Docker之分布式仓库Harbor部署

一  Harbor介绍

1.1 Harbor介绍

Harbor是一个用于存储和分发docker镜像的企业级Registry服务器,由VMware开源,其通过添加一些企业必需的功能特性,例如安全、标识和管理等,扩展了开源Docker Distrubution,作为一个企业级私有Registry服务器,Harbor提供了更好的性能和安全。提升了用户使用Registry构建和运行环境传输镜像的效率。Harbor支持安装在多个Registry节点的镜像资源复制,镜像全部保存在私有Registry中,确保数据和知识产权在公司内部网络中管理,另外,Harbor也提供了高级的安全特性,诸如用户管理,访问控制和活动审计等。

vmware 官方开源服务:https://vmware.github.io

harbor 官方github地址:https://github.com/goharbor/harbor

harbor 官方网址: https://goharbor.io

harbor 官方文档: https://goharbor.io

github文档:https://goharbor.io/docs/2.4.0/

1.2 Harbor功能官方介绍

  • 基于角色的访问控制:用户与docker镜像仓库通过项目进行组织管理,一个用户可以对多个镜像仓库在同一命名空间里有不同的权限。
  • 镜像复制:镜像可在多个Registry实例中复制。尤其适合负载均衡,高可用,混合云和多云场景。
  • 图形化用户界面:用户可以通过浏览器来浏览,检索当前Docker镜像仓库,管理项目和命名空间。
  • AD/LDAP支持:Harbor可以集成企业内部已有的AD/LDAP,用于鉴权认证管理。
  • 审计管理:所有针对镜像仓库的操作都可以被记录追溯,用于审计管理。
  • 国际化:已拥有英文。中文、德文、日文和俄文的本地化版本。更多的语言将会添加进来。
  • RESTful API:提供给管理员对于Harbor更多的操控,使得与其它管理软件集成变得更容易。
  • 部署简单:提供在线和离线两种安装工具,也可以安装到vSphere平台虚拟设备。

1.3 Harbor组成

  • proxy:对应启动组件nginx。它是一个nginx反向代理,代理Notary client(镜像认证)、docker client(镜像上传下载)和浏览器的访问请求(Core Service)给后端的各服务器。
  • UI(Core Service):对应启动组件harbor-ui。底层数据存储使用mysql数据库,主要提供了四个子功能。
    • UI:一个web管理页面ui
    • API:Harbor暴露的API服务。
    • Auth:用户认证服务,decode后的token中的用户信息在这里进行认证;auth后端可以接db、ldap、uaa三种认证实现。
    • Token服务:负责根据用户在每个project中的role来为每个docker push/pull 命令发布一个token,如果docker client发送给registry的请求没有带token,registry会重定向请求到token服务创建token。
  • Registry:对应启动组件registry。负责存储镜像文件和处理镜像的pull/push命令。Harbor对镜像进行强制的访问控制,Registry会将每个客户端的每个pull/push请求转发到token服务来获取有效的token。
  • Admin Service:对应启动组件harbor-admin server。是系统的配置管理中心附带检查存储用量,ui和jobserver启动时需要加载adminserver配置。
  • job server:对应启动组件harbor-jobservice。负责镜像复制工作,塔河Registry通信。从一个Registry pull镜像然后push到另一个Registry,并记录job_log.
  • Log Collector:对应启动组件harbor-log。日志汇总组件,通过docker的log-driver把日志汇总到一起。
  • DB:对应启动组件harbor-db,负责存储project、user、role、replication、image_scan、access等的metadata数据。

二 环境准备

2.1 部署规划

类型 IP 主机名称 备注
harbor-01 192.168.75.157 node01  

2.2 时间同步

root@node01:~# apt -y install chrony
root@node01:~# systemctl enable chrony
root@node01:~# systemctl restart chrony

