Docker之分布式仓库Harbor部署
一 Harbor介绍
1.1 Harbor介绍
Harbor是一个用于存储和分发docker镜像的企业级Registry服务器,由VMware开源,其通过添加一些企业必需的功能特性,例如安全、标识和管理等,扩展了开源Docker Distrubution,作为一个企业级私有Registry服务器,Harbor提供了更好的性能和安全。提升了用户使用Registry构建和运行环境传输镜像的效率。Harbor支持安装在多个Registry节点的镜像资源复制,镜像全部保存在私有Registry中,确保数据和知识产权在公司内部网络中管理,另外,Harbor也提供了高级的安全特性,诸如用户管理,访问控制和活动审计等。
vmware 官方开源服务:https://vmware.github.io
harbor 官方github地址:https://github.com/goharbor/harbor
harbor 官方网址: https://goharbor.io
harbor 官方文档: https://goharbor.io
github文档:https://goharbor.io/docs/2.4.0/
1.2 Harbor功能官方介绍
- 基于角色的访问控制:用户与docker镜像仓库通过项目进行组织管理,一个用户可以对多个镜像仓库在同一命名空间里有不同的权限。
- 镜像复制:镜像可在多个Registry实例中复制。尤其适合负载均衡,高可用,混合云和多云场景。
- 图形化用户界面:用户可以通过浏览器来浏览,检索当前Docker镜像仓库,管理项目和命名空间。
- AD/LDAP支持:Harbor可以集成企业内部已有的AD/LDAP,用于鉴权认证管理。
- 审计管理:所有针对镜像仓库的操作都可以被记录追溯,用于审计管理。
- 国际化:已拥有英文。中文、德文、日文和俄文的本地化版本。更多的语言将会添加进来。
- RESTful API:提供给管理员对于Harbor更多的操控,使得与其它管理软件集成变得更容易。
- 部署简单:提供在线和离线两种安装工具,也可以安装到vSphere平台虚拟设备。
1.3 Harbor组成
- proxy:对应启动组件nginx。它是一个nginx反向代理,代理Notary client(镜像认证)、docker client(镜像上传下载)和浏览器的访问请求(Core Service)给后端的各服务器。
- UI(Core Service):对应启动组件harbor-ui。底层数据存储使用mysql数据库,主要提供了四个子功能。
- UI:一个web管理页面ui
- API:Harbor暴露的API服务。
- Auth:用户认证服务,decode后的token中的用户信息在这里进行认证;auth后端可以接db、ldap、uaa三种认证实现。
- Token服务:负责根据用户在每个project中的role来为每个docker push/pull 命令发布一个token,如果docker client发送给registry的请求没有带token,registry会重定向请求到token服务创建token。
- Registry:对应启动组件registry。负责存储镜像文件和处理镜像的pull/push命令。Harbor对镜像进行强制的访问控制,Registry会将每个客户端的每个pull/push请求转发到token服务来获取有效的token。
- Admin Service:对应启动组件harbor-admin server。是系统的配置管理中心附带检查存储用量,ui和jobserver启动时需要加载adminserver配置。
- job server:对应启动组件harbor-jobservice。负责镜像复制工作,塔河Registry通信。从一个Registry pull镜像然后push到另一个Registry,并记录job_log.
