1.安装配置Harbor
环境rhel 7.6
- 安装docker,python
- 安装docker-compose
sudo curl -L https://github.com/docker/compose/releases/download/1.21.2/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
chmod +x /usr/local/docker-compose [root@harbor harbor]# docker-compose version docker-compose version 1.21.2, build a133471 docker-py version: 3.3.0 CPython version: 3.6.5 OpenSSL version: OpenSSL 1.0.1t 3 May 2016
- 下载harbor
https://github.com/goharbor/harbor/releases
我选择的是harbor-offline-installer-v1.6.2.tgz, 之前 1.5的版本没有镜像了,所以建议选择新一点的。
tar -xvf harbor-offline-installer-v1.6.2.tgz
- 修改配置harbor.cfg,我就修改了hostname
[root@harbor harbor]# cat harbor.cfg ## Configuration file of Harbor #This attribute is for migrator to detect the version of the .cfg file, DO NOT MODIFY! _version = 1.6.0 #The IP address or hostname to access admin UI and registry service. #DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients. hostname = 192.168.56.107:8060 #The protocol for accessing the UI and token/notification service, by default it is http. #It can be set to https if ssl is enabled on nginx. ui_url_protocol = http #Maximum number of job workers in job service max_job_workers = 10
- 修改配置docker-compose.yml,将端口映射修改为8060
networks: - harbor ports: - 8060:80 - 443:443 - 4443:4443
- 根据docker-compose.yml中的镜像把镜像下载到本地
[root@harbor ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE docker.io/openjdk latest 8e7eacedab93 5 days ago 986 MB docker.io/goharbor/redis-photon v1.6.2 473bfdd9d245 3 weeks ago 210 MB docker.io/goharbor/registry-photon v2.6.2-v1.6.2 62c30cdb384a 3 weeks ago 196 MB docker.io/goharbor/nginx-photon v1.6.2 c0602500e829 3 weeks ago 132 MB docker.io/goharbor/harbor-log v1.6.2 781ee4ceb5d3 3 weeks ago 197 MB docker.io/goharbor/harbor-jobservice v1.6.2 3419a2276f96 3 weeks ago 192 MB docker.io/goharbor/harbor-ui v1.6.2 66268686bb96 3 weeks ago 215 MB docker.io/goharbor/harbor-adminserver v1.6.2 4024440925a4 3 weeks ago 181 MB docker.io/goharbor/harbor-db v1.6.2 0ed4186be0d1 3 weeks ago 219 MB
- 修改docker配置 /etc/sysconfig/docker,主要是OPTIONS,ADD_REGISTRY,INSECURE_REGISTRY
[root@harbor harbor]# cat /etc/sysconfig/docker # /etc/sysconfig/docker # Modify these options if you want to change the way the docker daemon runs OPTIONS='--selinux-enabled=false --log-driver=journald --insecure-registry=192.168.56.107:8060' if [ -z "${DOCKER_CERT_PATH}" ]; then DOCKER_CERT_PATH=/etc/docker fi # Do not add registries in this file anymore. Use /etc/containers/registries.conf # instead. For more information reference the registries.conf(5) man page. ADD_REGISTRY='--add-registry 192.168.56.107:8060' INSECURE_REGISTRY='--insecure-registry=192.168.56.107:8060' # Location used for temporary files, such as those created by # docker load and build operations. Default is /var/lib/docker/tmp # Can be overriden by setting the following environment variable. # DOCKER_TMPDIR=/var/tmp # Controls the /etc/cron.daily/docker-logrotate cron job status. # To disable, uncomment the line below. # LOGROTATE=false
- 重启docker服务
systemctl daemon-reload
systemctl restart docker.service
- 安装
[root@harbor harbor]# ./prepare Generated and saved secret to file: /data/secretkey Generated configuration file: ./common/config/nginx/nginx.conf Generated configuration file: ./common/config/adminserver/env Generated configuration file: ./common/config/ui/env Generated configuration file: ./common/config/registry/config.yml Generated configuration file: ./common/config/db/env Generated configuration file: ./common/config/jobservice/env Generated configuration file: ./common/config/jobservice/config.yml Generated configuration file: ./common/config/log/logrotate.conf Generated configuration file: ./common/config/registryctl/env Generated configuration file: ./common/config/ui/app.conf Generated certificate, key file: ./common/config/ui/private_key.pem, cert file: ./common/config/registry/root.crt The configuration files are ready, please use docker-compose to start the service.
