Harbor倉庫搭建及簡單使用
一、Harbor介紹
Docker容器應用的開發和運行離不開可靠的鏡像管理,雖然Docker官方也提供了公共的鏡像倉庫,但是從安全和效率等方面考慮,部署私有環境內的Registry也是非常必要的。Harbor是由VMware公司開源的企業級的Docker Registry管理項目,它包括權限管理(RBAC)、LDAP、日志審核、管理界面、自我注冊、鏡像復制和中文支持等功能
二、環境准備
Harbor的所有服務組件都是在Docker中部署的,所以官方安裝使用Docker-compose快速部署,所以需要安裝Docker、Docker-compose。由於Harbor是基於Docker Registry V2版本,所以就要求Docker版本不小於1.10.0,Docker-compose版本不小於1.6.0
1)安裝並啟動Docker
安裝所需的包。yum-utils提供了yum-config-manager 效用,並device-mapper-persistent-data和lvm2由需要 devicemapper存儲驅動程序
[root@localhost ~]# yum install -y yum-utils device-mapper-persistent-data lvm2
設置穩定存儲庫
[root@localhost ~]# yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo安裝Docker CE
[root@localhost ~]# yum install -y docker-ce docker-ce-cli containerd.io
添加Docker加速
# vi /etc/docker/daemon.json
{
"registry-mirrors":["https://reg-mirror.qiniu.com/"],
"insecure-registries":["192.168.1.108"]
}
2)安裝Docker-compose
下載指定版本的docker-compose
[root@localhost ~]# curl -L https://github.com/docker/compose/releases/download/1.13.0/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose
對二進制文件賦可執行權限
[root@localhost ~]# chmod +x /usr/local/bin/docker-compose
測試下docker-compose是否安裝成功
[root@localhost ~]# docker-compose --version
docker-compose version 1.13.0, build 1719ceb三、Harbor服務搭建及啟動
1)、下載Harbor安裝文件
從GitHub上https://github.com/goharbor/harbor/releases下載指定版本的安裝包
[root@localhost ~]# mkdir -p /harbor
[root@localhost ~]# cd /harbor/
[root@localhost harbor]# yum -y install wget
[root@localhost harbor]# wget https://github.com/vmware/harbor/releases/download/v1.1.2/harbor-online-installer-v1.1.2.tgz
[root@localhost harbor]# ls
harbor-online-installer-v1.1.2.tgz
[root@localhost harbor]# tar -zxf harbor-online-installer-v1.1.2.tgz
三、配置Harbor
以下配置文件主要修改hostname,其它保持默認即可
db_password = 123456
max_job_workers = 3
customize_crt = on
ssl_cert = /data/cert/server.crt
ssl_cert_key = /data/cert/server.key
secretkey_path = /data
admiral_url = NA配置文件harbor.cfg詳解:
hostname設置訪問地址,可以使用ip、域名,不可以設置為127.0.0.1或localhost
hostname = 192.168.126.162
訪問協議,默認是http,也可以設置https,如果設置https,則nginx ssl需要設置on
ui_url_protocol = http
mysql數據庫root用戶默認密碼root123,實際使用時修改下
db_password = 123456
max_job_workers = 3
customize_crt = on
ssl_cert = /data/cert/server.crt
ssl_cert_key = /data/cert/server.key
secretkey_path = /data
admiral_url = NA
郵件設置,發送重置密碼郵件時使用
email_identity =
email_server = smtp.mydomain.com
email_server_port = 25
email_username = sample_admin@mydomain.com
email_password = abc
email_from = admin <sample_admin@mydomain.com>
email_ssl = false
啟動Harbor后,管理員UI登錄的密碼,默認是Harbor12345
harbor_admin_password = 123456
認證方式,這里支持多種認證方式,如LADP、本次存儲、數據庫認證。默認是db_auth,mysql數據庫認證
auth_mode = db_auth
LDAP認證時配置項
ldap_url = ldaps://ldap.mydomain.com
#ldap_searchdn = uid=searchuser,ou=people,dc=mydomain,dc=com
