1 介绍
Harbor是一个开源注册中心,它使用策略和基于角色的访问控制来保护工件,确保镜像被扫描、没有漏洞,并将镜像标记为受信任的。Harbor是CNCF的一个毕业项目,提供合规、性能和互操作性,帮助用户在Kubernetes和Docker等云本地计算平台上一致安全地管理工件。
Harbor 在企业中使用越来越广泛了,非常有必要学习和使用它。本文将介绍其基本安装方法,以及相关注意事项。
2 安装方法
通过如下命令安装:
安装docker
apt-get install docker.io
安装docker-compose
curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
下载harbor包: 直接在github下载即可
wget https://objects.githubusercontent.com/github-production-release-asset-2e65be/50613991/ed1086fc-ffe3-4115-aeeb-6aa30ca8763c?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20220215%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20220215T043456Z&X-Amz-Expires=300&X-Amz-Signature=6a827f8c853e65525656f5eb5bcf937e8d29fe849a936e718e3b2eaf2635a5d9&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=50613991&response-content-disposition=attachment%3B%20filename%3Dharbor-offline-installer-v1.10.10.tgz&response-content-type=application%2Foctet-stream
tar zxvf harbor-offline-installer-v1.10.10.tgz
cd harbor && vim harbor.yaml
hostname: 192.168.2.23
# 如果不使用https 就注释掉https 模块
安装前的环境检测和准备
# ./prepare
安装 harbor
root@xg:/home/xg/harbor# ./install.sh
[Step 0]: checking if docker is installed ...
Note: docker version: 20.10.7
[Step 1]: checking docker-compose is installed ...
Note: docker-compose version: 1.29.2
[Step 2]: loading Harbor images ...
babe85b686ad: Loading layer [==================================================>] 11.4MB/11.4MB
...
Loaded image: goharbor/harbor-portal:v1.10.10
b380398fcbd9: Loading layer [==================================================>] 9.549MB/9.549MB
...
Loaded image: goharbor/registry-photon:v1.10.10
6230e8094809: Loading layer [==================================================>] 9.549MB/9.549MB
...
Loaded image: goharbor/clair-adapter-photon:v1.10.10
facb3a7ee1e6: Loading layer [==================================================>] 9.549MB/9.549MB
...
Loaded image: goharbor/chartmuseum-photon:v1.10.10
56bbc9cc94cf: Loading layer [==================================================>] 9.544MB/9.544MB
...
Loaded image: goharbor/notary-signer-photon:v1.10.10
Loaded image: goharbor/prepare:v1.10.10
a4ba54e44ac3: Loading layer [==================================================>] 13.31MB/13.31MB
...
Loaded image: goharbor/harbor-core:v1.10.10
9d61b49d78e8: Loading layer [==================================================>] 9.549MB/9.549MB
...
Loaded image: goharbor/harbor-registryctl:v1.10.10
f11324788e5e: Loading layer [==================================================>] 116.1MB/116.1MB
...
Loaded image: goharbor/redis-photon:v1.10.10
1eacc09320d3: Loading layer [==================================================>] 75.89MB/75.89MB
...
Loaded image: goharbor/harbor-log:v1.10.10
784f32f21e7f: Loading layer [==================================================>] 65.05MB/65.05MB
...
Loaded image: goharbor/harbor-db:v1.10.10
3d696a50ec47: Loading layer [==================================================>] 13.31MB/13.31MB
158c565cf55a: Loading layer [==================================================>] 43.21MB/43.21MB
Loaded image: goharbor/harbor-jobservice:v1.10.10
6a7bbce7dc58: Loading layer [==================================================>] 5.925MB/5.925MB
...
Loaded image: goharbor/notary-server-photon:v1.10.10
883a6e0d9000: Loading layer [==================================================>] 11.4MB/11.4MB
Loaded image: goharbor/nginx-photon:v1.10.10
8d231d997136: Loading layer [==================================================>] 123.1MB/123.1MB
...
6eb19cef8f23: Loading layer [==================================================>] 12.84MB/12.84MB
Loaded image: goharbor/clair-photon:v1.10.10
[Step 3]: preparing environment ...
