企業級映象倉庫Harbor
介紹:
Habor是由VMWare公司開源的容器映象倉庫。事實上,Habor是在Docker Registry上進行了相應的
企業級擴充套件,從而獲得了更加廣泛的應用,這些新的企業級特性包括:管理使用者介面,基於角色的訪
問控制 ,AD/LDAP整合以及審計日誌等,足以滿足基本企業需求
元件 | 功能 |
harbor-adminserver | 配置管理中心 |
harbor-db | MySQL資料庫 |
harbor-jobservice | 負責映象的複製 |
harbor-log | 負責操作日誌 |
harbor-ui | Web管理頁面和API |
nginx | 前端代理,負責前端頁面和映象的上傳/下載轉發 |
redis | 會話 |
registry | 映象儲存 |
Harbor的幾種安裝方式:
1、線上安裝:從Docker Hub下載harbor相關映象,因此安裝軟體包非常的小
2、離線安裝:安裝包包含部署的相關映象,因此安裝包比較大
3、OVA安裝程式,當用戶具有Vcenter環境的時候,使用此安裝程式,再部署OVA後啟動Harbor
這裡我們使用離線安裝的方式:
harbor-offline-installer-v1.6.1.tgz
tar -xf harbor-offline-installer-v1.6.1.tgz
修改配置檔案
[[email protected] harbor]# grep -Ev "^$|^#" harbor.cfg _version = 1.6.0 hostname = 192.168.20.11 #harbor 的地址,可以寫IP,也可以寫域名 ui_url_protocol = http max_job_workers = 10 customize_crt = on ssl_cert = /data/cert/server.crt ssl_cert_key = /data/cert/server.key secretkey_path = /data admiral_url = NA log_rotate_count = 50 log_rotate_size = 200M http_proxy = https_proxy = no_proxy = 127.0.0.1,localhost,ui,registry email_identity = email_server = smtp.mydomain.com email_server_port = 25 email_username =[email protected] email_password = abc email_from = admin <[email protected]> email_ssl = false email_insecure = false harbor_admin_password = 123456 auth_mode = db_auth ldap_url = ldaps://ldap.mydomain.com ldap_basedn = ou=people,dc=mydomain,dc=com ldap_uid = uid ldap_scope = 2 ldap_timeout = 5 ldap_verify_cert = true ldap_group_basedn = ou=group,dc=mydomain,dc=com ldap_group_filter = objectclass=group ldap_group_gid = cn ldap_group_scope = 2 self_registration = on token_expiration = 30 project_creation_restriction = everyone db_host = postgresql db_password = root123 db_port = 5432 db_user = postgres redis_host = redis redis_port = 6379 redis_password = redis_db_index = 1,2,3 clair_db_host = postgresql clair_db_password = root123 clair_db_port = 5432 clair_db_username = postgres clair_db = postgres clair_updaters_interval = 12 uaa_endpoint = uaa.mydomain.org uaa_clientid = id uaa_clientsecret = secret uaa_verify_cert = true uaa_ca_cert = /path/to/ca.pem registry_storage_provider_name = filesystem registry_storage_provider_config = registry_custom_ca_bundle =
Harbor 是使用docker-compose來編排部署的,所以這裡我們這裡必須要有一個docker-compose
下載後就是一個二進位制檔案
docker-compose的作用是單機編排,以及管理多個容器
docker-compose-Linux-x86_64
mv docker-compose-Linux-x86_64 harbor/
mv docker-compose-Linux-x86_64 /usr/bin/docker-compose
chmod +x /usr/bin/docker-compose
[[email protected] harbor]# ./prepare 生成預配置檔案
[[email protected] harbor]# ./install.sh 匯入包中所有的映象
[[email protected] harbor]# ./install.sh [Step 0]: checking installation environment ... Note: docker version: 18.09.0 Note: docker-compose version: 1.23.1 [Step 1]: loading Harbor images ... ad50e89f4922: Loading layer 133.4MB/133.4MB 8c9a00a7f290: Loading layer 73.29MB/73.29MB 078e22641f73: Loading layer 3.584kB/3.584kB 5494f0d704cb: Loading layer 3.072kB/3.072kB 34c7e304d18b: Loading layer 4.096kB/4.096kB ae9209f78c11: Loading layer 3.584kB/3.584kB 1498359f7391: Loading layer 9.728kB/9.728kB Loaded image: goharbor/harbor-log:v1.6.1 bb738fd5b202: Loading layer 23.38MB/23.38MB 51f6c7e046ae: Loading layer 21.15MB/21.15MB 67ff79ae8340: Loading layer 21.15MB/21.15MB Loaded image: goharbor/harbor-jobservice:v1.6.1 b5be864bae6a: Loading layer 83.89MB/83.89MB 9fdbae37c606: Loading layer 3.072kB/3.072kB c24b06c70085: Loading layer 59.9kB/59.9kB 946c040a69da: Loading layer 61.95kB/61.95kB Loaded image: goharbor/redis-photon:v1.6.1 747ac74b0475: Loading layer 5.128MB/5.128MB Loaded image: goharbor/nginx-photon:v1.6.1 3d4aae33f4f1: Loading layer 683MB/683MB 3cb271cda7e0: Loading layer 7.68kB/7.68kB 7ae402931bdb: Loading layer 197.6kB/197.6kB Loaded image: goharbor/harbor-migrator:v1.6.1 67747a74e108: Loading layer 158.1MB/158.1MB 93f3d22257c7: Loading layer 35.08MB/35.08MB 2eda636f347b: Loading layer 2.56kB/2.56kB 7a3b4ef015e8: Loading layer 35.08MB/35.08MB Loaded image: goharbor/chartmuseum-photon:v0.7.1-v1.6.1 038c23438769: Loading layer 23.38MB/23.38MB a6a0201bf457: Loading layer 26.88MB/26.88MB aa0986b7d608: Loading layer 7.168kB/7.168kB 830a350d7059: Loading layer 11.32MB/11.32MB 3100afecce3d: Loading layer 26.87MB/26.87MB Loaded image: goharbor/harbor-ui:v1.6.1 15134eb6d277: Loading layer 95.85MB/95.85MB 02cff5f31ca4: Loading layer 6.656kB/6.656kB 3e43f3cb1d4c: Loading layer 2.048kB/2.048kB 4ab1b74a5650: Loading layer 7.68kB/7.68kB 9c78faccbd48: Loading layer 2.56kB/2.56kB 158d4a16071f: Loading layer 2.56kB/2.56kB 6a2fbfb6100b: Loading layer 2.56kB/2.56kB Loaded image: goharbor/harbor-db:v1.6.1 b15fe66f326a: Loading layer 23.38MB/23.38MB 336e69120569: Loading layer 3.072kB/3.072kB f308142e2037: Loading layer 3.072kB/3.072kB 3119c7884a49: Loading layer 2.048kB/2.048kB fafa9955d095: Loading layer 22.8MB/22.8MB 4c53b946082a: Loading layer 22.8MB/22.8MB Loaded image: goharbor/registry-photon:v2.6.2-v1.6.1 0fee5e457010: Loading layer 23.38MB/23.38MB 6d1b402441fc: Loading layer 12.16MB/12.16MB 765a288fcf5a: Loading layer 17.3MB/17.3MB da4578643aee: Loading layer 11.26kB/11.26kB f02d275fa76f: Loading layer 3.072kB/3.072kB 4a3d1e973223: Loading layer 29.46MB/29.46MB Loaded image: goharbor/notary-server-photon:v0.5.1-v1.6.1 918b224a19fd: Loading layer 10.95MB/10.95MB ff41acdef199: Loading layer 17.3MB/17.3MB 4389d5e9282a: Loading layer 11.26kB/11.26kB 8a0e0bb6ed63: Loading layer 3.072kB/3.072kB d437ffa494e0: Loading layer 28.24MB/28.24MB Loaded image: goharbor/notary-signer-photon:v0.5.1-v1.6.1 1c86e9f19207: Loading layer 158.1MB/158.1MB 3b4698fe61a0: Loading layer 10.93MB/10.93MB 8dbd6d55a6cd: Loading layer 2.048kB/2.048kB 5cb748f1dcf1: Loading layer 48.13kB/48.13kB f86a42ee549b: Loading layer 10.98MB/10.98MB Loaded image: goharbor/clair-photon:v2.0.6-v1.6.1 18abf81cd9fd: Loading layer 23.38MB/23.38MB 66a3e670c5b5: Loading layer 15.58MB/15.58MB 9cdd51a1e20c: Loading layer 15.36kB/15.36kB 9aedba3496f1: Loading layer 15.58MB/15.58MB Loaded image: goharbor/harbor-adminserver:v1.6.1 [Step 2]: preparing environment ... Clearing the configuration file: ./common/config/adminserver/env Clearing the configuration file: ./common/config/ui/env Clearing the configuration file: ./common/config/ui/app.conf Clearing the configuration file: ./common/config/ui/private_key.pem Clearing the configuration file: ./common/config/db/env Clearing the configuration file: ./common/config/jobservice/env Clearing the configuration file: ./common/config/jobservice/config.yml Clearing the configuration file: ./common/config/registry/config.yml Clearing the configuration file: ./common/config/registry/root.crt Clearing the configuration file: ./common/config/registryctl/env Clearing the configuration file: ./common/config/registryctl/config.yml Clearing the configuration file: ./common/config/nginx/nginx.conf Clearing the configuration file: ./common/config/log/logrotate.conf loaded secret from file: /data/secretkey Generated configuration file: ./common/config/nginx/nginx.conf Generated configuration file: ./common/config/adminserver/env Generated configuration file: ./common/config/ui/env Generated configuration file: ./common/config/registry/config.yml Generated configuration file: ./common/config/db/env Generated configuration file: ./common/config/jobservice/env Generated configuration file: ./common/config/jobservice/config.yml Generated configuration file: ./common/config/log/logrotate.conf Generated configuration file: ./common/config/registryctl/env Generated configuration file: ./common/config/ui/app.conf Generated certificate, key file: ./common/config/ui/private_key.pem, cert file: ./common/config/registry/root.crt The configuration files are ready, please use docker-compose to start the service. [Step 3]: checking existing instance of Harbor ... [Step 4]: starting Harbor ... Creating network "harbor_harbor" with the default driver Creating harbor-log ... done Creating registry ... done Creating harbor-db ... done Creating redis ... done Creating harbor-adminserver ... done Creating harbor-ui ... done Creating harbor-jobservice ... done Creating nginx ... done ✔ ----Harbor has been installed and started successfully.---- Now you should be able to visit the admin portal at http://192.168.20.11. For more details, please visit https://github.com/goharbor/harbor .
