简介:
Harbor是一个用于存储和分发Docker镜像的企业级Registry服务器,通过添加一些企业必需的功能特性,例如安全、标识和管理等,扩展了开源Docker Distribution。作为一个企业级私有Registry服务器,Harbor提供了更好的性能和安全。提升用户使用Registry构建和运行环境传输镜像的效率。Harbor支持安装在多个Registry节点的镜像资源复制,镜像全部保存在私有Registry中, 确保数据和知识产权在公司内部网络中管控。另外,Harbor也提供了高级的安全特性,诸如用户管理,访问控制和活动审计等
官网地址:http://vmware.github.io/harbor/index_cn.html
官方github地址:https://github.com/vmware/harbor
Harbor的官方功能介绍:
基于角色的访问控制 - 用户与Docker镜像仓库通过“项目”进行组织管理,一个用户可以对多个镜像仓库在同一命名空间(project)里有不同的权限。
镜像复制 - 镜像可以在多个Registry实例中复制(同步)。尤其适合于负载均衡,高可用,混合云和多云的场景。
图形化用户界面 - 用户可以通过浏览器来浏览,检索当前Docker镜像仓库,管理项目和命名空间。
AD/LDAP 支持 - Harbor可以集成企业内部已有的AD/LDAP,用于鉴权认证管理。
审计管理 - 所有针对镜像仓库的操作都可以被记录追溯,用于审计管理。
国际化 - 已拥有英文、中文、德文、日文和俄文的本地化版本。更多的语言将会添加进来。
RESTful API - RESTful API 提供给管理员对于Harbor更多的操控, 使得与其它管理软件集成变得更容易。
部署简单 - 提供在线和离线两种安装工具, 也可以安装到vSphere平台(OVA方式)虚拟设备。
部署Harbor1.75分布式集群
环境准备
系统:centos7.6
关闭防火墙:systemctl stop firewalld
关闭selinux:setenforce 0
node1 IP:192.168.8.156
node2 IP:192.168.8.134
安装docker
服务器1
[[email protected] ~]#yum install docker -y
[[email protected] ~]#vim /lib/systemd/system/docker.service
#在此行末尾添加本机IP地址
14:ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --insecure-registry 192.168.8.156
[[email protected] ~]#systemctl start docker
[[email protected] ~]#systemctl enable docker
服务器2
[[email protected] ~]#yum install docker -y
[[email protected] ~]#vim /lib/systemd/system/docker.service
14:ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --insecure-registry 192.168.8.134
[[email protected] ~]#systemctl start docker
[[email protected] ~]#systemctl enable docker
下载Harbor离线安装包
官方安装文档:https://github.com/vmware/harbor/blob/master/docs/installation_guide.md
服务器1
[[email protected] ~]#cd /usr/local/src/
[[email protected] harbor]#wget https://storage.googleapis.com/harbor-releases/release-1.7.0/harbor-offline-installer-v1.7.5.tgz
服务器2
[[email protected] ~]#cd /usr/local/src/
[[email protected] harbor]#wget https://storage.googleapis.com/harbor-releases/release-1.7.0/harbor-offline-installer-v1.7.5.tgz
配置 Harbor
服务器1
[[email protected] ~]#cd /usr/local/harbor/
[[email protected] harbor]#tar xvf harbor-offline-installer-v1.7.5.tgz
[[email protected] harbor]#vim harbor.cfg
[[email protected] harbor]# grep "^[a-Z]" harbor.cfg
#本机IP地址
hostname = 192.168.8.156
#通讯传输协议
ui_url_protocol = http
max_job_workers = 10
customize_crt = on
ssl_cert = /data/cert/server.crt
ssl_cert_key = /data/cert/server.key
secretkey_path = /data
admiral_url = NA
log_rotate_count = 50
#日志滚动大小
log_rotate_size = 200M
http_proxy =
https_proxy =
no_proxy = 127.0.0.1,localhost,core,registry
#设置通知邮箱地址,也可在web界面设置
email_identity =
email_server = smtp.mydomain.com
email_server_port = 25
email_username = [email protected]
email_password = abc
email_from = admin <[email protected]>
email_ssl = false
email_insecure = false
#设置登录密码
harbor_admin_password = 123456
auth_mode = db_auth
ldap_url = ldaps://ldap.mydomain.com
ldap_basedn = ou=people,dc=mydomain,dc=com
ldap_uid = uid
ldap_scope = 2
ldap_timeout = 5
ldap_verify_cert = true
ldap_group_basedn = ou=group,dc=mydomain,dc=com
ldap_group_filter = objectclass=group
ldap_group_gid = cn
ldap_group_scope = 2
self_registration = on
token_expiration = 30
project_creation_restriction = everyone
db_host = postgresql
db_password = root123
db_port = 5432
db_user = postgres
redis_host = redis
redis_port = 6379
redis_password =
redis_db_index = 1,2,3
clair_db_host = postgresql
clair_db_password = root123
clair_db_port = 5432
clair_db_username = postgres
clair_db = postgres
clair_updaters_interval = 12
uaa_endpoint = uaa.mydomain.org
uaa_clientid = id
uaa_clientsecret = secret
uaa_verify_cert = true
uaa_ca_cert = /path/to/ca.pem
registry_storage_provider_name = filesystem
registry_storage_provider_config =
registry_custom_ca_bundle =
[[email protected] harbor]#./install.sh
#启动后会下载很多镜像,需要等待一些时间
[Step 0]: checking installation environment ...
