Harbor是一個用於存儲和分發Docker鏡像的企業級Registry服務器,經過添加一些企業必需的功能特性,例如安全、標識和管理等,擴展了開源Docker Distribution。做爲一個企業級私有Registry服務器,Harbor提供了更好的性能和安全。提高用戶使用Registry構建和運行環境傳輸鏡像的效率。Harbor支持安裝在多個Registry節點的鏡像資源複製,鏡像所有保存在私有Registry中, 確保數據和知識產權在公司內部網絡中管控。另外,Harbor也提供了高級的安全特性,諸如用戶管理,訪問控制和活動審計等。
centos-7.4 192.168.55.34 Docker version 1.13.1 docker-compose version 1.21.2 harbor-offline-installer-v1.5.0.tgz
方式1: curl -L https://github.com/docker/compose/releases/download/1.9.0/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose chmod +x /usr/local/bin/docker-compose 方式2: wget https://bootstrap.pypa.io/get-pip.py python get-pip.py pip install docker-compose
yum install docker -y vim /etc/systemd/system/docker.service ----------------------------------------------------- [Unit] Description=Docker Application Container Engine Documentation=https://docs.docker.com After=network-online.target firewalld.service Wants=network-online.target [Service] Type=notify ExecStart=/usr/bin/dockerd --insecure-registry=192.168.55.34 ExecReload=/bin/kill -s HUP $MAINPID LimitNOFILE=infinity LimitNPROC=infinity LimitCORE=infinity TimeoutStartSec=0 Delegate=yes KillMode=process Restart=on-failure StartLimitBurst=3 StartLimitInterval=60s [Install] WantedBy=multi-user.target ----------------------------------------------------- 說明: docker 須要上傳 push 鏡像,須要在 docker 中配置 --insecure-registry docker加速 curl -sSL https://get.daocloud.io/daotools/set_mirror.sh | sh -s http://db411c61.m.daocloud.io #會生成 /etc/docker/daemon.json 文件 啓動docker systemctl daemon-reload systemctl enable docker systemctl start docker systemctl status docker
harbor下載地址: http://harbor.orientsoft.cn/ tar -xf harbor-offline-installer-v1.5.0.tgz mv harbor /opt/ cd /opt/harbor/ vim harbor.cfg ----------------------------------------------------- hostname = 192.168.55.34 #這裏只是簡單的測試,因此只編輯這一行,其餘的默認不作修改;固然也能夠根據你本身的實際狀況作修改! ----------------------------------------------------- 執行安裝腳本: ./instsll.sh 說明:安裝報錯 找不到docker-proxy 、 docker-runc 執行 ln -s /usr/libexec/docker/docker-runc-current /usr/bin/docker-runc ln -s /usr/libexec/docker/docker-proxy-current /usr/bin/docker-proxy Harbor容器的stop與start: cd /opt/harbor/ docker-compose stop/start 到此便安裝完成了,直接打開瀏覽器登錄便可: 默認用戶密碼是:admin/Harbor12345 #密碼 /opt/harbor/harbor.cfg harbor_admin_password參數
[root@docker2 /opt/tools/harbor 11:10:29&&87]#docker login -u admin -p Harbor12345 http://192.168.159.34/v2 #帳號密碼: admin/Harbor12345 Username: admin Password: Login Succeeded [root@docker2 /opt/tools/harbor 11:11:05&&89]#docker images REPOSITORY TAG IMAGE ID CREATED SIZE docker.io/centos latest 49f7960eb7e4 4 weeks ago 200 MB docker tag docker.io/centos 192.168.55.34/linux/centos6:1.0 #打個鏡像tag docker push 192.168.55.34/linux/centos6:1.0 #上傳鏡像 說明: 格式爲: userip/項目名/image名字:版本號 (項目名須要在webui 提早建好)
原文地址: https://www.cnblogs.com/huangjc/p/6420355.html 1、修改docker-compose.yml文件映射爲1180端口: cat /opt/harbor/docker-compose.yml ----------------------------------------------------------------- version: '2' services: log: image: vmware/harbor-log:v1.5.0 container_name: harbor-log restart: always volumes: - /var/log/harbor/:/var/log/docker/:z - ./common/config/log/:/etc/logrotate.d/:z ports: - 127.0.0.1:1514:10514 networks: - harbor registry: image: vmware/registry-photon:v2.6.2-v1.5.0 container_name: registry restart: always volumes: - /data/registry:/storage:z - ./common/config/registry/:/etc/registry/:z networks: - harbor environment: - GODEBUG=netdns=cgo command: ["serve", "/etc/registry/config.yml"] depends_on: - log logging: driver: "syslog" options: syslog-address: "tcp://127.0.0.1:1514" tag: "registry" mysql: image: vmware/harbor-db:v1.5.0 container_name: harbor-db restart: always volumes: - /data/database:/var/lib/mysql:z networks: - harbor env_file: - ./common/config/db/env depends_on: - log logging: driver: "syslog" options: syslog-address: "tcp://127.0.0.1:1514" tag: "mysql" adminserver: image: vmware/harbor-adminserver:v1.5.0 container_name: harbor-adminserver env_file: - ./common/config/adminserver/env restart: always volumes: - /data/config/:/etc/adminserver/config/:z - /data/secretkey:/etc/adminserver/key:z - /data/:/data/:z networks: - harbor depends_on: - log logging: driver: "syslog" options: syslog-address: "tcp://127.0.0.1:1514" tag: "adminserver" ui: image: vmware/harbor-ui:v1.5.0 container_name: harbor-ui env_file: - ./common/config/ui/env restart: always volumes: - ./common/config/ui/app.conf:/etc/ui/app.conf:z - ./common/config/ui/private_key.pem:/etc/ui/private_key.pem:z - ./common/config/ui/certificates/:/etc/ui/certificates/:z - /data/secretkey:/etc/ui/key:z - /data/ca_download/:/etc/ui/ca/:z - /data/psc/:/etc/ui/token/:z networks: - harbor depends_on: - log - adminserver - registry logging: driver: "syslog" options: syslog-address: "tcp://127.0.0.1:1514" tag: "ui" jobservice: image: vmware/harbor-jobservice:v1.5.0 container_name: harbor-jobservice env_file: - ./common/config/jobservice/env restart: always volumes: - /data/job_logs:/var/log/jobs:z - ./common/config/jobservice/config.yml:/etc/jobservice/config.yml:z networks: - harbor depends_on: - redis - ui - adminserver logging: driver: "syslog" options: syslog-address: "tcp://127.0.0.1:1514" tag: "jobservice" redis: image: vmware/redis-photon:v1.5.0 container_name: redis restart: always volumes: - /data/redis:/data networks: - harbor depends_on: - log logging: driver: "syslog" options: syslog-address: "tcp://127.0.0.1:1514" tag: "redis" proxy: image: vmware/nginx-photon:v1.5.0 container_name: nginx restart: always volumes: - ./common/config/nginx:/etc/nginx:z networks: - harbor ports: - 1180:80 - 443:443 - 4443:4443 depends_on: - mysql - registry - ui - log logging: driver: "syslog" options: syslog-address: "tcp://127.0.0.1:1514" tag: "proxy" networks: harbor: external: false ------------------------------------------------------------------ 2、修改common/templates/registry/config.yml文件加入1180端口: cat /opt/harbor/common/templates/registry/config.yml ------------------------------------------------------------------ version: 0.1 log: level: info fields: service: registry storage: cache: layerinfo: inmemory $storage_provider_info maintenance: uploadpurging: enabled: false delete: enabled: true http: addr: :5000 secret: placeholder debug: addr: localhost:5001 auth: token: issuer: harbor-token-issuer realm: $public_url:1180/service/token rootcertbundle: /etc/registry/root.crt service: harbor-registry notifications: endpoints: - name: harbor disabled: false url: $ui_url/service/notifications timeout: 3000ms threshold: 5 backoff: 1s ------------------------------------------------------------------ 3、中止harbor,從新啓動並生成配置文件: #docker-compose stop # ./install.sh 4、修改docker啓動文件,設置信任的主機與端口: #vim /etc/systemd/system/docker.service 修改以下一行 ExecStart=/usr/bin/dockerd --insecure-registry=192.168.55.34:1180 5、從新啓動docker: systemctl daemon-reload systemctl restart docker.service 6. 最後,測試驗證: # docker login 192.168.55.34:1180 Username: admin Password: Harbor12345 Login Succeeded