Harbor的所有服务组件都是在Docker中部署的,所以官方安装使用Docker-compose快速部署,所以我们需要安装Docker、Docker-compose。由于Harbor是基于Docker Registry V2版本,所以就要求Docker版本不小于1.10.0,Docker-compose版本不小于1.6.0
| 名称 | 详情 |
|---|---|
| 系统环境 | CentOS Linux release 7.5.1804 (Core) |
| Docker | docker-ce-18.06.1.ce-3.el7 |
| Docker-Compose | v1.22.0 |
| Harbor | v1.10.2 |
可以查看Docker官网,或者我整理的另外一篇博客Centos7安装使用Docker,这里不在过多叙述。
首先去docker-compose的github获取自己所要安装的版本的下载安装链接,我安装的是v1.22.0版本
#下载安装v1.22.0
[root@localhost ~]# curl -L https://github.com/docker/compose/releases/download/1.22.0/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
#对二进制文件赋可执行权限
[root@localhost ~]# chmod +x /usr/local/bin/docker-compose
#是否安装成功
[root@localhost ~]# docker-compose --version
docker-compose version 1.22.0, build f46880fe
#如果wget未安装,请执行下面命令安装
[root@localhost ~]# yum install wget
#下载harbor安装包,-P后面路径是下载文件的保存路径(可以替换成自己地址),后面的是安装包下载路径
[root@localhost ~]# wget -P /usr/local/ https://github.com/goharbor/harbor/releases/download/v1.10.2/harbor-offline-installer-v1.10.2.tgz
PS: 有两个包Harbor offline installer 和 Harbor online installer,两者的区别的是 Harbor offline installer 里就包含的 Harbor 需要使用的镜像文件
#进入并查看保存路径下是否有安装包
[root@localhost local]# cd /usr/local/ && ls
harbor-offline-installer-v1.10.2.tgz
#解压安装包
[root@localhost local]# tar xvf harbor-offline-installer-v1.10.2.tgz && ls
harbor harbor-offline-installer-v1.10.2.tgz
#进入harbor文件夹
[root@localhost harbor]# cd harbor && ls
common common.sh docker-compose.yml harbor.v1.10.2.tar.gz harbor.yml install.sh LICENSE prepare
[root@localhost harbor]# vi harbor.yml
#修改hostname为自己的IP地址
hostname: 192.168.50.218
#注释https,否则安装时会报错:ERROR:root:Error: The protocol is https but attribute ssl_cert is not set
# https related config
#https:
# https port for harbor, default is 443
# port: 443
# The path of cert and key files for nginx
# certificate: /your/certificate/path
# private_key: /your/private/key/path
PS:下列是1.6版本的配置信息,由以前的harbor.cfg改成了harbor.yml,主要内容没有变,留着是作为参考。
篇幅太多,只截取部分进行说明,下列中文为个人写的说明,主要修改hostname,其他可以使用默认
[root@localhost ~]# vi harbor.cfg
hostname填写自己的ip或域名,不要使用localhost或127.0.0.1
The IP address or hostname to access admin UI and registry service.
DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
hostname = 192.168.50.157
访问协议,默认是http,也可以设置https,如果设置https,则nginx ssl需要设置on
#The protocol for accessing the UI and token/notification service, by default it is http.
#It can be set to https if ssl is enabled on nginx.
ui_url_protocol = http
邮件设置,发送重置密码邮件时使用
#Email account settings for sending out password resetting emails.
#Email server uses the given username and password to authenticate on TLS connections to host and act as identity.
#Identity left blank to act as username.
email_identity =
email_server = smtp.mydomain.com
email_server_port = 25
email_username = sample_admin@mydomain.com
email_password = abc
email_from = admin sample_admin@mydomain.com
email_ssl = false
email_insecure = false
启动Harbor后,管理员UI登录的密码,默认是Harbor12345
##The initial password of Harbor admin, only works for the first time when Harbor starts.
#It has no effect after the first launch of Harbor.
#Change the admin password from UI after launching Harbor.
harbor_admin_password = Harbor12345
是否开启自注册
self_registration = on
Token有效时间,默认30分钟
#The expiration time (in minute) of token created by token service, default is 30 minutes
token_expiration = 30
用户创建项目权限控制,默认是everyone(所有人),也可以设置为adminonly(只能管理员)
#The flag to control what users have permission to create projects
#The default value “everyone” allows everyone to creates a project.
