Docker harbor安裝

環境要求

目錄

• 環境要求
  • 硬件要求
  • 軟件要求
• 安裝
  • 下載安裝程序
  • 配置harbor
• harbor管理
• 測試上傳和下載
• 參數

harbor可以部署在任何支持Docker的Linux發行版上，系統需要安裝docker和docker compose

docker compose 安裝

硬件要求

資源	容量
CPU	2CPU
MEM	4GB
Disk	40GB

軟件要求

軟件	版本
Docker engine	version 17.03.0-ce+ or higher
Docker Compose	version 1.18.0 or higher
Openssl	latest is preferred

安裝

docker及docker compose需要提前裝好，此處不在介紹。

1. 下載安裝程序
2. 配置harbor.yml
3. 運行install.sh並啟動harbor

下載安裝程序

harbor安裝可以使用在線安裝或者離線安裝。在線安裝需要聯網所以體積非常小，離線安裝的包比較大。

[root@node1 ~]# wget https://storage.googleapis.com/harbor-releases/release-1.8.0/harbor-online-installer-v1.8.0.tgz

[root@node1 ~]# tar -zxvf harbor-online-installer-v1.8.0.tgz 
harbor/prepare
harbor/LICENSE
harbor/install.sh
harbor/harbor.yml
[root@node1 ~]#

配置harbor

配置參數位於harbor.yml

更改harbor.yml中的hostname為主機名，或域名

[root@node1 harbor]# cat harbor.yml |grep hostname
# The IP address or hostname to access admin UI and registry service.
hostname: 192.168.49.135
# And when it enabled the hostname will no longer used
[root@node1 harbor]# 

安裝並啟動harbor

[root@node1 harbor]# ./install.sh

[Step 0]: checking installation environment ...

Note: docker version: 18.09.6

Note: docker-compose version: 1.24.0


[Step 1]: preparing environment ...
prepare base dir is set to /root/harbor
Unable to find image 'goharbor/prepare:v1.8.0' locally
v1.8.0: Pulling from goharbor/prepare
4e360eca2e60: Pull complete 
cd3c4c42d48b: Pull complete 
647e8efbf475: Pull complete 
79272af3d010: Pull complete 
1aec5eb71578: Pull complete 
1a29af1ecc2c: Pull complete 
e382cb5c1ecb: Pull complete 
Digest: sha256:c590164ae2c54e360642b1174c8ad90306b05ca0582f02f35889346c113e555d
Status: Downloaded newer image for goharbor/prepare:v1.8.0
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
Generated and saved secret to file: /secret/keys/secretkey
Generated certificate, key file: /secret/core/private_key.pem, cert file: /secret/registry/root.crt
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir



[Step 2]: starting Harbor ...
Creating network "harbor_harbor" with the default driver
Pulling log (goharbor/harbor-log:v1.8.0)...
v1.8.0: Pulling from goharbor/harbor-log
4e360eca2e60: Already exists
19719f801952: Pull complete
1b26f237e309: Pull complete
a7cf4af5e27b: Pull complete
cd70ec1f0903: Pull complete
3c6107a6066b: Pull complete
f5c172b30a43: Pull complete
3609dae2ce51: Pull complete
Digest: sha256:ebe674ba07a4b8ad892e50940d63461bca5441f6597cd10eb492818a3860cf9b
Status: Downloaded newer image for goharbor/harbor-log:v1.8.0
Pulling registry (goharbor/registry-photon:v2.7.1-patch-2819-v1.8.0)...
v2.7.1-patch-2819-v1.8.0: Pulling from goharbor/registry-photon
4e360eca2e60: Already exists
019e3b299790: Pull complete
955e0a4401e7: Pull complete
1139d007f6cd: Pull complete
869f8b832100: Pull complete
4aee74a3468c: Pull complete
Digest: sha256:03200ae6dc7deca56e22381b8337cc69d840c56cf0b3feaa9e06fbac31bb55f3
Status: Downloaded newer image for goharbor/registry-photon:v2.7.1-patch-2819-v1.8.0
Pulling registryctl (goharbor/harbor-registryctl:v1.8.0)...
v1.8.0: Pulling from goharbor/harbor-registryctl
4e360eca2e60: Already exists
ab085a36c7cd: Pull complete
571257e86b35: Pull complete
2867800b1257: Pull complete
90f61d3f1446: Pull complete
67e540c6f39c: Pull complete
c902509ccb9f: Pull complete
Digest: sha256:6beeb6cf191cf2abe8145ed53d0127448f6d2317825e5475ded680f304ce52e3
Status: Downloaded newer image for goharbor/harbor-registryctl:v1.8.0
Pulling postgresql (goharbor/harbor-db:v1.8.0)...
v1.8.0: Pulling from goharbor/harbor-db
4e360eca2e60: Already exists
cac78cdfc92b: Pull complete
9f8852fe17a9: Pull complete
c5e3ae0f4818: Pull complete
7c33673c6790: Pull complete
0acede6fcad2: Pull complete
3ed5e1a94c43: Pull complete
d9664b433f2f: Pull complete
6e77542b7dfc: Pull complete
Digest: sha256:2991653910717c0fe11e03dd5cdf19be42dfa221abbf5d529ff0ad534f6297bc
Status: Downloaded newer image for goharbor/harbor-db:v1.8.0
Pulling core (goharbor/harbor-core:v1.8.0)...
v1.8.0: Pulling from goharbor/harbor-core
4e360eca2e60: Already exists
c066267eb2b9: Pull complete
932afda2a169: Pull complete
7ed16fb7e79a: Pull complete
d09137d80617: Pull complete
588769341947: Pull complete
Digest: sha256:7899f284617bb051180adf6c3aedd140a519d9092b8986dd9058d4dcec0d31de
Status: Downloaded newer image for goharbor/harbor-core:v1.8.0
Pulling portal (goharbor/harbor-portal:v1.8.0)...
v1.8.0: Pulling from goharbor/harbor-portal
4e360eca2e60: Already exists
407631badd44: Pull complete
48732609a31b: Pull complete
7990fc5850c8: Pull complete
7791f3309bed: Pull complete
912a71f3fbcb: Pull complete
Digest: sha256:f84ec78616f9e99c6355ee93567f17a6727b3b7cd548ab64702977f75ac506cf
Status: Downloaded newer image for goharbor/harbor-portal:v1.8.0
Pulling redis (goharbor/redis-photon:v1.8.0)...
v1.8.0: Pulling from goharbor/redis-photon
4e360eca2e60: Already exists
b08cc3be5c43: Pull complete
a750a309c85d: Pull complete
49b2d8335a1a: Pull complete
31e8f89dc042: Pull complete
Digest: sha256:1e2ce8e6a852713d789c6315642d1483d1efdb4acee4699817810bef219ec93d
Status: Downloaded newer image for goharbor/redis-photon:v1.8.0
Pulling jobservice (goharbor/harbor-jobservice:v1.8.0)...
v1.8.0: Pulling from goharbor/harbor-jobservice
4e360eca2e60: Already exists
b9ac5e1016a6: Pull complete
37913733f07f: Pull complete
98baf7450120: Pull complete
Digest: sha256:8ca82f98c8e970b41214793e1d9d99caaf1f84fe3a33ae510be6580b50c53ea2
Status: Downloaded newer image for goharbor/harbor-jobservice:v1.8.0
Pulling proxy (goharbor/nginx-photon:v1.8.0)...
v1.8.0: Pulling from goharbor/nginx-photon
4e360eca2e60: Already exists
985391e9918d: Pull complete
Digest: sha256:9c7c9ca3d34e5872743577ce911cabce9965935261f3b53de4196ce394504799
Status: Downloaded newer image for goharbor/nginx-photon:v1.8.0
Creating harbor-log ... done
Creating registryctl ... done
Creating redis       ... done
Creating harbor-db   ... done
Creating registry    ... done
Creating harbor-core ... done
Creating harbor-portal     ... done
Creating harbor-jobservice ... done
Creating nginx             ... done

✔ ----Harbor has been installed and started successfully.----

Now you should be able to visit the admin portal at http://192.168.49.135. 
For more details, please visit https://github.com/goharbor/harbor .

