1，简单介绍。

Harbor，是一个英文单词，意思是港湾，港湾是干什么的呢，就是停放货物的，而货物呢，是装在集装箱中的，说到集装箱，就不得不提到 Docker 容器，因为 docker 容器的技术正是借鉴了集装箱的原理。所以，Harbor 正是一个用于存储 Docker 镜像的企业级 Registry 服务。

Harbor 是 Vmvare 中国团队开发的开源 registry 仓库，相比 docker 官方拥有更丰富的权限权利和完善的架构设计，适用大规模 docker 集群部署提供仓库服务。

2，主要组件。

• Proxy：Harbor 的 registry, UI, token 等服务，通过一个前置的反向代理统一接收浏览器、Docker 客户端的请求，并将请求转发给后端不同的服务。
• Registry： 负责储存 Docker 镜像，并处理 docker push/pull 命令。由于我们要对用户进行访问控制，即不同用户对 Docker image 有不同的读写权限，Registry 会指向一个 token 服务，强制用户的每次 docker pull/push 请求都要携带一个合法的 token, Registry 会通过公钥对 token 进行解密验证。
• Core services： 这是 Harbor 的核心功能，主要提供以下服务：

1，UI：提供图形化界面，帮助用户管理 registry 上的镜像（image）, 并对用户进行授权。 2，webhook：为了及时获取 registry 上 image 状态变化的情况， 在 Registry 上配置 webhook，把状态变化传递给 UI 模块。 3，token 服务：负责根据用户权限给每个 docker push/pull 命令签发 token. Docker 客户端向 Regiøstry 服务发起的请求, 如果不包含 token，会被重定向到这里，获得 token 后再重新向 Registry 进行请求。

• Database：为 core services 提供数据库服务，负责储存用户权限、审计日志、Docker image 分组信息等数据。
• Log collector：为了帮助监控 Harbor 运行，负责收集其他组件的 log，供日后进行分析。

有架构图如下：

运行环境 (opens new window)

• CentOS：7.3
• docker-ce：17.12.1
• docker-compose：version-1.18.0
• harbor-offline：v1.5.1

申明

原创文章eryajf，未经授权，严禁转载，侵权必究！此乃文中随机水印，敬请读者谅解。

Copyright 二丫讲梵 (opens new window) 版权所有

3，安装。

1，安装 docker。

wget http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo && mv docker-ce.repo /etc/yum.repos.d
yum -y install docker-ce-17.12.1.ce-1.el7.centos

启动服务。

systemctl enable docker
systemctl start docker
systemctl status docker

2，安装 docker-compose。

源码地址：https://github.com/docker/compose/releases

下载指定版本。

curl -L https://github.com/docker/compose/releases/download/1.18.0/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose

添加执行权限。

chmod +x /usr/local/bin/docker-compose

验证一下。

$docker-compose --version

输出：
docker-compose version 1.18.0, build 8dd22a9

3，安装 harbor。

源码地址：https://github.com/goharbor/harbor/releases

项目分有在线版，以及离线版，这里介绍离线版的安装。

下载安装包。

wget https://storage.googleapis.com/harbor-releases/release-1.5.0/harbor-offline-installer-v1.5.1.tgz

或许用迅雷下载，速度更佳。

解压安装包。

$tar xf harbor-offline-installer-v1.5.1.tgz
$ls harbor
common  docker-compose.clair.yml  docker-compose.notary.yml  docker-compose.yml  ha  harbor.cfg  harbor.v1.5.1.tar.gz  install.sh  LICENSE  NOTICE  prepare

更改配置。

$vim harbor.cfg

将hostname更改为本机ip即可。
hostname = 192.168.111.5

其他的配置保持默认即可，还有一些常用配置，如果需要，可以自行按需修改。

执行安装。

$bash install.sh

[Step 0]: checking installation environment ...

