Project Harbor is an enterprise-class registry server that stores and distributes Docker images. Harbor extends the open source Docker Distribution by adding the functionalities usually required by an enterprise, such as security, identity and management. As an enterprise private registry, Harbor offers better performance and security. Having a registry closer to the build and run environment improves the image transfer efficiency. Harbor supports the setup of multiple registries and has images replicated between them. In addition, Harbor offers advanced security features, such as user management, access control and activity auditing.

• 项目地址：https://github.com/vmware/harbor

• 网盘下载：harbor-offline-installer-v1.3.0.tgz

1.环境准备

系统：centos7.2 4.14.14-1.el7.elrepo.x86_64 Docker version 17.12.0-ce
最低配置：2c 2g
主机名： linux-node1(192.168.56.11),linux-node2(12),linux-node3(13)
node1和node2部署harbor(高可用)，node3做客户端操作
关闭防火墙、SELINUX

2.修改配置

node3调整配置，方便push镜像：
[root@linux-node3 ~]# cat /etc/docker/daemon.json 
{
  "registry-mirrors": ["https://1qpbuya8.mirror.aliyuncs.com"],
  "insecure-registries": ["192.168.56.11","192.168.56.12"] 
}

[root@linux-node1 ~/harbor]# ll ~/harbor
total 934356
drwxr-xr-x 4 root root        35 Jan 21 04:11 common
-rw-r--r-- 1 root root      1119 Jan  4 18:33 docker-compose.clair.yml
-rw-r--r-- 1 root root      1702 Jan  4 18:33 docker-compose.notary.yml
-rw-r--r-- 1 root root      3303 Jan  4 18:33 docker-compose.yml
-rw-r--r-- 1 root root      4304 Jan  4 18:33 harbor_1_1_0_template
-rw-r--r-- 1 root root      5004 Jan 21 04:01 harbor.cfg
-rw-r--r-- 1 root root 955424047 Jan  4 18:39 harbor.v1.3.0.tar.gz
-rwxr-xr-x 1 root root      5332 Jan  4 18:33 install.sh
-rw-r--r-- 1 root root   1284054 Jan  4 18:33 LICENSE
-rw-r--r-- 1 root root       481 Jan  4 18:33 NOTICE
-rwxr-xr-x 1 root root     18882 Jan  4 18:33 prepare
-rwxr-xr-x 1 root root      4550 Jan  4 18:33 upgrade

#主要修改hostname和登陆密码，其余不配置
[root@linux-node1 ~/harbor]# egrep -v "^#|^$" harbor.cfg 
hostname = 192.168.56.11 #修改为node1 IP地址
ui_url_protocol = http
db_password = root123
max_job_workers = 3 
customize_crt = on
ssl_cert = /data/cert/server.crt
ssl_cert_key = /data/cert/server.key
secretkey_path = /data
admiral_url = NA
clair_db_password = password
log_rotate_count = 50
log_rotate_size = 200M
email_identity = 
email_server = smtp.mydomain.com
email_server_port = 25
email_username = sample_admin@mydomain.com
email_password = abc
email_from = admin <sample_admin@mydomain.com>
email_ssl = false
email_insecure = false
harbor_admin_password = chegva.com #登陆密码
auth_mode = db_auth
ldap_url = ldaps://ldap.mydomain.com
ldap_basedn = ou=people,dc=mydomain,dc=com
ldap_uid = uid 
ldap_scope = 3 
ldap_timeout = 5
self_registration = on
token_expiration = 30
project_creation_restriction = everyone
db_host = mysql
db_port = 3306
db_user = root
uaa_endpoint = uaa.mydomain.org
uaa_clientid= id
uaa_clientsecret= secret
uaa_ca_root= /path/to/uaa_ca.pem

3.安装harbor（安装脚本：install.sh）

#tar -zxvf harbor-offline-installer-v1.3.0.tgz && cd harbor
[root@linux-node1 ~/harbor]# sh install.sh 

[Step 0]: checking installation environment ...