#ldap_search_pwd = password
ldap_basedn = ou=people,dc=mydomain,dc=com
#ldap_filter = (objectClass=person)
ldap_uid = uid
ldap_scope = 3
ldap_timeout = 5
是否開啟自注冊
self_registration = on
token有效時間,默認30分鍾
token_expiration = 30
用戶創建項目權限控制,默認是everyone(所有人),也可以設置為adminonly(只能管理員)
project_creation_restriction = everyone
verify_remote_cert = on
1)啟動Harbor
修改完配置文件后,在的當前目錄執行./install.sh,Harbor服務就會根據當期目錄下的docker-compose.yml開始下載依賴的鏡像,檢測並按照順序依次啟動各個服務
[root@localhost harbor]# ./install.sh
Harbor依賴的鏡像及啟動服務如下:
[root@localhost harbor]# docker-compose ps
Name Command State Ports
------------------------------------------------------------------------------------------------------------------------------
harbor-adminserver /harbor/harbor_adminserver Up
harbor-db docker-entrypoint.sh mysqld Up 3306/tcp
harbor-jobservice /harbor/harbor_jobservice Up
harbor-log /bin/sh -c crond && rm -f ... Up 127.0.0.1:1514->514/tcp
harbor-ui /harbor/harbor_ui Up
nginx nginx -g daemon off; Up 0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp, 0.0.0.0:80->80/tcp
registry /entrypoint.sh serve /etc/ ... Up 5000/tcp
啟動完成后,訪問剛設置的hostname即可,默認是80端口,如果端口占用,可以去修改docker-compose.yml文件中,對應服務的端口映射
四、Harbor倉庫使用
1)登錄Web Harbor
使用admin用戶登錄,密碼為harbor.cfg配置的密碼,默認為:Harbor12345
2)上傳鏡像到Harbor倉庫
我們新建一個名稱為harbor的項目,設置不公開。當項目設為公開后,任何人都有此項目下鏡像的讀權限。命令行用戶不需要docker login就可以拉取此項目下的鏡像。
新建項目后,使用admin用戶提交本地nginx鏡像到Harbor倉庫
1)admin登錄
使用docker login出現如下問題:
[root@localhost ~]# docker login 192.168.126.162
Username: admin
Password:
Error response from daemon: Get https://192.168.126.162/v2/: read tcp 192.168.126.162:49654->192.168.126.162:443: read: connection reset by peer
解決方法:編輯 # vi /etc/docker/daemon.json,添加如下insecure內容
{
"registry-mirrors":["https://reg-mirror.qiniu.com/"],
"insecure-registries":["192.168.1.108"]
}
重啟Docker服務
# systemctl daemon-reload
# systemctl restart docker
注意如果還是無法登錄,注意需要重新執行 install.sh
再次進行登錄
[root@localhost ~]# docker login 192.168.126.162
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
Login Succeeded
2)給鏡像打tag
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
vmware/harbor-jobservice v1.1.2 4ef0a7a33734 24 months ago 163MB
vmware/harbor-ui v1.1.2 4ee8f190f366 24 months ago 183MB
vmware/harbor-adminserver v1.1.2 cdcf1bed7eb4 24 months ago 142MB
vmware/harbor-db v1.1.2 fcb8aa7a0640 24 months ago 329MB
vmware/registry 2.6.1-photon 0f6c96580032 2 years ago 150MB
vmware/nginx 1.11.5-patched 8ddadb143133 2 years ago 199MB
vmware/harbor-log v1.1.2 9c46a7b5e517 2 years ago 192MB
[root@localhost ~]# docker tag vmware/nginx:1.11.5-patched 192.168.126.162/harbor/nginx:latest
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
vmware/harbor-jobservice v1.1.2 4ef0a7a33734 24 months ago 163MB
vmware/harbor-ui v1.1.2 4ee8f190f366 24 months ago 183MB
