容器技術之Docker私有映象倉庫harbor

1874發表於2020-06-08

  前文我們聊到了docker的私有映象倉庫docker-distribution的搭建和簡單的使用,回顧請參考https://www.cnblogs.com/qiuhom-1874/p/13058338.html;從前文的搭建和使用過程來看,docker-distribution搭建的倉庫非常簡陋,它甚至連一個使用者認證都沒有,更別提多使用者;今天我們來介紹另外一款docker倉庫工具harbor;harbor這款工具相對docker-distribution來講功能上豐富了許多;它支援多租戶,可擴充套件的API和web ui ,支援跨多個harbor例項的映象複製,支援身份整合和基於角色的訪問控制等等特徵;接下來我們來安裝看看harbor吧;

  首先我們要去官網下載安裝器,目前最新版本是2.0;下載地址https://github.com/goharbor/harbor/releases/tag/v2.0.0;harbor的安裝器有線上和離線兩個版本,線上包通常較小,適用於網路環境較好地環境中使用,離線包是所有的安裝檔案和指令碼等等打包在一起的;

  1、上傳已經下載好的安裝器到伺服器

  2、解壓安裝器,並進入到解壓後的目錄中

[root@docker_node01 ~]# tar xf harbor-offline-installer-v2.0.0.tgz -C /usr/local/
[root@docker_node01 ~]# ls /usr/local/
bin  etc  games  harbor  include  lib  lib64  libexec  sbin  share  src
[root@docker_node01 ~]# cd /usr/local/harbor/
[root@docker_node01 harbor]# ls
common.sh  harbor.v2.0.0.tar.gz  harbor.yml.tmpl  install.sh  LICENSE  prepare
[root@docker_node01 harbor]# 

  3、編輯harbor.yml.tmpl檔案,更改必要的配置

  提示:以上我只修改了hostname的值,後面的我都是用預設值;有關這個配置檔案的說明,可參考官方文件說明去配置;這裡需要注意一點使用https需要自己手動的去申請證照,沒有證照檔案harbor是不能夠正常安裝的;

  4、把harbor.yml.tmpl重新命名為harbor.yml

[root@docker_node01 harbor]# ls
common.sh  harbor.v2.0.0.tar.gz  harbor.yml.tmpl  install.sh  LICENSE  prepare
[root@docker_node01 harbor]# mv harbor.yml.tmpl harbor.yml
[root@docker_node01 harbor]#

  5、執行install.sh

  提示:如果執行install.sh指令碼出現以上錯誤,我們需要先安裝好docker-compose;

  6、安裝docker-compose

[root@docker_node01 harbor]# yum install docker-compose -y
Loaded plugins: fastestmirror
base                                                                                                                                                | 3.6 kB  00:00:00     
docker-ce-stable                                                                                                                                    | 3.5 kB  00:00:00     
epel                                                                                                                                                | 4.7 kB  00:00:00     
extras                                                                                                                                              | 2.9 kB  00:00:00     
updates                                                                                                                                             | 2.9 kB  00:00:00     
(1/3): updates/7/x86_64/primary_db                                                                                                                  | 2.1 MB  00:00:00     
(2/3): epel/x86_64/updateinfo                                                                                                                       | 1.0 MB  00:00:01     
(3/3): epel/x86_64/primary_db                                                                                                                       | 6.8 MB  00:00:03     
Loading mirror speeds from cached hostfile
 * base: mirrors.aliyun.com
 * extras: mirrors.aliyun.com
 * updates: mirror.bit.edu.cn
Resolving Dependencies
--> Running transaction check
---> Package docker-compose.noarch 0:1.18.0-4.el7 will be installed
--> Processing Dependency: python36-cached_property >= 1.2.0 for package: docker-compose-1.18.0-4.el7.noarch
--> Processing Dependency: python36-docker >= 2.6.1 for package: docker-compose-1.18.0-4.el7.noarch
……省略部分內容
Installed:
  docker-compose.noarch 0:1.18.0-4.el7                                                                                                                                     

Dependency Installed:
  python36-PyYAML.x86_64 0:3.13-1.el7                 python36-cached_property.noarch 0:1.5.1-2.el7             python36-chardet.noarch 0:3.0.4-1.el7                      
  python36-docker.noarch 0:2.6.1-3.el7                python36-docker-pycreds.noarch 0:0.2.1-2.el7              python36-dockerpty.noarch 0:0.4.1-18.el7                   
  python36-docopt.noarch 0:0.6.2-8.el7                python36-idna.noarch 0:2.7-2.el7                          python36-jsonschema.noarch 0:2.5.1-4.el7                   
  python36-pysocks.noarch 0:1.6.8-7.el7               python36-requests.noarch 0:2.14.2-2.el7                   python36-six.noarch 0:1.14.0-2.el7                         
  python36-texttable.noarch 0:1.6.2-1.el7             python36-urllib3.noarch 0:1.25.6-1.el7                    python36-websocket-client.noarch 0:0.47.0-2.el7            

