部署Harbor镜像仓库

部署Harbor镜像仓库

https://github.com/goharbor/harbor/releases

[root@master ~]# wget https://storage.googleapis.com/harbor-releases/release-1.8.0/harbor-offline-installer-v1.8.0.tgz
[root@master ~]# curl -L https://github.com/docker/compose/releases/download/1.22.0/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
[root@master ~]# chmod +x /usr/local/bin/docker-compose
[root@master ~]# tar xf harbor-offline-installer-v1.8.0.tgz
[root@master ~]# curl -o /etc/yum.repos.d/docker.repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
[root@master ~]# yum -y install docker-ce
[root@master ~]# systemctl enable docker --now
1
2
3
4
5
6
7

配置harbor

[root@master ~]# cd harbor
[root@master ~]# vim harbor.yml // 主机名要可以解析(需要部署dns服务器，用/etc/hosts文件没有用)，如果不可以解析，可以使用IP地址,需要修改的内容如下
hostname: 192.168.1.200
ui_url_protocol = https（如果要用https这里就需要改，现在我们先不用https，这里不需要改）
[root@master harbor]# ./prepare
[root@master harbor]# ./install.sh
...
✔ ----Harbor has been installed and started successfully.----
Now you should be able to visit the admin portal at http://192.168.1.11.
1
2
3
4
5
6
7
8
9

浏览器器里访问 192.168.1.11

默认 用户名：admin 密码：Harbor12345

[root@node1 ~]# docker pull busybox
[root@node1 ~]# docker images
REPOSITORY   TAG       IMAGE ID       CREATED        SIZE
busybox      latest    beae173ccac6   7 months ago   1.24MB
[root@node1 ~]# docker tag busybox:latest  192.168.1.11:80/library/busybox:test
1
2
3
4
5

[root@master harbor]# docker-compose up -d
Starting harbor-log ... done
Starting registry    ... done
Starting redis       ... done
Starting harbor-db   ... done
Starting registryctl ... done
Starting harbor-core ... done
Starting harbor-portal     ... done
Starting harbor-jobservice ... done
Starting nginx             ... done
1
2
3
4
5
6
7
8
9
10

[root@node1 ~]# vim /etc/docker/daemon.json
 { "insecure-registries":["192.168.1.11:80"] }
[root@node1 ~]# systemctl daemon-reload
[root@node1 ~]# systemctl restart docker
[root@node1 ~]# docker login 192.168.1.11:80
Username: admin
Password:
...
Login Succeeded
[root@node1 ~]# docker push 192.168.1.11:80/library/busybox:test
The push refers to repository [192.168.1.11:80/library/busybox]
01fd6df81c8e: Pushed
test: digest: sha256:62ffc2ed7554e4c6d360bce40bbcf196573dd27c4ce080641a2c59867e732dee size: 527
1
2
3
4
5
6
7
8
9
10
11
12
13

部署企业私有镜像仓库Habor

1）开启路由转发

[root@harbor ~]# echo 'net.ipv4.ip_forward = 1' >> /etc/sysctl.conf
[root@harbor ~]# sysctl -p
[root@harbor ~]# yum -y install docker-ce
[root@harbor ~]# systemctl start docker
[root@harbor ~]# systemctl enable docker
1
2
3
4
5

2）部署harbor

[root@harbor ~]# mv /root/docker-compose /usr/local/bin/
[root@harbor ~]# chmod +x /usr/local/bin/docker-compose 
[root@harbor ~]# tar -xf harbor-offline-installer-v1.2.0.tgz -C /usr/local/
[root@harbor ~]# cd /usr/local/harbor
[rootharbor harbor]# ls
common docker-compose.notary.yml harbor_1_1_0_template harbor.v1.2.0.tar.gz 
LICENSE prepare  docker-compose.clair.yml docker-compose.yml harbor.cfg 
install.sh NOTICE upgrade
1
2
3
4
5
6
7
8