- Log Collector:对应启动组件harbor-log。日志汇总组件,通过docker的log-driver把日志汇总到一起。
- DB:对应启动组件harbor-db,负责存储project、user、role、replication、image_scan、access等的metadata数据。
二 环境准备
2.1 部署规划
类型 | IP | 主机名称 | 备注 |
harbor-01 | 192.168.75.157 | node01 |
2.2 时间同步
root@node01:~# apt -y install chrony
root@node01:~# systemctl enable chrony
root@node01:~# systemctl restart chrony
2.3 安装docker
点击查看代码
root@node01:~# apt-get -y install apt-transport-https ca-certificates curl software-properties-common root@node01:~# curl -fsSL http://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | sudo apt-key add - root@node01:~# add-apt-repository "deb [arch=amd64] http://mirrors.aliyun.com/docker-ce/linux/ubuntu $(lsb_release -cs) stable" root@node01:~# apt update root@node01:~# apt-get -y install docker-ce root@node01:/opt# docker version Client: Docker Engine - Community Version: 20.10.10 API version: 1.41 Go version: go1.16.9 Git commit: b485636 Built: Mon Oct 25 07:42:59 2021 OS/Arch: linux/amd64 Context: default Experimental: true
Server: Docker Engine - Community
Engine:
Version: 20.10.10
API version: 1.41 (minimum version 1.12)
Go version: go1.16.9
Git commit: e2f740d
Built: Mon Oct 25 07:41:08 2021
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.4.11
GitCommit: 5b46e404f6b9f661a205e28d59c982d3634148f8
runc:
Version: 1.0.2
GitCommit: v1.0.2-0-g52b36a2
docker-init:
Version: 0.19.0
GitCommit: de40ad0
2.4 安装docker-compose
root@node02:/opt# wget https://github.com/docker/compose/releases/download/v2.1.0/docker-compose-linux-x86_64
root@node02:/opt# mv docker-compose-linux-x86_64 /usr/local/sbin/docker-compose
root@node02:/opt# chmod +x /usr/local/sbin/docker-compose
root@node02:/opt# docker-compose -v
Docker Compose version v2.1.0
三 harbor安装
下载地址:https://github.com/goharbor/harbor/releases
安装文档:https://github.com/goharbor/harbor/blob/master/docs/install-config/_index.md
3.1 下载harbor安装包
3.1.1 下载离线安装包
推荐使用离线安装包
root@node01:~# cd /opt/
root@node01:/opt# wget https://github.com/goharbor/harbor/releases/download/v1.10.9/harbor-offline-installer-v1.10.9.tgz
3.1.2 下载在线安装包
不推荐在线安装
root@node01:~# cd /opt/
root@node01:/opt# wet https://github.com/goharbor/harbor/releases/download/v1.10.9/harbor-online-installer-v1.10.9.tgz
3.2 配置harbor
3.2.1 解压harbor
root@node01:/opt# tar xf harbor-offline-installer-v1.10.9.tgz -C /usr/local/
root@node01:~# ls -l /usr/local/harbor/
total 585880
-rw-r--r-- 1 root root 11347 Oct 28 13:24 LICENSE
-rw-r--r-- 1 root root 3398 Oct 28 13:24 common.sh
-rw-r--r-- 1 root root 599900167 Oct 28 13:25 harbor.v1.10.9.tar.gz
-rw-r--r-- 1 root root 5882 Oct 28 13:24 harbor.yml
-rwxr-xr-x 1 root root 2284 Oct 28 13:24 install.sh
-rwxr-xr-x 1 root root 1749 Oct 28 13:24 prepare
3.2.2 编辑配置文件
官方配置文档:https://goharbor.io/docs/1.10/install-config/
root@node01:~# vim /usr/local/harbor/harbor.yml
hostname: 192.168.75.157 #修改此行,指向当前主机IP或FQDN
http:
# port for http, default is 80. If https enabled, this port will redirect to https port
port: 80
#https:
# https port for harbor, default is 443
#port: 443
# The path of cert and key files for nginx
#certificate: /your/certificate/path
#private_key: /your/private/key/path
harbor_admin_password: Harbor12345
database:
# The password for the root user of Harbor DB. Change this before any production use.
password: root123
# The maximum number of connections in the idle connection pool. If it <=0, no idle connections are retained.
max_idle_conns: 50
# The maximum number of open connections to the database. If it <= 0, then there is no limit on the number of open connections.
