Docker笔记之企业级仓库harbor搭建
文章发布较早,内容可能过时,阅读注意甄别。
# 1,简单介绍。
Harbor,是一个英文单词,意思是港湾,港湾是干什么的呢,就是停放货物的,而货物呢,是装在集装箱中的,说到集装箱,就不得不提到 Docker 容器,因为 docker 容器的技术正是借鉴了集装箱的原理。所以,Harbor 正是一个用于存储 Docker 镜像的企业级 Registry 服务。
Harbor 是 Vmvare 中国团队开发的开源 registry 仓库,相比 docker 官方拥有更丰富的权限权利和完善的架构设计,适用大规模 docker 集群部署提供仓库服务。
# 2,主要组件。
- Proxy:Harbor 的 registry, UI, token 等服务,通过一个前置的反向代理统一接收浏览器、Docker 客户端的请求,并将请求转发给后端不同的服务。
- Registry: 负责储存 Docker 镜像,并处理 docker push/pull 命令。由于我们要对用户进行访问控制,即不同用户对 Docker image 有不同的读写权限,Registry 会指向一个 token 服务,强制用户的每次 docker pull/push 请求都要携带一个合法的 token, Registry 会通过公钥对 token 进行解密验证。
- Core services: 这是 Harbor 的核心功能,主要提供以下服务:
1,UI:提供图形化界面,帮助用户管理 registry 上的镜像(image), 并对用户进行授权。 2,webhook:为了及时获取 registry 上 image 状态变化的情况, 在 Registry 上配置 webhook,把状态变化传递给 UI 模块。 3,token 服务:负责根据用户权限给每个 docker push/pull 命令签发 token. Docker 客户端向 Regiøstry 服务发起的请求, 如果不包含 token,会被重定向到这里,获得 token 后再重新向 Registry 进行请求。
- Database:为 core services 提供数据库服务,负责储存用户权限、审计日志、Docker image 分组信息等数据。
- Log collector:为了帮助监控 Harbor 运行,负责收集其他组件的 log,供日后进行分析。
有架构图如下:
- CentOS:7.3
- docker-ce:17.12.1
- docker-compose:version-1.18.0
- harbor-offline:v1.5.1
# 3,安装。
# 1,安装 docker。
wget http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo && mv docker-ce.repo /etc/yum.repos.d
yum -y install docker-ce-17.12.1.ce-1.el7.centos
1
2
2
启动服务。
systemctl enable docker
systemctl start docker
systemctl status docker
1
2
3
2
3
# 2,安装 docker-compose。
源码地址:https://github.com/docker/compose/releases
下载指定版本。
curl -L https://github.com/docker/compose/releases/download/1.18.0/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
1
添加执行权限。
chmod +x /usr/local/bin/docker-compose
1
验证一下。
$docker-compose --version
输出:
docker-compose version 1.18.0, build 8dd22a9
1
2
3
4
2
3
4
# 3,安装 harbor。
源码地址:https://github.com/goharbor/harbor/releases
项目分有在线版,以及离线版,这里介绍离线版的安装。
下载安装包。
wget https://storage.googleapis.com/harbor-releases/release-1.5.0/harbor-offline-installer-v1.5.1.tgz
1
或许用迅雷下载,速度更佳。
解压安装包。
$tar xf harbor-offline-installer-v1.5.1.tgz
$ls harbor
common docker-compose.clair.yml docker-compose.notary.yml docker-compose.yml ha harbor.cfg harbor.v1.5.1.tar.gz install.sh LICENSE NOTICE prepare
1
2
3
2
3
更改配置。
$vim harbor.cfg
将hostname更改为本机ip即可。
hostname = 192.168.111.5
1
2
3
4
2
3
4
其他的配置保持默认即可,还有一些常用配置,如果需要,可以自行按需修改。
执行安装。
$bash install.sh
[Step 0]: checking installation environment ...
Note: docker version: 17.12.1
Note: docker-compose version: 1.18.0
[Step 1]: loading Harbor images ...
