部署Harbor
步骤1 - 部署Registry
下载并解压
╭─root at host01 in ~ 21-04-28 - 5:11:49
╰─○ wget https://github.com/goharbor/harbor/releases/download/v2.2.1/harbor-online-installer-v2.2.1.tgz; tar zxf harbor-online-installer-v2.2.1.tgz; cd harbor
--2021-04-28 05:12:22-- https://github.com/goharbor/harbor/releases/download/v2.2.1/harbor-online-installer-v2.2.1.tgz
Resolving github.com (github.com)... 140.82.121.4
Connecting to github.com (github.com)|140.82.121.4|:443... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://github-releases.githubusercontent.com/50613991/6b254700-916d-11eb-9505-d5ff5f1bbb6d?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20210428%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20210428T051224Z&X-Amz-Expires=300&X-Amz-Signature=bbc39d0d77f8b55e59715364f018cecaf22abecc7c08d52a68797b819b1ffb07&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=50613991&response-content-disposition=attachment%3B%20filename%3Dharbor-online-installer-v2.2.1.tgz&response-content-type=application%2Foctet-stream [following]
--2021-04-28 05:12:23-- https://github-releases.githubusercontent.com/50613991/6b254700-916d-11eb-9505-d5ff5f1bbb6d?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20210428%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20210428T051224Z&X-Amz-Expires=300&X-Amz-Signature=bbc39d0d77f8b55e59715364f018cecaf22abecc7c08d52a68797b819b1ffb07&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=50613991&response-content-disposition=attachment%3B%20filename%3Dharbor-online-installer-v2.2.1.tgz&response-content-type=application%2Foctet-stream
Resolving github-releases.githubusercontent.com (github-releases.githubusercontent.com)... 185.199.109.154, 185.199.110.154, 185.199.111.154, ...
Connecting to github-releases.githubusercontent.com (github-releases.githubusercontent.com)|185.199.109.154|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 9446 (9.2K) [application/octet-stream]
Saving to: ‘harbor-online-installer-v2.2.1.tgz’
harbor-online-installer-v2.2 100%[==============================================>] 9.22K --.-KB/s in 0s
2021-04-28 05:12:23 (74.8 MB/s) - ‘harbor-online-installer-v2.2.1.tgz’ saved [9446/9446]
修改主机名配置
╭─root at host01 in ~/harbor 21-04-28 - 5:12:33
╰─○ cp -a harbor.yml.tmpl harbor.yml
╭─root at host01 in ~/harbor 21-04-28 - 5:13:33
╰─○ sed -i s/reg\.mydomain\.com/172.17.0.40/g harbor.yml
╭─root at host01 in ~/harbor 21-04-28 - 5:13:33
╰─○ grep domain harbor.yml #设置证书与key的路径(可以根据官网配置HTTPS的步骤来生成自签名证书)
certificate: /data/cert/yourdomain.com.crt
private_key: /data/cert/yourdomain.com.key
$
生成crt与key文件的脚本(按照官网知道生成的self-signed的)
╭─root at host01 in ~/harbor 21-04-28 - 5:13:41
╰─○ openssl genrsa -out ca.key 4096 #Generate a CA certificate private key.
# Generate the CA certificate.
openssl req -x509 -new -nodes -sha512 -days 3650 \
-subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=yourdomain.com" \
-key ca.key \
-out ca.crt
#Generate a private key.
openssl genrsa -out yourdomain.com.key 4096
#Generate a certificate signing request (CSR).
openssl req -sha512 -new \
-subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=yourdomain.com" \
-key yourdomain.com.key \
-out yourdomain.com.csr
#Generate an x509 v3 extension file.
cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1=yourdomain.com
DNS.2=yourdomain
DNS.3=hostname
EOF
#Use the v3.ext file to generate a certificate for your Harbor host.
openssl x509 -req -sha512 -days 3650 \
-extfile v3.ext \
-CA ca.crt -CAkey ca.key -CAcreateserial \
-in yourdomain.com.csr \
-out yourdomain.com.crt
#Copy to /data/cert
mkdir -p /data/cert
cp yourdomain.com.crt /data/cert/
cp yourdomain.com.key /data/cert/
Generating RSA private key, 4096 bit long modulus
......................................................................................................................................................................................................................................................................................................................................++
................................................................................................................................................................................................................................................++
e is 65537 (0x10001)
Generating RSA private key, 4096 bit long modulus
...............................................................................................................................++
..........................++
e is 65537 (0x10001)
Signature ok
subject=/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=yourdomain.com
Getting CA Private Key
安装
╭─root at host01 in ~/harbor 21-04-28 - 5:16:43
╰─○ ./install.sh
[Step 0]: checking if docker is installed ...
