Harbor搭建镜像仓库
文章目录
Harbor简述
Harbor的所有服务组件都是在Docker中部署的,所以官方安装使用Docker-compose快速部署,所以我们需要安装Docker、Docker-compose。由于Harbor是基于Docker Registry V2版本,所以就要求Docker版本不小于1.10.0,Docker-compose版本不小于1.6.0
系统环境与软件版本说明
名称 | 详情 |
---|---|
系统环境 | CentOS Linux release 7.5.1804 (Core) |
Docker | docker-ce-18.06.1.ce-3.el7 |
Docker-Compose | v1.22.0 |
Harbor | v1.10.2 |
安装docker
可以查看Docker官网,或者我整理的另外一篇博客Centos7安装使用Docker,这里不在过多叙述。
安装docker-compose
首先去docker-compose的github获取自己所要安装的版本的下载安装链接,我安装的是v1.22.0版本
#下载安装v1.22.0
[root@localhost ~]# curl -L https://github.com/docker/compose/releases/download/1.22.0/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
#对二进制文件赋可执行权限
[root@localhost ~]# chmod +x /usr/local/bin/docker-compose
#是否安装成功
[root@localhost ~]# docker-compose --version
docker-compose version 1.22.0, build f46880fe
安装Harbor
- Harbor的github页面获取安装包的下载链接
小白教程_链接获取方法:点击上述“github”字样,选择安装版本的离线安装包或在线安装包位置右键选择复制链接地址
#如果wget未安装,请执行下面命令安装
[root@localhost ~]# yum install wget
#下载harbor安装包,-P后面路径是下载文件的保存路径(可以替换成自己地址),后面的是安装包下载路径
[root@localhost ~]# wget -P /usr/local/ https://github.com/goharbor/harbor/releases/download/v1.10.2/harbor-offline-installer-v1.10.2.tgz
PS: 有两个包Harbor offline installer 和 Harbor online installer,两者的区别的是 Harbor offline installer 里就包含的 Harbor 需要使用的镜像文件
- 解压并修改配置文件
#进入并查看保存路径下是否有安装包
[root@localhost local]# cd /usr/local/ && ls
harbor-offline-installer-v1.10.2.tgz
#解压安装包
[root@localhost local]# tar xvf harbor-offline-installer-v1.10.2.tgz && ls
harbor harbor-offline-installer-v1.10.2.tgz
#进入harbor文件夹
[root@localhost harbor]# cd harbor && ls
common common.sh docker-compose.yml harbor.v1.10.2.tar.gz harbor.yml install.sh LICENSE prepare
[root@localhost harbor]# vi harbor.yml
#修改hostname为自己的IP地址
hostname: 192.168.50.218
#注释https,否则安装时会报错:ERROR:root:Error: The protocol is https but attribute ssl_cert is not set
# https related config
#https:
# https port for harbor, default is 443
# port: 443
# The path of cert and key files for nginx
# certificate: /your/certificate/path
# private_key: /your/private/key/path
PS:下列是1.6版本的配置信息,由以前的harbor.cfg改成了harbor.yml,主要内容没有变,留着是作为参考。
篇幅太多,只截取部分进行说明,下列中文为个人写的说明,主要修改hostname,其他可以使用默认
[root@localhost ~]# vi harbor.cfg
hostname填写自己的ip或域名,不要使用localhost或127.0.0.1
The IP address or hostname to access admin UI and registry service.
DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
hostname = 192.168.50.157
访问协议,默认是http,也可以设置https,如果设置https,则nginx ssl需要设置on
#The protocol for accessing the UI and token/notification service, by default it is http.
#It can be set to https if ssl is enabled on nginx.
ui_url_protocol = http
邮件设置,发送重置密码邮件时使用
#Email account settings for sending out password resetting emails.
#Email server uses the given username and password to authenticate on TLS connections to host and act as identity.
#Identity left blank to act as username.
email_identity =
email_server = smtp.mydomain.com
email_server_port = 25
email_username = sample_admin@mydomain.com
email_password = abc
email_from = admin sample_admin@mydomain.com
email_ssl = false
email_insecure = false
启动Harbor后,管理员UI登录的密码,默认是Harbor12345
##The initial password of Harbor admin, only works for the first time when Harbor starts.
#It has no effect after the first launch of Harbor.
#Change the admin password from UI after launching Harbor.
harbor_admin_password = Harbor12345
是否开启自注册
self_registration = on
Token有效时间,默认30分钟
#The expiration time (in minute) of token created by token service, default is 30 minutes
token_expiration = 30
用户创建项目权限控制,默认是everyone(所有人),也可以设置为adminonly(只能管理员)
#The flag to control what users have permission to create projects
#The default value “everyone” allows everyone to creates a project.
#Set to “adminonly” so that only admin user can create project.
