介绍
Harbor是一个用于存储和分发Docker镜像的企业级Registry服务器,通过添加一些企业必需的功能特性,例如安全、标识和管理等,扩展了开源Docker Distribution。作为一个企业级私有Registry服务器,Harbor提供了更好的性能和安全。提升用户使用Registry构建和运行环境传输镜像的效率。Harbor支持安装在多个Registry节点的镜像资源复制,镜像全部保存在私有Registry中, 确保数据和知识产权在公司内部网络中管控。另外,Harbor也提供了高级的安全特性,诸如用户管理,访问控制和活动审计等。
下载
- offline
http://harbor.orientsoft.cn/
https://github.com/goharbor/harbor/releases
- source code
https://github.com/goharbor/harbor/releases
offline安装
| OS | CentOS7 |
| docker | 18.06.1-ce |
| harbor | v1.5.3 |
下载:https://storage.googleapis.com/harbor-releases/harbor-offline-installer-v1.5.3.tgz
解压
# cd /opt
# tar zxvf harbor-offline-installer-v1.5.3.tgz
# mkdir -p /opt/harbor/cert
安装docker
# yum install docker-ce docker-compose
证书配置
# cd /opt/harbor/cert
# openssl req -nodes -subj "/C=CN/ST=ShangHai/L=HaiShange/CN=192.168.247.173" -newkey rsa:2048 -keyout 192.168.247.173.key -out 192.168.247.173.csr
# openssl x509 -req -days 3650 -in 192.168.247.173.csr -signkey 192.168.247.173.key -out 192.168.247.173.crt
# ls
192.168.247.173.crt 192.168.247.173.csr 192.168.247.173.key
配置harbor.cfg并install
# cd /opt/harbor
# vi harbor.cfg
...
hostname = 192.168.247.173
ui_url_protocol = https
ssl_cert = /opt/harbor/cert/192.168.247.173.crt
ssl_cert_key = /opt/harbor/cert/192.168.247.173.key
...
# ./install.sh
查看docker信息
# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b64a665eeb51 goharbor/harbor-jobservice:v1.6.1 "/harbor/start.sh" 2 minutes ago Up About a minute harbor-jobservice
0824e9901f71 goharbor/nginx-photon:v1.6.1 "nginx -g 'daemon of…" 2 minutes ago Up 2 minutes (healthy) 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp nginx
aec6291452b4 goharbor/harbor-ui:v1.6.1 "/harbor/start.sh" 2 minutes ago Up 2 minutes (healthy) harbor-ui
8c9c50b1212f goharbor/redis-photon:v1.6.1 "docker-entrypoint.s…" 3 minutes ago Up 2 minutes 6379/tcp redis
ecdd10b5cf69 goharbor/registry-photon:v2.6.2-v1.6.1 "/entrypoint.sh /etc…" 3 minutes ago Up 2 minutes (healthy) 5000/tcp registry
003b84eb950b goharbor/harbor-db:v1.6.1 "/entrypoint.sh post…" 3 minutes ago Up 2 minutes (healthy) 5432/tcp harbor-db
d05bb9a995b3 goharbor/harbor-adminserver:v1.6.1 "/harbor/start.sh" 3 minutes ago Up 2 minutes (healthy) harbor-adminserver
23ef875b0285 goharbor/harbor-log:v1.6.1 "/bin/sh -c /usr/loc…" 3 minutes ago Up 3 minutes (healthy) 127.0.0.1:1514->10514/tcp harbor-log
浏览器访问
https://192.168.247.173
默认用户/密码:admin/Harbor12345
使用仓库
修改docker的启动参数,添加”–insecure-registry=192.168.247.173”, insecure registry不安全仓库的主机
# vi /usr/lib/systemd/system/docker.service
...
ExecStart=/usr/bin/dockerd ... --insecure-registry=192.168.247.173
...
# systemctl daemon-reload && systemctl restart docker
docker login成功即可
# docker login -u admin -p Harbor12345 192.168.247.173
推送镜像
-
查看docker images信息
# docker images REPOSITORY TAG IMAGE ID CREATED SIZE centos6 latest 26e906403c04 4 weeks ago 553MB -
在项目中标记镜像
docker tag SOURCE_IMAGE[:TAG] 192.168.247.173/test/IMAGE[:TAG]
docker tag {镜像名}:{tag} {Harbor地址}:{端口}/{Harbor项目名}/{自定义镜像名}:{自定义tag}
e.g.