3）修改配置文件

#访问harbor管理界面的地址，改为本机的IP地址
[root@harbor harbor]# sed -i '/^hostname/s/reg.mydomain.com/192.168.1.17/' harbor.cfg 
[root@harbor harbor]# sed -i '121 s/80:80/8099:80/' docker-compose.yml
#默认是访问80端口，但因为80端口与Nginx集群冲突，故改变访问端口为8099
[root@harbor harbor]#sed -i '24 s/$ui_url/$ui_url:8099/' common/templates/registry/config.yml
[root@harbor harbor]# ./install.sh 
.......
✔ ----Harbor has been installed and started successfully.----
Now you should be able to visit the admin portal at http://192.168.1.17. 
For more details, please visit https://github.com/vmware/harbor .
[root@harbor harbor]# netstat -antpu | grep 8099
tcp6 0 0 :::8099 :::* LISTEN 3028/docker-proxy 
1
2
3
4
5
6
7
8
9
10
11
12

浏览器访问92.168.1.17:8099 用户名：admin 密码：Harbor12345

[root@docker harbor]# egrep -v "^#|^$" harbor.cfg
hostname = 192.168.1.17
ui_url_protocol = http
db_password = root123
max_job_workers = 3
customize_crt = on
ssl_cert = /data/cert/server.crt
ssl_cert_key = /data/cert/server.key
secretkey_path = /data
admiral_url = NA
clair_db_password = password
email_identity =
email_server = smtp.mydomain.com
email_server_port = 25
email_username = sample_admin@mydomain.com
email_password = abc
email_from = admin 
email_ssl = false
harbor_admin_password = Harbor12345
auth_mode = db_auth
ldap_url = ldaps://ldap.mydomain.com
ldap_basedn = ou=people,dc=mydomain,dc=com
ldap_uid = uid
ldap_scope = 3
ldap_timeout = 5
self_registration = on
token_expiration = 30
project_creation_restriction = everyone
verify_remote_cert = on
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29

[root@docker harbor]# cat docker-compose.yml
version: '2'
services:
  log:
    image: vmware/harbor-log:v1.2.0
    container_name: harbor-log
    restart: always
    volumes:
      - /var/log/harbor/:/var/log/docker/:z
    ports:
      - 127.0.0.1:1514:514
    networks:
      - harbor
  registry:
    image: vmware/registry:2.6.2-photon
    container_name: registry
    restart: always
    volumes:
      - /data/registry:/storage:z
      - ./common/config/registry/:/etc/registry/:z
    networks:
      - harbor
    environment:
      - GODEBUG=netdns=cgo
    command:
      ["serve", "/etc/registry/config.yml"]
    depends_on:
      - log
    logging:
      driver: "syslog"
      options:
        syslog-address: "tcp://127.0.0.1:1514"
        tag: "registry"
  mysql:
    image: vmware/harbor-db:v1.2.0
    container_name: harbor-db
    restart: always
    volumes:
      - /data/database:/var/lib/mysql:z
    networks:
      - harbor
    env_file:
      - ./common/config/db/env
    depends_on:
      - log
    logging:
      driver: "syslog"
      options:
        syslog-address: "tcp://127.0.0.1:1514"
        tag: "mysql"
  adminserver:
    image: vmware/harbor-adminserver:v1.2.0
    container_name: harbor-adminserver
    env_file:
      - ./common/config/adminserver/env
    restart: always
    volumes:
      - /data/config/:/etc/adminserver/config/:z
      - /data/secretkey:/etc/adminserver/key:z
      - /data/:/data/:z
    networks:
      - harbor
    depends_on:
      - log
    logging:
      driver: "syslog"
      options:
        syslog-address: "tcp://127.0.0.1:1514"
        tag: "adminserver"
  ui:
    image: vmware/harbor-ui:v1.2.0
    container_name: harbor-ui
    env_file:
      - ./common/config/ui/env
    restart: always
    volumes:
      - ./common/config/ui/app.conf:/etc/ui/app.conf:z
      - ./common/config/ui/private_key.pem:/etc/ui/private_key.pem:z
      - /data/secretkey:/etc/ui/key:z
      - /data/ca_download/:/etc/ui/ca/:z
      - /data/psc/:/etc/ui/token/:z
    networks:
      - harbor
    depends_on:
      - log
      - adminserver
      - registry
    logging:
      driver: "syslog"
      options:
        syslog-address: "tcp://127.0.0.1:1514"
        tag: "ui"
  jobservice:
    image: vmware/harbor-jobservice:v1.2.0
    container_name: harbor-jobservice
    env_file:
      - ./common/config/jobservice/env
    restart: always
    volumes:
      - /data/job_logs:/var/log/jobs:z
      - ./common/config/jobservice/app.conf:/etc/jobservice/app.conf:z
      - /data/secretkey:/etc/jobservice/key:z
    networks:
      - harbor
    depends_on:
      - ui
      - adminserver
    logging:
      driver: "syslog"
      options:
        syslog-address: "tcp://127.0.0.1:1514"
        tag: "jobservice"
  proxy:
    image: vmware/nginx-photon:1.11.13
    container_name: nginx
    restart: always
    volumes:
      - ./common/config/nginx:/etc/nginx:z
    networks:
      - harbor
    ports:
      - 8099:80
      - 443:443
      - 4443:4443
    depends_on:
      - mysql
      - registry
      - ui
      - log
    logging:
      driver: "syslog"
      options:
        syslog-address: "tcp://127.0.0.1:1514"
        tag: "proxy"
networks:
  harbor:
    external: false
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137

