAINPID
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
# Uncomment TasksMax if your systemd version supports it.
# Only systemd 226 and above support this version.
#TasksMax=infinity
TimeoutStartSec=0
# set delegate yes so that systemd does not reset the cgroups of docker containers
Delegate=yes
# kill only the docker process, not all processes in the cgroup
KillMode=process
# restart the docker process if it exits prematurely
Restart=on-failure
StartLimitBurst=3
StartLimitInterval=60s[Install]
WantedBy=multi-user.target
EOFmkdir -p /etc/dockercat > /etc/docker/daemon.json <<-EOF
{"registry-mirrors": ["https://registry.docker-cn.com","https://hub-mirror.c.163.com","https://docker.mirrors.ustc.edu.cn"],"data-root": "/data/docker","exec-opts": ["native.cgroupdriver=systemd"],"max-concurrent-downloads": 10,"max-concurrent-uploads": 5,"log-opts": {"max-size": "300m","max-file": "2" },"live-restore": true
}
EOFecho 'alias rmi="docker images -qa|xargs docker rmi -f"' >> ~/.bashrcecho 'alias rmc="docker ps -qa|xargs docker rm -f"' >> ~/.bashrcsystemctl daemon-reloadsystemctl enable --now docker &> /dev/nullsystemctl is-active docker &> /dev/null && ${COLOR}"Docker 服务启动成功"${END} || { ${COLOR}"Docker 启动失败"${END};exit; }docker version && ${COLOR}"Docker 安装成功"${END} || ${COLOR}"Docker 安装失败"${END}
}set_swap_limit(){if [ ${OS_RELEASE_VERSION} == "18" -o ${OS_RELEASE_VERSION} == "20" ];thengrep -q "swapaccount=1" /etc/default/grub && { ${COLOR}'"WARNING: No swap limit support"警告,已设置'${END};exit; }${COLOR}'设置Docker的"WARNING: No swap limit support"警告'${END}sed -ri '/^GRUB_CMDLINE_LINUX=/s@"$@ swapaccount=1"@' /etc/default/grubupdate-grub &> /dev/null${COLOR}"10秒后,机器会自动重启!"${END}sleep 10rebootfi
}main(){oscheck_fileinstallset_swap_limit
}main[root@rocky9-2 ~]# bash install_docker-binary_v2.sh[root@rocky9-2 ~]# docker version
Client:Version: 24.0.7API version: 1.43Go version: go1.20.10Git commit: afdd53bBuilt: Thu Oct 26 09:04:00 2023OS/Arch: linux/amd64Context: defaultServer: Docker Engine - CommunityEngine:Version: 24.0.7API version: 1.43 (minimum version 1.12)Go version: go1.20.10Git commit: 311b9ffBuilt: Thu Oct 26 09:05:28 2023OS/Arch: linux/amd64Experimental: falsecontainerd:Version: v1.7.6GitCommit: 091922f03c2762540fd057fba91260237ff86acbrunc:Version: 1.1.9GitCommit: v1.1.9-0-gccaecfcdocker-init:Version: 0.19.0GitCommit: de40ad0
4.3 安装docker compose
[root@rocky9-2 ~]# wget https://github.com/docker/compose/releases/download/v2.23.3/docker-compose-linux-x86_64[root@rocky9-2 ~]# mv docker-compose-linux-x86_64 /usr/bin/docker-compose
[root@rocky9-2 ~]# chmod +x /usr/bin/docker-compose[root@rocky9-2 ~]# docker-compose -v
Docker Compose version v2.23.3
4.4 下载Harbor安装包并解压缩
[root@rocky9-2 ~]# wget https://github.com/goharbor/harbor/releases/download/v2.10.0/harbor-offline-installer-v2.10.0.tgz[root@rocky9-2 ~]# mkdir /apps[root@rocky9-2 ~]# tar xvf harbor-offline-installer-v2.10.0.tgz -C /apps/
harbor/harbor.v2.10.0.tar.gz
harbor/prepare
harbor/LICENSE
harbor/install.sh
harbor/common.sh
harbor/harbor.yml.tmpl
4.5 生成私钥和证书
最新文档: https://goharbor.io/docs/2.10.0/install-config/configure-https/
[root@rocky9-2 ~]# touch /root/.rnd
[root@rocky9-2 ~]# mkdir /apps/harbor/certs/
[root@rocky9-2 ~]# cd /apps/harbor/certs/# 1.生成证书颁发机构证书
# 生成CA证书私钥
[root@rocky9-2 certs]# openssl genrsa -out ca.key 4096# 生成CA证书,请把下面的变量DOMAIN值改成自己的域名
[root@rocky9-2 certs]# DOMAIN=raymonds.cc[root@rocky9-2 certs]# openssl req -x509 -new -nodes -sha512 -days 3650 -subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=ca.${DOMAIN}" -key ca.key -out ca.crt# 2.生成服务器证书
# 生成私人密钥
[root@rocky9-2 certs]# openssl genrsa -out harbor.${DOMAIN}.key 4096# 生成证书签名请求(CSR)
[root@rocky9-2 certs]# openssl req -sha512 -new -subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=harbor.${DOMAIN}" -key harbor.${DOMAIN}.key -out harbor.${DOMAIN}.csr# 生成 x509 v3 扩展文件
[root@rocky9-2 certs]# cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names[alt_names]
DNS.1=${DOMAIN}
DNS.2=ca.${DOMAIN}
DNS.3=harbor.${DOMAIN}
EOF# 使用 v3.ext 文件为 Harbor 主机生成证书
[root@rocky9-2 certs]# openssl x509 -req -sha512 -days 3650 -extfile v3.ext -CA ca.crt -CAkey ca.key -CAcreateserial -in harbor.${DOMAIN}.csr -out harbor.${DOMAIN}.crt# 转换crt为cert,供Docker使用,Docker守护程序将.crt文件解释为CA证书,并将.cert文件解释为客户端证书
[root@rocky9-2 certs]# openssl x509 -inform PEM -in harbor.${DOMAIN}.crt -out harbor.${DOMAIN}.cert[root@rocky9-2 certs]# tree
-bash: tree: command not found
# 没有tree命令# 安装tree
[root@Rocky9-2 certs]# dnf -y install tree[root@rocky9-2 certs]# tree
.
