5月 242019
企业级开源镜像仓库服务
https://github.com/goharbor/harbor
特性
Cloud native registry: With support for both container images and Helm charts, Harbor serves as registry for cloud native environments like container runtimes and orchestration platforms. 云端适用的镜像仓库服务 Role based access control: Users and repositories are organized via 'projects' and a user can have different permission for images under a project. 基于角色的访问控制 Policy based image replication: Images can be replicated (synchronized) between multiple registry instances based on policies with multiple filters (repository, tag and label). Harbor will auto-retry to replicate if it encounters any errors. Great for load balancing, high availability, multi-datacenter, hybrid and multi-cloud scenarios. 基于策略的镜像复制技术 Vulnerability Scanning: Harbor scans images regularly and warns users of vulnerabilities. 镜像漏洞扫描 LDAP/AD support: Harbor integrates with existing enterprise LDAP/AD for user authentication and management, and supports importing LDAP groups into Harbor and assigning proper project roles to them. LDAP和AD集成支持 Image deletion & garbage collection: Images can be deleted and their space can be recycled. 镜像删除和垃圾回收机制 Notary: Image authenticity can be ensured. 镜像可信公证机制 Graphical user portal: User can easily browse, search repositories and manage projects. 图形化用户门户 Auditing: All the operations to the repositories are tracked. 操作可审计 RESTful API: RESTful APIs for most administrative operations, easy to integrate with external systems. 具有RESTful接口 Easy deployment: Provide both an online and offline installer. 易于部署
安装配置环境要求
软件
On a Linux host: docker 17.03.0-ce+ and docker-compose 1.18.0+ .
硬件:最小2核4G
端口开放:TCP80/443/4443
下载离线安装包
https://storage.googleapis.com/harbor-releases/release-1.8.0/harbor-offline-installer-v1.8.0.tgz [root@iZj6cehstgjoj3qav88fidZ ~]# curl -O https://storage.googleapis.com/harbor-releases/release-1.8.0/harbor-offline-installer-v1.8.0.tgz % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 527M 100 527M 0 0 12.3M 0 0:00:42 0:00:42 --:--:-- 12.2M [root@iZj6cehstgjoj3qav88fidZ ~]#
安装docker最新版
安装仓库源
[root@iZj6cehstgjoj3qav88fidZ ~]# yum install -y yum-utils device-mapper-persistent-data lvm2
[root@iZj6cehstgjoj3qav88fidZ ~]# yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo Loaded plugins: fastestmirror adding repo from: https://download.docker.com/linux/centos/docker-ce.repo grabbing file https://download.docker.com/linux/centos/docker-ce.repo to /etc/yum.repos.d/docker-ce.repo repo saved to /etc/yum.repos.d/docker-ce.repo [root@iZj6cehstgjoj3qav88fidZ ~]# [root@iZj6cehstgjoj3qav88fidZ ~]# yum install docker-ce docker-ce-cli containerd.io
启动服务
[root@iZj6cehstgjoj3qav88fidZ ~]# systemctl enable docker Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service. [root@iZj6cehstgjoj3qav88fidZ ~]# systemctl start docker [root@iZj6cehstgjoj3qav88fidZ ~]#
安装docker-compose最新版
下载
[root@iZj6cehstgjoj3qav88fidZ ~]# sudo curl -L "https://github.com/docker/compose/releases/download/1.24.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 617 0 617 0 0 567 0 --:--:-- 0:00:01 --:--:-- 567 100 15.4M 100 15.4M 0 0 2972k 0 0:00:05 0:00:05 --:--:-- 4764k [root@iZj6cehstgjoj3qav88fidZ ~]#
修改权限
[root@iZj6cehstgjoj3qav88fidZ ~]# chmod +x /usr/local/bin/docker-compose [root@iZj6cehstgjoj3qav88fidZ ~]# ll /usr/local/bin/docker-compose -rwxr-xr-x 1 root root 16154160 May 27 18:00 /usr/local/bin/docker-compose [root@iZj6cehstgjoj3qav88fidZ ~]#
安装OpenSSL及自签证书
https://github.com/goharbor/harbor/blob/master/docs/configure_https.md
安装OpenSSL
[root@iZj6cehstgjoj3qav88fidZ ~]# yum -y install openssl
生成CA证书和密钥
