文章目录
您需要了解
本次搭建采用 华为云耀云服务器 ,一键部署、快速搭建企业级 Registry 服务器
Harbor v2.7.0Docker 版本为
24.0.5,Docker-compose采用1.29.2,Harbor 采用v2.7.0,点击这里Github下载。如访问受限,您可通过站内私信进行获取。
Harbor介绍
Harbor是一个开源的企业级Registry服务器,用于管理和存储Docker镜像和OCI容器镜像。作为一个高可用、安全可靠的容器镜像仓库,Harbor提供了丰富的功能和管理工具,以帮助组织有效地构建和管理容器镜像。
Harbor特性和优势
- 安全可靠:Harbor提供了严格的用户认证和访问控制机制,支持集成LDAP、AD等身份认证系统,保障镜像仓库的安全性。此外,它还提供镜像签名和验证功能,确保镜像的完整性和来源可信。
- 管理和控制:Harbor具有灵活而强大的权限管理功能,管理员可以精确控制用户对镜像的读写权限,实现细粒度的权限控制。同时,管理员可以轻松管理镜像仓库的生命周期,包括创建、删除、修改和搜索镜像,以及查看镜像的详细信息。
- 复制和同步:Harbor支持镜像仓库的复制和同步,在多个地理位置或数据中心之间同步镜像,提高可用性和安全性。这使得团队可以更方便地访问和使用镜像,无论其所在的地理位置。
- 审计和日志记录:Harbor提供全面的审计功能,记录用户的操作和系统事件,方便追踪和审计。这有助于组织监控和管理容器镜像的使用情况,保证合规性和安全性。
- 镜像扫描和漏洞管理:Harbor集成了容器镜像扫描工具,可以对镜像进行漏洞扫描和安全性检查。这有助于组织及时发现和解决镜像中存在的安全问题,并确保镜像的可信度。
- 多租户支持:Harbor支持多租户模式,可以根据团队或项目创建独立的命名空间,实现隔离和资源管理。这样不同团队之间可以独立管理自己的镜像仓库,提高开发效率和资源利用率。
系统设置
关闭防火墙
root@hcss-ecs-5c9b:~# ufw disable
Firewall stopped and disabled on system startup
安装Docker
使用 ssh 连接到云服务器
# 查看云服务器版本
root@hcss-ecs-5c9b:~# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 22.04.1 LTS
Release: 22.04
Codename: jammy
# 如果之前安装过请执行此命令卸载docker
root@hcss-ecs-5c9b:~# apt-get remove docker docker-engine docker.io
更新软件包列表并安装 Docker 的依赖项
#更新软件包列表
root@hcss-ecs-5c9b:~# apt-get update
# 安装 Docker 软件包依赖项
root@hcss-ecs-5c9b:~# apt-get install apt-transport-https ca-certificates curl gnupg2 software-properties-common
信任 Docker 的 GPG 公钥
# 信任Docker的GPG公钥:
root@hcss-ecs-5c9b:~# curl -fsSL https://repo.huaweicloud.com/docker-ce/linux/ubuntu/gpg | sudo apt-key add -
添加 Docker 的稳定版存储库
# 对于amd64架构的计算机,添加软件仓库:
root@hcss-ecs-5c9b:~# add-apt-repository "deb [arch=amd64] https://repo.huaweicloud.com/docker-ce/linux/ubuntu $(lsb_release -cs) stable"
更新软件包列表,并安装 Docker
# 更新索引文件并安装
root@hcss-ecs-5c9b:~# apt-get update
# 安装 docker
root@hcss-ecs-5c9b:~# apt-get install docker-ce docker-ce-cli containerd.io
验证 Docker 安装是否成功
# 查看 docker 版本
root@hcss-ecs-5c9b:~# docker -v
Docker version 24.0.5, build 24.0.5-0ubuntu1~22.04.1
启动并查看 Docker 服务
# 启动并查看 docker 服务
root@hcss-ecs-5c9b:~# systemctl start docker.service
root@hcss-ecs-5c9b:~# systemctl status docker.service
● docker.service - Docker Application Container Engine
Loaded: loaded (/lib/systemd/system/docker.service; en>
Active: active (running) since Wed 2023-09-20 13:43:42>
TriggeredBy: ● docker.socket
Docs: https://docs.docker.com
Main PID: 363725 (dockerd)
Tasks: 9
Memory: 31.3M
CPU: 266ms
CGroup: /system.slice/docker.service
└─363725 /usr/bin/dockerd -H fd:// --container>
安装Docker Compose
执行安装命令
# 安装docker-compose
root@hcss-ecs-5c9b:~# apt install docker-compose
验证 Docker Compose 是否成功安装
# 查看版本
root@hcss-ecs-5c9b:~# docker-compose -v
docker-compose version 1.29.2, build unknown
配置镜像加速器
下载默认在dockerhub上拉取镜像,可配置镜像加速器解决拉取过慢问题
# 以root用户登录容器引擎所在的虚拟机
# 修改“/etc/docker/daemon.json”文件(如果没有,可以手动创建),在该文件内添加如下内容
root@hcss-ecs-5c9b:~# vi /etc/docker/daemon.json
{
"registry-mirrors": [ "https://2a6bf1988cb6428c877f723ec7530dbc.mirror.swr.myhuaweicloud.com" ]
}
# 按“Esc”,输入:wq保存并退出。
# 重启容器引擎
root@hcss-ecs-5c9b:~# ystemctl restart docker
# 配置结果
root@hcss-ecs-5c9b:~# docker info
执行docker info,当Registry Mirrors字段的地址为加速器的地址时,说明加速器已经配置成功。
Habor安装
传包并解压
root@hcss-ecs-5c9b:~# ls
harbor-offline-installer-v2.7.0.tgz install.sh stackhub
HSSInstall snap
root@hcss-ecs-5c9b:~# tar -zxvf harbor-offline-installer-v2.7.0.tgz