Complete!
[root@docker_node01 harbor]# 

  提示:docker-compose是docker容器的單機編排工具;

  7、再執行install.sh指令碼

[root@docker_node01 harbor]# ./install.sh 

[Step 0]: checking if docker is installed ...

Note: docker version: 19.03.8

[Step 1]: checking docker-compose is installed ...

Note: docker-compose version: 1.18.0

[Step 2]: loading Harbor images ...
dbaf2c918102: Loading layer [==================================================>]   34.5MB/34.5MB
1f3458bb7308: Loading layer [==================================================>]  8.435MB/8.435MB
74e91bd5ca15: Loading layer [==================================================>]  6.317MB/6.317MB
82da861dccd3: Loading layer [==================================================>]  14.61MB/14.61MB
8d62f2bfdf94: Loading layer [==================================================>]  28.25MB/28.25MB
40510e398799: Loading layer [==================================================>]  22.02kB/22.02kB
6941a908d292: Loading layer [==================================================>]  49.17MB/49.17MB
Loaded image: goharbor/notary-signer-photon:v2.0.0
bd70463b9e5a: Loading layer [==================================================>]  8.441MB/8.441MB
d3927e3c53ea: Loading layer [==================================================>]  3.584kB/3.584kB
a3b2acbb8f7d: Loading layer [==================================================>]  3.072kB/3.072kB
de14f7f144ce: Loading layer [==================================================>]   9.71MB/9.71MB
94c03f31b276: Loading layer [==================================================>]  10.53MB/10.53MB
Loaded image: goharbor/clair-adapter-photon:v2.0.0
935e17d700d1: Loading layer [==================================================>]   8.44MB/8.44MB
eef8d67e9248: Loading layer [==================================================>]   42.3MB/42.3MB
a181769f3c52: Loading layer [==================================================>]  3.072kB/3.072kB
4b801e4d76d7: Loading layer [==================================================>]  3.584kB/3.584kB
7f7c81a33722: Loading layer [==================================================>]  43.12MB/43.12MB
Loaded image: goharbor/chartmuseum-photon:v2.0.0
4076b322e7f5: Loading layer [==================================================>]  49.89MB/49.89MB
da16bbe3a170: Loading layer [==================================================>]  3.584kB/3.584kB
f8967a1d9155: Loading layer [==================================================>]  3.072kB/3.072kB
6b7eaf984fde: Loading layer [==================================================>]   2.56kB/2.56kB
4406aea83cb2: Loading layer [==================================================>]  3.072kB/3.072kB
78566a971bf2: Loading layer [==================================================>]  3.584kB/3.584kB
e4e05e2ffdad: Loading layer [==================================================>]  12.29kB/12.29kB
f3bcf1de026d: Loading layer [==================================================>]  5.632kB/5.632kB
Loaded image: goharbor/harbor-log:v2.0.0
101133a0a2e6: Loading layer [==================================================>]  8.441MB/8.441MB
40eb3ab360dd: Loading layer [==================================================>]  3.584kB/3.584kB
172ace267ace: Loading layer [==================================================>]  20.94MB/20.94MB
cb361129c579: Loading layer [==================================================>]  3.072kB/3.072kB
f0221c34f9dc: Loading layer [==================================================>]  8.721MB/8.721MB
1880cedc9407: Loading layer [==================================================>]  30.48MB/30.48MB
Loaded image: goharbor/harbor-registryctl:v2.0.0
15f399ca8b42: Loading layer [==================================================>]  8.441MB/8.441MB
182251d62618: Loading layer [==================================================>]  3.584kB/3.584kB
c72ce5e8bba9: Loading layer [==================================================>]  3.072kB/3.072kB
6cb620513867: Loading layer [==================================================>]  20.94MB/20.94MB
8f68617c13e6: Loading layer [==================================================>]  21.76MB/21.76MB
Loaded image: goharbor/registry-photon:v2.0.0
464d98f962d2: Loading layer [==================================================>]  115.2MB/115.2MB
6f577ce93b49: Loading layer [==================================================>]  12.15MB/12.15MB
468b747374fb: Loading layer [==================================================>]  3.072kB/3.072kB
c7d4e40274a2: Loading layer [==================================================>]  49.15kB/49.15kB
349c2528bf8f: Loading layer [==================================================>]  3.584kB/3.584kB
50765adb1994: Loading layer [==================================================>]  13.03MB/13.03MB
Loaded image: goharbor/clair-photon:v2.0.0
f3ae9281f64f: Loading layer [==================================================>]  16.04MB/16.04MB
79de921bba64: Loading layer [==================================================>]  28.25MB/28.25MB
a4826ccd0680: Loading layer [==================================================>]  22.02kB/22.02kB
