安装harbor仓库_harbor 安装包下载-CSDN博客

本文链接：https://blog.csdn.net/weixin_43086864/article/details/111641958

一、下载安装包

1、下载安装包地址

https://github.com/goharbor/harbor/releases

https://github.com/docker/compose/releases

说明：harbor对应docker、docker-compose有版本要求

二、安装docker-ce

1、安装docker-ce
# 脚本安装docker
https://blog.csdn.net/weixin_43086864/article/details/124896912

# 手动安装docker
yum -y install docker-ce-19.03.12

2、启动docker服务
systemctl enable docker
systemctl start docker

3、设置daemon.json
[root@centos harbor]# cat /etc/docker/daemon.json 
{
  "registry-mirrors": ["https://15y9mzqb.mirror.aliyuncs.com"],
  "insecure-registries": ["xxxxxx"],
  "graph": "/data/docker"
}

说明：
1）insecure-registries：是指忽略域名检查
2）registry-mirrors：是指镜像加速器
3）graph：是指数据存储路径

4、执行命令
systemctl daemon-reload
systemctl restart docker

5、查看docker运行状态
systemctl status docker
ps aux |grep docker

三、安装harbor

1、解压文件：harbor-offline
cd /root
tar -xvf harbor-offline-installer-v2.1.2.tgz -C /opt/

2、更改docker-compose
mv docker-compose-Linux-x86_64 docker-compose
chmod +x docker-compose

cp -av docker-compose /usr/bin

# 查看docker-compose版本
[root@centos ~]# docker-compose -v
docker-compose version 1.27.4, build 40524192

3、创建自制证书(有证书——略)
#创建CA证书
openssl genrsa -out cakey.pem 2048   #cakey
openssl req -new -x509 -days 3650 -key cakey.pem -out cacert.pem   #cacert

#创建网站证书
openssl genrsa -out ssl.key 2048      #key
openssl req -new -key ssl.key -out ssl.csr    #csr


# vim 127.0.0.1.ext
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
extendedKeyUsage = serverAuth, clientAuth
subjectAltName=@SubjectAlternativeName
[ SubjectAlternativeName ]
IP.1 = 127.0.0.1
DNS.1 = xxxxx    
DNS.2 = localdomain
IP.1 = 1.1.1.1

说明：
1）DNS.1 = xxxxx  可以是域名或IP地址

# 获取ssl.crt证书
openssl x509 -req -in ssl.csr  -extfile 127.0.0.1.ext -CA cacert.pem -CAkey cakey.pem -CAcreateserial -out ssl.crt -days 3650 

说明：
1）请将ssl.crt 、ssl.key这两个文件拷贝到/opt/harbor/目录
cp -av ssl.crt /opt/harbor/
cp -av ssl.key /opt/harbor

4、设置harbor.yml
[root@centos harbor]# cat harbor.yml |grep -v '#' |grep -v '^$' 
hostname: xxxxx
http:
  port: 2080
https:
  port: 2443
  certificate: /opt/harbor/xxxxxx.crt
  private_key: /opt/harbor/xxxxx.key
harbor_admin_password: xxxxx
database:
  password: xxxxxx
  max_idle_conns: 50
  max_open_conns: 1000
……



说明：
1）请注意hostname、https、harbor_admin_password、database、data_volume这些参数更改

5、执行命令安装
cd /opt/harbor/
[root@centos harbor]# ./install.sh
[Step 5]: starting Harbor ...
Creating network "harbor_harbor" with the default driver
Creating harbor-log ... done
Creating registry      ... done
Creating redis         ... done
Creating registryctl   ... done
Creating harbor-db     ... done
Creating harbor-portal ... done
Creating harbor-core   ... done
Creating nginx             ... done
Creating harbor-jobservice ... done
✔ ----Harbor has been installed and started successfully.----

说明：
1）离线安装harbor仓库ok

6、查看harbor状态
cd /opt/harbor/
[root@centos harbor]# docker-compose ps
      Name                     Command                  State                          Ports                   
---------------------------------------------------------------------------------------------------------------
harbor-core         /harbor/entrypoint.sh            Up (healthy)                                              
harbor-db           /docker-entrypoint.sh            Up (healthy)                                              
harbor-jobservice   /harbor/entrypoint.sh            Up (healthy)                                              
harbor-log          /bin/sh -c /usr/local/bin/ ...   Up (healthy)   127.0.0.1:1514->10514/tcp                  
harbor-portal       nginx -g daemon off;             Up (healthy)                                              
nginx               nginx -g daemon off;             Up (healthy)   0.0.0.0:80->8080/tcp, 0.0.0.0:443->8443/tcp
redis               redis-server /etc/redis.conf     Up (healthy)                                              
registry            /home/harbor/entrypoint.sh       Up (healthy)                                              
registryctl         /home/harbor/start.sh            Up (healthy)

四、验证harbor

1、查看证书
[root@centos harbor]# curl -iv https://xxxxxx
* About to connect() to registry.gycg.shuzhi.city port 2433 (#0)
*   Trying 172.20.32.9...
* Connection refused
* Failed connect to xxxxxx:2433; Connection refused
* Closing connection 0
curl: (7) Failed connect to xxxxxx:2433; Connection refused
[root@master3 harbor]# curl -iv https://xxxxxx:2443/
* About to connect() to xxxxxx port 2443 (#0)
*   Trying 172.20.32.9...
* Connected to xxxxxx (172.20.32.9) port 2443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* SSL connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
* Server certificate:
* 	subject: CN=xxxxxx
* 	start date: Dec 17 00:00:00 2020 GMT
* 	expire date: Dec 16 23:59:59 2021 GMT
* 	common name: xxxxxx
* 	issuer: CN=TrustAsia TLS RSA CA,OU=Domain Validated SSL,O="TrustAsia Technologies, Inc.",C=CN
> GET / HTTP/1.1
> User-Agent: curl/7.29.0
> Host: xxxxxx:2443
> Accept: */*
> 
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
< Server: nginx
Server: nginx


说明：
1）证书xxxxxx生效，失效时间：expire date: Dec 15 03:18:16 2030

2、登录harbor验证
[root@centos harbor]# docker login https://xxxxxx
Authenticating with existing credentials...
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

说明：
1）Login Succeeded：是指登录harbor仓库ok

3、页面验证
https://xxxxxx

账号： admin
密码：xxxxxxxxx