2.3 安装docker

点击查看代码
root@node01:~# apt-get -y install apt-transport-https ca-certificates curl software-properties-common
root@node01:~# curl -fsSL http://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | sudo apt-key add -
root@node01:~# add-apt-repository "deb [arch=amd64] http://mirrors.aliyun.com/docker-ce/linux/ubuntu $(lsb_release -cs) stable"
root@node01:~# apt update
root@node01:~# apt-get -y install docker-ce
root@node01:/opt# docker version
Client: Docker Engine - Community
 Version:           20.10.10
 API version:       1.41
 Go version:        go1.16.9
 Git commit:        b485636
 Built:             Mon Oct 25 07:42:59 2021
 OS/Arch:           linux/amd64
 Context:           default
 Experimental:      true

Server: Docker Engine - Community
Engine:
Version: 20.10.10
API version: 1.41 (minimum version 1.12)
Go version: go1.16.9
Git commit: e2f740d
Built: Mon Oct 25 07:41:08 2021
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.4.11
GitCommit: 5b46e404f6b9f661a205e28d59c982d3634148f8
runc:
Version: 1.0.2
GitCommit: v1.0.2-0-g52b36a2
docker-init:
Version: 0.19.0
GitCommit: de40ad0

2.4 安装docker-compose

root@node02:/opt# wget https://github.com/docker/compose/releases/download/v2.1.0/docker-compose-linux-x86_64
root@node02:/opt# mv docker-compose-linux-x86_64 /usr/local/sbin/docker-compose
root@node02:/opt# chmod +x /usr/local/sbin/docker-compose
root@node02:/opt# docker-compose -v
Docker Compose version v2.1.0

三 harbor安装

下载地址:https://github.com/goharbor/harbor/releases

安装文档:https://github.com/goharbor/harbor/blob/master/docs/install-config/_index.md

3.1 下载harbor安装包

3.1.1 下载离线安装包

推荐使用离线安装包

root@node01:~# cd /opt/
root@node01:/opt# wget https://github.com/goharbor/harbor/releases/download/v1.10.9/harbor-offline-installer-v1.10.9.tgz

3.1.2 下载在线安装包

 不推荐在线安装

root@node01:~# cd /opt/
root@node01:/opt# wet https://github.com/goharbor/harbor/releases/download/v1.10.9/harbor-online-installer-v1.10.9.tgz

3.2 配置harbor

3.2.1 解压harbor

root@node01:/opt# tar xf harbor-offline-installer-v1.10.9.tgz -C /usr/local/
root@node01:~# ls -l /usr/local/harbor/
total 585880
-rw-r--r-- 1 root root     11347 Oct 28 13:24 LICENSE
-rw-r--r-- 1 root root      3398 Oct 28 13:24 common.sh
-rw-r--r-- 1 root root 599900167 Oct 28 13:25 harbor.v1.10.9.tar.gz
-rw-r--r-- 1 root root      5882 Oct 28 13:24 harbor.yml
-rwxr-xr-x 1 root root      2284 Oct 28 13:24 install.sh
-rwxr-xr-x 1 root root      1749 Oct 28 13:24 prepare

3.2.2 编辑配置文件

官方配置文档:https://goharbor.io/docs/1.10/install-config/

root@node01:~# vim /usr/local/harbor/harbor.yml 
hostname: 192.168.75.157    #修改此行,指向当前主机IP或FQDN  
http:
  # port for http, default is 80. If https enabled, this port will redirect to https port
  port: 80

#https:
  # https port for harbor, default is 443
  #port: 443
  # The path of cert and key files for nginx
  #certificate: /your/certificate/path
  #private_key: /your/private/key/path
harbor_admin_password: Harbor12345
database:
  # The password for the root user of Harbor DB. Change this before any production use.
  password: root123
  # The maximum number of connections in the idle connection pool. If it <=0, no idle connections are retained.
  max_idle_conns: 50
  # The maximum number of open connections to the database. If it <= 0, then there is no limit on the number of open connections.
  # Note: the default number of connections is 100 for postgres.
  max_open_conns: 100
data_volume: /data/harbor

3.2.3 运行安装脚本

运行install.sh, 注意运行时加上--with-clair 选项,启动clair镜像扫描功能。
ChartMuseum是一个用Go(Golang)编写的开源Helm Chart Repository服务器。

点击查看代码
root@node01:~# mkdir -pv /data/harbor
root@node01:~# mkdir -pv /var/log/harbor
root@node01:~# /usr/local/harbor/install.sh  --with-clair --with-chartmuseum

[Step 0]: checking if docker is installed ...

