1,简单介绍。
Harbor,是一个英文单词,意思是港湾,港湾是干什么的呢,就是停放货物的,而货物呢,是装在集装箱中的,说到集装箱,就不得不提到 Docker 容器,因为 docker 容器的技术正是借鉴了集装箱的原理。所以,Harbor 正是一个用于存储 Docker 镜像的企业级 Registry 服务。
Harbor 是 Vmvare 中国团队开发的开源 registry 仓库,相比 docker 官方拥有更丰富的权限权利和完善的架构设计,适用大规模 docker 集群部署提供仓库服务。
2,主要组件。
Proxy:Harbor 的 registry, UI, token 等服务,通过一个前置的反向代理统一接收浏览器、Docker 客户端的请求,并将请求转发给后端不同的服务。
Registry:负责储存 Docker 镜像,并处理 docker push/pull 命令。由于我们要对用户进行访问控制,即不同用户对 Docker image 有不同的读写权限,Registry 会指向一个 token 服务,强制用户的每次 docker pull/push 请求都要携带一个合法的 token, Registry 会通过公钥对 token 进行解密验证。
Core services:这是 Harbor 的核心功能,主要提供以下服务:
1,UI:提供图形化界面,帮助用户管理 registry 上的镜像(image), 并对用户进行授权。2,webhook:为了及时获取 registry 上 image 状态变化的情况, 在 Registry 上配置 webhook,把状态变化传递给 UI 模块。3,token 服务:负责根据用户权限给每个 docker push/pull 命令签发 token. Docker 客户端向 Regiøstry 服务发起的请求, 如果不包含 token,会被重定向到这里,获得 token 后再重新向 Registry 进行请求。
Database:为 core services 提供数据库服务,负责储存用户权限、审计日志、Docker image 分组信息等数据。
Log collector:为了帮助监控 Harbor 运行,负责收集其他组件的 log,供日后进行分析。
有架构图如下:
运行环境
CentOS:7.3
docker-ce:17.12.1
docker-compose:version-1.18.0
harbor-offline:v1.5.1
3,安装。
#1,安装 docker。
wget http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo && mv docker-ce.repo /etc/yum.repos.dyum -y install docker-ce-17.12.1.ce-1.el7.centos
启动服务。
systemctl enable dockersystemctl start dockersystemctl status docker
2,安装 docker-compose。
源码地址:https://github.com/docker/compose/releases
下载指定版本。
curl -L https://github.com/docker/compose/releases/download/1.18.0/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose添加执行权限。
chmod +x /usr/local/bin/docker-compose验证一下。
$docker-compose --version输出:docker-compose version 1.18.0, build 8dd22a9
3,安装 harbor。
源码地址:https://github.com/goharbor/harbor/releases
项目分有在线版,以及离线版,这里介绍离线版的安装。
下载安装包。
wget https://storage.googleapis.com/harbor-releases/release-1.5.0/harbor-offline-installer-v1.5.1.tgz或许用迅雷下载,速度更佳。
解压安装包。
$tar xf harbor-offline-installer-v1.5.1.tgz$ls harborcommon docker-compose.clair.yml docker-compose.notary.yml docker-compose.yml ha harbor.cfg harbor.v1.5.1.tar.gz install.sh LICENSE NOTICE prepare
更改配置。
$vim harbor.cfg将hostname更改为本机ip即可。hostname = 192.168.111.5
其他的配置保持默认即可,还有一些常用配置,如果需要,可以自行按需修改。
执行安装。
Note: docker version: 17.12.1Note: docker-compose version: 1.18.052ef9064d2e4: Loading layer [==================================================>] 135.9MB/135.9MB4a6862dbadda: Loading layer [==================================================>] 23.25MB/23.25MB58b7d0c522b2: Loading layer [==================================================>] 24.4MB/24.4MB9cd4bb748634: Loading layer [==================================================>] 7.168kB/7.168kBc81302a14908: Loading layer [==================================================>] 10.56MB/10.56MB7848e9ba72a3: Loading layer [==================================================>] 24.39MB/24.39MBLoaded image: vmware/harbor-ui:v1.5.1f1691b5a5198: Loading layer [==================================================>] 73.15MB/73.15MBa529013c99e4: Loading layer [==================================================>] 3.584kB/3.584kBd9b4853cff8b: Loading layer [==================================================>] 3.072kB/3.072kB3d305073979e: Loading layer [==================================================>] 4.096kB/4.096kBc9e17074f54a: Loading layer [==================================================>] 3.584kB/3.584kB956055840e30: Loading layer [==================================================>] 9.728kB/9.728kBLoaded image: vmware/harbor-log:v1.5.1185db06a02d0: Loading layer [==================================================>] 23.25MB/23.25MB835213979c70: Loading layer [==================================================>] 20.9MB/20.9MBf74eeb41c1c9: Loading layer [==================================================>] 20.9MB/20.9MBLoaded image: vmware/harbor-jobservice:v1.5.19bd5c7468774: Loading layer [==================================================>] 23.25MB/23.25MB5fa6889b9a6d: Loading layer [==================================================>] 2.56kB/2.56kBbd3ac235b209: Loading layer [==================================================>] 2.56kB/2.56kBcb5d493833cc: Loading layer [==================================================>] 2.048kB/2.048kB557669a074de: Loading layer [==================================================>] 22.8MB/22.8MBf02b4f30a9ac: Loading layer [==================================================>] 22.8MB/22.8MBLoaded image: vmware/registry-photon:v2.6.2-v1.5.15d3b562db23e: Loading layer [==================================================>] 23.25MB/23.25MB8edca1b0e3b0: Loading layer [==================================================>] 12.16MB/12.16MBce5f11ea46c0: Loading layer [==================================================>] 17.3MB/17.3MB93750d7ec363: Loading layer [==================================================>] 15.87kB/15.87kB36f81937e80d: Loading layer [==================================================>] 3.072kB/3.072kB37e5df92b624: Loading layer [==================================================>] 29.46MB/29.46MBLoaded image: vmware/notary-server-photon:v0.5.1-v1.5.10a2f8f90bd3a: Loading layer [==================================================>] 401.3MB/401.3MB41fca4deb6bf: Loading layer [==================================================>] 9.216kB/9.216kBf2e28262e760: Loading layer [==================================================>] 9.216kB/9.216kB68677196e356: Loading layer [==================================================>] 7.68kB/7.68kB2b006714574e: Loading layer [==================================================>] 1.536kB/1.536kBLoaded image: vmware/mariadb-photon:v1.5.1a8c4992c632e: Loading layer [==================================================>] 156.3MB/156.3MB0f37bf842677: Loading layer [==================================================>] 10.75MB/10.75MB9f34c0cd38bf: Loading layer [==================================================>] 2.048kB/2.048kB91ca17ca7e16: Loading layer [==================================================>] 48.13kB/48.13kB5a7e0da65127: Loading layer [==================================================>] 10.8MB/10.8MBLoaded image: vmware/clair-photon:v2.0.1-v1.5.10e782fe069e7: Loading layer [==================================================>] 23.25MB/23.25MB67fc1e2f7009: Loading layer [==================================================>] 15.36MB/15.36MB8db2141aa82c: Loading layer [==================================================>] 15.36MB/15.36MBLoaded image: vmware/harbor-adminserver:v1.5.13f87a34f553c: Loading layer [==================================================>] 4.772MB/4.772MBLoaded image: vmware/nginx-photon:v1.5.1Loaded image: vmware/photon:1.0ad58f3ddcb1b: Loading layer [==================================================>] 10.95MB/10.95MB9b50f12509bf: Loading layer [==================================================>] 17.3MB/17.3MB2c21090fd212: Loading layer [==================================================>] 15.87kB/15.87kB38bec864f23e: Loading layer [==================================================>] 