527c0492bb8a: Loading layer [==================================================>]   50.6MB/50.6MB
Loaded image: goharbor/notary-server-photon:v2.0.0
da380ff7675f: Loading layer [==================================================>]  39.44MB/39.44MB
3e72063a3c12: Loading layer [==================================================>]  3.072kB/3.072kB
87063a362784: Loading layer [==================================================>]   59.9kB/59.9kB
12042912d563: Loading layer [==================================================>]  61.95kB/61.95kB
Loaded image: goharbor/redis-photon:v2.0.0
497d39fd8ed4: Loading layer [==================================================>]  10.28MB/10.28MB
Loaded image: goharbor/nginx-photon:v2.0.0
db89bcd4a7aa: Loading layer [==================================================>]  12.22MB/12.22MB
a3c69d8e6487: Loading layer [==================================================>]  3.072kB/3.072kB
22888c961e12: Loading layer [==================================================>]   2.56kB/2.56kB
15c04c0d67b3: Loading layer [==================================================>]   46.5MB/46.5MB
5e59e5738914: Loading layer [==================================================>]  5.632kB/5.632kB
2fb21742e876: Loading layer [==================================================>]   51.2kB/51.2kB
ebe005c22385: Loading layer [==================================================>]  47.32MB/47.32MB
e91a77a1cc5d: Loading layer [==================================================>]   2.56kB/2.56kB
Loaded image: goharbor/harbor-core:v2.0.0
c9ad3414e408: Loading layer [==================================================>]  63.57MB/63.57MB
0aea7ae12d77: Loading layer [==================================================>]  60.58MB/60.58MB
c3be2cda3349: Loading layer [==================================================>]  5.632kB/5.632kB
970c1e4372ae: Loading layer [==================================================>]  2.048kB/2.048kB
51e00ddbcdac: Loading layer [==================================================>]   2.56kB/2.56kB
27d44e884cd0: Loading layer [==================================================>]   2.56kB/2.56kB
3086c2ee0489: Loading layer [==================================================>]   2.56kB/2.56kB
efd18d9ef79c: Loading layer [==================================================>]  10.24kB/10.24kB
Loaded image: goharbor/harbor-db:v2.0.0
ad0a4ed99dd0: Loading layer [==================================================>]  12.22MB/12.22MB
50121125e459: Loading layer [==================================================>]  3.072kB/3.072kB
6d05b39a8c44: Loading layer [==================================================>]   2.56kB/2.56kB
5380ddc5210f: Loading layer [==================================================>]  35.68MB/35.68MB
e8053e60aee7: Loading layer [==================================================>]   36.5MB/36.5MB
Loaded image: goharbor/harbor-jobservice:v2.0.0
9fefe33a31db: Loading layer [==================================================>]  9.741MB/9.741MB
a52a9b417697: Loading layer [==================================================>]  3.584kB/3.584kB
9b6c54642038: Loading layer [==================================================>]  3.072kB/3.072kB
6a32c528face: Loading layer [==================================================>]  20.34MB/20.34MB
526552ecb5a3: Loading layer [==================================================>]  9.317MB/9.317MB
bc3e72205f25: Loading layer [==================================================>]  30.48MB/30.48MB
Loaded image: goharbor/trivy-adapter-photon:v2.0.0
51193d3ba093: Loading layer [==================================================>]  77.29MB/77.29MB
398b7c3413c0: Loading layer [==================================================>]  48.31MB/48.31MB
cb902b44bae6: Loading layer [==================================================>]   2.56kB/2.56kB
11d3bf655c22: Loading layer [==================================================>]  1.536kB/1.536kB
3d373d988076: Loading layer [==================================================>]  18.43kB/18.43kB
755d5115a4fd: Loading layer [==================================================>]  3.751MB/3.751MB
5d456b2e2b47: Loading layer [==================================================>]  249.3kB/249.3kB
Loaded image: goharbor/prepare:v2.0.0
2128feaae029: Loading layer [==================================================>]  10.28MB/10.28MB
c1e2c6faf4a4: Loading layer [==================================================>]  8.487MB/8.487MB
8728e424e45b: Loading layer [==================================================>]  178.7kB/178.7kB
243de4b81324: Loading layer [==================================================>]  157.2kB/157.2kB
1909dd7d54dc: Loading layer [==================================================>]  33.28kB/33.28kB
e91e103cac7d: Loading layer [==================================================>]  17.41kB/17.41kB
ef43ac036ce0: Loading layer [==================================================>]  15.36kB/15.36kB
3205feaa4e7b: Loading layer [==================================================>]  3.584kB/3.584kB
Loaded image: goharbor/harbor-portal:v2.0.0


