一:Harbor是一个用于存储和分发Docker镜像的企业级Registry服务器,通过添加一些企业必需的功能特性,例如安全、标识和管理等,扩展了开源Docker Distribution。作为一个企业级私有Registry服务器,Harbor提供了更好的性能和安全。提升用户使用Registry构建和运行环境传输镜像的效率。Harbor支持安装在多个Registry节点的镜像资源复制,镜像全部保存在私有Registry中, 确保数据和知识产权在公司内部网络中管控。另外,Harbor也提供了高级的安全特性,诸如用户管理,访问控制和活动审计等,官网地址:http://vmware.github.io/harbor/index_cn.html,官方github地址:https://github.com/vmware/harbo
1.1:Habor的官方功能介绍:
基于角色的访问控制 - 用户与Docker镜像仓库通过“项目”进行组织管理,一个用户可以对多个镜像仓库在同一命名空间(project)里有不同的权限。 镜像复制 - 镜像可以在多个Registry实例中复制(同步)。尤其适合于负载均衡,高可用,混合云和多云的场景。 图形化用户界面 - 用户可以通过浏览器来浏览,检索当前Docker镜像仓库,管理项目和命名空间。 AD/LDAP 支持 - Harbor可以集成企业内部已有的AD/LDAP,用于鉴权认证管理。 审计管理 - 所有针对镜像仓库的操作都可以被记录追溯,用于审计管理。 国际化 - 已拥有英文、中文、德文、日文和俄文的本地化版本。更多的语言将会添加进来。 RESTful API - RESTful API 提供给管理员对于Harbor更多的操控, 使得与其它管理软件集成变得更容易。 部署简单 - 提供在线和离线两种安装工具, 也可以安装到vSphere平台(OVA方式)虚拟设备。
1.2:下载Habor安装包并安装pip命令:
yum install docker -y
systemctl start docker
wget https://github.com/vmware/harbor/releases/download/0.5.0/harbor-offline-installer-0.5.0.tgz #离线安装包
1.3:下载离线安装包进行部署,官方安装文档:https://github.com/vmware/harbor/blob/master/docs/installation_guide.md:
[root@registry data]# yum install python-pip -y
[root@registry data]# tar xf harbor-offline-installer-v1.1.0.tgz
[root@registry data]# cd harbor
[root@registry harbor]# grep "^[a-Z]" harbor.cfg
hostname = 192.168.36.106
ui_url_protocol = http
db_password = root123
max_job_workers = 3
customize_crt = on
ssl_cert = /data/cert/server.crt
ssl_cert_key = /data/cert/server.key
secretkey_path = /data
admiral_url = NA
email_identity =
email_server = smtp.feitian-tech.com
email_server_port = 25
email_username = zihong.zhang@feitian-tech.com
email_password = abc
email_from = admin <sample_admin@mydomain.com>
email_ssl = false
harbor_admin_password = feitian00
auth_mode = db_auth
ldap_url = ldaps://ldap.mydomain.com
ldap_basedn = ou=people,dc=mydomain,dc=com
ldap_uid = uid
ldap_scope = 3
ldap_timeout = 5
self_registration = on
token_expiration = 30
project_creation_restriction = everyone
verify_remote_cert = on
[root@registry harbor]# ./prepare
Generated and saved secret to file: /data/secretkey
Generated configuration file: ./common/config/nginx/nginx.conf
Generated configuration file: ./common/config/adminserver/env
Generated configuration file: ./common/config/ui/env
Generated configuration file: ./common/config/registry/config.yml
Generated configuration file: ./common/config/db/env
Generated configuration file: ./common/config/jobservice/env
Generated configuration file: ./common/config/jobservice/app.conf
Generated configuration file: ./common/config/ui/app.conf
Generated certificate, key file: ./common/config/ui/private_key.pem, cert file: ./common/config/registry/root.crt
The configuration files are ready, please use docker-compose to start the service.
[root@registry harbor]# echo $?
0
[root@registry harbor]# ./install.sh
[Step 0]: checking installation environment ...
Note: docker version: 1.13.1
✖ Need to install docker-compose(1.7.1+) by yourself first and run this script again. #提示没有安装docker-compose
[root@registry harbor]# pip install docker-compose #安装docker-compose
[root@registry harbor]# ./install.sh
[root@registry harbor]# pip install --upgrade pip #升级pip为最新版
验证后的docker镜像
[root@registry harbor]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
vmware/harbor-jobservice v1.1.0 dc72b1906c56 8 days ago 163 MB
vmware/harbor-ui v1.1.0 9a9e39b95d76 8 days ago 183 MB
vmware/harbor-adminserver v1.1.0 b0089eeed744 8 days ago 142 MB
vmware/harbor-db v1.1.0 352b1c421cac 8 days ago 329 MB
vmware/harbor-notary-db mariadb-10.1.10 64ed814665c6 2 weeks ago 324 MB
vmware/nginx 1.11.5-patched 8ddadb143133 2 weeks ago 199 MB
vmware/notary-photon signer-0.5.0 b1eda7d10640 3 weeks ago 156 MB
vmware/registry photon-2.6.0 6cb4438d7197 4 weeks ago 146 MB
vmware/notary-photon server-0.5.0 6e2646682e3c 4 weeks ago 157 MB
vmware/harbor-log v1.1.0 9c46a7b5e517 2 months ago 192 MB
photon 1.0 e6e4e4a2ba1b 10 months ago 127 MB
通过web管理界面验证:用户名为admin,密码为配置文件里自定义密码。