Note: docker version: 18.09.7
Note: docker-compose version: 1.18.0
[Step 1]: loading Harbor images ...
f60840e24dbf: Loading layer [==================================================>] 33.23MB/33.23MB
ea7b46fcd541: Loading layer [==================================================>] 8.959MB/8.959MB
79b1bab71f92: Loading layer [==================================================>] 15.6MB/15.6MB
e44aff944dd8: Loading layer [==================================================>] 18.94kB/18.94kB
7f6318c65689: Loading layer [==================================================>] 15.6MB/15.6MB
Loaded image: goharbor/harbor-adminserver:v1.7.5
[Step 0]: checking installation environment ...
服务器2配置
[[email protected] ~]#cd /usr/local/harbor/
[[email protected] harbor]#tar xvf harbor-offline-installer-v1.7.5.tgz
[[email protected] harbor]#vim harbor.cfg
[[email protected] harbor]# grep "^[a-Z]" harbor.cfg
hostname = 192.168.8.134
ui_url_protocol = http
max_job_workers = 10
customize_crt = on
ssl_cert = /data/cert/server.crt
ssl_cert_key = /data/cert/server.key
secretkey_path = /data
admiral_url = NA
log_rotate_count = 50
log_rotate_size = 200M
http_proxy =
https_proxy =
no_proxy = 127.0.0.1,localhost,core,registry
email_identity =
email_server = smtp.mydomain.com
email_server_port = 25
email_username = [email protected]
email_password = abc
email_from = admin <[email protected]>
email_ssl = false
email_insecure = false
harbor_admin_password = 123456
auth_mode = db_auth
ldap_url = ldaps://ldap.mydomain.com
ldap_basedn = ou=people,dc=mydomain,dc=com
ldap_uid = uid
ldap_scope = 2
ldap_timeout = 5
ldap_verify_cert = true
ldap_group_basedn = ou=group,dc=mydomain,dc=com
ldap_group_filter = objectclass=group
ldap_group_gid = cn
ldap_group_scope = 2
self_registration = on
token_expiration = 30
project_creation_restriction = everyone
db_host = postgresql
db_password = root123
db_port = 5432
db_user = postgres
redis_host = redis
redis_port = 6379
redis_password =
redis_db_index = 1,2,3
clair_db_host = postgresql
clair_db_password = root123
clair_db_port = 5432
clair_db_username = postgres
clair_db = postgres
clair_updaters_interval = 12
uaa_endpoint = uaa.mydomain.org
uaa_clientid = id
uaa_clientsecret = secret
uaa_verify_cert = true
uaa_ca_cert = /path/to/ca.pem
registry_storage_provider_name = filesystem
registry_storage_provider_config =
registry_custom_ca_bundle =
[[email protected] harbor]#./install.sh
注:
如果出现以下提示
[[email protected] harbor]#./install.sh
Note: docker version: 18.09.7
? Need to install docker-compose(1.7.1+) by yourself first and run this script again.
则需要安装执行
[[email protected] ~]#yum -y install docker-compose
登录web界面进行配置
账号是admin,密码是在配置文件中设置的密码
新建项目
此处可写公开或者私有,后期也可以更改
创建复制目标
填写要复制主机的IP,并且不启动远程验证证书
创建完成
在node1节点上传镜像并验证
登录harbor账号
[[email protected] ~]#docker login 192.168.8.156
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
上传镜像测试
[[email protected] ~]#docker tag test/nginx:v1 192.168.8.156/myimage/nginx:v1
[[email protected] ~]#docker push 192.168.8.156/myimage/nginx:v1
Harbor常见操作
下载harbor镜像
[[email protected] ~]#docker login 192.168.8.156
[[email protected] ~]#docker pull 192.168.8.156/myimage/nginx:v1
停止和关闭harbor
[[email protected] ~]#cd /usr/local/src/harbor/
[[email protected] harbor]#docker-compose stop
[[email protected] harbor]#docker-compose start
注:必须进入到此目录下执行,否则会出错
[[email protected] ~]#docker-compose start
ERROR:
Can‘t find a suitable configuration file in this directory or any
parent. Are you in the right directory?
Supported filenames: docker-compose.yml, docker-compose.yaml
原文地址:https://blog.51cto.com/14163901/2417594