官方网站
vmware官方开源服务:https://vmware.github.io/
harbor 官方github 地址:https://github.com/vmware/harbor
harbor 官方网址:https://goharbor.io/
harbor官方文档:https://goharbor.io/docs/
Harbor功能官方介绍
-基于角色的访问控制:用户与Docker镜像仓库通过“项目”进行组织管理,一个用户可以对多个镜像仓库在同一命名空间(project)里有不同的权限
-镜像复制:镜像可在多个Registry实例中复制(同步)。尤其适合于负载均衡,高可用,混合云和多云的场景
-图形化用户界面:用户可以通过浏览器来浏览,检索当前Docker镜像仓库,管理项目和命名空间
-AD/LDAP 支:Harbor可以集成企业内部已有的AD/LDAP,用于鉴权认证管理
-审计管理:所有针对镜像仓库的操作都可以被记录追溯,用于审计管理
-国际化:已拥有英文、中文、德文、日文和俄文的本地化版本。更多的语言将会添加进来
-RESTful API:提供给管理员对于Harbor更多的操控, 使得与其它管理软件集成变得更容易
-部署简单:提供在线和离线两种安装工具, 也可以安装到vSphere平台(OVA方式)虚拟设备
Harbor 组成
|
|
#harbor是由很多容器组成实现完整功能
[root@ubuntu1804 ~]#docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
4ec3c3885407 goharbor/nginx-photon:v1.7.6 "nginx -g 'daemon of…" About a minute ago Up About a minute (healthy) 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp nginx
5707b4ac41d8 goharbor/harbor-portal:v1.7.6 "nginx -g 'daemon of…" About a minute ago Up About a minute (healthy) 80/tcp harbor-portal
0ed230b9b714 goharbor/harbor-jobservice:v1.7.6 "/harbor/start.sh" About a minute ago Up About a minute harbor-jobservice
fec659188349 goharbor/harbor-core:v1.7.6 "/harbor/start.sh" About a minute ago Up About a minute (healthy) harbor-core
910d14c1d7f7 goharbor/harbor-adminserver:v1.7.6 "/harbor/start.sh" 2 minutes ago Up About a minute (healthy) harbor-adminserver
4348f503aa0e goharbor/harbor-db:v1.7.6 "/entrypoint.sh post…" 2 minutes ago Up About a minute (healthy) 5432/tcp harbor-db
beff6886f0f1 goharbor/harbor-registryctl:v1.7.6 "/harbor/start.sh" 2 minutes ago Up About a minute (healthy) registryctl
428c99d274bf goharbor/registry-photon:v2.6.2-v1.7.6 "/entrypoint.sh /etc…" 2 minutes ago Up About a minute (healthy) 5000/tcp registry
775b4026fa4e goharbor/redis-photon:v1.7.6 "docker-entrypoint.s…" 2 minutes ago Up About a minute 6379/tcp redis
c6f44e2034c6 goharbor/harbor-log:v1.7.6 "/bin/sh -c /usr/loc…" 2 minutes ago Up 2 minutes (healthy)
|
- Proxy:对应启动组件nginx。它是一个nginx反向代理,代理Notary client(镜像认证)、Docker client(镜像上传下载等)和浏览器的访问请求(Core Service)给后端的各服务
- UI(Core Service):对应启动组件harbor-ui。底层数据存储使用mysql数据库,主要提供了四个子功能:Registry:对应启动组件registry。负责存储镜像文件,和处理镜像的pull/push命令。Harbor对镜像进行强制的访问控制,Registry会将客户端的每个pull、push请求转发到token服务来获取有效的token
- UI:一个web管理页面ui
- API:Harbor暴露的API服务
- Auth:用户认证服务,decode后的token中的用户信息在这里进行认证;auth后端可以接db、ldap、uaa三种认证实现
- Token服务(上图中未体现):负责根据用户在每个project中的role来为每一个docker push/pull命令issuing一个token,如果从docker client发送给registry的请求没有带token,registry会重定向请求到token服务创建token
- Admin Service:对应启动组件harbor-adminserver。是系统的配置管理中心附带检查存储用量,ui和jobserver启动时候需要加载adminserver的配置
- Job Sevice:对应启动组件harbor-jobservice。负责镜像复制工作的,他和registry通信,从一个registry pull镜像然后push到另一个registry,并记录job_log
- Log Collector:对应启动组件harbor-log。日志汇总组件,通过docker的log-driver把日志汇总到一起
- DB:对应启动组件harbor-db,负责存储project、 user、 role、replication、image_scan、access等的metadata数据
安装Harbor