├── ca.crt
├── ca.key
├── ca.srl
├── harbor.raymonds.cc.cert
├── harbor.raymonds.cc.crt
├── harbor.raymonds.cc.csr
├── harbor.raymonds.cc.key
└── v3.ext0 directories, 8 files
4.6 编辑配置文件 harbor.cfg
[root@Rocky9-2 certs]# cd ..
[root@Rocky9-2 harbor]# ls
certs common.sh harbor.v2.10.0.tar.gz harbor.yml.tmpl install.sh LICENSE prepare
[root@Rocky9-2 harbor]# mv harbor.yml.tmpl harbor.yml[root@Rocky9-2 harbor]# vim harbor.yml
-bash: vim: command not found
# Rocky和CentOS默认没有安装vim。[root@Rocky9-2 harbor]# dnf -y install vim[root@Rocky9-2 harbor]# vim harbor.yml
hostname: harbor.raymonds.cchttps:port: 443certificate: /apps/harbor/certs/harbor.raymonds.cc.crtprivate_key: /apps/harbor/certs/harbor.raymonds.cc.keyharbor_admin_password: 123456# 使用下面命令直接替换
HARBOR_INSTALL_DIR=/apps
HARBOR_ADMIN_PASSWORD=123456sed -ri.bak -e 's/^(hostname:) .*/\1 harbor.'''${DOMAIN}'''/' -e 's@ (certificate:) .*@ \1 '''${HARBOR_INSTALL_DIR}'''/harbor/certs/harbor.'''${DOMAIN}'''.crt@' -e 's@ (private_key:) .*@ \1 '''${HARBOR_INSTALL_DIR}'''/harbor/certs/harbor.'''${DOMAIN}'''.key@' -e 's/^(harbor_admin_password:) .*/\1 '''${HARBOR_ADMIN_PASSWORD}'''/' ${HARBOR_INSTALL_DIR}/harbor/harbor.yml
4.7 运行 harbor 安装脚本
# 先安装python
# rocky和CentOS
yum -y install python3# Ubuntu
apt -y install python3# --with-trivy:选择安装镜像扫描组件Trivy。
[root@rocky9-2 harbor]# ./install.sh --with-trivy[Step 0]: checking if docker is installed ...Note: docker version: 24.0.7[Step 1]: checking docker-compose is installed ...Note: docker-compose version: 2.23.3[Step 2]: loading Harbor images ...
ad00c0c1d948: Loading layer [==================================================>] 40.11MB/40.11MB
7570a78aea36: Loading layer [==================================================>] 9.08MB/9.08MB
04774e0e84f2: Loading layer [==================================================>] 4.096kB/4.096kB
8a42710a9f5a: Loading layer [==================================================>] 3.072kB/3.072kB
f1990e77f8e5: Loading layer [==================================================>] 197MB/197MB
172f5af926be: Loading layer [==================================================>] 17.6MB/17.6MB
2bef5dd17a10: Loading layer [==================================================>] 215.4MB/215.4MB
Loaded image: goharbor/trivy-adapter-photon:v2.10.0
8c10ac3a40a9: Loading layer [==================================================>] 89.84MB/89.84MB
cc741ba6af65: Loading layer [==================================================>] 65.11MB/65.11MB
7877ea7046dd: Loading layer [==================================================>] 13.2MB/13.2MB
3de91a0984fe: Loading layer [==================================================>] 65.54kB/65.54kB
4d2cda613456: Loading layer [==================================================>] 2.56kB/2.56kB
625b81c9e514: Loading layer [==================================================>] 1.536kB/1.536kB
6496ec4ce84e: Loading layer [==================================================>] 12.29kB/12.29kB
2b332fb0075b: Loading layer [==================================================>] 5.322MB/5.322MB
f8976ae46d77: Loading layer [==================================================>] 457.7kB/457.7kB
Loaded image: goharbor/prepare:v2.10.0
a36cb8a4e510: Loading layer [==================================================>] 126.1MB/126.1MB
fd72ef63aacc: Loading layer [==================================================>] 3.584kB/3.584kB
162d9960a2b9: Loading layer [==================================================>] 3.072kB/3.072kB
b71508b0d586: Loading layer [==================================================>] 2.56kB/2.56kB
18c685e189cb: Loading layer [==================================================>] 3.072kB/3.072kB
84690af2e82b: Loading layer [==================================================>] 3.584kB/3.584kB
8d7eb73e8207: Loading layer [==================================================>] 20.48kB/20.48kB
Loaded image: goharbor/harbor-log:v2.10.0
001da4979db8: Loading layer [==================================================>] 8.562MB/8.562MB
275281f671bf: Loading layer [==================================================>] 4.096kB/4.096kB
f6856e2d539f: Loading layer [==================================================>] 17.4MB/17.4MB
557317f3c1c5: Loading layer [==================================================>] 3.072kB/3.072kB
942b8c3060c6: Loading layer [==================================================>] 32.81MB/32.81MB
b2bc30e737e7: Loading layer [==================================================>] 51MB/51MB
Loaded image: goharbor/harbor-registryctl:v2.10.0
d5e5478da184: Loading layer [==================================================>] 116.8MB/116.8MB
Loaded image: goharbor/nginx-photon:v2.10.0
74a7f6a8de8c: Loading layer [==================================================>] 11.58MB/11.58MB
46523ccaf371: Loading layer [==================================================>] 27.6MB/27.6MB
