什么是harbor
Project Harbor is an an open source trusted cloud native registry project that stores, signs, and scans content. Harbor extends the open source Docker Distribution by adding the functionalities usually required by users such as security, identity and management. Having a registry closer to the build and run environment can improve the image transfer efficiency. Harbor supports replication of images between registries, and also offers advanced security features such as user management, access control and activity auditing.
Harbor is hosted by the Cloud Native Computing Foundation (CNCF). If you are an organization that wants to help shape the evolution of cloud native technologies, consider joining the CNCF. For details about who’s involved and how Harbor plays a role, read the CNCF announcement.
以上是官网的介绍,大概就是说是一个开源的可信云本地注册表项目,用于存储、签名和扫描内容,通过添加用户通常需要的功能(如安全性、身份和管理)扩展了开源Docker分发。具有更接近构建和运行环境的注册表可以提高图像传输效率。Harbor支持在注册表之间复制图像,并且还提供高级安全特性,如用户管理、访问控制和活动审计。
要加入CNCF的话,去阅读CNCF的公告。
harbor是CNCF(云原生计算基金会)的一个项目,刚刚开始的时候,这个项目是有vmware做的,刚开始的时候,web页面是支持英文和中文的,因为这个项目中,我们国人做出了很多的努力,刚刚开始其实是由vmware里的一个中国组做的,
基础环境的搭建
硬件要求
CPU最低2核,4核最好
内存 最低4G,8G最好
硬盘 最低40G, 160G最好
软件要求
python版本必须是2.7或者更高
Note that you may have to install Python on Linux distributions (Gentoo, Arch) that do not come with a Python interpreter installed by default
docker-engine的版本最低是1.10~~
For installation instructions, please refer to: https://docs.docker.com/engine/installation/
docker-compose的版本大于1.6.0以上
For installation instructions, please refer to: https://docs.docker.com/compose/install/
OPENSSL的版本最好是最新稳定版的
端口使用情况
443/4443/80
Harbor使用restful风格的API,都是使用的标准的HTTP/HTTPS服务,当然,也有用到4443端口,所以,使用的时候,这几个端口无比不可以占用。
开始搭建使用
第一步:安装docker
配置yum源,最好使用国内的docker-ce源,这样速度会比较快,
可以自己去找阿里云或者清华,中科大等等的源
我这个使用的docker官方的,
[docker-ce-stable]
name=Docker CE Stable - $basearch
baseurl=https://download.docker.com/linux/centos/7/$basearch/stable
enabled=1
gpgcheck=1 ##觉得慢了可以不设置check,做测试用,基本不影响的
gpgkey=https://download.docker.com/linux/centos/gpg
[root@node1 ~]# yum install -y docker-ce 下载安装,这个过程可能会比较慢点,应该需要从网络上下载rpm包
[root@node1 ~]# systemctl start docker
[root@node1 ~]# systemctl enable docker
[root@node1 ~]# docker version
Client:
Version: 18.09.0 ##docker-cli版本
API version: 1.39
Go version: go1.10.4
Git commit: 4d60db4
Built: Wed Nov 7 00:48:22 2018
OS/Arch: linux/amd64
Experimental: false
Server: Docker Engine - Community
Engine:
Version: 18.09.0 ##docker引擎版本10.09.0满足要求
API version: 1.39 (minimum version 1.12)
Go version: go1.10.4
Git commit: 4d60db4
Built: Wed Nov 7 00:19:08 2018
OS/Arch: linux/amd64
Experimental: false
第二步:安装python和docker-compose,查看openssl版本
[root@node1 ~]# python --version ##我使用的镜像里自带的python,版本2.7.5,满足要求
Python 2.7.5
[root@node1 ~]# yum install python-pip -y ##安装pip
[root@node1 ~]# pip install --upgrade pip ##升级以下pip
[root@node1 ~t]# pip install docker-compose ##安装docker-compose
[root@node1 ~]# pip install --upgrade docker-compose ##检测更新
[root@node1 ~]# docker-compose -v ##版本1.23.1完全满足要求
docker-compose version 1.23.1, build b02f130
[root@node1 ~]# openssl version ##凑合..........用吧,反正自己测试玩呢
OpenSSL 1.0.2k-fips 26 Jan 2017
第三步:查看硬件信息
博主在自己笔记本上做的实验,渣渣的不行,而且还开的虚拟机
KVM虚拟机 centos7.5操作系统 开了两个虚拟机,每个内存都是1G。做实验用,基本上还是够了。
第四步:使用离线方式,安装harbor
[root@node1 ~]# wget https://storage.googleapis.com/harbor-releases/harbor-offline-installer-v1.5.4.tgz
[root@node1 ~]# tar -zxf harbor-offline-installer-v1.5.4.tgz
[root@node1 ~]# mv harbor /usr/local/
[root@node1 harbor]# ls
common docker-compose.clair.yml docker-compose.notary.yml docker-compose.yml ha harbor.cfg install.sh LICENSE NOTICE open_source_license prepare
第五步:创建自签名证书
