需要了解
- 本文章主要讲述在 华为云Flexus X 实例上搭建自己的企业级私有镜像仓库 Harbor,一键部署、搭建高可用安全可靠的容器镜像仓库
- 选择合适的云服务器: 本文采用的是 华为云服务器 Flexus X 实例(推荐使用)
- 连接方式: 本文通过本地shell 方式,通过
弹性IP
远程连接至服务器,进行部署搭建- 操作系统版本: Huawei Cloud EulerOS 2.0
- Docekr版本: Docker v27.1.1
- Docekr-compose版本: Docker Compose v2.29.1
- Harbor版本: harbor v2.7.1
- Docekr搭建可参考文章: 华为FlexusX与Docker+Nginx的高效整合之路
- 服务器购买链接:华为云服务器 Flexus X 实例
- 详细购买配置实例可参考文章: 快速部署华为云Flexus X实例,开启您的云端之旅
- 部署期间所需资料文件都可私信进行获取
Harbor介绍
Harbor是一个开源的企业级Registry服务器,用于管理和存储Docker镜像和OCI容器镜像。作为一个高可用、安全可靠的容器镜像仓库,Harbor提供了丰富的功能和管理工具,以帮助组织有效地构建和管理容器镜像。
Harbor架构及特点
开源与社区支持: Harbor是开源的,这意味着其源代码是公开的,并且社区成员可以自由地贡献代码、修复漏洞和增强功能。
企业级功能: Harbor提供了比Docker官方Registry更丰富的企业级功能,如用户管理、权限控制、镜像签名和验证、漏洞扫描等。
多租户支持: Harbor支持多租户环境,允许不同的用户或组织拥有私有的镜像仓库。
容器化部署: Harbor以容器化的形式提供,这意味着它可以在任何支持Docker的平台上运行。
Flexus X实例上搭建Harbor的好处
高性能与灵活性: Flexus X实例作为华为云推出的下一代柔性算力云服务器,具有卓越的性能表现。通过X-Turbo加速技术和瑶光云脑智能调度,Flexus X实例能够显著提升Harbor的运行效率,确保镜像仓库的稳定性和高效性。
快速部署: Flexus X实例支持快速部署和一键操作,用户可以在短时间内完成Harbor的搭建和配置工作,提高业务上线的速度。
良好兼容性: Flexus X实例支持多种操作系统和镜像类型,包括Huawei Cloud EulerOS 2.0等公共镜像,能够满足Harbor在不同操作系统环境下的运行需求。
系统设置
关闭防火墙和selinux
[root@flexusx-251f ~]# systemctl stop firewalld.service
[root@flexusx-251f ~]# systemctl disable firewalld.service
[root@flexusx-251f ~]# setenforce 0
安装docekr
Docekr搭建可参考文章: 华为FlexusX与Docker+Nginx的高效整合之路
Harbor安装
下载安装包并解压
Harbor安装包下载地址,下载之后可通过远程工具进行传包
[root@flexusx-251f ~]# mkdir harbor
[root@flexusx-251f ~]# cd harbor/
[root@flexusx-251f harbor]# ls
harbor-offline-installer-v2.7.0.tgz[root@flexusx-251f harbor]# tar -zxvf harbor-offline-installer-v2.7.1.tgz
