(三):harbor安装和简单使用
发布时间:2018-07-06 16:29,
浏览次数:494
, 标签:
harbor
1、文件下载
wget https://storage.googleapis.com/harbor-releases/harbor-online-installer-v1
.5.1.tgz
如果下载不下来,可以使用百度云盘下载
https://pan.baidu.com/s/1BzzOz2i6lO_gj2ozVVYdpA
* 安装参考: https://github.com/vmware/harbor/blob/master/docs
/installation_guide.md
2、安装Docker-Compose
* yum添加源 [ root@localhost]# yum -y install epel-release
* 安装python-pip [root@localhost]# yum -y install python-pip
* 安装docker-compose [root@localhost]# pip install -U docker-compose [root
@localhost ~]# docker-compose -v docker-compose version 1.21.2, build a133471
3、配置修改:
解压缩之后,修改harbor.cfg文件,该文件就是Harbor的配置文件。
## Configuration file of Harbor #
hostname设置访问地址,可以使用ip、域名,不可以设置为127.0.0.1或localhost hostname = 172.16.1.146 #
访问协议,默认是http,也可以设置https,如果设置https,则nginx ssl需要设置on ui_url_protocol = http #
mysql数据库root用户默认密码root123,实际使用时修改下 db_password = root123 #
是否开启自注册,on开启,off关闭,可以关闭掉。 self_registration = off #
启动Harbor后,管理员UI登录的密码,默认是Harbor12345 harbor_admin_password = Harbor12345
#镜像同步job数量 max_job_workers = 50 customize_crt = on #https时候使用 ssl_cert =
/data/cert/server.crt ssl_cert_key = /data/cert/server.key secretkey_path =
/data admiral_url = NA# 邮件设置,发送重置密码邮件时使用 email_identity = email_server =
smtp.mydomain.com email_server_port =25 email_username =
sample_admin@mydomain.com email_password = abc email_from = admin
email_ssl =false #
认证方式,这里支持多种认证方式,如LADP、本次存储、数据库认证。默认是db_auth,mysql数据库认证 auth_mode = db_auth #
LDAP认证时配置项 #ldap_url = ldaps://ldap.mydomain.com #ldap_searchdn =
uid=searchuser,ou=people,dc=mydomain,dc=com #ldap_search_pwd = password
#ldap_basedn = ou=people,dc=mydomain,dc=com #ldap_filter = (objectClass=person)
#ldap_uid = uid #ldap_scope = 3 #ldap_timeout = 5 # Token有效时间,默认30分钟
token_expiration =30 # 用户创建项目权限控制,默认是everyone(所有人),也可以设置为adminonly(只能管理员)
project_creation_restriction = everyone verify_remote_cert = on#日志数量
log_rotate_count =50 #单个日志大小 log_rotate_size = 200M
4、docker-compose配置修改,视情况修改
修改页面端口
* 修改docker-compose.yml; proxy: image: vmware/nginx-photon:v1.5.1
container_name: nginx restart: always volumes: - ./common/config/nginx:/etc/
nginx:z networks: - harbor ports: # 修改对外端口为8888 - 8888:80 - 443:443 - 4443:
4443 depends_on:
* 修改common/templates/registry/config.yml : auth: token: issuer: harbor-token
-issuer# 添加端口8888 realm: $public_url:8888/service/token
修改docker-compose.yml
version: '2' services: log: image: vmware/harbor-log:v1.5.1 container_name:
harbor-log restart: always volumes: # harbor 日志目录 - /var/log/harbor/
:/var/log/docker/:z - ./common/config/log/:/etc/logrotate.d/:z ports: - 127.0.
0.1:1514:10514 networks: - harbor registry: image:
vmware/registry-photon:v2.6.2-v1.5.1 container_name: registry restart: always
volumes: # registry 存储目录 - /data/registry:/storage:z -
./common/config/registry/:/etc/registry/:z networks: - harbor environment: -
GODEBUG=netdns=cgo command: ["serve", "/etc/registry/config.yml"] depends_on: -
log logging: driver: "syslog" options: syslog-address: "tcp://127.0.0.1:1514"
tag: "registry" mysql: image: vmware/harbor-db:v1.5.1 container_name: harbor-db
restart: always volumes: - /data/database:/var/lib/mysql:z networks: - harbor
env_file: - ./common/config/db/env depends_on: - log logging: driver:
"syslog" options: syslog-address: "tcp://127.0.0.1:1514" tag: "mysql"
adminserver: image: vmware/harbor-adminserver:v1.5.1 container_name:
harbor-adminserver env_file: - ./common/config/adminserver/env restart: always
volumes: - /data/config/:/etc/adminserver/config/:z - /data/secretkey:
/etc/adminserver/key:z - /data/:/data/:z networks: - harbor depends_on: - log
logging: driver: "syslog" options: syslog-address: "tcp://127.0.0.1:1514" tag:
"adminserver" ui: image: vmware/harbor-ui:v1.5.1 container_name: harbor-ui
env_file: - ./common/config/ui/env restart: always volumes: -
./common/config/ui/app.conf:/etc/ui/app.conf:z -
./common/config/ui/private_key.pem:/etc/ui/private_key.pem:z -
./common/config/ui/certificates/:/etc/ui/certificates/:z - /data/secretkey:
/etc/ui/key:z - /data/ca_download/:/etc/ui/ca/:z - /data/psc/:/etc/ui/token/:z
networks: - harbor depends_on: - log - adminserver - registry logging:
driver: "syslog" options: syslog-address: "tcp://127.0.0.1:1514" tag: "ui"
jobservice: image: vmware/harbor-jobservice:v1.5.1 container_name:
harbor-jobservice env_file: - ./common/config/jobservice/env restart: always
volumes: - /data/job_logs:/var/log/jobs:z - ./common/config/jobservice/config.
