Harbor 自建企业仓库
Harbor 自建企业仓库
老七Linux
发布于 2018-08-03 01:31:39
发布于 2018-08-03 01:31:39
代码可运行
运行总次数:0
代码可运行
一、简介
简介: Harbor 是 Vmwar 公司开源的 企业级的 Docker Registry 管理项目 它主要 提供 Dcoker Registry 管理UI,可基于角色访问控制, AD/LDAP 集成,日志审核等功能,完全的支持中文。 Harbor 的所有组件都在 Dcoker 中部署,所以 Harbor 可使用 Docker Compose 快速部署。网上找到一个 Harbor 的架构图:
二、安装 Docker
因为系统是 CentOS 7.3 ,内核啥的都已经是 3.10,所以不用担心内核升级的问题,一些操作啥的在 7.x 上操作也很方便。
vim /etc/yum.repos.d/docker.repo //添加以下内容
[dockerrepo]
name=Docker Repository
baseurl=https://yum.dockerproject.org/repo/main/centos/7/
enabled=1
gpgcheck=1
gpgkey=https://yum.dockerproject.org/gpg
//下面安装 Docker 引擎
yum install docker-engine -y
//安装docker引擎,此步也可作为更新docker版本的操作:先#systemctl stop docker 停止docker服务,再#yum install docker-engine 更新docker版本
systemctl enable docker.service
systemctl start docker //启动docker守护进程
docker info //查看docker运行情况
docker -v //查看版本信息我的 docker 加速器:
curl -sSL https://get.daocloud.io/daotools/set_mirror.sh | sh -s http://84ca50d8.m.daocloud.io使用 service docker restart 重启 Docker 服务即可。
三、安装 Docker-compose
方法一:(速度特别慢…)
下载指定版本的docker-compose
sudo curl -L https://github.com/docker/compose/releases/download/1.17.0/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
对二进制文件赋可执行权限
chmod +x /usr/local/bin/docker-compose
测试下docker-compose是否安装成功
docker-compose --version
出现如下
docker-compose version 1.17.1, build 6d101fb方法二:要通过 Python 的 pip 安装
安装 pip
wget –no-check-certificate https://pypi.python.org/packages/source/s/setuptools/setuptools-1.4.2.tar.gz
tar -vxf setuptools-1.4.2.tar.gz
cd setuptools-1.4.2
python2.7 setup.py install //因为服务器自带 Python 2.7
easy_install-2.7 pip 四、安装 docker compose
pip install docker-compose
docker-compose --version //测试安装是否成功五、安装 Harbor
wget https://github.com/vmware/harbor/releases/download/v1.1.2/harbor-offline-installer-v1.1.2.tgz
离线安装包,也是龟速,建议把这个下载链接用迅雷下载,速度却贼快,嘿嘿,然后再传到服务器上去,整个过程快很多!
tar -zxvf harbor-offline-installer-v1.1.2.tgz解压缩之后,进入目录下会看到 harbor.cfg 文件,该文件就是 Harbor 的配置文件。
## Configuration file of Harbor
# hostname设置访问地址,可以使用ip、域名,不可以设置为127.0.0.1或localhost
hostname = 39.106.132.250 #这里我先配置我的服务器IP地址
# 访问协议,默认是http,也可以设置https,如果设置https,则nginx ssl需要设置on
ui_url_protocol = http
# mysql数据库root用户默认密码root123,实际使用时修改下
db_password = root123
#Maximum number of job workers in job service
max_job_workers = 3
#Determine whether or not to generate certificate for the registry's token.
#If the value is on, the prepare script creates new root cert and private key
#for generating token to access the registry. If the value is off the default key/cert will be used.
#This flag also controls the creation of the notary signer's cert.
customize_crt = on
#The path of cert and key files for nginx, they are applied only the protocol is set to https
ssl_cert = /data/cert/server.crt
ssl_cert_key = /data/cert/server.key
#The path of secretkey storage
secretkey_path = /data
#Admiral's url, comment this attribute, or set its value to NA when Harbor is standalone
admiral_url = NA
#NOTES: The properties between BEGIN INITIAL PROPERTIES and END INITIAL PROPERTIES
#only take effect in the first boot, the subsequent changes of these properties
#should be performed on web ui
#************************BEGIN INITIAL PROPERTIES************************
#Email account settings for sending out password resetting emails.
#Email server uses the given username and password to authenticate on TLS connections to host and act as identity.