[root@iZj6cehstgjoj3qav88fidZ ~]# openssl genrsa -out ca.key 4096 Generating RSA private key, 4096 bit long modulus ..........................++ ................++ e is 65537 (0x10001) [root@iZj6cehstgjoj3qav88fidZ ~]# [root@iZj6cehstgjoj3qav88fidZ ~]# openssl req -x509 -new -nodes -sha512 -days 3650 \ > -subj "/C=TW/ST=Taipei/L=Taipei/O=example/OU=Personal/CN=yourdomain.com" \ > -key ca.key \ > -out ca.crt [root@iZj6cehstgjoj3qav88fidZ ~]#
生成服务器证书和密钥
1)生成密钥
[root@iZj6cehstgjoj3qav88fidZ ~]# openssl genrsa -out hub.licensebox.cn.key 4096 Generating RSA private key, 4096 bit long modulus .......................................................................................................++ ..................................................................................................++ e is 65537 (0x10001) [root@iZj6cehstgjoj3qav88fidZ ~]#
2)生成CSR
[root@iZj6cehstgjoj3qav88fidZ ~]# openssl req -sha512 -new \ > -subj "/C=TW/ST=Taipei/L=Taipei/O=example/OU=Personal/CN=hub.licensebox.cn" \ > -key hub.licensebox.cn.key \ > -out hub.licensebox.cn.csr [root@iZj6cehstgjoj3qav88fidZ ~]# ls ca.crt ca.key harbor-offline-installer-v1.8.0.tgz hub.licensebox.cn.csr hub.licensebox.cn.key [root@iZj6cehstgjoj3qav88fidZ ~]#
3)生成证书
[root@iZj6cehstgjoj3qav88fidZ ~]# openssl x509 -req -sha512 -days 3650 \ > -CA ca.crt -CAkey ca.key -CAcreateserial \ > -in hub.licensebox.cn.csr \ > -out hub.licensebox.cn.crt Signature ok subject=/C=TW/ST=Taipei/L=Taipei/O=example/OU=Personal/CN=hub.licensebox.cn Getting CA Private Key [root@iZj6cehstgjoj3qav88fidZ ~]# ls ca.crt ca.key ca.srl harbor-offline-installer-v1.8.0.tgz hub.licensebox.cn.crt hub.licensebox.cn.csr hub.licensebox.cn.key [root@iZj6cehstgjoj3qav88fidZ ~]#
转换证书格式(crt–>cert)
[root@iZj6cehstgjoj3qav88fidZ ~]# openssl x509 -inform PEM -in hub.licensebox.cn.crt -out hub.licensebox.cn.cert [root@iZj6cehstgjoj3qav88fidZ ~]# ls ca.crt ca.key ca.srl harbor-offline-installer-v1.8.0.tgz hub.licensebox.cn.cert hub.licensebox.cn.crt hub.licensebox.cn.csr hub.licensebox.cn.key [root@iZj6cehstgjoj3qav88fidZ ~]#
部署证书文件到本机Docker相关配置目录下
[root@iZj6cehstgjoj3qav88fidZ ~]# mkdir -p /etc/docker/certs.d/hub.licensebox.cn/ [root@iZj6cehstgjoj3qav88fidZ ~]# cp ca.crt /etc/docker/certs.d/hub.licensebox.cn/ [root@iZj6cehstgjoj3qav88fidZ ~]# cp hub.licensebox.cn.cert /etc/docker/certs.d/hub.licensebox.cn/ [root@iZj6cehstgjoj3qav88fidZ ~]# cp hub.licensebox.cn.key /etc/docker/certs.d/hub.licensebox.cn/
解压安装包并修改配置文件
[root@iZj6cehstgjoj3qav88fidZ ~]# tar xzf harbor-offline-installer-v1.8.0.tgz [root@iZj6cehstgjoj3qav88fidZ ~]# ls ca.crt ca.key ca.srl harbor harbor-offline-installer-v1.8.0.tgz hub.licensebox.cn.cert hub.licensebox.cn.crt hub.licensebox.cn.csr hub.licensebox.cn.key [root@iZj6cehstgjoj3qav88fidZ ~]# cd harbor [root@iZj6cehstgjoj3qav88fidZ harbor]# ls harbor.v1.8.0.tar.gz harbor.yml install.sh LICENSE prepare [root@iZj6cehstgjoj3qav88fidZ harbor]#
修改配置文件
修改主机名
hostname: reg.mydomain.com Hostname: hub.licensebox.cn
启用443端口和配置证书
# https related config # https: # # https port for harbor, default is 443 # port: 443 # # The path of cert and key files for nginx # certificate: /your/certificate/path # private_key: /your/private/key/path # https related config https: # # https port for harbor, default is 443 port: 443 # # The path of cert and key files for nginx certificate: /root/hub.licensebox.cn.crt private_key: /root/hub.licensebox.cn.key
初始密码修改
harbor_admin_password: Harbor12345 harbor_admin_password: Harbor20190527
修改数据库初始密码(未修改)(生产环境应当修改)
# Harbor DB configuration database: # The password for the root user of Harbor DB. Change this before any production use. password: root123
生成配置文件