# Note: the default number of connections is 100 for postgres.
max_open_conns: 100
data_volume: /data/harbor
3.2.3 运行安装脚本
运行install.sh, 注意运行时加上--with-clair 选项,启动clair镜像扫描功能。
ChartMuseum是一个用Go(Golang)编写的开源Helm Chart Repository服务器。
点击查看代码
root@node01:~# mkdir -pv /data/harbor root@node01:~# mkdir -pv /var/log/harbor root@node01:~# /usr/local/harbor/install.sh --with-clair --with-chartmuseum
[Step 0]: checking if docker is installed ...
Note: docker version: 20.10.10
[Step 1]: checking docker-compose is installed ...
Note: docker-compose version: 2.1.0
[Step 2]: loading Harbor images ...
Loaded image: goharbor/harbor-core:v1.10.9
Loaded image: goharbor/harbor-jobservice:v1.10.9
Loaded image: goharbor/notary-signer-photon:v1.10.9
Loaded image: goharbor/nginx-photon:v1.10.9
Loaded image: goharbor/chartmuseum-photon:v1.10.9
Loaded image: goharbor/registry-photon:v1.10.9
Loaded image: goharbor/clair-photon:v1.10.9
Loaded image: goharbor/clair-adapter-photon:v1.10.9
Loaded image: goharbor/prepare:v1.10.9
Loaded image: goharbor/harbor-portal:v1.10.9
Loaded image: goharbor/harbor-db:v1.10.9
Loaded image: goharbor/notary-server-photon:v1.10.9
Loaded image: goharbor/harbor-log:v1.10.9
Loaded image: goharbor/harbor-registryctl:v1.10.9
Loaded image: goharbor/redis-photon:v1.10.9[Step 3]: preparing environment ...
[Step 4]: preparing harbor configs ...
prepare base dir is set to /usr/local/harbor
/usr/src/app/utils/configs.py💯 YAMLLoadWarning: calling yaml.load() without Loader=... is deprecated, as the default Loader is unsafe. Please read https://msg.pyyaml.org/load for full details.
configs = yaml.load(f)
WARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. Please make sure to upgrade to https
/usr/src/app/utils/configs.py:90: YAMLLoadWarning: calling yaml.load() without Loader=... is deprecated, as the default Loader is unsafe. Please read https://msg.pyyaml.org/load for full details.
versions = yaml.load(f)
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
loaded secret from file: /secret/keys/secretkey
Generated configuration file: /config/clair/postgres_env
Generated configuration file: /config/clair/config.yaml
Generated configuration file: /config/clair/clair_env
Generated configuration file: /config/clair-adapter/env
Generated configuration file: /config/chartserver/env
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir
[Step 5]: starting Harbor ...
[+] Running 15/15
⠿ Network harbor_harbor Created 0.7s
⠿ Network harbor_harbor-chartmuseum Created 0.2s
⠿ Network harbor_harbor-clair Created 0.2s
⠿ Container harbor-log Started 6.7s
⠿ Container harbor-db Started 17.1s
⠿ Container redis Started 17.3s
⠿ Container harbor-portal Started 12.7s
⠿ Container registryctl Started 17.0s
⠿ Container chartmuseum Started 17.0s
⠿ Container registry Started 17.1s
⠿ Container clair Started 21.3s
⠿ Container harbor-core Started 21.4s
⠿ Container clair-adapter Started 25.9s
⠿ Container harbor-jobservice Started 27.5s
⠿ Container nginx Started 27.4s
