harbor官方下載地址：

https://github.com/vmware/harbor/releases

配置參考：

https://github.com/vmware/harbor/blob/master/docs/installation_guide.md

此處使用離線下載安裝包：

wget ?https://storage.googleapis.com/harbor-releases/release-1.5.0/harbor-offline-installer-v1.5.1.tgz?(需要×××)

tar -zxvf harbor-offline-installer-v1.5.1.tgz

cd ?harbor

#Configure?harbor.cfg

主要配置點(diǎn)：

hostname?=?xxx:8888

#如需要配置實(shí)現(xiàn)高可用赴精，則需將registry 放到高可用存儲(chǔ)節(jié)點(diǎn)冒窍， 以及adminserver 連接的mysql數(shù)據(jù)庫、redis 配置為外置數(shù)據(jù)庫畜挨。如不配置redis贰盗，則harbor節(jié)點(diǎn)異常许饿，則docker client 需要進(jìn)行重新登錄。此處數(shù)據(jù)庫均使用 ceph rbd 持久化存儲(chǔ)舵盈。

修改完成后陋率，執(zhí)行install.sh ,由于官方默認(rèn)是使用docker-compose 啟動(dòng)，執(zhí)行腳本會(huì)默認(rèn)檢查相關(guān)組件秽晚，這里把如下3行注釋翘贮，主要用install.sh 運(yùn)行配置文件和加載鏡像。

#docker-compose

#check_dockercompose

#check_docker

sh install.sh

執(zhí)行完成后會(huì)在對應(yīng)目錄生成相關(guān)配置文件爆惧±暌常看腳本你會(huì)發(fā)現(xiàn)，其實(shí)最終調(diào)用的是./prepare ?腳本來生成配置文件等信息扯再。我們不用compose芍耘，所以也可以直接使用prepare ? 生成配置文件。

修改docker-compose.yml文件熄阻，使用version 3 支持stack 部署斋竞。實(shí)例如下，這里去掉了log模塊秃殉，直接使用docker service logs 查看日志更方便坝初。

主要注意點(diǎn)：

為實(shí)現(xiàn)高可用，如下mysql钾军、redis鳄袍、registry 均使用的ceph rbd 存儲(chǔ)。其他service使用mfs共享存儲(chǔ)掛載吏恭。

version: '3'

services:

#log:

# ?image: vmware/harbor-log:v1.5.1

# ?volumes:

# ? ?- /var/log/:/var/log/docker/

# ? ?- /mnt/mfs/docker/swarm_stack/stack/harbor/common/config/log/:/etc/logrotate.d/

# ?ports:

# ? ?- 1514:10514

# ?networks:

# ? ?- harbor

registry:

image: vmware/registry-photon:v2.6.2-v1.5.1

volumes:

- harbor_registry:/storage

- /mnt/mfs/docker/swarm_stack/stack/harbor/common/config/registry/:/etc/registry/

networks:

- harbor

environment:

- GODEBUG=netdns=cgo

command:

["serve", "/etc/registry/config.yml"]

# depends_on:

# ? - log

# logging:

# ? driver: "syslog"

# ? options:

# ? ? syslog-address: "tcp://log:10514"

# ? ? tag: "registry"

mysql:

image: vmware/harbor-db:v1.5.1

volumes:

- harbor_mysql:/var/lib/mysql

networks:

- harbor

env_file:

- /mnt/mfs/docker/swarm_stack/stack/harbor/common/config/db/env

# depends_on:

# ? - log

# logging:

# ? driver: "syslog"

# ? options:

# ? ? syslog-address: "tcp://log:10514"

# ? ? tag: "mysql"

adminserver:

image: vmware/harbor-adminserver:v1.5.1

env_file:

- /mnt/mfs/docker/swarm_stack/stack/harbor/common/config/adminserver/env

volumes:

- /mnt/mfs/docker/swarm_stack/stack/harbor/online/config/:/etc/adminserver/config/

- /mnt/mfs/docker/swarm_stack/stack/harbor/online/secretkey:/etc/adminserver/key

- /mnt/mfs/docker/swarm_stack/stack/harbor/online/data:/data/

networks:

- harbor

# depends_on:

# ? - log

# logging:

# ? driver: "syslog"

# ? options:

# ? ? syslog-address: "tcp://log:10514"

# ? ? tag: "adminserver"

ui:

image: vmware/harbor-ui:v1.5.1

env_file:

- /mnt/mfs/docker/swarm_stack/stack/harbor/common/config/ui/env

volumes:

- /mnt/mfs/docker/swarm_stack/stack/harbor/common/config/ui/app.conf:/etc/ui/app.conf

- /mnt/mfs/docker/swarm_stack/stack/harbor/common/config/ui/private_key.pem:/etc/ui/private_key.pem

- /mnt/mfs/docker/swarm_stack/stack/harbor/common/config/ui/certificates/:/etc/ui/certificates/

- /mnt/mfs/docker/swarm_stack/stack/harbor/online/secretkey:/etc/ui/key

- /mnt/mfs/docker/swarm_stack/stack/harbor/online/ca_download/:/etc/ui/ca/

- /mnt/mfs/docker/swarm_stack/stack/harbor/online/psc/:/etc/ui/token/

networks:

- harbor

depends_on:

- adminserver

- registry

#logging:

# ?driver: "syslog"

# ?options:

# ? ?syslog-address: "tcp://log:10514"

# ? ?tag: "ui"

jobservice:

image: vmware/harbor-jobservice:v1.5.1

env_file:

