harbor搭建v1.8.3

harbor版本：harbor-offline-installer-v1.8.3.tgz

docker-compose version 1.24.1, build 4667896b

 一、安裝docker

curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.163.com/.help/CentOS7-Base-163.repo
curl -o /etc/yum.repos.d/docker-ce.repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum clean all && yum makecache

先檢查docker-ce位於哪個倉庫，安裝時選擇穩定版

# yum list docker-ce --showduplicates | sort -r
# yum install docker-ce -y
yum install docker-ce-18.09.8 -y

docker設置

vim /usr/lib/systemd/system/docker.service

#Environment="HTTP_PROXY=http://www.proxy.com"
#Environment="HTTPS_PROXY=http://www.proxy.com"
#Environment="NO_PROXY=127.0.0.0/8,172.20.0.0/16,10.10.10.0/24"
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
# ExecStartPost=/usr/sbin/iptables -P FORWARD ACCEPT
ExecStartPost=/usr/sbin/iptables -I FORWARD -s 0.0.0.0/0 -j ACCEPT # 添加此行（可選）
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0

# docker 加速
mkdir /etc/docker
cat <<EOF > /etc/docker/daemon.json 
{
  "registry-mirrors": ["https://kz7brmw7.mirror.aliyuncs.com"] }
EOF

啟動docker

systemctl daemon-reload
systemctl restart docker
systemctl status docker
systemctl enable docker

 二、安裝harbor 

 

 

https://github.com/goharbor/harbor/releases/tag/v1.8.3

https://storage.googleapis.com/harbor-releases/release-1.8.0/harbor-offline-installer-v1.8.3.tgz

# 解壓文件到 home 目錄，注意，后面的操作都是基於 /home/harbor 路徑。
tar xvf harbor-offline-installer-v1.8.3.tgz -C /home

創建證書文件 

使用 OpenSSL 創建的自簽證書，瀏覽器顯示是不安全的，但是方便。創建命令如下 

[ ! -d /home/harbor/certs ] && mkdir -p /home/harbor/certs
cd /home/harbor/certs

openssl req \
-newkey rsa:4096 -nodes -sha256 -keyout ./harbor.key -x509 -out ./harbor.crt \
-subj /C=CN/ST=BJ/L=BJ/O=DEVOPS/CN=harbor.hub.com -days 3650

 

 如果使用cfssl創建證書，使用私有CA簽署，瀏覽器顯示有安全的小鎖（openssl 應該也可以）。創建方法於另一篇博客：https://www.cnblogs.com/outsrkem/p/12182243.html

 

 

 修改配置

# The IP address or hostname to access admin UI and registry service.
# DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
hostname: harbor.hub.com     # 此處修改

# http related config
#http:     # 此處修改，注釋掉   # port for http, default is 80. If https enabled, this port will redirect to https port
#  port: 80 # 此處修改，注釋掉

# https related config
https:  # 此處修改，打開注釋，注意縮進
#   # https port for harbor, default is 443
  port: 443 # 此處修改，打開注釋，注意縮進
#   # The path of cert and key files for nginx
  certificate: /home/harbor/certs/harbor.pem # 此處修改，注意證書文件名
  private_key: /home/harbor/certs/harbor-key.pem # 此處修改，注意證書文件名

······
# The default data volume
data_volume: /home/harbor/data   # 此處修改

······

啟動harbor

./install.sh

訪問

設置 hosts 映射文件
C:\Windows\System32\drivers\etc\hosts
https://harbor.hub.com 。默認管理員用戶名：  admin    密碼： Harbor12345

指定鏡像倉庫地址

vim /etc/docker/daemon.json
{
  "insecure-registries": ["harbor.hub.com"]
}

下載測試鏡像

docker pull hello-world

給鏡像重新打標簽

docker tag hello-world:latest harbor.hub.com/library/word:latest
docker login harbor.hub.com -uadmin -pHarbor12345
docker push harbor.hub.com/library/word:latest

注意：

同樣標簽的鏡像是可以再次推送到倉庫的，會覆蓋之前的鏡像
同樣標簽的鏡像可以拉去到本地，上一個鏡像標簽會變成 <none>

 配置 harbor 開機自啟動

 

# /etc/systemd/system/harbor.service
# systemctl start harbor.service
# systemctl enable harbor.service
#
[Unit]
Description=Docker Compose Application Service
Requires=docker.service
After=network.target remote-fs.target nss-lookup.target
Documentation=http://github.com/vmware/harbor
[Service]
Type=oneshot
RemainAfterExit=yes
WorkingDirectory=/home/harbor
ExecStart=/usr/local/bin/docker-compose up -d
ExecStop=/usr/local/bin/docker-compose down
TimeoutStartSec=0
[Install]
WantedBy=multi-user.target