#關閉防火牆與selinux
systemctl stop firewalld.service
systemctl disable firewalld
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux
#更改主機名
[root@www ~]# cat /etc/hostname
harbor.123.com
[root@www ~]# hostname harbor.123.com
exit
#配置解析
[root@harbor ~]# echo "59.47.71.229 harbor.123.com" >>/etc/hosts
[root@harbor ~]# tail -1 /etc/hosts
59.47.71.229 harbor.123.com
#重啟系統
#安裝常用軟件
yum install wget lrzsz net-tools git -y
yum install -y epel-release
#安裝docker
yum -y install docker
yum -y install docker-compose
#依賴軟件安裝
yum install -y yum-utils device-mapper-persistent-data lvm2
#創建harbor數據存儲目錄
[root@harbor ~]# mkdir -p /data
#harbor默認的數據存儲目錄就是/data目錄,不是必須的,后期啟動harbor時也會自動創建的!
#下載地址:
https://github.com/goharbor/harbor/releases?after=v1.5.3
下載二進制文件:
[root@harbor ~]# wget https://storage.googleapis.com/harbor-releases/harbor-offline-installer-v1.5.3.tgz
--2019-05-05 14:34:55-- https://storage.googleapis.com/harbor-releases/harbor-offline-installer-v1.5.3.tgz
Resolving storage.googleapis.com (storage.googleapis.com)... 172.217.31.240, 2404:6800:4005:80d::2010
Connecting to storage.googleapis.com (storage.googleapis.com)|172.217.31.240|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 904278926 (862M) [application/x-tar]
Saving to: ‘harbor-offline-installer-v1.5.3.tgz’
100%[======================================================================>] 904,278,926 2.29MB/s in 3m 39s
2019-05-05 14:38:35 (3.94 MB/s) - ‘harbor-offline-installer-v1.5.3.tgz’ saved [904278926/904278926]
[root@harbor ~]# tar xf harbor-offline-installer-v1.5.3.tgz
[root@harbor ~]# mv harbor /data/
[root@harbor ~]# ll
total 883088
-rw-r--r--. 1 root root 904278926 Sep 12 2018 harbor-offline-installer-v1.5.3.tgz
drwxr-xr-x. 5 root root 39 May 15 2018 perl5
[root@harbor ~]# cd /data/
[root@harbor data]# ll
total 0
drwxr-xr-x. 4 root root 256 May 5 14:41 harbor
#創建CA證書存放目錄
[root@harbor data]# mkdir /data/cert
[root@harbor data]# ll
total 0
drwxr-xr-x. 2 root root 6 May 5 14:43 cert
drwxr-xr-x. 4 root root 256 May 5 14:41 harbor
[root@harbor data]# cd /data/cert/
#創建自己的CA證書
#輸入交互信息
CN
BJ
BJ
WXYC
JSB
harbor.123.com
[root@harbor cert]# openssl req -newkey rsa:4096 -nodes -sha256 -keyout ca.key -x509 -days 365 -out ca.crt
Generating a 4096 bit RSA private key
.............++
..........................++
writing new private key to 'ca.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:BJ
Locality Name (eg, city) [Default City]:BJWXYC
Organization Name (eg, company) [Default Company Ltd]:JSB
Organizational Unit Name (eg, section) []:harbor.123.com
Common Name (eg, your name or your server's hostname) []:
Email Address []:
#生成CA證書簽名請求
#輸入交互信息
CN
BJ
BJ
WXYC
JSB
harbor.123.com
[root@harbor cert]# openssl req -newkey rsa:4096 -nodes -sha256 -keyout harbor.123.com.key -out harbor.123.com.csr
Generating a 4096 bit RSA private key
