关键词:Harbor、镜像仓库、容器镜像仓库、Docker镜像仓库
快速搭建开发环境 - Harbor(最新版本)
文章目录
前言
一、Harbor 概述
Harbor 是为企业用户设计的容器镜像仓库开源项目,包括了权限管理(RBAC)、LDAP、审计、安全漏洞扫描、镜像验真、管理界面、自我注册、HA 等企业必需的功能,同时针对中国用户的特点,设计镜像复制和中文支持等功能。
Harbor 是 CNCF 毕业的项目,可提供合规性、性能和互操作性,帮助企业跨云原生计算平台(如 Kubernetes 和 Docker)一致且安全地管理工件。
二、Harbor 优势
-
安全和漏洞分析
-
内容签名和验证
-
多租户
-
可扩展的 API 和 Web UI
-
跨多个注册中心复制,包括 Harbor
-
身份集成和基于角色的访问控制
-
活跃的社区
三、搭建一个生产级别的 Harbor
准备工作
硬件环境
Resource | Minimum | Recommended |
---|---|---|
CPU | 2 CPU | 4 CPU |
Mem | 4 GB | 8 GB |
Disk | 40 GB | 160 GB |
软件环境
Software | Version | Description |
---|---|---|
Docker engine | Version 17.06.0-ce+ or higher | Docker 引擎 |
Docker Compose | Version 1.18.0 or higher | 用于定义和运行多容器 Docker 应用程序的工具 |
Openssl | Latest is preferred | 用于为 Harbor 生成证书和密钥 |
注:harbor 运行依赖上述环境
安装 Docker
-
安装所需的软件包
$ sudo yum install -y yum-utils
-
设置安装源
$ sudo yum-config-manager \ --add-repo \ http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
-
安装最新版本 Docker
$ sudo yum install docker-ce docker-ce-cli containerd.io
-
启动 Docker
$ sudo systemctl start docker
安装 Docker Compose
-
下载二进制包
$ sudo curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
-
授予运行权限
$ sudo chmod +x /usr/local/bin/docker-compose
-
验证
$ docker-compose --version
离线安装 harbor
-
第一步 下载安装包
harbor-offline-installer-v2.3.1.tgz
-
第二步 解压
$ tar xzvf harbor-offline-installer-v2.3.1.tgz
我们看下解压后的目录
$ ll harbor total 618124 -rw-r--r--. 1 root root 3361 Jul 19 10:45 common.sh -rw-r--r--. 1 root root 632922189 Jul 19 10:46 harbor.v2.3.1.tar.gz -rw-r--r--. 1 root root 7840 Jul 19 10:45 harbor.yml.tmpl -rwxr-xr-x. 1 root root 2500 Jul 19 10:45 install.sh -rw-r--r--. 1 root root 11347 Jul 19 10:45 LICENSE -rwxr-xr-x. 1 root root 1881 Jul 19 10:45 prepare
harbor.v2.3.1.tar.gz
这个就是我们需要的镜像文件,在线安装其实就是下载的这些镜像。
-
第三步 准备
harbor.yml
文件解压的安装包有
harbor.yml.tmpl
,我们可以直接复制一份,进行修改即可。$ cp harbor.yml.tmpl harbor.yml
本次演示,只修改几个重要的配置项,其他配置项请自行查阅官网修改
hostname
: 访问域名data_volume
: 数据存放路径log.local.location
: 日志存放路径
注:harbor作为镜像仓库,对存储空间需求较高,一定要准备足够的磁盘空间。
-
第四步 安装准备工作$ ./prepare
注:install.sh 脚本中会自动执行,无需手动执行
-
第五步 安装
执行 初始化脚本,这里会将
harbor.v2.3.1.tar.gz
的镜像加载到 docker 中,执行时间稍微久一些,耐心等待即可。$ ./install.sh
执行成功后,我们可以在 docker 中查看导入的镜像
