harbor单机安装

最新推荐文章于 2024-10-29 09:32:15 发布
最新推荐文章于 2024-10-29 09:32:15 发布
阅读量2.1k 收藏
点赞数
分类专栏: 云计算 文章标签: docker registry harbor
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/jiashiwen/article/details/55251532
版权

Harbor 是一个企业级 Registry 服务。它对开源的 Docker Registry 服务进行了扩展,添加了更多企业用户需要的功能。Harbor 被设计用于部署一套组织内部使用的私有环境,这个私有 Registry 服务对于非常关心安全的组织来说是十分重要的。另外,私有 Registry 服务可以通过避免从公域网下载镜 像而提高企业生产力。这对于没有良好的 Internet 连接状态,使用 Docker Container 的用户是一个福音。

  • 基于角色的访问控制:用户与 Docker 镜像仓库通过“项目”进行组织管理,一个用户可以对多个镜像仓库在同一命名空间(project)里有不同的权限。

  • 图形化用户界面:用户可以通过浏览器来浏览,检索当前 Docker 镜像仓库,管理项目和命名空间。

  • 审计管理:所有针对镜像仓库的操作都可以被记录追溯,用于审计管理。

  • 国际化:基于英文与中文语言进行了本地化。可以增加更多的语言支持。

  • RESTful API - RESTful API:提供给管理员对于 Harbor 更多的操控, 使得与其它管理软件集成变得更容易。

环境

OS:ubuntu server 16.04

python2.7

docker 1.10.0+

docker-compose 1.7.1+


服务器端配置

下载安装包

   
   
  1. wget https://github.com/vmware/harbor/releases/download/0.5.0/harbor-online-installer-0.5.0.tgz

harbor 主要的安装文件harbor.cfg、install.sh、prepare

harbor.cfg用于配置安装安装选项

install.sh主要用于环境检查并根据harbor.cfg调用prepare生成harbor相关组件的配置文件及docker-compose.yml


创建字签名ssl证书
   
   
  1. openssl req \
  2.   -newkey rsa:4096 -nodes -sha256 -keyout harbor.xxx.com.key \
  3.   -x509 -days 3650 -out harbor.xxx.com.crt
    
    
  1. Generating a 4096 bit RSA private key
  2. .................................++
  3. ............................++
  4. unable to write 'random state'
  5. writing new private key to 'harbor.xxx.com.key'
  6. -----
  7. You are about to be asked to enter information that will be incorporated
  8. into your certificate request.
  9. What you are about to enter is what is called a Distinguished Name or a DN.
  10. There are quite a few fields but you can leave some blank
  11. For some fields there will be a default value,
  12. If you enter '.', the field will be left blank.
  13. -----
  14. Country Name (2 letter code) [AU]:CN
  15. State or Province Name (full name) [Some-State]:Beijing
  16. Locality Name (eg, city) []:Beijing
  17. Organization Name (eg, company) [Internet Widgits Pty Ltd]:xxx
  18. Organizational Unit Name (eg, section) []:xxx
  19. Common Name (e.g. server FQDN or YOUR name) []:harbor.xxx.com
  20. Email Address []:


配置harbor.cfg文件

    
    