52ef9064d2e4: Loading layer [==================================================>] 135.9MB/135.9MB
4a6862dbadda: Loading layer [==================================================>] 23.25MB/23.25MB
58b7d0c522b2: Loading layer [==================================================>] 24.4MB/24.4MB
9cd4bb748634: Loading layer [==================================================>] 7.168kB/7.168kB
c81302a14908: Loading layer [==================================================>] 10.56MB/10.56MB
7848e9ba72a3: Loading layer [==================================================>] 24.39MB/24.39MB
Loaded image: vmware/harbor-ui:v1.5.1
f1691b5a5198: Loading layer [==================================================>] 73.15MB/73.15MB
a529013c99e4: Loading layer [==================================================>] 3.584kB/3.584kB
d9b4853cff8b: Loading layer [==================================================>] 3.072kB/3.072kB
3d305073979e: Loading layer [==================================================>] 4.096kB/4.096kB
c9e17074f54a: Loading layer [==================================================>] 3.584kB/3.584kB
956055840e30: Loading layer [==================================================>] 9.728kB/9.728kB
Loaded image: vmware/harbor-log:v1.5.1
185db06a02d0: Loading layer [==================================================>] 23.25MB/23.25MB
835213979c70: Loading layer [==================================================>] 20.9MB/20.9MB
f74eeb41c1c9: Loading layer [==================================================>] 20.9MB/20.9MB
Loaded image: vmware/harbor-jobservice:v1.5.1
9bd5c7468774: Loading layer [==================================================>] 23.25MB/23.25MB
5fa6889b9a6d: Loading layer [==================================================>] 2.56kB/2.56kB
bd3ac235b209: Loading layer [==================================================>] 2.56kB/2.56kB
cb5d493833cc: Loading layer [==================================================>] 2.048kB/2.048kB
557669a074de: Loading layer [==================================================>] 22.8MB/22.8MB
f02b4f30a9ac: Loading layer [==================================================>] 22.8MB/22.8MB
Loaded image: vmware/registry-photon:v2.6.2-v1.5.1
5d3b562db23e: Loading layer [==================================================>] 23.25MB/23.25MB
8edca1b0e3b0: Loading layer [==================================================>] 12.16MB/12.16MB
ce5f11ea46c0: Loading layer [==================================================>] 17.3MB/17.3MB
93750d7ec363: Loading layer [==================================================>] 15.87kB/15.87kB
36f81937e80d: Loading layer [==================================================>] 3.072kB/3.072kB
37e5df92b624: Loading layer [==================================================>] 29.46MB/29.46MB
Loaded image: vmware/notary-server-photon:v0.5.1-v1.5.1
0a2f8f90bd3a: Loading layer [==================================================>] 401.3MB/401.3MB
41fca4deb6bf: Loading layer [==================================================>] 9.216kB/9.216kB
f2e28262e760: Loading layer [==================================================>] 9.216kB/9.216kB
68677196e356: Loading layer [==================================================>] 7.68kB/7.68kB
2b006714574e: Loading layer [==================================================>] 1.536kB/1.536kB
Loaded image: vmware/mariadb-photon:v1.5.1
a8c4992c632e: Loading layer [==================================================>] 156.3MB/156.3MB
0f37bf842677: Loading layer [==================================================>] 10.75MB/10.75MB
9f34c0cd38bf: Loading layer [==================================================>] 2.048kB/2.048kB
91ca17ca7e16: Loading layer [==================================================>] 48.13kB/48.13kB
5a7e0da65127: Loading layer [==================================================>] 10.8MB/10.8MB
Loaded image: vmware/clair-photon:v2.0.1-v1.5.1
0e782fe069e7: Loading layer [==================================================>] 23.25MB/23.25MB
67fc1e2f7009: Loading layer [==================================================>] 15.36MB/15.36MB
8db2141aa82c: Loading layer [==================================================>] 15.36MB/15.36MB
Loaded image: vmware/harbor-adminserver:v1.5.1
