一、简介

Harbor是VMware中国研发团队开发并开源的企业级Docker Registry项目,对中文支持很友好。

Harbor是一个用于存储和分发Docker镜像的企业级Registry服务器。

Harbor具有如下特点:

  • 基于角色的访问控制 - 用户与Docker镜像仓库通过“项目”进行组织管理,一个用户可以对多个镜像仓库在同一命名空间(project)里有不同的权限
  • 镜像复制 - 镜像可以在多个Registry实例中复制(同步)。尤其适合于负载均衡,高可用,混合云和多云的场景
  • 图形化用户界面 - 用户可以通过浏览器来浏览,检索当前Docker镜像仓库,管理项目和命名空间
  • AD/LDAP 支持 - Harbor可以集成企业内部已有的AD/LDAP,用于鉴权认证管理
  • 审计管理 - 所有针对镜像仓库的操作都可以被记录追溯,用于审计管理
  • 国际化 - 已拥有英文、中文、德文、日文和俄文的本地化版本。更多的语言将会添加进来
  • RESTful API - RESTful API 提供给管理员对于Harbor更多的操控, 使得与其它管理软件集成变得更容易
  • 部署简单 - 提供在线和离线两种安装工具, 也可以安装到vSphere平台(OVA方式)虚拟设备

镜像的存储,Harbor使用的是官方的docker registry(v2命名是distribution)服务去完成。Harbor在docker distribution的基础上增加了一些安全、访问控制、管理的功能以满足企业对于镜像仓库的需求。

Harbor以docker-compose的规范形式组织各个组件,并通过docker-compose工具进行启停。

docker的registry是用本地存储或者s3、Ceph、Swift都是可以的,Harbor的功能是在此之上提供用户权限管理、镜像复制等功能,提高使用的registry的效率。Harbor的镜像拷贝功能是通过docker registry的API去拷贝,这种做法屏蔽了繁琐的底层文件操作、不仅可以利用现有docker registry功能不必重复造轮子,而且可以解决冲突和一致性问题。

二、Harbor获取地址

1.         Harbor中文官网:https://vmware.github.io/harbor/cn/

2.         Github地址:https://github.com/vmware/harbor

3.         Harbor下载地址:https://github.com/vmware/harbor/releases

4.         Harbor二进制离线包镜像站点:http://harbor.orientsoft.cn/

三、Harbor安装前提条件

Hardware

CPU最小双核

建议4核

内存最小4GB

建议8GB

硬盘最小40GB

建议160GB

Software

Python

2.7 or higher

 

Docker engine

1.10 or higher

 

Docker compose

1.6.0 or higher

Python编写的一个工具,通过Docker compose编排部署的harbor

Openssl

Latest is preferred

 

注:

Harbor的所有服务组件都是在docker中部署的,所以官方安装使用docker-compose快速部署,所以我们需要安装docker、docker-compose

由于Harbor是基于Docker registry V2版本,所以就要求Docker版本不小于1.10.0,docker-compose版本不小于1.6.0

Network ports

443

HTTPS

 

4443

HTTS

Connections to the Docker Content Trust service for Harbor, only needed when Notary is enabled

80

HTTP

Harbor UI and API will accept requests on this port for http protocol

四、Harbor安装前准备

  1. 安装Docker
  2. 安装docker-compose
cd /home/gisyun/soft/harbor;
unzip docker-compose-linux-x86_64.zip;
chmod +x docker-compose        #增加权限
mv docker-compose /usr/bin/            #移动到可执行路径方便使用
docker-compose version             #查看版本信息,校验是否安装成功

软件版本

docker

18.03-CE

docker-compose

1.21.2

Harbor

1.5.1

五、https方式安装Harbor

1.自签TLS证书  https://github.com/vmware/harbor/blob/master/docs/configure_https.md(跟该官方配置走)

(1)解压harbor包,在解压的包内创建一个ssl目录来存放一会儿创建的证书;进入ssl目录执行以下操作。

(2) Create your own CA certificate: In a test or development environment, you may choose to use a self-signed certificate instead of the one from a CA. The below commands generate your own certificate:

openssl req \
    -newkey rsa:4096 -nodes -sha256 -keyout ca.key \
-x509 -days 365 -out ca.crt
注意:
Country Name是个名称,填写CN;
State or Province Name、Locality Name、Organization Name、Organizational Unit Name可以不输入;
Common Name填写gisyun;