3cea6b428022: Loading layer [==================================================>] 4.608kB/4.608kB
9815d4ae0f06: Loading layer [==================================================>] 28.39MB/28.39MB
Loaded image: goharbor/harbor-exporter:v2.10.0
7d7e15ae8ca1: Loading layer [==================================================>] 15.93MB/15.93MB
e13b0ff80947: Loading layer [==================================================>] 111.8MB/111.8MB
da74a4230588: Loading layer [==================================================>] 3.072kB/3.072kB
89240f6f343b: Loading layer [==================================================>] 59.9kB/59.9kB
7b00214da46a: Loading layer [==================================================>] 61.95kB/61.95kB
Loaded image: goharbor/redis-photon:v2.10.0
345fdbd05997: Loading layer [==================================================>] 8.562MB/8.562MB
5c4443929555: Loading layer [==================================================>] 4.096kB/4.096kB
605c9788ef17: Loading layer [==================================================>] 3.072kB/3.072kB
b2ab56de0e45: Loading layer [==================================================>] 17.4MB/17.4MB
950eb2734789: Loading layer [==================================================>] 18.19MB/18.19MB
Loaded image: goharbor/registry-photon:v2.10.0
7693164e30e0: Loading layer [==================================================>] 116.8MB/116.8MB
6b50b5d516aa: Loading layer [==================================================>] 6.531MB/6.531MB
5aea217650ad: Loading layer [==================================================>] 246.8kB/246.8kB
0b3de92ff70b: Loading layer [==================================================>] 1.477MB/1.477MB
Loaded image: goharbor/harbor-portal:v2.10.0
b79ac58f353c: Loading layer [==================================================>] 11.58MB/11.58MB
18c4c015e339: Loading layer [==================================================>] 3.584kB/3.584kB
c6eef6a39935: Loading layer [==================================================>] 2.56kB/2.56kB
03db56130352: Loading layer [==================================================>] 58.57MB/58.57MB
78c9748f2d29: Loading layer [==================================================>] 5.632kB/5.632kB
e1732f90232a: Loading layer [==================================================>] 123.4kB/123.4kB
6b733e4833c8: Loading layer [==================================================>] 80.38kB/80.38kB
fe6828cc147a: Loading layer [==================================================>] 59.56MB/59.56MB
8e1349c44768: Loading layer [==================================================>] 2.56kB/2.56kB
Loaded image: goharbor/harbor-core:v2.10.0
02b0385778eb: Loading layer [==================================================>] 15.93MB/15.93MB
ac2be26232ee: Loading layer [==================================================>] 175MB/175MB
1e3e9dba5eaa: Loading layer [==================================================>] 25.47MB/25.47MB
c7fa85d79c1c: Loading layer [==================================================>] 18.14MB/18.14MB
f9ef6596c7ce: Loading layer [==================================================>] 5.12kB/5.12kB
e35036cc139f: Loading layer [==================================================>] 6.144kB/6.144kB
0cb7ded8041a: Loading layer [==================================================>] 3.072kB/3.072kB
5d178abacde0: Loading layer [==================================================>] 2.048kB/2.048kB
67fe09fd709b: Loading layer [==================================================>] 2.56kB/2.56kB
d0b4aac335c4: Loading layer [==================================================>] 7.68kB/7.68kB
Loaded image: goharbor/harbor-db:v2.10.0
fced8697b2c7: Loading layer [==================================================>] 11.58MB/11.58MB
af968b902c26: Loading layer [==================================================>] 3.584kB/3.584kB
7caaebde63bc: Loading layer [==================================================>] 2.56kB/2.56kB
d6e3c7a6ef36: Loading layer [==================================================>] 44.96MB/44.96MB
bc8a8ef654ea: Loading layer [==================================================>] 45.75MB/45.75MB
Loaded image: goharbor/harbor-jobservice:v2.10.0[Step 3]: preparing environment ...[Step 4]: preparing harbor configs ...
prepare base dir is set to /apps/harbor
Generated configuration file: /config/portal/nginx.conf
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/registryctl/config.yml
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
Generated and saved secret to file: /data/secret/keys/secretkey
Successfully called func: create_root_cert
Generated configuration file: /config/trivy-adapter/env
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dirNote: stopping existing Harbor instance ...[Step 5]: starting Harbor ...
