欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页  >  IT编程

CentOS部署Harbor镜像仓库

程序员文章站 2022-07-02 12:45:53
关于Harbor Harbor是用于存储和分发Docker镜像的镜像仓库服务,相比Docker Registry,Harbor在安全、标识、管理等方面做了增强,更适合企业使用; 1. 官方网站:https://goharbor.io/ 2. 官方开源:https://github.com/gohar ......

关于harbor

harbor是用于存储和分发docker镜像的镜像仓库服务,相比docker registry,harbor在安全、标识、管理等方面做了增强,更适合企业使用;

  1. 官方网站:https://goharbor.io/
  2. 官方开源:https://github.com/goharbor/harbor

    环境信息

    今天要部署的harbor版本是1.9.0,本次部署用的机器信息如下:
  3. 操作系统:centos linux release 7.7.1908
  4. docker:19.03.2
  5. docker-compose:1.23.2

    部署harbor

    harbor官方提供了在线和离线两种安装方式,考虑到企业服务器有可能无法访问外网,因此选择离线安装更加实用;
  6. 打开harbor的github仓库的release页面下载离线安装包,地址是:https://github.com/goharbor/harbor/releases ,如下图红框所示,我选择了最新版的1.9.0:
    CentOS部署Harbor镜像仓库
  7. 将离线安装包harbor-offline-installer-v1.9.0.tgz下载到电脑上,执行以下命令解压:
tar -zxvf harbor-offline-installer-v1.9.0.tgz

解压的结果是个名为harbor的文件夹,进入该文件夹;

  1. 修改配置文件harbor.yml,主要是修改以下两个配置:

a. hostname:填写本机的ip地址或者hostname,如果已经和域名绑定了也可以填域名;

b. harbor_admin_password:管理员初始密码;
更多配置例如https、存储等,请参考官方文档按需设置;

  1. 开始安装,在install.sh文件所在目录执行命令./install.sh即可安装harbor,部署成功的控制台信息如下:
creating network "harbor_harbor" with the default driver
creating harbor-log ... done
creating registryctl   ... done
creating registry      ... done
creating harbor-db     ... done
creating redis         ... done
creating harbor-portal ... done
creating harbor-core   ... done
creating nginx             ... done
creating harbor-jobservice ... done

✔ ----harbor has been installed and started successfully.----

now you should be able to visit the admin portal at http://192.168.50.167. 
for more details, please visit https://github.com/goharbor/harbor .
  1. 此时应该有九个容器正常运行:
[root@vostro ~]# docker ps
container id        image                                               command                  created             status                 ports                       names
dac02ab21a1f        goharbor/harbor-jobservice:v1.9.0                   "/harbor/harbor_jobs…"   3 hours ago         up 3 hours (healthy)                               harbor-jobservice
998fa5676a08        goharbor/nginx-photon:v1.9.0                        "nginx -g 'daemon of…"   3 hours ago         up 3 hours (healthy)   0.0.0.0:80->8080/tcp        nginx
bc87d9a5a7f7        goharbor/harbor-core:v1.9.0                         "/harbor/harbor_core"    3 hours ago         up 3 hours (healthy)                               harbor-core
ce495560ef35        goharbor/harbor-db:v1.9.0                           "/docker-entrypoint.…"   3 hours ago         up 3 hours (healthy)   5432/tcp                    harbor-db
25a13fddd607        goharbor/harbor-portal:v1.9.0                       "nginx -g 'daemon of…"   3 hours ago         up 3 hours (healthy)   8080/tcp                    harbor-portal
b9f72d4da022        goharbor/redis-photon:v1.9.0                        "redis-server /etc/r…"   3 hours ago         up 3 hours (healthy)   6379/tcp                    redis
3804003153ae        goharbor/harbor-registryctl:v1.9.0                  "/harbor/start.sh"       3 hours ago         up 3 hours (healthy)                               registryctl
d8d570e88874        goharbor/registry-photon:v2.7.1-patch-2819-v1.9.0   "/entrypoint.sh /etc…"   3 hours ago         up 3 hours (healthy)   5000/tcp                    registry
2d940d7fd271        goharbor/harbor-log:v1.9.0                          "/bin/sh -c /usr/loc…"   3 hours ago         up 3 hours (healthy)   127.0.0.1:1514->10514/tcp   harbor-log
  1. 由于harbor的web服务使用了宿主机的80端口,所以在浏览器直接输入宿主机的ip地址即可访问harbor的web管理页面,账号是admin,密码是前面设置的harbor_admin_password的值(默认是harbor12345):
    CentOS部署Harbor镜像仓库
  2. 登录成功后发现空空如也,也是,目前还没啥东西:
    CentOS部署Harbor镜像仓库

允许http连接

接下来我们要验证harbor服务是否可用,验证方式是从另一台linux电脑(下面称之为a电脑)远程推送镜像到harbor机器;
harbor默认是不允许http连接的,这里可以修改设置来支持http连接,以便后续的验证操作;

  1. 如果要从a电脑连接harbor服务器,那么要对a电脑做设置,这里a电脑是linux操作系统;
  2. 编辑a电脑的/etc/docker/daemon.json文件(如果不存在就新建),增加以下内容,192.168.50.167是harbor服务器的ip地址:
{
  "insecure-registries":["192.168.50.167"]
}
  1. 重启使配置生效:
systemctl daemon-reload  && systemctl restart docker

再次提醒:这里修改是远程连接harbor服务的机器的配置,而不是harbor服务器的配置;

推送镜像到harbor

接下来验证harbor的服务,在a电脑上尝试将本机的镜像推送到harbor;

  1. 登录a电脑,选个本地镜像用来测试,我这里有个名为jenkinsci/blueocean:1.19.0的本地镜像,id为11e2757c8bc1
root@hedy:~# docker images
repository                          tag                 image id            created             size
jenkinsci/blueocean                 1.19.0              11e2757c8bc1        7 days ago          553mb
  1. 执行以下命令,将选定的本地镜像修改名称和tag:
docker tag 11e2757c8bc1 192.168.50.167/library/jenkinsci/blueocean:1.19.0

上述命令中,192.168.50.167是安装harbor的时候,harbor.yml文件中配置的hostname的值,library是harbor默认的项目名称;

  1. 执行以下命令即可从a电脑登录harbor:
docker login 192.168.50.167 -u admin -p harbor12345
  1. 执行命令docker push 192.168.50.167/library/jenkinsci/blueocean:1.19.0
root@hedy:~# docker push 192.168.50.167/library/jenkinsci/blueocean:1.19.0
the push refers to repository [192.168.50.167/library/jenkinsci/blueocean]
2963284ab4ce: pushing [================================================>  ]  58.27mb/60.25mb
c4a4de444fad: pushing [========>                                          ]  47.87mb/267.6mb
850b4f512dc8: pushed 
abdaf43f94b6: pushed 
a6a27b82134d: pushed 
d6bee87a74b8: pushed 
28c6bdb5fda9: pushed 
bb25d1c7cc8a: pushed 
e2419390abaa: pushing [========================>                          ]  37.29mb/77.36mb
d6982687f77e: pushed 
c9659702491d: pushed 
ed4e100c24a1: pushing [==========================================>        ]  36.71mb/43.37mb
ceaf9e1ebef5: pushing [======>                                            ]  12.58mb/99.29mb
9b9b7f3d56a0: waiting 
f1b5933fe4b5: waiting
  1. 上传完毕,登录harbor网页,可以看到新上传的镜像:
    CentOS部署Harbor镜像仓库
    至此,实战完毕,在您搭建harbor服务的时候希望本文能给您一些参考。