(3)Generate a Certificate Signing Request:(指定一个域名)

If you use FQDN like reg.yourdomain.com to connect your registry host, then you must use reg.yourdomain.com as CN (Common Name). Otherwise, if you use IP address to connect your registry host, CN can be anything like your name and so on:

openssl req \
    -newkey rsa:4096 -nodes -sha256 -keyout reg.gisnci.com.key \
-out reg.gisnci.com.csr
注意:一会儿以reg.gisnci.com域名作为仓库的访问地址
Country Name是个名称,填写CN;
Common Name填写reg.gisnci.com即使用的域名;
其它可以忽略,密码也不设置。

(4)Generate the certificate of your registry host(拿请求证书向CA证书颁发)

openssl x509 -req -days 3650 -in reg.gisnci.com.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out reg.gisnci.com.crt

ssl目录下会产生证书文件,其中的crt是一会儿用到的。

2.Harbor安装与配置

(1)配置Harbor

vim harbor.cfg

### 指定 harbor 的主机名,可以是IP地址,也可以是域名(不能注释再指定)
hostname = reg.gisnci.com
### 指定用户访问使用的协议,默认http,这里使用https
ui_url_protocol = https
### 设置证书文件路径
ssl_cert = ./ssl/reg.gisnci.com.crt
ssl_cert_key = ./ssl/reg.gisnci.com.key
### 指定 harbor 管理员密码
harbor_admin_password = Harbor12345(默认Harbor12345)

注:harbor 的主机名 hostname 不能注释再指定,必须删除默认设置再指定主机名,不然会产生错误。

(2)安装Harbor

./prepare
[root@localhost harbor]# ./install.sh 

[Step 0]: checking installation environment ...