[+] Running 11/11✔ Network harbor_harbor Created 0.1s ✔ Container harbor-log Started 0.0s ✔ Container harbor-db Started 0.1s ✔ Container redis Started 0.1s ✔ Container registry Started 0.1s ✔ Container registryctl Started 0.0s ✔ Container harbor-portal Started 0.1s ✔ Container trivy-adapter Started 0.0s ✔ Container harbor-core Started 0.0s ✔ Container nginx Started 0.0s ✔ Container harbor-jobservice Started 0.0s
✔ ----Harbor has been installed and started successfully.----✔ ----Harbor has been installed and started successfully.----
# 出现“Harbor has been installed and started successfully”提示表示安装成功。[root@rocky9 harbor]# docker-compose ps
NAME IMAGE COMMAND SERVICE CREATED STATUS PORTS
harbor-core goharbor/harbor-core:v2.10.0 "/harbor/entrypoint.…" core About a minute ago Up About a minute (healthy)
harbor-db goharbor/harbor-db:v2.10.0 "/docker-entrypoint.…" postgresql About a minute ago Up About a minute (healthy)
harbor-jobservice goharbor/harbor-jobservice:v2.10.0 "/harbor/entrypoint.…" jobservice About a minute ago Up About a minute (healthy)
harbor-log goharbor/harbor-log:v2.10.0 "/bin/sh -c /usr/loc…" log About a minute ago Up About a minute (healthy) 127.0.0.1:1514->10514/tcp
harbor-portal goharbor/harbor-portal:v2.10.0 "nginx -g 'daemon of…" portal About a minute ago Up About a minute (healthy)
nginx goharbor/nginx-photon:v2.10.0 "nginx -g 'daemon of…" proxy About a minute ago Up About a minute (healthy) 0.0.0.0:80->8080/tcp, :::80->8080/tcp, 0.0.0.0:443->8443/tcp, :::443->8443/tcp
redis goharbor/redis-photon:v2.10.0 "redis-server /etc/r…" redis About a minute ago Up About a minute (healthy)
registry goharbor/registry-photon:v2.10.0 "/home/harbor/entryp…" registry About a minute ago Up About a minute (healthy)
registryctl goharbor/harbor-registryctl:v2.10.0 "/home/harbor/start.…" registryctl About a minute ago Up About a minute (healthy)
trivy-adapter goharbor/trivy-adapter-photon:v2.10.0 "/home/scanner/entry…" trivy-adapter About a minute ago Up About a minute (healthy)
4.8 实现开机自动启动 harbor
[root@rocky9-2 harbor]# cat > /lib/systemd/system/harbor.service <<-EOF
[Unit]
Description=Harbor
After=docker.service systemd-networkd.service systemd-resolved.service
Requires=docker.service
Documentation=http://github.com/vmware/harbor[Service]
Type=simple
Restart=on-failure
RestartSec=5
ExecStart=/usr/bin/docker-compose -f /apps/harbor/docker-compose.yml up
ExecStop=/usr/bin/docker-compose -f /apps/harbor/docker-compose.yml down[Install]
WantedBy=multi-user.target
EOF[root@rocky9-2 harbor]# systemctl daemon-reload && systemctl enable harbor
4.9 用https方式访问harbor网站
在windows系统C:\Windows\System32\drivers\etc\hosts文件里,添加下面内容
172.31.0.19 harbor.raymonds.cc
在浏览器输入“harbor.raymonds.cc”,然后选择“高级”。
图1-10 访问harbor
选择下面的“继续访问harbor.raymonds.cc”。
图1-11 访问harbor2
输入用户名和密码,选择“登陆”。
图1-12 登陆harbor
图1-13就是harbor登陆后的界面。
图1-13 harbor登陆后的界面
图1-14就是harbor.raymonds.cc网址的证书。
图1-14 harbor网址证书
4.10 使用 harbor
4.10.1 建立项目
harbor上必须先建立项目,才能上传镜像
在“项目”菜单下面选择“新建项目”。
图1-15 新建项目
在“新建项目”窗口,设置“项目名称”为linux,勾选“访问级别”后面的“公开”选项,然后点“确定”。
图1-16 新建项目
可以看到下图已经新建了项目linux。
图1-17 创建完项目后的界面
4.10.2 在客户端下载CA的证书
直接上传镜像会报错
[root@rocky9-2 harbor]# cat >> /etc/hosts <<-EOF
172.31.0.19 harbor.raymonds.cc
EOF# 没有证书验证,直接登录失败
[root@rocky9-2 harbor]# docker login harbor.raymonds.cc
Username: admin
Password:
.Error response from daemon: Get "https://harbor.raymonds.cc/v2/": tls: failed to verify certificate: x509: certificate signed by unknown authority
在客户端下载ca的证书
[root@rocky9-2 harbor]# mkdir -pv /etc/docker/certs.d/harbor.${DOMAIN}
mkdir: created directory '/etc/docker/certs.d'
mkdir: created directory '/etc/docker/certs.d/harbor.raymonds.cc'[root@rocky9-2 harbor]# scp -r /apps/harbor/certs/{harbor.${DOMAIN}.cert,harbor.${DOMAIN}.key,ca.crt} /etc/docker/certs.d/harbor.${DOMAIN}[root@rocky9 certs]# tree /etc/docker/certs.d/harbor.${DOMAIN}
/etc/docker/certs.d/harbor.raymonds.cc/
├── ca.crt
├── harbor.raymonds.cc.cert
└── harbor.raymonds.cc.key0 directories, 3 files
4.10.3 从客户端上传镜像
# 先登录系统
[root@rocky9 certs]# docker login harbor.raymonds.cc
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-storeLogin Succeeded[root@rocky9-2 harbor]# cat ~/.docker/config.json
{"auths": {"harbor.raymonds.cc": {"auth": "YWRtaW46MTIzNDU2"}}
}
4.10.4 给本地镜像打标签并上传到harbor
修改 images 的名称,不修改成指定格式无法将镜像上传到 harbor 仓库
[root@Rocky9-2 harbor]# docker pull alpine[root@Rocky9-2 harbor]# docker images |grep "alpine"
alpine latest f8c20f8bbcb6 5 weeks ago 7.38MB[root@Rocky9-2 harbor]# docker tag alpine harbor.raymonds.cc/linux/alpine