[root@harbor harbor]# ./install.sh [Step 0]: checking installation environment ... Note: docker version: 1.13.1 Note: docker-compose version: 1.21.2 [Step 1]: loading Harbor images ... Loaded image: goharbor/registry-photon:v2.6.2-v1.6.2 0155cb3a636c: Loading layer [==================================================>] 23.38 MB/23.38 MB 62f917db5fed: Loading layer [==================================================>] 12.16 MB/12.16 MB 2e192a070c25: Loading layer [==================================================>] 17.3 MB/17.3 MB 64fa72e486ec: Loading layer [==================================================>] 11.26 kB/11.26 kB 23afd47b0f1a: Loading layer [==================================================>] 3.072 kB/3.072 kB 3fa7415d357e: Loading layer [==================================================>] 29.46 MB/29.46 MB Loaded image: goharbor/notary-server-photon:v0.5.1-v1.6.2 2f06068ec40a: Loading layer [==================================================>] 158 MB/158 MB d6e5bcc842f3: Loading layer [==================================================>] 10.93 MB/10.93 MB c272c6b03ae0: Loading layer [==================================================>] 2.048 kB/2.048 kB 7b0653de0007: Loading layer [==================================================>] 48.13 kB/48.13 kB 484f0b8e979d: Loading layer [==================================================>] 3.072 kB/3.072 kB 72004696fb26: Loading layer [==================================================>] 10.98 MB/10.98 MB
- 验证
[root@harbor harbor]# docker-compose ps Name Command State Ports --------------------------------------------------------------------------------------------------------------------------------------- harbor-adminserver /harbor/start.sh Up (healthy) harbor-db /entrypoint.sh postgres Up (healthy) 5432/tcp harbor-jobservice /harbor/start.sh Up harbor-log /bin/sh -c /usr/local/bin/ ... Up (healthy) 127.0.0.1:1514->10514/tcp harbor-ui /harbor/start.sh Up (healthy) nginx nginx -g daemon off; Up (healthy) 0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp, 0.0.0.0:8060->80/tcp redis docker-entrypoint.sh redis ... Up 6379/tcp registry /entrypoint.sh /etc/regist ... Up (healthy) 5000/tcp
登录192.168.56.107:8060, admin/Harbor12345
添加用户,添加项目,然后push镜像验证。
2.Openshift配置
1.需要在每个拉取镜像的节点上配置docker的配置,配置方法参照步骤1的docker配置。
2.修改/etc/origin/master/master-config.yaml配置文件,加入下面这一句
imagePolicyConfig: internalRegistryHostname: docker-registry.default.svc:5000 externalRegistryHostname: 192.168.56.107:8060
3.重新启动master
# master-restart api
# master-restart controllers
在项目中就可以对harbor的公有镜像进行随意拉取和启动了
==============================================================================
openshift相当于一个Harbor的客户端,但是oc自己有一套管理用户权限的机制(可以绑定LDAP),而Harbor自己也有一套管理镜像的权限机制(可以绑定LDAP做认证)
因此这两套机制如何统一联动是个问题。
在原来的interregistry下,每个项目是可以看到自己下面的镜像的
但以相同的路径加入Harbor的镜像明显不再管理之列
而且发现一个bug,通过命令get is的时候发现镜像前全部换成了外部镜像库的地址,不知道是不是我忘了什么地方没有配置