啟動后用瀏覽器訪問http://192.168.49.135（hostname處填寫的值）
默認用戶名，密碼為 admin/Harbor12345

到這安裝結束

harbor管理

Harbor 的日常運維管理是通過docker-compose來完成的。管理命令需要在docker-compose.yml文件所在目錄執行

停止harbor

```script
[root@node1 harbor]# docker-compose stop
Stopping nginx             ... done
Stopping harbor-jobservice ... done
Stopping harbor-portal     ... done
Stopping harbor-core       ... done
Stopping registry          ... done
Stopping harbor-db         ... done
Stopping redis             ... done
Stopping registryctl       ... done
Stopping harbor-log        ... done
[root@node1 harbor]#
```

啟動harbor

```script
[root@node1 harbor]# docker-compose start
Starting log         ... done
Starting registry    ... done
Starting registryctl ... done
Starting postgresql  ... done
Starting core        ... done
Starting portal      ... done
Starting redis       ... done
Starting jobservice  ... done
Starting proxy       ... done
[root@node1 harbor]# 
```

測試上傳和下載

1. docker默認使用https，這里需要改一下docker，支持http

   [root@node1 harbor]# vim /etc/docker/daemon.json
   [root@node1 harbor]# cat /etc/docker/daemon.json 
   { "insecure-registries":["http://192.168.49.135"] }
   [root@node1 harbor]#systemctl restart docker.service
   [root@node1 harbor]#
   
   如果harbor和docker客戶端在一台服務器上，上邊的操作會關閉harbor，記得重啟harbor
   
   [root@node1 harbor]# docker-compose start
   Starting log         ... done
   Starting registry    ... done
   Starting registryctl ... done
   Starting postgresql  ... done
   Starting core        ... done
   Starting portal      ... done
   Starting redis       ... done
   Starting jobservice  ... done
   Starting proxy       ... done
   

2. 在harbor創建項目
   

3. 登錄harbor

   [root@node1 harbor]# docker login 192.168.49.135
   Username: admin
   Password: 
   WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
   Configure a credential helper to remove this warning. See
   https://docs.docker.com/engine/reference/commandline/login/#credentials-store
   
   Login Succeeded
   [root@node1 harbor]# 
   

4. 上傳

   上傳准備好的image
   [root@node1 harbor]# docker push 192.168.49.135/nginx/nginx:v1
   The push refers to repository [192.168.49.135/nginx/nginx]
   332fa54c5886: Pushed 
   6ba094226eea: Pushed 
   6270adb5794c: Pushed 
   v1: digest: sha256:e770165fef9e36b990882a4083d8ccf5e29e469a8609bb6b2e3b47d9510e2c8d size: 948
   [root@node1 harbor]#
   

5. 下載

   [root@node1 harbor]# docker pull 192.168.49.135/nginx/nginx:v1
   v1: Pulling from nginx/nginx
   Digest: sha256:e770165fef9e36b990882a4083d8ccf5e29e469a8609bb6b2e3b47d9510e2c8d
   Status: Image is up to date for 192.168.49.135/nginx/nginx:v1
   [root@node1 harbor]#
   

參數

有兩類參數，必須參數、可選參數

• 系統級參數
  • 系統級參數必須在配置文件中更改，更改后需要執行install.sh重新安裝harbor
• 用戶級參數
  • 第一次啟動harbor后在web頁面更新。在harbor注冊或創建新用戶之前需要設置auth_mode。當系統中有用戶（除了默認的管理用戶）時auth_mode不能更改

核心參數

• hostname：用於訪問web頁面和registry service的名稱。可以是IP地址或者是域名
• data_volume：存儲harbor數據的位置
• harbor_admin_password：管理員的初始密碼，只在第一次啟動時生效。默認用戶名密碼admin/Harbor12345
• database：與本地數據庫相關的配置
  • password：harbor db root用戶的密碼
• jobservice
  • max_job_workers：job service中復制進程的最大數量
• log
  • level
  • rotate_count
  • rotate_size
  • location：存儲日志的目錄

可選參數

• http
  • port
• https
  • port
  • certificate
  • private_key
• external_url：代理地址，啟用后hostname不在生效

......

參考
https://github.com/goharbor/harbor/blob/master/docs/installation_guide.md