Harbor是一个用于存储和分发Docker镜像的企业级Registry服务器,通过添加一些企业必需的功能特性,例如安全、标识和管理等,扩展了开源Docker Distribution。作为一个企业级私有Registry服务器,Harbor提供了更好的性能和安全。提升用户使用Registry构建和运行环境传输镜像的效率。Harbor支持安装在多个Registry节点的镜像资源复制,镜像全部保存在私有Registry中,确保数据和知识产权在公司内部网络中管控。另外,Harbor也提供了高级的安全特性,诸如用户管理,访问控制和活动审计等。

  • 基于角色的访问控制 - 用户与Docker镜像仓库通过“项目”进行组织管理,一个用户可以对多个镜像仓库在同一命名空间(project)里有不同的权限。
  • 镜像复制 - 镜像可以在多个Registry实例中复制(同步)。尤其适合于负载均衡,高可用,混合云和多云的场景。
  • 图形化用户界面 - 用户可以通过浏览器来浏览,检索当前Docker镜像仓库,管理项目和命名空间。
  • AD/LDAP 支持 - Harbor可以集成企业内部已有的AD/LDAP,用于鉴权认证管理。
  • 审计管理 - 所有针对镜像仓库的操作都可以被记录追溯,用于审计管理。
  • 国际化 - 已拥有英文、中文、德文、日文和俄文的本地化版本。更多的语言将会添加进来。
  • RESTful API - RESTful API 提供给管理员对于Harbor更多的操控, 使得与其它管理软件集成变得更容易。
  • 部署简单 - 提供在线和离线两种安装工具, 也可以安装到vSphere平台(OVA方式)虚拟设备。

官网地址:https://vmware.github.io/harbor/cn/
官方下载地址:https://github.com/vmware/harbor/releases
vmware harbor v1.3.0-rc4百度网盘,密码:m2mi
安装向导:https://github.com/vmware/harbor/blob/master/docs/installation_guide.md
用户使用指南:https://github.com/vmware/harbor/blob/master/docs/user_guide.md
https配置:https://github.com/vmware/harbor/blob/master/docs/configure_https.md

安装docker-compose

docker-compose版本需要大于1.7.1+

1
2
# curl -L https://github.com/docker/compose/releases/download/1.18.0/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
# chmod +x /usr/local/bin/docker-compose

生成证书

1
2
3
4
5
6
mkdir -p /data/cert
cd /data/cert
openssl req -newkey rsa:4096 -nodes -sha256 -keyout ca.key -x509 -days 365 -out ca.crt
openssl req -newkey rsa:4096 -nodes -sha256 -keyout server.key -out server.csr
echo subjectAltName = IP:192.168.1.196 > extfile.cnf
openssl x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -extfile extfile.cnf -out server.crt

部署Vmware Harbor

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
# tar -zxf harbor-offline-installer-v1.3.0-rc4.tgz
# cd harbor
# grep -iv '^#' harbor.cfg | grep -iv '^$'
hostname = 192.168.1.196          #如果用购买的证书需要写域名
ui_url_protocol = https           #http改成https
db_password = root123             #密码不能改,否则有些容器起不来
max_job_workers = 3
customize_crt = on
ssl_cert = /data/cert/server.crt  #指定证书路径
ssl_cert_key = /data/cert/server.key   #同上,下面全默认即可
secretkey_path = /data
admiral_url = NA
clair_db_password = password
log_rotate_count = 50
log_rotate_size = 200M
email_identity = 
email_server = smtp.mydomain.com
email_server_port = 25
email_username = sample_admin@mydomain.com
email_password = abc
email_from = admin <sample_admin@mydomain.com>
email_ssl = false
email_insecure = false
harbor_admin_password = Harbor12345
auth_mode = db_auth
ldap_url = ldaps://ldap.mydomain.com
ldap_basedn = ou=people,dc=mydomain,dc=com
ldap_uid = uid 
ldap_scope = 3 
ldap_timeout = 5
self_registration = on
token_expiration = 30
project_creation_restriction = everyone
db_host = mysql
db_port = 3306
db_user = root
uaa_endpoint = uaa.mydomain.org
uaa_clientid= id
uaa_clientsecret= secret
uaa_ca_root= /path/to/uaa_ca.pem
#

Docker版本大于1.6.0

1
2
3
4
5
6
# cat /etc/docker/daemon.json
{ "insecure-registries":["192.168.1.196"] }           #如果harbor.cfg里填的是域名,这里要保持一致
#
systemctl enable docker
systemctl start docker
./install.sh            #安装Vmware Harbor