Note: docker version: 18.03.1

Note: docker-compose version: 1.21.2

[Step 1]: loading Harbor images ...
52ef9064d2e4: Loading layer [==================================================>]  135.9MB/135.9MB
4a6862dbadda: Loading layer [==================================================>]  23.25MB/23.25MB
58b7d0c522b2: Loading layer [==================================================>]   24.4MB/24.4MB
9cd4bb748634: Loading layer [==================================================>]  7.168kB/7.168kB
c81302a14908: Loading layer [==================================================>]  10.56MB/10.56MB
7848e9ba72a3: Loading layer [==================================================>]  24.39MB/24.39MB
Loaded image: vmware/harbor-ui:v1.5.1
f1691b5a5198: Loading layer [==================================================>]  73.15MB/73.15MB
a529013c99e4: Loading layer [==================================================>]  3.584kB/3.584kB
d9b4853cff8b: Loading layer [==================================================>]  3.072kB/3.072kB
3d305073979e: Loading layer [==================================================>]  4.096kB/4.096kB
c9e17074f54a: Loading layer [==================================================>]  3.584kB/3.584kB
956055840e30: Loading layer [==================================================>]  9.728kB/9.728kB
Loaded image: vmware/harbor-log:v1.5.1
185db06a02d0: Loading layer [==================================================>]  23.25MB/23.25MB
835213979c70: Loading layer [==================================================>]   20.9MB/20.9MB
f74eeb41c1c9: Loading layer [==================================================>]   20.9MB/20.9MB
Loaded image: vmware/harbor-jobservice:v1.5.1
9bd5c7468774: Loading layer [==================================================>]  23.25MB/23.25MB
5fa6889b9a6d: Loading layer [==================================================>]   2.56kB/2.56kB
bd3ac235b209: Loading layer [==================================================>]   2.56kB/2.56kB
cb5d493833cc: Loading layer [==================================================>]  2.048kB/2.048kB
557669a074de: Loading layer [==================================================>]   22.8MB/22.8MB
f02b4f30a9ac: Loading layer [==================================================>]   22.8MB/22.8MB
Loaded image: vmware/registry-photon:v2.6.2-v1.5.1
5d3b562db23e: Loading layer [==================================================>]  23.25MB/23.25MB
8edca1b0e3b0: Loading layer [==================================================>]  12.16MB/12.16MB
ce5f11ea46c0: Loading layer [==================================================>]   17.3MB/17.3MB
93750d7ec363: Loading layer [==================================================>]  15.87kB/15.87kB
36f81937e80d: Loading layer [==================================================>]  3.072kB/3.072kB
37e5df92b624: Loading layer [==================================================>]  29.46MB/29.46MB
Loaded image: vmware/notary-server-photon:v0.5.1-v1.5.1
0a2f8f90bd3a: Loading layer [==================================================>]  401.3MB/401.3MB
41fca4deb6bf: Loading layer [==================================================>]  9.216kB/9.216kB
f2e28262e760: Loading layer [==================================================>]  9.216kB/9.216kB
68677196e356: Loading layer [==================================================>]   7.68kB/7.68kB
2b006714574e: Loading layer [==================================================>]  1.536kB/1.536kB
Loaded image: vmware/mariadb-photon:v1.5.1
a8c4992c632e: Loading layer [==================================================>]  156.3MB/156.3MB
0f37bf842677: Loading layer [==================================================>]  10.75MB/10.75MB
9f34c0cd38bf: Loading layer [==================================================>]  2.048kB/2.048kB
91ca17ca7e16: Loading layer [==================================================>]  48.13kB/48.13kB
5a7e0da65127: Loading layer [==================================================>]   10.8MB/10.8MB
Loaded image: vmware/clair-photon:v2.0.1-v1.5.1
0e782fe069e7: Loading layer [==================================================>]  23.25MB/23.25MB
67fc1e2f7009: Loading layer [==================================================>]  15.36MB/15.36MB
8db2141aa82c: Loading layer [==================================================>]  15.36MB/15.36MB
Loaded image: vmware/harbor-adminserver:v1.5.1
3f87a34f553c: Loading layer [==================================================>]  4.772MB/4.772MB
Loaded image: vmware/nginx-photon:v1.5.1
Loaded image: vmware/photon:1.0
ad58f3ddcb1b: Loading layer [==================================================>]  10.95MB/10.95MB
9b50f12509bf: Loading layer [==================================================>]   17.3MB/17.3MB
2c21090fd212: Loading layer [==================================================>]  15.87kB/15.87kB
38bec864f23e: Loading layer [==================================================>]  3.072kB/3.072kB
6e81ea7b0fa6: Loading layer [==================================================>]  28.24MB/28.24MB
Loaded image: vmware/notary-signer-photon:v0.5.1-v1.5.1
897a26fa09cb: Loading layer [==================================================>]  95.02MB/95.02MB
16e3a10a21ba: Loading layer [==================================================>]  6.656kB/6.656kB
85ecac164331: Loading layer [==================================================>]  2.048kB/2.048kB
37a2fb188706: Loading layer [==================================================>]   7.68kB/7.68kB
Loaded image: vmware/postgresql-photon:v1.5.1
bed9f52be1d1: Loading layer [==================================================>]  11.78kB/11.78kB
d731f2986f6e: Loading layer [==================================================>]   2.56kB/2.56kB
c3fde9a69f96: Loading layer [==================================================>]  3.072kB/3.072kB
Loaded image: vmware/harbor-db:v1.5.1
7844feb13ef3: Loading layer [==================================================>]  78.68MB/78.68MB
de0fd8aae388: Loading layer [==================================================>]  3.072kB/3.072kB
3f79efb720fd: Loading layer [==================================================>]   59.9kB/59.9kB
1c02f801c2e8: Loading layer [==================================================>]  61.95kB/61.95kB
Loaded image: vmware/redis-photon:v1.5.1
454c81edbd3b: Loading layer [==================================================>]  135.2MB/135.2MB
e99db1275091: Loading layer [==================================================>]  395.4MB/395.4MB
051e4ee23882: Loading layer [==================================================>]  9.216kB/9.216kB
6cca4437b6f6: Loading layer [==================================================>]  9.216kB/9.216kB
1d48fc08c8bc: Loading layer [==================================================>]   7.68kB/7.68kB
0419724fd942: Loading layer [==================================================>]  1.536kB/1.536kB
543c0c1ee18d: Loading layer [====================================>              ]  475.7MB/655.2MB
543c0c1ee18d: Loading layer [==================================================>]  655.2MB/655.2MB
4190aa7e89b8: Loading layer [==================================================>]  103.9kB/103.9kB
Loaded image: vmware/harbor-migrator:v1.5.0