Note: docker version: 20.10.10

[Step 1]: checking docker-compose is installed ...

Note: docker-compose version: 2.1.0

[Step 2]: loading Harbor images ...
Loaded image: goharbor/harbor-core:v1.10.9
Loaded image: goharbor/harbor-jobservice:v1.10.9
Loaded image: goharbor/notary-signer-photon:v1.10.9
Loaded image: goharbor/nginx-photon:v1.10.9
Loaded image: goharbor/chartmuseum-photon:v1.10.9
Loaded image: goharbor/registry-photon:v1.10.9
Loaded image: goharbor/clair-photon:v1.10.9
Loaded image: goharbor/clair-adapter-photon:v1.10.9
Loaded image: goharbor/prepare:v1.10.9
Loaded image: goharbor/harbor-portal:v1.10.9
Loaded image: goharbor/harbor-db:v1.10.9
Loaded image: goharbor/notary-server-photon:v1.10.9
Loaded image: goharbor/harbor-log:v1.10.9
Loaded image: goharbor/harbor-registryctl:v1.10.9
Loaded image: goharbor/redis-photon:v1.10.9

[Step 3]: preparing environment ...

[Step 4]: preparing harbor configs ...
prepare base dir is set to /usr/local/harbor
/usr/src/app/utils/configs.py💯 YAMLLoadWarning: calling yaml.load() without Loader=... is deprecated, as the default Loader is unsafe. Please read https://msg.pyyaml.org/load for full details.
configs = yaml.load(f)
WARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. Please make sure to upgrade to https
/usr/src/app/utils/configs.py:90: YAMLLoadWarning: calling yaml.load() without Loader=... is deprecated, as the default Loader is unsafe. Please read https://msg.pyyaml.org/load for full details.
versions = yaml.load(f)
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
loaded secret from file: /secret/keys/secretkey
Generated configuration file: /config/clair/postgres_env
Generated configuration file: /config/clair/config.yaml
Generated configuration file: /config/clair/clair_env
Generated configuration file: /config/clair-adapter/env
Generated configuration file: /config/chartserver/env
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir

[Step 5]: starting Harbor ...
[+] Running 15/15
⠿ Network harbor_harbor Created 0.7s
⠿ Network harbor_harbor-chartmuseum Created 0.2s
⠿ Network harbor_harbor-clair Created 0.2s
⠿ Container harbor-log Started 6.7s
⠿ Container harbor-db Started 17.1s
⠿ Container redis Started 17.3s
⠿ Container harbor-portal Started 12.7s
⠿ Container registryctl Started 17.0s
⠿ Container chartmuseum Started 17.0s
⠿ Container registry Started 17.1s
⠿ Container clair Started 21.3s
⠿ Container harbor-core Started 21.4s
⠿ Container clair-adapter Started 25.9s
⠿ Container harbor-jobservice Started 27.5s
⠿ Container nginx Started 27.4s
✔ ----Harbor has been installed and started successfully.----

