Podman启动Harbor
Harbor默认安装是使用docker生成的docker-compose.yml配置文件使用podman-compose命令启动报错
需要修改配置文件使用podman-compose启动
- 环境查看
系统环境
# cat /etc/redhat-release
Rocky Linux release 9.3 (Blue Onyx)
# uname -a
Linux Rocky9Harbor003007 5.14.0-362.18.1.el9_3.0.1.x86_64 #1 SMP PREEMPT_DYNAMIC Sun Feb 11 13:49:23 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux
软件环境
# podman version
Client: Podman Engine
Version: 4.6.1
API Version: 4.6.1
Go Version: go1.20.10
Built: Wed Dec 13 05:53:20 2023
OS/Arch: linux/amd64
- 先使用docker安装
# 下载好harbor安装包
# 解压缩
# tar -xf harbor.v2.14.1.tar.gz
# cd /opt/harbor
修改配置文件
一份完整的配置文件如下
# sed '/#/d' harbor.yml|sed '/^$/d'
hostname: 192.168.3.6
http:
port: 80
harbor_admin_password: Habor123456
database:
password: root123
max_idle_conns: 100
max_open_conns: 900
conn_max_lifetime: 5m
conn_max_idle_time: 0
data_volume: /opt/data
trivy:
ignore_unfixed: false
skip_update: false
skip_java_db_update: false
offline_scan: false
security_check: vuln
insecure: false
timeout: 5m0s
jobservice:
max_job_workers: 10
max_job_duration_hours: 24
job_loggers:
- STD_OUTPUT
- FILE
notification:
webhook_job_max_retry: 3
log:
level: info
local:
rotate_count: 50
rotate_size: 200M
location: /var/log/harbor
_version: 2.14.0
proxy:
http_proxy:
https_proxy:
no_proxy:
components:
- core
- jobservice
- trivy
upload_purging:
enabled: true
age: 168h
interval: 24h
dryrun: false
cache:
enabled: false
expire_hours: 24
# 安装
# ./install.sh
# 会自动下载docker镜像使用docker启动
原始的docker-compose.yml文件
# cat docker-compose.yml.bak20251230
services:
log:
image: goharbor/harbor-log:v2.14.1
container_name: harbor-log
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- DAC_OVERRIDE
- SETGID
- SETUID
volumes:
- /var/log/harbor/:/var/log/docker/:z
- type: bind
source: ./common/config/log/logrotate.conf
target: /etc/logrotate.d/logrotate.conf
- type: bind
source: ./common/config/log/rsyslog_docker.conf
target: /etc/rsyslog.d/rsyslog_docker.conf
ports:
- 127.0.0.1:1514:10514
networks:
- harbor
registry:
image: goharbor/registry-photon:v2.14.1
container_name: registry
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
volumes:
- /opt/data/registry:/storage:z
- ./common/config/registry/:/etc/registry/:z
- type: bind
source: /opt/data/secret/registry/root.crt
target: /etc/registry/root.crt
- type: bind
source: ./common/config/shared/trust-certificates
target: /harbor_cust_cert
networks:
- harbor
depends_on:
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://localhost:1514"
tag: "registry"
registryctl:
image: goharbor/harbor-registryctl:v2.14.1
container_name: registryctl
env_file:
- ./common/config/registryctl/env
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
volumes:
- /opt/data/registry:/storage:z
- ./common/config/registry/:/etc/registry/:z
- type: bind
source: ./common/config/registryctl/config.yml
target: /etc/registryctl/config.yml
- type: bind
source: ./common/config/shared/trust-certificates
target: /harbor_cust_cert
networks:
- harbor
depends_on:
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://localhost:1514"
tag: "registryctl"
postgresql:
image: goharbor/harbor-db:v2.14.1
container_name: harbor-db
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- DAC_OVERRIDE
- SETGID
- SETUID
volumes:
- /opt/data/database:/var/lib/postgresql/data:z
networks:
harbor:
env_file:
- ./common/config/db/env
depends_on:
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://localhost:1514"
tag: "postgresql"
shm_size: '1gb'
core:
image: goharbor/harbor-core:v2.14.1
container_name: harbor-core
env_file:
- ./common/config/core/env
restart: always
cap_drop:
- ALL
cap_add:
- SETGID
- SETUID
volumes:
- /opt/data/ca_download/:/etc/core/ca/:z
- /opt/data/:/data/:z
- ./common/config/core/certificates/:/etc/core/certificates/:z
- type: bind
source: ./common/config/core/app.conf
target: /etc/core/app.conf
- type: bind
source: /opt/data/secret/core/private_key.pem
target: /etc/core/private_key.pem
- type: bind
source: /opt/data/secret/keys/secretkey