[Step 2]: preparing environment ...
Clearing the configuration file: ./common/config/adminserver/env
Clearing the configuration file: ./common/config/ui/env
Clearing the configuration file: ./common/config/ui/app.conf
Clearing the configuration file: ./common/config/ui/private_key.pem
Clearing the configuration file: ./common/config/db/env
Clearing the configuration file: ./common/config/jobservice/env
Clearing the configuration file: ./common/config/jobservice/config.yml
Clearing the configuration file: ./common/config/registry/config.yml
Clearing the configuration file: ./common/config/registry/root.crt
Clearing the configuration file: ./common/config/nginx/cert/reg.gisnci.com.crt
Clearing the configuration file: ./common/config/nginx/cert/reg.gisnci.com.key
Clearing the configuration file: ./common/config/nginx/nginx.conf
Clearing the configuration file: ./common/config/log/logrotate.conf
loaded secret from file: /data/secretkey
Generated configuration file: ./common/config/nginx/nginx.conf
Generated configuration file: ./common/config/adminserver/env
Generated configuration file: ./common/config/ui/env
Generated configuration file: ./common/config/registry/config.yml
Generated configuration file: ./common/config/db/env
Generated configuration file: ./common/config/jobservice/env
Generated configuration file: ./common/config/jobservice/config.yml
Generated configuration file: ./common/config/log/logrotate.conf
Generated configuration file: ./common/config/jobservice/config.yml
Generated configuration file: ./common/config/ui/app.conf
Generated certificate, key file: ./common/config/ui/private_key.pem, cert file: ./common/config/registry/root.crt
The configuration files are ready, please use docker-compose to start the service.


[Step 3]: checking existing instance of Harbor ...


[Step 4]: starting Harbor ...
Creating network "harbor_harbor" with the default driver
Creating harbor-log ... done
Creating harbor-db          ... done
Creating registry           ... done
Creating harbor-adminserver ... done
Creating redis              ... done
Creating harbor-ui          ... done
Creating harbor-jobservice  ... done
Creating nginx              ... done

✔ ----Harbor has been installed and started successfully.----

Now you should be able to visit the admin portal at https://reg.gisnci.com. 
For more details, please visit https://github.com/vmware/harbor .

(3)查看容器状况

[root@localhost ssl]# docker-compose ps
  Name                     Command                  State                                    Ports                              
-------------------------------------------------------------------------------------------------------------------------------------
harbor-adminserver   /harbor/start.sh                 Up (healthy)                                                                   
harbor-db            /usr/local/bin/docker-entr ...   Up (healthy)   3306/tcp                                                        
harbor-jobservice    /harbor/start.sh                 Up                                                                             
harbor-log           /bin/sh -c /usr/local/bin/ ...   Up (healthy)   127.0.0.1:1514->10514/tcp                                       
harbor-ui            /harbor/start.sh                 Up (healthy)                                                                   
nginx                nginx -g daemon off;             Up (healthy)   0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp, 0.0.0.0:80->80/tcp
redis                docker-entrypoint.sh redis ...   Up             6379/tcp                                                        
registry             /entrypoint.sh serve /etc/ ...   Up (healthy)   5000/tcp

If a container is not in UP state, check the log file of that container in directory /var/log/harbor. For example, if the container harbor-ui is not running, you should look at the log file ui.log.

Harbor共由八个容器组成:

  1. harbor-adminserver:harbor系统管理服务
  2. harbor-db: 由官方mysql镜像构成的数据库容器
  3. harbor-jobservice:harbor的任务管理服务
  4. harbor-log:harbor的日志收集、管理服务
  5. harbor-ui:harbor的web页面服务
  6. nginx:负责流量转发和安全验证
  7. registry:官方的Docker registry,负责保存镜像
  8. redis

六、浏览器访问Harbor

访问客户端配置hosts:192.168.56.206 reg.gisnci.com

浏览器输入https://harborip或者https://harbordomain,访问gis私有仓库输入https://reg.gisnci.com/,会提示“您的连接不是私密连接”,选择“继续访问”。

harbor仓库和磁盘 harbor镜像仓库同步_ci