[root@Rocky9-2 harbor]# docker images |grep "alpine"
alpine latest f8c20f8bbcb6 5 weeks ago 7.38MB
harbor.raymonds.cc/linux/alpine latest f8c20f8bbcb6 5 weeks ago 7.38MB[root@rocky9-2 harbor]# docker push harbor.raymonds.cc/linux/alpine
Using default tag: latest
The push refers to repository [harbor.raymonds.cc/linux/alpine]
5af4f8f59b76: Pushed
latest: digest: sha256:13b7e62e8df80264dbb747995705a986aa530415763a6c58f84a3ca8af9a5bcd size: 528
访问harbor网站验证上传镜像成功
图1-18 查看上传的镜像
4.10.5 下载harbor的镜像
在172.31.0.8的Rocky 8的主机上无需登录,即可下载镜像
首先要主机初始化和安装docker,安装方法参考4.1和4.2。
[root@rocky8 ~]# cat >> /etc/hosts <<-EOF
172.31.0.19 harbor.raymonds.cc
EOF[root@rocky8 ~]# docker pull harbor.raymonds.cc/linux/alpine
Using default tag: latest
Error response from daemon: Get "https://harbor.raymonds.cc/v2/": tls: failed to verify certificate: x509: certificate signed by unknown authority
# 没有证书不能推送镜像。[root@rocky8 ~]# DOMAIN=raymonds.cc
[root@rocky8 ~]# mkdir -pv /etc/docker/certs.d/harbor.${DOMAIN}
mkdir: created directory '/etc/docker/certs.d'
mkdir: created directory '/etc/docker/certs.d/harbor.raymonds.cc'[root@Rocky9-2 harbor]# scp -r /apps/harbor/certs/{harbor.${DOMAIN}.cert,harbor.${DOMAIN}.key,ca.crt} 172.31.0.8:/etc/docker/certs.d/harbor.${DOMAIN}/[root@rocky8 ~]# tree /etc/docker/certs.d/harbor.${DOMAIN}/
-bash: tree: command not found
[root@rocky8 ~]# dnf -y install tree[root@rocky8 ~]# tree /etc/docker/certs.d/harbor.${DOMAIN}/
/etc/docker/certs.d/harbor.raymonds.cc/
├── ca.crt
├── harbor.raymonds.cc.cert
└── harbor.raymonds.cc.key0 directories, 3 files[root@rocky8 ~]# docker pull harbor.raymonds.cc/linux/alpine
Using default tag: latest
latest: Pulling from linux/alpine
661ff4d9561e: Pull complete
Digest: sha256:13b7e62e8df80264dbb747995705a986aa530415763a6c58f84a3ca8af9a5bcd
Status: Downloaded newer image for harbor.raymonds.cc/linux/alpine:latest
harbor.raymonds.cc/linux/alpine:latest[root@rocky8 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
harbor.raymonds.cc/linux/alpine latest f8c20f8bbcb6 5 weeks ago 7.38MB
4.11一键安装harbor脚本https方式
Shell脚本源码地址:
Gitee:https://gitee.com/raymond9/shell
Github:https://github.com/raymond999999/shell
可以去上面的Gitee或Github代码仓库拉取脚本。
4.11.1 基于docker二进制包一键安装Harbor脚本https方式
[root@rocky9-2 ~]# cat install_harbor_https_v2_1.sh
#!/bin/bash
#
#******************************************************************************************************************
#Author: Raymond
#QQ: 88563128
#Date: 2024-01-26
#FileName: install_harbor_https_v2_1.sh
#URL: raymond.blog.csdn.net
#Description: install_harbor_https for CentOS 7 & CentOS Stream 8/9 & Ubuntu 18.04/20.04/22.04 & Rocky 8/9
#Copyright (C): 2024 All rights reserved
#******************************************************************************************************************
SRC_DIR=/usr/local/src
COLOR="echo -e \\033[01;31m"
END='\033[0m'URL='https://mirrors.aliyun.com/docker-ce/linux/static/stable/x86_64/'
DOCKER_FILE=docker-24.0.7.tgz# Docker Compose下载地址:“https://github.com/docker/compose/releases/download/v2.23.3/docker-compose-linux-x86_64”,请提前下载。
DOCKER_COMPOSE_FILE=docker-compose-linux-x86_64# Harbor下载地址:“https://github.com/goharbor/harbor/releases/download/v2.10.0/harbor-offline-installer-v2.10.0.tgz”,请提前下载。
HARBOR_FILE=harbor-offline-installer-v
HARBOR_VERSION=2.10.0
TAR=.tgz
HARBOR_INSTALL_DIR=/apps
DOMAIN=raymonds.cc
HARBOR_ADMIN_PASSWORD=123456os(){OS_ID=`sed -rn '/^NAME=/s@.*="([[:alpha:]]+).*"$@\1@p' /etc/os-release`OS_RELEASE_VERSION=`sed -rn '/^VERSION_ID=/s@.*="?([0-9]+)\.?.*"?@\1@p' /etc/os-release`
}check_file (){cd ${SRC_DIR}if [ ${OS_ID} == "CentOS" -o ${OS_ID} == "Rocky" ] &> /dev/null;thenrpm -q wget &> /dev/null || { ${COLOR}"安装wget工具,请稍等..."${END};yum -y install wget &> /dev/null; }fiif [ ! -e ${DOCKER_FILE} ];then${COLOR}"缺少${DOCKER_FILE}文件,如果是离线包,请把文件放到${SRC_DIR}目录下"${END}${COLOR}'开始下载DOCKER二进制源码包'${END}wget ${URL}${DOCKER_FILE} || { ${COLOR}"DOCKER二进制安装包下载失败"${END}; exit; }elif [ ! -e ${DOCKER_COMPOSE_FILE} ];then${COLOR}"缺少${DOCKER_COMPOSE_FILE}文件,请把文件放到${SRC_DIR}目录下"${END}exitelif [ ! -e ${HARBOR_FILE}${HARBOR_VERSION}${TAR} ];then${COLOR}"缺少${HARBOR_FILE}${HARBOR_VERSION}${TAR}文件,请把文件放到${SRC_DIR}目录下"${END}exitelse${COLOR}"相关文件已准备好"${END}fi
}install_docker(){ ${COLOR}"开始安装Docker,请稍等..."${END}tar xf ${DOCKER_FILE}mv docker/* /usr/bin/cat > /lib/systemd/system/docker.service <<-EOF
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target firewalld.service
Wants=network-online.target[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStart=/usr/bin/dockerd -H unix://var/run/docker.sock
