docker 安裝harbor

1.下載鏡像依賴

docker pull vmware/harbor-jobservice:v1.1.2
docker pull vmware/harbor-ui:v1.1.2
docker pull vmware/harbor-adminserver:v1.1.2
docker pull vmware/harbor-db:v1.1.2
docker pull vmware/registry:2.6.1-photon
docker pull vmware/harbor-notary-db:mariadb-10.1.10
docker pull vmware/nginx:1.11.5-patched
docker pull vmware/notary-photon:signer-0.5.0
docker pull vmware/notary-photon:server-0.5.0
docker pull vmware/harbor-log:v1.1.2
docker pull photon:1.0

2.Docker-compose 安裝

安裝方式一

#1赡突、下載指定版本的docker-compose
$ curl -L https://github.com/docker/compose/releases/download/1.13.0/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose

#2、對二進制文件賦可執(zhí)行權限
$ sudo chmod +x /usr/local/bin/docker-compose

#3岂嗓、測試下docker-compose是否安裝成功
$ docker-compose --version
docker-compose version 1.13.0, build 1719ceb

安裝方式二：

推薦使用pip安裝docker-compose

#安裝pip
yum -y install epel-release
yum -y install python-pip

#確認版本
pip --version

#更新pip
pip install --upgrade pip

#安裝 docker-compose
pip install docker-compose
docker-compose version

3.下載Harbor安裝文件

1率寡、在線安裝包

$ wget https://github.com/vmware/harbor/releases/download/v1.1.2/harbor-online-installer-v1.1.2.tgz
$ tar xvf harbor-online-installer-v1.1.2.tgz

2舆床、離線安裝包
tar xvf harbor-offline-installer-v1.1.2.tgz
我們這里選擇離線安裝包進行安裝哮肚，由于github 下載地址速度較慢稚茅，也可通過下面百度云下載

鏈接:https://pan.baidu.com/s/1qilnwv-IB2FIqFQwG0bLbA 密碼:py93

4.修改Harbor配置

habor 域名設置為 harbor.demo.com

cd harbor
vi harbor.cfg

## Configuration file of Harbor

#The IP address or hostname to access admin UI and registry service.
#DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
hostname = harbor.demo.com

#The protocol for accessing the UI and token/notification service, by default it is http.
#It can be set to https if ssl is enabled on nginx.
ui_url_protocol = http

#The password for the root user of mysql db, change this before any production use.
db_password = root123

#Maximum number of job workers in job service  
max_job_workers = 3 

#Determine whether or not to generate certificate for the registry's token.
#If the value is on, the prepare script creates new root cert and private key 
#for generating token to access the registry. If the value is off the default key/cert will be used.
#This flag also controls the creation of the notary signer's cert.
customize_crt = on

#The path of cert and key files for nginx, they are applied only the protocol is set to https
ssl_cert = /data/cert/server.crt
ssl_cert_key = /data/cert/server.key

#The path of secretkey storage
secretkey_path = /data

#Admiral's url, comment this attribute, or set its value to NA when Harbor is standalone
admiral_url = NA

#NOTES: The properties between BEGIN INITIAL PROPERTIES and END INITIAL PROPERTIES
#only take effect in the first boot, the subsequent changes of these properties 
#should be performed on web ui

#************************BEGIN INITIAL PROPERTIES************************

#Email account settings for sending out password resetting emails.

#Email server uses the given username and password to authenticate on TLS connections to host and act as identity.
#Identity left blank to act as username.
email_identity = 

email_server = smtp.mxhichina.com
email_server_port = 25
email_username = harbor@demo.com
email_password = 123456
email_from = harbor <harbor@demo.com>
email_ssl = false

##The initial password of Harbor admin, only works for the first time when Harbor starts. 
#It has no effect after the first launch of Harbor.
#Change the admin password from UI after launching Harbor.
harbor_admin_password = Harbor12345

##By default the auth mode is db_auth, i.e. the credentials are stored in a local database.
#Set it to ldap_auth if you want to verify a user's credentials against an LDAP server.
auth_mode = db_auth

#The url for an ldap endpoint.
ldap_url = ldaps://ldap.mydomain.com

#A user's DN who has the permission to search the LDAP/AD server. 
#If your LDAP/AD server does not support anonymous search, you should configure this DN and ldap_search_pwd.
ldap_searchdn = uid=searchuser,ou=people,dc=mydomain,dc=com