✔ ----Harbor has been installed and started successfully.----
3.2.4 验证安装镜像
点击查看代码
root@node01:~# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
9aaeebfffd29 goharbor/harbor-jobservice:v1.10.9 "/harbor/harbor_jobs…" 11 minutes ago Up 11 minutes (healthy) harbor-jobservice
d535d03c98c7 goharbor/nginx-photon:v1.10.9 "nginx -g 'daemon of…" 11 minutes ago Up 11 minutes (healthy) 0.0.0.0:80->8080/tcp, :::80->8080/tcp nginx
0c783b6ffbe7 goharbor/clair-adapter-photon:v1.10.9 "/clair-adapter/clai…" 11 minutes ago Up 11 minutes (healthy) 8080/tcp clair-adapter
106983da168c goharbor/harbor-core:v1.10.9 "/harbor/harbor_core" 11 minutes ago Up 11 minutes (healthy) harbor-core
51b0af17bd82 goharbor/clair-photon:v1.10.9 "./docker-entrypoint…" 11 minutes ago Up 11 minutes (healthy) 6060-6061/tcp clair
ad892f1ec253 goharbor/chartmuseum-photon:v1.10.9 "./docker-entrypoint…" 11 minutes ago Up 11 minutes (healthy) 9999/tcp chartmuseum
8b2790876a6c goharbor/harbor-portal:v1.10.9 "nginx -g 'daemon of…" 11 minutes ago Up 11 minutes (healthy) 8080/tcp harbor-portal
55ed41a08594 goharbor/harbor-registryctl:v1.10.9 "/home/harbor/start.…" 11 minutes ago Up 11 minutes (healthy) registryctl
41a01a51d5c5 goharbor/redis-photon:v1.10.9 "redis-server /etc/r…" 11 minutes ago Up 11 minutes (healthy) 6379/tcp redis
dd15258fae36 goharbor/harbor-db:v1.10.9 "/docker-entrypoint.…" 11 minutes ago Up 11 minutes (healthy) 5432/tcp harbor-db
1fb1d2af58a7 goharbor/registry-photon:v1.10.9 "/home/harbor/entryp…" 11 minutes ago Up 11 minutes (healthy) 5000/tcp registry
13a5b9359121 goharbor/harbor-log:v1.10.9 "/bin/sh -c /usr/loc…" 11 minutes ago Up 11 minutes (healthy) 127.0.0.1:1514->10514/tcp harbor-log
3.2.5 查看本地端口
点击查看代码
root@node01:~# ss -tnlp
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 4096 127.0.0.1:1514 0.0.0.0:* users:(("docker-proxy",pid=33987,fd=4))
LISTEN 0 4096 0.0.0.0:80 0.0.0.0:* users:(("docker-proxy",pid=34824,fd=4))
LISTEN 0 4096 127.0.0.53%lo:53 0.0.0.0:* users:(("systemd-resolve",pid=791,fd=13))
LISTEN 0 128 0.0.0.0:22 0.0.0.0:* users:(("sshd",pid=881,fd=3))
LISTEN 0 128 127.0.0.1:6010 0.0.0.0:* users:(("sshd",pid=1036,fd=10))
LISTEN 0 128 127.0.0.1:6011 0.0.0.0:* users:(("sshd",pid=11675,fd=10))
LISTEN 0 4096 [::]:80 [::]:* users:(("docker-proxy",pid=34830,fd=4))
LISTEN 0 128 [::]:22 [::]:* users:(("sshd",pid=881,fd=4))
LISTEN 0 128 [::1]:6010 [::]:* users:(("sshd",pid=1036,fd=9))
LISTEN 0 128 [::1]:6011 [::]:* users:(("sshd",pid=11675,fd=9))
3.2.6 web访问harbor管理界面
默认管理员admin ;密码 Harbor12345
3.2.7 登录成功界面
四 配置Harbor开机启动
4.1 配置harbor.service文件
点击查看代码
root@node01:~# cat /lib/systemd/system/harbor.service [Unit] Description=Harbor after=docker.service systemd-networkd.service systemd-resolved.service Requires=docker.service Documentation=https://goharbor.io/
[Service]
Type=simple
Restart=on-failure
ExecStart=/usr/local/sbin/docker-compose -f /usr/local/harbor/docker-compose.yml up
ExecStop=/usr/local/sbin/docker-compose -f /usr/local/harbor/docker-compose.yml down