[root@node1 harbor]# openssl genrsa -out docker.com.key 1024
saGenerating RSA private key, 1024 bit long modulus
.............................++++++
.........++++++
e is 65537 (0x10001)
[root@node1 harbor]# ls
common docker.com.key docker-compose.clair.yml docker-compose.notary.yml docker-compose.yml ha harbor.cfg harbor.cfg.bak install.sh LICENSE NOTICE open_source_license prepare
[root@node1 harbor]# openssl req -new -key docker.com.key -out docker.com.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:shannxi
Locality Name (eg, city) [Default City]:xi'an
Organization Name (eg, company) [Default Company Ltd]:XUPT
Organizational Unit Name (eg, section) []:xinxianquan
Common Name (eg, your name or your server's hostname) []:oyd
Email Address []:123@qq.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:123456
An optional company name []:XUPT
[root@node1 harbor]# ls
common docker.com.csr docker.com.key docker-compose.clair.yml docker-compose.notary.yml docker-compose.yml ha harbor.cfg harbor.cfg.bak install.sh LICENSE NOTICE open_source_license prepare
[root@node1 harbor]# openssl x509 -req -days 365 -in docker.com.csr -signkey docker.com.key -out docker.com.crt
Signature ok
subject=/C=CN/ST=shannxi/L=xi'an/O=XUPT/OU=xinxianquan/CN=oyd/emailAddress=123@qq.com
Getting Private key
[root@node1 harbor]# ll docker.com.csr docker.com.key docker.com.crt
-rw-r--r--. 1 root root 908 Nov 12 16:10 docker.com.crt
-rw-r--r--. 1 root root 741 Nov 12 16:09 docker.com.csr
-rw-r--r--. 1 root root 891 Nov 12 16:06 docker.com.key
[root@node1 harbor]# pwd
/usr/local/harbor
第六步:配置Harbor的配置文件
[root@node1 harbor]# vim harbor.cfg
hostname = node1 配置主机名称
ui_url_protocol = https 使用的协议
customize_crt = on 工作线程数
ssl_cert = /usr/local/harbor/docker.com.crt
ssl_cert_key = /usr/local/harbor/docker.com.key
log_rotate_size = 200M 日志最大200M
harbor_admin_password = Harbor12345 harbor的密码
db_password = root123 会自动起一个mysql容器,密码是root123
第七步:构建环境
[root@node1 harbor]# ./install.sh
[Step 0]: checking installation environment ... ##检测环境
Note: docker version: 18.09.0
Note: docker-compose version: 1.23.1
[Step 1]: loading Harbor images ... ##加载镜像
ad50e89f4922: Loading layer [==================================================>] 133.4MB/133.4MB
b9111f3900ae: Loading layer [==================================================>] 23.38MB/23.38MB
4f356758d397: Loading layer [==================================================>] 20.91MB/20.91MB
bc638e648859: Loading layer [==================================================>] 20.91MB/20.91MB
Loaded image: vmware/harbor-jobservice:v1.5.4
008e13b55131: Loading layer [==================================================>] 23.38MB/23.38MB
2826ddfdc793: Loading layer [==================================================>] 15.37MB/15.37MB
d00ae9679664: Loading layer [==================================================>] 15.37MB/15.37MB
Loaded image: vmware/harbor-adminserver:v1.5.4
bf9b29f3e16d: Loading layer [==================================================>] 403.4MB/403.4MB
035dfc5fccad: Loading layer [==================================================>] 9.216kB/9.216kB
bc1076539dfb: Loading layer [==================================================>] 9.216kB/9.216kB
c431a7d41946: Loading layer [==================================================>] 7.68kB/7.68kB
eae032ece432: Loading layer [==================================================>] 1.536kB/1.536kB
655cc4bf808b: Loading layer [==================================================>] 11.78kB/11.78kB
d3abc4a9d081: Loading layer [==================================================>] 2.56kB/2.56kB