project_creation_restriction = everyone
- 安装Harbor
#配置修改之后一定要重启docker,否则安装的时候会报错,
#比如:ERROR: Failed to Setup IP tables: Unable to enable SKIP DNAT rule: (iptables failed: iptables --wait
[root@localhost harbor]# service docker restart
#在当前目录下执行安装脚本,过程需要下载镜像,需要一点时间
[root@localhost harbor]# ./install.sh
#可以查看本地镜像,多了下列镜像
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
goharbor/chartmuseum-photon v1.10.2 f7233c953dd9 3 weeks ago 127MB
goharbor/harbor-migrator v1.10.2 42527a4df778 3 weeks ago 362MB
goharbor/redis-photon v1.10.2 6d87eab10d9f 3 weeks ago 115MB
goharbor/clair-adapter-photon v1.10.2 4e7edec88bf4 3 weeks ago 61.2MB
goharbor/clair-photon v1.10.2 fb972d10c273 3 weeks ago 171MB
goharbor/notary-server-photon v1.10.2 b6d909215dc4 3 weeks ago 143MB
goharbor/notary-signer-photon v1.10.2 43c17fcb63de 3 weeks ago 140MB
goharbor/harbor-registryctl v1.10.2 cff56bea907a 3 weeks ago 103MB
goharbor/registry-photon v1.10.2 1c6cce6a4f8e 3 weeks ago 86.1MB
goharbor/nginx-photon v1.10.2 c2de0026ba0d 3 weeks ago 43.6MB
goharbor/harbor-log v1.10.2 c20325dbaa3a 3 weeks ago 81.9MB
goharbor/harbor-jobservice v1.10.2 6283c53c8c32 3 weeks ago 143MB
goharbor/harbor-core v1.10.2 4bc09e35734d 3 weeks ago 129MB
goharbor/harbor-portal v1.10.2 bcb1b803a1bf 3 weeks ago 51.7MB
goharbor/harbor-db v1.10.2 42de7ee4943f 3 weeks ago 152MB
goharbor/prepare v1.10.2 3d2783911e0d 3 weeks ago 159MB
#查看启动的容器
[root@localhost ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
3ff310149222 goharbor/harbor-jobservice:v1.10.2 "/harbor/harbor_jobs…" 3 hours ago Up 3 hours (healthy) harbor-jobservice
2b8303b8baf3 goharbor/nginx-photon:v1.10.2 "nginx -g 'daemon of…" 3 hours ago Up 3 hours (healthy) 0.0.0.0:80->8080/tcp nginx
53c8d2092776 goharbor/harbor-core:v1.10.2 "/harbor/harbor_core" 3 hours ago Up 3 hours (healthy) harbor-core
53da36519e72 goharbor/registry-photon:v1.10.2 "/home/harbor/entryp…" 3 hours ago Up 3 hours (healthy) 5000/tcp registry
63c995a7dc11 goharbor/harbor-db:v1.10.2 "/docker-entrypoint.…" 3 hours ago Up 3 hours (healthy) 5432/tcp harbor-db
10cd9a46e8b8 goharbor/redis-photon:v1.10.2 "redis-server /etc/r…" 3 hours ago Up 3 hours (healthy) 6379/tcp redis
6bd1cffbcc4f goharbor/harbor-registryctl:v1.10.2 "/home/harbor/start.…" 3 hours ago Up 3 hours (healthy) registryctl
29958823a140 goharbor/harbor-portal:v1.10.2 "nginx -g 'daemon of…" 3 hours ago Up 3 hours (healthy) 8080/tcp harbor-portal
7b5aba976188 goharbor/harbor-log:v1.10.2 "/bin/sh -c /usr/loc…" 3 hours ago Up 3 hours (healthy) 127.0.0.1:1514->10514/tcp harbor-log
使用Harbor上传下载镜像基于http,https协议
- 向基于http的harbor上传下载镜像
Docker从1.3.X之后,与docker registry交互默认使用的是https,然而harbor只提供http服务。为了解决这个问题需要在启动docker时增加启动参数为默认使用http访问。
方式一: 修改daemon.json
# 填写自己ip
[root@localhost ~]# vi /etc/docker/daemon.json
{
"insecure-registries":["192.168.50.157"]
}
#重启docker
[root@localhost ~]# systemctl restart docker
方式二: 修改docker.service
# ExecStart添加--insecure-registry参数
[root@localhost ~]# vi /usr/lib/systemd/system/docker.service
[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStart=/usr/bin/dockerd --insecure-registry=192.168.50.157
#重新载入systemd
[root@localhost ~]# systemctl daemon-reload
#重启docker
[root@localhost ~]# systemctl restart docker
- 重启docker之后将会发现harbor缺少几个服务容器,导致harbor无法使用
# 停止容器
[root@localhost ~]# docker-compose down
#执行上述命令可能出现下列错误
[root@localhost ~]# docker-compose down
ERROR:
Can't find a suitable configuration file in this directory or any
parent. Are you in the right directory?
Supported filenames: docker-compose.yml, docker-compose.yaml
#问题解决
[root@localhost ~]# find / -name docker-compose.yml
/root/harbor/docker-compose.yml
#进入/root/harbor该目录再次执行即可,该目录根据每个人安装目录不同而不同
# 后台启动容器
[root@localhost ~]# docker-compose up -d
访问页面
访问刚刚配置文件的hostname的值,就可以进入Harbor的登陆页面,填写配置文件的账号密码,默认是admin,Harbor12345。
小问题记录
- 执行docker info命令最后会出现警告:
WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled
#在sysctl.conf文件中添加两行内容
[root@localhost ~]# vi /etc/sysctl.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
#执行下列命令或者重启(只试过重启)
[root@localhost ~]# sysctl -p
- 系统重启后Harbor不能访问,查看容器发现其中关闭了几个容器
# 后台启动容器
[root@localhost ~]# docker-compose up -d
# 停止Harbor
[root@localhost ~]# docker-comose stop
# 重启Harbor
[root@localhost ~]# docker-compose restart
# 或者启动关闭的容器,×××值宕掉的容器
[root@localhost ~]# docker container start ×××
- Harbor不能开机自启,网上说的貌似都不管用
[参考资料]
https://blog.csdn.net/aixiaoyang168/article/details/73549898
https://www.cnblogs.com/pangguoping/p/7650014.html
https://www.cnblogs.com/straycats/p/8850693.html