[Step 3]: preparing environment ...

[Step 4]: preparing harbor configs ...
prepare base dir is set to /usr/local/harbor
WARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. Please make sure to upgrade to https
Clearing the configuration file: /config/log/logrotate.conf
Clearing the configuration file: /config/log/rsyslog_docker.conf
Clearing the configuration file: /config/nginx/nginx.conf
Clearing the configuration file: /config/core/env
Clearing the configuration file: /config/core/app.conf
Clearing the configuration file: /config/registry/passwd
Clearing the configuration file: /config/registry/config.yml
Clearing the configuration file: /config/registry/root.crt
Clearing the configuration file: /config/registryctl/env
Clearing the configuration file: /config/registryctl/config.yml
Clearing the configuration file: /config/db/env
Clearing the configuration file: /config/jobservice/env
Clearing the configuration file: /config/jobservice/config.yml
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/registryctl/config.yml
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Creating harbor-log ... done
loaded secret from file: /data/secret/keys/secretkey
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir

Creating harbor-db ... done
Creating harbor-core ... done
[Step 5]: starting Harbor ...
Creating nginx ... done
Creating registry ... 
Creating harbor-db ... 
Creating redis ... 
Creating harbor-portal ... 
Creating registryctl ... 
Creating harbor-core ... 
Creating harbor-jobservice ... 
Creating nginx ... 
✔ ----Harbor has been installed and started successfully.----
[root@docker_node01 harbor]# 

  提示:從上面的資訊可以看到harbor匯入了很多映象,然後基於各個映象間的關係提供配置檔案,然後按照一定的依賴關係順序啟動為容器;我們用docker images 可以來看看它匯入了那些映象

[root@docker_node01 harbor]# docker images
REPOSITORY                      TAG                 IMAGE ID            CREATED             SIZE
goharbor/chartmuseum-photon     v2.0.0              4db8d6aa63e9        3 weeks ago         127MB
goharbor/redis-photon           v2.0.0              c89ea2e53cc0        3 weeks ago         72.2MB
goharbor/trivy-adapter-photon   v2.0.0              6122c52b7e48        3 weeks ago         103MB
goharbor/clair-adapter-photon   v2.0.0              dd2210cb7f53        3 weeks ago         62MB
goharbor/clair-photon           v2.0.0              f7c7fcc52278        3 weeks ago         171MB
goharbor/notary-server-photon   v2.0.0              983ac10ed8be        3 weeks ago         143MB
goharbor/notary-signer-photon   v2.0.0              bee1b6d75e0d        3 weeks ago         140MB
goharbor/harbor-registryctl     v2.0.0              c53c32d58d04        3 weeks ago         102MB
goharbor/registry-photon        v2.0.0              afdc1b7ada36        3 weeks ago         84.5MB
goharbor/nginx-photon           v2.0.0              17892f03e56c        3 weeks ago         43.6MB
goharbor/harbor-log             v2.0.0              5f8ff08e795c        3 weeks ago         82MB
goharbor/harbor-jobservice      v2.0.0              c68a2495bf55        3 weeks ago         116MB
goharbor/harbor-core            v2.0.0              3aa3af64baf8        3 weeks ago         138MB
goharbor/harbor-portal          v2.0.0              e0b1d3c894c4        3 weeks ago         52.4MB
goharbor/harbor-db              v2.0.0              5c76f0296cec        3 weeks ago         154MB
goharbor/prepare                v2.0.0              7266d49995ed        3 weeks ago         158MB
[root@docker_node01 harbor]# docker ps -a
CONTAINER ID        IMAGE                                COMMAND                  CREATED             STATUS                   PORTS                       NAMES
909486114bab        goharbor/nginx-photon:v2.0.0         "nginx -g 'daemon of…"   2 minutes ago       Up 2 minutes (healthy)   0.0.0.0:80->8080/tcp        nginx
201af4781190        goharbor/harbor-jobservice:v2.0.0    "/harbor/entrypoint.…"   2 minutes ago       Up 2 minutes (healthy)                               harbor-jobservice
d926598a1b4b        goharbor/harbor-core:v2.0.0          "/harbor/entrypoint.…"   2 minutes ago       Up 2 minutes (healthy)                               harbor-core
b655e8bb9da3        goharbor/harbor-portal:v2.0.0        "nginx -g 'daemon of…"   2 minutes ago       Up 2 minutes (healthy)   8080/tcp                    harbor-portal
596d050acf8b        goharbor/registry-photon:v2.0.0      "/home/harbor/entryp…"   2 minutes ago       Up 2 minutes (healthy)   5000/tcp                    registry
88a6b3335d25        goharbor/harbor-registryctl:v2.0.0   "/home/harbor/start.…"   2 minutes ago       Up 2 minutes (healthy)                               registryctl
cf8db1840524        goharbor/harbor-db:v2.0.0            "/docker-entrypoint.…"   2 minutes ago       Up 2 minutes (healthy)   5432/tcp                    harbor-db
5d522f8f3c38        goharbor/redis-photon:v2.0.0         "redis-server /etc/r…"   2 minutes ago       Up 2 minutes (healthy)   6379/tcp                    redis
020fbf3571a2        goharbor/harbor-log:v2.0.0           "/bin/sh -c /usr/loc…"   2 minutes ago       Up 2 minutes (healthy)   127.0.0.1:1514->10514/tcp   harbor-log
[root@docker_node01 harbor]# 