5c4a4b82fc4d: Loading layer [==================================================>] 3.072kB/3.072kB
Loaded image: vmware/harbor-db:v1.5.4
942ae0a8d99e: Loading layer [==================================================>] 83.89MB/83.89MB
520f2e0dc635: Loading layer [==================================================>] 3.072kB/3.072kB
6a18a0ec7f60: Loading layer [==================================================>] 59.9kB/59.9kB
d988f22b9f5f: Loading layer [==================================================>] 61.95kB/61.95kB
Loaded image: vmware/redis-photon:v1.5.4
eac497b4b503: Loading layer [==================================================>] 5.128MB/5.128MB
Loaded image: vmware/nginx-photon:v1.5.4
853bfc76ed58: Loading layer [==================================================>] 158.1MB/158.1MB
3fd52c4887f9: Loading layer [==================================================>] 10.93MB/10.93MB
fe8ab3e87ac0: Loading layer [==================================================>] 2.048kB/2.048kB
12a0d81beb68: Loading layer [==================================================>] 48.13kB/48.13kB
fd905da838da: Loading layer [==================================================>] 10.98MB/10.98MB
Loaded image: vmware/clair-photon:v2.0.6-v1.5.4
a995a3534368: Loading layer [==================================================>] 23.38MB/23.38MB
d6cbd978280f: Loading layer [==================================================>] 24.41MB/24.41MB
5851646b723b: Loading layer [==================================================>] 7.168kB/7.168kB
8070bec65554: Loading layer [==================================================>] 10.56MB/10.56MB
6544515351b8: Loading layer [==================================================>] 24.4MB/24.4MB
Loaded image: vmware/harbor-ui:v1.5.4
Loaded image: photon:1.0
34699905595d: Loading layer [==================================================>] 23.38MB/23.38MB
cfea98e05b5d: Loading layer [==================================================>] 12.16MB/12.16MB
231f7274b72e: Loading layer [==================================================>] 17.3MB/17.3MB
7d3d139904f4: Loading layer [==================================================>] 15.87kB/15.87kB
72f72b7a3c94: Loading layer [==================================================>] 3.072kB/3.072kB
8d34d1d33f54: Loading layer [==================================================>] 29.46MB/29.46MB
Loaded image: vmware/notary-server-photon:v0.5.1-v1.5.4
Loaded image: vmware/mariadb-photon:v1.5.4
15191ee1bd9b: Loading layer [==================================================>] 73.32MB/73.32MB
c1de64e414a9: Loading layer [==================================================>] 3.584kB/3.584kB
1ca692cb7dbc: Loading layer [==================================================>] 3.072kB/3.072kB
359b1a79ec54: Loading layer [==================================================>] 4.096kB/4.096kB
849b9d327989: Loading layer [==================================================>] 3.584kB/3.584kB
eebfdeeeed02: Loading layer [==================================================>] 9.728kB/9.728kB
Loaded image: vmware/harbor-log:v1.5.4
c8a6d1eb1eae: Loading layer [==================================================>] 23.38MB/23.38MB
aa423651976e: Loading layer [==================================================>] 2.56kB/2.56kB
619529c2b555: Loading layer [==================================================>] 2.56kB/2.56kB
3f1091c751e3: Loading layer [==================================================>] 2.048kB/2.048kB
bdfa6bcc0cbc: Loading layer [==================================================>] 22.8MB/22.8MB
dc78c02b0c29: Loading layer [==================================================>] 22.8MB/22.8MB
Loaded image: vmware/registry-photon:v2.6.2-v1.5.4
c6277b5de5ab: Loading layer [==================================================>] 10.95MB/10.95MB
2a90321baeb0: Loading layer [==================================================>] 17.3MB/17.3MB
b4feb5683938: Loading layer [==================================================>] 15.87kB/15.87kB
547e893b3a73: Loading layer [==================================================>] 3.072kB/3.072kB
5b884b86445c: Loading layer [==================================================>] 28.24MB/28.24MB
Loaded image: vmware/notary-signer-photon:v0.5.1-v1.5.4
ba777a12ecc6: Loading layer [==================================================>] 95.85MB/95.85MB
57bd73ea258d: Loading layer [==================================================>] 6.656kB/6.656kB
71b26b48c755: Loading layer [==================================================>] 2.048kB/2.048kB
abad61b5ce57: Loading layer [==================================================>] 7.68kB/7.68kB
Loaded image: vmware/postgresql-photon:v1.5.4
454c81edbd3b: Loading layer [==================================================>] 135.2MB/135.2MB
e99db1275091: Loading layer [==================================================>] 395.4MB/395.4MB
051e4ee23882: Loading layer [==================================================>] 9.216kB/9.216kB
6cca4437b6f6: Loading layer [==================================================>] 9.216kB/9.216kB
1d48fc08c8bc: Loading layer [==================================================>] 7.68kB/7.68kB
0419724fd942: Loading layer [==================================================>] 1.536kB/1.536kB
543c0c1ee18d: Loading layer [==================================================>] 655.2MB/655.2MB
4190aa7e89b8: Loading layer [==================================================>] 103.9kB/103.9kB
Loaded image: vmware/harbor-migrator:v1.5.0
[Step 2]: preparing environment ... ##准备环境
Clearing the configuration file: ./common/config/adminserver/env
Clearing the configuration file: ./common/config/ui/env
Clearing the configuration file: ./common/config/ui/app.conf
Clearing the configuration file: ./common/config/ui/private_key.pem
Clearing the configuration file: ./common/config/db/env
Clearing the configuration file: ./common/config/jobservice/env
Clearing the configuration file: ./common/config/jobservice/config.yml
Clearing the configuration file: ./common/config/registry/config.yml
Clearing the configuration file: ./common/config/registry/root.crt
Clearing the configuration file: ./common/config/nginx/cert/docker.com.crt
Clearing the configuration file: ./common/config/nginx/cert/docker.com.key
Clearing the configuration file: ./common/config/nginx/nginx.conf
Clearing the configuration file: ./common/config/log/logrotate.conf
loaded secret from file: /data/secretkey
Generated configuration file: ./common/config/nginx/nginx.conf
Generated configuration file: ./common/config/adminserver/env
Generated configuration file: ./common/config/ui/env
Generated configuration file: ./common/config/registry/config.yml
Generated configuration file: ./common/config/db/env
Generated configuration file: ./common/config/jobservice/env
Generated configuration file: ./common/config/jobservice/config.yml
Generated configuration file: ./common/config/log/logrotate.conf
Generated configuration file: ./common/config/jobservice/config.yml
Generated configuration file: ./common/config/ui/app.conf
Generated certificate, key file: ./common/config/ui/private_key.pem, cert file: ./common/config/registry/root.crt
The configuration files are ready, please use docker-compose to start the service.