ExecReload=/bin/kill -s HUP \$MAINPID
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
# Uncomment TasksMax if your systemd version supports it.
# Only systemd 226 and above support this version.
#TasksMax=infinity
TimeoutStartSec=0
# set delegate yes so that systemd does not reset the cgroups of docker containers
Delegate=yes
# kill only the docker process, not all processes in the cgroup
KillMode=process
# restart the docker process if it exits prematurely
Restart=on-failure
StartLimitBurst=3
StartLimitInterval=60s[Install]
WantedBy=multi-user.target
EOFmkdir -p /etc/dockercat > /etc/docker/daemon.json <<-EOF
{"registry-mirrors": ["https://registry.docker-cn.com","https://hub-mirror.c.163.com","https://docker.mirrors.ustc.edu.cn"],"data-root": "/data/docker","exec-opts": ["native.cgroupdriver=systemd"],"max-concurrent-downloads": 10,"max-concurrent-uploads": 5,"log-opts": {"max-size": "300m","max-file": "2" },"live-restore": true
}
EOFecho 'alias rmi="docker images -qa|xargs docker rmi -f"' >> ~/.bashrcecho 'alias rmc="docker ps -qa|xargs docker rm -f"' >> ~/.bashrcsystemctl daemon-reloadsystemctl enable --now docker &> /dev/nullsystemctl is-active docker &> /dev/null && ${COLOR}"Docker 服务启动成功"${END} || { ${COLOR}"Docker 启动失败"${END};exit; }docker version && ${COLOR}"Docker 安装成功"${END} || ${COLOR}"Docker 安装失败"${END}
}install_docker_compose(){${COLOR}"开始安装Docker Compose,请稍等..."${END}mv ${SRC_DIR}/${DOCKER_COMPOSE_FILE} /usr/bin/docker-composechmod +x /usr/bin/docker-composedocker-compose --version && ${COLOR}"Docker Compose 安装完成"${END} || ${COLOR}"Docker compose 安装失败"${END}
}install_harbor(){${COLOR}"开始安装Harbor,请稍等..."${END}[ -d ${HARBOR_INSTALL_DIR} ] || mkdir ${HARBOR_INSTALL_DIR}tar xf ${SRC_DIR}/${HARBOR_FILE}${HARBOR_VERSION}${TAR} -C ${HARBOR_INSTALL_DIR}/# 生成私钥和证书touch /root/.rndmkdir /apps/harbor/certs/cd /apps/harbor/certs/openssl genrsa -out ca.key 4096openssl req -x509 -new -nodes -sha512 -days 3650 -subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=ca.${DOMAIN}" -key ca.key -out ca.crtopenssl genrsa -out harbor.${DOMAIN}.key 4096openssl req -sha512 -new -subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=harbor.${DOMAIN}" -key harbor.${DOMAIN}.key -out harbor.${DOMAIN}.csrcat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names[alt_names]
DNS.1=${DOMAIN}
DNS.2=ca.${DOMAIN}
DNS.3=harbor.${DOMAIN}
EOFopenssl x509 -req -sha512 -days 3650 -extfile v3.ext -CA ca.crt -CAkey ca.key -CAcreateserial -in harbor.${DOMAIN}.csr -out harbor.${DOMAIN}.crtopenssl x509 -inform PEM -in harbor.${DOMAIN}.crt -out harbor.${DOMAIN}.certmv ${HARBOR_INSTALL_DIR}/harbor/harbor.yml.tmpl ${HARBOR_INSTALL_DIR}/harbor/harbor.ymlsed -ri.bak -e 's/^(hostname:) .*/\1 harbor.'''${DOMAIN}'''/' -e 's@ (certificate:) .*@ \1 '''${HARBOR_INSTALL_DIR}'''/harbor/certs/harbor.'''${DOMAIN}'''.crt@' -e 's@ (private_key:) .*@ \1 '''${HARBOR_INSTALL_DIR}'''/harbor/certs/harbor.'''${DOMAIN}'''.key@' -e 's/^(harbor_admin_password:) .*/\1 '''${HARBOR_ADMIN_PASSWORD}'''/' ${HARBOR_INSTALL_DIR}/harbor/harbor.ymlif [ ${OS_ID} == "CentOS" -o ${OS_ID} == "Rocky" ] &> /dev/null;thenrpm -q python3 &> /dev/null || { ${COLOR}"安装python3,请稍等..."${END};yum -y install python3 &> /dev/null; }elsedpkg -s python3 &>/dev/null || { ${COLOR}"安装python3,请稍等..."${END};apt -y install python3 &> /dev/null; }fi${HARBOR_INSTALL_DIR}/harbor/install.sh --with-trivy && ${COLOR}"Harbor 安装完成"${END} || ${COLOR}"Harbor 安装失败"${END}cat > /lib/systemd/system/harbor.service <<-EOF
[Unit]
Description=Harbor
After=docker.service systemd-networkd.service systemd-resolved.service
Requires=docker.service
Documentation=http://github.com/vmware/harbor[Service]
Type=simple
Restart=on-failure
RestartSec=5
ExecStart=/usr/bin/docker-compose -f /apps/harbor/docker-compose.yml up
ExecStop=/usr/bin/docker-compose -f /apps/harbor/docker-compose.yml down[Install]
WantedBy=multi-user.target
EOFsystemctl daemon-reload systemctl enable harbor &>/dev/null && ${COLOR}"Harbor已配置为开机自动启动"${END}
}set_swap_limit(){if [ ${OS_RELEASE_VERSION} == "18" -o ${OS_RELEASE_VERSION} == "20" ];thengrep -q "swapaccount=1" /etc/default/grub && { ${COLOR}'"WARNING: No swap limit support"警告,已设置'${END};exit; }${COLOR}'设置Docker的"WARNING: No swap limit support"警告'${END}sed -ri '/^GRUB_CMDLINE_LINUX=/s@"$@ swapaccount=1"@' /etc/default/grubupdate-grub &> /dev/null${COLOR}"10秒后,机器会自动重启"${END}sleep 10rebootfi