target: /etc/core/key
- type: bind
source: ./common/config/shared/trust-certificates
target: /harbor_cust_cert
networks:
harbor:
depends_on:
- log
- registry
- redis
- postgresql
logging:
driver: "syslog"
options:
syslog-address: "tcp://localhost:1514"
tag: "core"
portal:
image: goharbor/harbor-portal:v2.14.1
container_name: harbor-portal
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
- NET_BIND_SERVICE
volumes:
- type: bind
source: ./common/config/portal/nginx.conf
target: /etc/nginx/nginx.conf
networks:
- harbor
depends_on:
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://localhost:1514"
tag: "portal"
jobservice:
image: goharbor/harbor-jobservice:v2.14.1
container_name: harbor-jobservice
env_file:
- ./common/config/jobservice/env
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
volumes:
- /opt/data/job_logs:/var/log/jobs:z
- type: bind
source: ./common/config/jobservice/config.yml
target: /etc/jobservice/config.yml
- type: bind
source: ./common/config/shared/trust-certificates
target: /harbor_cust_cert
networks:
- harbor
depends_on:
- core
logging:
driver: "syslog"
options:
syslog-address: "tcp://localhost:1514"
tag: "jobservice"
redis:
image: goharbor/redis-photon:v2.14.1
container_name: redis
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
volumes:
- /opt/data/redis:/var/lib/redis
networks:
harbor:
depends_on:
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://localhost:1514"
tag: "redis"
proxy:
image: goharbor/nginx-photon:v2.14.1
container_name: nginx
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
- NET_BIND_SERVICE
volumes:
- ./common/config/nginx:/etc/nginx:z
- type: bind
source: ./common/config/shared/trust-certificates
target: /harbor_cust_cert
networks:
- harbor
ports:
- 80:8080
depends_on:
- registry
- core
- portal
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://localhost:1514"
tag: "proxy"
networks:
harbor:
external: false
[root@Rocky9Harbor003007 harbor]# cat docker-compose.yml.bak20251230
services:
log:
image: goharbor/harbor-log:v2.14.1
container_name: harbor-log
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- DAC_OVERRIDE
- SETGID
- SETUID
volumes:
- /var/log/harbor/:/var/log/docker/:z
- type: bind
source: ./common/config/log/logrotate.conf
target: /etc/logrotate.d/logrotate.conf
- type: bind
source: ./common/config/log/rsyslog_docker.conf
target: /etc/rsyslog.d/rsyslog_docker.conf
ports:
- 127.0.0.1:1514:10514
networks:
- harbor
registry:
image: goharbor/registry-photon:v2.14.1
container_name: registry
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
volumes:
- /opt/data/registry:/storage:z
- ./common/config/registry/:/etc/registry/:z
- type: bind
source: /opt/data/secret/registry/root.crt
target: /etc/registry/root.crt
- type: bind
source: ./common/config/shared/trust-certificates
target: /harbor_cust_cert
networks:
- harbor
depends_on:
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://localhost:1514"
tag: "registry"
registryctl:
image: goharbor/harbor-registryctl:v2.14.1
container_name: registryctl
env_file:
- ./common/config/registryctl/env
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
volumes:
- /opt/data/registry:/storage:z
- ./common/config/registry/:/etc/registry/:z
- type: bind
source: ./common/config/registryctl/config.yml
target: /etc/registryctl/config.yml
- type: bind
source: ./common/config/shared/trust-certificates
target: /harbor_cust_cert
networks:
- harbor
depends_on:
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://localhost:1514"
tag: "registryctl"
postgresql:
image: goharbor/harbor-db:v2.14.1
container_name: harbor-db
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- DAC_OVERRIDE
- SETGID
- SETUID
volumes:
- /opt/data/database:/var/lib/postgresql/data:z
networks:
harbor:
env_file:
- ./common/config/db/env
depends_on:
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://localhost:1514"
tag: "postgresql"
shm_size: '1gb'
core:
image: goharbor/harbor-core:v2.14.1
container_name: harbor-core
env_file:
- ./common/config/core/env
restart: always
cap_drop:
- ALL
cap_add:
- SETGID
- SETUID
volumes:
- /opt/data/ca_download/:/etc/core/ca/:z
- /opt/data/:/data/:z
- ./common/config/core/certificates/:/etc/core/certificates/:z
- type: bind
source: ./common/config/core/app.conf
target: /etc/core/app.conf
- type: bind
source: /opt/data/secret/core/private_key.pem
target: /etc/core/private_key.pem
- type: bind
source: /opt/data/secret/keys/secretkey
target: /etc/core/key
- type: bind
source: ./common/config/shared/trust-certificates
target: /harbor_cust_cert
networks:
harbor:
depends_on:
- log
- registry
- redis
- postgresql
logging:
driver: "syslog"
options:
syslog-address: "tcp://localhost:1514"
tag: "core"
portal:
image: goharbor/harbor-portal:v2.14.1
container_name: harbor-portal
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
- NET_BIND_SERVICE
volumes:
- type: bind
source: ./common/config/portal/nginx.conf
target: /etc/nginx/nginx.conf
networks:
- harbor
depends_on:
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://localhost:1514"
tag: "portal"
jobservice:
image: goharbor/harbor-jobservice:v2.14.1
container_name: harbor-jobservice
env_file:
- ./common/config/jobservice/env
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
volumes:
- /opt/data/job_logs:/var/log/jobs:z
- type: bind
source: ./common/config/jobservice/config.yml
target: /etc/jobservice/config.yml
- type: bind
source: ./common/config/shared/trust-certificates
target: /harbor_cust_cert
networks:
- harbor
depends_on:
- core
logging:
driver: "syslog"
options:
syslog-address: "tcp://localhost:1514"
tag: "jobservice"
redis:
image: goharbor/redis-photon:v2.14.1
container_name: redis
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
volumes:
- /opt/data/redis:/var/lib/redis
networks:
harbor:
depends_on:
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://localhost:1514"
tag: "redis"
proxy:
image: goharbor/nginx-photon:v2.14.1
container_name: nginx
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
- NET_BIND_SERVICE
volumes:
- ./common/config/nginx:/etc/nginx:z
- type: bind
source: ./common/config/shared/trust-certificates
target: /harbor_cust_cert
networks:
- harbor
ports:
- 80:8080
depends_on:
- registry
- core
- portal
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://localhost:1514"
tag: "proxy"
networks:
harbor:
external: false
修改后适用于podman的配置文件
# cat docker-compose.yml
services:
log:
image: goharbor/harbor-log:v2.14.1
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- DAC_OVERRIDE
- SETGID
- SETUID
volumes:
- /var/log/harbor/:/var/log/docker/:z
- ./common/config/log/logrotate.conf:/etc/logrotate.d/logrotate.conf
- ./common/config/log/rsyslog_docker.conf:/etc/rsyslog.d/rsyslog_docker.conf
ports:
- 127.0.0.1:1514:10514
networks:
- harbor
registry:
image: goharbor/registry-photon:v2.14.1
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
volumes:
- /opt/data/registry:/storage:z
- ./common/config/registry/:/etc/registry/:z
- /opt/data/secret/registry/root.crt:/etc/registry/root.crt
- ./common/config/shared/trust-certificates:/harbor_cust_cert
networks:
- harbor
depends_on:
- log
registryctl:
image: goharbor/harbor-registryctl:v2.14.1
env_file:
- ./common/config/registryctl/env
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
volumes:
- /opt/data/registry:/storage:z
- ./common/config/registry/:/etc/registry/:z
- ./common/config/registryctl/config.yml:/etc/registryctl/config.yml
- ./common/config/shared/trust-certificates:/harbor_cust_cert
networks:
- harbor
depends_on:
- log
postgresql:
image: goharbor/harbor-db:v2.14.1
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- DAC_OVERRIDE
- SETGID
- SETUID
volumes:
- /opt/data/database:/var/lib/postgresql/data:z
networks:
- harbor
env_file:
- ./common/config/db/env
depends_on:
- log
tmpfs:
- /dev/shm:size=1g
core:
image: goharbor/harbor-core:v2.14.1
env_file:
- ./common/config/core/env
restart: always
cap_drop:
- ALL
cap_add:
- SETGID
- SETUID
volumes:
- /opt/data/ca_download/:/etc/core/ca/:z
- /opt/data/:/data/:z
- ./common/config/core/certificates/:/etc/core/certificates/:z
- ./common/config/core/app.conf:/etc/core/app.conf
- /opt/data/secret/core/private_key.pem:/etc/core/private_key.pem
- /opt/data/secret/keys/secretkey:/etc/core/key
- ./common/config/shared/trust-certificates:/harbor_cust_cert
networks:
- harbor
depends_on:
- log
- registry
- redis
- postgresql
portal:
image: goharbor/harbor-portal:v2.14.1
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
- NET_BIND_SERVICE
volumes:
- ./common/config/portal/nginx.conf:/etc/nginx/nginx.conf
networks:
- harbor
depends_on:
- log
jobservice:
image: goharbor/harbor-jobservice:v2.14.1
env_file:
- ./common/config/jobservice/env
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
volumes:
- /opt/data/job_logs:/var/log/jobs:z
- ./common/config/jobservice/config.yml:/etc/jobservice/config.yml
- ./common/config/shared/trust-certificates:/harbor_cust_cert
networks:
- harbor
depends_on:
- core
redis:
image: goharbor/redis-photon:v2.14.1
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
volumes:
- /opt/data/redis:/var/lib/redis
networks:
- harbor
depends_on:
- log
proxy:
image: goharbor/nginx-photon:v2.14.1
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
- NET_BIND_SERVICE
volumes:
- ./common/config/nginx:/etc/nginx:z
- ./common/config/shared/trust-certificates:/harbor_cust_cert
networks:
- harbor
ports:
- 80:8080
depends_on:
- registry
- core
- portal
- log
networks:
harbor:
external: false
对比两个文本发现
主要做了以下调整
-
去掉 container_name
Podman 不支持在 Compose 文件中固定 container_name,否则会报错。
它会自动用 项目名_服务名_编号 的方式命名容器。 -
卷的 SELinux 参数 😒、:Z 保留
Podman 原生支持 SELinux,所以这个可以保留。 -
shm_size 改成 tmpfs 或 deploy.resources
Podman Compose 可能不直接解析 shm_size,需要在 tmpfs 里设置,或者使用 --shm-size 参数。 -
logging.driver
Podman 不完全支持 logging.driver 设置(尤其是 syslog driver),你需要改成用 Podman 自己的日志管理,或者在启动时用 --log-driver 手动指定。
如果保留,会被忽略或报错。
- 把docker镜像导入为podman镜像
使用以下脚本把已经下载的docker镜像导为podman镜像
# cat docker_image_to_podman_image.sh
#!/bin/bash
# 把docker镜像导出为podman镜像
set -e
# 导出镜像保存目录
EXPORT_DIR="./docker_images_export"
mkdir -p "$EXPORT_DIR"
rm -rf "$EXPORT_DIR/*"
echo "📦 开始导出 Docker 镜像到 $EXPORT_DIR 并导入到 Podman..."
# 获取所有 Docker 镜像(排除 REPOSITORY 为 none 的)
images=$(docker images --format '{{.Repository}}:{{.Tag}}' | grep -v '<none>:<none>')
if [ -z "$images" ]; then
echo "⚠️ 没有找到可导出的 Docker 镜像"
exit 0
fi
# 循环保存镜像
for img in $images; do
# 替换镜像名中的 / 和 : 以便作为文件名
file_name=$(echo "$img" | tr '/:' '_')
tar_path="$EXPORT_DIR/${file_name}.tar"
echo "➡️ 导出 Docker 镜像: $img => $tar_path"
docker save "$img" -o "$tar_path"
echo "📥 导入到 Podman: $img"
podman load -i "$tar_path"
done
echo "✅ 所有镜像已从 Docker 导入到 Podman"
查看镜像
# podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/library/nginx latest 058f4935d1cb 27 hours ago 156 MB
harbor.xiaoxingcloud.com/foundation/nginx latest 058f4935d1cb 27 hours ago 156 MB
docker.io/goharbor/harbor-exporter v2.14.1 b17feded299c 5 weeks ago 133 MB
docker.io/goharbor/redis-photon v2.14.1 7c5bd068b0bb 5 weeks ago 175 MB
docker.io/goharbor/trivy-adapter-photon v2.14.1 50f45016f507 5 weeks ago 394 MB
docker.io/goharbor/harbor-registryctl v2.14.1 843c26ac80f4 5 weeks ago 167 MB
docker.io/goharbor/registry-photon v2.14.1 a73ac978bd0c 5 weeks ago 88.4 MB
docker.io/goharbor/nginx-photon v2.14.1 021984c1f38b 5 weeks ago 160 MB
docker.io/goharbor/harbor-log v2.14.1 d54bee81690c 5 weeks ago 173 MB
docker.io/goharbor/harbor-jobservice v2.14.1 259194ced7a0 5 weeks ago 180 MB
docker.io/goharbor/harbor-core v2.14.1 741c39eff996 5 weeks ago 205 MB
docker.io/goharbor/harbor-portal v2.14.1 7903b5b8a6cf 5 weeks ago 169 MB
docker.io/goharbor/harbor-db v2.14.1 db932026f91d 5 weeks ago 279 MB
docker.io/goharbor/prepare v2.14.1 a348ca801d59 5 weeks ago 202 MB
- 修改docker-compose.yml配置文件
使用上面步骤的配置文件 - 使用podman启动
# cd /opt/harbor
# 启动
# podman-compose up -d
浙公网安备 33010602011771号