#Identity left blank to act as username.
email_identity =
email_server = smtp.mydomain.com
email_server_port = 25
email_username = [email protected]
email_password = abc
email_from = admin <[email protected]>
email_ssl = false
##The initial password of Harbor admin, only works for the first time when Harbor starts.
#It has no effect after the first launch of Harbor.
# 启动Harbor后,管理员UI登录的密码,默认是Harbor12345
harbor_admin_password = Harbor12345
# 认证方式,这里支持多种认证方式,如LADP、本次存储、数据库认证。默认是db_auth,mysql数据库认证
auth_mode = db_auth
#The url for an ldap endpoint.
ldap_url = ldaps://ldap.mydomain.com
#A user's DN who has the permission to search the LDAP/AD server.
#If your LDAP/AD server does not support anonymous search, you should configure this DN and ldap_search_pwd.
#ldap_searchdn = uid=searchuser,ou=people,dc=mydomain,dc=com
#the password of the ldap_searchdn
#ldap_search_pwd = password
#The base DN from which to look up a user in LDAP/AD
ldap_basedn = ou=people,dc=mydomain,dc=com
#Search filter for LDAP/AD, make sure the syntax of the filter is correct.
#ldap_filter = (objectClass=person)
# The attribute used in a search to match a user, it could be uid, cn, email, sAMAccountName or other attributes de
pending on your LDAP/AD ldap_uid = uid
#the scope to search for users, 1-LDAP_SCOPE_BASE, 2-LDAP_SCOPE_ONELEVEL, 3-LDAP_SCOPE_SUBTREE
ldap_scope = 3
#Timeout (in seconds) when connecting to an LDAP Server. The default value (and most reasonable) is 5 seconds.
ldap_timeout = 5
# 是否开启自注册
self_registration = on
# Token有效时间,默认30分钟
token_expiration = 30
# 用户创建项目权限控制,默认是everyone(所有人),也可以设置为adminonly(只能管理员)
project_creation_restriction = everyone
#Determine whether the job service should verify the ssl cert when it connects to a remote registry.
#Set this flag to off when the remote registry uses a self-signed or untrusted certificate.
verify_remote_cert = on
#************************END INITIAL PROPERTIES************************启动 harbor,修改完配置文件后,在的当前目录执行./install.sh
Harbor服务就会根据当期目录下的docker-compose.yml开始下载依赖的镜像,检测并按照顺序依次启动各个服务。
修改 proxy 参数 ports 80:80(这个根据个人或企业需要)
proxy:
image: vmware/nginx:1.11.5-patched
container_name: nginx
restart: always
volumes:
- ./common/config/nginx:/etc/nginx:z
networks:
- harbor
ports:
- 80:80
- 443:443
- 4443:4443
depends_on:
- mysql
- registry
- ui
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "proxy"启动完成后,我们访问刚设置的 hostname 即可,http://39.106.132.250/,默认是80端口,如果端口占用,我们可以去修改docker-compose.yml文件中,对应服务的端口映射。
查看下载并运行的docker 服务:
[[email protected] harbor]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
eb504d4e22d6 vmware/harbor-jobservice:v1.1.2 "/harbor/harbor_jo..." About a minute ago Up About a minute harbor-jobservice
eccd3bf5803a vmware/nginx:1.11.5-patched "nginx -g 'daemon ..." About a minute ago Up About a minute 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp nginx
2fe3637b7e4a vmware/harbor-ui:v1.1.2 "/harbor/harbor_ui" About a minute ago Up About a minute harbor-ui
d3a3f1f4c09e vmware/harbor-adminserver:v1.1.2 "/harbor/harbor_ad..." About a minute ago Up About a minute harbor-adminserver
be0b9189b277 vmware/harbor-db:v1.1.2 "docker-entrypoint..." About a minute ago Up About a minute 3306/tcp harbor-db
d132caf0c2e6 vmware/registry:2.6.1-photon "/entrypoint.sh se..." About a minute ago Up About a minute 5000/tcp registry
e334c5a6115e vmware/harbor-log:v1.1.2 "/bin/sh -c 'crond..." About a minute ago Up About a minute 127.0.0.1:1514->514/tcp harbor-log查看服务启动情况:
[[email protected] harbor]# docker-compose ps
Name Command State Ports
------------------------------------------------------------------------------------------------------------------------------
harbor-adminserver /harbor/harbor_adminserver Up
harbor-db docker-entrypoint.sh mysqld Up 3306/tcp
harbor-jobservice /harbor/harbor_jobservice Up
harbor-log /bin/sh -c crond && rm -f ... Up 127.0.0.1:1514->514/tcp
harbor-ui /harbor/harbor_ui Up
nginx nginx -g daemon off; Up 0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp, 0.0.0.0:80->80/tcp
registry /entrypoint.sh serve /etc/ ... Up 5000/tcp如下登录界面:
登录 Web Harbor , 输入用户名: admin,默认密码:Harbor12345(或已修改密码)登录系统。
一旦成功,记得第一件事情,修改密码!!!
