一、安装docker
二、安装docker-compose
1、安装docker-compose
docker-compose是docker用来管理容器的一个工具,harbor的运行基于docker-compose。
使用curl命令,将访问的链接数据写入到 /usr/local/bin/docker-compos
curl -L https://github.com/docker/compose/releases/download/1.23.2/docker-compose-$(uname -s)-$(uname -m) -o /usr/local/bin/docker-compose
如果github速度太慢,可使用下面的地址安装
curl -L https://get.daocloud.io/docker/compose/releases/download/1.23.2/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose
2、给docker-compose添加权限
chmod +x /usr/local/bin/docker-compose
3、测试docker-compose是否安装成功
docker-compose --version
三、安装harbor
1、下载安装包 https://github.com/vmware/harbor/releases/
解压
tar -xzvf harbor-offline-installer-v2.0.0.tgz
2、修改harbor到配置文件
cp harbor.yml.tmpl harbor.yml
vim harbor.yml
修改hostname,可以设置IP或网址。注释掉https相关参数,暂不配置ssh证书。
端口port默认是80,这里更改了8989。
# The IP address or hostname to access admin UI and registry service.
# DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
hostname: 172.30.0.1
# http related config
http:
# port for http, default is 80. If https enabled, this port will redirect to https port
port: 8989
# https related config
#https:
# https port for harbor, default is 443
#port: 443
# The path of cert and key files for nginx
#certificate: /your/certificate/path
#private_key: /your/private/key/path
配置文件里还写有 harbor admin账户的默认密码是Harbor12345
3、安装harbor
./prepare
./install.sh
[root@VM-0-9-centos harbor]# ./install.sh
[Step 0]: checking if docker is installed ...
Note: docker version: 19.03.13
[Step 1]: checking docker-compose is installed ...
Note: docker-compose version: 1.26.2
[Step 2]: loading Harbor images ...
Loaded image: goharbor/notary-signer-photon:v2.0.0
Loaded image: goharbor/clair-adapter-photon:v2.0.0
Loaded image: goharbor/chartmuseum-photon:v2.0.0
Loaded image: goharbor/harbor-log:v2.0.0
Loaded image: goharbor/harbor-registryctl:v2.0.0
Loaded image: goharbor/registry-photon:v2.0.0
Loaded image: goharbor/clair-photon:v2.0.0
Loaded image: goharbor/notary-server-photon:v2.0.0
Loaded image: goharbor/redis-photon:v2.0.0
Loaded image: goharbor/nginx-photon:v2.0.0
Loaded image: goharbor/harbor-core:v2.0.0
Loaded image: goharbor/harbor-db:v2.0.0
Loaded image: goharbor/harbor-jobservice:v2.0.0
Loaded image: goharbor/trivy-adapter-photon:v2.0.0
Loaded image: goharbor/prepare:v2.0.0
Loaded image: goharbor/harbor-portal:v2.0.0
[Step 3]: preparing environment ...
[Step 4]: preparing harbor configs ...
prepare base dir is set to /usr/local/habor/harbor
WARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. Please make sure to upgrade to https
Clearing the configuration file: /config/log/logrotate.conf
Clearing the configuration file: /config/log/rsyslog_docker.conf
Clearing the configuration file: /config/db/env
Clearing the configuration file: /config/registry/passwd
Clearing the configuration file: /config/registry/root.crt
Clearing the configuration file: /config/registry/config.yml
Clearing the configuration file: /config/jobservice/config.yml
Clearing the configuration file: /config/jobservice/env
Clearing the configuration file: /config/core/app.conf
Clearing the configuration file: /config/core/env
Clearing the configuration file: /config/registryctl/config.yml
Clearing the configuration file: /config/registryctl/env
Clearing the configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/registryctl/config.yml
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
loaded secret from file: /data/secret/keys/secretkey
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir
Note: stopping existing Harbor instance ...