Note: docker version: 17.12.0

Note: docker-compose version: 1.11.2

[Step 1]: loading Harbor images ...
Loaded image: vmware/harbor-adminserver:v1.3.0
Loaded image: vmware/photon:1.0
Loaded image: vmware/notary-photon:signer-0.5.1
Loaded image: vmware/postgresql:9.6.5-photon
Loaded image: vmware/harbor-db-migrator:1.3
Loaded image: vmware/harbor-ui:v1.3.0
Loaded image: vmware/harbor-log:v1.3.0
Loaded image: vmware/nginx-photon:1.11.13
Loaded image: vmware/mariadb-photon:10.2.10
Loaded image: vmware/clair:v2.0.1-photon
Loaded image: vmware/harbor-db:v1.3.0
Loaded image: vmware/harbor-jobservice:v1.3.0
Loaded image: vmware/registry:2.6.2-photon
Loaded image: vmware/notary-photon:server-0.5.1


[Step 2]: preparing environment ...
Clearing the configuration file: ./common/config/adminserver/env
Clearing the configuration file: ./common/config/ui/env
Clearing the configuration file: ./common/config/ui/app.conf
Clearing the configuration file: ./common/config/ui/private_key.pem
Clearing the configuration file: ./common/config/db/env
Clearing the configuration file: ./common/config/jobservice/env
Clearing the configuration file: ./common/config/jobservice/app.conf
Clearing the configuration file: ./common/config/registry/config.yml
Clearing the configuration file: ./common/config/registry/root.crt
Clearing the configuration file: ./common/config/nginx/nginx.conf
Clearing the configuration file: ./common/config/log/logrotate.conf
loaded secret from file: /data/secretkey
Generated configuration file: ./common/config/nginx/nginx.conf
Generated configuration file: ./common/config/adminserver/env
Generated configuration file: ./common/config/ui/env
Generated configuration file: ./common/config/registry/config.yml
Generated configuration file: ./common/config/db/env
Generated configuration file: ./common/config/jobservice/env
Generated configuration file: ./common/config/log/logrotate.conf
Generated configuration file: ./common/config/jobservice/app.conf
Generated configuration file: ./common/config/ui/app.conf
Generated certificate, key file: ./common/config/ui/private_key.pem, cert file: ./common/config/registry/root.crt
The configuration files are ready, please use docker-compose to start the service.


[Step 3]: checking existing instance of Harbor ...


[Step 4]: starting Harbor ...
Creating harbor-log
Creating harbor-adminserver
Creating registry
Creating harbor-db
Creating harbor-ui
Creating harbor-jobservice
Creating nginx

✔ ----Harbor has been installed and started successfully.----

Now you should be able to visit the admin portal at http://192.168.56.11. 
For more details, please visit https://github.com/vmware/harbor

登陆密码：admin/chegva.com 
启动命令：docker-compose -f docker-compose.yml up -d
停止命令：docker-compose stop

4.基本操作

登陆后我们可以看到系统各个模块如下：

• 项目：新增/删除项目，查看镜像仓库，给项目添加成员、查看操作日志、复制项目等

• 日志：仓库各个镜像create、push、pull等操作日志

• 系统管理 
  

• 用户管理：新增/删除用户、设置管理员等

• 复制管理：新增/删除从库目标、新建/删除/启停复制规则等

• 配置管理：认证模式、复制、邮箱设置、系统设置等

• 其他设置 
  

• 用户设置：修改用户名、邮箱、名称信息

• 修改密码：修改用户密码

注意：非系统管理员用户登录，只能看到有权限的项目和日志，其他模块不可见。

权限：系统管理员：ALL 开发人员：下载提交镜像 访问：只能下载镜像

新建项目 -> 添加成员 -> 添加复制规则

可以发现在node3上测试用管理员登陆可以push镜像，访客权限不行

[root@linux-node3 ~]# docker tag box:v1 192.168.56.11/chegva/box:v2
[root@linux-node3 ~]# docker login 192.168.56.11
Username (admin): anzhihe
Password: 
Login Succeeded
[root@linux-node3 ~]# docker push 192.168.56.11/chegva/box:v2
The push refers to repository [192.168.56.11/chegva/box]
779f37a09c89: Preparing 
denied: requested access to the resource is denied
[root@linux-node3 ~]# docker login 192.168.56.11
Username (anzhihe): admin
Password: 
Login Succeeded
[root@linux-node3 ~]# docker push 192.168.56.11/chegva/box:v2
The push refers to repository [192.168.56.11/chegva/box]
779f37a09c89: Pushed 
v2: digest: sha256:4165dea717b4d7ff56ee9f1835a6f02ed98abe04af1a882dfa8f801e82e31b1e size: 527

push镜像后node1可以看到私有镜像库，同时触发复制规则推送仓库至node2，达到高可用的效果

参考：

• 企业级Registry开源项目Harbor架构简介
  

• Docker镜像仓库Harbor之搭建及配置
  

• harbor离线安装并配置HTTPS私钥认证的Docker仓库
  

• docker 镜像仓库 Harbor 部署 以及 跨数据复制
  

安志合个人博客，版权所有 丨 如未注明，均为原创 丨 转载请注明转自：https://chegva.com/2803.html | ☆★★每天进步一点点,加油!★★☆ |