$ docker images REPOSITORY TAG IMAGE ID CREATED SIZE goharbor/harbor-exporter v2.3.1 719fd825651e 3 weeks ago 81MB goharbor/chartmuseum-photon v2.3.1 3aba4510af16 3 weeks ago 178MB goharbor/redis-photon v2.3.1 4a0d49a4ece0 3 weeks ago 191MB goharbor/trivy-adapter-photon v2.3.1 a285847f857a 3 weeks ago 164MB goharbor/notary-server-photon v2.3.1 87a2dbfd122e 3 weeks ago 110MB goharbor/notary-signer-photon v2.3.1 7e29ff33ec85 3 weeks ago 107MB goharbor/harbor-registryctl v2.3.1 91e798004920 3 weeks ago 132MB goharbor/registry-photon v2.3.1 972ce19b1882 3 weeks ago 81.2MB goharbor/nginx-photon v2.3.1 3b3ede1db494 3 weeks ago 44.3MB goharbor/harbor-log v2.3.1 40a54594fe22 3 weeks ago 194MB goharbor/harbor-jobservice v2.3.1 d6e174ae0a00 3 weeks ago 171MB goharbor/harbor-core v2.3.1 f05acc3947d6 3 weeks ago 158MB goharbor/harbor-portal v2.3.1 4a15c5622fda 3 weeks ago 57.6MB goharbor/harbor-db v2.3.1 b16a9c81ef03 3 weeks ago 263MB goharbor/prepare v2.3.1 4ce629d59c20 3 weeks ago 288MB
查看当前目录,我们可以看到
install.sh
脚本帮我们自动创建了docker-compose.yml
$ ll total 618140 drwxr-xr-x. 3 root root 20 Aug 11 02:55 common -rw-r--r--. 1 root root 3361 Jul 19 10:45 common.sh -rw-r--r--. 1 root root 6206 Aug 11 02:55 docker-compose.yml -rw-r--r--. 1 root root 632922189 Jul 19 10:46 harbor.v2.3.1.tar.gz -rw-r--r--. 1 root root 7872 Aug 11 02:52 harbor.yml -rw-r--r--. 1 root root 7840 Jul 19 10:45 harbor.yml.tmpl -rwxr-xr-x. 1 root root 2500 Jul 19 10:45 install.sh -rw-r--r--. 1 root root 11347 Jul 19 10:45 LICENSE drwxr-xr-x. 2 10000 10000 161 Aug 11 02:56 log -rwxr-xr-x. 1 root root 1881 Jul 19 10:45 prepare drwxr-xr-x. 8 root root 100 Aug 11 02:55 volume
-
WC 安装翻车了
之前安装的
v2.2.0
版本这么操作就ok,v2.3.1
版本竟然不行,我们先来看一下错误信息prepare base dir is set to /data/harbor Error happened in config validation... ERROR:root:Error: The protocol is https but attribute ssl_cert is not set
必须让我们配置https,什么鬼。其实在
v2.2.0
版本早就有提示了WARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. Please make sure to upgrade to https
没想到v2.3.1
版本已经落实了。既然官方强烈要求我们启用https 那我们就按官方要求来吧。我们先把https相关配置注释掉。重新执行
./install.sh
是不是大功告成了。so easy。有些同志可能还是想按照官方建议来,那接下来带你配置SSL。
-
配置SSL 证书
作为演示,这里我们用到了一个小工具 openssl,生产环境不建议这么干,需要申请CA证书。
我们先来创建个文件夹存放生成的证书
$ mkdir -p /data/harbor/cert
-
生成证书颁发机构证书
生成 CA 证书私钥
$ openssl genrsa -out ca.key 4096
生成 CA 证书
$ openssl req -x509 -new -nodes -sha512 -days 3650 \ -subj "/C=CN/ST=Beijing/L=Beijing/O=geek/OU=Personal/CN=geek688.com" \ -key ca.key \ -out ca.crt
注:CN 后的域名请使用自身的,别直接抄我的,好歹修改修改
到此CA证书就创建好了
$ ll /data/harbor/cert total 8 -rw-r--r--. 1 root root 2017 Aug 11 01:24 ca.crt -rw-r--r--. 1 root root 3243 Aug 11 01:21 ca.key
-
生成服务器证书
生成私钥
$ openssl genrsa -out geek688.com.key 4096
生成证书签名请求 (CSR)
$ openssl req -sha512 -new \ -subj "/C=CN/ST=Beijing/L=Beijing/O=geek/OU=Personal/CN=geek688.com" \ -key geek688.com.key \ -out geek688.com.csr
生成 x509 v3 扩展文件
