您现在的位置是:首页 >学无止境 >Install Harbor 2.8 on Centos网站首页学无止境

Install Harbor 2.8 on Centos

JJH的创世纪 2024-07-24 18:01:02
简介Install Harbor 2.8 on Centos

目录

Node & System/Software Lists

Architecture Overview of Harbor

Install Harbor 2.8

Harbor Installation Prerequisites

Install Docker and Docker Compose

Install Harbor

Pull and Push image from Harbor

Reference documentation 


Node & System/Software Lists

HOSTNAME

IPNODE TYPECONFIG
master1192.168.1.100harbor server4vCPU4G
SystemVersion

kernel
3.10.0-1160.el7.x86_64
centosCentOS Linux release 7.9.2009 (Core)
Software NameVersion
docker24.0.2
docker composev2.18.1
harborv2.8.1

Architecture Overview of Harbor

With Harbor V2.0, users can manage images, manifest lists, Helm charts, CNABs, OPAs among others which all adhere to the OCI image specification.You can read more here[1].

Install Harbor 2.8

Here we start to install Harbor 2.8 on the target host.following below steps and get Harold installed:

  1. Harbor Installation Prerequisites
  2. Install Docker and Docker Compose
  3. Install Harbor
  4. Pull and Push image from Harbor

Harbor Installation Prerequisites

Harbor is deployed as several Docker containers. You can therefore deploy it on any Linux distribution that supports Docker. The target host requires Hardware,Software,Network ports show like below.

Hardware

ResourceMinimumRecommended
CPU2 CPU4 CPU
Mem4 GB8 GB
Disk40 GB160 GB

Software 

SoftwareVersionDescription
Docker EngineVersion 17.06.0-ce+ or higherFor installation instructions, see Docker Engine documentation
Docker Composedocker-compose (v1.18.0+) or docker compose v2 (docker-compose-plugin)For installation instructions, see Docker Compose documentation
OpenSSLLatest is preferredUsed to generate certificate and keys for Harbor

Network ports

PortProtocolDescription
443HTTPSHarbor portal and core API accept HTTPS requests on this port.
4443HTTPSConnections to the Docker Content Trust service for Harbor. Only required if Notary is enabled. 
80HTTPHarbor portal and core API accept HTTP requests on this port. 

Install Docker and Docker Compose

You can copy and run all there shell commands and get docker components and docker-compose:

sudo yum install -y yum-utils
sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
sudo yum install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
sudo systemctl start docker
sudo systemctl enable docker
sudo curl -SL https://github.com/docker/compose/releases/download/v2.18.1/docker-compose-sudo linux-x86_64 -o /usr/bin/docker-compose
sudo chmod +x /usr/bin/docker-compose

Install Harbor

Copying and running all the bellow shells:

mkdir ~/harbor && cd ~/harbor
wget https://github.com/goharbor/harbor/releases/download/v2.8.1/harbor-offline-installer-v2.8.1.tgz
tar zxf harbor-offline-installer-v2.8.1.tgz-C /usr/local/

The harbor.yml.tmpl in this folder and we need copy and turn to harbor.yml which is harbor server read this name by default.Replace the hostname and comment out the https line temporary.Then run `./install.sh` to install harbor. 

[root@master1 harbor]# ls
common.sh  harbor.v2.8.1.tar.gz  harbor.yml.tmpl  install.sh  LICENSE  prepare
[root@master1 harbor]# cp harbor.yml.tmpl harbor.yml
[root@master1 harbor]# vim harbor.yml
..........
hostname: harbor_node01.example.com		//Replace hostname to your hostip or hostname
.........
#https:									//Comment out the https line
  # https port for harbor, default is 443
  #port: 443
  # The path of cert and key files for nginx
  #certificate: /your/certificate/path
  #private_key: /your/private/key/path
.........

[root@master1 harbor]# ./install.sh

[Step 0]: checking if docker is installed ...

Note: docker version: 24.0.2

[Step 1]: checking docker-compose is installed ...

Note: Docker Compose version v2.18.1

[Step 2]: loading Harbor images ...
Loaded image: goharbor/registry-photon:v2.8.1
Loaded image: goharbor/notary-server-photon:v2.8.1
Loaded image: goharbor/harbor-core:v2.8.1
Loaded image: goharbor/harbor-jobservice:v2.8.1
Loaded image: goharbor/harbor-exporter:v2.8.1
Loaded image: goharbor/trivy-adapter-photon:v2.8.1
Loaded image: goharbor/prepare:v2.8.1
Loaded image: goharbor/redis-photon:v2.8.1
Loaded image: goharbor/nginx-photon:v2.8.1
Loaded image: goharbor/notary-signer-photon:v2.8.1
Loaded image: goharbor/harbor-portal:v2.8.1
Loaded image: goharbor/harbor-log:v2.8.1
Loaded image: goharbor/harbor-db:v2.8.1
Loaded image: goharbor/harbor-registryctl:v2.8.1


[Step 3]: preparing environment ...

