1.什么是Harbor
Harbor 是 VMware 公司开源的企业级 Docker Registry 项目,
其目标是帮助用户迅速搭建一个企业级的 Docker Registry 服务。
Harbor 以 Docker 公司开源的 Registry 为基础,提供了图形管理 UI 、
基于角色的访问控制(Role Based AccessControl) 、AD/LDAP 集成、
以及审计日志(Auditlogging) 等企业用户需求的功能,同时还原生支持中文。
Harbor 的每个组件都是以 Docker 容器的形式构建的,
使用 docker-compose 来对它进行部署。
用于部署 Harbor 的 docker-compose 模板位于 harbor/docker-compose.yml。
2.Harbor优势
基于角色控制:用户和仓库都是基于项目进行组织的,而用户在项目中可以拥有不同的权限。
基于镜像的复制策略:镜像可以在多个Harbor实例之间进行复制(同步)。
支持 LDAP/AD:Harbor 可以集成企业内部已有的 AD/LDAP(类似数据库的一张表),
用于对已经存在的用户认证和管理。
镜像删除和垃圾回收:镜像可以被删除,也可以回收镜像占用的空间。
图形化用户界面:用户可以通过浏览器来浏览,搜索镜像仓库以及对项目进行管理。
审计管理:所有针对镜像仓库的操作都可以被记录追溯,用于审计管理。
支持 RESTful API:RESTful API 提供给管理员对于 Harbor 更多的操控,
使得与其它管理软件集成变得更容易。
Harbor 和 docker registry 的关系:Harbor实质上是对
docker registry做了封装,扩展了自己的业务模板。
3.Harbor构成
Harbor 在架构上主要有 Proxy、Registry、Core services、Database(Harbor-db)、
Log collector(Harbor-log)、Job services 六个组件。
4.Harbor的误区
误区一: Harbor是负责存储容器镜像的 (Harbor是镜像仓库,那么它就应当是存储镜像的)
其实关于镜像的存储,Harbor使用的是官方的docker registry服务去完成,
至于registry是用本地存储或者s3都是可以的,Harbor的功能是在此之上
提供用户权限管理、镜像复制等功能,提高使用的registry的效率。
误区二:Harbor镜像复制是存储直接复制 (镜像的复制,很多人以为应该是
镜像分层文件的直接拷贝)
其实Harbor镜像复制采用了一个更加通用、高屋建瓴的做法,通过docker registry 的API去拷贝,
这不是省事,这种做法屏蔽了繁琐的底层文件操作、
不仅可以利用现有docker registry功能不必重复造轮子,
而且可以解决冲突和一致性的问题。
5.两种方式
• 在线安装:从Docker Hub下载Harbor相关镜像,因此安装软件包非常小
• 离线安装:安装包包含部署的相关镜像,因此安装包比较大.
6.Harbor 安装
[root@es1 soft]# tar xvf harbor-offline-installer-v1.10.11.tgz
harbor/harbor.v1.10.11.tar.gz
harbor/prepare
harbor/LICENSE
harbor/install.sh
harbor/common.sh
harbor/harbor.yml
--修改配置文件
vim harbor.yml
hostname: 192.168.1.68 --需要有一个空格。
http:
port: 8088
harbor_admin_password: admin
password: root123
data_volume: /data
https related config
--执行配置。
[root@es1 harbor]# ./prepare
prepare base dir is set to /data/soft/harbor
Unable to find image 'goharbor/prepare:v1.10.11' locally
v1.10.11: Pulling from goharbor/prepare
eb317720bfd7: Retrying in 1 second
3edf42cbef1a: Retrying in 1 second
89d7dc3bb9e9: Retrying in 1 second
2271605feadd: Retrying in 1 second
b947088a5998: Retrying in 1 second
73decdcae376: Retrying in 1 second
e5fca6f8bead: Retrying in 1 second
docker: error pulling image configuration: download failed after attempts=6: dial tcp [2a03:2880:f12a:83:face:b00c:0:25de]:443: i/o timeout.
See 'docker run --help'.
--安装。
vi harbor.yml
#https: 注释掉这行。
./install.sh
[root@es4 harbor]# ./install.sh
[Step 0]: checking if docker is installed ...
Note: docker version: 20.10.16
[Step 1]: checking docker-compose is installed ...
Note: docker-compose version: 2.5.1
[Step 2]: loading Harbor images ...
Loaded image: goharbor/harbor-portal:v1.10.11
Loaded image: goharbor/harbor-db:v1.10.11
Loaded image: goharbor/harbor-jobservice:v1.10.11
Loaded image: goharbor/harbor-registryctl:v1.10.11
Loaded image: goharbor/notary-server-photon:v1.10.11
Loaded image: goharbor/harbor-core:v1.10.11
Loaded image: goharbor/harbor-log:v1.10.11
Loaded image: goharbor/redis-photon:v1.10.11
Loaded image: goharbor/nginx-photon:v1.10.11
Loaded image: goharbor/clair-photon:v1.10.11
Loaded image: goharbor/prepare:v1.10.11
Loaded image: goharbor/registry-photon:v1.10.11
Loaded image: goharbor/notary-signer-photon:v1.10.11
Loaded image: goharbor/clair-adapter-photon:v1.10.11
Loaded image: goharbor/chartmuseum-photon:v1.10.11
[Step 3]: preparing environment ...