yml:/etc/jobservice/config.yml:z networks: - harbor depends_on: - redis - ui
- adminserver logging: driver: "syslog" options: syslog-address:
"tcp://127.0.0.1:1514" tag: "jobservice" redis: image:
vmware/redis-photon:v1.5.1 container_name: redis restart: always volumes: -
/data/redis:/data networks: - harbor depends_on: - log logging: driver:
"syslog" options: syslog-address: "tcp://127.0.0.1:1514" tag: "redis" proxy:
image: vmware/nginx-photon:v1.5.1 container_name: nginx restart: always
volumes: - ./common/config/nginx:/etc/nginx:z networks: - harbor ports: - 8888
:80 - 443:443 - 4443:4443 depends_on: - mysql - registry - ui - log
logging: driver: "syslog" options: syslog-address: "tcp://127.0.0.1:1514" tag:
"proxy" networks: harbor: external: false
5、启动
[root@localhost harbor]# sudo ./install.sh [root@localhost harbor]# sudo
docker-compose ps Name Command State Ports
------------------------------------------------------------------------------------------------------------------------------------------------
harbor-adminserver /harbor/start.sh Up (health: starting) harbor-db
/usr/local/bin/docker-entr... Up (health: starting) 3306/tcp harbor-jobservice
/harbor/start.sh Up harbor-log /bin/sh -c /usr/local/bin/... Up (health:
starting)127.0.0.1:1514->10514/tcp harbor-ui /harbor/start.sh Up (health:
starting) nginx nginx -g daemon off; Up (health: starting)0.0.0.0:443->443/tcp,
0.0.0.0:4443->4443/tcp, 0.0.0.0:8888->80/tcp redis docker-entrypoint.sh redis
... Up 6379/tcp registry /entrypoint.sh serve /etc/ ... Up (health: starting)
5000/tcp
6、客户端配置免https
修改 /etc/docker/daemon.json
[root@localhost ~]# echo '{ "insecure-registries":["172.16.1.146:8888"] }' >
/etc/docker/daemon.json [root@localhost ~]# cat /etc/docker/daemon.json {
"insecure-registries":["172.16.1.146:8888"] } 重载docker root@localhost ~]#
service docker restart
如果不配置,客户端使用时候会报错: Error response from daemon: Get https://
172.16.1.146:5000/v1/_ping: http: server gave HTTP response to HTTPS client
7、页面展示
使用参考:https://github.com/vmware/harbor/blob/master/docs/user_guide.md
8、使用
* 登录 [root@localhost harbor]# docker login 172.16.1.146:8888 Username (admin):
adminPassword: Login Succeeded
* 打标签并且上传 [root@localhost harbor]# docker tag registry:2.6.2
172.16.1.146:8888/wondertek/registry:2.6.2 [root@localhost harbor]# docker push
172.16.1.146:8888/wondertek/registry:2.6.2 The push refers to a repository [
172.16.1.146:8888/wondertek/registry] 9113493eaae1: Layer already exists 621
c2399d41a: Layer alreadyexists 59e80739ed3f: Layer already exists febf19f93653:
Layer alreadyexists e53f74215d12: Layer already exists 2.6.2: digest:
sha256:feb40d14cd33e646b9985e2d6754ed66616fedb840226c4d917ef53d616dcd6c size:
1364
* 删除本地镜像 重新下载 [root@localhost harbor]# docker rmi
172.16.1.146:8888/wondertek/registry:2.6.2 Untagged: 172.16.1.146:8888
/wondertek/registry:2.6.2 Untagged: 172.16.1.146:8888
/wondertek/registry@sha256:feb40d14cd33e646b9985e2d6754ed66616fedb840226c4d917ef53d616dcd6c
[root@localhost harbor]# docker pull 172.16.1.146:8888/wondertek/registry:2.6.2
Trying to pull repository172.16.1.146:8888/wondertek/registry ... 2.6.2:
Pulling from172.16.1.146:8888/wondertek/registry Digest:
sha256:feb40d14cd33e646b9985e2d6754ed66616fedb840226c4d917ef53d616dcd6c Status:
Downloaded newer imagefor 172.16.1.146:8888/wondertek/registry:2.6.2
366
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