$ cat > v3.ext <<-EOF authorityKeyIdentifier=keyid,issuer basicConstraints=CA:FALSE keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment extendedKeyUsage = serverAuth subjectAltName = @alt_names [alt_names] DNS.1=geek688.com DNS.2=geek688 DNS.3=hostname EOF
使用该
v3.ext
文件生成证书$ openssl x509 -req -sha512 -days 3650 \ -extfile v3.ext \ -CA ca.crt -CAkey ca.key -CAcreateserial \ -in geek688.com.csr \ -out geek688.com.crt
服务器证书已经生成完成,我们还需要生成客户端证书
$ openssl x509 -inform PEM -in geek688.com.crt -out geek688.com.cert
到此证书全部创建完成,我们看一下生成的证书
$ ll /data/harbor/cert total 32 -rw-r--r--. 1 root root 2017 Aug 11 01:24 ca.crt # CA 证书 -rw-r--r--. 1 root root 3243 Aug 11 01:21 ca.key # CA 证书密钥 -rw-r--r--. 1 root root 17 Aug 11 01:30 ca.srl # -rw-r--r--. 1 root root 2078 Aug 11 02:04 geek688.com.cert # 客户端证书 -rw-r--r--. 1 root root 2078 Aug 11 01:30 geek688.com.crt # 服务端证书 -rw-r--r--. 1 root root 1700 Aug 11 01:29 geek688.com.csr # -rw-r--r--. 1 root root 3243 Aug 11 01:29 geek688.com.key # 服务端证书key -rw-r--r--. 1 root root 259 Aug 11 01:30 v3.ext #
接下来,我们只需要将生成好的证书,放到相应目录下,就可以使用这些证书了。
-
-
启用 https
-
配置 docker
创建存放证书的目录
$ mkdir -p /etc/docker/certs.d/geek688.com/
将生成的证书拷贝到该目录下
$ cp /data/harbor/cert/geek688.com.key /etc/docker/certs.d/geek688.com/ $ cp /data/harbor/cert/geek688.com.cert /etc/docker/certs.d/geek688.com/ $ cp /data/harbor/cert/ca.crt /etc/docker/certs.d/geek688.com/
重启docker
$ systemctl restart docker
-
配置 harbor
修改
harbor.yml
配置文件,这里主要修改https.certificate
证书位置和https.private_key
密钥位置重新配置harbor
$ ./prepare $ ./install.sh
执行完上述操作后,一个生产级别的 harbor 环境就算搭建完成了。现在我们访问一下
浏览器地址栏输入
geek688.com
admin Harbor12345
恭喜你,harbor 仓库搭建成功,赶快去使用吧~~~
-
在线安装
-
第一步 下载安装包
harbor-online-installer-v2.3.1.tgz
-
第二步 解压
$ tar xzvf harbor-online-installer-v2.3.1.tgz
我们看下解压后的目录
$ ll harbor total 32 -rw-r--r--. 1 root root 3361 Jul 19 10:48 common.sh -rw-r--r--. 1 root root 7840 Jul 19 10:48 harbor.yml.tmpl -rwxr-xr-x. 1 root root 2500 Jul 19 10:48 install.sh -rw-r--r--. 1 root root 11347 Jul 19 10:48 LICENSE -rwxr-xr-x. 1 root root 1881 Jul 19 10:48 prepare
接下来操作步骤和离线安装步骤一样,这里不再重复。
四、Harbor 使用
停止
$ docker-compose down -v
启动
$ docker-compose up -d
五、Harpor 组件之间启用 TLS
从 Harbor v2.0 开始,Harbor 内部网络支持 TLS。我们可以使用如下工具帮我们自动生成证书。PS:也可以手动创建证书。手动生成证书比较繁琐,下面我们使用工具来生成相关证书。
$ docker run -v /:/hostfs goharbor/prepare:v2.1.0 gencert -p /path/to/internal/tls/cert
证书生成后,我们可以去目录下瞧一瞧,可以看到有很多证书
$ ll /data/harbor/internal/tls/cert/
total 168
-rw-r--r--. 1 root root 1826 Aug 11 06:28 chartmuseum.crt
-rw-r--r--. 1 root root 1675 Aug 11 06:28 chartmuseum.csr