[Install]
WantedBy=multi-user.target
4.2 Harbor开机启动
root@node01:~# systemctl enable harbor Created symlink /etc/systemd/system/multi-user.target.wants/harbor.service → /lib/systemd/system/harbor.service. root@node01:~# systemctl restart harbor root@node01:~# systemctl status harbor ● harbor.service - Harbor Loaded: loaded (/lib/systemd/system/harbor.service; enabled; vendor preset: enabled) Active: active (running) since Thu 2021-11-04 17:01:19 CST; 4s ago Docs: https://goharbor.io/ Main PID: 31151 (docker-compose) Tasks: 6 (limit: 2245) Memory: 8.1M CGroup: /system.slice/harbor.service └─31151 /usr/local/sbin/docker-compose -f /usr/local/harbor/docker-compose.yml up
Nov 04 17:01:20 node01 docker-compose[31151]: Container registryctl Running
Nov 04 17:01:20 node01 docker-compose[31151]: Container registry Running
Nov 04 17:01:20 node01 docker-compose[31151]: Container harbor-core Running
Nov 04 17:01:20 node01 docker-compose[31151]: Container harbor-jobservice Running
Nov 04 17:01:20 node01 docker-compose[31151]: Container nginx Running
Nov 04 17:01:20 node01 docker-compose[31151]: Attaching to harbor-core, harbor-db, harbor-jobservice, harbor-log, harbor-portal,>
Nov 04 17:01:21 node01 docker-compose[31151]: harbor-portal | 172.18.0.8 - - [04/Nov/2021:09:01:21 +0000] "GET / HTTP/1.1" >
Nov 04 17:01:21 node01 docker-compose[31151]: registry | 172.18.0.8 - - [04/Nov/2021:09:01:21 +0000] "GET / HTTP/1.1" >
Nov 04 17:01:21 node01 docker-compose[31151]: registryctl | 172.18.0.8 - - [04/Nov/2021:09:01:21 +0000] "GET /api/health >
Nov 04 17:01:22 node01 docker-compose[31151]: registry | 127.0.0.1 - - [04/Nov/2021:09:01:22 +0000] "GET / HTTP/1.1" 2>
五 配置docker使用harbor仓库
5.1 配置docker
5.1.1 配置daemon.json
root@node01:~# cat /etc/docker/daemon.json
{
"insecure-registries" : ["192.168.75.157"]
}
5.1.2 重启docker
root@node01:~# systemctl restart docker
5.1.3 命令行登录harbor
root@node01:~# docker login 192.168.75.157 Username: admin Password: WARNING! Your password will be stored unencrypted in /root/.docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
5.2 创建harbor项目
5.3 测试上传镜像
5.3.1 准备镜像
root@node01:~# docker pull nginx
5.3.2 镜像打tag
root@node01:~# docker tag nginx:latest 192.168.75.157/wgs-test/nginx:v1
5.3.3 镜像上传
root@node01:~# docker push 192.168.75.157/wgs-test/nginx:v1
The push refers to repository [192.168.75.157/wgs-test/nginx]
9959a332cf6e: Pushed
f7e00b807643: Pushed
f8e880dfc4ef: Pushed
788e89a4d186: Pushed
43f4e41372e4: Pushed
e81bff2725db: Pushed
v1: digest: sha256:7250923ba3543110040462388756ef099331822c6172a050b12c7a38361ea46f size: 1570
5.3.4 harbor界面验证镜像
5.3.5 验证镜像信息
5.4 测试下载镜像
5.4.1 删除存在的镜像
root@node01:~# docker rmi nginx
Untagged: nginx:latest
Untagged: nginx@sha256:644a70516a26004c97d0d85c7fe1d0c3a67ea8ab7ddf4aff193d9f301670cf36
root@node01:~# docker rmi 192.168.75.157/wgs-test/nginx:v1
Untagged: 192.168.75.157/wgs-test/nginx:v1
Untagged: 192.168.75.157/wgs-test/nginx@sha256:7250923ba3543110040462388756ef099331822c6172a050b12c7a38361ea46f