[Step 4]: preparing harbor configs ...
prepare base dir is set to /usr/local/harbor
WARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. Please make sure to upgrade to https
Generated configuration file: /config/portal/nginx.conf
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/registryctl/config.yml
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
Generated and saved secret to file: /data/secret/keys/secretkey
Successfully called func: create_root_cert
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir


Note: stopping existing Harbor instance ...


[Step 5]: starting Harbor ...
[+] Building 0.0s (0/0)                                                                                                                                                                     
[+] Running 10/10
 ✔ Network harbor_harbor        Created                                                                                                                                                0.1s 
 ✔ Container harbor-log         Started                                                                                                                                                1.7s 
 ✔ Container registryctl        Started                                                                                                                                                2.1s 
 ✔ Container harbor-portal      Started                                                                                                                                                2.8s 
 ✔ Container registry           Started                                                                                                                                                2.8s 
 ✔ Container harbor-db          Started                                                                                                                                                2.8s 
 ✔ Container redis              Started                                                                                                                                                2.8s 
 ✔ Container harbor-core        Started                                                                                                                                                3.6s 
 ✔ Container harbor-jobservice  Started                                                                                                                                                5.1s 
 ✔ Container nginx              Started                                                                                                                                                5.1s 
✔ ----Harbor has been installed and started successfully.----

Note: After updating harbor.yml,running the prepare script to populate the configuration.And 

vim harbor.yml
sudo ./prepare
sudo docker-compose up -d

To reconfigure Harbor to install Notary and Trivy, include all of the components in the prepare command. 

sudo ./prepare --with-notary --with-trivy

 We use docker-compose to manage harbor like bellow. For more enter `docker-compose --help`

[root@master1 harbor]# docker-compose ls
NAME                STATUS              CONFIG FILES
harbor              running(9)          /usr/local/harbor/docker-compose.yml
[root@master1 harbor]# docker-compose ps
NAME                IMAGE                                COMMAND                  SERVICE             CREATED             STATUS                    PORTS
harbor-core         goharbor/harbor-core:v2.8.1          "/harbor/entrypoint.…"   core                22 hours ago        Up 11 minutes (healthy)   
harbor-db           goharbor/harbor-db:v2.8.1            "/docker-entrypoint.…"   postgresql          22 hours ago        Up 11 minutes (healthy)   
harbor-jobservice   goharbor/harbor-jobservice:v2.8.1    "/harbor/entrypoint.…"   jobservice          22 hours ago        Up 11 minutes (healthy)   
harbor-log          goharbor/harbor-log:v2.8.1           "/bin/sh -c /usr/loc…"   log                 22 hours ago        Up 11 minutes (healthy)   127.0.0.1:1514->10514/tcp
harbor-portal       goharbor/harbor-portal:v2.8.1        "nginx -g 'daemon of…"   portal              22 hours ago        Up 11 minutes (healthy)   
nginx               goharbor/nginx-photon:v2.8.1         "nginx -g 'daemon of…"   proxy               22 hours ago        Up 11 minutes (healthy)   0.0.0.0:80->8080/tcp, :::80->8080/tcp
redis               goharbor/redis-photon:v2.8.1         "redis-server /etc/r…"   redis               22 hours ago        Up 11 minutes (healthy)   
registry            goharbor/registry-photon:v2.8.1      "/home/harbor/entryp…"   registry            22 hours ago        Up 11 minutes (healthy)   
registryctl         goharbor/harbor-registryctl:v2.8.1   "/home/harbor/start.…"   registryctl         22 hours ago        Up 11 minutes (healthy)   
[root@master1 harbor]# docker-compose images
CONTAINER           REPOSITORY                    TAG                 IMAGE ID            SIZE
harbor-core         goharbor/harbor-core          v2.8.1              075ed731ac18        165MB
harbor-db           goharbor/harbor-db            v2.8.1              01ca249e7dc2        174MB
harbor-jobservice   goharbor/harbor-jobservice    v2.8.1              977ee6bff288        141MB
harbor-log          goharbor/harbor-log           v2.8.1              145a69b937ca        134MB
harbor-portal       goharbor/harbor-portal        v2.8.1              6c2b21221aca        134MB
nginx               goharbor/nginx-photon         v2.8.1              cea1bb2450ee        127MB
redis               goharbor/redis-photon         v2.8.1              cb8b735b33ba        128MB
registry            goharbor/registry-photon      v2.8.1              c125efcb6c2a        79.1MB
registryctl         goharbor/harbor-registryctl   v2.8.1              c141d82ffd0a        141MB
[root@master1 harbor]# docker-compose stop
[+] Stopping 9/9
 ✔ Container nginx              Stopped                                                                                                                                                0.7s 
 ✔ Container harbor-jobservice  Stopped                                                                                                                                                0.6s 
 ✔ Container registryctl        Stopped                                                                                                                                               10.3s 
 ✔ Container harbor-portal      Stopped                                                                                                                                                0.3s 
 ✔ Container harbor-core        Stopped                                                                                                                                                0.2s 
 ✔ Container harbor-db          Stopped                                                                                                                                                0.3s 
 ✔ Container registry           Stopped                                                                                                                                                0.3s 
 ✔ Container redis              Stopped                                                                                                                                                0.3s 
 ✔ Container harbor-log         Stopped                                                                                                                                               10.2s 
[root@master1 harbor]# docker-compose start
[+] Running 9/9
 ✔ Container harbor-log         Started                                                                                                                                                0.6s 
 ✔ Container harbor-portal      Started                                                                                                                                                0.8s 
 ✔ Container registryctl        Started                                                                                                                                                1.1s 
 ✔ Container redis              Started                                                                                                                                                0.7s 
 ✔ Container harbor-db          Started                                                                                                                                                0.9s 
 ✔ Container registry           Started                                                                                                                                                0.9s 
 ✔ Container harbor-core        Started                                                                                                                                                0.4s 
 ✔ Container harbor-jobservice  Started                                                                                                                                                0.7s 
 ✔ Container nginx              Started                                                                                                                                                0.8s 