-rw-r--r--. 1 root root 3272 Aug 11 06:28 chartmuseum.key
-rw-r--r--. 1 root root 1826 Aug 11 06:28 clair_adapter.crt
-rw-r--r--. 1 root root 1679 Aug 11 06:28 clair_adapter.csr
-rw-r--r--. 1 root root 3272 Aug 11 06:28 clair_adapter.key
-rw-r--r--. 1 root root 1818 Aug 11 06:28 clair.crt
-rw-r--r--. 1 root root 1667 Aug 11 06:28 clair.csr
-rw-r--r--. 1 root root 3268 Aug 11 06:28 clair.key
-rw-r--r--. 1 root root 1814 Aug 11 06:28 core.crt
-rw-r--r--. 1 root root 1667 Aug 11 06:28 core.csr
-rw-r--r--. 1 root root 3272 Aug 11 06:28 core.key
-rw-r--r--. 1 root root 1822 Aug 11 06:28 harbor_db.crt
-rw-r--r--. 1 root root 1675 Aug 11 06:28 harbor_db.csr
-rw-r--r--. 1 root root 3272 Aug 11 06:28 harbor_db.key
-rw-r--r--. 1 root root 1911 Aug 11 06:28 harbor_internal_ca.crt
-rw-r--r--. 1 root root 3272 Aug 11 06:28 harbor_internal_ca.key
-rw-r--r--. 1 root root 17 Aug 11 06:28 harbor_internal_ca.srl
-rw-r--r--. 1 root root 1822 Aug 11 06:28 job_service.crt
-rw-r--r--. 1 root root 1675 Aug 11 06:28 job_service.csr
-rw-r--r--. 1 root root 3272 Aug 11 06:28 job_service.key
-rw-r--r--. 1 root root 1826 Aug 11 06:28 notary_server.crt
-rw-r--r--. 1 root root 1679 Aug 11 06:28 notary_server.csr
-rw-r--r--. 1 root root 3272 Aug 11 06:28 notary_server.key
-rw-r--r--. 1 root root 1826 Aug 11 06:28 notary_signer.crt
-rw-r--r--. 1 root root 1679 Aug 11 06:28 notary_signer.csr
-rw-r--r--. 1 root root 3272 Aug 11 06:28 notary_signer.key
-rw-r--r--. 1 root root 1818 Aug 11 06:28 portal.crt
-rw-r--r--. 1 root root 1671 Aug 11 06:28 portal.csr
-rw-r--r--. 1 root root 3272 Aug 11 06:28 portal.key
-rw-r--r--. 1 root root 1818 Aug 11 06:28 proxy.crt
-rw-r--r--. 1 root root 1667 Aug 11 06:28 proxy.csr
-rw-r--r--. 1 root root 3272 Aug 11 06:28 proxy.key
-rw-r--r--. 1 root root 1822 Aug 11 06:28 registry.crt
-rw-r--r--. 1 root root 1671 Aug 11 06:28 registry.csr
-rw-r--r--. 1 root root 1826 Aug 11 06:28 registryctl.crt
-rw-r--r--. 1 root root 1675 Aug 11 06:28 registryctl.csr
-rw-r--r--. 1 root root 3276 Aug 11 06:28 registryctl.key
-rw-r--r--. 1 root root 3272 Aug 11 06:28 registry.key
-rw-r--r--. 1 root root 1826 Aug 11 06:28 trivy_adapter.crt
-rw-r--r--. 1 root root 1679 Aug 11 06:28 trivy_adapter.csr
-rw-r--r--. 1 root root 3272 Aug 11 06:28 trivy_adapter.key
总结
以上就是本文的主要内容了,本文主要介绍了 harbor 是什么,harbor 环境搭建,顺便讲了一下 docker ,docker compose 环境搭建。相信无敌的你都已经get到全部要点了,本专栏后续将带你搭建其他开发必备环境,敬请期待哦(*^▽^*)
。
声明
以上内容均来源于网络,如有错误,请多多包含。
参考文献
https://goharbor.io/
https://github.com/goharbor/harbor
附:
配置文件 harbor.yml
# Configuration file of Harbor
# The IP address or hostname to access admin UI and registry service.
# DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
hostname: geek688.com
# http related config
http:
# port for http, default is 80. If https enabled, this port will redirect to https port
port: 80
# https related config
https:
# https port for harbor, default is 443
port: 443
# The path of cert and key files for nginx
certificate: /data/harbor/cert/geek688.com.crt
private_key: /data/harbor/cert/geek688.com.key
# # Uncomment following will enable tls communication between all harbor components
internal_tls:
# # set enabled to true means internal tls is enabled
enabled: true
# # put your cert and key files on dir
dir: /etc/harbor/tls/internal
# Uncomment external_url if you want to enable external proxy
# And when it enabled the hostname will no longer used
# external_url: https://reg.mydomain.com:8433
# The initial password of Harbor admin
# It only works in first time to install harbor
# Remember Change the admin password from UI after launching Harbor.
harbor_admin_password: Harbor12345
# Harbor DB configuration
database:
# The password for the root user of Harbor DB. Change this before any production use.
password: root123
# The maximum number of connections in the idle connection pool. If it <=0, no idle connections are retained.
max_idle_conns: 100
# The maximum number of open connections to the database. If it <= 0, then there is no limit on the number of open connections.
# Note: the default number of connections is 1024 for postgres of harbor.
max_open_conns: 900
# The default data volume
data_volume: /data/harbor/volume
# Harbor Storage settings by default is using /data dir on local filesystem
# Uncomment storage_service setting If you want to using external storage
# storage_service:
# # ca_bundle is the path to the custom root ca certificate, which will be injected into the truststore
# # of registry's and chart repository's containers. This is usually needed when the user hosts a internal storage with self signed certificate.
# ca_bundle:
# # storage backend, default is filesystem, options include filesystem, azure, gcs, s3, swift and oss
# # for more info about this configuration please refer https://docs.docker.com/registry/configuration/
# filesystem:
# maxthreads: 100
# # set disable to true when you want to disable registry redirect
# redirect:
# disabled: false
# Trivy configuration
#
# Trivy DB contains vulnerability information from NVD, Red Hat, and many other upstream vulnerability databases.
# It is downloaded by Trivy from the GitHub release page https://github.com/aquasecurity/trivy-db/releases and cached
# in the local file system. In addition, the database contains the update timestamp so Trivy can detect whether it
# should download a newer version from the Internet or use the cached one. Currently, the database is updated every
# 12 hours and published as a new release to GitHub.
trivy:
# ignoreUnfixed The flag to display only fixed vulnerabilities
ignore_unfixed: false
# skipUpdate The flag to enable or disable Trivy DB downloads from GitHub
#
# You might want to enable this flag in test or CI/CD environments to avoid GitHub rate limiting issues.
# If the flag is enabled you have to download the `trivy-offline.tar.gz` archive manually, extract `trivy.db` and
# `metadata.json` files and mount them in the `/home/scanner/.cache/trivy/db` path.
skip_update: false
#
# insecure The flag to skip verifying registry certificate
insecure: false
# github_token The GitHub access token to download Trivy DB
#
# Anonymous downloads from GitHub are subject to the limit of 60 requests per hour. Normally such rate limit is enough
# for production operations. If, for any reason, it's not enough, you could increase the rate limit to 5000
# requests per hour by specifying the GitHub access token. For more details on GitHub rate limiting please consult
# https://developer.github.com/v3/#rate-limiting
#
# You can create a GitHub token by following the instructions in
# https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line
#
# github_token: xxx
jobservice:
# Maximum number of job workers in job service
max_job_workers: 10
notification:
# Maximum retry count for webhook job
webhook_job_max_retry: 10
chart:
# Change the value of absolute_url to enabled can enable absolute url in chart
absolute_url: disabled
# Log configurations
log:
# options are debug, info, warning, error, fatal
level: info
# configs for logs in local storage
local:
# Log files are rotated log_rotate_count times before being removed. If count is 0, old versions are removed rather than rotated.
rotate_count: 50
# Log files are rotated only if they grow bigger than log_rotate_size bytes. If size is followed by k, the size is assumed to be in kilobytes.