Note: docker version: 17.12.1

Note: docker-compose version: 1.18.0

[Step 1]: loading Harbor images ...
52ef9064d2e4: Loading layer [==================================================>]  135.9MB/135.9MB
4a6862dbadda: Loading layer [==================================================>]  23.25MB/23.25MB
58b7d0c522b2: Loading layer [==================================================>]   24.4MB/24.4MB
9cd4bb748634: Loading layer [==================================================>]  7.168kB/7.168kB
c81302a14908: Loading layer [==================================================>]  10.56MB/10.56MB
7848e9ba72a3: Loading layer [==================================================>]  24.39MB/24.39MB
Loaded image: vmware/harbor-ui:v1.5.1
f1691b5a5198: Loading layer [==================================================>]  73.15MB/73.15MB
a529013c99e4: Loading layer [==================================================>]  3.584kB/3.584kB
d9b4853cff8b: Loading layer [==================================================>]  3.072kB/3.072kB
3d305073979e: Loading layer [==================================================>]  4.096kB/4.096kB
c9e17074f54a: Loading layer [==================================================>]  3.584kB/3.584kB
956055840e30: Loading layer [==================================================>]  9.728kB/9.728kB
Loaded image: vmware/harbor-log:v1.5.1
185db06a02d0: Loading layer [==================================================>]  23.25MB/23.25MB
835213979c70: Loading layer [==================================================>]   20.9MB/20.9MB
f74eeb41c1c9: Loading layer [==================================================>]   20.9MB/20.9MB
Loaded image: vmware/harbor-jobservice:v1.5.1
9bd5c7468774: Loading layer [==================================================>]  23.25MB/23.25MB
5fa6889b9a6d: Loading layer [==================================================>]   2.56kB/2.56kB
bd3ac235b209: Loading layer [==================================================>]   2.56kB/2.56kB
cb5d493833cc: Loading layer [==================================================>]  2.048kB/2.048kB
557669a074de: Loading layer [==================================================>]   22.8MB/22.8MB
f02b4f30a9ac: Loading layer [==================================================>]   22.8MB/22.8MB
Loaded image: vmware/registry-photon:v2.6.2-v1.5.1
5d3b562db23e: Loading layer [==================================================>]  23.25MB/23.25MB
8edca1b0e3b0: Loading layer [==================================================>]  12.16MB/12.16MB
ce5f11ea46c0: Loading layer [==================================================>]   17.3MB/17.3MB
93750d7ec363: Loading layer [==================================================>]  15.87kB/15.87kB
36f81937e80d: Loading layer [==================================================>]  3.072kB/3.072kB
37e5df92b624: Loading layer [==================================================>]  29.46MB/29.46MB
Loaded image: vmware/notary-server-photon:v0.5.1-v1.5.1
0a2f8f90bd3a: Loading layer [==================================================>]  401.3MB/401.3MB
41fca4deb6bf: Loading layer [==================================================>]  9.216kB/9.216kB
f2e28262e760: Loading layer [==================================================>]  9.216kB/9.216kB
68677196e356: Loading layer [==================================================>]   7.68kB/7.68kB
2b006714574e: Loading layer [==================================================>]  1.536kB/1.536kB
Loaded image: vmware/mariadb-photon:v1.5.1
a8c4992c632e: Loading layer [==================================================>]  156.3MB/156.3MB
0f37bf842677: Loading layer [==================================================>]  10.75MB/10.75MB
9f34c0cd38bf: Loading layer [==================================================>]  2.048kB/2.048kB
91ca17ca7e16: Loading layer [==================================================>]  48.13kB/48.13kB
5a7e0da65127: Loading layer [==================================================>]   10.8MB/10.8MB
Loaded image: vmware/clair-photon:v2.0.1-v1.5.1
0e782fe069e7: Loading layer [==================================================>]  23.25MB/23.25MB
67fc1e2f7009: Loading layer [==================================================>]  15.36MB/15.36MB
8db2141aa82c: Loading layer [==================================================>]  15.36MB/15.36MB
Loaded image: vmware/harbor-adminserver:v1.5.1
3f87a34f553c: Loading layer [==================================================>]  4.772MB/4.772MB
Loaded image: vmware/nginx-photon:v1.5.1
Loaded image: vmware/photon:1.0
ad58f3ddcb1b: Loading layer [==================================================>]  10.95MB/10.95MB
9b50f12509bf: Loading layer [==================================================>]   17.3MB/17.3MB
2c21090fd212: Loading layer [==================================================>]  15.87kB/15.87kB
38bec864f23e: Loading layer [==================================================>]  3.072kB/3.072kB
6e81ea7b0fa6: Loading layer [==================================================>]  28.24MB/28.24MB
Loaded image: vmware/notary-signer-photon:v0.5.1-v1.5.1
897a26fa09cb: Loading layer [==================================================>]  95.02MB/95.02MB
16e3a10a21ba: Loading layer [==================================================>]  6.656kB/6.656kB
85ecac164331: Loading layer [==================================================>]  2.048kB/2.048kB
37a2fb188706: Loading layer [==================================================>]   7.68kB/7.68kB
Loaded image: vmware/postgresql-photon:v1.5.1
bed9f52be1d1: Loading layer [==================================================>]  11.78kB/11.78kB
d731f2986f6e: Loading layer [==================================================>]   2.56kB/2.56kB
c3fde9a69f96: Loading layer [==================================================>]  3.072kB/3.072kB
Loaded image: vmware/harbor-db:v1.5.1
7844feb13ef3: Loading layer [==================================================>]  78.68MB/78.68MB
de0fd8aae388: Loading layer [==================================================>]  3.072kB/3.072kB
3f79efb720fd: Loading layer [==================================================>]   59.9kB/59.9kB
1c02f801c2e8: Loading layer [==================================================>]  61.95kB/61.95kB
Loaded image: vmware/redis-photon:v1.5.1
454c81edbd3b: Loading layer [==================================================>]  135.2MB/135.2MB
e99db1275091: Loading layer [==================================================>]  395.4MB/395.4MB
051e4ee23882: Loading layer [==================================================>]  9.216kB/9.216kB
6cca4437b6f6: Loading layer [==================================================>]  9.216kB/9.216kB
1d48fc08c8bc: Loading layer [==================================================>]   7.68kB/7.68kB
0419724fd942: Loading layer [==================================================>]  1.536kB/1.536kB
543c0c1ee18d: Loading layer [==================================================>]  655.2MB/655.2MB
4190aa7e89b8: Loading layer [==================================================>]  103.9kB/103.9kB
Loaded image: vmware/harbor-migrator:v1.5.0


