docker笔记10--安装与使用harbor

1 介绍

Harbor是一个开源注册中心，它使用策略和基于角色的访问控制来保护工件，确保镜像被扫描、没有漏洞，并将镜像标记为受信任的。Harbor是CNCF的一个毕业项目，提供合规、性能和互操作性，帮助用户在Kubernetes和Docker等云本地计算平台上一致安全地管理工件。
Harbor 在企业中使用越来越广泛了，非常有必要学习和使用它。本文将介绍其基本安装方法，以及相关注意事项。

2 安装方法

通过如下命令安装：

安装docker
apt-get install docker.io
安装docker-compose
curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
下载harbor包： 直接在github下载即可
wget https://objects.githubusercontent.com/github-production-release-asset-2e65be/50613991/ed1086fc-ffe3-4115-aeeb-6aa30ca8763c?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20220215%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20220215T043456Z&X-Amz-Expires=300&X-Amz-Signature=6a827f8c853e65525656f5eb5bcf937e8d29fe849a936e718e3b2eaf2635a5d9&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=50613991&response-content-disposition=attachment%3B%20filename%3Dharbor-offline-installer-v1.10.10.tgz&response-content-type=application%2Foctet-stream

tar zxvf harbor-offline-installer-v1.10.10.tgz
cd harbor && vim harbor.yaml
hostname: 192.168.2.23
# 如果不使用https 就注释掉https 模块
安装前的环境检测和准备
# ./prepare
安装 harbor
root@xg:/home/xg/harbor# ./install.sh 
[Step 0]: checking if docker is installed ...
Note: docker version: 20.10.7

[Step 1]: checking docker-compose is installed ...

Note: docker-compose version: 1.29.2

[Step 2]: loading Harbor images ...
babe85b686ad: Loading layer [==================================================>]   11.4MB/11.4MB
...
Loaded image: goharbor/harbor-portal:v1.10.10
b380398fcbd9: Loading layer [==================================================>]  9.549MB/9.549MB
...
Loaded image: goharbor/registry-photon:v1.10.10
6230e8094809: Loading layer [==================================================>]  9.549MB/9.549MB
...
Loaded image: goharbor/clair-adapter-photon:v1.10.10
facb3a7ee1e6: Loading layer [==================================================>]  9.549MB/9.549MB
...
Loaded image: goharbor/chartmuseum-photon:v1.10.10
56bbc9cc94cf: Loading layer [==================================================>]  9.544MB/9.544MB
...
Loaded image: goharbor/notary-signer-photon:v1.10.10
Loaded image: goharbor/prepare:v1.10.10
a4ba54e44ac3: Loading layer [==================================================>]  13.31MB/13.31MB
...
Loaded image: goharbor/harbor-core:v1.10.10
9d61b49d78e8: Loading layer [==================================================>]  9.549MB/9.549MB
...
Loaded image: goharbor/harbor-registryctl:v1.10.10
f11324788e5e: Loading layer [==================================================>]  116.1MB/116.1MB
...
Loaded image: goharbor/redis-photon:v1.10.10
1eacc09320d3: Loading layer [==================================================>]  75.89MB/75.89MB
...
Loaded image: goharbor/harbor-log:v1.10.10
784f32f21e7f: Loading layer [==================================================>]  65.05MB/65.05MB
...
Loaded image: goharbor/harbor-db:v1.10.10
3d696a50ec47: Loading layer [==================================================>]  13.31MB/13.31MB
158c565cf55a: Loading layer [==================================================>]  43.21MB/43.21MB
Loaded image: goharbor/harbor-jobservice:v1.10.10
6a7bbce7dc58: Loading layer [==================================================>]  5.925MB/5.925MB
...
Loaded image: goharbor/notary-server-photon:v1.10.10
883a6e0d9000: Loading layer [==================================================>]   11.4MB/11.4MB
Loaded image: goharbor/nginx-photon:v1.10.10
8d231d997136: Loading layer [==================================================>]  123.1MB/123.1MB
...
6eb19cef8f23: Loading layer [==================================================>]  12.84MB/12.84MB
Loaded image: goharbor/clair-photon:v1.10.10

[Step 3]: preparing environment ...