3f87a34f553c: Loading layer [==================================================>] 4.772MB/4.772MB
Loaded image: vmware/nginx-photon:v1.5.1
Loaded image: vmware/photon:1.0
ad58f3ddcb1b: Loading layer [==================================================>] 10.95MB/10.95MB
9b50f12509bf: Loading layer [==================================================>] 17.3MB/17.3MB
2c21090fd212: Loading layer [==================================================>] 15.87kB/15.87kB
38bec864f23e: Loading layer [==================================================>] 3.072kB/3.072kB
6e81ea7b0fa6: Loading layer [==================================================>] 28.24MB/28.24MB
Loaded image: vmware/notary-signer-photon:v0.5.1-v1.5.1
897a26fa09cb: Loading layer [==================================================>] 95.02MB/95.02MB
16e3a10a21ba: Loading layer [==================================================>] 6.656kB/6.656kB
85ecac164331: Loading layer [==================================================>] 2.048kB/2.048kB
37a2fb188706: Loading layer [==================================================>] 7.68kB/7.68kB
Loaded image: vmware/postgresql-photon:v1.5.1
bed9f52be1d1: Loading layer [==================================================>] 11.78kB/11.78kB
d731f2986f6e: Loading layer [==================================================>] 2.56kB/2.56kB
c3fde9a69f96: Loading layer [==================================================>] 3.072kB/3.072kB
Loaded image: vmware/harbor-db:v1.5.1
7844feb13ef3: Loading layer [==================================================>] 78.68MB/78.68MB
de0fd8aae388: Loading layer [==================================================>] 3.072kB/3.072kB
3f79efb720fd: Loading layer [==================================================>] 59.9kB/59.9kB
1c02f801c2e8: Loading layer [==================================================>] 61.95kB/61.95kB
Loaded image: vmware/redis-photon:v1.5.1
454c81edbd3b: Loading layer [==================================================>] 135.2MB/135.2MB
e99db1275091: Loading layer [==================================================>] 395.4MB/395.4MB
051e4ee23882: Loading layer [==================================================>] 9.216kB/9.216kB
6cca4437b6f6: Loading layer [==================================================>] 9.216kB/9.216kB
1d48fc08c8bc: Loading layer [==================================================>] 7.68kB/7.68kB
0419724fd942: Loading layer [==================================================>] 1.536kB/1.536kB
543c0c1ee18d: Loading layer [==================================================>] 655.2MB/655.2MB
4190aa7e89b8: Loading layer [==================================================>] 103.9kB/103.9kB
Loaded image: vmware/harbor-migrator:v1.5.0
[Step 2]: preparing environment ...
Generated and saved secret to file: /data/secretkey
Generated configuration file: ./common/config/nginx/nginx.conf
Generated configuration file: ./common/config/adminserver/env
Generated configuration file: ./common/config/ui/env
Generated configuration file: ./common/config/registry/config.yml
Generated configuration file: ./common/config/db/env
Generated configuration file: ./common/config/jobservice/env
Generated configuration file: ./common/config/jobservice/config.yml
Generated configuration file: ./common/config/log/logrotate.conf
Generated configuration file: ./common/config/jobservice/config.yml
Generated configuration file: ./common/config/ui/app.conf
Generated certificate, key file: ./common/config/ui/private_key.pem, cert file: ./common/config/registry/root.crt
The configuration files are ready, please use docker-compose to start the service.
Creating harbor-log ... done
[Step 3]: checking existing instance of Harbor ...
Creating harbor-adminserver ... done
Creating harbor-ui ... done
Creating network "harbor_harbor" with the default driver
Creating nginx ... done
Creating harbor-adminserver ...
Creating registry ...
Creating harbor-db ...
Creating redis ...
Creating harbor-ui ...
Creating nginx ...
Creating harbor-jobservice ...
✔ ----Harbor has been installed and started successfully.----
Now you should be able to visit the admin portal at http://192.168.111.5.
For more details, please visit https://github.com/vmware/harbor .