vmware/harbor-adminserver v1.1.2 cdcf1bed7eb4 24 months ago 142MB
vmware/harbor-db v1.1.2 fcb8aa7a0640 24 months ago 329MB
vmware/registry 2.6.1-photon 0f6c96580032 2 years ago 150MB
192.168.126.162/harbor/nginx latest 8ddadb143133 2 years ago 199MB
vmware/nginx 1.11.5-patched 8ddadb143133 2 years ago 199MB
vmware/harbor-log v1.1.2 9c46a7b5e517 2 years ago 192MB
3)push到倉庫
[root@localhost ~]# docker push 192.168.126.162/harbor/nginx:latest
The push refers to repository [192.168.126.162/harbor/nginx]
3569f62067e2: Pushed
3f117c44afbb: Pushed
c4a8b7411af4: Pushed
fe4c16cbf7a4: Pushed
latest: digest: sha256:3dce35afeadd7195877b17bf1514b9e388ed671afe428441fe5e0b02cdc26eeb size: 1160上傳成功后,登錄Web Harbor,選擇項目harbor,就可以查看剛剛上傳的nginx鏡像了
4)創建用戶並分配權限
點擊系統管理下的用戶管理,點擊創建用戶,輸入相關信息
將剛剛創建的用戶添加到harbor項目成員中,點擊項目,選擇harbor項目,點擊成員,點擊添加成員,添加姓名選擇角色
使用新建的用戶將剛剛上傳的nginx鏡像拉取下來
先將剛剛nginx鏡像刪除
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
vmware/harbor-jobservice v1.1.2 4ef0a7a33734 24 months ago 163MB
vmware/harbor-ui v1.1.2 4ee8f190f366 24 months ago 183MB
vmware/harbor-adminserver v1.1.2 cdcf1bed7eb4 24 months ago 142MB
vmware/harbor-db v1.1.2 fcb8aa7a0640 24 months ago 329MB
vmware/registry 2.6.1-photon 0f6c96580032 2 years ago 150MB
192.168.126.162/harbor/nginx latest 8ddadb143133 2 years ago 199MB
vmware/nginx 1.11.5-patched 8ddadb143133 2 years ago 199MB
vmware/harbor-log v1.1.2 9c46a7b5e517 2 years ago 192MB
[root@localhost ~]# docker rmi 192.168.126.162/harbor/nginx:latest
Untagged: 192.168.126.162/harbor/nginx:latest
Untagged: 192.168.126.162/harbor/nginx@sha256:3dce35afeadd7195877b17bf1514b9e388ed671afe428441fe5e0b02cdc26eeb
退出admin帳號,使用剛剛創建的用戶登錄
[root@localhost ~]# docker logout 192.168.126.162
Removing login credentials for 192.168.126.162
[root@localhost ~]# docker login 192.168.126.162
Username: harbor
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
5)將harbor中的nginx鏡像拉取到本地
[root@localhost ~]# docker pull 192.168.126.162/harbor/nginx:latest
latest: Pulling from harbor/nginx
Digest: sha256:3dce35afeadd7195877b17bf1514b9e388ed671afe428441fe5e0b02cdc26eeb
Status: Downloaded newer image for 192.168.126.162/harbor/nginx:latest
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
vmware/harbor-jobservice v1.1.2 4ef0a7a33734 24 months ago 163MB
vmware/harbor-ui v1.1.2 4ee8f190f366 24 months ago 183MB
vmware/harbor-adminserver v1.1.2 cdcf1bed7eb4 24 months ago 142MB
vmware/harbor-db v1.1.2 fcb8aa7a0640 24 months ago 329MB
vmware/registry 2.6.1-photon 0f6c96580032 2 years ago 150MB
192.168.126.162/harbor/nginx latest 8ddadb143133 2 years ago 199MB
vmware/nginx 1.11.5-patched 8ddadb143133 2 years ago 199MB
vmware/harbor-log v1.1.2 9c46a7b5e517 2 years ago 192MB
————————————————
原文鏈接:https://blog.csdn.net/qq_40378034/article/details/90752212