harbor/harbor.v2.7.0.tar.gz
harbor/prepare
harbor/LICENSE
harbor/install.sh
harbor/common.sh
harbor/harbor.yml.tmpl
配置Harbor
修改 harbor.yml
root@hcss-ecs-5c9b:~# ls
harbor HSSInstall snap
harbor-offline-installer-v2.7.0.tgz install.sh stackhub
root@hcss-ecs-5c9b:~# cd harbor/
root@hcss-ecs-5c9b:~/harbor# ls
common.sh harbor.yml.tmpl LICENSE
harbor.v2.7.0.tar.gz install.sh prepare
root@hcss-ecs-5c9b:~/harbor# cp harbor.yml.tmpl harbor.yml
root@hcss-ecs-5c9b:~/harbor# vim harbor.yml
# Configuration file of Harbor
# The IP address or hostname to access admin UI and registry service.
# DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
# 修改主机名为本机IP地址
hostname: 124.71.212.8
# 修改端口号为8888,可自定义
# http related config
http:
# port for http, default is 80. If https enabled, this port will redirect to https port
port: 5000
# 注释 https
# https related config
#https:
# https port for harbor, default is 443
# port: 443
# The path of cert and key files for nginx
#certificate: /your/certificate/path
#private_key: /your/private/key/path
# # Uncomment following will enable tls communication between all harbor components
# internal_tls:
# # set enabled to true means internal tls is enabled
# enabled: true
# # put your cert and key files on dir
# dir: /etc/harbor/tls/internal
# Uncomment external_url if you want to enable external proxy
# And when it enabled the hostname will no longer used
# external_url: https://reg.mydomain.com:8433
# The initial password of Harbor admin
# It only works in first time to install harbor
# Remember Change the admin password from UI after launching Harbor.
# 修改管理员密码
harbor_admin_password: root
修改 docker.service
root@hcss-ecs-5c9b:~/harbor# vim /lib/systemd/system/docker.service
#在 ExecStart 参数后面添加 --insecure-registry=124.71.212.8:5000
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --insecure-registry=124.71.212.8:8888
# 重启服务
root@hcss-ecs-5c9b:~/harbor# systemctl daemon-reload
root@hcss-ecs-5c9b:~/harbor# systemctl restart docker.service
运行 prepare 脚本准备镜像
root@hcss-ecs-5c9b:~/harbor# ls
common.sh harbor.yml install.sh prepare
harbor.v2.7.0.tar.gz harbor.yml.tmpl LICENSE
root@hcss-ecs-5c9b:~/harbor# ./prepare
prepare base dir is set to /root/harbor
Unable to find image 'goharbor/prepare:v2.7.0' locally
v2.7.0: Pulling from goharbor/prepare
1871d44f4cdb: Pull complete
9e5f23534b75: Pull complete
b234075cadb4: Pull complete
2ee6e5a578c1: Pull complete
0b0e76074063: Pull complete
c4c9b2e450d6: Pull complete
c70804059354: Pull complete
721611d803a1: Pull complete
d53c5290e042: Pull complete
0d8cc28f3d0c: Pull complete
Digest: sha256:47df4e214c8fd9ea0352a903dba884a480fa18f39ef426f7b890cf822f848139
Status: Downloaded newer image for goharbor/prepare:v2.7.0
WARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. Please make sure to upgrade to https
Generated configuration file: /config/portal/nginx.conf
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/registryctl/config.yml
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
Generated and saved secret to file: /data/secret/keys/secretkey
Successfully called func: create_root_cert
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir
检查脚本命令
root@hcss-ecs-5c9b:~/harbor# docker compose
docker: 'compose' is not a docker command.