  提示:可以看到本地倉庫中多了很多映象,同時也啟動了很多容器;其中名為nginx的容器把80埠暴露到陣列機上了;到此harbor就安裝好了;接下來我們訪問宿主機的80埠看看是否能夠訪問到harbor

  提示:以上就是harbor的web 頁面,預設使用者名稱是admin密碼是Harbor12345

  登入harbor web頁面

  提示:我們就可以基於這個web頁面來做管理了;接下來我們先建立一個使用者和專案,然後在通過docker push上傳映象到harbor上

  建立使用者

  提示:填寫好以上資訊,點選確定使用者就建立好了;

  建立專案

   提示:如果建立的專案是私有的,把訪問級別後面的公開對勾取消即可

  從別的docker主機上上傳映象到harbor

  提示:使用非https的倉庫必須要在daemon.json檔案中配置insecure-registries來宣告不安全的映象倉庫地址;

  提示:這裡提示我們未授權;接下來我們去web管理頁面授權qiuhom是test專案的成員;

  提示:現在我們把qiuhom這個使用者設定為test這個專案的管理員,現在我們在以qiuhom的身份推映象到test專案中,看看是否能夠成功把進行推送到harbor上?

[root@docker_node02 ~]# docker push node01.docker-registry.io/test/nginx:1.14-alpine
The push refers to repository [node01.docker-registry.io/test/nginx]
076c58d2644f: Pushed 
b2cbae4b8c15: Pushed 
5ac9a5170bf2: Pushed 
a464c54f93a9: Pushed 
1.14-alpine: digest: sha256:a3a0c4126587884f8d3090efca87f5af075d7e7ac8308cffc09a5a082d5f4760 size: 1153
[root@docker_node02 ~]# 

  提示:這次推送映象沒有報錯,我們去web頁面中看看映象是否推送到test專案中去了?

  驗證:在harborweb介面看看是否有我們推上去的映象?

  用其他docker主機下載harbor上的映象

  提示:可以看到現在我們搭建的harbor是可以正常下載和上傳映象的;管理映象我們可以通過web頁面管理即可,我這裡就不去演示了;接下來我們再來說說在命令列用docker-compose啟動harbor和停止harbor吧

  停止harbor

  提示:用docker-compose停止harbor需要先進入到harbor目錄下,然後執行docker-compose stop 這條命令會去尋找docker-compose.yml檔案,根據檔案中定義的服務來停止容器;這個有點類似docker build命令,找Dockerfile檔案,而docker-compose 是找docker-compose.yml;這裡還需要注意一點的是這個檔名必須是docker-compose.yml;

  啟動harbor

  提示:啟動huabor同停止harbor一樣都必須在docker-compose.yml檔案所在目錄下執行docker-compose start 或docker-compose up -d ;

相關文章