安裝Harbor,首先要安裝docker 和 docker-compose
1.安裝docker
(1)安裝一些必要的系統工具
$ yum install -y yum-utils device-mapper-persistent-data lvm2
(2)添加軟件源信息
$ yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
(3)更新 yum 緩存
$ yum makecache fast
(4)安裝 Docker-ce
$ yum -y install docker-ce
(5)啟動 Docker 后台服務
$ systemctl start docker
2.安裝docker-compose
(1)下載二進制文件
$ curl -L https://github.com/docker/compose/releases/download/1.16.1/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
(2)賦予二進制文件可執行權限
$ chmod +x /usr/local/bin/docker-compose
(3)根據自己的情況決定是否安裝命令補全功能
$ yum install bash-completion $ curl -L https://raw.githubusercontent.com/docker/compose/1.16.1/contrib/completion/bash/docker-compose -o /etc/bash_completion.d/docker-compose
(4)測試是否安裝成功
$ docker-compose --version
3.安裝harbor
(1)下載
$ wget -P /usr/local/src/ https://github.com/vmware/harbor/releases/download/v1.2.0/harbor-online-installer-v1.2.0.tgz
(2)解壓
$ tar zxf harbor-online-installer-v1.2.0.tgz -C /usr/local/
(3)修改配置文件
$ cd /usr/local/harbor/ $ vim /usr/local/harbor/harbor.cfg
修改
hostname = harbor (啟動harbor為主機名)
否則會報異常:
➜ Please set hostname and other necessary attributes in harbor.cfg first. DO NOT use localhost or 127.0.0.1 for hostname, because Harbor needs to be accessed by external clients.
Please set --with-notary if needs enable Notary in Harbor, and set ui_url_protocol/ssl_cert/ssl_cert_key in harbor.cfg bacause notary must run under https.
Please set --with-clair if needs enable Clair in Harbor
(4)執行安裝
$ ./install.sh
默認賬號密碼: admin / Harbor12345 登錄后修改密碼
(6)啟動和重啟
Harbor 的日常運維管理是通過docker-compose來完成的,Harbor本身有多個服務進程,都放在docker容器之中運行,我們可以通過docker ps命令查看。
查看Harbor # docker-compose ps 啟動Harbor # docker-compose start 停止Harbor # docker-comose stop 重啟Harbor # docker-compose restart
如果是用 docker-compose start 會報錯:
ERROR: for nginx UnixHTTPConnectionPool(host='localhost', port=None): Read timed out. (read timeout=60)
ERROR: for harbor-log UnixHTTPConnectionPool(host='localhost', port=None): Read timed out. (read timeout=60)
ERROR: An HTTP request took too long to complete. Retry with --verbose to obtain debug information.
因此使用 docker-compose up -d 啟動
4. 上傳和下載
(1)配置daemon.json
$ vim /etc/docker/daemon.json
{
"registry-mirrors": ["https://njrds9qc.mirror.aliyuncs.com"],
"insecure-registries":["192.168.38.23"]
}
然后依次執行如下命令:
$ docker-compose stop $ systemctl daemon-reload $ systemctl restart docker $ docker-compose up -d
(2)客戶端將鏡像打tag
命令格式:docker tag SOURCE_IMAGE[:TAG] harbor/library/IMAGE[:TAG]
docker tag 83f3f8af3613 192.168.38.23/library/tomcat:7.0.69-jre7
(3)客戶端push鏡像之前,先登錄服務端
$ docker login 192.168.38.23 Username: admin Password:
用戶名密碼:admin / Harbor12345
備注:如果登錄時出現 Error response from daemon: Get http://192.168.38.23/v2/: Get http://harbor/service/token?account=admin&client_id=docker&offline_token=true&service=harbor-registry: dial tcp: lookup harbor on 192.168.38.2:53: no such host.
則需要執行第5步操作,配置TLS證書
(4)客戶端push
push命令格式: docker push harbor/library/IMAGE[:TAG]
$ docker push 192.168.38.23/library/tomcat:7.0.69-jre7
5.Harbor配置TLS證書
(1)修改Harbor配置文件
因為Harbor默認使用http協議訪問,所以我們這里在配置文件中,開啟https配置;
配置harbor.cfg
hostname = 192.168.38.23
ui_url_protocol = https
ssl_cert = /etc/certs/ca.crt
ssl_cert_key = /etc/certs/ca.key
(2)創建自簽名證書key文件
$ mkdir /etc/certs $ openssl genrsa -out /etc/certs/ca.key 2048 Generating RSA private key, 2048 bit long modulus ....+++ ..................................................+++ e is 65537 (0x10001)
(3)創建自簽名證書crt文件
$ openssl req -x509 -new -nodes -key /etc/certs/ca.key -subj "/CN=192.168.38.23" -days 5000 -out /etc/certs/ca.crt
(4)開始安裝Harbor
$ ./install.sh
(5)客戶端配置
客戶端需要創建證書文件存放的位置,並且把服務端創建的證書拷貝到該目錄下,然后重啟客戶端docker
$ mkdir -p /etc/docker/certs.d/192.168.38.23
把服務端crt證書文件拷貝到客戶端,這里的客戶端為192.168.38.21
$ scp /etc/certs/ca.crt root@192.168.38.21:/etc/docker/certs.d/192.168.38.23/
重啟客戶端docker
$ systemctl restart docker
$ docker login 192.168.38.23 Username: admin Password: WARNING! Your password will be stored unencrypted in /root/.docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store Login Succeeded $ docker push 192.168.38.23/library/tomcat:7.0.69-jre7
push成功后登錄Harbor可查看剛才上傳的鏡像,這里的鏈接地址也變成了https了 https://192.168.38.23/harbor/sign-in
(6)客戶端docker pull 測試
備注:如果pull不成功,可能需要修改daemon.json 文件