See 'docker --help'
root@hcss-ecs-5c9b:~/harbor# docker-compose
Define and run multi-container applications with Docker.
Usage:
docker-compose [-f <arg>...] [--profile <name>...] [options] [--] [COMMAND] [ARGS...]
docker-compose -h|--help
# 检查 common.sh
root@hcss-ecs-5c9b:~/harbor# vim common.sh
119 elif [[ $(docker-compose --version) =~ (([0-9]+)\.([ 0-9]+)([\.0-9]*)) ]]
# 检查 install.sh
root@hcss-ecs-5c9b:~/harbor# vim install.sh
26 DOCKER_COMPOSE=docker-compose
安装Horbor
root@hcss-ecs-5c9b:~/harbor# ./install.sh
# 完整日志流记录
[Step 0]: checking if docker is installed ...
Note: docker version: 24.0.5
[Step 1]: checking docker-compose is installed ...
Note: docker-compose version: 1.29.2
[Step 2]: loading Harbor images ...
Loaded image: goharbor/prepare:v2.7.0
716575e41c45: Loading layer 145.8MB/145.8MB
af0525d96b0b: Loading layer 16.72MB/16.72MB
939977d7cbf6: Loading layer 5.12kB/5.12kB
005530be0f99: Loading layer 6.144kB/6.144kB
9764bccefdd0: Loading layer 3.072kB/3.072kB
38fe09b6e0e7: Loading layer 2.048kB/2.048kB
9d659849215a: Loading layer 2.56kB/2.56kB
bee3f2947ec7: Loading layer 2.56kB/2.56kB
e4e05d8658d3: Loading layer 2.56kB/2.56kB
e7991cc39265: Loading layer 9.728kB/9.728kB
Loaded image: goharbor/harbor-db:v2.7.0
d79110caaa26: Loading layer 8.902MB/8.902MB
b8cddfca4e88: Loading layer 3.584kB/3.584kB
071b47da1d9b: Loading layer 2.56kB/2.56kB
d22932d9f6c7: Loading layer 84.83MB/84.83MB
b2f2e9cbceac: Loading layer 5.632kB/5.632kB
53cce0f5bd54: Loading layer 108kB/108kB
40a6c61dcc44: Loading layer 44.03kB/44.03kB
6d7dba633513: Loading layer 85.77MB/85.77MB
44309ebcfcf7: Loading layer 2.56kB/2.56kB
Loaded image: goharbor/harbor-core:v2.7.0
cebcabcec86e: Loading layer 127MB/127MB
f3a76df94b70: Loading layer 3.584kB/3.584kB
ac9852cda3ce: Loading layer 3.072kB/3.072kB
a5bab3cf8af7: Loading layer 2.56kB/2.56kB
d52202b6a929: Loading layer 3.072kB/3.072kB
bd8a7ca8438d: Loading layer 3.584kB/3.584kB
a6a054173348: Loading layer 20.99kB/20.99kB
Loaded image: goharbor/harbor-log:v2.7.0
1a3b490c3dc4: Loading layer 8.902MB/8.902MB
7cbd50b78394: Loading layer 25.65MB/25.65MB
7119ae84be31: Loading layer 4.608kB/4.608kB
c9c5875f25c8: Loading layer 26.44MB/26.44MB
Loaded image: goharbor/harbor-exporter:v2.7.0
c8c89cfdc06a: Loading layer 119.1MB/119.1MB
Loaded image: goharbor/nginx-photon:v2.7.0
59736e375413: Loading layer 5.759MB/5.759MB
6cc787909b61: Loading layer 91.75MB/91.75MB
a56e97e08300: Loading layer 3.072kB/3.072kB
57925eac82a6: Loading layer 4.096kB/4.096kB
6e36a605c736: Loading layer 92.54MB/92.54MB
Loaded image: goharbor/chartmuseum-photon:v2.7.0
175f4dc2d45f: Loading layer 119.1MB/119.1MB
4e26408b204b: Loading layer 6.143MB/6.143MB
f2e93a87e40b: Loading layer 1.249MB/1.249MB
e5cceb0b0435: Loading layer 1.194MB/1.194MB
Loaded image: goharbor/harbor-portal:v2.7.0
b887c32c40a7: Loading layer 8.902MB/8.902MB
938a7e3c75f5: Loading layer 3.584kB/3.584kB
5a5a28182655: Loading layer 2.56kB/2.56kB
ebab1e49abda: Loading layer 103.3MB/103.3MB
4ce14e0439d9: Loading layer 104MB/104MB
Loaded image: goharbor/harbor-jobservice:v2.7.0
fbaa7a10893c: Loading layer 5.759MB/5.759MB
