依赖环境

安装docker及docker-compose

下载离线安装包

1
2

wget -c https://storage.googleapis.com/harbor-releases/release-1.9.0/harbor-offline-installer-v1.9.0.tgz
tar zxvf harbor-offline-installer-v1.9.0.tgz

编辑配置文件

主要的配置文件是harbor.yml

**1)**配置hostname,这是必须的,如hostname: register.linkscue.com

**2)**配置https,若不配置,后续的docker login会出现登录不上以及pull不下来的镜像的问题

1
2
3
4
5
6
7

# https related config
https:
  # https port for harbor, default is 443
  port: 443
  # The path of cert and key files for nginx
  certificate: /path/to/ssl/Nginx/1_register.linkscue.com_bundle.crt
  private_key: /path/to/ssl/Nginx/2_register.linkscue.com.key

3)[可选]配置admin密码,如harbor_admin_password: Qs2Zp6aOxS 4)[可选]配置数据库密码

1
2
3
4

# Harbor DB configuration
database:
  # The password for the root user of Harbor DB. Change this before any production use.
  password: 82YHndmCjh

PS:以上粘出来的密码,都是我随机生成的,并非我真实环境部署所使用的密码~

直接部署

部署也很简单,直接进入 harbor目录,执行 ./install.sh 即可。

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32


$ cd harbor
$ ./install.sh

[Step 0]: checking installation environment ...

Note: docker version: 19.03.2

Note: docker-compose version: 1.24.1

[Step 1]: loading Harbor images ...
# ...

[Step 2]: preparing environment ...
# ...

[Step 3]: starting Harbor ...
Creating network "harbor_harbor" with the default driver
Creating harbor-log ... done
Creating registry      ... done
Creating harbor-db     ... done
Creating harbor-portal ... done
Creating redis         ... done
Creating registryctl   ... done
Creating harbor-core   ... done
Creating nginx             ... done
Creating harbor-jobservice ... done

✔ ----Harbor has been installed and started successfully.----

Now you should be able to visit the admin portal at https://register.linkscue.com.
For more details, please visit https://github.com/goharbor/harbor .

像这样子就表示已经部署成功了。

PS:限于篇幅,部分输出内容有省略。

配置supervisor自启、防误杀

一般情况下,docker启动的时候会把restart=always的容器给启动起来,但还是会遇到有人不小心把docker容器给误杀docker rm的情况,这波操作不是给自己的,是防止其他人把这里的程序给docker rm造成不能正常拉取镜像的情况。

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27

cd /path/to/harbor

# 安装并启用supervisor
yum install -y supervisor
systemctl enable supervisord
systemctl start supervisord
systemctl status supervisord

# 编写配置文件
cat <<EOF > /etc/supervisord.d/harbor.ini
[program:harbor]
command=docker-compose up
directory=$PWD
startsecs=0
stopwaitsecs=0
autostart=true
autorestart=true
redirect_stderr=true
stdout_logfile_maxbytes=100MB
stdout_logfile_backups=7
stdout_logfile=$PWD/harbor.log
EOF