Stopping harbor-core ... done
Stopping registryctl ... done
Stopping harbor-portal ... done
Stopping harbor-db ... done
Stopping harbor-log ... done
Removing nginx ... done
Removing harbor-jobservice ... done
Removing harbor-core ... done
Removing redis ... done
Removing registryctl ... done
Removing harbor-portal ... done
Removing registry ... done
Removing harbor-db ... done
Removing harbor-log ... done
Removing network harbor_harbor
[Step 5]: starting Harbor ...
Creating network "harbor_harbor" with the default driver
Creating harbor-log ... done
Creating harbor-db ... done
Creating harbor-portal ... done
Creating registryctl ... done
Creating registry ... done
Creating redis ... done
Creating harbor-core ... done
Creating harbor-jobservice ... done
Creating nginx ... done
✔ ----Harbor has been installed and started successfully.----
四、harbor管理
Harbor 的日常运维管理是通过docker-compose来完成的。管理命令需要在docker-compose.yml文件所在目录执行
即必须在 Harbor的安装目录里面执行
启动harbor
[root@VM-0-9-centos harbor]# docker-compose start
Starting log ... done
Starting registry ... done
Starting registryctl ... done
Starting postgresql ... done
Starting portal ... done
Starting redis ... done
Starting core ... done
Starting jobservice ... done
Starting proxy ... done
停止harbor
[root@VM-0-9-centos harbor]# docker-compose stop
Stopping nginx ... done
Stopping harbor-jobservice ... done
Stopping harbor-core ... done
Stopping redis ... done
Stopping registry ... done
Stopping registryctl ... done
Stopping harbor-portal ... done
Stopping harbor-db ... done
Stopping harbor-log ... done
五、推送镜像到habor
登录harbor,登录失败。
[root@VM-0-9-centos ~]# docker login 172.30.0.1
Authenticating with existing credentials...
Login did not succeed, error: Error response from daemon: Get https://172.30.0.1/v2/: dial tcp 172.30.0.1:443: connect: connection refused
Username (admin): admin
Password:
Error response from daemon: Get https://172.30.0.1/v2/: dial tcp 172.30.0.1:443: connect: connection refused
因为docker login默认使用https,但是现在没有配置https,只使用http,需要将hostname:port添加信任。(如果端口号改变,一定要加上端口号)
第一种方式,编辑 docker 启动文件
vim /lib/systemd/system/docker.service
在ExecStart
追加
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --insecure-registry 172.30.0.1:8989
第二种方式,修改docker配置文件
配置文件的默认路径:/etc/docker/daemon.json
{
//配置仓库镜像地址
"registry-mirrors": ["https://kzflb.mirror.aliyuncs.com"],
//默认http私有仓库不能访问,设置后才可以。如果使用的是http,则前面需要加http前缀。
"insecure-registries": ["http://192.168.2.196:88", "172.30.0.1:8989"],
//开启docker-API远程访问
"hosts": ["tcp://0.0.0.0:2375","unix:///var/run/docker.sock"]
}
重启docker和harbor
systemctl restart docker
docker-compose ps # 会有退出的,下面的命令实现重启docker-compose
# 需要在harbor目录下执行
# 使用 up指令 会在创建容器后更改了服务的配置(即docker-compose.yml文件)后,再停止容器,然后重新创建容器。自动完成构建镜像,(重新)创建服务,启动服务
docker-compose up -d
六、登录harbor 修改密码
用admin的默认密码登录
然后修改admin的密码
七、设置harbor开机自启动
vim /lib/systemd/system/harbor.service
[Unit]
Description=Harbor
After=docker.service systemd-networkd.service systemd-resolved.service
Requires=docker.service
Documentation=http://github.com/vmware/harbor
[Service]
Type=simple
Restart=on-failure
RestartSec=5
ExecStart=/usr/local/bin/docker-compose -f /usr/local/harbor/docker-compose.yml up
ExecStop=/usr/local/bin/docker-compose -f /usr/local/harbor/docker-compose.yml down
[Install]
WantedBy=multi-user.target
设置开机启动
sudo systemctl enable harbor
sudo systemctl start harbor