  1. ## Configuration file of Harbor
  3. #The IP address or hostname to access admin UI and registry service.
  4. #DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
  5. hostname = harbor.xxx.com
  7. #The protocol for accessing the UI and token/notification service, by default it is http.
  8. #It can be set to https if ssl is enabled on nginx.
  9. ui_url_protocol = https
  11. #Email account settings for sending out password resetting emails.
  13. #Email server uses the given username and password to authenticate on TLS connections to host and act as identity.
  14. #Identity left blank to act as username.
  15. email_identity = true 
  17. email_server = smtp.xxx.com
  18. email_server_port = 25
  19. email_username = xxx@xxx.com
  20. email_password = xxxx
  21. email_from = admin <xxx@xxx.com>
  22. email_ssl = false
  24. ##The initial password of Harbor admin, only works for the first time when Harbor starts. 
  25. #It has no effect after the first launch of Harbor.
  26. #Change the admin password from UI after launching Harbor.
  27. harbor_admin_password = Harbor12345
  29. ##By default the auth mode is db_auth, i.e. the credentials are stored in a local database.
  30. #Set it to ldap_auth if you want to verify a user's credentials against an LDAP server.
  31. auth_mode = db_auth
  33. #The url for an ldap endpoint.
  34. ldap_url = ldaps://ldap.mydomain.com
  36. #A user's DN who has the permission to search the LDAP/AD server. 
  37. #If your LDAP/AD server does not support anonymous search, you should configure this DN and ldap_search_pwd.
  38. #ldap_searchdn = uid=searchuser,ou=people,dc=mydomain,dc=com
  40. #the password of the ldap_searchdn
  41. #ldap_search_pwd = password
  43. #The base DN from which to look up a user in LDAP/AD
  44. ldap_basedn = ou=people,dc=mydomain,dc=com
  46. #Search filter for LDAP/AD, make sure the syntax of the filter is correct.
  47. #ldap_filter = (objectClass=person)
  49. # The attribute used in a search to match a user, it could be uid, cn, email, sAMAccountName or other attributes depending on your LDAP/AD  
  50. ldap_uid = uid 
  52. #the scope to search for users, 1-LDAP_SCOPE_BASE, 2-LDAP_SCOPE_ONELEVEL, 3-LDAP_SCOPE_SUBTREE
  53. ldap_scope = 3 
  55. #The password for the root user of mysql db, change this before any production use.
  56. db_password = root123
  58. #Turn on or off the self-registration feature
  59. self_registration = on
  61. #Determine whether the UI should use compressed js files. 
  62. #For production, set it to on. For development, set it to off.
  63. use_compressed_js = on
  65. #Maximum number of job workers in job service  
  66. max_job_workers = 3 
  68. #The expiration time (in minute) of token created by token service, default is 30 minutes
  69. token_expiration = 30
  71. #Determine whether the job service should verify the ssl cert when it connects to a remote registry.
  72. #Set this flag to off when the remote registry uses a self-signed or untrusted certificate.
  73. verify_remote_cert = on
  75. #Determine whether or not to generate certificate for the registry's token.
  76. #If the value is on, the prepare script creates new root cert and private key 
  77. #for generating token to access the registry. If the value is off, a key/certificate must 
  78. #be supplied for token generation.
  79. customize_crt = on
  81. #Information of your organization for certificate
  82. crt_country = CN
  83. crt_state = State
  84. crt_location = CN
  85. crt_organization = organization
  86. crt_organizationalunit = organizational unit
  87. crt_commonname = example.com
  88. crt_email = example@example.com
  90. #The flag to control what users have permission to create projects
  91. #Be default everyone can create a project, set to "adminonly" such that only admin can create project.
  92. project_creation_restriction = everyone
  94. #The path of cert and key files for nginx, they are applied only the protocol is set to https
  95. ssl_cert = /data/cert/harbor.leju.com.crt
  96. ssl_cert_key = /data/cert/harbor.leju.com.key

主要配置项

hostname = harbor.xxx.com 用于配置ui以及registry访问主机名,必须与dns或hosts一致

ui_url_protocol = https 如果想通过https访问registry此项需要注意

复制签名到ssl_cert ssl_cert_key配置项相应位置

    
    
  1. cp harbor.xxx.com.crt harbor.xxx.com.key /data/cert/

执行install.sh完成安装

    
    
  1. sudo ./install.sh

客户端配置

修改/etc/hosts,添加如下内容
#resistry_server_ip  registry_domain_name
10.207.2.27  harbor.xxx.com
操作系统层面信任证书

ubuntu 

scp develop@10.207.2.27:/home/develop/harbor/harbor.xxx.com.crt  /usr/local/share/ca-certificates/
update-ca-certificates

centos 

scp develop@10.207.2.27:/home/develop/harbor/harbor.leju.com.crt  /etc/pki/ca-trust/source/anchors/
update-ca-trust
重新启动docker service
systemctl restart docker
首次使用需要登陆registry
docker login registry.xxx.com

Username: youruser    
Password: yourpassword
Email:


来留去送
关注
专栏目录
5.云原生-KubeSphere3.3.0安装Harbor仓库
平塘大鱼儿
08-14 1036
Harbor 是一个开源的 registry ,它使用策略和基于角色的访问控制来保护 Artifacts ,确保镜像被扫描并且没有漏洞,并将镜像标记为可信。Harbor 是一个 CNCF 毕业项目,它提供合规性、性能和互操作性,以帮助您跨云原生计算平台(如 Kubernetes 和 Docker)一致且安全地管理 Artifacts。【机器翻译,旺柴】!......
harbor仓库部署
Albert_OS的博客
08-12 530
Harbor仓库部署
Ubuntu下安装harbor
a810929296的博客
09-20 820
Ubuntu安装harbor
ubuntu安装部署harbor
zhangyizhanghao的博客
12-20 504
1 安装docker 2 安装docker-compose 3 安装harbor 3.1 下载安装包 wget https://storage.googleapis.com/harbor-releases/release-1.8.0/harbor-online-installer-v1.8.1.tgz 3.2 解压并进入文件夹 tar zxvf harbor-online-installer-v1.8.1.tgz -C /usr/src/ cd /usr/src/harbor 3.3 修改配置文件 vi
Harbor安装
最新发布
lt9700的博客
10-29 571
docker客户端登录harbor仓库配置docker使用https访问harbor,将harbor的证书分发至docker(如果配置了/etc/docker/daemon.json 这步就不用做了 )也可能就是解析不到域名(但是我直接用了ip还是不行,也确实是修改了容器的hosts搞定的)配置docker客户端 /etc/docker/daemon.json 文件。1、 查看barbor镜像中,/etc/hosts下的文件。2 、将本地的/etc/hosts挂载到容器中(两台都要)
Harbor单机部署
ab12499的博客
03-07 851
docker-compose-linux-x86_64(docker编排工具)harbor-offline-installer-v2.9.3(harbor安装包)
centos7 harbor 单机搭建
weixin_30776545的博客
03-22 119
环境说明:centos 7.4 下面使用的域名是自己编造 可自行设置使用 域名在centos7.4 系统做解析 在windows vhost文件也做解析   分享压缩包 因github下载过慢 所以我保存到网盘了harbor-offline-installer-v1.6.2.tgz   stable url: https://pan.baidu.com/s/1ulHr4LVvkL...
Harbor单机部署使用
梵修
07-22 534
Habor是一个由vameware开源的用于存储和分发Docker镜像的企业级Registry服务器。Habor是基于Docker官方的registry二次开发的,但相对于Docker官方的Registry,Habor的功能更加强大,提供了管理UI、RBAC、AD/LDAP集成、日志审计和镜像安全扫描等扩展功能。..................
安装搭建私有仓库Harbor
NancyLCL的博客
08-26 1297
标签格式常为:harbor所在主机的域名或ip:80/要上传到harbor上的哪个项目的项目名/镜像名称:镜像版本。harbor web页面中也可以进行很多实用的操作,比如:给镜像打标、复制镜像、删除镜像等。使用admin登录,密码为Harbor12345(初始密码在harbor.cfg 文件中)在harbor安装路径下,使用docker-compose命令对harbor进行控制。1>. 安装docker的编排工具。harbor实际就是启动了一些docker服务。主要修改了:hostname:主机名。..
Harbor部署及使用
热门推荐
Gf19991225的博客
12-16 2万+
文章目录一、harbor简介二、harbor的功能三、Docker compose四、harbor部署4.1 关闭防火墙和 selinux4.2 下载 harbor包4.3 配置加速器4.4 安装 harbor4.5 harbor网页操作五、harbor开机自启 一、harbor简介 云原生技术的兴起为企业数字化转型带来新的可能。作为云原生的要素之一,带来更为轻量级虚拟化的容器技术具有举足轻重的推动作用。其实很早之前,容器技术已经有所应用,而 Docker 的出现和兴起彻底带火了容器。其关键因素是 Dock
harbor高可靠搭建
10-16
harbor单机单机,互备搭建,高可靠搭建,ceph存储数据
Ubuntu 安装 Harbor
a80C51的博客
04-20 1385
原文参考。
09 - 镜像管理之:部署单点harbor
朱小胖的博客
04-10 724
一般来说,安装docker的操作系统内核推荐3.10.0-1127.el7.x86_64及以上版本就可以,见dokcer官网。但有网友列出以下问题,作为参考吧。部署harbor的时候(或者说,我们使用docker的时候),要首先查看下本机的docker版本,如果docker版本在18.90.1以上,建议升级内核版本到4.4.x 以上,否则可能会遇到一些问题,尽管可能性较低。
一、harbor单节点部署
weixin_34250434的博客
12-25 240
Harbor安装指南 安装注意事项 1.下载Harbor:https://github.com/vmware/harbor/releases 2.Docker引擎应为1.10或更高版本。 3.Docker Compose需要为1.6.0或更高版本。(需要EPEL源) 4.Python应该是2.7或更高版本。 配置文件 1.Harbor的配置信息是通过harbor.cfg来传递给运行的docker容...
Harbor单机安装
tom_fans的博客
07-24 784
官方文档: https://goharbor.io/docs/2.0.0/install-config/installation-prereqs/ 1. 下载Harbor, 并解压缩 https://github.com/goharbor/harbor/releases/download/v1.10.4/harbor-offline-installer-v1.10.4.tgz 2. ssl配置 这一步尽量作,因为我之前不配置ssl发现无法启动harbor,根据官方文档配置即可。整体的步骤为生成
K8S-Ubuntu安装Harbor
平塘大鱼儿
03-29 693
#下载harbor,官方地址:https://github.com/goharbor/harbor/releases/download/v2.3.5/harbor-online-installer-v2.3.5.tgz #注意有两种安装包一种是在线安装的,一种是离线安装包!这里下载在线安装包online版本 #创建目录 mkdir /ry/harbor/ cd /ry/harbor #开始安装,下载 curl -O https://github.com/goharbor/harbor/releases/d
安装harbor
weixin_49888547的博客
05-18 939
创建harbor服务器 OS:Centos 8.2 Harbor version: v2.5.0 docker-compose version:v2.5.0 1.修改计算机名称 hostnamectl set-hostname harbor && bash 2.创建自签名证书 mkdir -p /data/ssl cd /data/ssl openssl genrsa -out ca.key 3072 openssl req -new -x509 -days 3650 -key ca.ke
最新版 Harbor 在ubuntu系统上安装
小云的博客
09-26 338
最新版 Harbor 在ubuntu系统上安装The latest version of Harbor is installed on the ubuntu system安装dockerI...
Harbor仓库安装docker
06-12
如果你想在本地安装Harbor,以下是大致的步骤: 1. **准备工作**: - 确保你的系统已经安装DockerDocker Compose。 - 下载Harbor的官方镜像,可以从Harbor的GitHub仓库获取:...
评论 2
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值