Harbor_配置docker本地镜像源Web_UI管理

Change Lee2022年1月5日...大约 4 分钟

Harbor_配置docker本地镜像源Web_UI管理

安装Docker

wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repo.d/docker-ce.repo yum install -y docker-ce
#默认安装最新版本，如果需要指定版本，使用 docker-ce-18.09.8-3.el7.x86_64 systemctl enable docker && systemctl start docker

配置Harbor 镜像源管理UI

安装要求

Hardware

Resource	Capacity	Description
CPU	minimal 2 CPU	4 CPU is preferred
Mem	minimal 4GB	8GB is preferred
Disk	minimal 40GB	160GB is preferred

Software

Software	Version	Description
Docker engine	version 17.06.0-ce+ or higher	For installation instructions, please refer to:docker engine doc
Docker Compose	version 1.18.0 or higher	For installation instructions, please refer to:docker compose doc
Openssl	latest is preferred	Generate certificate and keys for Harbor

Network ports

Port	Protocol	Description
443	HTTPS	Harbor portal and core API will accept requests on this port for https protocol, this port can change in config file
4443	HTTPS	Connections to the Docker Content Trust service for Harbor, only needed when Notary is enabled, This port can change in config file
80	HTTP	Harbor portal and core API will accept requests on this port for http protocol

Installation Steps

下载

https://github.com/goharbor/harbor/releases 官方下载页面，网络好的可以使用online 版本，网络不好的，请使用offline 版

配置（需要满足软件需求，安装docker-ce,docker-compose,openssl

#docker-compose 的配置方法及下载看官网 
https://docs.docker.com/compose/install/ 
# 
wget https://storage.googleapis.com/harbor-releases/release-1.8.0/harbor-offline-installer-v1.8.2.tgz  
tar -zxvf harbor-offline-installer-v1.8.2.tgz -C /tmp/ cd /tmp/harbor/

创建ssl私有证书（有公有证书的请忽略），下面的配置使用Https

#!/bin/bash
if [ -z $1 ];then
echo "Please Useage : $0 youdomain"
echo "like reg.exapmle.com"
else
 
DNS1=`echo "$1" | awk -F . '{print $1}'`
DNS2=`echo "$1" | awk -F . '{print $2}'`
DNS3=`echo "$1" | awk -F . '{print $3}'`
 
openssl genrsa -out ca.key 4096
#
openssl req -x509 -new -nodes -sha512 -days 3650 \
    -subj "/C=CN/ST=BeiJing/L=BeiJing/O=example/OU=Personal/CN=${DNS1}.${DNS2}.${DNS3}" \
    -key ca.key \
    -out ca.crt
#
openssl genrsa -out "${DNS1}.${DNS2}.${DNS3}.key" 4096
#
openssl req -sha512 -new \
    -subj "/C=CN/ST=BeiJing/L=BeiJing/O=example/OU=Personal/CN=${DNS1}.${DNS2}.${DNS3}" \
    -key "${DNS1}.${DNS2}.${DNS3}.key" \
    -out "${DNS1}.${DNS2}.${DNS3}.csr"
 
cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
 
[alt_names]
DNS.1="${DNS1}.${DNS2}.${DNS3}"
DNS.2="${DNS2}.${3}"
DNS.3="${DNS1}"
EOF
#
openssl x509 -req -sha512 -days 3650 \
    -extfile v3.ext \
    -CA ca.crt -CAkey ca.key -CAcreateserial \
    -in "${DNS1}.${DNS2}.${DNS3}.csr" \
    -out "${DNS1}.${DNS2}.${DNS3}.crt"
#
#Please
echo -e "\033[33m Please: Check docker status && \
\n mkdir -p /etc/docker/certs.d/"${DNS1}.${DNS2}.${DNS3}" \
\n cp "${DNS1}.${DNS2}.${DNS3}.cert" /etc/docker/certs.d/"${DNS1}.${DNS2}.${DNS3}"/"${DNS1}.${DNS2}.${DNS3}.cert" \
\n cp "${DNS1}.${DNS2}.${DNS3}.key"  /etc/docker/certs.d/"${DNS1}.${DNS2}.${DNS3}"/"${DNS1}.${DNS2}.${DNS3}.key" \
\n cp ca.crt /etc/docker/certs.d/reg.alibaba.org/ca.crt
\033[0m"
 
fi

编辑 harbor的配置文件 vim harbor.yml


#修改内容如下：
#主要修改 hostname,https(有需要的情况下需要提前准备证书),data_volume(镜像存储的目录),harbor_admin_password(web ui 的密码,账号是admin)，database中的password是数据库的密码。
#其它的可根据需要修改。
hostname: reg.youdomain.com
http:
  # port for http, default is 80. If https enabled, this port will redirect to https port
  port: 80
https:
   # https port for harbor, default is 443
  port: 443
   # The path of cert and key files for nginx
  certificate: /vdb/harbor/ssl/ca.crt
  private_key: /vdb/harbor/ssl/server.key
harbor_admin_password: Harbor12345
database:
  # The password for the root user of Harbor DB. Change this before any production use.
  password: root123
data_volume: /vdb/harbor/data
     maxthreads: 100
clair:
  # The interval of clair updaters, the unit is hour, set to 0 to disable the updaters.
  updaters_interval: 12
  # Config http proxy for Clair, e.g. http://my.proxy.com:3128
  # Clair doesn't need to connect to harbor internal components via http proxy.
  http_proxy:
  https_proxy:
  no_proxy: 127.0.0.1,localhost,core,registry
jobservice:
  # Maximum number of job workers in job service
  max_job_workers: 10
chart:
  # Change the value of absolute_url to enabled can enable absolute url in chart
  absolute_url: disabled
log:
  # options are debug, info, warning, error, fatal
  level: info
  # Log files are rotated log_rotate_count times before being removed. If count is 0, old versions are removed rather than rotated.
  rotate_count: 50
  # Log files are rotated only if they grow bigger than log_rotate_size bytes. If size is followed by k, the size is assumed to be in kilobytes.
  # If the M is used, the size is in megabytes, and if G is used, the size is in gigabytes. So size 100, size 100k, size 100M and size 100G
  # are all valid.
  rotate_size: 200M
  # The directory on your host that store log
  location: /var/log/harbor

配置完成后，需要运行一下prepare这个脚本，在harbor 目录下

./prepare 会重新重新配置文件 
#prepare 会生成docker-compose的配置文件，如果后面需要使用，建议保存 
./install.sh 安装

安装完成后，可以查看到相应的容器信息

docker-compose 命令
执行这个命令需要指定配置文件，如果不想指定，需要在harbor的目录下，本例中在/tmp/harbor

  pull               Pull service images
  push               Push service images
  restart            Restart services
  rm                 Remove stopped containers
  run                Run a one-off command
  scale              Set number of containers for a service
  start              Start services
  stop               Stop services
#以上为几个常用参数

贡献者

changelichangyangccm@163.com