安裝harbour鏡像倉庫

安裝harbour鏡像倉庫

官網安裝說明：https://github.com/vmware/harbor/blob/master/docs/installation_guide.md

安裝軟硬件要求

Hardware

Resource	Capacity	Description
CPU	minimal 2 CPU	4 CPU is prefered
Mem	minimal 4GB	8GB is prefered
Disk	minimal 40GB	160GB is prefered

Software

Software	Version	Description
Python	version 2.7 or higher	Note that you may have to install Python on Linux distributions (Gentoo, Arch) that do not come with a Python interpreter installed by default
Docker engine	version 1.10 or higher	For installation instructions, please refer to: https://docs.docker.com/engine/installation/
Docker Compose	version 1.6.0 or higher	For installation instructions, please refer to: https://docs.docker.com/compose/install/
Openssl	latest is prefered	Generate certificate and keys for Harbor

Network ports

Port	Protocol	Description
443	HTTPS	Harbor UI and API will accept requests on this port for https protocol
4443	HTTS	Connections to the Docker Content Trust service for Harbor, only needed when Notary is enabled
80	HTTP	Harbor UI and API will accept requests on this port for http protocol

下載安裝包

到https://github.com/vmware/harbor/releases下載安裝包，分離線和在線。服務器wget進行下載。 Online installer:

    $ tar xvf harbor-online-installer-<version>.tgz

Offline installer:

    $ tar xvf harbor-offline-installer-<version>.tgz

修改harbour.cfg

修改host

hostname = 192.168.11.237 若修改了80端口，端位爲8880，需要修改成

hostname = 192.168.11.237:8880

如果使用了HTTPS，需要進行修改8843爲https端口已經修改過

hostname = 192.168.11.237:8843

修改DB設置可不修改

Harbor DB configuration section
#The address of the Harbor database. Only need to change when using external db.
db_host = 192.168.11.237
#The password for the root user of Harbor DB. Change this before any production use.
db_password = root

若重新修改參數需要如下執行

sudo docker-compose down -v
vim harbor.cfg
sudo ./prepare
sudo docker-compose up -d

若harbour只啓用了HTTP，但是默認docker是使用HTTPS進行通信的需要做如下配置

/etc/docker/daemon.json
{
    "exec-opts": ["native.cgroupdriver=systemd"],
    "log-driver": "json-file",
    "insecure-registries": ["192.168.11.237:8880"],
    "log-opts": {
      "max-size": "10m"
    }
}

重啓docker

systemctl daemon-reload
systemctl restart docker.service

執行安裝

如果要啓用HTTPS，要先啓用HTTPS

./install.sh

啓用HTTPS

官網說明：https://github.com/vmware/harbor/blob/master/docs/configure_https.md

創建目錄

mkdir hctp_https
mkdir -p /root/cert/

生成證書

  openssl req \
    -newkey rsa:4096 -nodes -sha256 -keyout ca.key \
    -x509 -days 365 -out ca.crt

生成證書籤名請求

  openssl req \
    -newkey rsa:4096 -nodes -sha256 -keyout yourdomain.com.key \
    -out yourdomain.com.csr

本例直接使用

openssl req \
    -newkey rsa:4096 -nodes -sha256 -keyout bjy.key \
    -out bjy.csr

給自己HOST生成證書

如果是域名，直接使用

  openssl x509 -req -days 365 -in yourdomain.com.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out yourdomain.com.crt

若如果只是IP+端口方式，需要增加如下

  echo subjectAltName = IP:192.168.11.237 > extfile.cnf

  openssl x509 -req -days 365 -in bjy.csr -CA ca.crt -CAkey ca.key -CAcreateserial -extfile extfile.cnf -out bjy.crt

證書放到root/cert目錄下

  cp bjy.crt /root/cert/
  cp bjy.key /root/cert/ 

修改harbor.cfg

#The path of cert and key files for nginx, they are applied only the protocol is set to https
ssl_cert = /root/cert/bjy.crt
ssl_cert_key = /root/cert/bjy.key

將證書拷貝到docker目錄下

  mkdir -p /etc/docker/certs.d/192.168.11.237:8843

  cp /root/harbor_https/ca.crt /etc/docker/certs.d/192.168.11.237:8843/ca.crt
  
  其他環境可如下方式
  rsync -a --rsync-path="mkdir -p /etc/docker/certs.d/192.168.11.237:8843/ && rsync" /root/harbor_https/ca.crt [email protected]:/etc/docker/certs.d/192.168.11.237:8843/ca.crt

重新啓動

docker-compose down  
./prepare
docker-compose up -d

修改端口

官網非常明細 https://github.com/vmware/harbor/blob/master/docs/installation_guide.md

HTTP方式

1. 80修改爲8888

proxy:
    image: library/nginx:1.11.5
    restart: always
    volumes:
      - ./config/nginx:/etc/nginx
    ports:
      - 8888:80
      - 443:443
    depends_on:
      - mysql
      - registry
      - ui
      - log
    logging:
      driver: "syslog"
      options:  
        syslog-address: "tcp://127.0.0.1:1514"
        tag: "proxy"

1. 修改harbor.cfg

hostname = 192.168.0.2:8888

HTTPS

1. 修改端口爲8888

proxy:
    image: library/nginx:1.11.5
    restart: always
    volumes:
      - ./config/nginx:/etc/nginx
    ports:
      - 80:80
      - 8888:443
    depends_on:
      - mysql
      - registry
      - ui
      - log
    logging:
      driver: "syslog"
      options:  
        syslog-address: "tcp://127.0.0.1:1514"
        tag: "proxy"

1. 修改harbor.cfg

hostname = 192.168.0.2:8888
#The protocol for accessing the UI and token/notification service, by default it is http.
#It can be set to https if ssl is enabled on nginx.
ui_url_protocol = https

harbour日誌

tail -f  /var/log/harbor/adminserver.log