SRE文档

深浅模式

1. 文档

官网:https://goharbor.io/

GitHub地址: https://github.com/goharbor/harbor

官方安装文档: https://goharbor.io/docs/2.4.0/install-config/

1. 安装

  • 安装要求

依赖 Docker和Docker Compose

  • 硬件需求
ResourceMinimumRecommended
CPU2 CPU4 CPU
Mem4 GB8 GB
Disk40 GB160 GB

  • 软件需求

SoftwareVersionDescription
Docker engineVersion 17.06.0-ce+ or higher
Docker ComposeVersion 1.18.0 or higher安装文档参考:docker-compose容器编排
OpensslLatest is preferredUsed to generate certificate and keys for Harbor yum install -y openssl openssl-devel

  • 开放端口

PortProtocolDescription
443HTTPSHarbor portal and core API accept HTTPS requests on this port. You can change this port in the configuration file.
4443HTTPSConnections to the Docker Content Trust service for Harbor. Only required if Notary is enabled. You can change this port in the configuration file.
80HTTPHarbor portal and core API accept HTTP requests on this port. You can change this port in the configuration file.

1.1 下载

  • docker-compose

https://github.com/docker/compose/releases/

bash
 wget https://github.com/docker/compose/releases/download/v2.20.3/docker-compose-linux-x86_64
 
 或者
 curl -L "https://github.com/docker/compose/releases/download/1.24.1/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
 wget https://github.com/docker/compose/releases/download/v2.20.3/docker-compose-linux-x86_64
 
 或者
 curl -L "https://github.com/docker/compose/releases/download/1.24.1/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
  • install
bash
mv  docker-compose-linux-x86_64 /usr/local/sbin/docker-compose

#查看版本
docker-compose -v
mv  docker-compose-linux-x86_64 /usr/local/sbin/docker-compose

#查看版本
docker-compose -v
  • harbor
bash
wget https://github.com/goharbor/harbor/releases/download/v2.7.3/harbor-offline-installer-v2.7.3.tgz
wget https://github.com/goharbor/harbor/releases/download/v2.7.3/harbor-offline-installer-v2.7.3.tgz

1.2 配置

  • 修改配置文件
bash
mv harbor.yml.tmpl harbor.yml
mv harbor.yml.tmpl harbor.yml
yaml
hostname: hub.xxx.com # 修改域名

# 关闭http访问方式
http: 
#  # port for http, default is 80. If https enabled, this port will redirect to https port
  port: 80

# https related config
#https:
  # https port for harbor, default is 443
 # port: 443
  # The path of cert and key files for nginx
 # certificate: /data/docker/harbor/cert/hub.guoliangjun.com.crt #取消注释,填写实际路径
 # private_key: /data/docker/harbor/cert/hub.guoliangjun.com.key #取消注释,填写实际路径

harbor_admin_password: harbor123456 # admin用户登入密码

database:
  password: root123 # 数据库密码
  max_idle_conns: 100
  max_open_conns: 900

# The default data volume
data_volume: /data/harbor #目录自己创建,根据实际情况填写
hostname: hub.xxx.com # 修改域名

# 关闭http访问方式
http: 
#  # port for http, default is 80. If https enabled, this port will redirect to https port
  port: 80

# https related config
#https:
  # https port for harbor, default is 443
 # port: 443
  # The path of cert and key files for nginx
 # certificate: /data/docker/harbor/cert/hub.guoliangjun.com.crt #取消注释,填写实际路径
 # private_key: /data/docker/harbor/cert/hub.guoliangjun.com.key #取消注释,填写实际路径

harbor_admin_password: harbor123456 # admin用户登入密码

database:
  password: root123 # 数据库密码
  max_idle_conns: 100
  max_open_conns: 900

# The default data volume
data_volume: /data/harbor #目录自己创建,根据实际情况填写
  • 创建目录
bash
mkdir /data/harbor
mkdir /data/harbor

1.3 启动服务

bash
#重新加载配置
sh ./prepare

#安装
sh ./install.sh
#重新加载配置
sh ./prepare

#安装
sh ./install.sh
  • 测试访问

http://ip

用户名:admin

密码:看harbor_admin_password参数

1.4 配置仓库地址

  • 01.添加docker仓库地址
bash
vim /etc/docker/daemon.json

"insecure-registries": ["http://hub.xxx.com"]


#重启服务
systemctl daemon-reload && systemctl restart docker && systemctl status docker
vim /etc/docker/daemon.json

"insecure-registries": ["http://hub.xxx.com"]


#重启服务
systemctl daemon-reload && systemctl restart docker && systemctl status docker
  • 02.证书添加docker仓库地址

参考,https://goharbor.io/docs/2.6.0/install-config/configure-https/

bash
#要将harbor服务端生成的CA证书拷贝到每个远程客户机的"/etc/docker/certs.d/harbor服务器的域名或ip/"目录下

[root@localhost hub.xxx.com]# pwd
/etc/docker/certs.d/hub.xxx.com
[root@localhost hub.xxx.com]#
[root@localhost hub.xxx.com]# ls -l
总用量 4
-rw-r--r-- 1 root root 2041 12 14 22:36 ca.crt


#重启服务
systemctl daemon-reload && systemctl restart docker && systemctl status docker
#要将harbor服务端生成的CA证书拷贝到每个远程客户机的"/etc/docker/certs.d/harbor服务器的域名或ip/"目录下

[root@localhost hub.xxx.com]# pwd
/etc/docker/certs.d/hub.xxx.com
[root@localhost hub.xxx.com]#
[root@localhost hub.xxx.com]# ls -l
总用量 4
-rw-r--r-- 1 root root 2041 12 14 22:36 ca.crt


#重启服务
systemctl daemon-reload && systemctl restart docker && systemctl status docker

1.5 登录harbor

docker login -u 用户 -p 密码 服务器IP:端口

[root@localhost docker]# docker login -u admin -p Harbor12345 http://hub.xxx.com
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded
[root@localhost docker]# docker login -u admin -p Harbor12345 http://hub.xxx.com
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded
  • 重启harbor服务
bash
cd /path/harbor/
docker-compose stop
systemctl stop docker
systemctl daemon-reload
systemctl start docker
docker-compose start
cd /path/harbor/
docker-compose stop
systemctl stop docker
systemctl daemon-reload
systemctl start docker
docker-compose start

1.6 卸载

docker-compose down 或者:docker rm -f $(docker ps -aq)