安装过程

[root@docker03 ~]# mv harbor-offline-installer-v1.10.1.tgz  /usr/local/src/
[root@docker03 ~]# cd /usr/local/src/
[root@docker03 src]# tar xfz harbor-offline-installer-v1.10.1.tgz 

 

[root@docker03 src]# cd harbor/
[root@docker03 harbor]# ll
total 662120
-rw-r--r-- 1 root root      3398 Feb 10  2020 common.sh
-rw-r--r-- 1 root root 677974489 Feb 10  2020 harbor.v1.10.1.tar.gz
-rw-r--r-- 1 root root      5882 Feb 10  2020 harbor.yml
-rwxr-xr-x 1 root root      2284 Feb 10  2020 install.sh
-rw-r--r-- 1 root root     11347 Feb 10  2020 LICENSE
-rwxr-xr-x 1 root root      1749 Feb 10  2020 prepare

编辑harbor.yml，不配置ssl

[root@docker03 harbor]# egrep -v "^$|#" harbor.yml 
hostname: mytest.harbor.com
http:
  port: 80
harbor_admin_password: Harbor12345
database:
  password: root123
  max_idle_conns: 50
  max_open_conns: 100
data_volume: /data
clair:
  updaters_interval: 12
jobservice:
  max_job_workers: 10
notification:
  webhook_job_max_retry: 10
chart:
  absolute_url: disabled
log:
  level: info
  local:
    rotate_count: 50
    rotate_size: 200M
    location: /var/log/harbor
_version: 1.10.0
proxy:
  http_proxy:
  https_proxy:
  no_proxy:
  components:
    - core
    - jobservice
    - clair

安装

先执行安装前检查 ./prepare

[root@docker03 harbor]# ./prepare 
prepare base dir is set to /usr/local/src/harbor
WARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. Please make sure to upgrade to https
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
Generated and saved secret to file: /secret/keys/secretkey
Generated certificate, key file: /secret/core/private_key.pem, cert file: /secret/registry/root.crt
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir

 

[root@docker03 harbor]# ./install.sh 

[Step 0]: checking if docker is installed ...

Note: docker version: 18.09.9

[Step 1]: checking docker-compose is installed ...
✖ Need to install docker-compose(1.18.0+) by yourself first and run this script again.

安装docker-compose

[root@docker03 harbor]# yum install docker-compose -y

或者

[root@docker03 harbor]# yum install -y python3-pip

[root@docker03 harbor]# pip3 install docker-compose

查看docker-compose安装结果

[root@docker03 harbor]# docker-compose -v
docker-compose version 1.18.0, build 8dd22a9

开始安装harbor，使用install.sh

[root@docker03 harbor]# ./install.sh 

[Step 0]: checking if docker is installed ...

Note: docker version: 18.09.9

[Step 1]: checking docker-compose is installed ...

Note: docker-compose version: 1.18.0

[Step 2]: loading Harbor images ...
Loaded image: goharbor/clair-adapter-photon:v1.0.1-v1.10.1
Loaded image: goharbor/harbor-jobservice:v1.10.1
Loaded image: goharbor/redis-photon:v1.10.1
Loaded image: goharbor/notary-server-photon:v0.6.1-v1.10.1
Loaded image: goharbor/clair-photon:v2.1.1-v1.10.1
Loaded image: goharbor/harbor-log:v1.10.1
Loaded image: goharbor/registry-photon:v2.7.1-patch-2819-2553-v1.10.1
Loaded image: goharbor/notary-signer-photon:v0.6.1-v1.10.1
Loaded image: goharbor/chartmuseum-photon:v0.9.0-v1.10.1
Loaded image: goharbor/harbor-registryctl:v1.10.1
Loaded image: goharbor/nginx-photon:v1.10.1
Loaded image: goharbor/harbor-migrator:v1.10.1
Loaded image: goharbor/prepare:v1.10.1
Loaded image: goharbor/harbor-portal:v1.10.1
Loaded image: goharbor/harbor-core:v1.10.1
Loaded image: goharbor/harbor-db:v1.10.1


[Step 3]: preparing environment ...

