Harbor是一个企业级的镜像管理仓库,是VMware主导的一个开源项目(github地址:https://github.com/vmware/harbor)。
部署要求
Harbor会被部署为多个Docker容器,因此可以被部署到任何支持Docker的发行版Linux上。
部署步骤
1. 安装Docker
https://www.cnblogs.com/vincenshen/p/12726919.html
2. 安装Composer
curl -L "https://github.com/docker/compose/releases/download/1.25.5/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose chmod +x /usr/local/bin/docker-compose ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose docker-compose --version
3. 下载Harbor安装包并解压到指定目录
https://github.com/goharbor/harbor/releases
mkdir -p /data/app
tar -zxvf harbor-offline-installer-v1.x.x.tgz -C /data/app
4. 生成SSL证书
openssl genrsa -out ca.key 4096 openssl req -x509 -new -nodes -sha512 -days 3650 -subj "/C=CN/ST=Beijing/L=Beijing/O=Bytedance/OU=IT/CN=bytedance.com" -key ca.key -out ca.crt openssl genrsa -out bytedance.com.key 4096 openssl req -sha512 -new -subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=yourdomain.com" -key yourdomain.com.key -out yourdomain.com.csr cat > v3.ext <<-EOF authorityKeyIdentifier=keyid,issuer basicConstraints=CA:FALSE keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment extendedKeyUsage = serverAuth subjectAltName = @alt_names [alt_names] DNS.1=yourdomain.com DNS.2=yourdomain DNS.3=hostname EOF openssl x509 -req -sha512 -days 3650 -extfile v3.ext -CA ca.crt -CAkey ca.key -CAcreateserial -in yourdomain.com.csr -out yourdomain.com.crt openssl x509 -inform PEM -in yourdomain.com.crt -out yourdomain.com.cert
5. 将证书复制到指定目录
mkdir -p /data/cert cp yourdomain.com.crt /data/cert/ cp yourdomain.com.key /data/cert/ mkdir -p /etc/docker/certs.d/yourdomain.com/ cp yourdomain.com.cert /etc/docker/certs.d/yourdomain.com/ cp yourdomain.com.key /etc/docker/certs.d/yourdomain.com/ cp ca.crt /etc/docker/certs.d/yourdomain.com/
systemctl restart docker6. 修改harbor配置文件
# vim /data/app/harbor/harbor.yml hostname: harbor.xxxx.com certificate: /data/cert/xxxx.com.crt private_key: /data/cert/xxxx.com.key harbor_admin_password: Harbor12345
7. 运行准备脚本
# cd /data/app/harbor/ # ./prepare prepare base dir is set to /data/app/harbor Clearing the configuration file: /config/log/logrotate.conf Clearing the configuration file: /config/log/rsyslog_docker.conf Generated configuration file: /config/log/logrotate.conf Generated configuration file: /config/log/rsyslog_docker.conf Generated configuration file: /config/nginx/nginx.conf Generated configuration file: /config/core/env Generated configuration file: /config/core/app.conf Generated configuration file: /config/registry/config.yml Generated configuration file: /config/registryctl/env Generated configuration file: /config/db/env Generated configuration file: /config/jobservice/env Generated configuration file: /config/jobservice/config.yml Generated and saved secret to file: /secret/keys/secretkey Generated certificate, key file: /secret/core/private_key.pem, cert file: /secret/registry/root.crt Generated configuration file: /compose_location/docker-compose.yml Clean up the input dir
8. 运行安装脚本
# cd /data/app/harbor/ # ./install.sh [Step 0]: checking if docker is installed ... Note: docker version: 19.03.8 [Step 1]: checking docker-compose is installed ... Note: docker-compose version: 1.25.5 [Step 2]: loading Harbor images ... Loaded image: goharbor/harbor-db:v1.10.2 Loaded image: goharbor/notary-server-photon:v1.10.2 Loaded image: goharbor/clair-photon:v1.10.2 Loaded image: goharbor/harbor-portal:v1.10.2 Loaded image: goharbor/harbor-core:v1.10.2 Loaded image: goharbor/harbor-jobservice:v1.10.2 Loaded image: goharbor/harbor-registryctl:v1.10.2 Loaded image: goharbor/redis-photon:v1.10.2 Loaded image: goharbor/nginx-photon:v1.10.2 Loaded image: goharbor/chartmuseum-photon:v1.10.2 Loaded image: goharbor/harbor-log:v1.10.2 Loaded image: goharbor/registry-photon:v1.10.2 Loaded image: goharbor/notary-signer-photon:v1.10.2 Loaded image: goharbor/harbor-migrator:v1.10.2 Loaded image: goharbor/prepare:v1.10.2 Loaded image: goharbor/clair-adapter-photon:v1.10.2 [Step 3]: preparing environment ... [Step 4]: preparing harbor configs ... prepare base dir is set to /data/app/harbor Clearing the configuration file: /config/log/logrotate.conf Clearing the configuration file: /config/log/rsyslog_docker.conf Clearing the configuration file: /config/nginx/nginx.conf Clearing the configuration file: /config/core/env Clearing the configuration file: /config/core/app.conf Clearing the configuration file: /config/registry/config.yml Clearing the configuration file: /config/registryctl/env Clearing the configuration file: /config/registryctl/config.yml Clearing the configuration file: /config/db/env Clearing the configuration file: /config/jobservice/env Clearing the configuration file: /config/jobservice/config.yml Generated configuration file: /config/log/logrotate.conf Generated configuration file: /config/log/rsyslog_docker.conf Generated configuration file: /config/nginx/nginx.conf Generated configuration file: /config/core/env Generated configuration file: /config/core/app.conf Generated configuration file: /config/registry/config.yml Generated configuration file: /config/registryctl/env Generated configuration file: /config/db/env Generated configuration file: /config/jobservice/env Generated configuration file: /config/jobservice/config.yml loaded secret from file: /secret/keys/secretkey Generated configuration file: /compose_location/docker-compose.yml Clean up the input dir [Step 5]: starting Harbor ... Creating network "harbor_harbor" with the default driver Creating harbor-log ... done Creating harbor-db ... done Creating harbor-portal ... done Creating redis ... done Creating registry ... done Creating registryctl ... done Creating harbor-core ... done Creating nginx ... done Creating harbor-jobservice ... done ✔ ----Harbor has been installed and started successfully.----
9. 验证
# docker-compose ps Name Command State Ports --------------------------------------------------------------------------------------------------------------- harbor-core /harbor/harbor_core Up (healthy) harbor-db /docker-entrypoint.sh Up (healthy) 5432/tcp harbor-jobservice /harbor/harbor_jobservice ... Up (healthy) harbor-log /bin/sh -c /usr/local/bin/ ... Up (healthy) 127.0.0.1:1514->10514/tcp harbor-portal nginx -g daemon off; Up (healthy) 8080/tcp nginx nginx -g daemon off; Up (healthy) 0.0.0.0:80->8080/tcp, 0.0.0.0:443->8443/tcp redis redis-server /etc/redis.conf Up (healthy) 6379/tcp registry /home/harbor/entrypoint.sh Up (healthy) 5000/tcp registryctl /home/harbor/start.sh Up (healthy)
10. 浏览器登录
https://harbor-ip
用户名: admin 密码:Harbor12345
11. docker cli 登录 harbor
/usr/lib/systemd/system/docker.service中修改ExecStart的启动参数增加:
--insecure-registry harbor.test.com
重启docker
systemctl daemon-reload && systemctl restart docker.service
登录harbor
docker login -u admin -p Harbor12345 harbor.test.com
参考文档
https://goharbor.io/docs/1.10/install-config/