下载地址:https://github.com/vmware/harbor/releases
安装文档:https://github.com/vmware/harbor/blob/master/docs/installation_guide.md
环境准备:共四台主机
- 两台主机当harbor,地址:10.0.0.101|102
- 另两台主机上传和下载镜像
安装docker
|
|
[root@ubuntu1804 ~]#cat install_docker_for_ubuntu1804.sh
COLOR="echo -e \033[1;31m"
END="�33[m"
DOCKER_VERSION="5:19.03.5~3-0~ubuntu-bionic"
install_docker(){
apt update
apt -y install apt-transport-https ca-certificates curl software-properties-common
curl -fsSL https://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | sudo apt-key add -
add-apt-repository "deb [arch=amd64] https://mirrors.aliyun.com/docker-ce/linux/ubuntu $(lsb_release -cs) stable"
apt update
${COLOR}"Docker有以下版本"${END}
apt-cache madison docker-ce
${COLOR}"5秒后即将安装: docker-"${DOCKER_VERSION}" 版本....."${END}
${COLOR}"如果想安装其它Docker版本,请按ctrl+c键退出,修改版本再执行"${END}
sleep 5
apt -y install docker-ce=${DOCKER_VERSION} docker-ce-cli=${DOCKER_VERSION}
mkdir -p /etc/docker
tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["https://si7y70hh.mirror.aliyuncs.com"]
}
EOF
systemctl daemon-reload
systemctl restart docker
docker version && ${COLOR}"Docker 安装成功"${END} || ${COLOR}"Docker 安装失败"${END}
}
dpkg -s docker-ce &> /dev/null && ${COLOR}"Docker已安装"${END} || install_docker
[root@ubuntu1804 ~]#bash install_docker_for_ubuntu1804.sh
[root@ubuntu1804 ~]#docker version
Client: Docker Engine - Community
Version: 19.03.5
API version: 1.40
Go version: go1.12.12
Git commit: 633a0ea838
Built: Wed Nov 13 07:29:52 2019
OS/Arch: linux/amd64
Experimental: false
Server: Docker Engine - Community
Engine:
Version: 19.03.5
API version: 1.40 (minimum version 1.12)
Go version: go1.12.12
Git commit: 633a0ea838
Built: Wed Nov 13 07:28:22 2019
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.2.10
GitCommit: b34a5c8af56e510852c35414db4c1f4fa6172339
runc:
Version: 1.0.0-rc8+dev
GitCommit: 3e425f80a8c931f88e6d94a8c831b9d5aa481657
docker-init:
Version: 0.18.0
GitCommit: fec3683
|
下载Harbor安装包并解压缩
以下使用 harbor 稳定版本1.7.6安装包
方法1:下载离线完整安装包,推荐使用
|
|
[root@ubuntu1804 ~]#wget https://storage.googleapis.com/harbor-releases/release-1.7.0/harbor-offline-installer-v1.7.6.tgz
|
方法2:下载在线安装包 ,不是很推荐
|
|
[root@ubuntu1804 ~]#wget https://storage.googleapis.com/harbor-releases/release-1.7.0/harbor-online-installer-v1.7.6.tgz
|
|
[root@ubuntu1804 ~]#ls -lh harbor-o*
-rw-r--r-- 1 root root 568M Sep 18 13:24 harbor-offline-installer-v1.7.6.tgz
-rw-r--r-- 1 root root 275K Sep 18 13:37 harbor-online-installer-v1.7.6.tgz
|
解压缩
|
|
[root@ubuntu1804 ~]#mkdir /apps
[root@ubuntu1804 ~]#tar xvf harbor-offline-installer-v1.7.6.tgz -C /apps/
|
编辑配置文件 harbor.cfg
|
|
[root@ubuntu1804 ~]#vim /apps/harbor/harbor.cfg
#只需要修改下面两行
hostname = 10.0.0.101 #指向当前主机IP
harbor_admin_password = 123456 #指定harbor登录用户admin的密码
|
先安装docker compose
|
#docker compose 必须先于harbor安装,否则会报以下错误
[root@ubuntu1804 ~]#/apps/harbor/install.sh
[Step 0]: checking installation environment ...
Note: docker version: 19.03.5
✖ Need to install docker-compose(1.7.1+) by yourself first and run this script again
|
安装docker compose
|
|
#方法1:通过pip安装,版本较新docker_compose-1.25.3,推荐使用
[root@ubuntu1804 ~]#apt -y install python-pip
[root@ubuntu1804 ~]#pip install docker-compose
[root@ubuntu1804 ~]#docker-compose --version
docker-compose version 1.25.3, build unknown
#方法2:直接从github下载安装对应版本
#参看说明:https://github.com/docker/compose/releases
curl -L https://github.com/docker/compose/releases/download/1.25.3/docker-compose-<code>uname -s</code>-<code>uname -m</code> -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
#方法3:直接安装,版本较旧docker-compose-1.17.1-2,不推荐使用
[root@ubuntu1804 ~]#apt -y install docker-compose
[root@ubuntu1804 ~]#docker-compose --version
docker-compose version 1.17.1, build unknown
|
运行安装脚本安装harbor
|
|
#再次安装docker harbor
[root@ubuntu1804 ~]#/apps/harbor/install.sh
[Step 0]: checking installation environment ...
Note: docker version: 19.03.5
Note: docker-compose version: 1.25.3
[Step 1]: loading Harbor images ...
......
[Step 4]: starting Harbor ...
Creating network "harbor_harbor" with the default driver
Creating harbor-log ... done
Creating registryctl ... done
Creating harbor-db ... done
Creating redis ... done
Creating registry ... done
Creating harbor-adminserver ... done
Creating harbor-core ... done
Creating harbor-jobservice ... done
Creating harbor-portal ... done
Creating nginx ... done
✔ ----Harbor has been installed and started successfully.----
Now you should be able to visit the admin portal at http://10.0.0.101.
For more details, please visit https://github.com/goharbor/harbor .
#安装harbor后会自动开启很多相关容器
[root@ubuntu1804 ~]#docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
1b47a3eeedd2 goharbor/nginx-photon:v1.7.6 "nginx -g 'daemon of…" 14 minutes ago Up 14 minutes (healthy) 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp nginx
5f3a0a0db734 goharbor/harbor-portal:v1.7.6 "nginx -g 'daemon of…" 14 minutes ago Up 14 minutes (healthy) 80/tcp harbor-portal
8e4265efe8ee goharbor/harbor-jobservice:v1.7.6 "/harbor/start.sh" 14 minutes ago Up 14 minutes harbor-jobservice
d1a048525d79 goharbor/harbor-core:v1.7.6 "/harbor/start.sh" 14 minutes ago Up 14 minutes (healthy) harbor-core
4a989eb92af1 goharbor/harbor-adminserver:v1.7.6 "/harbor/start.sh" 14 minutes ago Up 14 minutes (healthy) harbor-adminserver
c875d3959c56 goharbor/registry-photon:v2.6.2-v1.7.6 "/entrypoint.sh /etc…" 14 minutes ago Up 14 minutes (healthy) 5000/tcp registry
2a963125a0e6 goharbor/redis-photon:v1.7.6 "docker-entrypoint.s…" 14 minutes ago Up 14 minutes 6379/tcp redis
a0751df44d68 goharbor/harbor-registryctl:v1.7.6 "/harbor/start.sh" 14 minutes ago Up 14 minutes (healthy) registryctl
b0ef6ed0d46b goharbor/harbor-db:v1.7.6 "/entrypoint.sh post…" 14 minutes ago Up 14 minutes (healthy) 5432/tcp harbor-db
8e667c6ccbc1 goharbor/harbor-log:v1.7.6 "/bin/sh -c /usr/loc…" 14 minutes ago Up 14 minutes (healthy) 127.0.0.1:1514->10514/tcp harbor-log
|
登录harbor主机网站
用浏览器访问:http://10.0.0.101/
用户名:admin
密码:即前面harbor.cfg中指定的密码