[Step 4]: preparing harbor configs ...
prepare base dir is set to /home/xg/harbor
/usr/src/app/utils/configs.py:100: YAMLLoadWarning: calling yaml.load() without Loader=... is deprecated, as the default Loader is unsafe. Please read https://msg.pyyaml.org/load for full details.
  configs = yaml.load(f)
WARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. Please make sure to upgrade to https
Clearing the configuration file: /config/core/env
Clearing the configuration file: /config/core/app.conf
...
Clearing the configuration file: /config/registry/config.yml
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
...
Generated configuration file: /config/jobservice/config.yml
loaded secret from file: /secret/keys/secretkey
Generated configuration file: /compose_location/docker-compose.yml
/usr/src/app/utils/configs.py:90: YAMLLoadWarning: calling yaml.load() without Loader=... is deprecated, as the default Loader is unsafe. Please read https://msg.pyyaml.org/load for full details.
  versions = yaml.load(f)
Clean up the input dir

[Step 5]: starting Harbor ...
Creating network "harbor_harbor" with the default driver
Creating harbor-log ... done
Creating harbor-db     ... done
Creating registryctl   ... done
Creating redis         ... done
Creating harbor-portal     ... done
Creating registry      ... done
Creating harbor-core   ... done
Creating harbor-jobservice ... done
Creating nginx             ... done
✔ ----Harbor has been installed and started successfully.----
各个组间正常拉起就说明服务安装完成了，会有 started successfully 的提示

Prepare 执行结果：

Install 结果：

登录web：
默认用户名：admin
默认密码：Harbor12345

登录harbor 账户：

xghome:/etc/docker$ docker login 192.168.2.23
Username: admin
Password: 
WARNING! Your password will be stored unencrypted in /home/xg/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

上传镜像：

xghome:/etc/docker$ docker push 192.168.2.23/sre-repo-public/busybox:1.32
The push refers to repository [192.168.2.23/sre-repo-public/busybox]
1be74353c3d0: Pushed 
1.32: digest: sha256:daae6483b49c30039ece75cea8ecebf31e2e6843301c3fc9e52762f5f452d71b size: 527

该项目默认使用docker-compose 启动服务的，因此重启的时候只需要切换到 harbor 目录， 然后 docker-compose up -d 即可

3 注意事项

1. ./prepare 报错 The protocol is https but attribute ssl_cert is not set

   报错内容如下：
   root@xg:/home/xg/harbor# ./prepare 
   prepare base dir is set to /home/xg/harbor
   Unable to find image 'goharbor/prepare:v1.10.10' locally
   v1.10.10: Pulling from goharbor/prepare
   c8313cc33c74: Pull complete 
   ...
   fa84fbf3426c: Pull complete 
   Digest:sha256:ce375b7973b1997a18a80a6af510256ee2974960400476ee3a83a62b7eeeb6e8
   Status: Downloaded newer image for goharbor/prepare:v1.10.10
   /usr/src/app/utils/configs.py:100: YAMLLoadWarning: calling yaml.load() without Loader=... is deprecated, as the default Loader is unsafe. Please read https://msg.pyyaml.org/load for full details.
     configs = yaml.load(f)
   ERROR:root:Error: The protocol is https but attribute ssl_cert is not set
   
   解决方法：
   注释掉 https相关配置
   # https related config
   #https:
     # https port for harbor, default is 443
     #port: 443
     # The path of cert and key files for nginx
     #certificate: /your/certificate/path
     #private_key: /your/private/key/path
   

   
2. docker login 报错

   报错：
   xghome:~/soft/tarFiles$ docker login 192.168.2.23
   Username: admin
   Password: 
   Error response from daemon: Get "https://192.168.2.23/v2/": dial tcp 192.168.2.23:443: connect: connection refused
   解决方法：
   在 daemon.json 的 insecure-registries 中新增 harbor 的ip , 默认为80端口，如果是其它端口则需要指出，例如 192.168.2.1:8082
   xghome:/etc/docker$ vim daemon.json
   {
           "insecure-registries": ["192.168.2.23"]
   }
   /etc/init.d/docker restart
   

4 说明

软件环境：
harbor.v1.10.10
Ubuntu 18.04.5 LTS 1C 2G
Docker 20.10.7
docker-compose version 1.29.2
参考文档：
harbor官方文档 截至2022/02月最新为2.4.0版本
docker-安装harbor
Docker仓库 公和私有仓库的创建 用户的认证加密详解