[root@iZj6cehstgjoj3qav88fidZ harbor]# ./prepare prepare base dir is set to /root/harbor Unable to find image 'goharbor/prepare:v1.8.0' locally v1.8.0: Pulling from goharbor/prepare 4e360eca2e60: Pull complete cd3c4c42d48b: Pull complete 647e8efbf475: Pull complete 79272af3d010: Pull complete 1aec5eb71578: Pull complete 1a29af1ecc2c: Pull complete e382cb5c1ecb: Pull complete Digest: sha256:c590164ae2c54e360642b1174c8ad90306b05ca0582f02f35889346c113e555d Status: Downloaded newer image for goharbor/prepare:v1.8.0 Generated configuration file: /config/log/logrotate.conf Generated configuration file: /config/nginx/nginx.conf Generated configuration file: /config/core/env Generated configuration file: /config/core/app.conf Generated configuration file: /config/registry/config.yml Generated configuration file: /config/registryctl/env Generated configuration file: /config/db/env Generated configuration file: /config/jobservice/env Generated configuration file: /config/jobservice/config.yml Generated and saved secret to file: /secret/keys/secretkey Generated certificate, key file: /secret/core/private_key.pem, cert file: /secret/registry/root.crt Generated configuration file: /compose_location/docker-compose.yml Clean up the input dir [root@iZj6cehstgjoj3qav88fidZ harbor]#
执行安装脚本
[root@iZj6cehstgjoj3qav88fidZ harbor]# ./install.sh [Step 0]: checking installation environment ... Note: docker version: 18.09.6 Note: docker-compose version: 1.24.0 [Step 1]: loading Harbor images ... 1d4a1da12c02: Loading layer [==================================================>] 50.51MB/50.51MB 8eb1a006f3b0: Loading layer [==================================================>] 3.584kB/3.584kB 41b6f75847f4: Loading layer [==================================================>] 3.072kB/3.072kB ec9bd6e4d4e8: Loading layer [==================================================>] 2.56kB/2.56kB 6d852bb664c2: Loading layer [==================================================>] 3.072kB/3.072kB 0e4ed2b5a5b8: Loading layer [==================================================>] 3.584kB/3.584kB 8dfb2b644f30: Loading layer [==================================================>] 12.29kB/12.29kB Loaded image: goharbor/harbor-log:v1.8.0 d8c53538042b: Loading layer [==================================================>] 63.34MB/63.34MB 1b5fb7ee22e0: Loading layer [==================================================>] 47.96MB/47.96MB a8bdca5e9d71: Loading layer [==================================================>] 6.656kB/6.656kB f7cec940b52c: Loading layer [==================================================>] 2.048kB/2.048kB 301a4a2af7db: Loading layer [==================================================>] 7.68kB/7.68kB e588e1e3a775: Loading layer [==================================================>] 2.56kB/2.56kB 539f28a5d0ea: Loading layer [==================================================>] 2.56kB/2.56kB 8b4a72241226: Loading layer [==================================================>] 2.56kB/2.56kB Loaded image: goharbor/harbor-db:v1.8.0 c88db349fb2f: Loading layer [==================================================>] 8.972MB/8.972MB 1f2d4d72bba2: Loading layer [==================================================>] 35.77MB/35.77MB dddbcf598df5: Loading layer [==================================================>] 2.048kB/2.048kB 0ced476c2d9c: Loading layer [==================================================>] 3.072kB/3.072kB af24eb0bf40b: Loading layer [==================================================>] 35.77MB/35.77MB Loaded image: goharbor/chartmuseum-photon:v0.8.1-v1.8.0 Loaded image: goharbor/prepare:v1.8.0 257ebcc1c9c4: Loading layer [==================================================>] 