Deleted: sha256:87a94228f133e2da99cb16d653cd1373c5b4e8689956386c1c12b60a20421a02
Deleted: sha256:55b6972054b24c53054322a52748324df5797eefbb6dc374e41522a91d532dd5
Deleted: sha256:6b88aa6f4485486bfc779cccfbe4a7a47a502a7cff2cd70be89c59dcd0db12a8
Deleted: sha256:472c64059965c7b6b1b534ba07374c1d034b17c99acb3cf4534fe78abed41101
Deleted: sha256:788a5cf1e4599312b5923694f53e556ba0e2eb4a6bbb51958e0ec2b510345a49
Deleted: sha256:410f31f9ae37c62af85e8f9575c5f4d75542be1739ac1ca5982cf461be0b13bc
Deleted: sha256:e81bff2725dbc0bf2003db10272fef362e882eb96353055778a66cda430cf81b
5.4.2 拉取镜像
root@node01:~# docker pull 192.168.75.157/wgs-test/nginx:v1
v1: Pulling from wgs-test/nginx
b380bbd43752: Pull complete
fca7e12d1754: Pull complete
745ab57616cb: Pull complete
a4723e260b6f: Pull complete
1c84ebdff681: Pull complete
858292fd2e56: Pull complete
Digest: sha256:7250923ba3543110040462388756ef099331822c6172a050b12c7a38361ea46f
Status: Downloaded newer image for 192.168.75.157/wgs-test/nginx:v1
192.168.75.157/wgs-test/nginx:v1
5.4.3 从镜像启动容器并验证
root@node01:~# docker run -d -p 8080:80 192.168.75.157/wgs-test/nginx:v1
703e032825acc8f5042e834d989c229b79d3f4be1588b993b953e8c60d69be68
5.4.4 验证端口
root@node01:~# ss -tnlp State Recv-Q Send-Q Local Address:Port Peer Address:Port Process LISTEN 0 4096 127.0.0.1:1514 0.0.0.0:* users:(("docker-proxy",pid=33987,fd=4)) LISTEN 0 4096 0.0.0.0:80 0.0.0.0:* users:(("docker-proxy",pid=34824,fd=4)) LISTEN 0 4096 127.0.0.53%lo:53 0.0.0.0:* users:(("systemd-resolve",pid=791,fd=13)) LISTEN 0 128 0.0.0.0:22 0.0.0.0:* users:(("sshd",pid=881,fd=3)) LISTEN 0 128 127.0.0.1:6010 0.0.0.0:* users:(("sshd",pid=1036,fd=10)) LISTEN 0 128 127.0.0.1:6011 0.0.0.0:* users:(("sshd",pid=11675,fd=10)) LISTEN 0 4096 [::]:80 [::]:* users:(("docker-proxy",pid=34830,fd=4)) LISTEN 0 128 [::]:22 [::]:* users:(("sshd",pid=881,fd=4)) LISTEN 0 128 [::1]:6010 [::]:* users:(("sshd",pid=1036,fd=9)) LISTEN 0 128 [::1]:6011 [::]:* users:(("sshd",pid=11675,fd=9))
root@node01:~# lsof -i:8090
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
docker-pr 20902 root 4u IPv4 190561 0t0 TCP *:http-alt (LISTEN)
5.4.5 验证web访问
六 harbor配置更新
6.1 停止harbor
root@node01:~# systemctl stop harbor root@node01:~# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
6.2 修改harbor配置
root@node01:~# vim /usr/local/harbor/harbor.yml
6.3 更新harbor配置
root@node01:~# /usr/local/harbor/prepare
prepare base dir is set to /usr/local/harbor
/usr/src/app/utils/configs.py:100: YAMLLoadWarning: calling yaml.load() without Loader=... is deprecated, as the default Loader is unsafe. Please read https://msg.pyyaml.org/load for full details.
configs = yaml.load(f)
WARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. Please make sure to upgrade to https
/usr/src/app/utils/configs.py:90: YAMLLoadWarning: calling yaml.load() without Loader=... is deprecated, as the default Loader is unsafe. Please read https://msg.pyyaml.org/load for full details.