[root@docker harbor]# cat common/templates/registry/config.yml
version: 0.1
log:
  level: debug
  fields:
    service: registry
storage:
    cache:
        layerinfo: inmemory
    filesystem:
        rootdirectory: /storage
    maintenance:
        uploadpurging:
            enabled: false
    delete:
        enabled: true
http:
    addr: :5000
    secret: placeholder
    debug:
        addr: localhost:5001
auth:
  token:
    issuer: harbor-token-issuer
    realm: $ui_url:8099/service/token
    rootcertbundle: /etc/registry/root.crt
    service: harbor-registry

notifications:
  endpoints:
      - name: harbor
        disabled: false
        url: http://ui/service/notifications
        timeout: 3000ms
        threshold: 5
        backoff: 1s
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36

[root@docker harbor]# cat install.sh
#!/bin/bash

#docker version: 1.11.2
#docker-compose version: 1.7.1
#Harbor version: 0.4.0

set +e
set -o noglob

#
# Set Colors
#

bold=$(tput bold)
underline=$(tput sgr 0 1)
reset=$(tput sgr0)

red=$(tput setaf 1)
green=$(tput setaf 76)
white=$(tput setaf 7)
tan=$(tput setaf 202)
blue=$(tput setaf 25)

#
# Headers and Logging
#

underline() { printf "${underline}${bold}%s${reset}\n" "$@"
}
h1() { printf "\n${underline}${bold}${blue}%s${reset}\n" "$@"
}
h2() { printf "\n${underline}${bold}${white}%s${reset}\n" "$@"
}
debug() { printf "${white}%s${reset}\n" "$@"
}
info() { printf "${white}➜ %s${reset}\n" "$@"
}
success() { printf "${green}✔ %s${reset}\n" "$@"
}
error() { printf "${red}✖ %s${reset}\n" "$@"
}
warn() { printf "${tan}➜ %s${reset}\n" "$@"
}
bold() { printf "${bold}%s${reset}\n" "$@"
}
note() { printf "\n${underline}${bold}${blue}Note:${reset} ${blue}%s${reset}\n" "$@"
}

set -e
set +o noglob

usage=$'Please set hostname and other necessary attributes in harbor.cfg first. DO NOT use localhost or 127.0.0.1 for hostname, because Harbor needs to be accessed by external clients.
Please set --with-notary if needs enable Notary in Harbor, and set ui_url_protocol/ssl_cert/ssl_cert_key in harbor.cfg bacause notary must run under https.
Please set --with-clair if needs enable Clair in Harbor'
item=0

# notary is not enabled by default
with_notary=$false
# clair is not enabled by default
with_clair=$false

while [ $# -gt 0 ]; do
        case $1 in
            --help)
            note "$usage"
            exit 0;;
            --with-notary)
            with_notary=true;;
            --with-clair)
            with_clair=true;;
            *)
            note "$usage"
            exit 1;;
        esac
        shift || true
done

workdir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
cd $workdir

# The hostname in harbor.cfg has not been modified
if grep 'hostname = reg.mydomain.com' &> /dev/null harbor.cfg
then
        warn "$usage"
        exit 1
fi

function check_docker {
        if ! docker --version &> /dev/null
        then
                error "Need to install docker(1.10.0+) first and run this script again."
                exit 1
        fi