我们可以看到系统各个模块如下:
- 项目:新增/删除项目,查看镜像仓库,给项目添加成员、查看操作日志、复制项目等
- 日志:仓库各个镜像create、push、pull等操作日志
- 系统管理
- 用户管理:新增/删除用户、设置管理员等
- 复制管理:新增/删除从库目标、新建/删除/启停复制规则等
- 配置管理:认证模式、复制、邮箱设置、系统设置等
- 其他设置
- 用户设置:修改用户名、邮箱、名称信息
- 修改密码:修改用户密码
注意:非系统管理员用户登录,只能看到有权限的项目和日志,其他模块不可见。
我们要尝试下能不能把自己 Docker 里面的镜像 push 到 Harbor 的 library 里来(默认这个 library 项目是公开的,所有人都可以有读的权限,都不需要 docker login 进来,就可以拉取里面的镜像)。
注意:
为了后面留坑,我这里先 在自己的 docker.service 中添加仓库:(这是个坑,建议你先按照我说的做,不然下面可能会一直登录不上)
vim /usr/lib/systemd/system/docker.service
里面的这行修改为:(其实就是添加 --insecure-registry 39.106.132.250 )
ExecStart=/usr/bin/dockerd --insecure-registry 39.106.132.250:5000添加完了后重新启动 docker:
systemctl daemon-reload && systemctl enable docker && systemctl restart docker我重启直接registry 容器失败,再次把服务关闭下,然后再次启动下即可!!!
日志如下:
Jul 14 11:34:04 iz2ze9dgdrjj9vx3qjxcq6z dockerd[31520]: time="2018-07-14T11:34:04.789626083+08:00" level=info msg="libcontainerd: new containerd process, pid: 31529"
Jul 14 11:34:05 iz2ze9dgdrjj9vx3qjxcq6z dockerd[31520]: time="2018-07-14T11:34:05.790901990+08:00" level=warning msg="failed to rename /var/lib/docker/tmp for background deletion: %!s(<nil>). Deleting synchrono
Jul 14 11:34:05 iz2ze9dgdrjj9vx3qjxcq6z dockerd[31520]: time="2018-07-14T11:34:05.795521689+08:00" level=info msg="[graphdriver] using prior storage driver: overlay"
Jul 14 11:34:05 iz2ze9dgdrjj9vx3qjxcq6z dockerd[31520]: time="2018-07-14T11:34:05.806053716+08:00" level=info msg="Graph migration to content-addressability took 0.00 seconds"
Jul 14 11:34:05 iz2ze9dgdrjj9vx3qjxcq6z dockerd[31520]: time="2018-07-14T11:34:05.806570955+08:00" level=info msg="Loading containers: start."
Jul 14 11:34:05 iz2ze9dgdrjj9vx3qjxcq6z dockerd[31520]: time="2018-07-14T11:34:05.944137519+08:00" level=info msg="Default bridge (docker0) is assigned with an IP address 172.18.0.0/16. Daemon option --bip can
Jul 14 11:34:06 iz2ze9dgdrjj9vx3qjxcq6z dockerd[31520]: time="2018-07-14T11:34:06.200381280+08:00" level=error msg="Create container failed with error: failed to initialize logging driver: dial tcp 127.0.0.1:15
Jul 14 11:34:06 iz2ze9dgdrjj9vx3qjxcq6z dockerd[31520]: time="2018-07-14T11:34:06.200407319+08:00" level=error msg="Create container failed with error: failed to initialize logging driver: dial tcp 127.0.0.1:15
Jul 14 11:34:06 iz2ze9dgdrjj9vx3qjxcq6z dockerd[31520]: time="2018-07-14T11:34:06.201326763+08:00" level=error msg="Create container failed with error: failed to initialize logging driver: dial tcp 127.0.0.1:15
Jul 14 11:34:06 iz2ze9dgdrjj9vx3qjxcq6z dockerd[31520]: time="2018-07-14T11:34:06.399748069+08:00" level=error msg="Failed to start container 1784a3dad6f0c278c546aae54a3c345be8c851e5628ef821d844a2c48b7a7945: fa
Jul 14 11:34:06 iz2ze9dgdrjj9vx3qjxcq6z dockerd[31520]: time="2018-07-14T11:34:06.455713494+08:00" level=error msg="Failed to start container 8781c6b60d1fd07d99a25129e1b8863e22b6cc2f51f03f1c13243795fc592e39: fa
Jul 14 11:34:06 iz2ze9dgdrjj9vx3qjxcq6z dockerd[31520]: time="2018-07-14T11:34:06.464411700+08:00" level=error msg="Failed to start container 95d0f8c833161c3a34081fea26dcee44c1b108118c2a5e15a1f390a833b6231c: fa
Jul 14 11:34:06 iz2ze9dgdrjj9vx3qjxcq6z dockerd[31520]: time="2018-07-14T11:34:06.640656160+08:00" level=info msg="Loading containers: done."重新关闭 再次启动即可!