[Step 4]: preparing harbor configs ...
prepare base dir is set to /home/xg/harbor
/usr/src/app/utils/configs.py:100: YAMLLoadWarning: calling yaml.load() without Loader=... is deprecated, as the default Loader is unsafe. Please read https://msg.pyyaml.org/load for full details.
configs = yaml.load(f)
WARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. Please make sure to upgrade to https
Clearing the configuration file: /config/core/env
Clearing the configuration file: /config/core/app.conf
...
Clearing the configuration file: /config/registry/config.yml
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
...
Generated configuration file: /config/jobservice/config.yml
loaded secret from file: /secret/keys/secretkey
Generated configuration file: /compose_location/docker-compose.yml
/usr/src/app/utils/configs.py:90: YAMLLoadWarning: calling yaml.load() without Loader=... is deprecated, as the default Loader is unsafe. Please read https://msg.pyyaml.org/load for full details.
versions = yaml.load(f)
Clean up the input dir
[Step 5]: starting Harbor ...
Creating network "harbor_harbor" with the default driver
Creating harbor-log ... done
Creating harbor-db ... done
Creating registryctl ... done
Creating redis ... done
Creating harbor-portal ... done
Creating registry ... done
Creating harbor-core ... done
Creating harbor-jobservice ... done
Creating nginx ... done
✔ ----Harbor has been installed and started successfully.----
各个组间正常拉起就说明服务安装完成了,会有 started successfully 的提示
Prepare 执行结果:
Install 结果:
登录web:
默认用户名:admin
默认密码:Harbor12345
登录harbor 账户:
xghome:/etc/docker$ docker login 192.168.2.23
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /home/xg/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
上传镜像:
xghome:/etc/docker$ docker push 192.168.2.23/sre-repo-public/busybox:1.32
The push refers to repository [192.168.2.23/sre-repo-public/busybox]
1be74353c3d0: Pushed
1.32: digest: sha256:daae6483b49c30039ece75cea8ecebf31e2e6843301c3fc9e52762f5f452d71b size: 527
该项目默认使用docker-compose 启动服务的,因此重启的时候只需要切换到 harbor 目录, 然后 docker-compose up -d 即可
3 注意事项
- ./prepare 报错 The protocol is https but attribute ssl_cert is not set
报错内容如下: root@xg:/home/xg/harbor# ./prepare prepare base dir is set to /home/xg/harbor Unable to find image 'goharbor/prepare:v1.10.10' locally v1.10.10: Pulling from goharbor/prepare c8313cc33c74: Pull complete ... fa84fbf3426c: Pull complete Digest:sha256:ce375b7973b1997a18a80a6af510256ee2974960400476ee3a83a62b7eeeb6e8 Status: Downloaded newer image for goharbor/prepare:v1.10.10 /usr/src/app/utils/configs.py:100: YAMLLoadWarning: calling yaml.load() without Loader=... is deprecated, as the default Loader is unsafe. Please read https://msg.pyyaml.org/load for full details. configs = yaml.load(f) ERROR:root:Error: The protocol is https but attribute ssl_cert is not set 解决方法: 注释掉 https相关配置 # https related config #https: # https port for harbor, default is 443 #port: 443 # The path of cert and key files for nginx #certificate: /your/certificate/path #private_key: /your/private/key/path
- docker login 报错
报错: xghome:~/soft/tarFiles$ docker login 192.168.2.23 Username: admin Password: Error response from daemon: Get "https://192.168.2.23/v2/": dial tcp 192.168.2.23:443: connect: connection refused 解决方法: 在 daemon.json 的 insecure-registries 中新增 harbor 的ip , 默认为80端口,如果是其它端口则需要指出,例如 192.168.2.1:8082 xghome:/etc/docker$ vim daemon.json { "insecure-registries": ["192.168.2.23"] } /etc/init.d/docker restart
4 说明
软件环境:
harbor.v1.10.10
Ubuntu 18.04.5 LTS 1C 2G
Docker 20.10.7
docker-compose version 1.29.2
参考文档:
harbor官方文档 截至2022/02月最新为2.4.0版本
docker-安装harbor
Docker仓库 公和私有仓库的创建 用户的认证加密详解