3.2.4 验证安装镜像

点击查看代码
root@node01:~# docker ps
CONTAINER ID   IMAGE                                   COMMAND                  CREATED          STATUS                    PORTS                                   NAMES
9aaeebfffd29   goharbor/harbor-jobservice:v1.10.9      "/harbor/harbor_jobs…"   11 minutes ago   Up 11 minutes (healthy)                                           harbor-jobservice
d535d03c98c7   goharbor/nginx-photon:v1.10.9           "nginx -g 'daemon of…"   11 minutes ago   Up 11 minutes (healthy)   0.0.0.0:80->8080/tcp, :::80->8080/tcp   nginx
0c783b6ffbe7   goharbor/clair-adapter-photon:v1.10.9   "/clair-adapter/clai…"   11 minutes ago   Up 11 minutes (healthy)   8080/tcp                                clair-adapter
106983da168c   goharbor/harbor-core:v1.10.9            "/harbor/harbor_core"    11 minutes ago   Up 11 minutes (healthy)                                           harbor-core
51b0af17bd82   goharbor/clair-photon:v1.10.9           "./docker-entrypoint…"   11 minutes ago   Up 11 minutes (healthy)   6060-6061/tcp                           clair
ad892f1ec253   goharbor/chartmuseum-photon:v1.10.9     "./docker-entrypoint…"   11 minutes ago   Up 11 minutes (healthy)   9999/tcp                                chartmuseum
8b2790876a6c   goharbor/harbor-portal:v1.10.9          "nginx -g 'daemon of…"   11 minutes ago   Up 11 minutes (healthy)   8080/tcp                                harbor-portal
55ed41a08594   goharbor/harbor-registryctl:v1.10.9     "/home/harbor/start.…"   11 minutes ago   Up 11 minutes (healthy)                                           registryctl
41a01a51d5c5   goharbor/redis-photon:v1.10.9           "redis-server /etc/r…"   11 minutes ago   Up 11 minutes (healthy)   6379/tcp                                redis
dd15258fae36   goharbor/harbor-db:v1.10.9              "/docker-entrypoint.…"   11 minutes ago   Up 11 minutes (healthy)   5432/tcp                                harbor-db
1fb1d2af58a7   goharbor/registry-photon:v1.10.9        "/home/harbor/entryp…"   11 minutes ago   Up 11 minutes (healthy)   5000/tcp                                registry
13a5b9359121   goharbor/harbor-log:v1.10.9             "/bin/sh -c /usr/loc…"   11 minutes ago   Up 11 minutes (healthy)   127.0.0.1:1514->10514/tcp               harbor-log

3.2.5 查看本地端口

点击查看代码
root@node01:~# ss -tnlp
State             Recv-Q            Send-Q                       Local Address:Port                         Peer Address:Port            Process                                               
LISTEN            0                 4096                             127.0.0.1:1514                              0.0.0.0:*                users:(("docker-proxy",pid=33987,fd=4))              
LISTEN            0                 4096                               0.0.0.0:80                                0.0.0.0:*                users:(("docker-proxy",pid=34824,fd=4))              
LISTEN            0                 4096                         127.0.0.53%lo:53                                0.0.0.0:*                users:(("systemd-resolve",pid=791,fd=13))            
LISTEN            0                 128                                0.0.0.0:22                                0.0.0.0:*                users:(("sshd",pid=881,fd=3))                        
LISTEN            0                 128                              127.0.0.1:6010                              0.0.0.0:*                users:(("sshd",pid=1036,fd=10))                      
LISTEN            0                 128                              127.0.0.1:6011                              0.0.0.0:*                users:(("sshd",pid=11675,fd=10))                     
LISTEN            0                 4096                                  [::]:80                                   [::]:*                users:(("docker-proxy",pid=34830,fd=4))              
LISTEN            0                 128                                   [::]:22                                   [::]:*                users:(("sshd",pid=881,fd=4))                        
LISTEN            0                 128                                  [::1]:6010                                 [::]:*                users:(("sshd",pid=1036,fd=9))                       
LISTEN            0                 128                                  [::1]:6011                                 [::]:*                users:(("sshd",pid=11675,fd=9))                      

3.2.6 web访问harbor管理界面

默认管理员admin ;密码 Harbor12345

 3.2.7 登录成功界面

四 配置Harbor开机启动

4.1 配置harbor.service文件

点击查看代码
root@node01:~# cat /lib/systemd/system/harbor.service
[Unit]
Description=Harbor
after=docker.service systemd-networkd.service systemd-resolved.service
Requires=docker.service
Documentation=https://goharbor.io/

[Service]
Type=simple
Restart=on-failure
ExecStart=/usr/local/sbin/docker-compose -f /usr/local/harbor/docker-compose.yml up
ExecStop=/usr/local/sbin/docker-compose -f /usr/local/harbor/docker-compose.yml down

[Install]
WantedBy=multi-user.target

4.2 Harbor开机启动

root@node01:~# systemctl enable harbor
Created symlink /etc/systemd/system/multi-user.target.wants/harbor.service → /lib/systemd/system/harbor.service.
root@node01:~# systemctl restart harbor
root@node01:~# systemctl status harbor
● harbor.service - Harbor
     Loaded: loaded (/lib/systemd/system/harbor.service; enabled; vendor preset: enabled)
     Active: active (running) since Thu 2021-11-04 17:01:19 CST; 4s ago
       Docs: https://goharbor.io/
   Main PID: 31151 (docker-compose)
      Tasks: 6 (limit: 2245)
     Memory: 8.1M
     CGroup: /system.slice/harbor.service
             └─31151 /usr/local/sbin/docker-compose -f /usr/local/harbor/docker-compose.yml up