}main(){oscheck_file[ -f /usr/bin/docker ] && ${COLOR}"Docker已安装"${END} || install_docker[ -f /usr/bin/docker-compose ] && ${COLOR}"Docker Compose已安装"${END} || install_docker_composesystemctl is-active harbor &> /dev/null && ${COLOR}"Harbor已安装"${END} || install_harborset_swap_limit
}main
4.11.2 基于docker镜像仓库一键安装Harbor脚本https方式
[root@rocky9-2 ~]# cat install_harbor_https_v2_2.sh
#!/bin/bash
#
#******************************************************************************************************************
#Author: Raymond
#QQ: 88563128
#Date: 2024-01-26
#FileName: install_harbor_https_v2_2.sh
#URL: raymond.blog.csdn.net
#Description: install_harbor_https for CentOS 7 & CentOS Stream 8/9 & Ubuntu 18.04/20.04/22.04 & Rocky 8/9
#Copyright (C): 2024 All rights reserved
#******************************************************************************************************************
SRC_DIR=/usr/local/src
COLOR="echo -e \\033[01;31m"
END='\033[0m'DOCKER_VERSION=24.0.7
DOCKER_MAIN_VERSION=`echo ${DOCKER_VERSION} | awk -F'.' '{print $1}'`
URL='mirrors.aliyun.com'# Docker Compose下载地址:“https://github.com/docker/compose/releases/download/v2.23.3/docker-compose-linux-x86_64”,请提前下载。
DOCKER_COMPOSE_FILE=docker-compose-linux-x86_64# Harbor下载地址:“https://github.com/goharbor/harbor/releases/download/v2.10.0/harbor-offline-installer-v2.10.0.tgz”,请提前下载。
HARBOR_FILE=harbor-offline-installer-v
HARBOR_VERSION=2.10.0
TAR=.tgz
HARBOR_INSTALL_DIR=/apps
DOMAIN=raymonds.cc
HARBOR_ADMIN_PASSWORD=123456os(){OS_ID=`sed -rn '/^NAME=/s@.*="([[:alpha:]]+).*"$@\1@p' /etc/os-release`OS_RELEASE_VERSION=`sed -rn '/^VERSION_ID=/s@.*="?([0-9]+)\.?.*"?@\1@p' /etc/os-release`
}check_file (){cd ${SRC_DIR}if [ ! -e ${DOCKER_COMPOSE_FILE} ];then${COLOR}"缺少${DOCKER_COMPOSE_FILE}文件,请把文件放到${SRC_DIR}目录下"${END}exitelif [ ! -e ${HARBOR_FILE}${HARBOR_VERSION}${TAR} ];then${COLOR}"缺少${HARBOR_FILE}${HARBOR_VERSION}${TAR}文件,请把文件放到${SRC_DIR}目录下"${END}exitelse${COLOR}"相关文件已准备好"${END}fi
}ubuntu_install_docker(){${COLOR}"开始安装Docker依赖包,请稍等..."${END}apt update &> /dev/nullapt -y install apt-transport-https ca-certificates curl software-properties-common &> /dev/nullcurl -fsSL https://${URL}/docker-ce/linux/ubuntu/gpg | sudo apt-key add - &> /dev/nulladd-apt-repository -y "deb [arch=amd64] https://${URL}/docker-ce/linux/ubuntu $(lsb_release -cs) stable" &> /dev/null apt update &> /dev/null${COLOR}"Docker有以下版本"${END}apt-cache madison docker-ce${COLOR}"10秒后即将安装:Docker-"${DOCKER_VERSION}"版本......"${END}${COLOR}"如果想安装其它Docker版本,请按Ctrl+c键退出,修改版本再执行"${END}sleep 10${COLOR}"开始安装Docker,请稍等..."${END}if [ ${DOCKER_MAIN_VERSION} == "18" -o ${DOCKER_MAIN_VERSION} == "19" -o ${DOCKER_MAIN_VERSION} == "20" ];thenapt -y install docker-ce=5:${DOCKER_VERSION}~3-0~ubuntu-$(lsb_release -cs) docker-ce-cli=5:${DOCKER_VERSION}~3-0~ubuntu-$(lsb_release -cs) &> /dev/null || { ${COLOR}"apt源失败,请检查apt配置"${END};exit; }elseapt -y install docker-ce=5:${DOCKER_VERSION}-1~ubuntu.$(lsb_release -rs)~$(lsb_release -cs) docker-ce-cli=5:${DOCKER_VERSION}-1~ubuntu.$(lsb_release -rs)~$(lsb_release -cs) &> /dev/null || { ${COLOR}"apt源失败,请检查apt配置"${END};exit; }fi
}centos_install_docker(){${COLOR}"开始安装Docker依赖包,请稍等..."${END}yum -y install yum-utils &> /dev/nullyum-config-manager --add-repo https://${URL}/docker-ce/linux/centos/docker-ce.repo &> /dev/nullyum clean all &> /dev/nullyum makecache &> /dev/null${COLOR}"Docker有以下版本"${END}yum list docker-ce.x86_64 --showduplicates${COLOR}"10秒后即将安装:Docker-"${DOCKER_VERSION}"版本......"${END}${COLOR}"如果想安装其它Docker版本,请按Ctrl+c键退出,修改版本再执行"${END}sleep 10${COLOR}"开始安装Docker,请稍等..."${END}yum -y install docker-ce-${DOCKER_VERSION} docker-ce-cli-${DOCKER_VERSION} &> /dev/null || { ${COLOR}"yum源失败,请检查yum配置"${END};exit; }
}mirror_accelerator(){mkdir -p /etc/dockercat > /etc/docker/daemon.json <<-EOF
{"registry-mirrors": ["https://registry.docker-cn.com","https://hub-mirror.c.163.com","https://docker.mirrors.ustc.edu.cn"],"data-root": "/data/docker","exec-opts": ["native.cgroupdriver=systemd"],"max-concurrent-downloads": 10,"max-concurrent-uploads": 5,"log-opts": {"max-size": "300m","max-file": "2" },"live-restore": true