# If the M is used, the size is in megabytes, and if G is used, the size is in gigabytes. So size 100, size 100k, size 100M and size 100G
# are all valid.
rotate_size: 200M
# The directory on your host that store log
location: /data/harbor/log
# Uncomment following lines to enable external syslog endpoint.
# external_endpoint:
# # protocol used to transmit log to external endpoint, options is tcp or udp
# protocol: tcp
# # The host of external endpoint
# host: localhost
# # Port of external endpoint
# port: 5140
#This attribute is for migrator to detect the version of the .cfg file, DO NOT MODIFY!
_version: 2.3.0
# Uncomment external_database if using external database.
# external_database:
# harbor:
# host: harbor_db_host
# port: harbor_db_port
# db_name: harbor_db_name
# username: harbor_db_username
# password: harbor_db_password
# ssl_mode: disable
# max_idle_conns: 2
# max_open_conns: 0
# notary_signer:
# host: notary_signer_db_host
# port: notary_signer_db_port
# db_name: notary_signer_db_name
# username: notary_signer_db_username
# password: notary_signer_db_password
# ssl_mode: disable
# notary_server:
# host: notary_server_db_host
# port: notary_server_db_port
# db_name: notary_server_db_name
# username: notary_server_db_username
# password: notary_server_db_password
# ssl_mode: disable
# Uncomment external_redis if using external Redis server
# external_redis:
# # support redis, redis+sentinel
# # host for redis: <host_redis>:<port_redis>
# # host for redis+sentinel:
# # <host_sentinel1>:<port_sentinel1>,<host_sentinel2>:<port_sentinel2>,<host_sentinel3>:<port_sentinel3>
# host: redis:6379
# password:
# # sentinel_master_set must be set to support redis+sentinel
# #sentinel_master_set:
# # db_index 0 is for core, it's unchangeable
# registry_db_index: 1
# jobservice_db_index: 2
# chartmuseum_db_index: 3
# trivy_db_index: 5
# idle_timeout_seconds: 30
# Uncomment uaa for trusting the certificate of uaa instance that is hosted via self-signed cert.
# uaa:
# ca_file: /path/to/ca
# Global proxy
# Config http proxy for components, e.g. http://my.proxy.com:3128
# Components doesn't need to connect to each others via http proxy.
# Remove component from `components` array if want disable proxy
# for it. If you want use proxy for replication, MUST enable proxy
# for core and jobservice, and set `http_proxy` and `https_proxy`.
# Add domain to the `no_proxy` field, when you want disable proxy
# for some special registry.
proxy:
http_proxy:
https_proxy:
no_proxy:
components:
- core
- jobservice
- trivy
# metric:
# enabled: false
# port: 9090
# path: /metrics
完整操作记录
[root@localhost data]# tar zxf harbor-offline-installer-v2.3.1.tgz
[root@localhost data]# ll
total 614824
drwxr-xr-x. 2 root root 155 Aug 11 02:50 cert
drwxr-xr-x. 2 root root 122 Aug 11 02:51 harbor
-rw-r--r--. 1 root root 629571428 Aug 11 00:33 harbor-offline-installer-v2.3.1.tgz
-rw-r--r--. 1 root root 7872 Aug 11 02:50 harbor.yml
[root@localhost data]# cp harbor.yml ./harbor/
[root@localhost data]# mkdir -p harbor/cert
[root@localhost data]# cp cert/* ./harbor/cert/
[root@localhost data]# cd harbor/
[root@localhost harbor]# ll
total 618132
drwxr-xr-x. 2 root root 155 Aug 11 02:52 cert
-rw-r--r--. 1 root root 3361 Jul 19 10:45 common.sh
-rw-r--r--. 1 root root 632922189 Jul 19 10:46 harbor.v2.3.1.tar.gz
-rw-r--r--. 1 root root 7872 Aug 11 02:52 harbor.yml
-rw-r--r--. 1 root root 7840 Jul 19 10:45 harbor.yml.tmpl
-rwxr-xr-x. 1 root root 2500 Jul 19 10:45 install.sh
-rw-r--r--. 1 root root 11347 Jul 19 10:45 LICENSE
-rwxr-xr-x. 1 root root 1881 Jul 19 10:45 prepare
[root@localhost harbor]# ./install.sh
[Step 0]: checking if docker is installed ...
Note: docker version: 20.10.8
[Step 1]: checking docker-compose is installed ...
Note: docker-compose version: 1.29.2
[Step 2]: loading Harbor images ...