假如有什麼異常的話,我們處理一下,然後使用docker-compose up -d 再啟動一次
這個時候我們瀏覽器輸入:
這裡預設有一個專案是公開的
這個我們可以不用登陸就可以下載,但是我們上傳的時候我們需要建立使用者密碼,所以這裡我們在人員管理上新增一個使用者,然後給這個專案分配成員
推送映象的格式:
在專案中標記映象:
docker tag SOURCE_IMAGE[:TAG] 192.168.20.11/library/IMAGE[:TAG]
推送映象到當前專案: docker push 192.168.20.11/library/IMAGE[:TAG]這裡我們先標記映象,然後把標記的映象推送到Harbor 倉庫中
在推送映象之前我們需要先登入Harbor
預設是使用https方式的但是我們目前這裡使用的事http的方式,所以這裡我們要新增一個可信任的配置
[[email protected] harbor]# cat /etc/docker/daemon.json
{"registry-mirrors": ["http://f1361db2.m.daocloud.io"],
"insecure-registries":["192.168.20.11"]
}
需要重啟Docker才可以生效
systemctl restart docker
然後就是登入倉庫(使用剛剛web頁面上建立的使用者名稱和密碼)
[[email protected] harbor]# docker login 192.168.20.11 這裡只要登入一次就可以了,但是會有失效時間,其實也不麻煩,每次上傳的時候都可以登入一下
Username: bigbao Password: WARNING! Your password will be stored unencrypted in /root/.docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store Login Succeeded
打標籤 docker tag nginx:1.15 192.168.20.11/library/bigbao_harbor_nginx:1.15 上傳映象到倉庫中 [[email protected] harbor]# docker push 192.168.20.11/library/bigbao_harbor_nginx:1.15 The push refers to repository [192.168.20.11/library/bigbao_harbor_nginx] ece4f9fdef59: Pushed ad5345cbb119: Pushed ef68f6734aa4: Pushed 1.15: digest: sha256:87e9b6904b4286b8d41bba4461c0b736835fcc218f7ecbe5544b53fdd467189f size: 948
[[email protected] harbor]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE 192.168.20.11/library/bigbao_harbor_nginx 1.15 568c4670fa80 4 days ago 109MB nginx 1.15 568c4670fa80 4 days ago 109MB nginx latest 568c4670fa80 4 days ago 109MB goharbor/chartmuseum-photon v0.7.1-v1.6.1 f0a2dbee1ff1 6 weeks ago 350MB goharbor/harbor-migrator v1.6.1 60e8be845b35 6 weeks ago 798MB goharbor/redis-photon v1.6.1 6a67380bb061 6 weeks ago 210MB goharbor/clair-photon v2.0.6-v1.6.1 c4fcdbae7df2 6 weeks ago 302MB goharbor/notary-server-photon v0.5.1-v1.6.1 f1afd44d9f9b 6 weeks ago 209MB goharbor/notary-signer-photon v0.5.1-v1.6.1 83aa51867207 6 weeks ago 207MB goharbor/registry-photon v2.6.2-v1.6.1 f4cb5e83f0a4 6 weeks ago 196MB goharbor/nginx-photon v1.6.1 9ca888fe33b2 6 weeks ago 132MB goharbor/harbor-log v1.6.1 9b1ea3f29465 6 weeks ago 198MB goharbor/harbor-jobservice v1.6.1 9ca6fd371ca6 6 weeks ago 192MB goharbor/harbor-ui v1.6.1 305ee5b8952c 6 weeks ago 215MB goharbor/harbor-adminserver v1.6.1 a3e95f74984e 6 weeks ago 181MB goharbor/harbor-db v1.6.1 3bea3bff0190 6 weeks ago 219MB centos 7 75835a67d134 7 weeks ago 200MB busybox latest 59788edf1f3e 2 months ago 1.15MB [[email protected] harbor]# docker tag centos:7 192.168.20.11/library/bigbao_harbor_centos:7 [[email protected] harbor]# docker tag busybox:latest 192.168.20.11/library/bigbao_harbor_busybox:latest [[email protected] harbor]# docker push 192.168.20.11/library/bigbao_harbor_busybox:latest The push refers to repository [192.168.20.11/library/bigbao_harbor_busybox] 8a788232037e: Pushed latest: digest: sha256:915f390a8912e16d4beb8689720a17348f3f6d1a7b659697df850ab625ea29d5 size: 527 [[email protected] harbor]# docker push 192.168.20.11/library/bigbao_harbor_centos:7 The push refers to repository [192.168.20.11/library/bigbao_harbor_centos] f972d139738d: Pushed 7: digest: sha256:dc29e2bcceac52af0f01300402f5e756cc8c44a310867f6b94f5f7271d4f3fec size: 529
這個時候我們去看一下我們的映象倉庫就要映象了
之前我們都是懂官方倉庫下載映象或者加速倉庫下載,這個時候我們就可以從自己的私有倉庫下載了
這裡我們就可以直接只用
docker pull 192.168.20.11/library/bigbao_harbor_centos:7 下載了(如果不是公開專案我們先登入)