...............................................................++
..................................................................++
writing new private key to 'harbor.123.com.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:BJ
Locality Name (eg, city) [Default City]:BJ
Organization Name (eg, company) [Default Company Ltd]:WXYC
Organizational Unit Name (eg, section) []:JSB
Common Name (eg, your name or your server's hostname) []:harbor.123.com
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
#生成注冊主機的證書
方式一:使用域名生成注冊主機證書
[root@harbor cert]# openssl x509 -req -days 365 -in harbor.123.com.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out harbor.123.com.crt
Signature ok
subject=/C=CN/ST=BJ/L=BJ/O=WXYC/OU=JSB/CN=harbor.123.com
Getting CA Private Key
[root@harbor cert]# ll
total 24
-rw-r--r--. 1 root root 1956 May 5 14:46 ca.crt
-rw-r--r--. 1 root root 3272 May 5 14:46 ca.key
-rw-r--r--. 1 root root 17 May 5 14:49 ca.srl
-rw-r--r--. 1 root root 1854 May 5 14:49 harbor.123.com.crt
-rw-r--r--. 1 root root 1683 May 5 14:48 harbor.123.com.csr
-rw-r--r--. 1 root root 3272 May 5 14:48 harbor.123.com.key
方式二:使用IP生成注冊主機證書
//echo subjectAltName = IP:192.168.152.170 > extfile.cnf
//openssl x509 -req -days 365 -in wangfeiyu.com.csr -CA ca.crt -CAkey
ca.key -CAcreateserial -extfile extfile.cnf -out harbor.123.com.crt
注:執行以上兩條命令即可實現IP注冊主機證書!
#編輯harbor.cfg文件
[root@harbor cert]# egrep -v "#|^$" /data/harbor/harbor.cfg
_version = 1.5.0
hostname = harbor.123.com #需要修改
ui_url_protocol = https #需要修改
max_job_workers = 50
customize_crt = on
ssl_cert = /data/cert/harbor.123.com.crt #需要修改
ssl_cert_key = /data/cert/harbor.123.com.key #需要修改
secretkey_path = /data
admiral_url = NA
log_rotate_count = 50
log_rotate_size = 200M
http_proxy =
https_proxy =
no_proxy = 127.0.0.1,localhost,ui
email_identity =
email_server = smtp.mydomain.com
email_server_port = 25
email_username = sample_admin@mydomain.com
email_password = abc
email_from = admin <sample_admin@mydomain.com>
email_ssl = false
email_insecure = false
harbor_admin_password = Harbor12345 #可修改。
注:暫時先更改這幾行即可啟動,其他功能按照需求更改!
#啟動docker並設置開機自啟
[root@harbor cert]# systemctl start docker
[root@harbor cert]# systemctl enable docker
[root@harbor cert]# systemctl status docker
#進入harbor解壓目錄
cd /data/harbor/
#安裝harbor
./install.sh
執行結果:
[Step 3]: checking existing instance of Harbor ...
Creating harbor-db ... done
Creating harbor-ui ... done
Creating network "harbor_harbor" with the default driver
Creating nginx ... done
Creating redis ...
Creating registry ...
Creating harbor-adminserver ...
Creating harbor-db ...
Creating harbor-ui ...
Creating nginx ...
Creating harbor-jobservice ...
✔ ----Harbor has been installed and started successfully.----
Now you should be able to visit the admin portal at https://harbor.123.com.
For more details, please visit https://github.com/vmware/harbor .
