使用docker-compose安裝harbor1.8.6
harbor特性
一、基於角色的訪問控制:用戶和存儲庫是經過「項目」組織的,用戶能夠對多個鏡像倉庫統一命名空間擁有不一樣的權限。
二、鏡像複製:能夠基於具備多個Registry實例之間複製(同步)圖像和圖表。若是出現任何錯誤,Harbor會自動重試複製。很是適合於負載平衡、高可用性、多數據中心、混合和多雲場景。
三、LDAP/AD支持:Harbor與現有企業LDAP/AD集成,用於用戶身份驗證和管理,並支持將LDAP組導入Harbor併爲其分配適當的項目角色。
鏡像刪除和垃圾收集:鏡像能夠刪除,其空間能夠回收。
四、國際化:對多國語言支持(已擁有中文、英文、德文、日語和俄文);
五、圖形化用戶界面:用戶能夠輕鬆瀏覽、搜索存儲庫和管理項目。
六、審計管理:跟蹤到存儲庫的全部操做。
七、RESTful API:用於大多數管理操做的RESTful API,易於與外部系統集成。一個嵌入式的Swagger用戶界面可用於探索和測試API。
簡單部署:提供在線和離線安裝程序。此外,能夠安裝到vSphere平臺的(OVA方式)虛擬設備。python
Harbor 組件
一、proxy:Harbor的組件,如註冊表、UI和令牌服務,都位於反向代理以後。代理未來自瀏覽器和Docker客戶機的請求轉發到各類後端服務。
二、Registry:負責存儲Docker鏡像和處理Docker推/拉命令。因爲Harbor須要對映像進行訪問權限控制,Registry將引導客戶機訪問令牌服務,以便爲每一個pull或push請求獲取有效的令牌(token)。
三、Core Service:Harbor的核心功能,主要提供如下服務:
1)UI:提供圖像化的圖形用戶界面,幫助人戶管理鏡像和對用戶受權。
2)webhook: 爲了及時獲取registry上images的狀態變化的狀況,在Registry上配置webhook,把狀態變化傳遞UI模塊;
3)Token令牌服務:負責根據用戶在項目中的角色爲每一個docker push/pull命令頒發令牌。若是從Docker客戶機發送的請求中沒有令牌,註冊表將把請求重定向到令牌服務。
四、Datebase:爲了給core services提供數據庫舒服,負責儲存用戶權限、審計日誌、Docker image分組信息等數據。
五、Job Services:提供鏡像遠程負責功能,能把本地鏡像同步到其餘harbor實例當中。
六、Log Collector:爲了幫助監控Harbor運行,負責手機其餘組件的log,供往後分析。
linux
部署環境
centos-7.6 192.168.8.130 Docker version 1.19.3 docker-compose version 1.24.2 harbor-offline-installer-v1.8.6.tgz
安裝docker-compose
方式1: [root@centos130 ~]# curl -L https://github.com/docker/compose/releases/download/1.24.1/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose [root@centos130 ~]# chmod +x /usr/local/bin/docker-compose 方式2: [root@centos130 ~]# wget https://bootstrap.pypa.io/get-pip.py [root@centos130 ~]# python get-pip.py [root@centos130 ~]# pip install docker-compose
卸載docker-compose
#二進制: [root@centos130 ~]rm /usr/local/bin/docker-compose #pip: [root@centos130 ~]pip uninstall docker-compose
安裝docker
[root@centos130 ~]# yum install -y yum-utils device-mapper-persistent-data lvm2
添加一個穩定的源
[root@centos130 ~]# yum-config-manager --add-repo \
http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
[root@centos130 ~]# yum makecache fast
安裝最新穩定版本的docker-ce
[root@centos130 ~]# yum install -y docker-ce docker-ce-cli containerd.io vim
[root@centos130 ~]# mkdir /etc/docker && vim /etc/docker/daemon.json
{
"registry-mirrors": ["https://yxrgrke0.mirror.aliyuncs.com"],
"insecure-registries": ["192.168.8.130:5000"],
"insecure-registries": ["centos130:80"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m",
"max-file": "3"
}
}
啓動docker
[root@centos130 ~]# systemctl daemon-reload
[root@centos130 ~]# systemctl enable docker && systemctl start docker
[root@centos130 ~]# systemctl status docker
安裝harbor
harbor下載地址: harbor github 地址 https://github.com/goharbor/harbor http://harbor.orientsoft.cn/ [root@centos130 ~]# wget https://storage.googleapis.com/harbor-releases/release-1.8.6/harbor-offline-installer-v1.8.6.tgz [root@centos130 ~]# tar -xf harbor-offline-installer-v1.8.6.tgz -C /usr/local/ [root@centos130 ~]# cd /usr/local/harbor/ [root@centos130 ~]# vim harbor.yml hostname = centos130 #這裏只是簡單的測試,因此只編輯這一行,其餘的默認不作修改 #禁止用戶註冊 self_registration = off #設置只有管理員能夠建立項目 project_creation_restriction = adminonly
執行安裝腳本:
[root@centos130 ~]# ./instsll.sh 說明:安裝報錯 找不到docker-proxy 、 docker-runc 執行 [root@centos130 ~]# ln -s /usr/libexec/docker/docker-runc-current /usr/bin/docker-runc [root@centos130 ~]# ln -s /usr/libexec/docker/docker-proxy-current /usr/bin/docker-proxy
查看啓動的鏡像文件 [root@centos130 ~]# docker-compose ps Harbor容器的stop與start: [root@centos130 ~]# cd /usr/local/harbor/ [root@centos130 ~]# docker-compose stop [root@centos130 ~]# docker-compose start
到此便安裝完成了,直接打開瀏覽器登錄,並建立my項目:
默認用戶密碼是:admin/Harbor12345 nginx
Shell命令行終端登陸harbor倉庫
[root@centos130 ~]# harbor上傳鏡像 [root@centos130 ~]# docker login centos130:80 [root@centos130 ~]# docker login -u admin -p Harbor12345 centos130:80 #帳號密碼: admin/Harbor12345 Username: admin Password: Login Succeeded
測試鏡像上傳
[root@centos130 ~]# docker pull nginx [root@centos130 ~]# docker tag nginx:latest centos130:80/my/nginx:latest [root@centos130 ~]# docker images [root@centos130 ~]# docker push centos130:80/my/nginx:latest The push refers to repository [centos130:80/my/nginx] 55a77731ed26: Pushed 71f2244bc14d: Pushed f2cb0ecef392: Pushed latest: digest: sha256:3936fb3946790d711a68c58be93628e43cbca72439079e16d154b5db216b58da size: 948 說明: 格式爲: userip/項目名/image名字:版本號 (項目名須要在webui 提早建好) [root@centos130 ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE centos130:80/my/nginx:latest latest 5a3221f0137b 5 days ago 126MB nginx latest 5a3221f0137b 5 days ago 126MB 刪除本地nginx鏡像,測試下載 [root@centos130 ~]# docker pull centos130:80/my/nginx:latest
harbor修改端口號
一、修改docker-compose.yml文件映射爲1180端口:git
修改配置文件
[root@centos130 ~]# cat /usr/local/harbor/docker-compose.yml
version: '2.3'
services:
log:
image: goharbor/harbor-log:v1.8.6
container_name: harbor-log
restart: always
dns_search: .
cap_drop:
- ALL
cap_add:
- CHOWN
- DAC_OVERRIDE
- SETGID
- SETUID
volumes:
- /var/log/harbor/:/var/log/docker/:z
- ./common/config/log/:/etc/logrotate.d/:z
ports:
- 127.0.0.1:1514:10514
networks:
- harbor
registry:
image: goharbor/registry-photon:v2.7.1-patch-2819-v1.8.6
container_name: registry
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
volumes:
- /data/registry:/storage:z
- ./common/config/registry/:/etc/registry/:z
- type: bind
source: /data/secret/registry/root.crt
target: /etc/registry/root.crt
networks:
- harbor
dns_search: .
depends_on:
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "registry"
registryctl:
image: goharbor/harbor-registryctl:v1.8.6
container_name: registryctl
env_file:
- ./common/config/registryctl/env
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
volumes:
- /data/registry:/storage:z
- ./common/config/registry/:/etc/registry/:z
- type: bind
source: ./common/config/registryctl/config.yml
target: /etc/registryctl/config.yml
networks:
- harbor
dns_search: .
depends_on:
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "registryctl"
postgresql:
image: goharbor/harbor-db:v1.8.6
container_name: harbor-db
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- DAC_OVERRIDE
- SETGID
- SETUID
volumes:
- /data/database:/var/lib/postgresql/data:z
networks:
harbor:
dns_search: .
env_file:
- ./common/config/db/env
depends_on:
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "postgresql"
core:
image: goharbor/harbor-core:v1.8.6
container_name: harbor-core
env_file:
- ./common/config/core/env
restart: always
cap_drop:
- ALL
cap_add:
- SETGID
- SETUID
volumes:
- /data/ca_download/:/etc/core/ca/:z
- /data/psc/:/etc/core/token/:z
- /data/:/data/:z
- ./common/config/core/certificates/:/etc/core/certificates/:z
- type: bind
source: ./common/config/core/app.conf
target: /etc/core/app.conf
- type: bind
source: /data/secret/core/private_key.pem
target: /etc/core/private_key.pem
- type: bind
source: /data/secret/keys/secretkey
target: /etc/core/key
networks:
harbor:
dns_search: .
depends_on:
- log
- registry
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "core"
portal:
image: goharbor/harbor-portal:v1.8.6
container_name: harbor-portal
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
- NET_BIND_SERVICE
networks:
- harbor
dns_search: .
depends_on:
- log
- core
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "portal"
jobservice:
image: goharbor/harbor-jobservice:v1.8.6
container_name: harbor-jobservice
env_file:
- ./common/config/jobservice/env
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
volumes:
- /data/job_logs:/var/log/jobs:z
- type: bind
source: ./common/config/jobservice/config.yml
target: /etc/jobservice/config.yml
networks:
- harbor
dns_search: .
depends_on:
- redis
- core
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "jobservice"
redis:
image: goharbor/redis-photon:v1.8.6
container_name: redis
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
volumes:
- /data/redis:/var/lib/redis
networks:
harbor:
dns_search: .
depends_on:
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "redis"
proxy:
image: goharbor/nginx-photon:v1.8.6
container_name: nginx
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
- NET_BIND_SERVICE
volumes:
- ./common/config/nginx:/etc/nginx:z
networks:
- harbor
dns_search: .
ports:
- 1180:80
- 443:443
- 4443:4443
depends_on:
- postgresql
- registry
- core
- portal
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "proxy"
networks:
harbor:
external: false
二、修改/etc/docker/daemon.json文件將80修改成1180端口:github
修改daemon配置
[root@centos130 ~]# cat /etc/docker/daemon.json
{
"registry-mirrors": ["https://yxrgrke0.mirror.aliyuncs.com"],
"insecure-registries": ["192.168.8.130:5000"],
"insecure-registries": ["centos130:1180"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m",
"max-file": "3"
}
}
三、修改/usr/locat/harbor/harbor.yml文件的hostnameweb
修改hostname配置 cat /usr/locat/harbor/harbor.yml hostname: centos130:1180
四、中止harbor,從新啓動並生成配置文件:redis
從新初始化 [root@centos130 ~]# cd /usr/locat/harbor/ [root@centos130 ~]# docker-compose stop [root@centos130 ~]# ./install.sh
五、從新啓動docker:sql
[root@centos130 ~]# systemctl daemon-reload [root@centos130 ~]# systemctl restart docker.service
- 最後,測試驗證:
[root@centos130 ~]# docker login centos130:1180 Username: admin Password: Harbor12345 Login Succeeded
相關文章
- 1. centos7下利用curl安裝dockercompose提示-bash: curl: command not found
- 2. Docker學習筆記5——DockerCompose
- 3. PyCharm使用技巧:通過DockerCompose配置遠程解釋器
- 4. PyCharm使用技巧:經過DockerCompose配置遠程解釋器
- 5. webstorm使用安裝使用
- 6. webpack--安裝,使用
- 7. tesseract安裝使用
- 8. virtualenv 安裝使用
- 9. wxPython安裝使用
- 10. MySQL安裝使用
- 更多相關文章...
- • Redis基本安裝和使用 - Redis教程
- • Wireshark下載安裝和使用教程 - TCP/IP教程
- • Composer 安裝與使用
- • IntelliJ IDEA安裝代碼格式化插件
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
歡迎關注本站公眾號,獲取更多信息