[Step 2]: preparing environment ...
Generated and saved secret to file: /data/secretkey
Generated configuration file: ./common/config/nginx/nginx.conf
Generated configuration file: ./common/config/adminserver/env
Generated configuration file: ./common/config/ui/env
Generated configuration file: ./common/config/registry/config.yml
Generated configuration file: ./common/config/db/env
Generated configuration file: ./common/config/jobservice/env
Generated configuration file: ./common/config/jobservice/config.yml
Generated configuration file: ./common/config/log/logrotate.conf
Generated configuration file: ./common/config/jobservice/config.yml
Generated configuration file: ./common/config/ui/app.conf
Generated certificate, key file: ./common/config/ui/private_key.pem, cert file: ./common/config/registry/root.crt
The configuration files are ready, please use docker-compose to start the service.
Creating harbor-log ... done

[Step 3]: checking existing instance of Harbor ...

Creating harbor-adminserver ... done
Creating harbor-ui ... done
Creating network "harbor_harbor" with the default driver
Creating nginx ... done
Creating harbor-adminserver ...
Creating registry ...
Creating harbor-db ...
Creating redis ...
Creating harbor-ui ...
Creating nginx ...
Creating harbor-jobservice ...

✔ ----Harbor has been installed and started successfully.----

Now you should be able to visit the admin portal at http://192.168.111.5.
For more details, please visit https://github.com/vmware/harbor .

