最新版Harbor搭建(harbor-offline-installer-v1.10.1.tgz)

2019/04/10 10:10
阅读数 122

 

Harbor 是一个开源镜像仓库,可通过基于角色的访问控制来保护镜像,新版本的Harbor还增加了扫描镜像中的漏洞并将镜像签名为受信任

作为CNCF孵化项目,Harbor提供合规性,性能和互操作性,以帮助你跨Kubernetes和Docker等云原生计算平台持续,安全地管理镜像。

Harbor组件均以Docker容器方式启动,因此,你可以将其部署在任何支持Docker的Linux发行版上。

 

 

 


硬件要求

软件要求

软件 版本 描述
Docker引擎 v17.06.0-ce 或更高版本 有关安装说明,请参阅 Docker Engine文档。
Docker撰写 v1.18.0 或更高版本 有关安装说明,请参阅 Docker Compose文档。
Openssl 最好是最新的 用于生成Harbor的证书和密钥

 

 

 

 

网络端口

 

 


下载地址

   https://github.com/goharbor/harbor/releases

Harbor官方分别提供了在线版(不含组件镜像,相对较小)和离线版(包含组件镜像,相对较大)。

由于github下载非常非常的慢,在此提供最新离线版包 harbor-offline-installer-v1.10.1.tgz (提取码: 7bts)。

 

 


创建 https 证书

# 创建证书目录,并赋予权限
mkdir -p /data/cert && chmod -R 777 /data/cert && cd /data/cert
# 生成私钥,需要设置密码
openssl genrsa -des3 -out harbor.key 2048

# 生成CA证书,需要输入密码
openssl req -sha512 -new \
    -subj "/C=CN/ST=JS/L=WX/O=zwx/OU=jhmy/CN=hub.jhmy.com" \
    -key harbor.key \
    -out harbor.csr

# 备份证书
cp harbor.key harbor.key.org

# 退掉私钥密码,以便docker访问(也可以参考官方进行双向认证)
openssl rsa -in harbor.key.org -out harbor.key

# 使用证书进行签名
openssl x509 -req -days 365 -in harbor.csr -signkey harbor.key -out harbor.crt

官方证书认证配置:https://goharbor.io/docs/1.10/install-config/configure-https/ 

 

 


部署安装

  • 解压软件包

  • 编辑harbor.yml,修改hostname、https证书路径、admin密码

 

  •  运行install.sh即可,可带参数(--with-notary

 流程:检查环境  ->  导入镜像  -> 准备环境  ->  准备配置(含移除旧版本)->  开始启动

[root@hub harbor]# ./install.sh

[Step 0]: checking if docker is installed ...
Note: docker version: 19.03.8

[Step 1]: checking docker-compose is installed ...
Note: docker-compose version: 1.23.1

[Step 2]: loading Harbor images ...
Loaded image: goharbor/clair-adapter-photon:v1.0.1-v1.10.1
Loaded image: goharbor/harbor-jobservice:v1.10.1
Loaded image: goharbor/redis-photon:v1.10.1
Loaded image: goharbor/notary-server-photon:v0.6.1-v1.10.1
Loaded image: goharbor/clair-photon:v2.1.1-v1.10.1
Loaded image: goharbor/harbor-log:v1.10.1
Loaded image: goharbor/registry-photon:v2.7.1-patch-2819-2553-v1.10.1
Loaded image: goharbor/notary-signer-photon:v0.6.1-v1.10.1
Loaded image: goharbor/chartmuseum-photon:v0.9.0-v1.10.1
Loaded image: goharbor/harbor-registryctl:v1.10.1
Loaded image: goharbor/nginx-photon:v1.10.1
Loaded image: goharbor/harbor-migrator:v1.10.1
Loaded image: goharbor/prepare:v1.10.1
Loaded image: goharbor/harbor-portal:v1.10.1
Loaded image: goharbor/harbor-core:v1.10.1
Loaded image: goharbor/harbor-db:v1.10.1

[Step 3]: preparing environment ...

[Step 4]: preparing harbor configs ...
prepare base dir is set to /root/harbor
Clearing the configuration file: /config/log/logrotate.conf
Clearing the configuration file: /config/log/rsyslog_docker.conf
Clearing the configuration file: /config/nginx/conf.d/notary.upstream.conf
Clearing the configuration file: /config/nginx/conf.d/notary.server.conf
Clearing the configuration file: /config/nginx/nginx.conf
Clearing the configuration file: /config/core/env
Clearing the configuration file: /config/core/app.conf
Clearing the configuration file: /config/registry/config.yml
Clearing the configuration file: /config/registry/root.crt
Clearing the configuration file: /config/registryctl/env
Clearing the configuration file: /config/registryctl/config.yml
Clearing the configuration file: /config/db/env
Clearing the configuration file: /config/jobservice/env
Clearing the configuration file: /config/jobservice/config.yml
Clearing the configuration file: /config/notary/server-config.postgres.json
Clearing the configuration file: /config/notary/server_env
Clearing the configuration file: /config/notary/signer_env
Clearing the configuration file: /config/notary/signer-config.postgres.json
Clearing the configuration file: /config/notary/notary-signer.crt
Clearing the configuration file: /config/notary/notary-signer.key
Clearing the configuration file: /config/notary/notary-signer-ca.crt
Clearing the configuration file: /config/notary/root.crt
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
loaded secret from file: /secret/keys/secretkey
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir

# 如果已安装harbor将会自动移除
Note: stopping existing Harbor instance ...
Stopping nginx             ... done
Stopping harbor-jobservice ... done
Stopping harbor-core       ... done
Stopping redis             ... done
Stopping harbor-portal     ... done
Stopping registry          ... done
Stopping harbor-db         ... done
Stopping harbor-log        ... done
Removing nginx             ... done
Removing harbor-jobservice ... done
Removing harbor-core       ... done
Removing redis             ... done
Removing harbor-portal     ... done
Removing registry          ... done
Removing harbor-db         ... done
Removing registryctl       ... done
Removing harbor-log        ... done
Removing network harbor_harbor


[Step 5]: starting Harbor ...
Creating network "harbor_harbor" with the default driver
Creating harbor-log ... done
Creating harbor-portal ... done
Creating registry      ... done
Creating redis         ... done
Creating harbor-db     ... done
Creating registryctl   ... done
Creating harbor-core   ... done
Creating harbor-jobservice ... done
Creating nginx             ... done
✔ ----Harbor has been installed and started successfully.----
install.logs

 

 

 


应用配置

# 配置镜像仓库地址(推荐配置域名)
vim/etc/docker/daemon.json
{ 
"insecure-registries": ["serverip"]
}

# 下载测试镜像
docker pull hello-world

# 给镜像重新打标签
docker tag hello-world serverip/hello-world:latest

# 登录进行上传
docker login serverip
docker push serverip/hello-world:latest

 

 


在线部署

  如果你既不想下载离线包,国外网又不好,那就使用我的阿里云镜像源吧。

  首先下载镜像,脚本如下:

#!/bin/sh
# creator: leozhanggg
# up-date: 2020/04/08
# description: pullImage.sh

images="chartmuseum-photon:v0.9.0-v1.10.1 \
 harbor-migrator:v1.10.1 \
 redis-photon:v1.10.1 \
 clair-adapter-photon:v1.0.1-v1.10.1 \
 clair-photon:v2.1.1-v1.10.1 \
 notary-server-photon:v0.6.1-v1.10.1 \
 notary-signer-photon:v0.6.1-v1.10.1 \
 harbor-registryctl:v1.10.1 \
 registry-photon:v2.7.1-patch-2819-2553-v1.10.1 \
 nginx-photon:v1.10.1 \
 harbor-log:v1.10.1 \
 harbor-jobservice:v1.10.1 \
 harbor-core:v1.10.1 \
 harbor-portal:v1.10.1 \
 harbor-db:v1.10.1 \
 prepare:v1.10.1"

for image in ${images}; do
  imagefull=registry.cn-shanghai.aliyuncs.com/leozhanggg/goharbor/${image}
  docker pull ${imagefull}
  docker tag ${imagefull} goharbor/${image}
  docker rmi ${imagefull}
done

  然后参考上面创建https证书,进行部署:

# 配置镜像加速地址
mkdir /etc/docker
cat > /etc/docker/daemon.json <<EOF
{
  "registry-mirrors": ["https://jc3y13r3.mirror.aliyuncs.com"]
}
EOF

# 执行脚本拉取镜像
sh pullImage.sh 

# 下载在线安装包(8.29k)
wget https://github.com/goharbor/harbor/releases/download/v1.10.1/harbor-online-installer-v1.10.1.tgz

# 解压并修改配置文件
tar -zxvf harbor-online-installer-v1.10.1.tgz && cd harbor
vim harbor.yml

# 执行部署
./install

 

 


其他说明

  • 新版本的harbor使用的是pg数据库,如果你是很老的版本,可能使用的还是mysql,所以需要手动暂停老服务。

   并且需要备份并删除/data/database文件夹,否则新版本pg将无法解析老的mysql数据,而导致安装失败,对于两个数据库数据转换是个麻烦事。

 

  • 界面变化

 

 

作者:Leozhanggg

出处:https://www.cnblogs.com/leozhanggg/p/12554399.html

本文版权归作者和博客园共有,欢迎转载,但未经作者同意必须保留此段声明,且在文章页面明显位置给出原文连接,否则保留追究法律责任的权利。

 

原文出处:https://www.cnblogs.com/leozhanggg/p/12554399.html

展开阅读全文
打赏
0
0 收藏
分享
加载中
更多评论
打赏
0 评论
0 收藏
0
分享
返回顶部
顶部