官方网站

vmware官方开源服务:https://vmware.github.io/

harbor 官方github 地址:https://github.com/vmware/harbor

harbor 官方网址:https://goharbor.io/

harbor官方文档:https://goharbor.io/docs/

Harbor功能官方介绍

-基于角色的访问控制:用户与Docker镜像仓库通过“项目”进行组织管理,一个用户可以对多个镜像仓库在同一命名空间(project)里有不同的权限

-镜像复制:镜像可在多个Registry实例中复制(同步)。尤其适合于负载均衡,高可用,混合云和多云的场景

-图形化用户界面:用户可以通过浏览器来浏览,检索当前Docker镜像仓库,管理项目和命名空间

-AD/LDAP 支:Harbor可以集成企业内部已有的AD/LDAP,用于鉴权认证管理

-审计管理:所有针对镜像仓库的操作都可以被记录追溯,用于审计管理

-国际化:已拥有英文、中文、德文、日文和俄文的本地化版本。更多的语言将会添加进来

-RESTful API:提供给管理员对于Harbor更多的操控, 使得与其它管理软件集成变得更容易

-部署简单:提供在线和离线两种安装工具, 也可以安装到vSphere平台(OVA方式)虚拟设备

Harbor 组成

私有docker仓库管理工具 docker 私有仓库_私有docker仓库管理工具

 

 

#harbor是由很多容器组成实现完整功能
[root@ubuntu1804~]#docker ps -a
CONTAINER ID        IMAGE                                    COMMAND                  CREATED              STATUS                        PORTS                                                              NAMES
4ec3c3885407goharbor/nginx-photon:v1.7.6"nginx -g 'daemon of…"Aboutaminute ago   Up Aboutaminute(healthy)0.0.0.0:80->80/tcp,0.0.0.0:443->443/tcp,0.0.0.0:4443->4443/tcp   nginx
5707b4ac41d8goharbor/harbor-portal:v1.7.6"nginx -g 'daemon of…"Aboutaminute ago   Up Aboutaminute(healthy)80/tcp                                                             harbor-portal
0ed230b9b714goharbor/harbor-jobservice:v1.7.6"/harbor/start.sh"Aboutaminute ago   Up Aboutaminute                                                                                harbor-jobservice
fec659188349        goharbor/harbor-core:v1.7.6"/harbor/start.sh"Aboutaminute ago   Up Aboutaminute(healthy)harbor-core
910d14c1d7f7goharbor/harbor-adminserver:v1.7.6"/harbor/start.sh"2minutes ago        Up Aboutaminute(healthy)harbor-adminserver
4348f503aa0egoharbor/harbor-db:v1.7.6"/entrypoint.sh post…"2minutes ago        Up Aboutaminute(healthy)5432/tcp                                                           harbor-db
beff6886f0f1        goharbor/harbor-registryctl:v1.7.6"/harbor/start.sh"2minutes ago        Up Aboutaminute(healthy)registryctl
428c99d274bfgoharbor/registry-photon:v2.6.2-v1.7.6"/entrypoint.sh /etc…"2minutes ago        Up Aboutaminute(healthy)5000/tcp                                                           registry
775b4026fa4egoharbor/redis-photon:v1.7.6"docker-entrypoint.s…"2minutes ago        Up Aboutaminute6379/tcp                                                           redis
c6f44e2034c6        goharbor/harbor-log:v1.7.6"/bin/sh -c /usr/loc…"2minutes ago        Up2minutes(healthy)

 

  • Proxy:对应启动组件nginx。它是一个nginx反向代理,代理Notary client(镜像认证)、Docker client(镜像上传下载等)和浏览器的访问请求(Core Service)给后端的各服务
  • UI(Core Service):对应启动组件harbor-ui。底层数据存储使用mysql数据库,主要提供了四个子功能:Registry:对应启动组件registry。负责存储镜像文件,和处理镜像的pull/push命令。Harbor对镜像进行强制的访问控制,Registry会将客户端的每个pull、push请求转发到token服务来获取有效的token
  • UI:一个web管理页面ui
  • API:Harbor暴露的API服务
  • Auth:用户认证服务,decode后的token中的用户信息在这里进行认证;auth后端可以接db、ldap、uaa三种认证实现
  • Token服务(上图中未体现):负责根据用户在每个project中的role来为每一个docker push/pull命令issuing一个token,如果从docker client发送给registry的请求没有带token,registry会重定向请求到token服务创建token

  • Admin Service:对应启动组件harbor-adminserver。是系统的配置管理中心附带检查存储用量,ui和jobserver启动时候需要加载adminserver的配置
  • Job Sevice:对应启动组件harbor-jobservice。负责镜像复制工作的,他和registry通信,从一个registry pull镜像然后push到另一个registry,并记录job_log
  • Log Collector:对应启动组件harbor-log。日志汇总组件,通过docker的log-driver把日志汇总到一起
  • DB:对应启动组件harbor-db,负责存储project、 user、 role、replication、image_scan、access等的metadata数据
安装Harbor

下载地址:https://github.com/vmware/harbor/releases

安装文档:https://github.com/vmware/harbor/blob/master/docs/installation_guide.md

环境准备:共四台主机

  • 两台主机当harbor,地址:10.0.0.101|102
  • 另两台主机上传和下载镜像
安装docker
[root@ubuntu1804~]#cat install_docker_for_ubuntu1804.sh 
COLOR="echo -e \\033[1;31m"
END="\033[m"
DOCKER_VERSION="5:19.03.5~3-0~ubuntu-bionic"
 
install_docker(){
apt update
apt-yinstall apt-transport-https ca-certificates curl software-properties-common
curl-fsSL https://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | sudo apt-key add -
add-apt-repository"deb [arch=amd64] https://mirrors.aliyun.com/docker-ce/linux/ubuntu $(lsb_release -cs) stable"
aptupdate
${COLOR}"Docker有以下版本"${END}
apt-cachemadisondocker-ce
${COLOR}"5秒后即将安装: docker-"${DOCKER_VERSION}" 版本....."${END}
${COLOR}"如果想安装其它Docker版本,请按ctrl+c键退出,修改版本再执行"${END}
sleep5
 
apt-yinstall docker-ce=${DOCKER_VERSION}docker-ce-cli=${DOCKER_VERSION}
 
mkdir-p/etc/docker
tee/etc/docker/daemon.json<<-'EOF'
{
"registry-mirrors":["https://si7y70hh.mirror.aliyuncs.com"]
}
EOF
systemctldaemon-reload
systemctlrestartdocker
dockerversion&&${COLOR}"Docker 安装成功"${END}||${COLOR}"Docker 安装失败"${END}
}
dpkg-sdocker-ce&>/dev/null&&${COLOR}"Docker已安装"${END}||install_docker
 
[root@ubuntu1804~]#bash install_docker_for_ubuntu1804.sh 
[root@ubuntu1804~]#docker version
Client:Docker Engine-Community
Version:19.03.5
API version:1.40
Go version:go1.12.12
Git commit:633a0ea838
Built:Wed Nov1307:29:522019
OS/Arch:linux/amd64
Experimental:false
 
Server:Docker Engine-Community
Engine:
Version:19.03.5
API version:1.40(minimum version1.12)
Go version:go1.12.12
Git commit:633a0ea838
Built:Wed Nov1307:28:222019
OS/Arch:linux/amd64
Experimental:false
containerd:
Version:1.2.10
GitCommit:b34a5c8af56e510852c35414db4c1f4fa6172339
runc:
Version:1.0.0-rc8+dev
GitCommit:3e425f80a8c931f88e6d94a8c831b9d5aa481657
docker-init:
Version:0.18.0
GitCommit:fec3683

 

下载Harbor安装包并解压缩

以下使用 harbor 稳定版本1.7.6安装包

方法1:下载离线完整安装包,推荐使用

 

[root@ubuntu1804~]#wget https://storage.googleapis.com/harbor-releases/release-1.7.0/harbor-offline-installer-v1.7.6.tgz

方法2:下载在线安装包 ,不是很推荐

[root@ubuntu1804~]#wget https://storage.googleapis.com/harbor-releases/release-1.7.0/harbor-online-installer-v1.7.6.tgz

 

 

[root@ubuntu1804~]#ls -lh harbor-o*
-rw-r--r--1root root568MSep1813:24harbor-offline-installer-v1.7.6.tgz
-rw-r--r--1root root275KSep1813:37harbor-online-installer-v1.7.6.tgz

解压缩

[root@ubuntu1804~]#mkdir /apps
[root@ubuntu1804~]#tar xvf harbor-offline-installer-v1.7.6.tgz  -C /apps/
编辑配置文件 harbor.cfg

 

[root@ubuntu1804~]#vim /apps/harbor/harbor.cfg
#只需要修改下面两行
hostname=10.0.0.101#指向当前主机IP
harbor_admin_password=123456#指定harbor登录用户admin的密码

 

先安装docker compose
#docker compose 必须先于harbor安装,否则会报以下错误
[root@ubuntu1804~]#/apps/harbor/install.sh 
 
[Step0]:checking installation environment...
 
Note:docker version:19.03.5
✖Need toinstall docker-compose(1.7.1+)by yourself first andrun thisscript again

安装docker compose

 

#方法1:通过pip安装,版本较新docker_compose-1.25.3,推荐使用
[root@ubuntu1804~]#apt -y install python-pip
[root@ubuntu1804~]#pip install docker-compose
[root@ubuntu1804~]#docker-compose --version
docker-compose version1.25.3,build unknown
 
#方法2:直接从github下载安装对应版本
#参看说明:https://github.com/docker/compose/releases
curl-Lhttps://github.com/docker/compose/releases/download/1.25.3/docker-compose-<code>uname -s</code>-<code>uname -m</code> -o /usr/local/bin/docker-compose
chmod+x/usr/local/bin/docker-compose
 
#方法3:直接安装,版本较旧docker-compose-1.17.1-2,不推荐使用
[root@ubuntu1804~]#apt -y install docker-compose
[root@ubuntu1804~]#docker-compose --version
docker-compose version1.17.1,build unknown

 

运行安装脚本安装harbor
#再次安装docker harbor 
[root@ubuntu1804~]#/apps/harbor/install.sh 
 
[Step0]:checking installation environment...
 
Note:docker version:19.03.5
 
Note:docker-compose version:1.25.3
 
[Step1]:loading Harbor images...
......
[Step4]:starting Harbor...
Creating network"harbor_harbor"with the defaultdriver
Creating harbor-log...done
Creating registryctl...done
Creating harbor-db...done
Creating redis...done
Creating registry...done
Creating harbor-adminserver...done
Creating harbor-core...done
Creating harbor-jobservice...done
Creating harbor-portal...done
Creating nginx...done
 
✔----Harbor has been installed andstarted successfully.----
 
Now you should be able tovisit the admin portal at http://10.0.0.101. 
Formore details,please visit https://github.com/goharbor/harbor .
 
#安装harbor后会自动开启很多相关容器
[root@ubuntu1804~]#docker ps 
CONTAINER ID        IMAGE                                    COMMAND                  CREATED             STATUS                    PORTS                                                              NAMES
1b47a3eeedd2goharbor/nginx-photon:v1.7.6"nginx -g 'daemon of…"14minutes ago      Up14minutes(healthy)0.0.0.0:80->80/tcp,0.0.0.0:443->443/tcp,0.0.0.0:4443->4443/tcp   nginx
5f3a0a0db734goharbor/harbor-portal:v1.7.6"nginx -g 'daemon of…"14minutes ago      Up14minutes(healthy)80/tcp                                                             harbor-portal
8e4265efe8eegoharbor/harbor-jobservice:v1.7.6"/harbor/start.sh"14minutes ago      Up14minutes                                                                                harbor-jobservice
d1a048525d79        goharbor/harbor-core:v1.7.6"/harbor/start.sh"14minutes ago      Up14minutes(healthy)harbor-core
4a989eb92af1goharbor/harbor-adminserver:v1.7.6"/harbor/start.sh"14minutes ago      Up14minutes(healthy)harbor-adminserver
c875d3959c56        goharbor/registry-photon:v2.6.2-v1.7.6"/entrypoint.sh /etc…"14minutes ago      Up14minutes(healthy)5000/tcp                                                           registry
2a963125a0e6goharbor/redis-photon:v1.7.6"docker-entrypoint.s…"14minutes ago      Up14minutes6379/tcp                                                           redis
a0751df44d68        goharbor/harbor-registryctl:v1.7.6"/harbor/start.sh"14minutes ago      Up14minutes(healthy)registryctl
b0ef6ed0d46b        goharbor/harbor-db:v1.7.6"/entrypoint.sh post…"14minutes ago      Up14minutes(healthy)5432/tcp                                                           harbor-db
8e667c6ccbc1goharbor/harbor-log:v1.7.6"/bin/sh -c /usr/loc…"14minutes ago      Up14minutes(healthy)127.0.0.1:1514->10514/tcp                                          harbor-log

 

登录harbor主机网站

用浏览器访问:http://10.0.0.101/

用户名:admin

密码:即前面harbor.cfg中指定的密码

把生命浪费在美好的事物上