看到这些输出，说明安装已经完成。

查看一下服务：

$docker ps
CONTAINER ID        IMAGE                                  COMMAND                  CREATED             STATUS                       PORTS              NAMES
55a0c9372840        vmware/harbor-jobservice:v1.5.1        "/harbor/start.sh"       About an hour ago   Up About an hour              harbor-jobservice
50bd7c7a0a85        vmware/nginx-photon:v1.5.1             "nginx -g 'daemon of…"   About an hour ago   Up About an hour (healthy)   0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp   nginx
b683e14ba917        vmware/harbor-ui:v1.5.1                "/harbor/start.sh"       About an hour ago   Up About an hour (healthy)              harbor-ui
a397a6785014        vmware/redis-photon:v1.5.1             "docker-entrypoint.s…"   About an hour ago   Up About an hour             6379/tcp              redis
832f201f3c8d        vmware/harbor-adminserver:v1.5.1       "/harbor/start.sh"       About an hour ago   Up About an hour (healthy)              harbor-adminserver
a0eacf22bfec        vmware/harbor-db:v1.5.1                "/usr/local/bin/dock…"   About an hour ago   Up About an hour (healthy)   3306/tcp              harbor-db
1c2cf0565a97        vmware/registry-photon:v2.6.2-v1.5.1   "/entrypoint.sh serv…"   About an hour ago   Up About an hour (healthy)   5000/tcp              registry
7ec39f149caa        vmware/harbor-log:v1.5.1               "/bin/sh -c /usr/loc…"   About an hour ago   Up About an hour (healthy)   127.0.0.1:1514->10514/tcp              harbor-log

有哪些：

$docker-compose ps
       Name                     Command               State                                Ports
------------------------------------------------------------------------------------------------------------------------------
harbor-adminserver   /harbor/start.sh                 Up
harbor-db            /usr/local/bin/docker-entr ...   Up      3306/tcp
harbor-jobservice    /harbor/start.sh                 Up
harbor-log           /bin/sh -c /usr/local/bin/ ...   Up      127.0.0.1:1514->10514/tcp
harbor-ui            /harbor/start.sh                 Up
nginx                nginx -g daemon off;             Up      0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp, 0.0.0.0:80->80/tcp
redis                docker-entrypoint.sh redis ...   Up      6379/tcp
registry             /entrypoint.sh serve /etc/ ...   Up      5000/tcp

访问私服仓库。

192.168.111.5

默认用户名 / 密码：admin/Harbor12345

登陆之后可以修改一下密码。

4，客户端验证。

在另外一台主机上安装 docker 服务，验证私服可用性。

1，安装 docker。

wget http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo && mv docker-ce.repo /etc/yum.repos.d
yum -y install docker-ce-17.12.1.ce-1.el7.centos

启动服务。

systemctl enable docker
systemctl start docker
systemctl status docker

2，配置私服连接。

cat > /etc/docker/daemon.json << EOF
{ "insecure-registries":["192.168.111.5"] }
EOF

重启 docker。

systemctl daemon-reload
systemctl restart docker

登陆私服，如果登陆失败，可能是两台主机时间不同步。

$docker login -u admin -p Harbor12345 192.168.111.5
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
Login Succeeded

3，验证拉取镜像。

先本地 pull 一个镜像。

$docker pull busybox
Using default tag: latest
latest: Pulling from library/busybox
90e01955edcd: Pull complete
Digest: sha256:2a03a6059f21e150ae84b0973863609494aad70f0a80eaeb64bddd8d92465812
Status: Downloaded newer image for busybox:latest

$docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
busybox             latest              59788edf1f3e        2 months ago        1.15MB

更改一下 tag，测试一下 push。

$docker tag busybox 192.168.111.5/library/busybox:1
$docker push 192.168.111.5/library/busybox:1
The push refers to repository [192.168.111.5/library/busybox]
8a788232037e: Pushed
1: digest: sha256:915f390a8912e16d4beb8689720a17348f3f6d1a7b659697df850ab625ea29d5 size: 527

可以在私服当中看到这个镜像：

本地删除镜像，然后测试一下 pull。

查看镜像。
$docker images
REPOSITORY                      TAG                 IMAGE ID            CREATED             SIZE
192.168.111.5/library/busybox   1                   59788edf1f3e        2 months ago        1.15MB
busybox                         latest              59788edf1f3e        2 months ago        1.15MB

删除本地镜像。
$docker rmi -f 59788edf1f3e 59788edf1f3e

从本地私服pull镜像。
$docker pull 192.168.111.5/library/busybox:1
1: Pulling from library/busybox
90e01955edcd: Pull complete
Digest: sha256:915f390a8912e16d4beb8689720a17348f3f6d1a7b659697df850ab625ea29d5
Status: Downloaded newer image for 192.168.111.5/library/busybox:1

再次查看镜像。
$docker images
REPOSITORY                      TAG                 IMAGE ID            CREATED             SIZE
192.168.111.5/library/busybox   1                   59788edf1f3e        2 months ago        1.15MB