17517bb678cd: Loading layer [==================================================>] 9.914MB/9.914MB
7be8271fd6c7: Loading layer [==================================================>] 17.67MB/17.67MB
9a44ae952baa: Loading layer [==================================================>] 4.608kB/4.608kB
c179ae9f4bb4: Loading layer [==================================================>] 18.46MB/18.46MB
Loaded image: goharbor/harbor-exporter:v2.3.1
b3fe5603c553: Loading layer [==================================================>] 6.181MB/6.181MB
b0b3b7027bf9: Loading layer [==================================================>] 6.207MB/6.207MB
5aabddd05f7d: Loading layer [==================================================>] 14.47MB/14.47MB
56dacaf676bf: Loading layer [==================================================>] 29.29MB/29.29MB
c9199a5d2e42: Loading layer [==================================================>] 22.02kB/22.02kB
227ae5e03e36: Loading layer [==================================================>] 14.47MB/14.47MB
Loaded image: goharbor/notary-signer-photon:v2.3.1
ae3b7f58d662: Loading layer [==================================================>] 41.95MB/41.95MB
f670a46c0b96: Loading layer [==================================================>] 4.096kB/4.096kB
ab617bd5330b: Loading layer [==================================================>] 3.072kB/3.072kB
9476ba967537: Loading layer [==================================================>] 31.52MB/31.52MB
993405872011: Loading layer [==================================================>] 11.39MB/11.39MB
675afd4bd758: Loading layer [==================================================>] 43.7MB/43.7MB
Loaded image: goharbor/trivy-adapter-photon:v2.3.1
891c37c24656: Loading layer [==================================================>] 8.112MB/8.112MB
fb11e66e79e5: Loading layer [==================================================>] 11.64MB/11.64MB
48fc1e32997f: Loading layer [==================================================>] 1.688MB/1.688MB
Loaded image: goharbor/harbor-portal:v2.3.1
ed74a6a7b440: Loading layer [==================================================>] 161MB/161MB
d01f3ed208d8: Loading layer [==================================================>] 3.584kB/3.584kB
56498e347596: Loading layer [==================================================>] 3.072kB/3.072kB
b2f51c8b45a8: Loading layer [==================================================>] 2.56kB/2.56kB
c32a505aa2f0: Loading layer [==================================================>] 3.072kB/3.072kB
2c7f77f6876c: Loading layer [==================================================>] 3.584kB/3.584kB
2e197003cccc: Loading layer [==================================================>] 19.97kB/19.97kB
Loaded image: goharbor/harbor-log:v2.3.1
7a40b6380552: Loading layer [==================================================>] 156.8MB/156.8MB
c6e15e4ae5fb: Loading layer [==================================================>] 3.072kB/3.072kB
9ecfab6fa075: Loading layer [==================================================>] 59.9kB/59.9kB
1d75c3374e9d: Loading layer [==================================================>] 61.95kB/61.95kB
Loaded image: goharbor/redis-photon:v2.3.1
8437731789fe: Loading layer [==================================================>] 6.186MB/6.186MB
a28c2a8375ca: Loading layer [==================================================>] 4.096kB/4.096kB
31642a03170c: Loading layer [==================================================>] 3.072kB/3.072kB
7f18da92ac8b: Loading layer [==================================================>] 19.02MB/19.02MB
34b6ccfac5c2: Loading layer [==================================================>] 19.81MB/19.81MB
Loaded image: goharbor/registry-photon:v2.3.1
c0188fb7ac5e: Loading layer [==================================================>] 6.186MB/6.186MB
bf4235a4524f: Loading layer [==================================================>] 67.47MB/67.47MB
58cde91723f8: Loading layer [==================================================>] 3.072kB/3.072kB
6508007064f0: Loading layer [==================================================>] 4.096kB/4.096kB
1e3e5d3c79f5: Loading layer [==================================================>] 68.26MB/68.26MB
Loaded image: goharbor/chartmuseum-photon:v2.3.1
1efde676daf0: Loading layer [==================================================>] 9.914MB/9.914MB
8d8901f3d965: Loading layer [==================================================>] 3.584kB/3.584kB
2f986b213a04: Loading layer [==================================================>] 2.56kB/2.56kB
7bae6a694788: Loading layer [==================================================>] 55.84MB/55.84MB