8.967MB/8.967MB 7579d3c94fca: Loading layer [==================================================>] 38.68MB/38.68MB 323611f7dd17: Loading layer [==================================================>] 38.68MB/38.68MB Loaded image: goharbor/harbor-jobservice:v1.8.0 587a5757a7f6: Loading layer [==================================================>] 3.548MB/3.548MB Loaded image: goharbor/nginx-photon:v1.8.0 a61ab2060e6e: Loading layer [==================================================>] 8.967MB/8.967MB 25359ae00f57: Loading layer [==================================================>] 5.143MB/5.143MB 610a1668f8bf: Loading layer [==================================================>] 15.13MB/15.13MB db2252abd9e0: Loading layer [==================================================>] 26.47MB/26.47MB 4f406312560b: Loading layer [==================================================>] 22.02kB/22.02kB 1cee0947e5a7: Loading layer [==================================================>] 3.072kB/3.072kB 48db2b9b0752: Loading layer [==================================================>] 46.74MB/46.74MB Loaded image: goharbor/notary-server-photon:v0.6.1-v1.8.0 aaf447150765: Loading layer [==================================================>] 113MB/113MB 6835441e1a1d: Loading layer [==================================================>] 10.94MB/10.94MB 9f4739e3a532: Loading layer [==================================================>] 2.048kB/2.048kB 928f489135f0: Loading layer [==================================================>] 48.13kB/48.13kB 1495a1a09ada: Loading layer [==================================================>] 3.072kB/3.072kB 1a5f5b141717: Loading layer [==================================================>] 10.99MB/10.99MB Loaded image: goharbor/clair-photon:v2.0.8-v1.8.0 66006ea937c6: Loading layer [==================================================>] 337.8MB/337.8MB d272ba122880: Loading layer [==================================================>] 106.5kB/106.5kB Loaded image: goharbor/harbor-migrator:v1.8.0 05bc5efb1724: Loading layer [==================================================>] 8.967MB/8.967MB af3a6f89469a: Loading layer [==================================================>] 46.85MB/46.85MB 452d238b3e48: Loading layer [==================================================>] 5.632kB/5.632kB 36e1cb2d6ffa: Loading layer [==================================================>] 27.14kB/27.14kB 5385ffb8451e: Loading layer [==================================================>] 46.85MB/46.85MB Loaded image: goharbor/harbor-core:v1.8.0 268091c30a67: Loading layer [==================================================>] 71.66MB/71.66MB 4433bcd802e7: Loading layer [==================================================>] 3.072kB/3.072kB 420b26399278: Loading layer [==================================================>] 59.9kB/59.9kB 8864c4b9ac3d: Loading layer [==================================================>] 61.95kB/61.95kB Loaded image: goharbor/redis-photon:v1.8.0 63645c97bf5d: Loading layer [==================================================>] 8.968MB/8.968MB ccb295818ad9: Loading layer [==================================================>] 3.072kB/3.072kB 1ec2d1eefa8f: Loading layer [==================================================>] 2.56kB/2.56kB b88acf0f9f5f: Loading layer [==================================================>] 20.1MB/20.1MB 0e7375de12e6: Loading layer [==================================================>] 20.1MB/20.1MB Loaded image: goharbor/registry-photon:v2.7.1-patch-2819-v1.8.0 444b0c8bfeee: Loading layer [==================================================>] 3.548MB/3.548MB ed0415346760: Loading layer [==================================================>] 6.568MB/6.568MB 572bd51089e0: Loading layer [==================================================>] 160.8kB/160.8kB 1410c2919a92: Loading layer [==================================================>] 215kB/215kB 8ecdca210598: Loading layer [==================================================>] 3.584kB/3.584kB Loaded image: goharbor/harbor-portal:v1.8.0 7fb66591fb58: Loading layer [==================================================>] 8.968MB/8.968MB 42ec4a6394bf: Loading layer [==================================================>] 3.072kB/3.072kB be6c2180cb57: Loading layer [==================================================>] 20.1MB/20.1MB d956d9e974c5: Loading layer [==================================================>] 3.072kB/3.072kB e2e0b4f17ad8: Loading layer [==================================================>] 7.465MB/7.465MB 7e29d670afe9: Loading layer [==================================================>] 27.56MB/27.56MB Loaded image: goharbor/harbor-registryctl:v1.8.0 453732ea69d4: Loading layer [==================================================>] 13.72MB/13.72MB c985f3824f33: Loading layer [==================================================>] 26.47MB/26.47MB 76eaa2763221: Loading layer [==================================================>] 22.02kB/22.02kB 0ef55a752948: Loading layer [==================================================>] 3.072kB/3.072kB c5749b90723d: Loading layer [==================================================>] 45.33MB/45.33MB Loaded image: goharbor/notary-signer-photon:v0.6.1-v1.8.0 [Step 2]: preparing environment ... prepare base dir is set to /root/harbor Clearing the configuration file: /config/log/logrotate.conf Clearing the configuration file: /config/cert/server.key Clearing the configuration file: /config/cert/server.crt Clearing the configuration file: /config/db/env Clearing the configuration file: /config/registryctl/env Clearing the configuration file: /config/registryctl/config.yml Clearing the configuration file: /config/registry/config.yml Clearing the configuration file: /config/jobservice/env Clearing the configuration file: /config/jobservice/config.yml Clearing the configuration file: /config/nginx/nginx.conf Clearing the configuration file: /config/core/app.conf Clearing the configuration file: /config/core/env Generated configuration file: /config/log/logrotate.conf Generated configuration file: /config/nginx/nginx.conf Generated configuration file: /config/core/env Generated configuration file: /config/core/app.conf Generated configuration file: /config/registry/config.yml Generated configuration file: /config/registryctl/env Generated configuration file: /config/db/env Generated configuration file: /config/jobservice/env Generated configuration file: /config/jobservice/config.yml loaded secret from file: /secret/keys/secretkey Generated configuration file: /compose_location/docker-compose.yml Clean up the input dir [Step 3]: starting Harbor ... Creating network "harbor_harbor" with the default driver Creating harbor-log ... done Creating registryctl ... done Creating harbor-db ... done Creating redis ... done Creating registry ... done Creating harbor-core ... done Creating harbor-jobservice ... done Creating harbor-portal ... done Creating nginx ... done ✔ ----Harbor has been installed and started successfully.---- Now you should be able to visit the admin portal at https://hub.licensebox.cn. For more details, please visit https://github.com/goharbor/harbor . [root@iZj6cehstgjoj3qav88fidZ harbor]#
提示安装完成并已启动服务后登录Web门户(SSL证书信任错误)
登录界面
首页,默认已生成一个library名称的项目镜像仓库
Harbor服务的本地数据存储路径