Use the browser to enter "http://hostip:80"(for me is http://192.168.1.100:80 to access it.

The default username and password are admin/Harbor12345

Pull and Push image from Harbor

Push

 Push an image refer three steps:

  1. set docker-harbor insecure-registary(or set .cert file)
  2. docker login harbor (required this login user have push permissions)
  3. docker tag and docker push(tag format like harbor-host:ip/project name/imagename:v)

Here is a sample of push a image named busybox:latest. 

[root@localhost ~]# vim /etc/docker/daemon.json
{
  "insecure-registries": ["192.168.1.100:80","0.0.0.0"]
}
[root@master1 harbor]# docker pull busybox:latest
[root@master1 harbor]# docker images
REPOSITORY                      TAG       IMAGE ID       CREATED       SIZE
busybox                         latest    8135583d97fe   12 days ago   4.86MB
[root@master1 harbor]# docker tag busybox:latest 192.168.1.100:80/library/busybox:v0.1
[root@master1 harbor]# docker images
REPOSITORY                         TAG       IMAGE ID       CREATED       SIZE
192.168.1.100:80/library/busybox   v0.1      8135583d97fe   12 days ago   4.86MB
busybox                            latest    8135583d97fe   12 days ago   4.86MB
[root@master1 harbor]# docker login -u admin -p Harbor12345 http://192.168.1.100:80
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded
[root@master1 harbor]# docker push 192.168.1.100:80/library/busybox:v0.1
The push refers to repository [192.168.1.100:80/library/busybox]
9547b4c33213: Pushed 
v0.1: digest: sha256:5cd3db04b8be5773388576a83177aff4f40a03457a63855f4b9cbe30542b9a43 size: 528

Pull 

 Pull an image refer three steps:

  1. set docker-harbor insecure-registary(or set .cert file)
  2. docker login harbor(required this login user have pull permissions)
  3. docker pull

Here are two methods to pull an imgae from Harbor.One is set configuration of "registry-mirrors' and pull an image via unfull name which means no need to enter all addresses and specify labels.Two is pull an image via specify image name and tag.

//method1:
[root@master1 harbor]# vim /etc/docker/daemon.json
{
 "registry-mirrors": ["http://192.168.1.100:80"],
 "insecure-registries": ["192.168.1.100:80","0.0.0.0"]
}

[root@master1 harbor]# docker pull busybox
Using default tag: latest
latest: Pulling from library/busybox
325d69979d33: Pull complete 
Digest: sha256:560af6915bfc8d7630e50e212e08242d37b63bd5c1ccf9bd4acccf116e262d5b
Status: Downloaded newer image for busybox:latest
docker.io/library/busybox:latest
//or
[root@master1 harbor]# docker pull busybox:v0.1
v0.1: Pulling from library/busybox
Digest: sha256:5cd3db04b8be5773388576a83177aff4f40a03457a63855f4b9cbe30542b9a43
Status: Downloaded newer image for busybox:v0.1
docker.io/library/busybox:v0.1


//method2:
[root@master1 harbor]# docker pull 192.168.1.100:80/library/busybox:v0.1
v0.1: Pulling from library/busybox
325d69979d33: Pull complete 
Digest: sha256:5cd3db04b8be5773388576a83177aff4f40a03457a63855f4b9cbe30542b9a43
Status: Downloaded newer image for 192.168.1.100:80/library/busybox:v0.1
192.168.1.100:80/library/busybox:v0.1

 You can copy command to get image address like below:

Delete 

Login into harbor-webui and operate it if you want delete image.

Reference documentation 

[1] Architecture Overview of Harbor · goharbor/harbor Wiki · GitHub

风语者!平时喜欢研究各种技术,目前在从事后端开发工作,热爱生活、热爱工作。