c688ac7b41fa: Loading layer 4.096kB/4.096kB
d7c1e408fc7d: Loading layer 17.41MB/17.41MB
55958792b639: Loading layer 3.072kB/3.072kB
a914e1c2d3e7: Loading layer 30.69MB/30.69MB
b91233145a72: Loading layer 48.89MB/48.89MB
Loaded image: goharbor/harbor-registryctl:v2.7.0
4bfd949c2891: Loading layer 5.759MB/5.759MB
7fd746eb54cc: Loading layer 4.096kB/4.096kB
026a4a79ef61: Loading layer 3.072kB/3.072kB
4e8dca75f609: Loading layer 17.41MB/17.41MB
7e017925a772: Loading layer 18.2MB/18.2MB
Loaded image: goharbor/registry-photon:v2.7.0
bd6904b66a79: Loading layer 5.754MB/5.754MB
4bea14657109: Loading layer 8.987MB/8.987MB
629d40c48f45: Loading layer 15.88MB/15.88MB
48d73b35455c: Loading layer 29.29MB/29.29MB
fe12338e806d: Loading layer 22.02kB/22.02kB
dcbe4fc18411: Loading layer 15.88MB/15.88MB
Loaded image: goharbor/notary-server-photon:v2.7.0
cc039d70dda6: Loading layer 119.9MB/119.9MB
c128fc8dd5aa: Loading layer 3.072kB/3.072kB
e030017184f0: Loading layer 59.9kB/59.9kB
f7a67f51f6d5: Loading layer 61.95kB/61.95kB
Loaded image: goharbor/redis-photon:v2.7.0
c4c80dff091a: Loading layer 5.754MB/5.754MB
26f51848acfb: Loading layer 8.987MB/8.987MB
fb0e59f893b6: Loading layer 14.47MB/14.47MB
e17fcd490db6: Loading layer 29.29MB/29.29MB
f0f3d13b4bdf: Loading layer 22.02kB/22.02kB
73965e1762cb: Loading layer 14.47MB/14.47MB
Loaded image: goharbor/notary-signer-photon:v2.7.0
2d831b255ec9: Loading layer 6.287MB/6.287MB
603534b77185: Loading layer 4.096kB/4.096kB
edbbda0ede29: Loading layer 3.072kB/3.072kB
11ccb87ea0a3: Loading layer 180.6MB/180.6MB
13afce1af948: Loading layer 13.22MB/13.22MB
b05259901192: Loading layer 194.6MB/194.6MB
Loaded image: goharbor/trivy-adapter-photon:v2.7.0
[Step 3]: preparing environment ...
[Step 4]: preparing harbor configs ...
prepare base dir is set to /root/harbor
WARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. Please make sure to upgrade to https
Clearing the configuration file: /config/nginx/nginx.conf
Clearing the configuration file: /config/jobservice/env
Clearing the configuration file: /config/jobservice/config.yml
Clearing the configuration file: /config/registry/passwd
Clearing the configuration file: /config/registry/config.yml
Clearing the configuration file: /config/log/logrotate.conf
Clearing the configuration file: /config/log/rsyslog_docker.conf
Clearing the configuration file: /config/core/app.conf
Clearing the configuration file: /config/core/env
Clearing the configuration file: /config/db/env
Clearing the configuration file: /config/registryctl/env
Clearing the configuration file: /config/registryctl/config.yml
Clearing the configuration file: /config/portal/nginx.conf
Generated configuration file: /config/portal/nginx.conf
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/registryctl/config.yml
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
loaded secret from file: /data/secret/keys/secretkey
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir
Note: stopping existing Harbor instance ...
Removing network harbor_harbor
WARNING: Network harbor_harbor not found.
[Step 5]: starting Harbor ...