6ea65b302583: Loading layer [==================================================>] 5.632kB/5.632kB
5d840160fb5d: Loading layer [==================================================>] 93.7kB/93.7kB
26cb8c7aea8d: Loading layer [==================================================>] 11.78kB/11.78kB
443113e62c34: Loading layer [==================================================>] 56.74MB/56.74MB
3e1a33180139: Loading layer [==================================================>] 2.56kB/2.56kB
Loaded image: goharbor/harbor-core:v2.3.1
568aa0938e2b: Loading layer [==================================================>] 8.112MB/8.112MB
Loaded image: goharbor/nginx-photon:v2.3.1
be5733782dee: Loading layer [==================================================>] 9.914MB/9.914MB
9615e6a413fc: Loading layer [==================================================>] 3.584kB/3.584kB
1bd011bea638: Loading layer [==================================================>] 2.56kB/2.56kB
46add47c68f7: Loading layer [==================================================>] 62.5MB/62.5MB
f931e142cd2a: Loading layer [==================================================>] 63.29MB/63.29MB
Loaded image: goharbor/harbor-jobservice:v2.3.1
7aa7ae559e6f: Loading layer [==================================================>] 1.096MB/1.096MB
8aa07e284ff4: Loading layer [==================================================>] 5.888MB/5.888MB
bf3312aad87c: Loading layer [==================================================>] 209.2MB/209.2MB
a931ad0ebeec: Loading layer [==================================================>] 15.23MB/15.23MB
6280cae51b87: Loading layer [==================================================>] 4.096kB/4.096kB
12fba5dd3cff: Loading layer [==================================================>] 6.144kB/6.144kB
26533fac7c1e: Loading layer [==================================================>] 3.072kB/3.072kB
f446e0ed5972: Loading layer [==================================================>] 2.048kB/2.048kB
7ba282a434e9: Loading layer [==================================================>] 2.56kB/2.56kB
5e2cdabb008b: Loading layer [==================================================>] 2.56kB/2.56kB
e8d195e5c8a9: Loading layer [==================================================>] 2.56kB/2.56kB
bdeafdbba632: Loading layer [==================================================>] 8.704kB/8.704kB
Loaded image: goharbor/harbor-db:v2.3.1
94b3f2d8cdd7: Loading layer [==================================================>] 6.186MB/6.186MB
efbb0d26fe83: Loading layer [==================================================>] 4.096kB/4.096kB
27ae7e20b29c: Loading layer [==================================================>] 19.02MB/19.02MB
1a981ee576a1: Loading layer [==================================================>] 3.072kB/3.072kB
fe71feca4246: Loading layer [==================================================>] 25.4MB/25.4MB
46ff71a6049d: Loading layer [==================================================>] 45.2MB/45.2MB
Loaded image: goharbor/harbor-registryctl:v2.3.1
8d918fd98283: Loading layer [==================================================>] 6.181MB/6.181MB
93dd6303ff3b: Loading layer [==================================================>] 6.207MB/6.207MB
3ad82d257ca6: Loading layer [==================================================>] 15.88MB/15.88MB
28412d166d6b: Loading layer [==================================================>] 29.29MB/29.29MB
ecc73b87b065: Loading layer [==================================================>] 22.02kB/22.02kB
452f20807663: Loading layer [==================================================>] 15.88MB/15.88MB
Loaded image: goharbor/notary-server-photon:v2.3.1
Loaded image: goharbor/prepare:v2.3.1
[Step 3]: preparing environment ...
[Step 4]: preparing harbor configs ...
prepare base dir is set to /data/harbor
Generated configuration file: /config/portal/nginx.conf
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/registryctl/config.yml
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
Generated and saved secret to file: /data/secret/keys/secretkey
Successfully called func: create_root_cert
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir
[Step 5]: starting Harbor ...
Creating network "harbor_harbor" with the default driver
Creating harbor-log ... done
Creating harbor-portal ... done
Creating redis ... done
Creating registryctl ... done
Creating registry ... done
Creating harbor-db ... done
Creating harbor-core ... done
Creating nginx ... done
Creating harbor-jobservice ... done
✔ ----Harbor has been installed and started successfully.----
[root@localhost harbor]#