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
[root@localhost ~]# docker images | grep -i vmware
vmware/harbor-log                                                 v1.3.0-rc4          58aa9393b1cd        3 weeks ago         207MB
vmware/harbor-jobservice                                          v1.3.0-rc4          b3664e837ab8        3 weeks ago         197MB
vmware/harbor-ui                                                  v1.3.0-rc4          5f6e4c4b41da        3 weeks ago         211MB
vmware/harbor-adminserver                                         v1.3.0-rc4          a907519f7baf        3 weeks ago         174MB
vmware/harbor-db                                                  v1.3.0-rc4          83b013940805        3 weeks ago         586MB
vmware/photon                                                     1.0                 7b154bf6f104        3 weeks ago         130MB
vmware/clair                                                      v2.0.1-photon       7a633033c5b1        5 weeks ago         365MB
vmware/postgresql                                                 9.6.5-photon        a5c79b0473d9        6 weeks ago         285MB
vmware/registry                                                   2.6.2-photon        c38af846a0da        6 weeks ago         240MB
vmware/mariadb-photon                                             10.2.10             eaaae71dea19        6 weeks ago         586MB
vmware/notary-photon                                              signer-0.5.1        064b309ad822        6 weeks ago         246MB
vmware/notary-photon                                              server-0.5.1        b8cc51024379        6 weeks ago         247MB
vmware/nginx-photon                                               1.11.13             2971c92cc1ae        6 weeks ago         200MB
vmware/harbor-db-migrator                                         1.3                 6cac2b89f086        6 weeks ago         1.11GB
[root@localhost ~]#

1
2
3
4
5
6
7
8
9
[root@localhost ~]# docker ps -a | grep -i vmware
ea6b2d79bd4b    vmware/nginx-photon:1.11.13           "nginx -g 'daemon of…"   About a minute ago   Up About a minute        0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp   nginx
3e1e767e3095    vmware/harbor-jobservice:v1.3.0-rc4   "/harbor/start.sh"       About a minute ago   Up About a minute (healthy)  harbor-jobserviced
08ae8e864d9     vmware/harbor-ui:v1.3.0-rc4           "/harbor/start.sh"       About a minute ago   Up About a minute (healthy)  harbor-ui
e2abd8a9f45d    vmware/harbor-db:v1.3.0-rc4           "/usr/local/bin/dock…"   About a minute ago   Up About a minute (healthy)   3306/tcp    harbor-db
5337d7d2cb0a    vmware/harbor-adminserver:v1.3.0-rc4  "/harbor/start.sh"       About a minute ago   Up About a minute (healthy)   harbor-adminserver
cf85ac001f1f    vmware/registry:2.6.2-photon          "/entrypoint.sh serv…"   About a minute ago   Up About a minute (healthy)   5000/tcp    registry
d6075f9aa12c    vmware/harbor-log:v1.3.0-rc4          "/bin/sh -c /usr/loc…"   About a minute ago   Up About a minute (healthy)   127.0.0.1:1514->10514/tcp  harbor-log
[root@localhost ~]#

登陆时如果报下面错误,则需要修改/etc/docker/daemon.json文件
Error response from daemon: Get https://192.168.1.196/v2/: x509: certificate signed by unknown authority
参考:https://github.com/vmware/harbor/blob/master/docs/user_guide.md#pulling-and-pushing-images-using-docker-client

上传镜像

1
2
3
4
5
6
7
# docker login 192.168.1.196
Username: admin
Password: 
Login Succeeded
#
# docker tag nginx:latest 192.168.1.196/library/nginx:latest
# docker push 192.168.1.196/library/nginx:latest

下载镜像

1
2
3
4
5
# docker rmi 192.168.1.196/library/nginx nginx
# docker pull 192.168.1.196/library/nginx:latest
# docker images | grep -i nginx
192.168.1.196/library/nginx   latest              3f8a4339aadd        2 weeks ago         108MB
#

效果图

访问:https://192.168.1.196 打开vmware Harbor
默认用户名密码:admin / Harbor12345
vmware harbor
vmware harbor
vmware harbor
vmware harbor
vmware harbor
vmware harbor
vmware harbor
vmware harbor

卸载

1
2
3
# pwd
/root/harbor
# docker-compose -f docker-compose.yml down

本作品采用知识共享署名 2.5 中国大陆许可协议进行许可,欢迎转载,但转载请注明来自Jack Wang Blog,并保持转载后文章内容的完整。本人保留所有版权相关权利。
打赏
本文出自”Jack Wang Blog”:http://www.yfshare.vip/2018/01/11/%E8%87%AA%E5%BB%BAdocker%E7%A7%81%E6%9C%89%E4%BB%93%E5%BA%93-Vmware-Harbor/