3.072kB/3.072kB6e81ea7b0fa6: Loading layer [==================================================>] 28.24MB/28.24MBLoaded image: vmware/notary-signer-photon:v0.5.1-v1.5.1897a26fa09cb: Loading layer [==================================================>] 95.02MB/95.02MB16e3a10a21ba: Loading layer [==================================================>] 6.656kB/6.656kB85ecac164331: Loading layer [==================================================>] 2.048kB/2.048kB37a2fb188706: Loading layer [==================================================>] 7.68kB/7.68kBLoaded image: vmware/postgresql-photon:v1.5.1bed9f52be1d1: Loading layer [==================================================>] 11.78kB/11.78kBd731f2986f6e: Loading layer [==================================================>] 2.56kB/2.56kBc3fde9a69f96: Loading layer [==================================================>] 3.072kB/3.072kBLoaded image: vmware/harbor-db:v1.5.17844feb13ef3: Loading layer [==================================================>] 78.68MB/78.68MBde0fd8aae388: Loading layer [==================================================>] 3.072kB/3.072kB3f79efb720fd: Loading layer [==================================================>] 59.9kB/59.9kB1c02f801c2e8: Loading layer [==================================================>] 61.95kB/61.95kBLoaded image: vmware/redis-photon:v1.5.1454c81edbd3b: Loading layer [==================================================>] 135.2MB/135.2MBe99db1275091: Loading layer [==================================================>] 395.4MB/395.4MB051e4ee23882: Loading layer [==================================================>] 9.216kB/9.216kB6cca4437b6f6: Loading layer [==================================================>] 9.216kB/9.216kB1d48fc08c8bc: Loading layer [==================================================>] 7.68kB/7.68kB0419724fd942: Loading layer [==================================================>] 1.536kB/1.536kB543c0c1ee18d: Loading layer [==================================================>] 655.2MB/655.2MB4190aa7e89b8: Loading layer [==================================================>] 103.9kB/103.9kBLoaded image: vmware/harbor-migrator:v1.5.0Generated and saved secret to file: /data/secretkeyGenerated configuration file: ./common/config/nginx/nginx.confGenerated configuration file: ./common/config/adminserver/envGenerated configuration file: ./common/config/ui/envGenerated configuration file: ./common/config/registry/config.ymlGenerated configuration file: ./common/config/db/envGenerated configuration file: ./common/config/jobservice/envGenerated configuration file: ./common/config/jobservice/config.ymlGenerated configuration file: ./common/config/log/logrotate.confGenerated configuration file: ./common/config/jobservice/config.ymlGenerated configuration file: ./common/config/ui/app.confGenerated certificate, key file: ./common/config/ui/private_key.pem, cert file: ./common/config/registry/root.crtThe configuration files are ready, please use docker-compose to start the service.Creating harbor-log ... doneCreating harbor-adminserver ... doneCreating harbor-ui ... doneCreating network "harbor_harbor" with the default driverCreating nginx ... doneCreating harbor-adminserver ...Creating registry ...Creating harbor-db ...Creating redis ...Creating harbor-ui ...Creating nginx ...Creating harbor-jobservice ...Now you should be able to visit the admin portal at http://192.168.111.5.For more details, please visit https://github.com/vmware/harbor .
看到这些输出,说明安装已经完成。
查看一下服务:
$docker psCONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES55a0c9372840 vmware/harbor-jobservice:v1.5.1 "/harbor/start.sh" About an hour ago Up About an hour harbor-jobservice50bd7c7a0a85 vmware/nginx-photon:v1.5.1 "nginx -g 'daemon of…" About an hour ago Up About an hour (healthy) 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp nginxb683e14ba917 vmware/harbor-ui:v1.5.1 "/harbor/start.sh" About an hour ago Up About an hour (healthy) harbor-uia397a6785014 vmware/redis-photon:v1.5.1 "docker-entrypoint.s…" About an hour ago Up About an hour 6379/tcp redis832f201f3c8d vmware/harbor-adminserver:v1.5.1 "/harbor/start.sh" About an hour ago Up About an hour (healthy) harbor-adminservera0eacf22bfec vmware/harbor-db:v1.5.1 "/usr/local/bin/dock…" About an hour ago Up About an hour (healthy) 3306/tcp harbor-db1c2cf0565a97 vmware/registry-photon:v2.6.2-v1.5.1 "/entrypoint.sh serv…" About an hour ago Up About an hour (healthy) 5000/tcp registry7ec39f149caa vmware/harbor-log:v1.5.1 "/bin/sh -c /usr/loc…" About an hour ago Up About an hour (healthy) 127.0.0.1:1514->10514/tcp harbor-log
有哪些:
$docker-compose psName Command State Ports------------------------------------------------------------------------------------------------------------------------------harbor-adminserver /harbor/start.sh Upharbor-db /usr/local/bin/docker-entr ... Up 3306/tcpharbor-jobservice /harbor/start.sh Upharbor-log /bin/sh -c /usr/local/bin/ ... Up 127.0.0.1:1514->10514/tcpharbor-ui /harbor/start.sh Upnginx nginx -g daemon off; Up 0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp, 0.0.0.0:80->80/tcpredis docker-entrypoint.sh redis ... Up 6379/tcpregistry /entrypoint.sh serve /etc/ ... Up 5000/tcp
访问私服仓库。
192.168.111.5
默认用户名 / 密码:admin/Harbor12345
登陆之后可以修改一下密码。
#4,客户端验证。
在另外一台主机上安装 docker 服务,验证私服可用性。
1,安装 docker。
wget http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo && mv docker-ce.repo /etc/yum.repos.dyum -y install docker-ce-17.12.1.ce-1.el7.centos
启动服务。
systemctl enable dockersystemctl start dockersystemctl status docker
2,配置私服连接。
cat > /etc/docker/daemon.json{ "insecure-registries":["192.168.111.5"] }EOF
重启 docker。
systemctl daemon-reloadsystemctl restart docker
登陆私服,如果登陆失败,可能是两台主机时间不同步。
$docker login -u admin -p Harbor12345 192.168.111.5WARNING! Using --password via the CLI is insecure. Use --password-stdin.Login Succeeded
3,验证拉取镜像。
先本地 pull 一个镜像。
Using default tag: latestlatest: Pulling from library/busybox90e01955edcd: Pull completeDigest: sha256:2a03a6059f21e150ae84b0973863609494aad70f0a80eaeb64bddd8d92465812Status: Downloaded newer image for busybox:latestREPOSITORY TAG IMAGE ID CREATED SIZEbusybox latest 59788edf1f3e 2 months ago 1.15MB
更改一下 tag,测试一下 push。
$docker tag busybox 192.168.111.5/library/busybox:1$docker push 192.168.111.5/library/busybox:1The push refers to repository [192.168.111.5/library/busybox]8a788232037e: Pushed1: digest: sha256:915f390a8912e16d4beb8689720a17348f3f6d1a7b659697df850ab625ea29d5 size: 527
可以在私服当中看到这个镜像:
本地删除镜像,然后测试一下 pull。
查看镜像。REPOSITORY TAG IMAGE ID CREATED SIZEbusybox latest 59788edf1f3e 2 months ago 1.15MB删除本地镜像。从本地私服pull镜像。1: Pulling from library/busybox90e01955edcd: Pull completeDigest: sha256:915f390a8912e16d4beb8689720a17348f3f6d1a7b659697df850ab625ea29d5Status: Downloaded newer image for 192.168.111.5/library/busybox:1再次查看镜像。REPOSITORY TAG IMAGE ID CREATED SIZE192.168.111.5/library/busybox 1 59788edf1f3e 2 months ago 1.15MB
版权声明:本文内容来自个人博客:二丫讲梵,遵循CC 4.0 BY-SA版权协议上原文接及本声明。本作品采用知识共享署名-非商业性使用-禁止演绎 2.5 中国大陆许可协议进行可。原文链接:https://wiki.eryajf.net/pages/2314.htm如有涉及到侵权,请联系,将立即予以删除处理。在此特别鸣谢原作者:二丫讲梵的创作,Powered by 二丫讲梵。本文已获原作者授权发布。此篇文章的所有版权归原作者所有,与本公众号无关,商业转载建议请联系原作者,非商业转载请注明出处。