systemctl stop docker
systemctl start docker
[[email protected] harbor]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
26d5d4432d5a vmware/nginx:1.11.5-patched "nginx -g 'daemon ..." About a minute ago Up About a minute 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp nginx
bd977e1bc406 vmware/harbor-jobservice:v1.1.2 "/harbor/harbor_jo..." About a minute ago Up About a minute harbor-jobservice
7cc9d1c2be99 vmware/harbor-ui:v1.1.2 "/harbor/harbor_ui" About a minute ago Up About a minute harbor-ui
613a90639f91 vmware/harbor-db:v1.1.2 "docker-entrypoint..." About a minute ago Up About a minute 3306/tcp harbor-db
de5584f1b8df vmware/registry:2.6.1-photon "/entrypoint.sh se..." About a minute ago Up About a minute 5000/tcp registry
43f5fa564df6 vmware/harbor-adminserver:v1.1.2 "/harbor/harbor_ad..." About a minute ago Up About a minute harbor-adminserver
e18f92f2e400 vmware/harbor-log:v1.1.2 "/bin/sh -c 'crond..." About a minute ago Up About a minute 127.0.0.1:1514->514/tcp harbor-log
或者:
停止服务:
# docker-compose down -v
启动
# docker-compose up -d登录:(为了测试下能否登录成功)
admin登录:
[[email protected] harbor]# docker login 39.106.132.250
Username: admin
Password:
Login Succeeded##下载一个测试用的busybox:
[[email protected] docker]# docker pull busybox
Using default tag: latest
latest: Pulling from library/busybox
07a152489297: Pull complete
Digest: sha256:141c253bc4c3fd0a201d32dc1f493bcf3fff003b6df416dea4f41046e0f37d47
Status: Downloaded newer image for busybox:latest
##查看下镜像:
[[email protected] docker]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
busybox latest 8c811b4aec35 7 weeks ago 1.15MB
vmware/harbor-jobservice v1.1.2 ac332f9bd31c 13 months ago 163MB
vmware/harbor-ui v1.1.2 803897be484a 13 months ago 183MB
vmware/harbor-adminserver v1.1.2 360b214594e7 13 months ago 142MB
vmware/harbor-db v1.1.2 6f71ee20fe0c 13 months ago 329MB
vmware/registry 2.6.1-photon 0f6c96580032 14 months ago 150MB
vmware/harbor-notary-db mariadb-10.1.10 64ed814665c6 15 months ago 324MB
vmware/nginx 1.11.5-patched 8ddadb143133 15 months ago 199MB
vmware/notary-photon signer-0.5.0 b1eda7d10640 15 months ago 156MB
vmware/notary-photon server-0.5.0 6e2646682e3c 15 months ago 157MB
vmware/harbor-log v1.1.2 9c46a7b5e517 16 months ago 192MB
photon 1.0 e6e4e4a2ba1b 2 years ago 127MB
## 打个tag:
[[email protected] docker]# docker tag busybox 39.106.132.250/library/busybox:v1
##push到仓库:
[[email protected] harbor]# docker push 39.106.132.250/library/busybox:v1
The push refers to a repository [39.106.132.250/library/busybox]
432b65032b94: Pushed
v1: digest: sha256:cb2a60d87291fdbe571dd7cee1164271e405989a689c7273de107e5ff23708cc size: 527在web页面查看下:
ok,这样http模式搞定。
关于创建仓库及创建用户,点点点就ok了。
本文参与 腾讯云自媒体同步曝光计划,分享自作者个人站点/博客。
原始发表:2018/07/15,如有侵权请联系 cloudcommunity@tencent.com 删除
评论
登录后参与评论
推荐阅读
目录
腾讯云开发者