#harbor的啟動和關閉方式
//關閉harbor服務(先進入harbor目錄)
docker-compose stop
//開啟harbor服務(先進入harbor目錄)
docker-compose up -d
配置本地解析
C:\Windows\System32\drivers\etc\hosts
59.47.71.229 harbor.123.com
#訪問地址:https://harbor.123.com
admin
Harbor12345
#配置登錄證書
[root@harbor cert]# mkdir -p /etc/docker/certs.d/harbor.123.com
[root@harbor ~]# cd /data/cert/
[root@harbor cert]# ll
total 24
-rw-r--r--. 1 root root 1956 May 5 14:46 ca.crt
-rw-r--r--. 1 root root 3272 May 5 14:46 ca.key
-rw-r--r--. 1 root root 17 May 5 14:49 ca.srl
-rw-r--r--. 1 root root 1854 May 5 14:49 harbor.123.com.crt
-rw-r--r--. 1 root root 1683 May 5 14:48 harbor.123.com.csr
-rw-r--r--. 1 root root 3272 May 5 14:48 harbor.123.com.key
[root@harbor cert]# cp harbor.123.com.crt /etc/docker/certs.d/harbor.123.com
[root@harbor cert]# cd /etc/docker/certs.d/harbor.123.com
[root@harbor harbor.123.com]# ll
total 4
-rw-r--r--. 1 root root 1854 May 5 15:31 harbor.123.com.crt
#登錄鏡像倉庫
[root@harbor harbor.123.com]# docker login harbor.123.com
Username: nulige
Password:
Login Succeeded
#退出鏡像倉庫
[root@harbor harbor.123.com]# docker logout harbor.123.com
Removing login credentials for harbor.123.com
[root@harbor harbor.123.com]#
[root@harbor harbor.123.com]#
#為鏡像打標記
語法:
docker tag 原鏡像名 harbor.123.com /項目名/打標記的鏡像名
示例:
[root@harbor harbor]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
yeasy/simple-web v1 172c78152bf6 12 months ago 679 MB
#打標記
[root@harbor harbor]# docker tag yeasy/simple-web harbor.123.com/object/simple-web:v2
#v2版本
[root@harbor harbor]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
harbor.123.com/object/simple-web v2 172c78152bf6 12 months ago 679 MB
yeasy/simple-web v1 172c78152bf6 12 months ago 679 MB
注:如果是普通用戶推送鏡像,切記需要創建項目,不然上傳給默認的library項目沒有權限,只有admin用戶有推送library項目的權利。
#推送鏡像到harbor倉庫
[root@harbor harbor]# docker login harbor.123.com
Username: admin
Password:
Login Succeeded
#推送鏡像
[root@harbor harbor]# docker push harbor.123.com/object/simple-web:v2
The push refers to a repository [harbor.123.com/object/simple-web]
bc8c0c984b54: Pushed
a36d433a3808: Pushed
6bae46c6ee76: Pushed
6bdccf632521: Pushed
62d47657687c: Pushed
4e32c2de91a6: Pushed
6e1b48dc2ccc: Pushed
ff57bdb79ac8: Pushed
6e5e20cbf4a7: Pushed
86985c679800: Pushed
8fad67424c4e: Pushed
v2: digest: sha256:356de309052fe233ba08eb4c9ad85ab89398f31555e8777326d57307ac913727 size: 2633
#harbor服務器本地登陸
#報錯
[root@harbor harbor]# docker login harbor.123.com
Username: nulige
Password:
Error response from daemon: Get https://harbor.123.com/v1/users/: x509: certificate signed by unknown authority
解決方法:
參考配置登錄證書
#登錄報錯
[root@harbor .docker]# docker login harbor.123.com
Username: admin
Password:
Error response from daemon: Get https://harbor.123.com/v1/users/: dial tcp 59.47.71.229:443: connect: connection refused
#解決辦法(用戶登錄后會先生成一個默認配置文件)
[root@harbor harbor.123.com]# cd /root/.docker/
[root@harbor .docker]# ll
total 4
-rw-------. 1 root root 82 May 5 16:01 config.json
#改名
[root@harbor .docker]# mv config.json config.json.back
#進入安裝目錄
[root@harbor harbor]# cd /data/harbor
#停服務
[root@harbor harbor]# docker-compose stop
Stopping harbor-jobservice ... done
Stopping nginx ... done
Stopping harbor-ui ... done
Stopping harbor-adminserver ... done
Stopping harbor-db ... done
Stopping registry ... done
Stopping redis ... done
Stopping harbor-log ... done
#重啟docker服務
[root@harbor harbor]# systemctl restart docker
#啟服務
[root@harbor harbor]# docker-compose up -d
harbor-log is up-to-date
Starting harbor-db ...
Starting registry ...