#Set to “adminonly” so that only admin user can create project.
project_creation_restriction = everyone
#配置修改之后一定要重启docker,否则安装的时候会报错,
#比如:ERROR: Failed to Setup IP tables: Unable to enable SKIP DNAT rule: (iptables failed: iptables --wait
[root@localhost harbor]# service docker restart
#在当前目录下执行安装脚本,过程需要下载镜像,需要一点时间
[root@localhost harbor]# ./install.sh
#可以查看本地镜像,多了下列镜像
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
goharbor/chartmuseum-photon v1.10.2 f7233c953dd9 3 weeks ago 127MB
goharbor/harbor-migrator v1.10.2 42527a4df778 3 weeks ago 362MB
goharbor/redis-photon v1.10.2 6d87eab10d9f 3 weeks ago 115MB
goharbor/clair-adapter-photon v1.10.2 4e7edec88bf4 3 weeks ago 61.2MB
goharbor/clair-photon v1.10.2 fb972d10c273 3 weeks ago 171MB
goharbor/notary-server-photon v1.10.2 b6d909215dc4 3 weeks ago 143MB
goharbor/notary-signer-photon v1.10.2 43c17fcb63de 3 weeks ago 140MB
goharbor/harbor-registryctl v1.10.2 cff56bea907a 3 weeks ago 103MB
goharbor/registry-photon v1.10.2 1c6cce6a4f8e 3 weeks ago 86.1MB
goharbor/nginx-photon v1.10.2 c2de0026ba0d 3 weeks ago 43.6MB
goharbor/harbor-log v1.10.2 c20325dbaa3a 3 weeks ago 81.9MB
goharbor/harbor-jobservice v1.10.2 6283c53c8c32 3 weeks ago 143MB
goharbor/harbor-core v1.10.2 4bc09e35734d 3 weeks ago 129MB
goharbor/harbor-portal v1.10.2 bcb1b803a1bf 3 weeks ago 51.7MB
goharbor/harbor-db v1.10.2 42de7ee4943f 3 weeks ago 152MB
goharbor/prepare v1.10.2 3d2783911e0d 3 weeks ago 159MB
#查看启动的容器
[root@localhost ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
3ff310149222 goharbor/harbor-jobservice:v1.10.2 "/harbor/harbor_jobs…" 3 hours ago Up 3 hours (healthy) harbor-jobservice
2b8303b8baf3 goharbor/nginx-photon:v1.10.2 "nginx -g 'daemon of…" 3 hours ago Up 3 hours (healthy) 0.0.0.0:80->8080/tcp nginx
53c8d2092776 goharbor/harbor-core:v1.10.2 "/harbor/harbor_core" 3 hours ago Up 3 hours (healthy) harbor-core
53da36519e72 goharbor/registry-photon:v1.10.2 "/home/harbor/entryp…" 3 hours ago Up 3 hours (healthy) 5000/tcp registry
63c995a7dc11 goharbor/harbor-db:v1.10.2 "/docker-entrypoint.…" 3 hours ago Up 3 hours (healthy) 5432/tcp harbor-db
10cd9a46e8b8 goharbor/redis-photon:v1.10.2 "redis-server /etc/r…" 3 hours ago Up 3 hours (healthy) 6379/tcp redis
6bd1cffbcc4f goharbor/harbor-registryctl:v1.10.2 "/home/harbor/start.…" 3 hours ago Up 3 hours (healthy) registryctl
29958823a140 goharbor/harbor-portal:v1.10.2 "nginx -g 'daemon of…" 3 hours ago Up 3 hours (healthy) 8080/tcp harbor-portal
7b5aba976188 goharbor/harbor-log:v1.10.2 "/bin/sh -c /usr/loc…" 3 hours ago Up 3 hours (healthy) 127.0.0.1:1514->10514/tcp harbor-log
# 填写自己ip
[root@localhost ~]# vi /etc/docker/daemon.json
{
"insecure-registries":["192.168.50.157"]
}
#重启docker
[root@localhost ~]# systemctl restart docker
方式二: 修改docker.service
# ExecStart添加--insecure-registry参数
[root@localhost ~]# vi /usr/lib/systemd/system/docker.service
[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStart=/usr/bin/dockerd --insecure-registry=192.168.50.157
#重新载入systemd
[root@localhost ~]# systemctl daemon-reload
#重启docker
[root@localhost ~]# systemctl restart docker
# 停止容器
[root@localhost ~]# docker-compose down
#执行上述命令可能出现下列错误
[root@localhost ~]# docker-compose down
ERROR:
Can't find a suitable configuration file in this directory or any
parent. Are you in the right directory?
Supported filenames: docker-compose.yml, docker-compose.yaml
#问题解决
[root@localhost ~]# find / -name docker-compose.yml
/root/harbor/docker-compose.yml
#进入/root/harbor该目录再次执行即可,该目录根据每个人安装目录不同而不同
# 后台启动容器
[root@localhost ~]# docker-compose up -d
访问刚刚配置文件的hostname的值,就可以进入Harbor的登陆页面,填写配置文件的账号密码,默认是admin,Harbor12345。
#在sysctl.conf文件中添加两行内容
[root@localhost ~]# vi /etc/sysctl.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
#执行下列命令或者重启(只试过重启)
[root@localhost ~]# sysctl -p
# 后台启动容器
[root@localhost ~]# docker-compose up -d
# 停止Harbor
[root@localhost ~]# docker-comose stop
# 重启Harbor
[root@localhost ~]# docker-compose restart
# 或者启动关闭的容器,×××值宕掉的容器
[root@localhost ~]# docker container start ×××
[参考资料]
https://blog.csdn.net/aixiaoyang168/article/details/73549898
https://www.cnblogs.com/pangguoping/p/7650014.html
https://www.cnblogs.com/straycats/p/8850693.html