Creating network "harbor_harbor" with the default driver
Creating harbor-log ... done
Creating harbor-portal ... done
Creating redis ... done
Creating registryctl ... done
Creating registry ... done
Creating harbor-db ... done
Creating harbor-core ... done
Creating harbor-jobservice ... done
Creating nginx ... done
✔ ----Harbor has been installed and started successfully.----
登录Harbor
在控制台配置安全组规则,默认放行
5000端口
默认管理员账号
admin,密码为harbor.yml文件中的自定义密码登录访问 :
宿主机ip:5000
测试
创建项目
访问级别设置为
公开,可以进行匿名拉取,存储容量默认-1表示大小没有限制
推送镜像
进入项目后,在右上角
推送命令中可查看操作语句,注意推送镜像之前需要身份认证
# 标记镜像
root@hcss-ecs-5c9b:~/harbor# docker images | grep mysql
mysql latest 8da80fe49fcf 9 days ago 577MB
root@hcss-ecs-5c9b:~/harbor# docker tag mysql:latest 124.71.212.8:5000/test/mysql:latest
root@hcss-ecs-5c9b:~/harbor# docker images | grep mysql
124.71.212.8:5000/test/mysql latest 8da80fe49fcf 9 days ago 577MB
mysql latest 8da80fe49fcf 9 days ago 577MB
# 登录镜像仓库(身份认证)
root@hcss-ecs-5c9b:~/harbor# docker login 124.71.212.8:5000
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
# 推送镜像
root@hcss-ecs-5c9b:~/harbor# docker push 124.71.212.8:5000/test/
mysql:latest
The push refers to repository [124.71.212.8:5000/test/mysql]
070004d6f2b9: Pushed
4a8bc1dfb84c: Pushed
ea5c2f5028eb: Pushed
8a1ed57d6b0b: Pushed
db54cc7f7801: Pushed
a5edafed24d3: Pushed
5a3901a789d1: Pushed
288a6a601202: Pushed
39b5c3aa669c: Pushed
b69087572af7: Pushed
latest: digest: sha256:ecf2a95e14266b1d3fb72968b84ba2f32f1a0e9288d4ed2dc72f2012d3bb8587 size: 2411
拉取镜像
# 删除mysql镜像
root@hcss-ecs-5c9b:~/harbor# docker rmi $(docker images |grep mysql |awk '{print $1}')
Untagged: mysql:latest
Untagged: mysql@sha256:85ab57eb4a48ada2a341dcf7d96733ce2f370fffb8e8e216991b106e50fa6434
Untagged: 124.71.212.8:5000/test/mysql:latest
Untagged: 124.71.212.8:5000/test/mysql@sha256:ecf2a95e14266b1d3fb72968b84ba2f32f1a0e9288d4ed2dc72f2012d3bb8587
Deleted: sha256:8da80fe49fcfad1ac311a2e34c42730c943706c2008083f5e4feeb6d77cdbc1f
Deleted: sha256:1dee80423727000ed4aab830ff58c69c33f28026588d79be8fcf20476d5b588a
Deleted: sha256:89108480e1357e089c858de8226520a603ec3ed9902c0aecbc0b60fd0b120f17
Deleted: sha256:bcbe5b3c714fe855e5c201297aa78834e4e6c90f325dd521544eee88adc07fb6
Deleted: sha256:08c58bd0ff85ec37381585fde80f12e0e53531925ab1f04c8065fcd85e7b83a2
Deleted: sha256:eab11e45b99d4cfc2f4279c9d1d1b5ccd28195f744e281ec8303049fe0e5ee19
Deleted: sha256:90140e11eaa56000514f32841d4b0eb9495e6bdb2e9ddac6060c872da49b7476
Deleted: sha256:2532b8812e20521428449263a74092c4317e4651278ee7b70536a0afe1270fe1
Deleted: sha256:9a1bca0e16e16d75dc59ea61f9b3854621622dc2b8319bbfbe5a8c0b139a8618
Deleted: sha256:6403d78b2f772e1c0205e736bf2cbfbaf7676d0403ec4b3a63de0e88f68b1eaf
Deleted: sha256:b69087572af7a6dbd742a1e2807c34237c995257c631aece53a8f9d99e036daa
# 拉取mysql镜像
root@hcss-ecs-5c9b:~/harbor# docker pull 124.71.212.8:5000/test/mysql:latest
latest: Pulling from test/mysql
bc377bce3181: Pull complete
80bab949ab51: Pull complete
73682200afb7: Pull complete
d1c32d486523: Pull complete
54341582c90c: Pull complete
7490cd8f4d9b: Pull complete
de967683cb3b: Pull complete
39564f901a1e: Pull complete
c95e6efa291a: Pull complete
8366d05afd7c: Pull complete
Digest: sha256:ecf2a95e14266b1d3fb72968b84ba2f32f1a0e9288d4ed2dc72f2012d3bb8587
Status: Downloaded newer image for 124.71.212.8:5000/test/mysql:latest
124.71.212.8:5000/test/mysql:latest
root@hcss-ecs-5c9b:~/harbor# docker images |grep mysql
124.71.212.8:5000/test/mysql latest 8da80fe49fcf 9 days ago 577MB
·END