        # docker has been installed and check its version
        if [[ $(docker --version) =~ (([0-9]+).([0-9]+).([0-9]+)) ]]
        then
                docker_version=${BASH_REMATCH[1]}
                docker_version_part1=${BASH_REMATCH[2]}
                docker_version_part2=${BASH_REMATCH[3]}

                # the version of docker does not meet the requirement
                if [ "$docker_version_part1" -lt 1 ] || ([ "$docker_version_part1" -eq 1 ] && [ "$docker_version_part2" -lt 10 ])
                then
                        error "Need to upgrade docker package to 1.10.0+."
                        exit 1
                else
                        note "docker version: $docker_version"
                fi
        else
                error "Failed to parse docker version."
                exit 1
        fi
}

function check_dockercompose {
        if ! docker-compose --version &> /dev/null
        then
                error "Need to install docker-compose(1.7.1+) by yourself first and run this script again."
                exit 1
        fi

        # docker-compose has been installed, check its version
        if [[ $(docker-compose --version) =~ (([0-9]+).([0-9]+).([0-9]+)) ]]
        then
                docker_compose_version=${BASH_REMATCH[1]}
                docker_compose_version_part1=${BASH_REMATCH[2]}
                docker_compose_version_part2=${BASH_REMATCH[3]}

                # the version of docker-compose does not meet the requirement
                if [ "$docker_compose_version_part1" -lt 1 ] || ([ "$docker_compose_version_part1" -eq 1 ] && [ "$docker_compose_version_part2" -lt 6 ])
                then
                        error "Need to upgrade docker-compose package to 1.7.1+."
                        exit 1
                else
                        note "docker-compose version: $docker_compose_version"
                fi
        else
                error "Failed to parse docker-compose version."
                exit 1
        fi
}

h2 "[Step $item]: checking installation environment ..."; let item+=1
check_docker
check_dockercompose

if [ -f harbor*.tar.gz ]
then
        h2 "[Step $item]: loading Harbor images ..."; let item+=1
        docker load -i ./harbor*.tar.gz
fi
echo ""

h2 "[Step $item]: preparing environment ...";  let item+=1
if [ -n "$host" ]
then
        sed "s/^hostname = .*/hostname = $host/g" -i ./harbor.cfg
fi
prepare_para=
if [ $with_notary ]
then
        prepare_para="${prepare_para} --with-notary"
fi
if [ $with_clair ]
then
        prepare_para="${prepare_para} --with-clair"
fi
./prepare $prepare_para
echo ""

h2 "[Step $item]: checking existing instance of Harbor ..."; let item+=1
docker_compose_list='-f docker-compose.yml'
if [ $with_notary ]
then
        docker_compose_list="${docker_compose_list} -f docker-compose.notary.yml"
fi
if [ $with_clair ]
then
        docker_compose_list="${docker_compose_list} -f docker-compose.clair.yml"
fi

if [ -n "$(docker-compose $docker_compose_list ps -q)"  ]
then
        note "stopping existing Harbor instance ..."
        docker-compose $docker_compose_list down -v
fi
echo ""

h2 "[Step $item]: starting Harbor ..."
docker-compose $docker_compose_list up -d

protocol=http
hostname=reg.mydomain.com

if [[ $(cat ./harbor.cfg) =~ ui_url_protocol[[:blank:]]*=[[:blank:]]*(https?) ]]
then
protocol=${BASH_REMATCH[1]}
fi

if [[ $(grep 'hostname[[:blank:]]*=' ./harbor.cfg) =~ hostname[[:blank:]]*=[[:blank:]]*(.*) ]]
then
hostname=${BASH_REMATCH[1]}
fi
echo ""

success $"----Harbor has been installed and started successfully.----

Now you should be able to visit the admin portal at ${protocol}://${hostname}.
For more details, please visit https://github.com/vmware/harbor .
"
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212