目标

使用docker容器的方式在centos 7服务器安装Harbor,机器IP:10.115.223.130

硬件需求

资源 性能 描述
CPU 2CPU 4CPU最佳
内存 4G 8G最佳
磁盘 40GB 160 最佳

软件需求

软件 版本
Python version 2.7 或更高
Docker engine version 1.10 或更高
Docker Compose version 1.6.0 或更高
# 查看python版本
[root@node119 ~]# python --version
Python 2.7.5

# 安装docker
yum install docker -y
# 查看docker版本
[root@node119 ~]# docker -v
Docker version 1.13.1, build 6e3bb8e/1.13.1

# 安装docker-compose
yum install -y epel-release
yum install -y python-pip
pip install docker-compose

# 查看docker-compose版本
[root@node119 ~]# docker-compose -v
docker-compose version 1.9.0, build 2585387

网络需求

端口 协议
443 https

安装步骤

下载安装包

wget https://storage.googleapis.com/harbor-releases/release-1.6.0/harbor-offline-installer-v1.6.0-rc2.tgz

解压文件包

tar xvf harbor-offline-installer-v1.6.0-rc2.tgz

配置harbor.cfg

vi harbor/harbor.cfg
# 修改为可访问的域名
hostname = yourdomain.com(这里替换为你的hostname配置)
# 数据库密码
db_password = xxxx

配置https证书

  • 创建证书
openssl req \
>     -newkey rsa:4096 -nodes -sha256 -keyout ca.key \
>     -x509 -days 365 -out ca.crt

Generating a 4096 bit RSA private key
...........................................................................................++
.........................................++
writing new private key to 'ca.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:ZH
State or Province Name (full name) []:BJ
Locality Name (eg, city) [Default City]:BJ
Organization Name (eg, company) [Default Company Ltd]:SUNHAOJIE
Organizational Unit Name (eg, section) []:SHJ
Common Name (eg, your name or your server's hostname) []:harbor.sunhaojie.com
Email Address []:sunhj000@163.com

在当前目录生成了ca.crt和ca.key
+ 创建证书请求

openssl req \
    -newkey rsa:4096 -nodes -sha256 -keyout harbor.sunhaojie.com.key \
    -out harbor.sunhaojie.com.csr
Generating a 4096 bit RSA private key
..........................++
.....................................................................................................................................++
writing new private key to 'harbor.sunhaojie.com.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:beijing
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:harbor.sunhaojie.com
Email Address []:sunhj000@163.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

  openssl x509 -req -days 365 -in harbor.sunhaojie.com.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out harbor.sunhaojie.com.crt
  • 创建host证书
openssl x509 -req -days 365 -in harbor.sunhaojie.com.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out harbor.sunhaojie.com.crt
  • 安装证书
# 复制ca.cert和ca.key到harbor/cert目录
mkdir /root/cert/
cp harbor.sunhaojie.com.crt /root/cert/
cp harbor.sunhaojie.com.key /root/cert/
  • harbor.cfg中配置证书
vi harbor/harbor.cfg
#The path of cert and key files for nginx, they are applied only the protocol is set to https
ssl_cert = /root/cert/harbor.sunhaojie.com.crt
ssl_cert_key = /root/cert/harbor.sunhaojie.com.key
  • 客户端docker配置
为解决自签名的证书的不信任错误,需要再客户端的机器上配置证书。
复制在第一步中生成的ca.crt到/etc/docker/certs.d/harbor.sunhaojie.com目录

安装

systemctl enable docker
systemctl start docker
./install.sh --with-chartmuseum

验证

通过浏览器http://yourdomain.com(这里替换为你的hostname配置)
image

默认用户名和密码

admin/Harbor12345
请在登录成功后及时重置

管理harbor

  • 关闭
$ sudo docker-compose stop
  • 启动
$ sudo docker-compose start
  • 修改harbor.cfg
# 删除harbor运行容器,但是保留数据
$ sudo docker-compose down -v
$ vim harbor.cfg
$ sudo prepare  
$ sudo docker-compose up -d
# 删除harbor运行容器,但是保留数据
# 支持chart存储
$ sudo docker-compose -f ./docker-compose.yml -f ./docker-compose.chartmuseum.yml down -v
$ vim harbor.cfg
$ sudo prepare --with-chartmuseum
$ sudo docker-compose -f ./docker-compose.yml -f ./docker-compose.chartmuseum.yml up -d

dokcer与harbor交互

  • docker客户端证书配置

    复制harbor服务器上生成的ca.crt证书,到目录/etc/docker/certs.d/harbor.sunhaojie.com/

  • 登录

    docker login -u admin harbor.sunhaojie.com

  • 镜像打tag

    docker tag SOURCE_IMAGE[:TAG] harbor.sunhaojie.com/Library/[:IMAGE_NAME]:[:TAG]

  • push镜像到harbor

    docker push harbor.sunhaojie.com/Library/[:IMAGE_NAME]:[:TAG]