Note: docker version: 19.03.13
[Step 1]: checking docker-compose is installed ...
Note: docker-compose version: 1.25.5
[Step 2]: preparing environment ...
[Step 3]: preparing harbor configs ...
prepare base dir is set to /root/harbor
Unable to find image 'goharbor/prepare:v2.2.1' locally
v2.2.1: Pulling from goharbor/prepare
84a8592c0fa5: Pull complete
6f36fbc8ef10: Pull complete
c865845f3add: Pull complete
9500bc39cfc3: Pull complete
8142a5c8d11c: Pull complete
f855906daa39: Pull complete
8a495f20b30f: Pull complete
b5cec4560407: Pull complete
Digest: sha256:ceee6b634baeeaac4d8c9344cf8daf548a1561733b1fdee1349da7523f4b297c
Status: Downloaded newer image for goharbor/prepare:v2.2.1
Generated configuration file: /config/portal/nginx.conf
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/registryctl/config.yml
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
Generated and saved secret to file: /data/secret/keys/secretkey
Successfully called func: create_root_cert
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir
[Step 4]: starting Harbor ...
Creating network "harbor_harbor" with the default driver
Pulling log (goharbor/harbor-log:v2.2.1)...
v2.2.1: Pulling from goharbor/harbor-log
84a8592c0fa5: Already exists
17adc82a5818: Pull complete
4e68f5622fec: Pull complete
bc28588a610a: Pull complete
156409f9ae72: Pull complete
92fbb332f3b2: Pull complete
6848792f2c6e: Pull complete
9fed2e290b3d: Pull complete
Digest: sha256:3d54f2ab71574658976daaa633504d975f8bf2ff0c5fa17ed1e7850e1a890d49
Status: Downloaded newer image for goharbor/harbor-log:v2.2.1
Pulling registry (goharbor/registry-photon:v2.2.1)...
v2.2.1: Pulling from goharbor/registry-photon
84a8592c0fa5: Already exists
9dedd751603f: Pull complete
90fc241c2fe4: Pull complete
6d1b59193906: Pull complete
ba079abed213: Pull complete
2b5d0f445c00: Pull complete
Digest: sha256:0ac1c3543c49bd7e12b01ea8cfb120f83b9f2c94e7ce5a7d1afaabbbc92befae
Status: Downloaded newer image for goharbor/registry-photon:v2.2.1
Pulling registryctl (goharbor/harbor-registryctl:v2.2.1)...
v2.2.1: Pulling from goharbor/harbor-registryctl
84a8592c0fa5: Already exists
76118a0eeecb: Pull complete
08ee31d5cbdd: Pull complete
66dfbfef7fd4: Pull complete
060ff5731a1a: Pull complete
f2bb1bcbb1e6: Pull complete
efa79e369997: Pull complete
Digest: sha256:32fc649e64459ce0db75f963b35d21bea680015a141edd1b6cf5bad4f8fb6ab9
Status: Downloaded newer image for goharbor/harbor-registryctl:v2.2.1
Pulling postgresql (goharbor/harbor-db:v2.2.1)...
v2.2.1: Pulling from goharbor/harbor-db
84a8592c0fa5: Already exists
0c0b756e7011: Pull complete
c1c77186d29d: Pull complete
8498cf7d0523: Pull complete
19ddfd344879: Pull complete
ae355fccaf59: Pull complete
b61a956e6543: Pull complete
c3c2a780e1ed: Pull complete
3047d1251884: Pull complete
Digest: sha256:376337a33efe5beda56c8024937f3cc5a7eda51ac50ff4fffecac0e72f910fd1
Status: Downloaded newer image for goharbor/harbor-db:v2.2.1
Pulling portal (goharbor/harbor-portal:v2.2.1)...
v2.2.1: Pulling from goharbor/harbor-portal
84a8592c0fa5: Already exists
9a38bbe2c59d: Pull complete
e48760534352: Pull complete
34a44eb25068: Pull complete
Digest: sha256:030b8285f5e3e5c1f5ee4e984111164ca0cd23f1ef892f81b4a2fd79584bfd9a
Status: Downloaded newer image for goharbor/harbor-portal:v2.2.1
Pulling redis (goharbor/redis-photon:v2.2.1)...