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
看到这些输出,说明安装已经完成。
查看一下服务:
$docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
55a0c9372840 vmware/harbor-jobservice:v1.5.1 "/harbor/start.sh" About an hour ago Up About an hour harbor-jobservice
50bd7c7a0a85 vmware/nginx-photon:v1.5.1 "nginx -g 'daemon of…" About an hour ago Up About an hour (healthy) 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp nginx
b683e14ba917 vmware/harbor-ui:v1.5.1 "/harbor/start.sh" About an hour ago Up About an hour (healthy) harbor-ui
a397a6785014 vmware/redis-photon:v1.5.1 "docker-entrypoint.s…" About an hour ago Up About an hour 6379/tcp redis
832f201f3c8d vmware/harbor-adminserver:v1.5.1 "/harbor/start.sh" About an hour ago Up About an hour (healthy) harbor-adminserver
a0eacf22bfec vmware/harbor-db:v1.5.1 "/usr/local/bin/dock…" About an hour ago Up About an hour (healthy) 3306/tcp harbor-db
1c2cf0565a97 vmware/registry-photon:v2.6.2-v1.5.1 "/entrypoint.sh serv…" About an hour ago Up About an hour (healthy) 5000/tcp registry
7ec39f149caa vmware/harbor-log:v1.5.1 "/bin/sh -c /usr/loc…" About an hour ago Up About an hour (healthy) 127.0.0.1:1514->10514/tcp harbor-log
1
2
3
4
5
6
7
8
9
10
2
3
4
5
6
7
8
9
10
有哪些:
$docker-compose ps
Name Command State Ports
------------------------------------------------------------------------------------------------------------------------------
harbor-adminserver /harbor/start.sh Up
harbor-db /usr/local/bin/docker-entr ... Up 3306/tcp
harbor-jobservice /harbor/start.sh Up
harbor-log /bin/sh -c /usr/local/bin/ ... Up 127.0.0.1:1514->10514/tcp
harbor-ui /harbor/start.sh Up
nginx nginx -g daemon off; Up 0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp, 0.0.0.0:80->80/tcp
redis docker-entrypoint.sh redis ... Up 6379/tcp
registry /entrypoint.sh serve /etc/ ... Up 5000/tcp
1
2
3
4
5
6
7
8
9
10
11
2
3
4
5
6
7
8
9
10
11
访问私服仓库。
192.168.111.5
默认用户名 / 密码:admin/Harbor12345
登陆之后可以修改一下密码。
# 4,客户端验证。
在另外一台主机上安装 docker 服务,验证私服可用性。
# 1,安装 docker。
wget http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo && mv docker-ce.repo /etc/yum.repos.d
yum -y install docker-ce-17.12.1.ce-1.el7.centos
1
2
2
启动服务。
systemctl enable docker
systemctl start docker
systemctl status docker
1
2
3
2
3
2,配置私服连接。
cat > /etc/docker/daemon.json << EOF
{ "insecure-registries":["192.168.111.5"] }
EOF
1
2
3
2
3
重启 docker。
systemctl daemon-reload
systemctl restart docker
1
2
2
登陆私服,如果登陆失败,可能是两台主机时间不同步。
$docker login -u admin -p Harbor12345 192.168.111.5
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
Login Succeeded
1
2
3
2
3
# 3,验证拉取镜像。
先本地 pull 一个镜像。
$docker pull busybox
Using default tag: latest
latest: Pulling from library/busybox
90e01955edcd: Pull complete
Digest: sha256:2a03a6059f21e150ae84b0973863609494aad70f0a80eaeb64bddd8d92465812
Status: Downloaded newer image for busybox:latest
$docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
busybox latest 59788edf1f3e 2 months ago 1.15MB
1
2
3
4
5
6
7
8
9
10
2
3
4
5
6
7
8
9
10
更改一下 tag,测试一下 push。
$docker tag busybox 192.168.111.5/library/busybox:1
$docker push 192.168.111.5/library/busybox:1
The push refers to repository [192.168.111.5/library/busybox]
8a788232037e: Pushed
1: digest: sha256:915f390a8912e16d4beb8689720a17348f3f6d1a7b659697df850ab625ea29d5 size: 527
1
2
3
4
5
2
3
4
5
可以在私服当中看到这个镜像:
本地删除镜像,然后测试一下 pull。
查看镜像。
$docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.111.5/library/busybox 1 59788edf1f3e 2 months ago 1.15MB
busybox latest 59788edf1f3e 2 months ago 1.15MB
删除本地镜像。
$docker rmi -f 59788edf1f3e 59788edf1f3e
从本地私服pull镜像。
$docker pull 192.168.111.5/library/busybox:1
1: Pulling from library/busybox
90e01955edcd: Pull complete
Digest: sha256:915f390a8912e16d4beb8689720a17348f3f6d1a7b659697df850ab625ea29d5
Status: Downloaded newer image for 192.168.111.5/library/busybox:1
再次查看镜像。
$docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.111.5/library/busybox 1 59788edf1f3e 2 months ago 1.15MB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
上次更新: 2022/08/19, 09:49:20
|