精华内容
下载资源
问答
  • Docker Harbor

    2019-06-21 11:47:00
     Harbor是一个用于存储Docker镜像的企业级Registry服务;本章将介绍如何搭建Harbor Registry! Github官方安装文档:  https://github.com/goharbor/harbor/blob/master/docs/installation_guide.md 1.下载...

    简介:

      Harbor是一个用于存储Docker镜像的企业级Registry服务;本章将介绍如何搭建Harbor Registry!

    Github官方安装文档:

      https://github.com/goharbor/harbor/blob/master/docs/installation_guide.md

    1.下载Harbor软件包:

      可以去Github上查看相关版本,本次版本使用的是1.5.2;URL:https://github.com/goharbor/harbor下载离线安装版本(Harbour offline installer),建议下载到本地之后再传送到服务器上,文件大约1GB左右;

    2.上传至服务器:

        

    3.解压软件包

    app]# tar zxvf harbor-offline-installer-v1.5.2.tgz

     4.查看配置文件信息

    ~]# vim /app/harbor/harbor.cfg
    
    hostname = hadoop2.kaikai.com  // 本机在互联网可被访问的主机名或IP地址
    ui_url_protocol = http // 协议
    max_job_workers = 50 // 最大并发请求
    customize_crt = on // 是否使用自定义证书
    harbor_admin_password = Harbor12345 // 管理员密码
    db_password = root123 // mysql密码,如果不修改会默认启动一个mysql容器并且密码为root123

    5.启动服务

    harbor]# ./install.sh --with-clair                              // clair可以用来扫描镜像漏洞

    [Step 0]: checking installation environment ...

    Note: docker version: 18.09.6
    ✖ Need to install docker-compose(1.7.1+) by yourself first and run this script again.  // 第一次运行会提示安装docker-compose

    harbor]# yum -y install docker-compose            // 来自于epel源

    harbor]# ./install.sh                            // 等待一段时间会出现如下信息,说明harbor中镜像已经安装并且启动成功

    harbor]# ss -nlt             // 会查看到80端口及443等

    LISTEN 0 128 :::443 :::*
    LISTEN 0 128 :::4443 :::*

    LISTEN 0 128 :::80 :::*

     6.网页端访问harbor(http://IP)

        默认用户名为"admin",密码为"Harbor12345"(可在配置文件中修改)

    7.详细步骤操作请参阅"https://github.com/goharbor/harbor/blob/master/docs/user_guide.md"

    8.停止Harbor使用

    ~]# docker-compose stop

     9.镜像的上传和下载

    • 在项目位置点击新建项目,且给项目命名
    • 随后修改本地docker配置文件,不采用https方式
     ~]# vim /etc/docker/daemon.json
        {
        "insecure-registries": ["hadoop2.kaikai.com"]
        }
     ~]# systemctl restart docker
    • 查看本地要推送的镜像并修改指定标签
    ~]# docker images
    ~]# docker tag ubuntu:18.04 hadoop2.kaikai.com/test/ubuntu:v0.1

    • 推送镜像到harbor上
    ~]# docker push hadoop2.kaikai.com/test/ubuntu:v0.1

    • 网页端查看是否推送成功

     

    转载于:https://www.cnblogs.com/k-free-bolg/p/11060611.html

    展开全文
  • Docker harbor私有仓库的搭建 文章目录Docker harbor私有仓库的搭建1.docker的环境2.docker harbor 1.docker的环境 服务器 IP地址 docker harbor服务器 192.168.73.11 docker客户端 192.168.73.12 2....

    Docker harbor私有仓库的搭建

    1.docker的环境

    服务器 IP地址
    docker harbor服务器 192.168.73.11
    docker客户端 192.168.73.12

    2.docker harbor

    • docker环境的部署(两个docker服务器都要装)
    ####docker的环境部署####
    yum -y install yum-utils device-mapper-persistent-data lvm2
    yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
    yum -y install docker-ce
    
    #启动docker
    systemctl restart docker
    systemctl enable docker
    
    #配置镜像加速
    tee /etc/docker/daemon.json <<-'EOF'
    {
        "registry-mirrors":["https://v8z6yng7.mirror.aliyuncs.com"]
    }
    EOF
    
    #重启docker
    systemctl daemon-reload
    systemctl restart docker
    
    #网络优化
    vim /etc/sysctl.conf
    net.ipv4.ip_forward=1
    sysctl -p
    systemctl restart network
    systemctl restart docker
    
    • docker-compose的安装(此处仅harbor服务器装)
    #docker-compose的启动
    cp -p docker-compose /usr/local/bin/
    chmod +x /usr/local/bin/docker-compose
    
    #查看docker-compose是否安装成功
    docker-compose -v
    
    • docker harbor的部署
    #1.下载harbor安装程序
    wget http:// harbor.orientsoft.cn/harbor-1.2.2/harbor-offline-installer-v1.2.2.tgz
    tar zxvf harbor-offline-installer-v1.2.2.tgz -C /usr/local/
    tar -zxvf harbor.v1.2.2.tar.gz
    
    #2.配置harbor参数文件
    vim /usr/local/harbor/harbor.cfg
    //5 hostname = 192.168.73.11
    
    • 关于harbor.cfg配置文件
    关于 Harbor.cfg 配置文件中有两类参数:所需参数和可选参数
    (1)所需参数 这些参数需要在配置文件 Harbor.cfg 中设置。
    如果用户更新它们并运行 install.sh脚本重新安装 Harbour,
    参数将生效。具体参数如下:
    
    hostname:用于访问用户界面和 register 服务。它应该是目标机器的 IP 地址或完全限 定的域名(FQDN)
    例如 192.168.195.128 或 hub.kgc.cn。不要使用 localhost 或 127.0.0.1 为主机名。
    
    ui_url_protocol:(http 或 https,默认为 http)用于访问 UI 和令牌/通知服务的协议。如果公证处于启用状态,则此参数必须为 https。
    
    max_job_workers:镜像复制作业线程。
    
    db_password:用于db_auth 的MySQL数据库root 用户的密码。
    
    customize_crt:该属性可设置为打开或关闭,默认打开。打开此属性时,准备脚本创建私钥和根证书,用于生成/验证注册表令牌。
    当由外部来源提供密钥和根证书时,将此属性设置为 off。
    
    ssl_cert:SSL 证书的路径,仅当协议设置为 https 时才应用。
    
    ssl_cert_key:SSL 密钥的路径,仅当协议设置为 https 时才应用。
    
    secretkey_path:用于在复制策略中加密或解密远程 register 密码的密钥路径。
    
    (2)可选参数
    
    这些参数对于更新是可选的,即用户可以将其保留为默认值,并在启动 Harbor 后在 Web UI 上进行更新。
    如果进入 Harbor.cfg,只会在第一次启动 Harbor 时生效,随后对这些参数 的更新,Harbor.cfg 将被忽略。
    
    注意:如果选择通过UI设置这些参数,请确保在启动Harbour后立即执行此操作。具体来说,必须在注册或在 Harbor 中创建任何新用户之前设置所需的
    auth_mode。当系统中有用户时(除了默认的 admin 用户),auth_mode 不能被修改。具体参数如下:
    
    Email:Harbor需要该参数才能向用户发送“密码重置”电子邮件,并且只有在需要该功能时才需要。
    请注意,在默认情况下SSL连接时没有启用。如果SMTP服务器需要SSL,但不支持STARTTLS,那么应该通过设置启用SSL email_ssl = TRUE。
    
    harbour_admin_password:管理员的初始密码,只在Harbour第一次启动时生效。之后,此设置将被忽略,并且应 UI中设置管理员的密码。
    请注意,默认的用户名/密码是 admin/Harbor12345。
    
    auth_mode:使用的认证类型,默认情况下,它是 db_auth,即凭据存储在数据库中。对于LDAP身份验证,请将其设置为 ldap_auth。
    
    self_registration:启用/禁用用户注册功能。禁用时,新用户只能由 Admin 用户创建,只有管理员用户可以在 Harbour中创建新用户。
    注意:当 auth_mode 设置为 ldap_auth 时,自注册功能将始终处于禁用状态,并且该标志被忽略。
    
    Token_expiration:由令牌服务创建的令牌的到期时间(分钟),默认为 30 分钟。
    
    project_creation_restriction:用于控制哪些用户有权创建项目的标志。默认情况下, 每个人都可以创建一个项目。
    如果将其值设置为“adminonly”,那么只有 admin 可以创建项目。
    
    verify_remote_cert:打开或关闭,默认打开。此标志决定了当Harbor与远程 register 实例通信时是否验证 SSL/TLS 证书。
    将此属性设置为 off 将绕过 SSL/TLS 验证,这在远程实例具有自签名或不可信证书时经常使用。
    
    另外,默认情况下,Harbour 将镜像存储在本地文件系统上。在生产环境中,可以考虑 使用其他存储后端而不是本地文件系统,
    如 S3、Openstack Swif、Ceph 等。但需要更新 common/templates/registry/config.yml 文件。
    
    • 启动harbor
    #3.启动harbor
    sh /usr/local/harbor/install.sh
    
    • 启动harbor后
    
    [Step 0]: checking installation environment ...
    
    Note: docker version: 19.03.8
    
    Note: docker-compose version: 1.21.1
    
    [Step 1]: loading Harbor images ...
    dd60b611baaa: Loading layer  133.2MB/133.2MB
    abf0579c40fd: Loading layer  1.536kB/1.536kB
    ea1fc7bed9c5: Loading layer  22.48MB/22.48MB
    1d6671367c69: Loading layer  7.168kB/7.168kB
    b322bb3e4765: Loading layer  5.339MB/5.339MB
    0cf512d418ac: Loading layer  9.728kB/9.728kB
    4a7cdc0b1a2b: Loading layer   2.56kB/2.56kB
    ef1130526636: Loading layer  22.48MB/22.48MB
    Loaded image: vmware/harbor-ui:v1.2.2
    4a050fccec52: Loading layer  12.16MB/12.16MB
    d918d73369ec: Loading layer   17.3MB/17.3MB
    22898836924e: Loading layer  15.87kB/15.87kB
    Loaded image: vmware/notary-photon:server-0.5.0
    76c156eab077: Loading layer    134MB/134MB
    1eae6563289a: Loading layer  16.42MB/16.42MB
    Loaded image: vmware/nginx-photon:1.11.13
    2e814f7ef645: Loading layer  2.048kB/2.048kB
    bc5742b580db: Loading layer  2.048kB/2.048kB
    5413bcdb81b0: Loading layer   2.56kB/2.56kB
    c4e2be066795: Loading layer  3.584kB/3.584kB
    a4ea62be60b0: Loading layer   22.8MB/22.8MB
    800a351ae5da: Loading layer   22.8MB/22.8MB
    Loaded image: vmware/registry:2.6.2-photon
    Loaded image: photon:1.0
    a39bd6a7f897: Loading layer  10.95MB/10.95MB
    6f79b8337a1f: Loading layer   17.3MB/17.3MB
    74bbd0e81dd0: Loading layer  15.87kB/15.87kB
    Loaded image: vmware/notary-photon:signer-0.5.0
    2202528221a2: Loading layer   7.07MB/7.07MB
    4fe250d3c912: Loading layer   7.07MB/7.07MB
    Loaded image: vmware/harbor-adminserver:v1.2.2
    9463fb852970: Loading layer  75.37MB/75.37MB
    d2c9a2a395d9: Loading layer  3.584kB/3.584kB
    b08aea2a8a82: Loading layer  3.072kB/3.072kB
    103e65a1013b: Loading layer  3.072kB/3.072kB
    Loaded image: vmware/harbor-log:v1.2.2
    5d6cbe0dbcf9: Loading layer  129.2MB/129.2MB
    435f2dfbd884: Loading layer  344.6kB/344.6kB
    814d7b59f0cc: Loading layer  4.657MB/4.657MB
    aae399245bd0: Loading layer  1.536kB/1.536kB
    21e2ae955f72: Loading layer  33.84MB/33.84MB
    a2d0f7b84059: Loading layer  25.09kB/25.09kB
    819fa6af55b8: Loading layer  3.584kB/3.584kB
    78914c99a468: Loading layer  167.7MB/167.7MB
    36e79c658afb: Loading layer  6.144kB/6.144kB
    f73503aca003: Loading layer  9.216kB/9.216kB
    a21b39f6da59: Loading layer  1.536kB/1.536kB
    ef81eb7c77b3: Loading layer  8.704kB/8.704kB
    08d0cfe60b0d: Loading layer  4.608kB/4.608kB
    0864dda8f611: Loading layer  4.608kB/4.608kB
    Loaded image: vmware/harbor-db:v1.2.2
    29d1f4ae97dd: Loading layer  18.31MB/18.31MB
    7caf936e1402: Loading layer  18.31MB/18.31MB
    Loaded image: vmware/harbor-jobservice:v1.2.2
    78dbfa5b7cbc: Loading layer  130.9MB/130.9MB
    5f70bf18a086: Loading layer  1.024kB/1.024kB
    8deec01122be: Loading layer  344.6kB/344.6kB
    574ab36807f2: Loading layer  1.536kB/1.536kB
    d8f2cde2eef8: Loading layer  20.48kB/20.48kB
    eaa3924b054e: Loading layer   5.12kB/5.12kB
    8aa2c772121c: Loading layer  184.3MB/184.3MB
    c3014bbccb0b: Loading layer  8.704kB/8.704kB
    978a35efaa8c: Loading layer  4.608kB/4.608kB
    c2385ae7d6e5: Loading layer   16.6MB/16.6MB
    Loaded image: vmware/harbor-notary-db:mariadb-10.1.10
    c192a34d4ff4: Loading layer  155.2MB/155.2MB
    d012a9276a83: Loading layer  10.75MB/10.75MB
    b8befd881cb5: Loading layer  10.75MB/10.75MB
    Loaded image: vmware/clair:v2.0.1-photon
    bbda1562018e: Loading layer  101.6MB/101.6MB
    1171ab08cc04: Loading layer  6.656kB/6.656kB
    6df81d3a0683: Loading layer  6.656kB/6.656kB
    Loaded image: vmware/postgresql:9.6.4-photon
    
    
    [Step 2]: preparing environment ...
    Generated and saved secret to file: /data/secretkey
    Generated configuration file: ./common/config/nginx/nginx.conf
    Generated configuration file: ./common/config/adminserver/env
    Generated configuration file: ./common/config/ui/env
    Generated configuration file: ./common/config/registry/config.yml
    Generated configuration file: ./common/config/db/env
    Generated configuration file: ./common/config/jobservice/env
    Generated configuration file: ./common/config/jobservice/app.conf
    Generated configuration file: ./common/config/ui/app.conf
    Generated certificate, key file: ./common/config/ui/private_key.pem, cert file: ./common/config/registry/root.crt
    The configuration files are ready, please use docker-compose to start the service.
    
    
    [Step 3]: checking existing instance of Harbor ...
    
    
    [Step 4]: starting Harbor ...
    Creating network "harbor_harbor" with the default driver
    Creating harbor-log ... done
    Creating registry           ... done
    Creating harbor-adminserver ... done
    Creating harbor-db          ... done
    Creating harbor-ui          ... done
    Creating harbor-jobservice  ... done
    Creating nginx              ... done
    
    ? ----Harbor has been installed and started successfully.----
    
    Now you should be able to visit the admin portal at http://192.168.73.11. 
    For more details, please visit https://github.com/vmware/harbor .
    
    • 查看harbor的启用的镜像
    [root@localhost harbor]# docker images
    REPOSITORY                  TAG                 IMAGE ID            CREATED             SIZE
    vmware/harbor-log           v1.2.2              36ef78ae27df        2 years ago         200MB
    vmware/harbor-jobservice    v1.2.2              e2af366cba44        2 years ago         164MB
    vmware/harbor-ui            v1.2.2              39efb472c253        2 years ago         178MB
    vmware/harbor-adminserver   v1.2.2              c75963ec543f        2 years ago         142MB
    vmware/harbor-db            v1.2.2              ee7b9fa37c5d        2 years ago         329MB
    vmware/nginx-photon         1.11.13             6cc5c831fc7f        2 years ago         144MB
    vmware/registry             2.6.2-photon        5d9100e4350e        2 years ago         173MB
    vmware/postgresql           9.6.4-photon        c562762cbd12        2 years ago         225MB
    vmware/clair                v2.0.1-photon       f04966b4af6c        2 years ago         297MB
    vmware/harbor-notary-db     mariadb-10.1.10     64ed814665c6        3 years ago         324MB
    vmware/notary-photon        signer-0.5.0        b1eda7d10640        3 years ago         156MB
    vmware/notary-photon        server-0.5.0        6e2646682e3c        3 years ago         157MB
    photon                      1.0                 e6e4e4a2ba1b        3 years ago         128MB
    
    • 查看运行的容器
    [root@localhost harbor]# docker ps -a
    CONTAINER ID        IMAGE                              COMMAND                  CREATED             STATUS              PORTS                                                              NAMES
    b88094e8616f        vmware/nginx-photon:1.11.13        "nginx -g 'daemon of…"   6 minutes ago       Up 6 minutes        0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp   nginx
    42b742af93a5        vmware/harbor-jobservice:v1.2.2    "/harbor/harbor_jobs…"   6 minutes ago       Up 6 minutes                                                                           harbor-jobservice
    a3cc2aa0274a        vmware/harbor-ui:v1.2.2            "/harbor/harbor_ui"      6 minutes ago       Up 6 minutes                                                                           harbor-ui
    6c2055159736        vmware/harbor-db:v1.2.2            "docker-entrypoint.s…"   6 minutes ago       Up 6 minutes        3306/tcp                                                           harbor-db
    d5c7e33e9514        vmware/registry:2.6.2-photon       "/entrypoint.sh serv…"   6 minutes ago       Up 6 minutes        5000/tcp                                                           registry
    58fd1d2a4c89        vmware/harbor-adminserver:v1.2.2   "/harbor/harbor_admi…"   6 minutes ago       Up 6 minutes                                                                           harbor-adminserver
    caca5edaf5b7        vmware/harbor-log:v1.2.2           "/bin/sh -c 'crond &…"   7 minutes ago       Up 6 minutes        127.0.0.1:1514->514/tcp                                            harbor-log
    
    • 查看docker-compose的详细信息
    [root@localhost harbor]# docker-compose ps
           Name                     Command               State                    Ports                 
    -----------------------------------------------------------------------------------------------------
    harbor-adminserver   /harbor/harbor_adminserver       Up                                             
    harbor-db            docker-entrypoint.sh mysqld      Up      3306/tcp                               
    harbor-jobservice    /harbor/harbor_jobservice        Up                                             
    harbor-log           /bin/sh -c crond && rm -f  ...   Up      127.0.0.1:1514->514/tcp                
    harbor-ui            /harbor/harbor_ui                Up                                             
    nginx                nginx -g daemon off;             Up      0.0.0.0:443->443/tcp,                  
                                                                  0.0.0.0:4443->4443/tcp,                
                                                                  0.0.0.0:80->80/tcp                     
    registry             /entrypoint.sh serve /etc/ ...   Up      5000/tcp 
    
    • 登录网站

    在这里插入图片描述

    • 登录之后的具体信息

    在这里插入图片描述

    • 新建项目

    在这里插入图片描述

    • 新建的项目之后的结果

    在这里插入图片描述

    • 在服务器端登录私有仓库
    [root@localhost harbor]# docker login -u admin -p Harbor12345 http://127.0.0.1
    WARNING! Using --password via the CLI is insecure. Use --password-stdin.
    WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
    Configure a credential helper to remove this warning. See
    https://docs.docker.com/engine/reference/commandline/login/#credentials-store
    
    Login Succeeded
    
    • 从官网上下载镜像

    在这里插入图片描述

    • 打标签上传镜像

    在这里插入图片描述

    • 在网站上查看信息

    在这里插入图片描述

    • 在client上面登录
    [root@localhost ~]# docker login -u root -p Harbor12345 http://192.168.73.11
    WARNING! Using --password via the CLI is insecure. Use --password-stdin.
    Error response from daemon: Get https://192.168.73.11/v2/: dial tcp 192.168.73.11:443: connect: connection refused
    
    • 修改docker的配置文件
    Docker Registry 交互默认使用的是 HTTPS,但是搭建私有镜 像默认使用的是 HTTP 服务,所以与私有镜像交互时出现以下错误。
    vim /usr/lib/systemd/system/docker.service
    ExecStart=/usr/bin/dockerd -H fd:// --insecure-registry 192.168.73.11 --containerd=/run/containerd/containerd.sock
    
    systemctl daemon-reload
    systemctl restart docker
    
    • 登录docker harbor的仓库

    在这里插入图片描述

    • 下载并查看镜像
    [root@localhost ~]# docker pull cirros
    Using default tag: latest
    latest: Pulling from library/cirros
    f513001ba4ab: Pull complete 
    8da581cc9286: Pull complete 
    856628d95d17: Pull complete 
    Digest: sha256:21874a9fd73378a29345163e026bc9c2a61aef62526f2b4f22a5d488059970f6
    Status: Downloaded newer image for cirros:latest
    docker.io/library/cirros:latest
    [root@localhost ~]# docker images
    REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
    cirros              latest              3c82e4d066cf        7 weeks ago         12.6MB
    
    • 打标签并上传cirros镜像
    [root@localhost ~]# docker tag cirros 192.168.73.11/testproject/cirros:v2
    [root@localhost ~]# docker images
    REPOSITORY                         TAG                 IMAGE ID            CREATED             SIZE
    cirros                             latest              3c82e4d066cf        7 weeks ago         12.6MB
    192.168.73.11/testproject/cirros   v2                  3c82e4d066cf        7 weeks ago         12.6MB
    [root@localhost ~]# docker push 192.168.73.11/testproject/cirros:v2
    The push refers to repository [192.168.73.11/testproject/cirros]
    858d98ac4893: Layer already exists 
    aa107a407592: Layer already exists 
    b993cfcfd8fd: Layer already exists 
    v2: digest: sha256:c7d58d6d463247a2540b8c10ff012c34fd443426462e891b13119a9c66dfd28a size: 943
    
    • 到网站上查看

    在这里插入图片描述

    • 创建harbor的用户

    在这里插入图片描述

    • 查看用户

    在这里插入图片描述

    • 设置用户为管理员

    在这里插入图片描述

    • 将用户设置为项目的开发者

    在这里插入图片描述

    • 登录刚刚创建的用户
    [root@localhost ~]# docker rmi 192.168.73.11/testproject/cirros:v2 
    Untagged: 192.168.73.11/testproject/cirros:v2
    Untagged: 192.168.73.11/testproject/cirros@sha256:c7d58d6d463247a2540b8c10ff012c34fd443426462e891b13119a9c66dfd28a
    [root@localhost ~]# docker logout 192.168.73.11
    Removing login credentials for 192.168.73.11
    [root@localhost ~]# docker login 192.168.73.11
    Username: dsp
    Password: 
    WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
    Configure a credential helper to remove this warning. See
    https://docs.docker.com/engine/reference/commandline/login/#credentials-store
    
    Login Succeeded
    
    • 下载镜像
    [root@localhost ~]# docker pull 192.168.73.11/testproject/cirros:v2
    v2: Pulling from testproject/cirros
    Digest: sha256:c7d58d6d463247a2540b8c10ff012c34fd443426462e891b13119a9c66dfd28a
    Status: Downloaded newer image for 192.168.73.11/testproject/cirros:v2
    192.168.73.11/testproject/cirros:v2
    [root@localhost ~]# docker images
    REPOSITORY                         TAG                 IMAGE ID            CREATED             SIZE
    192.168.73.11/testproject/cirros   v2                  3c82e4d066cf        7 weeks ago         12.6MB
    cirros                             latest              3c82e4d066cf        7 weeks ago
    
    • 上传镜像
    [root@localhost ~]# docker tag cirros 192.168.73.11/testproject/cirros:v3
    [root@localhost ~]# docker push 192.168.73.11/testproject/cirros:v3
    The push refers to repository [192.168.73.11/testproject/cirros]
    858d98ac4893: Layer already exists 
    aa107a407592: Layer already exists 
    b993cfcfd8fd: Layer already exists 
    v3: digest: sha256:c7d58d6d463247a2540b8c10ff012c34fd443426462e891b13119a9c66dfd28a size: 943
    
    • 在浏览器中查看

    在这里插入图片描述

    展开全文
  • Docker Harbor 安装与https配置 ...私有的镜像仓库搭建,docker harbor有可视化界面,对接不用重启docker 提示:以下是本篇文章正文内容,下面案例可供参考 一、Docker H是什么? Harbor是一个用于存储

    Docker Harbor 安装与https配置

    docker harbor安装https配置


    前言

    私有的镜像仓库搭建,docker harbor有可视化界面,对接不用重启docker


    提示:以下是本篇文章正文内容,下面案例可供参考

    一、Docker Harbor是什么?

    Harbor是一个用于存储和分发Docker镜像的企业级Registry服务器,通过添加一些企业必需的功能特性,例如安全、标识和管理等,扩展了开源Docker Distribution。作为一个企业级私有Registry服务器,Harbor提供了更好的性能和安全。提升用户使用Registry构建和运行环境传输镜像的效率。Harbor支持安装在多个Registry节点的镜像资源复制,镜像全部保存在私有Registry中, 确保数据和知识产权在公司内部网络中管控。另外,Harbor也提供了高级的安全特性,诸如用户管理,访问控制和活动审计等。

    二、使用步骤

    1.安装docker

    代码如下(示例):

    //1、安装依赖软件包
    yum install -y yum-utils device-mapper-persistent-data lvm2
    
    //2、添加Docker repository,这里改为国内阿里云yum源
    yum-config-manager \
    --add-repo \
    http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
    
    //3、安装docker-ce
     yum update -y && yum install -y docker-ce
     
    //4、创建 /etc/docker 目录
     mkdir /etc/docker
     
    //5、配置 daemon.json
     cat > /etc/docker/daemon.json <<EOF
    {
      "exec-opts": ["native.cgroupdriver=systemd"],
    "log-driver": "json-file",
    "log-opts": {
     "max-size": "100m"
    },
    "storage-driver": "overlay2",
    "storage-opts": [
     "overlay2.override_kernel_check=true"
    ],
    "registry-mirrors": ["https://uyah70su.mirror.aliyuncs.com"]
    }
    EOF
    
    //6、创建docker.service.d
    mkdir -p /etc/systemd/system/docker.service.d
    
    //7、重启docker服务
    systemctl daemon-reload && systemctl restart docker && systemctl enable docker
    

    2.安装Docker Compose

    代码如下(示例):

    yum install epel-release
    yum install -y python-pip
    //在使用pip安装docker-compose可能回报一个错,需要升级一下pip install --upgrade pip
    pip install docker-compose
    yum install git
    

    3.安装Docker Harbor

    代码如下(示例):
    下载docker harbor https://github.com/goharbor/harbor/releases

    修改配置文件 harbor.yml中的
    hostname 这里设置本机的ip
    没有设置https的话需要给https的配置注掉
    harbor_admin_password web页面的密码

    启动命令
    sh ./install.sh
    

    4.配置https

    yourdomain.com根据自己的域名进行修改。
    如果使用的是IP的话就替换成自己的IP
    做一下操作是需要在harbor文件夹下。我是放在了/usr/loacl/下

    1、生成CA证书私钥。
    openssl genrsa -out ca.key 4096
    
    2、生成ca证书
    openssl req -x509 -new -nodes -sha512 -days 3650 \
     -subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=yourdomain.com" \
     -key ca.key \
     -out ca.crt
    
    3、生成服务器证书
    	(1)、生成私钥。
    	openssl genrsa -out yourdomain.com.key 40962)、生成证书签名请求(CSR)。
    	openssl req -sha512 -new \
        -subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=yourdomain.com" \
        -key yourdomain.com.key \
        -out yourdomain.com.csr
        
    	//使用域名的这样操作3)、生成x509 v3扩展文件
    	cat > v3.ext <<-EOF
    	authorityKeyIdentifier=keyid,issuer
    	basicConstraints=CA:FALSE
    	keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
    	extendedKeyUsage = serverAuth
    	subjectAltName = @alt_names
    	 
    	[alt_names]
    	DNS.1=yourdomain.com
    	DNS.2=yourdomain
    	DNS.3=hostname
    	EOF
    	//使用IP的这样操作
    	cat > v3.ext <<-EOF
    	authorityKeyIdentifier=keyid,issuer
    	basicConstraints=CA:FALSE
    	keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
    	extendedKeyUsage = serverAuth
    	subjectAltName = IP:192.168.72.137
    	EOF4)、使用v3.ext文件为您的港口主机生成证书
    	openssl x509 -req -sha512 -days 3650 \
        -extfile v3.ext \
        -CA ca.crt -CAkey ca.key -CAcreateserial \
        -in yourdomain.com.csr \
        -out yourdomain.com.crt
    4、向Harbor和Docker提供证书
    	(1)、将服务器证书和密钥复制到Harbor主机上的certcificates文件夹中
    	cp 192.168.72.145.crt /data/cert/
        cp 192.168.72.145.key /data/cert/2)、将yourdomain.com.crt转换为yourdomain.com.cer
    	openssl x509 -inform PEM -in yourdomain.com.crt -out yourdomain.com.cert
    
    	(3)、将服务器证书、密钥和CA文件复制到港口主机上的Docker
    	cp 192.168.72.145.cert /etc/docker/certs.d/192.168.72.145/
    	cp 192.168.72.145.key /etc/docker/certs.d/192.168.72.145/
    	cp ca.crt /etc/docker/certs.d/192.168.72.145/
    	(4)、修改harbor.yam文件,修改字段
          certificate: /data/cert/192.168.72.145.crt
          private_key: /data/cert/192.168.72.145.key
    	(5)、systemctl restart docker
    5、重启Docker Harbor
    ./prepare
    docker-compose down -v
    docker-compose up -d
    

    总结

    以上就是今天要讲的内容,本文仅仅简单介绍了Docker Harbor的配置。
    展开全文
  • 下载镜像依赖docker pull vmware/harbor-jobservice:v1.1.2docker pull vmware/harbor-ui:v1.1.2docker pull vmware/harbor-adminserver:v1.1.2docker pull vmware/harbor-db:v1.1.2docker pull vmware/r...

    docker 安装harbor

    1.下载镜像依赖docker pull vmware/harbor-jobservice:v1.1.2

    docker pull vmware/harbor-ui:v1.1.2

    docker pull vmware/harbor-adminserver:v1.1.2

    docker pull vmware/harbor-db:v1.1.2

    docker pull vmware/registry:2.6.1-photon

    docker pull vmware/harbor-notary-db:mariadb-10.1.10

    docker pull vmware/nginx:1.11.5-patched

    docker pull vmware/notary-photon:signer-0.5.0

    docker pull vmware/notary-photon:server-0.5.0

    docker pull vmware/harbor-log:v1.1.2

    docker pull photon:1.0

    2.Docker-compose 安装安装方式一#1、下载指定版本的docker-compose

    $ curl -L https://github.com/docker/compose/releases/download/1.13.0/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose

    #2、对二进制文件赋可执行权限

    $ sudo chmod +x /usr/local/bin/docker-compose

    #3、测试下docker-compose是否安装成功

    $ docker-compose --version

    docker-compose version 1.13.0, build 1719ceb安装方式二:

    推荐使用pip安装docker-compose#安装pip

    yum -y install epel-release

    yum -y install python-pip

    #确认版本

    pip --version

    #更新pip

    pip install --upgrade pip

    #安装 docker-compose

    pip install docker-compose

    docker-compose version

    3.下载Harbor安装文件

    1、在线安装包$ wget https://github.com/vmware/harbor/releases/download/v1.1.2/harbor-online-installer-v1.1.2.tgz

    $ tar xvf harbor-online-installer-v1.1.2.tgz

    2、离线安装包$ wget https://github.com/vmware/harbor/releases/download/v1.1.2/harbor-offline-installer-v1.1.2.tgz

    $ tar xvf harbor-offline-installer-v1.1.2.tgz

    我们这里选择离线安装包进行安装,由于github 下载地址速度较慢,也可通过下面百度云下载

    4.修改Harbor配置

    habor 域名设置为 harbor.demo.comcd harbor

    vi harbor.cfg

    ## Configuration file of Harbor

    #The IP address or hostname to access admin UI and registry service.

    #DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.

    hostname = harbor.demo.com

    #The protocol for accessing the UI and token/notification service, by default it is http.

    #It can be set to https if ssl is enabled on nginx.

    ui_url_protocol = http

    #The password for the root user of mysql db, change this before any production use.

    db_password = root123

    #Maximum number of job workers in job service

    max_job_workers = 3

    #Determine whether or not to generate certificate for the registry's token.

    #If the value is on, the prepare script creates new root cert and private key

    #for generating token to access the registry. If the value is off the default key/cert will be used.

    #This flag also controls the creation of the notary signer's cert.

    customize_crt = on

    #The path of cert and key files for nginx, they are applied only the protocol is set to https

    ssl_cert = /data/cert/server.crt

    ssl_cert_key = /data/cert/server.key

    #The path of secretkey storage

    secretkey_path = /data

    #Admiral's url, comment this attribute, or set its value to NA when Harbor is standalone

    admiral_url = NA

    #NOTES: The properties between BEGIN INITIAL PROPERTIES and END INITIAL PROPERTIES

    #only take effect in the first boot, the subsequent changes of these properties

    #should be performed on web ui

    #************************BEGIN INITIAL PROPERTIES************************

    #Email account settings for sending out password resetting emails.

    #Email server uses the given username and password to authenticate on TLS connections to host and act as identity.

    #Identity left blank to act as username.

    email_identity =

    email_server = smtp.mxhichina.com

    email_server_port = 25

    email_username = harbor@demo.com

    email_password = 123456

    email_from = harbor

    email_ssl = false

    ##The initial password of Harbor admin, only works for the first time when Harbor starts.

    #It has no effect after the first launch of Harbor.

    #Change the admin password from UI after launching Harbor.

    harbor_admin_password = Harbor12345

    ##By default the auth mode is db_auth, i.e. the credentials are stored in a local database.

    #Set it to ldap_auth if you want to verify a user's credentials against an LDAP server.

    auth_mode = db_auth

    #The url for an ldap endpoint.

    ldap_url = ldaps://ldap.mydomain.com

    #A user's DN who has the permission to search the LDAP/AD server.

    #If your LDAP/AD server does not support anonymous search, you should configure this DN and ldap_search_pwd.

    ldap_searchdn = uid=searchuser,ou=people,dc=mydomain,dc=com

    #the password of the ldap_searchdn

    ldap_search_pwd = password

    #The base DN from which to look up a user in LDAP/AD

    ldap_basedn = ou=people,dc=mydomain,dc=com

    #Search filter for LDAP/AD, make sure the syntax of the filter is correct.

    ldap_filter = (objectClass=person)

    # The attribute used in a search to match a user, it could be uid, cn, email, sAMAccountName or other attributes depending on your LDAP/AD

    ldap_uid = uid

    #the scope to search for users, 1-LDAP_SCOPE_BASE, 2-LDAP_SCOPE_ONELEVEL, 3-LDAP_SCOPE_SUBTREE

    ldap_scope = 3

    #Timeout (in seconds) when connecting to an LDAP Server. The default value (and most reasonable) is 5 seconds.

    ldap_timeout = 5

    #Turn on or off the self-registration feature

    self_registration = on

    #The expiration time (in minute) of token created by token service, default is 30 minutes

    token_expiration = 30

    #The flag to control what users have permission to create projects

    #The default value "everyone" allows everyone to creates a project.

    #Set to "adminonly" so that only admin user can create project.

    project_creation_restriction = everyone

    #Determine whether the job service should verify the ssl cert when it connects to a remote registry.

    #Set this flag to off when the remote registry uses a self-signed or untrusted certificate.

    verify_remote_cert = on

    #************************END INITIAL PROPERTIES************************

    #############

    默认是80端口,如果端口占用,我们可以去修改docker-compose.yml文件中,对应服务映射本地的端口9999。

    docker-compose.ymlproxy:

    image: vmware/nginx:1.11.5-patched

    container_name: nginx

    restart: always

    volumes:

    - ./common/config/nginx:/etc/nginx:z

    networks:

    - harbor

    ports:

    - 9999:80

    - 443:443

    - 4443:4443

    depends_on:

    - mysql

    - registry

    - ui

    - log

    logging:

    driver: "syslog"

    options:

    启动 Harbor

    修改完配置文件后,在的当前目录执行./install.sh

    5.配置NGINXcd /etc/nginx/

    vi nginx.conf

    server {

    listen 80;

    server_name harbor.demo.com;

    root /usr/share/nginx/html;

    include /etc/nginx/default.d/*.conf;

    location / {

    # 设置最大允许上传单个的文件大小

    client_max_body_size 1024m;

    proxy_redirect off;

    proxy_set_header Host $host;

    proxy_set_header X-Real-IP $remote_addr;

    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

    proxy_pass http://localhost:9999;

    index index.html index.htm;

    }

    error_page 404 /404.html;

    location = /40x.html {

    }

    error_page 500 502 503 504 /50x.html;

    location = /50x.html {

    }

    }#检查配置是否正确

    nginx -t

    #重启服务

    sudo systemctl restart nginx

    6.访问harbor 并提交镜像

    这是因为docker1.3.2版本开始默认docker registry使用的是https,我们设置Harbor默认http方式,所以当执行用docker login、pull、push等命令操作非https的docker regsitry的时就会报错。docker login harbor.demo.com

    Username: admin

    Password:

    Error response from daemon: Get https://harbor.demo.com/v2/: dial tcp 10.220.107.52:443: connect: connection refused

    解决办法:#修改docker启动配置

    vi /lib/systemd/system/docker.service

    #修改前

    ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock

    #修改后

    ExecStart=/usr/bin/dockerd --insecure-registry harbor.demo.com -H fd:// --containerd=/run/containerd/containerd.sock

    7.harbor 重启cd /usr/local/harbor

    1、停止Harbor

    $ docker-compose down -v

    Stopping nginx ... done

    Stopping harbor-jobservice ... done

    ......

    Removing harbor-log ... done

    Removing network harbor_harbor

    2、启动Harbor

    $ docker-compose up -d

    Creating network "harbor_harbor" with the default driver

    Creating harbor-log ...

    ......

    Creating nginx

    Creating harbor-jobservice ... done

    8.日志查看

    日志存储位置 /var/log/harbor/本文由博客群发一文多发等运营工具平台 OpenWrite 发布

    展开全文
  • Docker harbor的安装

    2020-10-14 21:07:12
    Docker harbor的安装 1、安装环境准备 Docker engine version 17.06.0-ce+ or higher Docker Compose version 1.18.0 or higher Mem minimal 4GB Disk minimal 40GB 80 HTTP Harbor portal and core API will accept...
  • 部署 harbor安装方式: offline软件安装需求:docker 1.10.0+ and docker-compose 1.6.0+docker 我们选用官方的 repo , yum install docker-ce -ydocker-compose , yum install python-pip,pip install docker-...
  • 搭建docker harbor仓库

    2020-05-24 17:48:57
    docker harbor搭建 环境准备: 使用的系统版本 [root@centos04 ~]# cat /etc/redhat-release CentOS Linux release 7.4.1708 (Core) 使用的docker版本 [root@centos04 ~]# docker --version Docker version 19.03....
  • docker harbor镜像仓库

    2019-06-26 16:59:00
    docker harbor安装使用: https://github.com/goharbor/harbor/releases 有离线安装和在线安装两种方式 安装: 1、下载安装包 https://github.com/goharbor/harbor/releases 在线安装包,体积小: ...
  • docker harbor 压缩包

    2020-11-13 17:47:30
    从github下载的harbor压缩包,下载速度很慢,放在这供大家快捷下载。这是最新版 更新于11/13
  • docker harbor 修改密码 重置密码 sql

    千次阅读 2019-04-25 12:20:24
    docker harbor 修改密码 有时候我们会忘记harbor的web密码或者是admin密码需要重置/修改,因为harbor用的是postgresql数据库,操作步骤如下 #进入[harbor-db]容器内部 1. docker exec -it c3fbbf43e180 /bin/bash ...
  • 这里写自定义目录标题欢迎使用Markdown编辑器新的改变功能快捷键合理的创建标题,有助于目录的生成如何改变文本的样式插入链接与图片如何...docker harbor修改服务器IP地址 1.修改/opt/harbor/common/config/registry/
  • 概述“集装箱”是Docker设计哲学之所在,它让一台物理机(或者虚拟机)同时运行多个...Docker私服一样平常选用vmware的harbor,下面先容下怎么搭建Docker私服Harbor。官方地址:https://github.com/vmware/harbor/rele...
  • 系统要求On a Linux host: docker 17.06.0-ce+ and docker-compose 1.18.0+ .docker : 17.06.0-ce以上版本docker-compose :1.18.0+以上版本2. 安装步骤Step 1 :Download the installer; Step 2 : Configure ...
  • 一、Harbor组件组件功能harbor-adminserver配置管理中心harbor-dbMysql数据库harbor-jobservice负责镜像复制harbor-log记录操作日志harbor-uiWeb管理页面和APInginx前端代理,负责前端页面和镜像上传/下载转发redis...
  • 使用docker Harbor来管理私有仓库。 (一)安装dockerdocker-compose、harbor 安装docker(需要1.17.06版本以上)。 //添加源 yum install -y yum-utils device-mapper-persistent-data lvm2yum-config-manager --...
  • 【赵强老师】什么是Docker Harbor 什么是HarborDocker容器应用的开发和运行离不开可靠的镜像管理,虽然Docker官方也提供了公共的镜像仓库,但是从安全和效率等方面考虑,部署我们私有环境内的Registry也是非常...
  • docker harbor安装

    2020-10-23 14:52:51
    docker-compose是docker用来管理容器的一个工具,harbor的运行基于docker-compose。 curl -L https://github.com/docker/compose/releases/download/1.23.2/docker-compose-$(uname -s)-$(uname -m) -o /usr/local...
  • Docker仓库,重点想讲一讲Harbor,对于Registry私服个人感觉用的还是少,而且不是很方便,对于Harbor自己在上手实践也在公司项目落地过程中,均觉得十分不错,故Docker系列中专门讲解一下Harbor的相关内容。...
  • 水滴石穿这篇文章讲到到了dockerdocker-compose和harbor私服的安装部署 https://www.jianshu.com/p/7e44556ddc08在实际开发中,常常会将harbor部署到公网,并配置好域名和https。在开发者机器上build好镜像之后,...
  • 安装docker harbor 企业级容器 环境说明: 操作系统: ubuntu16.04.5 LTS IP地址: 192.168.31.129 https://github.com/goharbor/harbor/releases 下载 离线安装 。 这里可能下载不成功,使用FQ以后可以下载...
  • Docker harbor安装

    2019-05-30 15:37:00
    目录 环境要求 安装 harbor管理 测试上传和下载 参数 ...harbor可以部署在任何支持Docker的Linux发行版上,系统需要安装dockerdocker compose docker compose 安装 硬件要求 ...
  • 1,harbor.cfg 配置修改1.1 hostname = reg.mydomain.com #必须是域名1.2 ui_url_protocol = https #https1.3 verify_remote_cert = off #默认是on,如果是自签证书...需要登录该仓库的目标机器/etc/docker/cert...
  • 0. 前置条件安装docker# step 1: 安装必要的一些系统工具sudo yum install -y yum-utils device-mapper-persistent-data lvm2# Step 2: 添加软件源信息sudo yum-config-manager --add-repo ...
  • Docker Harbor私有仓库

    2020-12-01 19:38:08
    Harbor私有仓库Harbor是什么Harbor组件Harbor部署Harbor服务器配置测试Harbor服务器...Harbor是VMware公司开源的企业级DockerRegistry项目,其目标是帮助用户迅速搭建一个企业级的Dockerregistry服务。它以Docker公司开
  • Harbor是一个用于存储和分发Docker镜像的企业级Registry服务器,通过添加一些企业必需的功能特性,例如安全、标识和管理等,扩展了开源Docker Distribution。作为一个企业级私有Registry服务器,Harbor提供了更好...
  • 部署harbor 2.0#################################安装dockercentos 7.6yum updateyum install -y yum-utilsyum-config-manager --add-repo ...
  • centos7 安装docker harbor

    2021-01-27 15:32:25
    安装harbor 作为docker的镜像仓库。 由于之前安装了k8s,安装的docker版本较低,新版的harbor要求较新版本的docker。故先升级安装docker再安装harbor docker 升级安装 参考:...

空空如也

空空如也

1 2 3 4 5 ... 20
收藏数 5,527
精华内容 2,210
关键字:

dockerharbor