(共556篇)
全部分类

搭建Harbor镜像仓库
[ Docker ] 

Harbor 官方的搭建文档在这里

下载 Harbor 离线包

Harbor 提供了 github 的release 地址, 执行选择一个版本下载离线安装包

1
2
3
cd /root/installer
wget https://github.com/goharbor/harbor/releases/download/v2.6.0-rc2/harbor-offline-installer-v2.6.0-rc2.tgz
tar -zxvf harbor-offline-installer-v2.6.0-rc2.tgz

harbor 的文件会被解压到 /root/installer/harbor 目录:

1
2
3
4
5
6
7
8
9
[root@txserver harbor]# ll /root/installer/harbor
drwxr-xr-x 3 root root      4096 8月  23 13:57 common
-rw-r--r-- 1 root root      3639 8月  10 18:45 common.sh
-rw-r--r-- 1 root root      5891 8月  23 14:42 docker-compose.yml
-rw-r--r-- 1 root root 683208374 8月  10 18:45 harbor.v2.6.0.tar.gz
-rw-r--r-- 1 root root     10491 8月  10 18:45 harbor.yml.tmpl
-rwxr-xr-x 1 root root      2622 8月  10 18:45 install.sh
-rw-r--r-- 1 root root     11347 8月  10 18:45 LICENSE
-rwxr-xr-x 1 root root      1881 8月  10 18:45 prepare

其中 harbor.yml.tmpl 是 harbor 的配置模板文件, 需要把它拷贝一份正式的出来

1
2
[root@txserver harbor]# cd /root/installer/harbor
[root@txserver harbor]# cp harbor.yml.tmpl harbor.yml

harbor 预配置文件

修改 harbor 配置文件前需要知道的是:

  1. harbor 以 docker 为基础运行, 所以 docker 是必须提前安装好的
  2. harbor 在安装过程中, 会生成一个 docker compose file, 熟悉 docker 的都知道, 这个文件会启动一组容器, 来实现 harbor 服务

harbor 自带的 https 服务

harbor 使用的容器组中, 会自带一个 nginx 容器, 并且会自动使用 http 与 https 服务

  1. 如果想使用 harbor 自带的 http 服务, hostname要设为自己的域名
  2. 如果要使用 harbor 的 https 服务, 还要配置域名对应的证书
  3. 如果开启了 https 服务, http 的访问会自动重定向到 https
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
hostname: harbor.***.com

# http related config
http:
  # port for http, default is 80. If https enabled, this port will redirect to https port
  port: 80

# https related config
https:
  # https port for harbor, default is 443
  port: 443
  # The path of cert and key files for nginx
  certificate: /root/certs/codequan/fullchain.pem
  private_key: /root/certs/codequan/key.pem

使用宿主机的 nginx 通过代理访问 harbor

大多数情况下, 宿主机本身可能会有自己的 nginx 服务, harbor 默认的 http 使用了 80 端口, 可能与宿主机的 nginx.80 端口冲突, 所以一般会选择:

  1. 禁用 harbor 的 https 服务, 把 https 相关的配置注释即可
  2. 把 harbor-http 服务的端口 80 改为其他端口, 比如 8201
  3. 在宿主机的 nginx 上添加虚拟主机配置文件
  4. 千万记得在对应的nginx的虚拟主机配置client_max_body_size 500M;, 否则往仓库推送镜像的时候, 会提示413: request body too large, 如果你的镜像超过了 500M, 这个值可以自行设置

nginx 案例:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
server {
        listen 443 ssl;
        server_name harbor.codequan.com;

         # ssl证书地址
        ssl_certificate     /root/certs/codequan/fullchain.pem;
        ssl_certificate_key  /root/certs/codequan/key.pem;

         # ssl验证相关配置
        ssl_session_timeout  5m;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;

        client_max_body_size 500M;
        location / {
                proxy_pass http://127.0.0.1:8201;
                index index.html;
        }
}

安装过程(实例)