#the password of the ldap_searchdn
ldap_search_pwd = password

#The base DN from which to look up a user in LDAP/AD
ldap_basedn = ou=people,dc=mydomain,dc=com

#Search filter for LDAP/AD, make sure the syntax of the filter is correct.
ldap_filter = (objectClass=person)

# The attribute used in a search to match a user, it could be uid, cn, email, sAMAccountName or other attributes depending on your LDAP/AD  
ldap_uid = uid 

#the scope to search for users, 1-LDAP_SCOPE_BASE, 2-LDAP_SCOPE_ONELEVEL, 3-LDAP_SCOPE_SUBTREE
ldap_scope = 3 

#Timeout (in seconds)  when connecting to an LDAP Server. The default value (and most reasonable) is 5 seconds.
ldap_timeout = 5

#Turn on or off the self-registration feature
self_registration = on

#The expiration time (in minute) of token created by token service, default is 30 minutes
token_expiration = 30

#The flag to control what users have permission to create projects
#The default value "everyone" allows everyone to creates a project. 
#Set to "adminonly" so that only admin user can create project.
project_creation_restriction = everyone

#Determine whether the job service should verify the ssl cert when it connects to a remote registry.
#Set this flag to off when the remote registry uses a self-signed or untrusted certificate.
verify_remote_cert = on
#************************END INITIAL PROPERTIES************************
#############

默認是80端口，如果端口占用袱院，我們可以去修改docker-compose.yml文件中屎慢，對應服務映射本地的端口9999。

docker-compose.yml

proxy:
    image: vmware/nginx:1.11.5-patched
    container_name: nginx
    restart: always
    volumes:
      - ./common/config/nginx:/etc/nginx:z
    networks:
      - harbor
    ports:
      - 9999:80
      - 443:443
      - 4443:4443
    depends_on:
      - mysql
      - registry
      - ui
      - log
    logging:
      driver: "syslog"
      options:  

啟動 Harbor
修改完配置文件后忽洛，在的當前目錄執(zhí)行./install.sh

5.配置NGINX

cd /etc/nginx/
vi nginx.conf

server {
        listen          80;
        server_name     harbor.demo.com;
        root            /usr/share/nginx/html;

        include /etc/nginx/default.d/*.conf;

        location / {
            # 設置最大允許上傳單個的文件大小
            client_max_body_size 1024m;
            proxy_redirect off;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_pass http://localhost:9999;
            index index.html index.htm;
        }

        error_page 404 /404.html;
            location = /40x.html {
        }

        error_page 500 502 503 504 /50x.html;
            location = /50x.html {
        }
    }

#檢查配置是否正確
nginx -t

#重啟服務
sudo systemctl restart nginx

6.訪問harbor 并提交鏡像

訪問剛設置的hostname即可 http://harbor.demo.com/

這是因為docker1.3.2版本開始默認docker registry使用的是https腻惠，我們設置Harbor默認http方式，所以當執(zhí)行用docker login欲虚、pull集灌、push等命令操作非https的docker regsitry的時就會報錯。

docker login harbor.demo.com
Username: admin
Password: 
Error response from daemon: Get https://harbor.demo.com/v2/: dial tcp 10.220.107.52:443: connect: connection refused

解決辦法：

#修改docker啟動配置
vi  /lib/systemd/system/docker.service
#修改前
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
#修改后
ExecStart=/usr/bin/dockerd --insecure-registry harbor.demo.com -H fd:// --containerd=/run/containerd/containerd.sock

7.harbor 重啟

cd /usr/local/harbor

1复哆、停止Harbor
$ docker-compose down -v
Stopping nginx ... done
Stopping harbor-jobservice ... done
......
Removing harbor-log ... done
Removing network harbor_harbor

2欣喧、啟動Harbor
$ docker-compose up -d
Creating network "harbor_harbor" with the default driver
Creating harbor-log ... 
......
Creating nginx
Creating harbor-jobservice ... done

8.日志查看

日志存儲位置 /var/log/harbor/

本文由博客群發(fā)一文多發(fā)等運營工具平臺 OpenWrite 發(fā)布