Starting harbor-adminserver ...
Starting registry ... done
Starting harbor-ui ... done
nginx is up-to-date
Starting harbor-jobservice ... done
#查看鏡像
[root@harbor harbor]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
harbor.123.com/object/simple-web v2 172c78152bf6 12 months ago 679 MB
yeasy/simple-web v1 172c78152bf6 12 months ago 679 MB
#刪除打標記的鏡像
[root@harbor harbor]# docker rmi -f harbor.123.com/object/simple-web:v2
Untagged: harbor.123.com/object/simple-web:v2
Untagged: harbor.123.com/object/simple-web@sha256:356de309052fe233ba08eb4c9ad85ab89398f31555e8777326d57307ac913727
#拉取倉庫鏡像
[root@harbor harbor]# docker pull harbor.123.com/object/simple-web:v2
Trying to pull repository harbor.123.com/object/simple-web ...
v2: Pulling from harbor.123.com/object/simple-web
Digest: sha256:356de309052fe233ba08eb4c9ad85ab89398f31555e8777326d57307ac913727
Status: Downloaded newer image for harbor.123.com/object/simple-web:v2
[root@harbor harbor]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
vmware/redis-photon v1.5.3 dfa8231f015a 7 months ago 214 MB
vmware/clair-photon v2.0.5-v1.5.3 73f052260ffc 7 months ago 309 MB
vmware/notary-server-photon v0.5.1-v1.5.3 4c60eb4504e3 7 months ago 215 MB
vmware/notary-signer-photon v0.5.1-v1.5.3 657f880fb2ac 7 months ago 212 MB
vmware/registry-photon v2.6.2-v1.5.3 b36d6808a36a 7 months ago 201 MB
vmware/nginx-photon v1.5.3 a74f850e2282 7 months ago 138 MB
vmware/harbor-log v1.5.3 41602670745f 7 months ago 203 MB
vmware/harbor-jobservice v1.5.3 8e50928fe8bb 7 months ago 198 MB
vmware/harbor-ui v1.5.3 0c295655007b 7 months ago 215 MB
vmware/harbor-adminserver v1.5.3 87422af2da7e 7 months ago 187 MB
vmware/harbor-db v1.5.3 a1dbf2ab17ea 7 months ago 531 MB
vmware/mariadb-photon v1.5.3 bee395c937df 7 months ago 531 MB
vmware/postgresql-photon v1.5.3 bbec05c7726b 7 months ago 225 MB
photon 1.0 8a37141d9340 8 months ago 127 MB
vmware/harbor-migrator v1.5.0 466c57ab0dc3 12 months ago 1.16 GB
docker.io/yeasy/simple-web latest 172c78152bf6 12 months ago 679 MB
harbor.123.com/object/simple-web v2 172c78152bf6 12 months ago 679 MB
simple-web v1 172c78152bf6 12 months ago 679 MB
yeasy/simple-web v1 172c78152bf6 12 months ago 679 MB
示例2
1、下載redis
#搜索鏡像 [root@harbor harbor]# docker search redis INDEX NAME DESCRIPTION STARS OFFICIAL AUTOMATED docker.io docker.io/redis Redis is an open source key-value store th... 6849 [OK] docker.io docker.io/grokzen/redis-cluster Redis cluster 3.0, 3.2, 4.0 & 5.0 45 #下載redis鏡像 [root@harbor harbor]# docker pull redis:3.2 Trying to pull repository docker.io/library/redis ... 