一、环境说明
操作系统:centos 7.5
软件版本:harbor 1.8.2
二、软件安装
1.安装前准备
# systemctl disable firewalld.service # systemctl stop firewalld.service # sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config # setenforce 0 # hostnamectl --static set-hostname docker-Harbor
安装docker-ce,再次不熬述
# wget https://github.com/goharbor/harbor/releases/download/v1.8.2/harbor-offline-installer-v1.8.2.tgz # mkdir /opt/software # tar -xvf harbor-offline-installer-v1.8.2.tgz -C /opt/software
3.安装docker compose
方法一
# curl -L https://github.com/docker/compose/releases/download/1.24.1/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose # chmod +x /usr/local/bin/docker-compose # docker-compose --version docker-compose version 1.24.1, build f46880fe
方法二
# yum -y install epel-release python-pip # pip install docker-compose # docker-compose --version docker-compose version 1.22.0, build f46880fe
4.生成ssl证书文件
# mkdir {harbor安装路径}/cert && cd {harbor安装路径}/cert # openssl genrsa -out ca.key 4096 # openssl req -x509 -new -nodes -sha512 -days 36500 -subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=yourdomain" -key ca.key -out ca.crt # openssl genrsa -out yourdomain.key 4096 # openssl req -sha512 -new -subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=yourdomain" -key yourdomain.key -out yourdomain.csr # cat > v3.ext <<-EOF authorityKeyIdentifier=keyid,issuer basicConstraints=CA:FALSE keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment extendedKeyUsage = serverAuth subjectAltName = @alt_names [alt_names] DNS.1=yourdomain DNS.3=hostname EOF # openssl x509 -req -sha512 -days 36500 -extfile v3.ext -CA ca.crt -CAkey ca.key -CAcreateserial -in yourdomain.csr -out yourdomain.crt # openssl x509 -inform PEM -in yourdomain.crt -out yourdomain.cert
5.修改配置文件
# vi /opt/software/harbor/harbor.yml hostname: {harbor自定义域名} http: # port for http, default is 80. If https enabled, this port will redirect to https port port: {harbor http端口} # https related config https: # https port for harbor, default is 443 port: {harbor https端口} # The path of cert and key files for nginx certificate: {harbor安装路径}/cert/yourdomain.crt} private_key: {harbor安装路径}/cert/yourdomain.key} harbor_admin_password: {harbor登录密码} database: # The password for the root user of Harbor DB. Change this before any production use. password: {harbor数据库登录密码} data_volume: {harbor数据存储位置}
6.安装harbor
# cd /opt/software/harbor # ./prepare # ./install.sh [Step 0]: checking installation environment ... Note: docker version: 18.03.1 Note: docker-compose version: 1.24.1 [Step 1]: loading Harbor images ...
查看生成的images和开发的端口
[root@harbor harbor]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE goharbor/chartmuseum-photon v0.9.0-v1.8.2 e72f3e685a37 5 weeks ago 130MB goharbor/harbor-migrator v1.8.2 c11a64ae3a1e 5 weeks ago 361MB goharbor/redis-photon v1.8.2 18036ee471bc 5 weeks ago 107MB goharbor/clair-photon v2.0.8-v1.8.2 68de68a40e66 5 weeks ago 164MB goharbor/notary-server-photon v0.6.1-v1.8.2 90cf28ef3a84 5 weeks ago 135MB goharbor/notary-signer-photon v0.6.1-v1.8.2 e9b49ea8ed32 5 weeks ago 132MB goharbor/harbor-registryctl v1.8.2 ad798fd6e618 5 weeks ago 96.5MB goharbor/registry-photon v2.7.1-patch-2819-v1.8.2 081bfb3dc181 5 weeks ago 81.6MB goharbor/nginx-photon v1.8.2 1592a48daeac 5 weeks ago 36.2MB goharbor/harbor-log v1.8.2 42ad5ef672dd 5 weeks ago 81.8MB goharbor/harbor-jobservice v1.8.2 623ed0095966 5 weeks ago 119MB goharbor/harbor-core v1.8.2 03d6daab10c7 5 weeks ago 135MB goharbor/harbor-portal v1.8.2 41e264a7980b 5 weeks ago 43.2MB goharbor/harbor-db v1.8.2 927ecd68ee1f 5 weeks ago 144MB goharbor/prepare v1.8.2 b0d62cc7683d 5 weeks ago 145MB # netstat -lntp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 127.0.0.1:1514 0.0.0.0:* LISTEN 1601/docker-proxy tcp6 0 0 :::443 :::* LISTEN 1733/docker-proxy tcp6 0 0 :::80 :::* LISTEN 1745/docker-proxy
7.访问登录harbor(https://{harbor主机ip}),默认用户名/密码:admin/Harbor12345
8.修改需要与harbor连接的各docker节点配置文件
# vi /etc/docker/daemon.json { "registry-mirrors": ["https://wghlmi3i.mirror.aliyuncs.com"], "insecure-registries":["{harbor主机IP:port}"] } # systemctl restart docker
9.harbor镜像操作
镜像打标签
docker tag SOURCE_IMAGE[:TAG] {harbor主机域名:port}/library/IMAGE[:TAG]
推送镜像
# docker login {harbor主机域名:port} -u {harbor登录用户名} -p {harbor密码} //登入harbor在docekr client各主机执行 Login Succeeded # docker push {harbor主机域名:port}/library/IMAGE[:TAG] # docker logout //登出harbor
拉取镜像
# docker pull {harbor主机域名:port}/library/IMAGE[:TAG]