Nov 04 17:01:20 node01 docker-compose[31151]: Container registryctl Running
Nov 04 17:01:20 node01 docker-compose[31151]: Container registry Running
Nov 04 17:01:20 node01 docker-compose[31151]: Container harbor-core Running
Nov 04 17:01:20 node01 docker-compose[31151]: Container harbor-jobservice Running
Nov 04 17:01:20 node01 docker-compose[31151]: Container nginx Running
Nov 04 17:01:20 node01 docker-compose[31151]: Attaching to harbor-core, harbor-db, harbor-jobservice, harbor-log, harbor-portal,>
Nov 04 17:01:21 node01 docker-compose[31151]: harbor-portal | 172.18.0.8 - - [04/Nov/2021:09:01:21 +0000] "GET / HTTP/1.1" >
Nov 04 17:01:21 node01 docker-compose[31151]: registry | 172.18.0.8 - - [04/Nov/2021:09:01:21 +0000] "GET / HTTP/1.1" >
Nov 04 17:01:21 node01 docker-compose[31151]: registryctl | 172.18.0.8 - - [04/Nov/2021:09:01:21 +0000] "GET /api/health >
Nov 04 17:01:22 node01 docker-compose[31151]: registry | 127.0.0.1 - - [04/Nov/2021:09:01:22 +0000] "GET / HTTP/1.1" 2>

五 配置docker使用harbor仓库

5.1 配置docker

5.1.1 配置daemon.json

root@node01:~# cat /etc/docker/daemon.json
{
	"insecure-registries" : ["192.168.75.157"]
}

5.1.2 重启docker

root@node01:~# systemctl restart docker

5.1.3 命令行登录harbor

root@node01:~# docker login 192.168.75.157
Username: admin
Password: 
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

5.2 创建harbor项目

5.3 测试上传镜像

5.3.1 准备镜像

root@node01:~# docker pull nginx

5.3.2 镜像打tag

root@node01:~# docker tag nginx:latest 192.168.75.157/wgs-test/nginx:v1

5.3.3 镜像上传

root@node01:~# docker push 192.168.75.157/wgs-test/nginx:v1
The push refers to repository [192.168.75.157/wgs-test/nginx]
9959a332cf6e: Pushed 
f7e00b807643: Pushed 
f8e880dfc4ef: Pushed 
788e89a4d186: Pushed 
43f4e41372e4: Pushed 
e81bff2725db: Pushed 
v1: digest: sha256:7250923ba3543110040462388756ef099331822c6172a050b12c7a38361ea46f size: 1570

 5.3.4 harbor界面验证镜像

5.3.5 验证镜像信息

5.4 测试下载镜像

5.4.1 删除存在的镜像

root@node01:~# docker rmi nginx
Untagged: nginx:latest
Untagged: nginx@sha256:644a70516a26004c97d0d85c7fe1d0c3a67ea8ab7ddf4aff193d9f301670cf36
root@node01:~# docker rmi 192.168.75.157/wgs-test/nginx:v1
Untagged: 192.168.75.157/wgs-test/nginx:v1
Untagged: 192.168.75.157/wgs-test/nginx@sha256:7250923ba3543110040462388756ef099331822c6172a050b12c7a38361ea46f
Deleted: sha256:87a94228f133e2da99cb16d653cd1373c5b4e8689956386c1c12b60a20421a02
Deleted: sha256:55b6972054b24c53054322a52748324df5797eefbb6dc374e41522a91d532dd5
Deleted: sha256:6b88aa6f4485486bfc779cccfbe4a7a47a502a7cff2cd70be89c59dcd0db12a8
Deleted: sha256:472c64059965c7b6b1b534ba07374c1d034b17c99acb3cf4534fe78abed41101
Deleted: sha256:788a5cf1e4599312b5923694f53e556ba0e2eb4a6bbb51958e0ec2b510345a49
Deleted: sha256:410f31f9ae37c62af85e8f9575c5f4d75542be1739ac1ca5982cf461be0b13bc
Deleted: sha256:e81bff2725dbc0bf2003db10272fef362e882eb96353055778a66cda430cf81b