3.2: Pulling from docker.io/library/redis f17d81b4b692: Pull complete b32474098757: Pull complete 8980cabe8bc2: Pull complete 58af19693e78: Pull complete a977782cf22d: Pull complete 9c1e268980b7: Pull complete Digest: sha256:7b0a40301bc1567205e6461c5bf94c38e1e1ad0169709e49132cafc47f6b51f3 Status: Downloaded newer image for docker.io/redis:3.2 #查看鏡像 [root@harbor harbor]# docker images |grep redis docker.io/redis 3.2 87856cc39862 6 months ago 76 MB #啟動容器 [root@harbor harbor]# docker run -p 6379:6379 -v $PWD/data:/data -d redis:3.2 redis-server --appendonly yes de82c63debc5cc21b06ce0f7e1179720fbf1647a8164e707bef1fff2a8c8e714 命令說明: -p 6379:6379 : 將容器的6379端口映射到主機的6379端口 -v $PWD/data:/data : 將主機中當前目錄下的data掛載到容器的/data redis-server --appendonly yes : 在容器執行redis-server啟動命令,並打開redis持久化配置 #查看容器 [root@harbor harbor]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES de82c63debc5 redis:3.2 "docker-entrypoint..." 14 minutes ago Up 14 minutes 0.0.0.0:6379->6379/tcp nifty_mcnulty #給鏡像打tag [root@harbor harbor]# docker tag docker.io/redis:3.2 harbor.123.com/object/redis:3.2 #查看容器 [root@harbor harbor]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE docker.io/redis 3.2 87856cc39862 6 months ago 76 MB harbor.123.com/object/redis 3.2 87856cc39862 6 months ago 76 MB #登錄倉庫 [root@harbor harbor]# docker login harbor.123.com Username (admin): admin Password: Login Succeeded #把鏡像推到倉庫 [root@harbor harbor]# docker push harbor.123.com/object/redis:3.2 The push refers to a repository [harbor.123.com/object/redis] 56431c543d6c: Pushed bb617143299d: Pushed cfe17e3394d7: Pushed aa1a19279a9a: Pushed 197ffb073b01: Pushed 237472299760: Pushed 3.2: digest: sha256:562e944371527d6e11d396fe43fde17c30e28c25c23561b2322db3905cbc71dd size: 1571 #刪除鏡像 [root@harbor harbor]# docker rmi -f harbor.123.com/object/redis:3.2 Untagged: harbor.123.com/object/redis:3.2 Untagged: harbor.123.com/object/redis@sha256:562e944371527d6e11d396fe43fde17c30e28c25c23561b2322db3905cbc71dd [root@harbor harbor]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE docker.io/redis 3.2 87856cc39862 6 months ago 76 MB #拉取鏡像 [root@harbor harbor]# docker pull harbor.123.com/object/redis:3.2 Trying to pull repository harbor.123.com/object/redis ... 3.2: Pulling from harbor.123.com/object/redis Digest: sha256:562e944371527d6e11d396fe43fde17c30e28c25c23561b2322db3905cbc71dd Status: Downloaded newer image for harbor.123.com/object/redis:3.2 #查看鏡像 [root@harbor harbor]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE docker.io/redis 3.2 87856cc39862 6 months ago 76 MB harbor.123.com/object/redis 3.2 87856cc39862 6 months ago 76 MB
#那么如何徹底刪除harbor倉庫的這個鏡像呢?
1.首先去界面刪除這個鏡像 2.在harbor宿主機上執行如下的命令: 先找到當前的registry版本: [root@spark32 harbor]# docker images vmware/registry REPOSITORY TAG IMAGE ID CREATED SIZE vmware/registry 2.6.1-photon 0f6c96580032 3 months ago 150MB
列出要刪除的鏡像: [root@spark32 harbor]# docker run -it --name gc --rm --volumes-from registry vmware/registry:2.6.1-photon garbage-collect --dry-run /etc/registry/config.yml 選項 --dry-run 只是在最后打印出界面刪除了的但是實際上並未刪除的鏡像層,但是這條命令不會刪除這些鏡像層。 運行下面的命令刪除鏡像: [root@spark32 harbor]# docker run -it --name gc --rm --volumes-from registry vmware/registry:2.6.1-photon garbage-collect /etc/registry/config.yml 再次查看存放鏡像的目錄大小: [root@spark32 2017-09-08]# du -sh /data/registry/docker/registry/v2/ 70M /data/registry/docker/registry/v2/
參考: