1,简单介绍。
Harbor,是一个英文单词,意思是港湾,港湾是干什么的呢,就是停放货物的,而货物呢,是装在集装箱中的,说到集装箱,就不得不提到Docker容器,因为docker容器的技术正是借鉴了集装箱的原理。所以,Harbor正是一个用于存储Docker镜像的企业级Registry服务。
Harbor是Vmvare中国团队开发的开源registry仓库,相比docker官方拥有更丰富的权限权利和完善的架构设计,适用大规模docker集群部署提供仓库服务。
2,主要组件。
- Proxy:Harbor的registry, UI, token等服务,通过一个前置的反向代理统一接收浏览器、Docker客户端的请求,并将请求转发给后端不同的服务。
- Registry: 负责储存Docker镜像,并处理docker push/pull 命令。由于我们要对用户进行访问控制,即不同用户对Docker image有不同的读写权限,Registry会指向一个token服务,强制用户的每次docker pull/push请求都要携带一个合法的token, Registry会通过公钥对token 进行解密验证。
- Core services: 这是Harbor的核心功能,主要提供以下服务:
1,UI:提供图形化界面,帮助用户管理registry上的镜像(image), 并对用户进行授权。
2,webhook:为了及时获取registry 上image状态变化的情况, 在Registry上配置webhook,把状态变化传递给UI模块。
3,token 服务:负责根据用户权限给每个docker push/pull命令签发token. Docker 客户端向Regiøstry服务发起的请求,如果不包含token,会被重定向到这里,获得token后再重新向Registry进行请求。
2,webhook:为了及时获取registry 上image状态变化的情况, 在Registry上配置webhook,把状态变化传递给UI模块。
3,token 服务:负责根据用户权限给每个docker push/pull命令签发token. Docker 客户端向Regiøstry服务发起的请求,如果不包含token,会被重定向到这里,获得token后再重新向Registry进行请求。
- Database:为core services提供数据库服务,负责储存用户权限、审计日志、Docker image分组信息等数据。
- Log collector:为了帮助监控Harbor运行,负责收集其他组件的log,供日后进行分析。
有架构图如下:
- CentOS:7.3
- docker-ce:17.12.1
- docker-compose:version-1.18.0
- harbor-offline:v1.5.1
3,安装。
1,安装docker。
wget http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo && mv docker-ce.repo /etc/yum.repos.d yum -y install docker-ce-17.12.1.ce-1.el7.centos
启动服务。
systemctl enable docker systemctl start docker systemctl status docker
2,安装docker-compose。
源码地址:https://github.com/docker/compose/releases
下载指定版本。
curl -L https://github.com/docker/compose/releases/download/1.18.0/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
添加执行权限。
chmod +x /usr/local/bin/docker-compose
验证一下。
$docker-compose --version 输出: docker-compose version 1.18.0, build 8dd22a9
3,安装harbor。
源码地址:https://github.com/goharbor/harbor/releases
项目分有在线版,以及离线版,这里介绍离线版的安装。
下载安装包。
wget https://storage.googleapis.com/harbor-releases/release-1.5.0/harbor-offline-installer-v1.5.1.tgz
或许用迅雷下载,速度更佳。
解压安装包。
$tar xf harbor-offline-installer-v1.5.1.tgz $ls harbor common docker-compose.clair.yml docker-compose.notary.yml docker-compose.yml ha harbor.cfg harbor.v1.5.1.tar.gz install.sh LICENSE NOTICE prepare
更改配置。
$vim harbor.cfg 将hostname更改为本机ip即可。 hostname = 192.168.111.5
其他的配置保持默认即可,还有一些常用配置,如果需要,可以自行按需修改。
执行安装。
$bash install.sh [Step 0]: checking installation environment ... Note: docker version: 17.12.1 Note: docker-compose version: 1.18.0 [Step 1]: loading Harbor images ... 52ef9064d2e4: Loading layer [==================================================>] 135.9MB/135.9MB 4a6862dbadda: Loading layer [==================================================>] 23.25MB/23.25MB 58b7d0c522b2: Loading layer [==================================================>] 24.4MB/24.4MB 9cd4bb748634: Loading layer [==================================================>] 7.168kB/7.168kB c81302a14908: Loading layer [==================================================>] 10.56MB/10.56MB 7848e9ba72a3: Loading layer [==================================================>] 24.39MB/24.39MB Loaded image: vmware/harbor-ui:v1.5.1 f1691b5a5198: Loading layer [==================================================>] 73.15MB/73.15MB a529013c99e4: Loading layer [==================================================>] 3.584kB/3.584kB d9b4853cff8b: Loading layer [==================================================>] 3.072kB/3.072kB 3d305073979e: Loading layer [==================================================>] 4.096kB/4.096kB c9e17074f54a: Loading layer [==================================================>] 3.584kB/3.584kB 956055840e30: Loading layer [==================================================>] 