v2.2.1: Pulling from goharbor/redis-photon
84a8592c0fa5: Already exists
dd7b5d791088: Pull complete
2198b51de4ad: Pull complete
01053a39e952: Pull complete
2c17de361574: Pull complete
Digest: sha256:d7b4900ab786946e9857d45133639880d88b6f06b39e2e522e0185873ec7c500
Status: Downloaded newer image for goharbor/redis-photon:v2.2.1
Pulling core (goharbor/harbor-core:v2.2.1)...
v2.2.1: Pulling from goharbor/harbor-core
84a8592c0fa5: Already exists
bbc8d4f784ab: Pull complete
04c4d7fa11cd: Pull complete
4bf776cbb743: Pull complete
09b7f721edc2: Pull complete
aad1766cc86c: Pull complete
cf858f47d9c0: Pull complete
bc2e4210189d: Pull complete
3854ce3a6a61: Pull complete
e397bb5803d8: Pull complete
Digest: sha256:d8813789bd9a9dfc9bc8c439396a752a9753275b7130aad82a7e8b6cc95f5693
Status: Downloaded newer image for goharbor/harbor-core:v2.2.1
Pulling jobservice (goharbor/harbor-jobservice:v2.2.1)...
v2.2.1: Pulling from goharbor/harbor-jobservice
84a8592c0fa5: Already exists
6756e6fecf2f: Pull complete
114e327150fd: Pull complete
27542d866a20: Pull complete
9b70c73fbc90: Pull complete
f60c551036eb: Pull complete
Digest: sha256:8b617874fe5ac569172a8cb271763dd24333007bf5e040e6a3ae355ae23f7109
Status: Downloaded newer image for goharbor/harbor-jobservice:v2.2.1
Pulling proxy (goharbor/nginx-photon:v2.2.1)...
v2.2.1: Pulling from goharbor/nginx-photon
84a8592c0fa5: Already exists
5df0718a13f5: Pull complete
Digest: sha256:947b4eaabd4fd86b270bbad1e95a0e2051203cf46248ec4d7a30300e0ec57c95
Status: Downloaded newer image for goharbor/nginx-photon:v2.2.1
Creating harbor-log ... done
Creating harbor-portal ... done
Creating registryctl ... done
Creating registry ... done
Creating harbor-db ... done
Creating redis ... done
Creating harbor-core ... done
Creating harbor-jobservice ... done
Creating nginx ... done
✔ ----Harbor has been installed and started successfully.----
╭─root at host01 in ~/harbor 21-04-28 - 5:18:10
╰─○
步骤2 - 访问UI
找到用户名与密码
╭─root at host01 in ~/harbor 21-04-28 - 5:18:10
╰─○ grep -B1 harbor_admin_password harbor.yml
# Remember Change the admin password from UI after launching Harbor.
harbor_admin_password: Harbor12345
在首页输入管理员用户名与密码
登录进入到管理员首页。我们新建一个项目
查看push到该仓库的方法,如图本实例是172.17.0.40
步骤3 - 命令行docker登录
╭─root at host01 in ~/harbor 21-04-28 - 5:19:05
╰─○ docker login 172.17.0.40
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
$
步骤4 - push镜像到harbor
╭─root at host01 in ~/harbor 21-04-28 - 5:21:06
╰─○ docker tag ubuntu 172.17.0.40/project-a/ubuntu
╭─root at host01 in ~/harbor 21-04-28 - 5:21:26
╰─○ docker push 172.17.0.40/project-a/ubuntu
The push refers to repository [172.17.0.40/project-a/ubuntu]
cc9d18e90faa: Pushed
0c2689e3f920: Pushed
47dde53750b4: Pushed
latest: digest: sha256:1d7b639619bdca2d008eca2d5293e3c43ff84cbee597ff76de3b7a7de3e84956 size: 943
╭─root at host01 in ~/harbor 21-04-28 - 5:21:36
╰─○
回到UI界面,可以看到刚push的镜像
harbor的默认存放路径
╭─root at host01 in ~/harbor 21-04-28 - 5:21:36
╰─○ ls /data/registry/docker/registry/v2/repositories/project-a/ubuntu/
_layers _manifests _uploads