}
EOFsystemctl daemon-reloadsystemctl enable --now dockersystemctl is-active docker &> /dev/null && ${COLOR}"Docker 服务启动成功"${END} || { ${COLOR}"Docker 启动失败"${END};exit; }docker version && ${COLOR}"Docker 安装成功"${END} || ${COLOR}"Docker 安装失败"${END}
}set_alias(){echo 'alias rmi="docker images -qa|xargs docker rmi -f"' >> ~/.bashrcecho 'alias rmc="docker ps -qa|xargs docker rm -f"' >> ~/.bashrc
}install_docker_compose(){${COLOR}"开始安装Docker Compose,请稍等..."${END}mv ${SRC_DIR}/${DOCKER_COMPOSE_FILE} /usr/bin/docker-composechmod +x /usr/bin/docker-composedocker-compose --version && ${COLOR}"Docker Compose 安装完成"${END} || ${COLOR}"Docker compose 安装失败"${END}
}install_harbor(){${COLOR}"开始安装Harbor,请稍等..."${END}[ -d ${HARBOR_INSTALL_DIR} ] || mkdir ${HARBOR_INSTALL_DIR}tar xf ${SRC_DIR}/${HARBOR_FILE}${HARBOR_VERSION}${TAR} -C ${HARBOR_INSTALL_DIR}/# 生成私钥和证书touch /root/.rndmkdir /apps/harbor/certs/cd /apps/harbor/certs/openssl genrsa -out ca.key 4096openssl req -x509 -new -nodes -sha512 -days 3650 -subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=ca.${DOMAIN}" -key ca.key -out ca.crtopenssl genrsa -out harbor.${DOMAIN}.key 4096openssl req -sha512 -new -subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=harbor.${DOMAIN}" -key harbor.${DOMAIN}.key -out harbor.${DOMAIN}.csrcat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names[alt_names]
DNS.1=${DOMAIN}
DNS.2=ca.${DOMAIN}
DNS.3=harbor.${DOMAIN}
EOFopenssl x509 -req -sha512 -days 3650 -extfile v3.ext -CA ca.crt -CAkey ca.key -CAcreateserial -in harbor.${DOMAIN}.csr -out harbor.${DOMAIN}.crtopenssl x509 -inform PEM -in harbor.${DOMAIN}.crt -out harbor.${DOMAIN}.certmv ${HARBOR_INSTALL_DIR}/harbor/harbor.yml.tmpl ${HARBOR_INSTALL_DIR}/harbor/harbor.ymlsed -ri.bak -e 's/^(hostname:) .*/\1 harbor.'''${DOMAIN}'''/' -e 's@ (certificate:) .*@ \1 '''${HARBOR_INSTALL_DIR}'''/harbor/certs/harbor.'''${DOMAIN}'''.crt@' -e 's@ (private_key:) .*@ \1 '''${HARBOR_INSTALL_DIR}'''/harbor/certs/harbor.'''${DOMAIN}'''.key@' -e 's/^(harbor_admin_password:) .*/\1 '''${HARBOR_ADMIN_PASSWORD}'''/' ${HARBOR_INSTALL_DIR}/harbor/harbor.ymlif [ ${OS_ID} == "CentOS" -o ${OS_ID} == "Rocky" ] &> /dev/null;thenrpm -q python3 &> /dev/null || { ${COLOR}"安装python3,请稍等..."${END};yum -y install python3 &> /dev/null; }elsedpkg -s python3 &>/dev/null || { ${COLOR}"安装python3,请稍等..."${END};apt -y install python3 &> /dev/null; }fi${HARBOR_INSTALL_DIR}/harbor/install.sh --with-trivy && ${COLOR}"Harbor 安装完成"${END} || ${COLOR}"Harbor 安装失败"${END}cat > /lib/systemd/system/harbor.service <<-EOF
[Unit]
Description=Harbor
After=docker.service systemd-networkd.service systemd-resolved.service
Requires=docker.service
Documentation=http://github.com/vmware/harbor[Service]
Type=simple
Restart=on-failure
RestartSec=5
ExecStart=/usr/bin/docker-compose -f /apps/harbor/docker-compose.yml up
ExecStop=/usr/bin/docker-compose -f /apps/harbor/docker-compose.yml down[Install]
WantedBy=multi-user.target
EOFsystemctl daemon-reload systemctl enable harbor &>/dev/null && ${COLOR}"Harbor已配置为开机自动启动"${END}
}set_swap_limit(){if [ ${OS_RELEASE_VERSION} == "18" -o ${OS_RELEASE_VERSION} == "20" ];thengrep -q "swapaccount=1" /etc/default/grub && { ${COLOR}'"WARNING: No swap limit support"警告,已设置'${END};exit; }${COLOR}'设置Docker的"WARNING: No swap limit support"警告'${END}sed -ri '/^GRUB_CMDLINE_LINUX=/s@"$@ swapaccount=1"@' /etc/default/grubupdate-grub &> /dev/null${COLOR}"10秒后,机器会自动重启"${END}sleep 10rebootfi
}main(){oscheck_fileif [ ${OS_ID} == "CentOS" -o ${OS_ID} == "Rocky" ] &> /dev/null;thenrpm -q docker-ce &> /dev/null && ${COLOR}"Docker已安装"${END} || centos_install_dockerelsedpkg -s docker-ce &>/dev/null && ${COLOR}"Docker已安装"${END} || ubuntu_install_dockerfi[ -f /etc/docker/daemon.json ] &>/dev/null && ${COLOR}"Docker镜像加速器已设置"${END} || mirror_acceleratorgrep -Eqoi "(.*rmi=|.*rmc=)" ~/.bashrc && ${COLOR}"Docker别名已设置"${END} || set_alias[ -f /usr/bin/docker-compose ] && ${COLOR}"Docker Compose已安装"${END} || install_docker_composesystemctl is-active harbor &> /dev/null && ${COLOR}"Harbor已安装"${END} || install_harborset_swap_limit
}main