9.728kB/9.728kB Loaded image: vmware/harbor-log:v1.5.1 185db06a02d0: Loading layer [==================================================>] 23.25MB/23.25MB 835213979c70: Loading layer [==================================================>] 20.9MB/20.9MB f74eeb41c1c9: Loading layer [==================================================>] 20.9MB/20.9MB Loaded image: vmware/harbor-jobservice:v1.5.1 9bd5c7468774: Loading layer [==================================================>] 23.25MB/23.25MB 5fa6889b9a6d: Loading layer [==================================================>] 2.56kB/2.56kB bd3ac235b209: Loading layer [==================================================>] 2.56kB/2.56kB cb5d493833cc: Loading layer [==================================================>] 2.048kB/2.048kB 557669a074de: Loading layer [==================================================>] 22.8MB/22.8MB f02b4f30a9ac: Loading layer [==================================================>] 22.8MB/22.8MB Loaded image: vmware/registry-photon:v2.6.2-v1.5.1 5d3b562db23e: Loading layer [==================================================>] 23.25MB/23.25MB 8edca1b0e3b0: Loading layer [==================================================>] 12.16MB/12.16MB ce5f11ea46c0: Loading layer [==================================================>] 17.3MB/17.3MB 93750d7ec363: Loading layer [==================================================>] 15.87kB/15.87kB 36f81937e80d: Loading layer [==================================================>] 3.072kB/3.072kB 37e5df92b624: Loading layer [==================================================>] 29.46MB/29.46MB Loaded image: vmware/notary-server-photon:v0.5.1-v1.5.1 0a2f8f90bd3a: Loading layer [==================================================>] 401.3MB/401.3MB 41fca4deb6bf: Loading layer [==================================================>] 9.216kB/9.216kB f2e28262e760: Loading layer [==================================================>] 9.216kB/9.216kB 68677196e356: Loading layer [==================================================>] 7.68kB/7.68kB 2b006714574e: Loading layer [==================================================>] 1.536kB/1.536kB Loaded image: vmware/mariadb-photon:v1.5.1 a8c4992c632e: Loading layer [==================================================>] 156.3MB/156.3MB 0f37bf842677: Loading layer [==================================================>] 10.75MB/10.75MB 9f34c0cd38bf: Loading layer [==================================================>] 2.048kB/2.048kB 91ca17ca7e16: Loading layer [==================================================>] 48.13kB/48.13kB 5a7e0da65127: Loading layer [==================================================>] 10.8MB/10.8MB Loaded image: vmware/clair-photon:v2.0.1-v1.5.1 0e782fe069e7: Loading layer [==================================================>] 23.25MB/23.25MB 67fc1e2f7009: Loading layer [==================================================>] 15.36MB/15.36MB 8db2141aa82c: Loading layer [==================================================>] 15.36MB/15.36MB Loaded image: vmware/harbor-adminserver:v1.5.1 3f87a34f553c: Loading layer [==================================================>] 4.772MB/4.772MB Loaded image: vmware/nginx-photon:v1.5.1 Loaded image: vmware/photon:1.0 ad58f3ddcb1b: Loading layer [==================================================>] 10.95MB/10.95MB 9b50f12509bf: Loading layer [==================================================>] 17.3MB/17.3MB 2c21090fd212: Loading layer [==================================================>] 15.87kB/15.87kB 38bec864f23e: Loading layer [==================================================>] 3.072kB/3.072kB 6e81ea7b0fa6: Loading layer [==================================================>] 28.24MB/28.24MB Loaded image: vmware/notary-signer-photon:v0.5.1-v1.5.1 897a26fa09cb: Loading layer [==================================================>] 95.02MB/95.02MB 16e3a10a21ba: Loading layer [==================================================>] 6.656kB/6.656kB 85ecac164331: Loading layer [==================================================>] 2.048kB/2.048kB 37a2fb188706: Loading layer [==================================================>] 7.68kB/7.68kB Loaded image: vmware/postgresql-photon:v1.5.1 bed9f52be1d1: Loading layer [==================================================>] 11.78kB/11.78kB d731f2986f6e: Loading layer [==================================================>] 2.56kB/2.56kB c3fde9a69f96: Loading layer [==================================================>] 3.072kB/3.072kB Loaded image: vmware/harbor-db:v1.5.1 7844feb13ef3: Loading layer [==================================================>] 78.68MB/78.68MB de0fd8aae388: Loading layer [==================================================>] 3.072kB/3.072kB 3f79efb720fd: Loading layer [==================================================>] 59.9kB/59.9kB 1c02f801c2e8: Loading layer [==================================================>] 61.95kB/61.95kB Loaded image: vmware/redis-photon:v1.5.1 454c81edbd3b: Loading layer [==================================================>] 135.2MB/135.2MB e99db1275091: Loading layer [==================================================>] 395.4MB/395.4MB 051e4ee23882: Loading layer [==================================================>] 9.216kB/9.216kB 6cca4437b6f6: Loading layer [==================================================>] 9.216kB/9.216kB 1d48fc08c8bc: Loading layer [==================================================>] 7.68kB/7.68kB 0419724fd942: Loading layer [==================================================>] 1.536kB/1.536kB 543c0c1ee18d: Loading layer [==================================================>] 655.2MB/655.2MB 4190aa7e89b8: Loading layer [==================================================>] 103.9kB/103.9kB Loaded image: vmware/harbor-migrator:v1.5.0 [Step 2]: preparing environment ... Generated and saved secret to file: /data/secretkey Generated configuration file: ./common/config/nginx/nginx.conf Generated configuration file: ./common/config/adminserver/env Generated configuration file: ./common/config/ui/env Generated configuration file: ./common/config/registry/config.yml Generated configuration file: ./common/config/db/env Generated configuration file: ./common/config/jobservice/env Generated configuration file: ./common/config/jobservice/config.yml Generated configuration file: ./common/config/log/logrotate.conf Generated configuration file: ./common/config/jobservice/config.yml Generated configuration file: ./common/config/ui/app.conf Generated certificate, key file: ./common/config/ui/private_key.pem, cert file: ./common/config/registry/root.crt The configuration files are ready, please use docker-compose to start the service. Creating harbor-log ... done [Step 3]: checking existing instance of Harbor ... Creating harbor-adminserver ... done Creating harbor-ui ... done Creating network "harbor_harbor" with the default driver Creating nginx ... done Creating harbor-adminserver ... Creating registry ... Creating harbor-db ... Creating redis ... Creating harbor-ui ... Creating nginx ... Creating harbor-jobservice ... ✔ ----Harbor has been installed and started successfully.---- Now you should be able to visit the admin portal at http://192.168.111.5. For more details, please visit https://github.com/vmware/harbor .
看到这些输出,说明安装已经完成。
查看一下服务:
$docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 55a0c9372840 vmware/harbor-jobservice:v1.5.1 "/harbor/start.sh" About an hour ago Up About an hour harbor-jobservice 50bd7c7a0a85 vmware/nginx-photon:v1.5.1 "nginx -g 'daemon of…" About an hour ago Up About an hour (healthy) 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp nginx b683e14ba917 vmware/harbor-ui:v1.5.1 "/harbor/start.sh" About an hour ago Up About an hour (healthy) harbor-ui a397a6785014 vmware/redis-photon:v1.5.1 "docker-entrypoint.s…" About an hour ago Up About an hour 6379/tcp redis 832f201f3c8d vmware/harbor-adminserver:v1.5.1 "/harbor/start.sh" About an hour ago Up About an hour (healthy) harbor-adminserver a0eacf22bfec vmware/harbor-db:v1.5.1 "/usr/local/bin/dock…" About an hour ago Up About an hour (healthy) 3306/tcp harbor-db 1c2cf0565a97 vmware/registry-photon:v2.6.2-v1.5.1 "/entrypoint.sh serv…" About an hour ago Up About an hour (healthy) 5000/tcp registry 7ec39f149caa vmware/harbor-log:v1.5.1 "/bin/sh -c /usr/loc…" About an hour ago Up About an hour (healthy) 127.0.0.1:1514->10514/tcp harbor-log
有哪些:
$docker-compose ps
Name Command State Ports
------------------------------------------------------------------------------------------------------------------------------
harbor-adminserver /harbor/start.sh Up
harbor-db /usr/local/bin/docker-entr ... Up 3306/tcp
harbor-jobservice /harbor/start.sh Up
harbor-log /bin/sh -c /usr/local/bin/ ... Up 127.0.0.1:1514->10514/tcp
harbor-ui /harbor/start.sh Up
nginx nginx -g daemon off; Up 0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp, 0.0.0.0:80->80/tcp
redis docker-entrypoint.sh redis ... Up 6379/tcp
registry /entrypoint.sh serve /etc/ ... Up 5000/tcp
访问私服仓库。
192.168.111.5
默认用户名/密码:admin/Harbor12345
登陆之后可以修改一下密码。
4,客户端验证。
在另外一台主机上安装docker服务,验证私服可用性。
1,安装docker。
wget http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo && mv docker-ce.repo /etc/yum.repos.d yum -y install docker-ce-17.12.1.ce-1.el7.centos
启动服务。
systemctl enable docker systemctl start docker systemctl status docker
2,配置私服连接。
cat > /etc/docker/daemon.json << EOF
{ "insecure-registries":["192.168.111.5"] }
EOF
重启docker。
systemctl daemon-reload systemctl restart docker
登陆私服,如果登陆失败,可能是两台主机时间不同步。
$docker login -u admin -p Harbor12345 192.168.111.5 WARNING! Using --password via the CLI is insecure. Use --password-stdin. Login Succeeded
3,验证拉取镜像。
先本地pull一个镜像。
$docker pull busybox Using default tag: latest latest: Pulling from library/busybox 90e01955edcd: Pull complete Digest: sha256:2a03a6059f21e150ae84b0973863609494aad70f0a80eaeb64bddd8d92465812 Status: Downloaded newer image for busybox:latest $docker images REPOSITORY TAG IMAGE ID CREATED SIZE busybox latest 59788edf1f3e 2 months ago 1.15MB
更改一下tag,测试一下push。
$docker tag busybox 192.168.111.5/library/busybox:1 $docker push 192.168.111.5/library/busybox:1 The push refers to repository [192.168.111.5/library/busybox] 8a788232037e: Pushed 1: digest: sha256:915f390a8912e16d4beb8689720a17348f3f6d1a7b659697df850ab625ea29d5 size: 527
可以在私服当中看到这个镜像:
本地删除镜像,然后测试一下pull。
查看镜像。 $docker images REPOSITORY TAG IMAGE ID CREATED SIZE 192.168.111.5/library/busybox 1 59788edf1f3e 2 months ago 1.15MB busybox latest 59788edf1f3e 2 months ago 1.15MB 删除本地镜像。 $docker rmi -f 59788edf1f3e 59788edf1f3e 从本地私服pull镜像。 $docker pull 192.168.111.5/library/busybox:1 1: Pulling from library/busybox 90e01955edcd: Pull complete Digest: sha256:915f390a8912e16d4beb8689720a17348f3f6d1a7b659697df850ab625ea29d5 Status: Downloaded newer image for 192.168.111.5/library/busybox:1 再次查看镜像。 $docker images REPOSITORY TAG IMAGE ID CREATED SIZE 192.168.111.5/library/busybox 1 59788edf1f3e 2 months ago 1.15MB
扫码订阅,第一时间获得更新
微信扫码二维码,订阅我们网站的动态,另外不定时发送WordPress小技巧,你可以随时退订,欢迎订阅哦~
二丫讲梵 , 版权所有丨如未注明 , 均为原创丨本网站采用BY-NC-SA协议进行授权 , 转载请注明<五>docker学习笔记–企业级仓库harbor搭建!
