安装过程
[root@docker03 ~]# mv harbor-offline-installer-v1.10.1.tgz /usr/local/src/ [root@docker03 ~]# cd /usr/local/src/ [root@docker03 src]# tar xfz harbor-offline-installer-v1.10.1.tgz
[root@docker03 src]# cd harbor/ [root@docker03 harbor]# ll total 662120 -rw-r--r-- 1 root root 3398 Feb 10 2020 common.sh -rw-r--r-- 1 root root 677974489 Feb 10 2020 harbor.v1.10.1.tar.gz -rw-r--r-- 1 root root 5882 Feb 10 2020 harbor.yml -rwxr-xr-x 1 root root 2284 Feb 10 2020 install.sh -rw-r--r-- 1 root root 11347 Feb 10 2020 LICENSE -rwxr-xr-x 1 root root 1749 Feb 10 2020 prepare
编辑harbor.yml,不配置ssl
[root@docker03 harbor]# egrep -v "^$|#" harbor.yml hostname: mytest.harbor.com http: port: 80 harbor_admin_password: Harbor12345 database: password: root123 max_idle_conns: 50 max_open_conns: 100 data_volume: /data clair: updaters_interval: 12 jobservice: max_job_workers: 10 notification: webhook_job_max_retry: 10 chart: absolute_url: disabled log: level: info local: rotate_count: 50 rotate_size: 200M location: /var/log/harbor _version: 1.10.0 proxy: http_proxy: https_proxy: no_proxy: components: - core - jobservice - clair
安装
先执行安装前检查 ./prepare
[root@docker03 harbor]# ./prepare prepare base dir is set to /usr/local/src/harbor WARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. Please make sure to upgrade to https Generated configuration file: /config/log/logrotate.conf Generated configuration file: /config/log/rsyslog_docker.conf Generated configuration file: /config/nginx/nginx.conf Generated configuration file: /config/core/env Generated configuration file: /config/core/app.conf Generated configuration file: /config/registry/config.yml Generated configuration file: /config/registryctl/env Generated configuration file: /config/db/env Generated configuration file: /config/jobservice/env Generated configuration file: /config/jobservice/config.yml Generated and saved secret to file: /secret/keys/secretkey Generated certificate, key file: /secret/core/private_key.pem, cert file: /secret/registry/root.crt Generated configuration file: /compose_location/docker-compose.yml Clean up the input dir
[root@docker03 harbor]# ./install.sh [Step 0]: checking if docker is installed ... Note: docker version: 18.09.9 [Step 1]: checking docker-compose is installed ... ✖ Need to install docker-compose(1.18.0+) by yourself first and run this script again.
安装docker-compose
[root@docker03 harbor]# yum install docker-compose -y 或者 [root@docker03 harbor]# yum install -y python3-pip [root@docker03 harbor]# pip3 install docker-compose
查看docker-compose安装结果
[root@docker03 harbor]# docker-compose -v docker-compose version 1.18.0, build 8dd22a9
开始安装harbor,使用install.sh
[root@docker03 harbor]# ./install.sh [Step 0]: checking if docker is installed ... Note: docker version: 18.09.9 [Step 1]: checking docker-compose is installed ... Note: docker-compose version: 1.18.0 [Step 2]: loading Harbor images ... Loaded image: goharbor/clair-adapter-photon:v1.0.1-v1.10.1 Loaded image: goharbor/harbor-jobservice:v1.10.1 Loaded image: goharbor/redis-photon:v1.10.1 Loaded image: goharbor/notary-server-photon:v0.6.1-v1.10.1 Loaded image: goharbor/clair-photon:v2.1.1-v1.10.1 Loaded image: goharbor/harbor-log:v1.10.1 Loaded image: goharbor/registry-photon:v2.7.1-patch-2819-2553-v1.10.1 Loaded image: goharbor/notary-signer-photon:v0.6.1-v1.10.1 Loaded image: goharbor/chartmuseum-photon:v0.9.0-v1.10.1 Loaded image: goharbor/harbor-registryctl:v1.10.1 Loaded image: goharbor/nginx-photon:v1.10.1 Loaded image: goharbor/harbor-migrator:v1.10.1 Loaded image: goharbor/prepare:v1.10.1 Loaded image: goharbor/harbor-portal:v1.10.1 Loaded image: goharbor/harbor-core:v1.10.1 Loaded image: goharbor/harbor-db:v1.10.1 [Step 3]: preparing environment ... [Step 4]: preparing harbor configs ... prepare base dir is set to /usr/local/src/harbor WARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. Please make sure to upgrade to https Clearing the configuration file: /config/log/logrotate.conf Clearing the configuration file: /config/log/rsyslog_docker.conf Clearing the configuration file: /config/nginx/nginx.conf Clearing the configuration file: /config/core/env Clearing the configuration file: /config/core/app.conf Clearing the configuration file: /config/registry/config.yml Clearing the configuration file: /config/registryctl/env Clearing the configuration file: /config/registryctl/config.yml Clearing the configuration file: /config/db/env Clearing the configuration file: /config/jobservice/env Clearing the configuration file: /config/jobservice/config.yml Generated configuration file: /config/log/logrotate.conf Generated configuration file: /config/log/rsyslog_docker.conf Generated configuration file: /config/nginx/nginx.conf Generated configuration file: /config/core/env Generated configuration file: /config/core/app.conf Generated configuration file: /config/registry/config.yml Generated configuration file: /config/registryctl/env Generated configuration file: /config/db/env Generated configuration file: /config/jobservice/env Generated configuration file: /config/jobservice/config.yml Creating harbor-log ... done Generated configuration file: /compose_location/docker-compose.yml Clean up the input dir Creating redis ... done Creating harbor-core ... done Creating network "harbor_harbor" with the default driver Creating nginx ... done Creating harbor-portal ... Creating registryctl ... Creating redis ... Creating registry ... Creating harbor-db ... Creating harbor-core ... Creating nginx ... Creating harbor-jobservice ... ✔ ----Harbor has been installed and started successfully.----
设置harbor自启动
[root@docker03 harbor]# vi /usr/lib/systemd/system/harbor.service [Unit] Description=Harbor After=docker.service systemd-networkd.service systemd-resolved.service Requires=docker.service Documentation=http://github.com/vmware/harbor [Service] Type=simple Restart=on-failure RestartSec=5 ExecStart=/usr/bin/docker-compose -f /usr/local/src/harbor/docker-compose.yml up ExecStop=/usr/bin/docker-compose -f /usr/local/src/harbor/docker-compose.yml down [Install] WantedBy=multi-user.target
访问测试
登录后新建一个项目仓库
其他docker服务器配置镜像仓库
[root@docker01 src]# vim /etc/docker/daemon.json { "registry-mirrors": ["https://05eotbde.mirror.aliyuncs.com"], "insecure-registries": ["zhanghao:443","mytest.harbor.com:80"] }
重启docker
[root@docker01 src]# systemctl daemon-reload [root@docker01 src]# systemctl restart docker
测试登录docker
[root@docker01 src]# docker login -u admin http://mytest.harbor.com:80 Password: WARNING! Your password will be stored unencrypted in /root/.docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store Login Succeeded
给镜像打标并推送至仓库
[root@docker01 src]# docker tag nginx:1.16.1-alpine mytest.harbor.com:80/test/nginx:1.16.1-alpine [root@docker01 src]# docker push mytest.harbor.com:80/test/nginx:1.16.1-alpine The push refers to repository [mytest.harbor.com:80/test/nginx] 08065237b498: Layer already exists 531743b7098c: Layer already exists 1.16.1-alpine: digest: sha256:0dfc8450deb8c7f06fbaac27e453ac3262df7d3a93639c4e2f48ee39434ec017 size: 739
如果打标时,项目名写错了,会报出权限错误
denied: requested access to the resource is denied
[root@docker01 src]# docker push mytest.harbor.com:80/test123/nginx:1.16.1-alpine The push refers to repository [mytest.harbor.com:80/test123/nginx] 08065237b498: Preparing 531743b7098c: Preparing denied: requested access to the resource is denied
在仓库中查看镜像
测试从其他服务器拉去镜像
[root@docker04 ~]# cat /etc/docker/daemon.json { "registry-mirrors": ["https://05eotbde.mirror.aliyuncs.com"], "insecure-registries": ["zhanghao:443","mytest.harbor.com:80"] }
重启docker
[root@docker04 ~]# systemctl daemon-reload [root@docker04 ~]# systemctl restart docker
拉取镜像
[root@docker04 ~]# docker login -u admin mytest.harbor.com:80/ Password: WARNING! Your password will be stored unencrypted in /root/.docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store Login Succeeded [root@docker04 ~]# docker pull mytest.harbor.com:80/test/nginx:1.16.1-alpine 1.16.1-alpine: Pulling from test/nginx 4167d3e14976: Pull complete d9176111d0ef: Pull complete Digest: sha256:0dfc8450deb8c7f06fbaac27e453ac3262df7d3a93639c4e2f48ee39434ec017 Status: Downloaded newer image for mytest.harbor.com:80/test/nginx:1.16.1-alpine [root@docker04 ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE test1 latest 5cbae2543770 6 days ago 133MB nginx latest 4cdc5dd7eaad 10 days ago 133MB mytest.harbor.com:80/test/nginx 1.16.1-alpine 5fad07aba15a 18 months ago 21.8MB
如果镜像仓库没有设置公开(也就是私有仓库),那么拉取镜像是需要登录的,如果设置成公开仓库,就不需要登录了
[root@docker04 ~]# docker pull mytest.harbor.com/test/nginx:1.16.1-alpine 1.16.1-alpine: Pulling from test/nginx 4167d3e14976: Pull complete d9176111d0ef: Pull complete Digest: sha256:0dfc8450deb8c7f06fbaac27e453ac3262df7d3a93639c4e2f48ee39434ec017 Status: Downloaded newer image for mytest.harbor.com/test/nginx:1.16.1-alpine