根据Harbor官方描述:
Harbor是一个用于存储和分发Docker镜像的企业级Registry服务器,通过添加一些企业必需的功能特性,例如安全、标识和管理等,扩展了开源Docker Distribution。作为一个企业级私有Registry服务器,Harbor提供了更好的性能和安全。提升用户使用Registry构建和运行环境传输镜像的效率。Harbor支持安装在多个Registry节点的镜像资源复制,镜像全部保存在私有Registry中, 确保数据和知识产权在公司内部网络中管控。另外,Harbor也提供了高级的安全特性,诸如用户管理,访问控制和活动审计等。
部署环境:
centos-7.4 192.168.55.34 Docker version 1.13.1 docker-compose version 1.21.2 harbor-offline-installer-v1.5.0.tgz
安装docker-compose
方式1: curl -L https://github.com/docker/compose/releases/download/1.9.0/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose chmod +x /usr/local/bin/docker-compose 方式2: wget https://bootstrap.pypa.io/get-pip.py python get-pip.py pip install docker-compose
安装docker
yum install docker -y vim /etc/systemd/system/docker.service ----------------------------------------------------- [Unit] Description=Docker Application Container Engine Documentation=https://docs.docker.com After=network-online.target firewalld.service Wants=network-online.target [Service] Type=notify ExecStart=/usr/bin/dockerd --insecure-registry=192.168.55.34 ExecReload=/bin/kill -s HUP $MAINPID LimitNOFILE=infinity LimitNPROC=infinity LimitCORE=infinity TimeoutStartSec=0 Delegate=yes KillMode=process Restart=on-failure StartLimitBurst=3 StartLimitInterval=60s [Install] WantedBy=multi-user.target ----------------------------------------------------- 说明: docker 需要上传 push 镜像,需要在 docker 中配置 --insecure-registry docker加速 curl -sSL https://get.daocloud.io/daotools/set_mirror.sh | sh -s http://db411c61.m.daocloud.io #会生成 /etc/docker/daemon.json 文件 启动docker systemctl daemon-reload systemctl enable docker systemctl start docker systemctl status docker
安装harbor
harbor下载地址: http://harbor.orientsoft.cn/ tar -xf harbor-offline-installer-v1.5.0.tgz mv harbor /opt/ cd /opt/harbor/ vim harbor.cfg ----------------------------------------------------- hostname = 192.168.55.34 #这里只是简单的测试,所以只编辑这一行,其他的默认不做修改;当然也可以根据你自己的实际情况做修改! ----------------------------------------------------- 执行安装脚本: ./instsll.sh 说明:安装报错 找不到docker-proxy 、 docker-runc 执行 ln -s /usr/libexec/docker/docker-runc-current /usr/bin/docker-runc ln -s /usr/libexec/docker/docker-proxy-current /usr/bin/docker-proxy Harbor容器的stop与start: cd /opt/harbor/ docker-compose stop/start 到此便安装完成了,直接打开浏览器登陆即可: 默认用户密码是:admin/Harbor12345 #密码 /opt/harbor/harbor.cfg harbor_admin_password参数
harbor上传镜像
[root@docker2 /opt/tools/harbor 11:10:29&&87]#docker login -u admin -p Harbor12345 http://192.168.159.34/v2 #账号密码: admin/Harbor12345 Username: admin Password: Login Succeeded [root@docker2 /opt/tools/harbor 11:11:05&&89]#docker images REPOSITORY TAG IMAGE ID CREATED SIZE docker.io/centos latest 49f7960eb7e4 4 weeks ago 200 MB docker tag docker.io/centos 192.168.55.34/linux/centos6:1.0 #打个镜像tag docker push 192.168.55.34/linux/centos6:1.0 #上传镜像 说明: 格式为: userip/项目名/image名字:版本号 (项目名需要在webui 提前建好)
harbor修改端口号
原文地址: https://www.cnblogs.com/huangjc/p/6420355.html 1、修改docker-compose.yml文件映射为1180端口: cat /opt/harbor/docker-compose.yml ----------------------------------------------------------------- version: '2' services: log: image: vmware/harbor-log:v1.5.0 container_name: harbor-log restart: always volumes: - /var/log/harbor/:/var/log/docker/:z - ./common/config/log/:/etc/logrotate.d/:z ports: - 127.0.0.1:1514:10514 networks: - harbor registry: image: vmware/registry-photon:v2.6.2-v1.5.0 container_name: registry restart: always volumes: - /data/registry:/storage:z - ./common/config/registry/:/etc/registry/:z networks: - harbor environment: - GODEBUG=netdns=cgo command: ["serve", "/etc/registry/config.yml"] depends_on: - log logging: driver: "syslog" options: syslog-address: "tcp://127.0.0.1:1514" tag: "registry" mysql: image: vmware/harbor-db:v1.5.0 container_name: harbor-db restart: always volumes: - /data/database:/var/lib/mysql:z networks: - harbor env_file: - ./common/config/db/env depends_on: - log logging: driver: "syslog" options: syslog-address: "tcp://127.0.0.1:1514" tag: "mysql" adminserver: image: vmware/harbor-adminserver:v1.5.0 container_name: harbor-adminserver env_file: - ./common/config/adminserver/env restart: always volumes: - /data/config/:/etc/adminserver/config/:z - /data/secretkey:/etc/adminserver/key:z - /data/:/data/:z networks: - harbor depends_on: - log logging: driver: "syslog" options: syslog-address: "tcp://127.0.0.1:1514" tag: "adminserver" ui: image: vmware/harbor-ui:v1.5.0 container_name: harbor-ui env_file: - ./common/config/ui/env restart: always volumes: - ./common/config/ui/app.conf:/etc/ui/app.conf:z - ./common/config/ui/private_key.pem:/etc/ui/private_key.pem:z - ./common/config/ui/certificates/:/etc/ui/certificates/:z - /data/secretkey:/etc/ui/key:z - /data/ca_download/:/etc/ui/ca/:z - /data/psc/:/etc/ui/token/:z networks: - harbor depends_on: - log - adminserver - registry logging: driver: "syslog" options: syslog-address: "tcp://127.0.0.1:1514" tag: "ui" jobservice: image: vmware/harbor-jobservice:v1.5.0 container_name: harbor-jobservice env_file: - ./common/config/jobservice/env restart: always volumes: - /data/job_logs:/var/log/jobs:z - ./common/config/jobservice/config.yml:/etc/jobservice/config.yml:z networks: - harbor depends_on: - redis - ui - adminserver logging: driver: "syslog" options: syslog-address: "tcp://127.0.0.1:1514" tag: "jobservice" redis: image: vmware/redis-photon:v1.5.0 container_name: redis restart: always volumes: - /data/redis:/data networks: - harbor depends_on: - log logging: driver: "syslog" options: syslog-address: "tcp://127.0.0.1:1514" tag: "redis" proxy: image: vmware/nginx-photon:v1.5.0 container_name: nginx restart: always volumes: - ./common/config/nginx:/etc/nginx:z networks: - harbor ports: - 1180:80 - 443:443 - 4443:4443 depends_on: - mysql - registry - ui - log logging: driver: "syslog" options: syslog-address: "tcp://127.0.0.1:1514" tag: "proxy" networks: harbor: external: false ------------------------------------------------------------------ 2、修改common/templates/registry/config.yml文件加入1180端口: cat /opt/harbor/common/templates/registry/config.yml ------------------------------------------------------------------ version: 0.1 log: level: info fields: service: registry storage: cache: layerinfo: inmemory $storage_provider_info maintenance: uploadpurging: enabled: false delete: enabled: true http: addr: :5000 secret: placeholder debug: addr: localhost:5001 auth: token: issuer: harbor-token-issuer realm: $public_url:1180/service/token rootcertbundle: /etc/registry/root.crt service: harbor-registry notifications: endpoints: - name: harbor disabled: false url: $ui_url/service/notifications timeout: 3000ms threshold: 5 backoff: 1s ------------------------------------------------------------------ 3、停止harbor,重新启动并生成配置文件: #docker-compose stop # ./install.sh 4、修改docker启动文件,设置信任的主机与端口: #vim /etc/systemd/system/docker.service 修改如下一行 ExecStart=/usr/bin/dockerd --insecure-registry=192.168.55.34:1180 5、重新启动docker: systemctl daemon-reload systemctl restart docker.service 6. 最后,测试验证: # docker login 192.168.55.34:1180 Username: admin Password: Harbor12345 Login Succeeded