[Step 4]: preparing harbor configs ...
prepare base dir is set to /data/soft/harbor
/usr/src/app/utils/configs.py:100: YAMLLoadWarning: calling yaml.load() without Loader=... is deprecated, as the default Loader is unsafe. Please read https://msg.pyyaml.org/load for full details.
configs = yaml.load(f)
WARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. Please make sure to upgrade to https
/usr/src/app/utils/configs.py:90: YAMLLoadWarning: calling yaml.load() without Loader=... is deprecated, as the default Loader is unsafe. Please read https://msg.pyyaml.org/load for full details.
versions = yaml.load(f)
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
Generated and saved secret to file: /secret/keys/secretkey
Generated certificate, key file: /secret/core/private_key.pem, cert file: /secret/registry/root.crt
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir
[Step 5]: starting Harbor ...
[+] Running 10/10
⠿ Network harbor_harbor Created 0.2s
⠿ Container harbor-log Started 1.4s
⠿ Container harbor-db Started 3.8s
⠿ Container registryctl Started 4.3s
⠿ Container registry Started 4.3s
⠿ Container redis Started 3.7s
⠿ Container harbor-portal Started 3.9s
⠿ Container harbor-core Started 4.9s
⠿ Container harbor-jobservice Started 6.6s
⠿ Container nginx Started 6.7s
----Harbor has been installed and started successfully.----
--配置Harbor自动启动
[root@es4 harbor]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
goharbor/chartmuseum-photon v1.10.11 d00df92a5e3e 2 years ago 164MB
goharbor/redis-photon v1.10.11 aa57c8e9fa46 2 years ago 151MB
goharbor/clair-adapter-photon v1.10.11 e87900ea4eb9 2 years ago 66.1MB
goharbor/clair-photon v1.10.11 03cd37f2ca5d 2 years ago 178MB
goharbor/notary-server-photon v1.10.11 801719b38205 2 years ago 105MB
goharbor/notary-signer-photon v1.10.11 005e711802d6 2 years ago 102MB
goharbor/harbor-registryctl v1.10.11 fd34fcc88f68 2 years ago 93.4MB
goharbor/registry-photon v1.10.11 c7076a9bc40b 2 years ago 78.6MB
goharbor/nginx-photon v1.10.11 68e6d0e1c018 2 years ago 45MB
goharbor/harbor-log v1.10.11 06df11c5e8f3 2 years ago 108MB
goharbor/harbor-jobservice v1.10.11 f7d878b39e41 2 years ago 84.7MB
goharbor/harbor-core v1.10.11 69d4874721a3 2 years ago 79.6MB
goharbor/harbor-portal v1.10.11 83b24472c7c8 2 years ago 53.1MB
goharbor/harbor-db v1.10.11 11278dbcadf4 2 years ago 188MB
goharbor/prepare v1.10.11 66d60732b8ff 2 years ago 206MB
[root@es4 harbor]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
1c3ce5413c4a goharbor/harbor-jobservice:v1.10.11 "/harbor/harbor_jobs…" 8 minutes ago Up 3 minutes (healthy) harbor-jobservice
f64cccc1e73b goharbor/nginx-photon:v1.10.11 "nginx -g 'daemon of…" 8 minutes ago Up 3 minutes (healthy) 0.0.0.0:443->8080/tcp, :::443->8080/tcp nginx
1b9c7fd38609 goharbor/harbor-core:v1.10.11 "/harbor/harbor_core" 8 minutes ago Up 3 minutes (healthy) harbor-core
bb64cd635c21 goharbor/redis-photon:v1.10.11 "redis-server /etc/r…" 8 minutes ago Up 3 minutes (healthy) 6379/tcp redis
84fc58182126 goharbor/registry-photon:v1.10.11 "/home/harbor/entryp…" 8 minutes ago Up 3 minutes (healthy) 5000/tcp registry
cce7e226b166 goharbor/harbor-db:v1.10.11 "/docker-entrypoint.…" 8 minutes ago Up 3 minutes (healthy) 5432/tcp harbor-db
692f91cea69e goharbor/harbor-portal:v1.10.11 "nginx -g 'daemon of…" 8 minutes ago Up 3 minutes (healthy) 8080/tcp harbor-portal
a23092b51f61 goharbor/harbor-log:v1.10.11 "/bin/sh -c /usr/loc…" 8 minutes ago Up 3 minutes (healthy) 127.0.0.1:1514->10514/tcp harbor-log
7.访问harbor
admin/admin 登陆。