# 更新supervisor配置文件并运行进程
supervisorctl reread
supervisorctl update
supervisorctl status

这波操作下来,即使容器被docker rm了,也会自觉的正常启动。奈斯~

可以自觉的测试一下:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20

$ docker rm -f $(docker ps -a | grep goharbor | awk '{print $1}')
f13f92a997ab
d93f3a3c992e
6cb9ac09ca18
cfcf50607fe5
712e42f808e9
f74cb4f66e6d
c0257f40d975
321aa1f3440c
e167ca62da66
$ docker ps | grep goharbor
a128e7b11c8e        goharbor/nginx-photon:v1.9.0                        "nginx -g 'daemon of…"   9 seconds ago       Up 8 seconds (health: starting)    0.0.0.0:80->8080/tcp, 0.0.0.0:443->8443/tcp   nginx
e7186fcb7ab6        goharbor/harbor-jobservice:v1.9.0                   "/harbor/harbor_jobs…"   9 seconds ago       Up 8 seconds (health: starting)                                                  harbor-jobservice
5a7364ea9762        goharbor/harbor-core:v1.9.0                         "/harbor/harbor_core"    10 seconds ago      Up 9 seconds (health: starting)                                                  harbor-core
fe73da41210c        goharbor/harbor-registryctl:v1.9.0                  "/harbor/start.sh"       11 seconds ago      Up 9 seconds (health: starting)                                                  registryctl
481cdad7c00c        goharbor/harbor-db:v1.9.0                           "/docker-entrypoint.…"   11 seconds ago      Up 9 seconds (health: starting)    5432/tcp                                      harbor-db
6a6ed86ab18f        goharbor/redis-photon:v1.9.0                        "redis-server /etc/r…"   11 seconds ago      Up 9 seconds (health: starting)    6379/tcp                                      redis
a4e4a24c7612        goharbor/harbor-portal:v1.9.0                       "nginx -g 'daemon of…"   11 seconds ago      Up 9 seconds (health: starting)    8080/tcp                                      harbor-portal
309cdc31a637        goharbor/registry-photon:v2.7.1-patch-2819-v1.9.0   "/entrypoint.sh /etc…"   11 seconds ago      Up 9 seconds (health: starting)    5000/tcp                                      registry
479cdbc68266        goharbor/harbor-log:v1.9.0                          "/bin/sh -c /usr/loc…"   14 seconds ago      Up 10 seconds (health: starting)   127.0.0.1:1514->10514/tcp                     harbor-log

看,即使杀死了,还是自动的再次拉起来。

测试私有仓库部署情况

为了测试私有仓库是否搭建完成,显而易见的方式就是检查是否能docker login,以及上传镜像、下载镜像。

为了配合这个事情,还需要做一些工作:

1. 管理员登录

打开 https://register.linkscue.com ,使用admin账号和密码进行登录。

2. 创建项目Project

这个依据自身情况而定,一般对应用户名去创建即可,如scue

具体操作:项目→新建项目,创建项目时,可以选择把项目进行公开,或者是不公开,不公开就需要docker login之后才可以docker pull。

3. 创建用户User

依据自身情况而定,一般生产线大家都使用相同的名字,如scue

具体操作:系统管理→用户管理→创建用户

并且,在项目→scue→成员中,添加用户scue作为项目管理员。

4. docker login

在此之前,使用刚刚创建账号进行登录:

1
2
3
4
5
6
7
8

$ docker login register.linkscue.com
Username: scue
Password:
WARNING! Your password will be stored unencrypted in /home/root1/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

5. docker push

我们可以尝试把 alpine:3.8推送至私有仓库,可以这样子操作:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13

$ docker pull alpine:3.8
3.8: Pulling from library/alpine
c87736221ed0: Pull complete
Digest: sha256:04696b491e0cc3c58a75bace8941c14c924b9f313b03ce5029ebbc040ed9dcd9
Status: Downloaded newer image for alpine:3.8
docker.io/library/alpine:3.8

$ docker tag alpine:3.8 register.linkscue.com/scue/alpine:3.8

$ docker push register.linkscue.com/scue/alpine:3.8
The push refers to repository [register.linkscue.com/scue/alpine]
d9ff549177a9: Pushed
3.8: digest: sha256:899a03e9816e5283edba63d71ea528cd83576b28a7586cf617ce78af5526f209 size: 528

这样子就可以看到,已经成功把镜像推送至私有仓库了。

6. docker pull

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16

$ docker rmi alpine:3.8
Untagged: alpine:3.8
Untagged: alpine@sha256:04696b491e0cc3c58a75bace8941c14c924b9f313b03ce5029ebbc040ed9dcd9

$ docker rmi register.linkscue.com/scue/alpine:3.8
Untagged: register.linkscue.com/scue/alpine:3.8
Untagged: register.linkscue.com/scue/alpine@sha256:899a03e9816e5283edba63d71ea528cd83576b28a7586cf617ce78af5526f209
Deleted: sha256:dac7051149965716b0acdcab16380b5f4ab6f2a1565c86ed5f651e954d1e615c
Deleted: sha256:d9ff549177a94a413c425ffe14ae1cc0aa254bc9c7df781add08e7d2fba25d27

$ docker pull register.linkscue.com/scue/alpine:3.8
3.8: Pulling from scue/alpine
c87736221ed0: Pull complete
Digest: sha256:899a03e9816e5283edba63d71ea528cd83576b28a7586cf617ce78af5526f209
Status: Downloaded newer image for register.linkscue.com/scue/alpine:3.8
register.linkscue.com/scue/alpine:3.8

可以看到,在把旧的镜像删除了之后,再通过docker pull可以把我们刚刚push的镜像拉取下来了。

至此,测试完成~