配置文件修改后, harbor 的安装需要先执行./prepare, 再执行./install.sh文件,

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
[root@txserver harbor]# ./prepare
prepare base dir is set to /root/installer/harbor
WARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. Please make sure to upgrade to https
Clearing the configuration file: /config/log/logrotate.conf
Clearing the configuration file: /config/log/rsyslog_docker.conf
Clearing the configuration file: /config/db/env
Clearing the configuration file: /config/registry/passwd
Clearing the configuration file: /config/registry/root.crt
Clearing the configuration file: /config/registry/config.yml
Clearing the configuration file: /config/jobservice/config.yml
Clearing the configuration file: /config/jobservice/env
Clearing the configuration file: /config/core/app.conf
Clearing the configuration file: /config/core/env
Clearing the configuration file: /config/portal/nginx.conf
Clearing the configuration file: /config/registryctl/config.yml
Clearing the configuration file: /config/registryctl/env
Clearing the configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/portal/nginx.conf
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/registryctl/config.yml
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
loaded secret from file: /data/secret/keys/secretkey
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir

[root@txserver harbor]# ./install.sh
[Step 0]: checking if docker is installed ...
Note: docker version: 20.10.17
[Step 1]: checking docker-compose is installed ...
Note: Docker Compose version v2.6.0
[Step 2]: loading Harbor images ...
Loaded image: goharbor/nginx-photon:v2.6.0
Loaded image: goharbor/notary-signer-photon:v2.6.0
Loaded image: goharbor/chartmuseum-photon:v2.6.0
Loaded image: goharbor/harbor-log:v2.6.0
Loaded image: goharbor/harbor-db:v2.6.0
Loaded image: goharbor/harbor-jobservice:v2.6.0
Loaded image: goharbor/redis-photon:v2.6.0
Loaded image: goharbor/harbor-core:v2.6.0
Loaded image: goharbor/harbor-registryctl:v2.6.0
Loaded image: goharbor/notary-server-photon:v2.6.0
Loaded image: goharbor/trivy-adapter-photon:v2.6.0
Loaded image: goharbor/prepare:v2.6.0
Loaded image: goharbor/harbor-portal:v2.6.0
Loaded image: goharbor/harbor-exporter:v2.6.0
Loaded image: goharbor/registry-photon:v2.6.0
# ...省略一部分输出
[Step 5]: starting Harbor ...
[+] Running 10/10
 ⠿ Network harbor_harbor        Created                0.0s
 ⠿ Container harbor-log         Started                0.6s
 ⠿ Container harbor-portal      Started                1.0s
 ⠿ Container registryctl        Started                1.4s
 ⠿ Container redis              Started                1.4s
 ⠿ Container harbor-db          Started                1.2s
 ⠿ Container registry           Started                1.3s
 ⠿ Container harbor-core        Started                1.6s
 ⠿ Container harbor-jobservice  Started                2.2s
 ⠿ Container nginx              Started                2.2s
✔ ----Harbor has been installed and started successfully.----

设置开机启动

harbor 服务安装成功后, 最好给他添加一个开启动项:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
# /usr/lib/systemd/system/harbor.service
[Unit]
Description=Harbor
After=docker.service systemd-networkd.service systemd-resolved.service
Requires=docker.service
Documentation=http://github.com/vmware/harbor
[Service]
Type=simple
Restart=on-failure
RestartSec=5
ExecStart=/usr/bin/docker-compose -f /root/installer/harbor/docker-compose.yml up
ExecStop=/usr/bin/docker-compose -f /root/installer/harbor/docker-compose.yml down
[Install]
WantedBy=multi-user.target

注意上面文件中的docker-compose.yaml是从 harbor 离线安装包中解压出来的, 文件位置一定不能错了, 然后

1
2
3
chmod +x /usr/lib/systemd/system/harbor.service
systemctl enable harbor
systemctl restart harbor

Harbor安装完成后, 默认的账号是root, 密码是Harbor12345, 默认密码可以在预配置文件harbor.yml中可以找到

以IP的方式访问仓库

如果在预配置文件中把hostname设置为机器的IP, 用户通过docker往仓库推送镜像, 会牵扯到证书问题, 导致推送失败

Docker-Desktop

打开设置-Docker Engine, 添加如下配置项:

1
2
3
4
5
{
  "insecure-registries": [
    "192.168.20.3"
  ]
}

Docker-Cli

通常在/etc/docker/daemon.josn文件中添加如下配置:

1
2
3
4
5
{
  "insecure-registries": [
    "192.168.20.3"
  ]
}