什么是harbor
Harbor是一个用于存储和分发Docker镜像的企业级Registry服务器,可以用来构建企业内部的Docker镜像仓库。
harbor是基于docker registry进行了相应的企业级扩展,从而获得了更加广泛的应用,新特性包括:管理用户界面,基于角色的访问控制 ,AD/LDAP集成以及审计日志等。
harbor要解决的问题
以Docker为代表的容器技术的出现,改变了传统的交付方式。通过把业务及其依赖的环境打包进Docker镜像,解决了开发环境和生产环境的差异问题,提升了业务交付的效率。如何高效地管理和分发Docker镜像?是众多企业需要考虑的问题。
有了docker自带的registry为什么还要用harbor
- harbor的安全机制
可以根据角色灵活的进行权限控制,如访客只需给pull权限即可
- harbor的镜像同步机制
对系统稳定性要求高,需要多个仓库保证高可用性
安装harbor的条件
- docker-compose,Need to install docker-compose(1.18.0+) by yourself first and run this script again.
- docker版本要大于Need to upgrade docker package to 17.06.0+.
- centos的内核版本要大于3.10.0-1127.el7.x86_64。否则会报错。
安装harbor
下载docker-compose
curl -L "https://github.com/docker/compose/releases/download/1.27.4/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
#下载速度快
curl -L https://get.daocloud.io/docker/compose/releases/download/1.25.1/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
给予可执行权限
[root@localhost local]# tar -xf harbor-offline-installer-v2.1.1.tgz && cd harbor
[root@localhost harbor]# vim harbor.yml
hostname: ip地址
http:
port: 85
harbor_admin_password: 123456
database:
password: root123
max_idle_conns: 50
max_open_conns: 1000
data_volume: /data/harbor
# 其余配置选择默认,这里https的先给注释掉
# https related config
#https:
# https port for harbor, default is 443
#port: 443
# The path of cert and key files for nginx
#certificate: /your/certificate/path
#private_key: /your/private/key/path
#安装
[root@localhost harbor]# sh install.sh
# sh install.sh
[Step 0]: checking if docker is installed ...
Note: docker version: 18.06.1
[Step 1]: checking docker-compose is installed ...
Note: docker-compose version: 1.27.4
[Step 2]: loading Harbor images ...
Loaded image: goharbor/harbor-db:v2.1.1
Loaded image: goharbor/redis-photon:v2.1.1
Loaded image: goharbor/notary-signer-photon:v2.1.1
Loaded image: goharbor/clair-photon:v2.1.1
Loaded image: goharbor/clair-adapter-photon:v2.1.1
Loaded image: goharbor/harbor-core:v2.1.1
Loaded image: goharbor/harbor-portal:v2.1.1
Loaded image: goharbor/harbor-log:v2.1.1
Loaded image: goharbor/nginx-photon:v2.1.1
Loaded image: goharbor/prepare:v2.1.1
Loaded image: goharbor/harbor-registryctl:v2.1.1
Loaded image: goharbor/notary-server-photon:v2.1.1
Loaded image: goharbor/trivy-adapter-photon:v2.1.1
Loaded image: goharbor/harbor-jobservice:v2.1.1
Loaded image: goharbor/chartmuseum-photon:v2.1.1
Loaded image: goharbor/registry-photon:v2.1.1
[Step 3]: preparing environment ...
[Step 4]: preparing harbor configs ...
prepare base dir is set to /usr/local/harbor
WARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. Please make sure to upgrade to https
Clearing the configuration file: /config/portal/nginx.conf
Clearing the configuration file: /config/log/logrotate.conf
Clearing the configuration file: /config/log/rsyslog_docker.conf
Clearing the configuration file: /config/nginx/nginx.conf
Clearing the configuration file: /config/core/env
Clearing the configuration file: /config/core/app.conf
Clearing the configuration file: /config/registry/passwd
Clearing the configuration file: /config/registry/config.yml
Clearing the configuration file: /config/registry/root.crt
Clearing the configuration file: /config/registryctl/env
Clearing the configuration file: /config/registryctl/config.yml
Clearing the configuration file: /config/db/env
Clearing the configuration file: /config/jobservice/env
Clearing the configuration file: /config/jobservice/config.yml
Generated configuration file: /config/portal/nginx.conf
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/registryctl/config.yml
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
loaded secret from file: /data/secret/keys/secretkey
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir
Note: stopping existing Harbor instance ...
Stopping harbor-jobservice ... done
Stopping nginx ... done
Stopping harbor-core ... done
Stopping harbor-portal ... done
Stopping registry ... done
Stopping registryctl ... done
Stopping redis ... done
Stopping harbor-db ... done
Stopping harbor-log ... done
Removing harbor-jobservice ... done
Removing nginx ... done
Removing harbor-core ... done
Removing harbor-portal ... done
Removing registry ... done
Removing registryctl ... done
Removing redis ... done
Removing harbor-db ... done
Removing harbor-log ... done
Removing network harbor_harbor
[Step 5]: starting Harbor ...
Creating network "harbor_harbor" with the default driver
Creating harbor-log ... done
Creating registry ... done
Creating harbor-portal ... done
Creating harbor-db ... done
Creating redis ... done
Creating registryctl ... done
Creating harbor-core ... done
Creating nginx ... done
Creating harbor-jobservice ... done
✔ ----Harbor has been installed and started successfully.----
安装结束有一个ui页面,如下所示
FAQ:
1、安装过程中报如下错误
cgroup configuration for process caused \"mkdir
/sys/fs/cgroup/memory/kubepods/burstable/podf1bd9e87-1ef2-11e8-afd3-fa163ecf2dce/8710c146b3c8b52f5da62e222273703b1e3d54a6a6270a0ea7ce1b194f1b5053:
no space left on device\""
解决方案,升级内核版本
harbor的使用
上传镜像到harbor上
vim /etc/docker/daemon.json
#添加harbor的地址
"insecure-registries": ["172.16.xx.xx:85"]
#重启docker服务
systemctl restart docker
查看docker信息
#查看docker信息
docker info
...
ID: HEGT:GM26:ICFM:GYXR:JKVP:J25N:GRO3:OTVZ:FGTD:AG5S:W7QB:XAIK
Docker Root Dir: /data/docker
Insecure Registries:
172.16.xx.xx:85
127.0.0.0/8
Registry Mirrors:
https://pa4gan2a.mirror.aliyuncs.com/
...
harbor认证
在harbor页面上查看
其他服务器上如果要使用该镜像,需要docker pull 即可。