5.4.2 拉取镜像

root@node01:~# docker pull 192.168.75.157/wgs-test/nginx:v1
v1: Pulling from wgs-test/nginx
b380bbd43752: Pull complete 
fca7e12d1754: Pull complete 
745ab57616cb: Pull complete 
a4723e260b6f: Pull complete 
1c84ebdff681: Pull complete 
858292fd2e56: Pull complete 
Digest: sha256:7250923ba3543110040462388756ef099331822c6172a050b12c7a38361ea46f
Status: Downloaded newer image for 192.168.75.157/wgs-test/nginx:v1
192.168.75.157/wgs-test/nginx:v1

5.4.3 从镜像启动容器并验证

root@node01:~# docker run -d -p 8080:80 192.168.75.157/wgs-test/nginx:v1
703e032825acc8f5042e834d989c229b79d3f4be1588b993b953e8c60d69be68

5.4.4 验证端口

root@node01:~# ss -tnlp
State             Recv-Q            Send-Q                       Local Address:Port                         Peer Address:Port            Process                                               
LISTEN            0                 4096                             127.0.0.1:1514                              0.0.0.0:*                users:(("docker-proxy",pid=33987,fd=4))              
LISTEN            0                 4096                               0.0.0.0:80                                0.0.0.0:*                users:(("docker-proxy",pid=34824,fd=4))              
LISTEN            0                 4096                         127.0.0.53%lo:53                                0.0.0.0:*                users:(("systemd-resolve",pid=791,fd=13))            
LISTEN            0                 128                                0.0.0.0:22                                0.0.0.0:*                users:(("sshd",pid=881,fd=3))                        
LISTEN            0                 128                              127.0.0.1:6010                              0.0.0.0:*                users:(("sshd",pid=1036,fd=10))                      
LISTEN            0                 128                              127.0.0.1:6011                              0.0.0.0:*                users:(("sshd",pid=11675,fd=10))                     
LISTEN            0                 4096                                  [::]:80                                   [::]:*                users:(("docker-proxy",pid=34830,fd=4))              
LISTEN            0                 128                                   [::]:22                                   [::]:*                users:(("sshd",pid=881,fd=4))                        
LISTEN            0                 128                                  [::1]:6010                                 [::]:*                users:(("sshd",pid=1036,fd=9))                       
LISTEN            0                 128                                  [::1]:6011                                 [::]:*                users:(("sshd",pid=11675,fd=9))                      

root@node01:~# lsof -i:8090
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
docker-pr 20902 root 4u IPv4 190561 0t0 TCP *:http-alt (LISTEN)

5.4.5 验证web访问 

 

六 harbor配置更新

6.1 停止harbor

root@node01:~# systemctl stop harbor
root@node01:~# docker ps
CONTAINER ID   IMAGE     COMMAND   CREATED   STATUS    PORTS     NAMES

6.2 修改harbor配置

root@node01:~# vim /usr/local/harbor/harbor.yml 

6.3 更新harbor配置

root@node01:~# /usr/local/harbor/prepare 
prepare base dir is set to /usr/local/harbor
/usr/src/app/utils/configs.py:100: YAMLLoadWarning: calling yaml.load() without Loader=... is deprecated, as the default Loader is unsafe. Please read https://msg.pyyaml.org/load for full details.
  configs = yaml.load(f)
WARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. Please make sure to upgrade to https
/usr/src/app/utils/configs.py:90: YAMLLoadWarning: calling yaml.load() without Loader=... is deprecated, as the default Loader is unsafe. Please read https://msg.pyyaml.org/load for full details.
  versions = yaml.load(f)
Clearing the configuration file: /config/log/logrotate.conf
Clearing the configuration file: /config/log/rsyslog_docker.conf
Clearing the configuration file: /config/core/app.conf
Clearing the configuration file: /config/core/env
Clearing the configuration file: /config/registryctl/config.yml
Clearing the configuration file: /config/registryctl/env
Clearing the configuration file: /config/jobservice/config.yml
Clearing the configuration file: /config/jobservice/env
Clearing the configuration file: /config/nginx/nginx.conf
Clearing the configuration file: /config/registry/config.yml
Clearing the configuration file: /config/registry/root.crt
Clearing the configuration file: /config/db/env
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
loaded secret from file: /secret/keys/secretkey
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir

6.4 启动harbor服务

root@node01:~# systemctl start harbor
root@node01:~# docker ps
CONTAINER ID   IMAGE                                 COMMAND                  CREATED          STATUS                             PORTS                                   NAMES
874ca7d8102b   goharbor/nginx-photon:v1.10.9         "nginx -g 'daemon of…"   13 seconds ago   Up 2 seconds (health: starting)    0.0.0.0:80->8080/tcp, :::80->8080/tcp   nginx
e73116597bbb   goharbor/harbor-jobservice:v1.10.9    "/harbor/harbor_jobs…"   13 seconds ago   Up 2 seconds (health: starting)                                            harbor-jobservice
123bdf60c929   goharbor/harbor-core:v1.10.9          "/harbor/harbor_core"    13 seconds ago   Up 4 seconds (health: starting)                                            harbor-core
bece2b90ee18   goharbor/redis-photon:v1.10.9         "redis-server /etc/r…"   13 seconds ago   Up 6 seconds (health: starting)    6379/tcp                                redis
03809d68c1d7   goharbor/harbor-db:v1.10.9            "/docker-entrypoint.…"   13 seconds ago   Up 6 seconds (health: starting)    5432/tcp                                harbor-db
4ffc20df4826   goharbor/registry-photon:v1.10.9      "/home/harbor/entryp…"   13 seconds ago   Up 6 seconds (health: starting)    5000/tcp                                registry
f2794e14d298   goharbor/harbor-registryctl:v1.10.9   "/home/harbor/start.…"   13 seconds ago   Up 6 seconds (health: starting)                                            registryctl
a4bfd2f49023   goharbor/harbor-portal:v1.10.9        "nginx -g 'daemon of…"   13 seconds ago   Up 8 seconds (health: starting)    8080/tcp                                harbor-portal
864682c1b1fd   goharbor/harbor-log:v1.10.9           "/bin/sh -c /usr/loc…"   13 seconds ago   Up 11 seconds (health: starting)   127.0.0.1:1514->10514/tcp               harbor-log

七 harbor扫描服务

7.1 查看扫描器

 

7.2 扫描镜像

7.3 扫描结果

7.4 设置镜像自动扫描

八 harbor使用https访问

8.1 创建ssl证书路径

root@k8s-harbor-01:~# mkdir -pv /usr/local/harbor/ssl
mkdir: created directory '/usr/local/harbor/ssl'

8.2 修改配置文件

root@k8s-harbor-01:~# cat /usr/local/harbor/harbor.yml
hostname: harbor.wgs.com
https:

port: 443

certificate: /usr/local/harbor/ssl/1_wgs.com_bundle.crt
private_key: /usr/local/harbor/ssl/2_wgs.com.key

8.3 配置本地host

root@k8s-harbor-01:~# cat /etc/hosts

192.168.154.120 harbor.wgs.com

8.4 停止harbor服务

root@k8s-harbor-01:~# systemctl stop harbor

8.5 更新harbor配置文件

root@k8s-harbor-01:~# /usr/local/harbor/prepare

8.6 启动harbor服务

root@k8s-harbor-01:~# systemctl start harbor

8.7 登录harbor界面验证https

8.8 docker 登录harbor

root@harbor-01:~# mkdir -pv /etc/docker/certs.d/harbor.wgs.com
root@harbor-01:~# cp /usr/local/harbor/ssl/1_wgs.com_bundle.crt /etc/docker/certs.d/harbor.wgs.com/
root@node-01:~# docker login harbor.wgs.com
Username: admin
Password: 
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

posted @ 2021-11-05 13:19  小吉猫  阅读(1849)  评论(0编辑  收藏  举报