versions = yaml.load(f)
Clearing the configuration file: /config/log/logrotate.conf
Clearing the configuration file: /config/log/rsyslog_docker.conf
Clearing the configuration file: /config/core/app.conf
Clearing the configuration file: /config/core/env
Clearing the configuration file: /config/registryctl/config.yml
Clearing the configuration file: /config/registryctl/env
Clearing the configuration file: /config/jobservice/config.yml
Clearing the configuration file: /config/jobservice/env
Clearing the configuration file: /config/nginx/nginx.conf
Clearing the configuration file: /config/registry/config.yml
Clearing the configuration file: /config/registry/root.crt
Clearing the configuration file: /config/db/env
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
loaded secret from file: /secret/keys/secretkey
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir
6.4 启动harbor服务
root@node01:~# systemctl start harbor
root@node01:~# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
874ca7d8102b goharbor/nginx-photon:v1.10.9 "nginx -g 'daemon of…" 13 seconds ago Up 2 seconds (health: starting) 0.0.0.0:80->8080/tcp, :::80->8080/tcp nginx
e73116597bbb goharbor/harbor-jobservice:v1.10.9 "/harbor/harbor_jobs…" 13 seconds ago Up 2 seconds (health: starting) harbor-jobservice
123bdf60c929 goharbor/harbor-core:v1.10.9 "/harbor/harbor_core" 13 seconds ago Up 4 seconds (health: starting) harbor-core
bece2b90ee18 goharbor/redis-photon:v1.10.9 "redis-server /etc/r…" 13 seconds ago Up 6 seconds (health: starting) 6379/tcp redis
03809d68c1d7 goharbor/harbor-db:v1.10.9 "/docker-entrypoint.…" 13 seconds ago Up 6 seconds (health: starting) 5432/tcp harbor-db
4ffc20df4826 goharbor/registry-photon:v1.10.9 "/home/harbor/entryp…" 13 seconds ago Up 6 seconds (health: starting) 5000/tcp registry
f2794e14d298 goharbor/harbor-registryctl:v1.10.9 "/home/harbor/start.…" 13 seconds ago Up 6 seconds (health: starting) registryctl
a4bfd2f49023 goharbor/harbor-portal:v1.10.9 "nginx -g 'daemon of…" 13 seconds ago Up 8 seconds (health: starting) 8080/tcp harbor-portal
864682c1b1fd goharbor/harbor-log:v1.10.9 "/bin/sh -c /usr/loc…" 13 seconds ago Up 11 seconds (health: starting) 127.0.0.1:1514->10514/tcp harbor-log
七 harbor扫描服务
7.1 查看扫描器
7.2 扫描镜像
7.3 扫描结果
7.4 设置镜像自动扫描
八 harbor使用https访问
8.1 创建ssl证书路径
root@k8s-harbor-01:~# mkdir -pv /usr/local/harbor/ssl
mkdir: created directory '/usr/local/harbor/ssl'
8.2 修改配置文件
root@k8s-harbor-01:~# cat /usr/local/harbor/harbor.yml hostname: harbor.wgs.com https:
port: 443
certificate: /usr/local/harbor/ssl/1_wgs.com_bundle.crt
private_key: /usr/local/harbor/ssl/2_wgs.com.key
8.3 配置本地host
root@k8s-harbor-01:~# cat /etc/hosts
192.168.154.120 harbor.wgs.com
8.4 停止harbor服务
root@k8s-harbor-01:~# systemctl stop harbor
8.5 更新harbor配置文件
root@k8s-harbor-01:~# /usr/local/harbor/prepare
8.6 启动harbor服务
root@k8s-harbor-01:~# systemctl start harbor
8.7 登录harbor界面验证https
8.8 docker 登录harbor
root@harbor-01:~# mkdir -pv /etc/docker/certs.d/harbor.wgs.com root@harbor-01:~# cp /usr/local/harbor/ssl/1_wgs.com_bundle.crt /etc/docker/certs.d/harbor.wgs.com/ root@node-01:~# docker login harbor.wgs.com Username: admin Password: WARNING! Your password will be stored unencrypted in /root/.docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded