安装的先决条件:
1、硬件环境
资源 | 容量 | 描述 |
CPU | 最小2 CPU | 4 CPU最好 |
内存 | 最小4GB | 8GB最好 |
磁盘 | 最小40GB | 160GB最好 |
2、软件
软件 | 版本 |
Docker engine | 版本17.06.0-ce +或更高版本 |
Docker Compose | 版本1.18.0或更高版本 |
OpenSSL | 最新的是首选 |
3、网络端口
端口 | 协议 | 描述 |
443 | HTTPS | Harbor端口和核心API将接受此端口上的https协议请求,此端口可以在配置文件中更改 |
4443 | HTTPS | 只有在启用“公证”时才需要连接到Dock的Docker Content Trust服务,此端口可以在配置文件中更改 |
80 | HTTP | Harbor端口和核心API将接受此端口上的http协议请求 |
[root@localhost ~]# yum install -y yum-utils device-mapper-persistent-data lvm2
[root@localhost ~]# yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
[root@localhost ~]# yum install -y docker-ce docker-ce-cli containerd.io启动docker
[root@localhost ~]# systemctl start docker尽量下载新版本的docker-compose:Releases · docker/compose · GitHub
[root@localhost ~]# curl -L https://github.com/docker/compose/releases/download/1.24.1/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 617 0 617 0 0 495 0 --:--:-- 0:00:01 --:--:-- 496
100 15.4M 100 15.4M 0 0 177k 0 0:01:28 0:01:28 --:--:-- 115k对二进制文件赋可执行权限
[root@localhost ~]# chmod +x /usr/local/bin/docker-compose验证docker-compose是否安装成功
[root@localhost ~]# docker-compose --version
docker-compose version 1.24.1, build 4667896b1、从GitHub上Releases · goharbor/harbor · GitHub下载指定版本的安装包
[root@localhost ~]# mkdir -p /harbor
[root@localhost ~]# cd /harbor/
[root@localhost harbor]# yum install -y wget
[root@localhost harbor]# wget https://storage.googleapis.com/harbor-releases/release-1.8.0/harbor-offline-installer-v1.8.0.tgz
[root@localhost harbor]# ll
total 539940
-rw-r--r--. 1 root root 552897681 Jul 22 04:26 harbor-offline-installer-v1.8.0.tgz
[root@localhost harbor]# tar -zxvf harbor-offline-installer-v1.8.0.tgz2、配置harbor
[root@localhost harbor]# ll
total 539940
drwxr-xr-x. 2 root root 100 Jul 22 04:28 harbor
-rw-r--r--. 1 root root 552897681 Jul 22 04:26 harbor-offline-installer-v1.8.0.tgz
[root@localhost harbor]# cd harbor
[root@localhost harbor]# ll
total 543152
-rw-r--r--. 1 root root 556153903 May 16 07:55 harbor.v1.8.0.tar.gz
-rw-r--r--. 1 root root 4839 May 16 07:54 harbor.yml
-rwxr-xr-x. 1 root root 5088 May 16 07:54 install.sh
-rw-r--r--. 1 root root 11347 May 16 07:54 LICENSE
-rwxr-xr-x. 1 root root 1654 May 16 07:54 prepare
[root@localhost harbor]# vim harbor.yml配置文件harbor.yml
# hostname设置访问地址,可以使用ip、域名,不可以设置为127.0.0.1或localhost
hostname: 192.168.14.16
# 访问协议,默认是http,也可以设置https,如果设置https,则nginx ssl需要设置on
# http related config
http:
# port for http, default is 80. If https enabled, this port will redirect to https port
port: 80
# 启动Harbor后,管理员UI登录的密码,默认是Harbor12345
harbor_admin_password: 123456
# mysql数据库root用户默认密码root123,实际使用时修改下
# Harbor DB configuration
database:
# The password for the root user of Harbor DB. Change this before any production use.
password: 123456
# The default data volume
data_volume: /data
clair:
# The interval of clair updaters, the unit is hour, set to 0 to disable the updaters.
updaters_interval: 12
# Config http proxy for Clair, e.g. http://my.proxy.com:3128
# Clair doesn't need to connect to harbor internal components via http proxy.
http_proxy:
https_proxy:
no_proxy: 127.0.0.1,localhost,core,registry
jobservice:
# Maximum number of job workers in job service
max_job_workers: 10
chart:
# Change the value of absolute_url to enabled can enable absolute url in chart
absolute_url: disabled
# Log configurations
log:
# options are debug, info, warning, error, fatal
level: info
# Log files are rotated log_rotate_count times before being removed. If count is 0, old versions are removed rather than rotated.
rotate_count: 50
# Log files are rotated only if they grow bigger than log_rotate_size bytes. If size is followed by k, the size is assumed to be in kilobytes.
# If the M is used, the size is in megabytes, and if G is used, the size is in gigabytes. So size 100, size 100k, size 100M and size 100G
# are all valid.
rotate_size: 200M
# The directory on your host that store log
location: /var/log/harbor
#This attribute is for migrator to detect the version of the .cfg file, DO NOT MODIFY!
_version: 1.8.03、修改配置文件,修改ExecStart=/usr/bin/dockerd这行
root@localhost harbor]# vim /usr/lib/systemd/system/docker.service
#ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
ExecStart=/usr/bin/dockerd -H fd:// --insecure-registry=http://192.168.14.164、重启docker服务
[root@localhost harbor]# systemctl daemon-reload
[root@localhost harbor]# systemctl restart docker5、用Clair安装(镜像扫描功能)
要使用Clair服务安装Harbor,在运行时添加参数install.sh
[root@localhost harbor]# ./install.sh --with-clair
[Step 0]: checking installation environment ...
Note: docker version: 18.09.8
Note: docker-compose version: 1.24.1
[Step 1]: loading Harbor images ...
23d9f72a5270: Loading layer [==================================================>] 33.25MB/33.25MB
1d4a1da12c02: Loading layer [==================================================>] 50.51MB/50.51MB
8eb1a006f3b0: Loading layer [==================================================>] 3.584kB/3.584kB
41b6f75847f4: Loading layer [==================================================>] 3.072kB/3.072kB
ec9bd6e4d4e8: Loading layer [==================================================>] 2.56kB/2.56kB
6d852bb664c2: Loading layer [==================================================>] 3.072kB/3.072kB
0e4ed2b5a5b8: Loading layer [==================================================>] 3.584kB/3.584kB
8dfb2b644f30: Loading layer [==================================================>] 12.29kB/12.29kB
Loaded image: goharbor/harbor-log:v1.8.0
d8c53538042b: Loading layer [==================================================>] 63.34MB/63.34MB
1b5fb7ee22e0: Loading layer [==================================================>] 47.96MB/47.96MB
a8bdca5e9d71: Loading layer [==================================================>] 6.656kB/6.656kB
f7cec940b52c: Loading layer [==================================================>] 2.048kB/2.048kB
301a4a2af7db: Loading layer [==================================================>] 7.68kB/7.68kB
e588e1e3a775: Loading layer [==================================================>] 2.56kB/2.56kB
539f28a5d0ea: Loading layer [==================================================>] 2.56kB/2.56kB
8b4a72241226: Loading layer [==================================================>] 2.56kB/2.56kB
Loaded image: goharbor/harbor-db:v1.8.0
c88db349fb2f: Loading layer [==================================================>] 8.972MB/8.972MB
1f2d4d72bba2: Loading layer [==================================================>] 35.77MB/35.77MB
dddbcf598df5: Loading layer [==================================================>] 2.048kB/2.048kB
0ced476c2d9c: Loading layer [==================================================>] 3.072kB/3.072kB
af24eb0bf40b: Loading layer [==================================================>] 35.77MB/35.77MB
Loaded image: goharbor/chartmuseum-photon:v0.8.1-v1.8.0
b185d348bd7d: Loading layer [==================================================>] 2.56kB/2.56kB
f032ded7f92e: Loading layer [==================================================>] 1.536kB/1.536kB
c6c822edbc47: Loading layer [==================================================>] 66.9MB/66.9MB
73ef3c4363bf: Loading layer [==================================================>] 39.75MB/39.75MB
0c490e002448: Loading layer [==================================================>] 144.4kB/144.4kB
31afe2abafb4: Loading layer [==================================================>] 3.004MB/3.004MB
Loaded image: goharbor/prepare:v1.8.0
257ebcc1c9c4: Loading layer [==================================================>] 8.967MB/8.967MB
7579d3c94fca: Loading layer [==================================================>] 38.68MB/38.68MB
323611f7dd17: Loading layer [==================================================>] 38.68MB/38.68MB
Loaded image: goharbor/harbor-jobservice:v1.8.0
587a5757a7f6: Loading layer [==================================================>] 3.548MB/3.548MB
Loaded image: goharbor/nginx-photon:v1.8.0
a61ab2060e6e: Loading layer [==================================================>] 8.967MB/8.967MB
25359ae00f57: Loading layer [==================================================>] 5.143MB/5.143MB
610a1668f8bf: Loading layer [==================================================>] 15.13MB/15.13MB
db2252abd9e0: Loading layer [==================================================>] 26.47MB/26.47MB
4f406312560b: Loading layer [==================================================>] 22.02kB/22.02kB
1cee0947e5a7: Loading layer [==================================================>] 3.072kB/3.072kB
48db2b9b0752: Loading layer [==================================================>] 46.74MB/46.74MB
Loaded image: goharbor/notary-server-photon:v0.6.1-v1.8.0
aaf447150765: Loading layer [==================================================>] 113MB/113MB
6835441e1a1d: Loading layer [==================================================>] 10.94MB/10.94MB
9f4739e3a532: Loading layer [==================================================>] 2.048kB/2.048kB
928f489135f0: Loading layer [==================================================>] 48.13kB/48.13kB
1495a1a09ada: Loading layer [==================================================>] 3.072kB/3.072kB
1a5f5b141717: Loading layer [==================================================>] 10.99MB/10.99MB
Loaded image: goharbor/clair-photon:v2.0.8-v1.8.0
66006ea937c6: Loading layer [==================================================>] 337.8MB/337.8MB
d272ba122880: Loading layer [==================================================>] 106.5kB/106.5kB
Loaded image: goharbor/harbor-migrator:v1.8.0
05bc5efb1724: Loading layer [==================================================>] 8.967MB/8.967MB
af3a6f89469a: Loading layer [==================================================>] 46.85MB/46.85MB
452d238b3e48: Loading layer [==================================================>] 5.632kB/5.632kB
36e1cb2d6ffa: Loading layer [==================================================>] 27.14kB/27.14kB
5385ffb8451e: Loading layer [==================================================>] 46.85MB/46.85MB
Loaded image: goharbor/harbor-core:v1.8.0
268091c30a67: Loading layer [==================================================>] 71.66MB/71.66MB
4433bcd802e7: Loading layer [==================================================>] 3.072kB/3.072kB
420b26399278: Loading layer [==================================================>] 59.9kB/59.9kB
8864c4b9ac3d: Loading layer [==================================================>] 61.95kB/61.95kB
Loaded image: goharbor/redis-photon:v1.8.0
63645c97bf5d: Loading layer [==================================================>] 8.968MB/8.968MB
ccb295818ad9: Loading layer [==================================================>] 3.072kB/3.072kB
1ec2d1eefa8f: Loading layer [==================================================>] 2.56kB/2.56kB
b88acf0f9f5f: Loading layer [==================================================>] 20.1MB/20.1MB
0e7375de12e6: Loading layer [==================================================>] 20.1MB/20.1MB
Loaded image: goharbor/registry-photon:v2.7.1-patch-2819-v1.8.0
444b0c8bfeee: Loading layer [==================================================>] 3.548MB/3.548MB
ed0415346760: Loading layer [==================================================>] 6.568MB/6.568MB
572bd51089e0: Loading layer [==================================================>] 160.8kB/160.8kB
1410c2919a92: Loading layer [==================================================>] 215kB/215kB
8ecdca210598: Loading layer [==================================================>] 3.584kB/3.584kB
Loaded image: goharbor/harbor-portal:v1.8.0
7fb66591fb58: Loading layer [==================================================>] 8.968MB/8.968MB
42ec4a6394bf: Loading layer [==================================================>] 3.072kB/3.072kB
be6c2180cb57: Loading layer [==================================================>] 20.1MB/20.1MB
d956d9e974c5: Loading layer [==================================================>] 3.072kB/3.072kB
e2e0b4f17ad8: Loading layer [==================================================>] 7.465MB/7.465MB
7e29d670afe9: Loading layer [==================================================>] 27.56MB/27.56MB
Loaded image: goharbor/harbor-registryctl:v1.8.0
453732ea69d4: Loading layer [==================================================>] 13.72MB/13.72MB
c985f3824f33: Loading layer [==================================================>] 26.47MB/26.47MB
76eaa2763221: Loading layer [==================================================>] 22.02kB/22.02kB
0ef55a752948: Loading layer [==================================================>] 3.072kB/3.072kB
c5749b90723d: Loading layer [==================================================>] 45.33MB/45.33MB
Loaded image: goharbor/notary-signer-photon:v0.6.1-v1.8.0
[Step 2]: preparing environment ...
prepare base dir is set to /harbor/harbor
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
Generated and saved secret to file: /secret/keys/secretkey
Generated certificate, key file: /secret/core/private_key.pem, cert file: /secret/registry/root.crt
Generated configuration file: /config/clair/postgres_env
Generated configuration file: /config/clair/config.yaml
Generated configuration file: /config/clair/clair_env
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir
[Step 3]: starting Harbor ...
Creating network "harbor_harbor" with the default driver
Creating network "harbor_harbor-clair" with the default driver
Creating harbor-log ... done
Creating redis ... done
Creating registryctl ... done
Creating harbor-db ... done
Creating registry ... done
Creating harbor-core ... done
Creating clair ... done
Creating harbor-jobservice ... done
Creating harbor-portal ... done
Creating nginx ... done
✔ ----Harbor has been installed and started successfully.----
Now you should be able to visit the admin portal at http://192.168.14.16.
For more details, please visit https://github.com/goharbor/harborharbor依赖的镜像及启动服务
[root@localhost harbor]# docker-compose ps
Name Command State Ports
---------------------------------------------------------------------------------------------
clair /docker-entrypoint.sh Up (healthy) 6060/tcp, 6061/tcp
harbor-core /harbor/start.sh Up (healthy)
harbor-db /entrypoint.sh postgres Up (healthy) 5432/tcp
harbor-jobservice /harbor/start.sh Up
harbor-log /bin/sh -c /usr/local/bin/ ... Up (healthy) 127.0.0.1:1514->10514/tcp
harbor-portal nginx -g daemon off; Up (healthy) 80/tcp
nginx nginx -g daemon off; Up (healthy) 0.0.0.0:80->80/tcp
redis docker-entrypoint.sh redis ... Up 6379/tcp
registry /entrypoint.sh /etc/regist ... Up (healthy) 5000/tcp
registryctl /harbor/start.sh Up (healthy)启动完成后,访问刚设置的hostname即可,默认是80端口,如果端口占用,可以去修改docker-compose.yml文件中,对应服务的端口映射
1、登录账号密码admin/123456,可在harbor.yml修改
2、创建项目
3、docker登录harbor(账号密码:admin/123456)
[root@localhost harbor]# docker login 192.168.14.16
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded4、任意pull一个镜像,然后修改tag(注意格式:仓库IP或域名/harbor仓库二级名称/镜像名称)
[root@localhost harbor]# docker pull nginx
Using default tag: latest
latest: Pulling from library/nginx
0a4690c5d889: Pull complete
9719afee3eb7: Pull complete
44446b456159: Pull complete
Digest: sha256:b4b9b3eee194703fc2fa8afa5b7510c77ae70cfba567af1376a573a967c03dbb
Status: Downloaded newer image for nginx:latest
[root@localhost harbor]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest 98ebf73aba75 4 days ago 109MB
goharbor/chartmuseum-photon v0.8.1-v1.8.0 60a4caf66227 2 months ago 113MB
goharbor/harbor-migrator v1.8.0 765880263e76 2 months ago 361MB
goharbor/redis-photon v1.8.0 66d7402d2770 2 months ago 103MB
goharbor/clair-photon v2.0.8-v1.8.0 7570a336afd5 2 months ago 164MB
goharbor/notary-server-photon v0.6.1-v1.8.0 e8552306a936 2 months ago 135MB
goharbor/notary-signer-photon v0.6.1-v1.8.0 9736ac6c508e 2 months ago 132MB
goharbor/harbor-registryctl v1.8.0 0ca3e2b624f5 2 months ago 96.2MB
goharbor/registry-photon v2.7.1-patch-2819-v1.8.0 1e7d99ccba24 2 months ago 81.3MB
goharbor/nginx-photon v1.8.0 4a4b48b32ae4 2 months ago 36MB
goharbor/harbor-log v1.8.0 e718bdc405a3 2 months ago 81.5MB
goharbor/harbor-jobservice v1.8.0 d47940dd883f 2 months ago 118MB
goharbor/harbor-core v1.8.0 b07a1a4be17f 2 months ago 135MB
goharbor/harbor-portal v1.8.0 76298a1ef089 2 months ago 42.9MB
goharbor/harbor-db v1.8.0 d1e0b3df3e95 2 months ago 140MB
goharbor/prepare v1.8.0 769ca785dab0 2 months ago 139MB
[root@localhost harbor]# docker tag nginx:latest 192.168.14.16/harbor/nginx:new
[root@localhost harbor]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.14.16/harbor/nginx new 98ebf73aba75 4 days ago 109MB
nginx latest 98ebf73aba75 4 days ago 109MB
goharbor/chartmuseum-photon v0.8.1-v1.8.0 60a4caf66227 2 months ago 113MB
goharbor/harbor-migrator v1.8.0 765880263e76 2 months ago 361MB
goharbor/redis-photon v1.8.0 66d7402d2770 2 months ago 103MB
goharbor/clair-photon v2.0.8-v1.8.0 7570a336afd5 2 months ago 164MB
goharbor/notary-server-photon v0.6.1-v1.8.0 e8552306a936 2 months ago 135MB
goharbor/notary-signer-photon v0.6.1-v1.8.0 9736ac6c508e 2 months ago 132MB
goharbor/harbor-registryctl v1.8.0 0ca3e2b624f5 2 months ago 96.2MB
goharbor/registry-photon v2.7.1-patch-2819-v1.8.0 1e7d99ccba24 2 months ago 81.3MB
goharbor/nginx-photon v1.8.0 4a4b48b32ae4 2 months ago 36MB
goharbor/harbor-log v1.8.0 e718bdc405a3 2 months ago 81.5MB
goharbor/harbor-jobservice v1.8.0 d47940dd883f 2 months ago 118MB
goharbor/harbor-core v1.8.0 b07a1a4be17f 2 months ago 135MB
goharbor/harbor-portal v1.8.0 76298a1ef089 2 months ago 42.9MB
goharbor/harbor-db v1.8.0 d1e0b3df3e95 2 months ago 140MB
goharbor/prepare v1.8.0 769ca785dab0 2 months ago 139MB5、push到harbor项目仓库
[root@localhost harbor]# docker push 192.168.14.16/harbor/nginx:new
The push refers to repository [192.168.14.16/harbor/nginx]
589561a3ffb4: Pushed
ef7dbb0cfc81: Pushed
d56055da3352: Pushed
new: digest: sha256:f83b2ffd963ac911f9e638184c8d580cc1f3139d5c8c33c87c3fb90aebdebf76 size: 948
6、镜像扫描
通过开源项目Clair提供漏洞的静态分析。您可以对特定图像或Harbor中的所有图像进行扫描。此外,您还可以设置策略以在每天的指定时间扫描所有图像。 漏洞元数据 Clair依赖于漏洞元数据来完成分析过程。第一次初始安装后,Clair将自动开始从不同的漏洞存储库更新元数据数据库。更新过程可能需要一段时间才能基于数据大小和网络连接。如果数据库尚未完全填充,则存储库数据网格视图的页脚会显示警告消息。
“数据库未完全就绪”警告消息也会显示在“管理”下“ 配置”部分的“漏洞”选项卡中,以提高您的意识。
数据库准备就绪后,整个数据库更新的时间戳将显示在“管理”下“ 配置”部分的“漏洞”选项卡中
本文章为转载内容,我们尊重原作者对文章享有的著作权。如有内容错误或侵权问题,欢迎原作者联系我们进行内容更正或删除文章。