[Step 3]: checking existing instance of Harbor ... ##检测运行环境
[Step 4]: starting Harbor ... ## 运行容器
Creating network "harbor_harbor" with the default driver
Creating harbor-log ... done
Creating redis ... done
Creating harbor-db ... done
Creating registry ... done
Creating harbor-adminserver ... done
Creating harbor-ui ... done
Creating nginx ... done
Creating harbor-jobservice ... done
✔ ----Harbor has been installed and started successfully.---- ##成功!!!!
Now you should be able to visit the admin portal at https://node1.
For more details, please visit https://github.com/vmware/harbor .
此时访问https:node1
输入用户名:admin
输入密码:Harbor12345
就可以进去了
第八步:注意事项
[root@node1 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
8f2940cb239d vmware/harbor-jobservice:v1.5.4 "/harbor/start.sh" 6 minutes ago Up 6 minutes harbor-jobservice
a9ee56b44f03 vmware/nginx-photon:v1.5.4 "nginx -g 'daemon of…" 6 minutes ago Up 6 minutes (healthy) 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp nginx
ac08fe6a5b12 vmware/harbor-ui:v1.5.4 "/harbor/start.sh" 6 minutes ago Up 6 minutes (healthy) harbor-ui
a13b86e0897f vmware/harbor-adminserver:v1.5.4 "/harbor/start.sh" 6 minutes ago Up 6 minutes (healthy) harbor-adminserver
9f382ef9c6e9 vmware/registry-photon:v2.6.2-v1.5.4 "/entrypoint.sh serv…" 6 minutes ago Up 6 minutes (healthy) 5000/tcp registry
67cce021e6c1 vmware/harbor-db:v1.5.4 "/usr/local/bin/dock…" 6 minutes ago Up 6 minutes (healthy) 3306/tcp harbor-db
43b56f9fefcc vmware/redis-photon:v1.5.4 "docker-entrypoint.s…" 6 minutes ago Up 6 minutes 6379/tcp redis
63b8d5e17a85 vmware/harbor-log:v1.5.4 "/bin/sh -c /usr/loc…" 6 minutes ago Up 6 minutes (healthy) 127.0.0.1:1514->10514/tcp harbor-log
harbor其实也是以container的方式运行的,一共有8个容器,这8个容器在本地的存储路径是下面的那个,所以这个文件夹需要大一点,博主刚刚开始没有注意,测试机存储都是9G的,加载image的时候,就不够用了,最后饶了没办法就又加了一个硬盘,比较麻烦
[root@node1 ~]# ll /var/lib/docker/overlay2/
total 344
drwx------. 4 root root 4096 Nov 12 17:09 02938caebaf2469166f686b88ce71ce8b75f8a3164e06abadb052210241be7b6
drwx------. 4 root root 4096 Nov 12 17:09 0403016f457bbbb221339eb3f70ca1096b5ad58b15776331cd581cebe92a772b
...
...
drwx------. 4 root root 4096 Nov 12 17:08 f2ad91bc06f87b319654ec329e13b319efc827f2e92d3d23314f38e0686de411
drwx------. 4 root root 4096 Nov 12 17:09 f8049719bd92a25d48576b54f7f239803ed2655c7071e7ac0638816138a37b5d
drwx------. 4 root root 4096 Nov 12 17:09 f89afc0fa06f959fd9a78aaa606369a7bfe052e70d1994e2de85a2d0691c3b3f
drwxr-xr-x. 2 root root 4096 Nov 12 17:10 l
drwx------. 2 root root 16384 Nov 12 17:01 lost+found
harbor运行的时候可以看到使用了80/443/4443端口,所以这些端口需要空出来
[root@node1 ~]# netstat -nplt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 942/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1028/master
tcp 0 0 127.0.0.1:1514 0.0.0.0:* LISTEN 1967/docker-proxy
tcp6 0 0 :::80 :::* LISTEN 2602/docker-proxy
tcp6 0 0 :::22 :::* LISTEN 942/sshd
tcp6 0 0 ::1:25 :::* LISTEN 1028/master
tcp6 0 0 :::443 :::* LISTEN 2578/docker-proxy
tcp6 0 0 :::4443 :::* LISTEN 2567/docker-proxy
扫一扫
528
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