[Step 4]: preparing harbor configs ...
prepare base dir is set to /usr/local/src/harbor
WARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. Please make sure to upgrade to https
Clearing the configuration file: /config/log/logrotate.conf
Clearing the configuration file: /config/log/rsyslog_docker.conf
Clearing the configuration file: /config/nginx/nginx.conf
Clearing the configuration file: /config/core/env
Clearing the configuration file: /config/core/app.conf
Clearing the configuration file: /config/registry/config.yml
Clearing the configuration file: /config/registryctl/env
Clearing the configuration file: /config/registryctl/config.yml
Clearing the configuration file: /config/db/env
Clearing the configuration file: /config/jobservice/env
Clearing the configuration file: /config/jobservice/config.yml
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
Creating harbor-log ... done
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir


Creating redis ... done
Creating harbor-core ... done
Creating network "harbor_harbor" with the default driver
Creating nginx ... done
Creating harbor-portal ... 
Creating registryctl ... 
Creating redis ... 
Creating registry ... 
Creating harbor-db ... 
Creating harbor-core ... 
Creating nginx ... 
Creating harbor-jobservice ... 
✔ ----Harbor has been installed and started successfully.----

设置harbor自启动

[root@docker03 harbor]# vi /usr/lib/systemd/system/harbor.service
[Unit]
Description=Harbor
After=docker.service systemd-networkd.service systemd-resolved.service
Requires=docker.service
Documentation=http://github.com/vmware/harbor
[Service]
Type=simple
Restart=on-failure
RestartSec=5
ExecStart=/usr/bin/docker-compose -f /usr/local/src/harbor/docker-compose.yml up
ExecStop=/usr/bin/docker-compose -f /usr/local/src/harbor/docker-compose.yml down
[Install]
WantedBy=multi-user.target

访问测试

 

                                                                                                                                                                                                                                                                           登录后新建一个项目仓库

 

其他docker服务器配置镜像仓库

[root@docker01 src]# vim /etc/docker/daemon.json 
{
  "registry-mirrors": ["https://05eotbde.mirror.aliyuncs.com"],
   "insecure-registries": ["zhanghao:443","mytest.harbor.com:80"]
}

重启docker

[root@docker01 src]# systemctl daemon-reload
[root@docker01 src]# systemctl restart docker

测试登录docker

[root@docker01 src]# docker login -u admin http://mytest.harbor.com:80
Password: 
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

给镜像打标并推送至仓库

[root@docker01 src]# docker tag nginx:1.16.1-alpine  mytest.harbor.com:80/test/nginx:1.16.1-alpine

[root@docker01 src]# docker push mytest.harbor.com:80/test/nginx:1.16.1-alpine
The push refers to repository [mytest.harbor.com:80/test/nginx]
08065237b498: Layer already exists 
531743b7098c: Layer already exists 
1.16.1-alpine: digest: sha256:0dfc8450deb8c7f06fbaac27e453ac3262df7d3a93639c4e2f48ee39434ec017 size: 739

如果打标时，项目名写错了，会报出权限错误

denied: requested access to the resource is denied

[root@docker01 src]# docker push mytest.harbor.com:80/test123/nginx:1.16.1-alpine
The push refers to repository [mytest.harbor.com:80/test123/nginx]
08065237b498: Preparing 
531743b7098c: Preparing 
denied: requested access to the resource is denied

在仓库中查看镜像

 

 测试从其他服务器拉去镜像

[root@docker04 ~]# cat /etc/docker/daemon.json 
{
  "registry-mirrors": ["https://05eotbde.mirror.aliyuncs.com"],
   "insecure-registries": ["zhanghao:443","mytest.harbor.com:80"]
}

重启docker

[root@docker04 ~]# systemctl daemon-reload
[root@docker04 ~]# systemctl restart docker

拉取镜像

[root@docker04 ~]# docker login -u admin mytest.harbor.com:80/
Password: 
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded


[root@docker04 ~]# docker pull mytest.harbor.com:80/test/nginx:1.16.1-alpine
1.16.1-alpine: Pulling from test/nginx
4167d3e14976: Pull complete 
d9176111d0ef: Pull complete 
Digest: sha256:0dfc8450deb8c7f06fbaac27e453ac3262df7d3a93639c4e2f48ee39434ec017
Status: Downloaded newer image for mytest.harbor.com:80/test/nginx:1.16.1-alpine


[root@docker04 ~]# docker images
REPOSITORY                        TAG                 IMAGE ID            CREATED             SIZE
test1                             latest              5cbae2543770        6 days ago          133MB
nginx                             latest              4cdc5dd7eaad        10 days ago         133MB
mytest.harbor.com:80/test/nginx   1.16.1-alpine       5fad07aba15a        18 months ago       21.8MB

如果镜像仓库没有设置公开（也就是私有仓库），那么拉取镜像是需要登录的，如果设置成公开仓库，就不需要登录了

 

 

[root@docker04 ~]# docker pull mytest.harbor.com/test/nginx:1.16.1-alpine
1.16.1-alpine: Pulling from test/nginx
4167d3e14976: Pull complete 
d9176111d0ef: Pull complete 
Digest: sha256:0dfc8450deb8c7f06fbaac27e453ac3262df7d3a93639c4e2f48ee39434ec017
Status: Downloaded newer image for mytest.harbor.com/test/nginx:1.16.1-alpine