# docker tag centos6:latest 192.168.247.173/test/centos6:v1.0 -
推送镜像到指定项目
docker push 192.168.247.173/test/IMAGE[:TAG]
docker push {Harbor地址}:{端口}/{自定义镜像名}:{自定义tag}
e.g.
# docker push 192.168.247.173/test/centos6:v1.0 -
pull到本地
# docker pull 192.168.247.173/test/centos6:v1.0 # docker images REPOSITORY TAG IMAGE ID CREATED SIZE centos6 latest 26e906403c04 4 weeks ago 553MB 192.168.247.173/test/centos6 v1.0 26e906403c04 4 weeks ago 553MB
异常处理
- 重启服务器后。发现相关容器没有正常启动
# docker ps # 只有俩个进程
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ae3b26d74bd0 vmware/redis-photon:v1.5.3 "docker-entrypoint.s…" 40 minutes ago Up Less than a second 6379/tcp redis
f312d4b8b8de vmware/harbor-log:v1.5.3 "/bin/sh -c /usr/loc…" 40 minutes ago Up Less than a second (health: starting) 127.0.0.1:1514->10514/tcp harbor-log
# cd /opt/harbor
# docker-compose ps
Name Command State Ports
----------------------------------------------------------------------------------------------
harbor-adminserver /harbor/start.sh Exit 137
harbor-db /usr/local/bin/docker-entr ... Exit 128
harbor-jobservice /harbor/start.sh Exit 137
harbor-log /bin/sh -c /usr/local/bin/ ... Up (healthy) 127.0.0.1:1514->10514/tcp
harbor-ui /harbor/start.sh Exit 137
nginx nginx -g daemon off; Exit 255
redis docker-entrypoint.sh redis ... Up 6379/tcp
registry /entrypoint.sh serve /etc/ ... Exit 137
# docker-compose up -d
Starting harbor-log ... done
Starting redis ... done
Starting registry ... done
Starting harbor-db ... done
Starting harbor-adminserver ... done
Starting harbor-ui ... done
Starting nginx ... done
Starting harbor-jobservice ... done
# docker-compose ps
Name Command State Ports
--------------------------------------------------------------------------------------------------------------------------------
harbor-adminserver /harbor/start.sh Up (health: starting)
harbor-db /usr/local/bin/docker-entr ... Up (health: starting) 3306/tcp
harbor-jobservice /harbor/start.sh Up
harbor-log /bin/sh -c /usr/local/bin/ ... Up (health: starting) 127.0.0.1:1514->10514/tcp
harbor-ui /harbor/start.sh Up (health: starting)
nginx nginx -g daemon off; Up (health: starting) 0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp, 0.0.0.0:80->80/tcp
redis docker-entrypoint.sh redis ... Up 6379/tcp
registry /entrypoint.sh serve /etc/ ... Up (health: starting) 5000/tcp
# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
27720ff43dba vmware/harbor-jobservice:v1.5.3 "/harbor/start.sh" 42 minutes ago Up 19 seconds harbor-jobservice
546ab1e5a922 vmware/nginx-photon:v1.5.3 "nginx -g 'daemon of…" 42 minutes ago Up 19 seconds (health: starting) 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp nginx
259b7c8acd02 vmware/harbor-ui:v1.5.3 "/harbor/start.sh" 42 minutes ago Up 21 seconds (health: starting) harbor-ui
b1486869f59d vmware/harbor-db:v1.5.3 "/usr/local/bin/dock…" 42 minutes ago Up 23 seconds (health: starting) 3306/tcp harbor-db
cc3310c2cdb4 vmware/registry-photon:v2.6.2-v1.5.3 "/entrypoint.sh serv…" 42 minutes ago Up 22 seconds (health: starting) 5000/tcp registry
e25966a6d18d vmware/harbor-adminserver:v1.5.3 "/harbor/start.sh" 42 minutes ago Up 22 seconds (health: starting) harbor-adminserver
ae3b26d74bd0 vmware/redis-photon:v1.5.3 "docker-entrypoint.s…" 42 minutes ago Up 22 seconds 6379/tcp redis
f312d4b8b8de vmware/harbor-log:v1.5.3 "/bin/sh -c /usr/loc…" 42 minutes ago Up 25 seconds (health: starting) 127.0.0.1:1514->10514/tcp harbor-log
docker-compose命令说明:
- docker-compose down #停止容器并删除容器
- docker-compose start #启动容器,容器不存在就无法启动,不会自动创建镜像
- docker-compose stop #停止容器
- docker-compose logs #查看日志(harbor日志存放地址 /var/logs/harbor)