- /mnt/mfs/docker/swarm_stack/stack/harbor/common/config/jobservice/env

volumes:

- /mnt/mfs/docker/swarm_stack/stack/harbor/online/job_logs:/var/log/jobs

- /mnt/mfs/docker/swarm_stack/stack/harbor/common/config/jobservice/config.yml:/etc/jobservice/config.yml

networks:

- harbor

depends_on:

- redis

- ui

- adminserver

#logging:

# ?driver: "syslog"

# ?options:

# ? ?syslog-address: "tcp://log:10514"

# ? ?tag: "jobservice"

redis:

image: vmware/redis-photon:v1.5.1

volumes:

- harbor_redis:/data

networks:

- harbor

#logging:

# ?driver: "syslog"

# ?options:

# ? ?syslog-address: "tcp://log:10514"

# ? ?tag: "redis"

proxy:

image: vmware/nginx-photon:v1.5.1

volumes:

- /mnt/mfs/docker/swarm_stack/stack/harbor/common/config/nginx:/etc/nginx

networks:

- harbor

ports:

- 8888:80

- 8889:443

- 4443:4443

depends_on:

- mysql

- registry

- ui

# logging:

# ? driver: "syslog"

# ? options:

# ? ? syslog-address: "tcp://log:10514"

# ? ? tag: "proxy"

networks:

harbor:

external: false

volumes:

harbor_registry:

driver: rbd

driver_opts:

size: 200000

harbor_mysql:

driver: rbd

driver_opts:

size: 100000

harbor_redis:

driver: rbd

driver_opts:

size: 10000

docker stack ?deploy ?-c docker-compose.yml ?harbor ?拗小，稍等數(shù)據(jù)庫初始化，即可登錄harbor使用樱哼。確保7個(gè)service 有7個(gè)穩(wěn)定Running狀態(tài)的容器哀九。

[root@docker74 harbor]# docker stack ?ps harbor |grep -i Runn

q6uw8um1tmwx ? ? ? ?harbor_proxy.1 ? ? ? ? vmware/nginx-photon:v1.5.1 ? ? ? ? ? ? docker27 ? ? ? ? ? ?Running ? ? ? ? ? ? Running 15 minutes ago

mkhg3eowzugn ? ? ? ?harbor_redis.1 ? ? ? ? vmware/redis-photon:v1.5.1 ? ? ? ? ? ? docker39? ? ? ? ? ? ? ? Running ? ? ? ? ? ? Running 16 minutes ago

v61q3gynk9c0 ? ? ? ?harbor_jobservice.1 ? ?vmware/harbor-jobservice:v1.5.1 ? ? ? ?docker75? ? ? ? ? ? ?Running ? ? ? ? ? ? Running 16 minutes ago

nry1l16apmpt ? ? ? ?harbor_ui.1 ? ? ? ? ? ?vmware/harbor-ui:v1.5.1 ? ? ? ? ? ? ? ?docker40? ? ? ? ? ? ? ? ? ? ? ? Running ? ? ? ? ? ? Running 15 minutes ago

f4qw8xfj4gxt ? ? ? ?harbor_adminserver.1 ? vmware/harbor-adminserver:v1.5.1 ? ? ? docker38? ? ? ? ? Running ? ? ? ? ? ? Running 15 minutes ago

wkjbcgd4evms ? ? ? ?harbor_mysql.1 ? ? ? ? vmware/harbor-db:v1.5.1 ? ? ? ? ? ? ? ?docker39? ? ? ? ? ? ? ? ? Running ? ? ? ? ? ? Running 16 minutes ago

1oyhjtv5d8b6 ? ? ? ?harbor_registry.1 ? ? ?vmware/registry-photon:v2.6.2-v1.5.1 ? docker27? ? ? ? ? ? ? Running ? ? ? ? ? ? Running 16 minutes ago

客戶端首次使用registry需要做如下配置：

1、修改docker配置文件搅幅，增加 ? ? ? ?"insecure-registries":["10.211.121.26:8888"] ?到 /etc/docker/daemon.json

systemctl reload docker

2阅束、docker login ?10.211.121.26:8888 ?-uadmin ?-pHarbor12345

登錄后即可正常使用 docker push/pull ?進(jìn)行鏡像推送和拉取。

高可用測試：

1茄唐、重啟harbor_registry 息裸，業(yè)務(wù)出現(xiàn)短暫失效，待容器重啟成功后可繼續(xù)使用。

2界牡、重啟harbor_proxy簿寂，業(yè)務(wù)出現(xiàn)短暫失效，待容器重啟成功后可繼續(xù)使用宿亡。

3常遂、重啟harbor_redis，業(yè)務(wù)出現(xiàn)短暫失效挽荠，重啟成功后正常克胳。(redis數(shù)據(jù)持久化在rbd中)

4、重啟harbor_jobservice圈匆，無影響漠另。

5、重啟harbor_ui跃赚，無影響

6笆搓、重啟harbor_adminserver，業(yè)務(wù)出現(xiàn)短暫失效纬傲，待容器重啟成功后可繼續(xù)使用满败。

7、重啟harbor_mysql叹括，業(yè)務(wù)出現(xiàn)短暫失效算墨，待容器重啟成功后可繼續(xù)使用。

毀滅性測試：

docker stack ?rm ?harbor

sleep 10

docker stack ?deploy ?-c docker-compose.yml ?harbor

待2分鐘左右所有業(yè)務(wù)容器啟動(dòng)成功汁雷，倉庫恢復(fù)正常使用净嘀。