harbor/harbor.v2.7.1.tar.gz
harbor/prepare
harbor/LICENSE
harbor/install.sh
harbor/common.sh
harbor/harbor.yml.tmpl
配置Harbor
修改harbor.yml
[root@flexusx-251f harbor]# ls
harbor harbor-offline-installer-v2.7.1.tgz
[root@flexusx-251f harbor]# cd harbor/
[root@flexusx-251f harbor]# ls
common.sh harbor.v2.7.1.tar.gz harbor.yml.tmpl install.sh LICENSE prepare
[root@flexusx-251f harbor]# cp harbor.yml.tmpl harbor.yml
[root@flexusx-251f harbor]# vim harbor.yml
# 修改主机名为本机ip地址
# Configuration file of Harbor# The IP address or hostname to access admin UI and registry service.
# DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
hostname: 123.249.27.118# 修改端口号为4000,可以自定义
# http related config
http:# port for http, default is 80. If https enabled, this port will redirect to https portport: 4000# 注释https
# https related config
#https:
# # https port for harbor, default is 443
# port: 443
# # The path of cert and key files for nginx
# certificate: /your/certificate/path
# private_key: /your/private/key/path
修改docker.service
[root@flexusx-251f harbor]# vim /lib/systemd/system/docker.service# #在 ExecStart 参数后面添加 --insecure-registry=123.249.27.117:4000
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --insecure-registry=123.249.27.117:4000# 重新启动docker服务
[root@flexusx-251f harbor]# systemctl daemon-reload
[root@flexusx-251f harbor]# systemctl restart docker.service
导入离线镜像
[root@flexusx-251f harbor]# ls
harbor harbor-2.7.1.tar harbor-offline-installer-v2.7.1.tgz
[root@flexusx-251f harbor]# docker load -i harbor-2.7.1.tar[root@flexusx-251f harbor]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
goharbor/harbor-exporter v2.7.1 d40eb452ec72 18 months ago 96.5MB
goharbor/chartmuseum-photon v2.7.1 e6ab349a4f12 18 months ago 227MB
goharbor/redis-photon v2.7.1 229dd1844a26 18 months ago 127MB
goharbor/trivy-adapter-photon v2.7.1 729fab8418df 18 months ago 442MB
goharbor/notary-server-photon v2.7.1 12adb40b7a3b 18 months ago 113MB
goharbor/notary-signer-photon v2.7.1 f114329e0165 18 months ago 110MB
goharbor/harbor-registryctl v2.7.1 9b2219d529c8 18 months ago 140MB
goharbor/registry-photon v2.7.1 9d50b10d3700 18 months ago 78.1MB
goharbor/nginx-photon v2.7.1 e98018335c0d 18 months ago 126MB
goharbor/harbor-log v2.7.1 eeb93d98a358 18 months ago 133MB
goharbor/harbor-jobservice v2.7.1 829d13e6aae7 18 months ago 252MB
goharbor/harbor-core v2.7.1 49d6c8a15d6c 18 months ago 215MB
goharbor/harbor-portal v2.7.1 fe05b1b0bcfd 18 months ago 135MB
goharbor/harbor-db v2.7.1 b3f8d9d6c213 18 months ago 174MB
goharbor/prepare v2.7.1 d9e019294af2 18 months ago 164MB
运行脚本prepare准备镜像
[root@flexusx-251f harbor]# ./prepare
prepare base dir is set to /root/harbor/harbor
WARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. Please make sure to upgrade to https
Generated configuration file: /config/portal/nginx.conf
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/registryctl/config.yml
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
Generated and saved secret to file: /data/secret/keys/secretkey
Successfully called func: create_root_cert
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir
检查脚本命令
我们系统中docker compose的命令为 docker-compose,和脚本中相同
如果不同需要修改common.sh 和 install.sh中的 docker-compose
# 检查 common.sh
[root@flexusx-251f harbor]# vim common.sh
119 elif [[ $(docker-compose --version) =~ (([0-9]+)\.([ 0-9]+)([\.0-9]*)) ]]# 检查 install.sh
[root@flexusx-251f harbor]# vim install.sh 26 DOCKER_COMPOSE=docker-compose
安装Harbor
[root@flexusx-251f harbor]# ./install.sh# 部分日志流记录
[Step 0]: checking if docker is installed ...Note: docker version: 27.1.1[Step 1]: checking docker-compose is installed ...Note: Docker Compose version v2.29.1[Step 2]: loading Harbor images ...
.....................it will be ignored, please remove it to avoid potential confusion
[+] Running 10/10✔ Network harbor_harbor Created 0.0s✔ Container harbor-log Started 0.3s✔ Container harbor-portal Started 0.4s✔ Container harbor-db Started 0.4s✔ Container registryctl Started 0.5s✔ Container redis Started 0.5s✔ Container registry Started 0.4s✔ Container harbor-core Started 0.6s✔ Container nginx Started 0.7s✔ Container harbor-jobservice Started 0.7s
✔ ----Harbor has been installed and started successfully.----
登录Harbor
在控制台配置安全组规则,放行 4000 端口
默认管理员账号
admin
,密码为harbor.yml
文件中的自定义密码登录访问 :
http://主机地址:4000
测试
创建项目
访问级别设置为
公开
,可以进行匿名拉取,存储容量默认-1
表示大小没有限制
推送镜像
进入项目后,在右上角
推送命令
中可查看操作语句,注意推送镜像之前需要身份认证
# 标记镜像
[root@flexusx-251f harbor]# docker tag mysql:latest 123.249.27.118:4000/mycloud/mysql:latest[root@flexusx-251f harbor]# docker images | grep mysql
mysql 5.7 87eca374c0ed 3 years ago 447MB
123.249.27.118:4000/mycloud/mysql latest 8457e9155715 3 years ago 546MB
mysql latest 8457e9155715 3 years ago 546MB# 登录仓库(身份验证)
[root@flexusx-251f harbor]# docker login 123.249.27.118:4000
Username: admin
Password:
Error response from daemon: Get "https://123.249.27.118:4000/v2/": http: server gave HTTP response to HTTPS client
报错处理,修改客户端/etc/docker/daemon.json,增加 insecure-registries 内容
[root@flexusx-251f harbor]# vim /etc/docker/daemon.json
[root@flexusx-251f harbor]# cat /etc/docker/daemon.json
{"registry-mirrors": [ "https://2a6bf1988cb6428c877f723ec7530dbc.mirror.swr.myhuaweicloud.com" ],"insecure-registries": [ "123.249.27.118:4000" ]
}[root@flexusx-251f harbor]# systemctl daemon-reload
[root@flexusx-251f harbor]# systemctl restart docker.service[root@flexusx-251f harbor]# docker login 123.249.27.118:4000
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-storeLogin Succeeded# 推送镜像(可在web页面进行查看)
[root@flexusx-251f harbor]# docker push 123.249.27.118:4000/mycloud/mysql:latest# 拉取镜像
docker pull 123.249.27.118:4000/mycloud/mysql:latest
搭建完成,此刻你就拥有了属于自己的私有镜像仓库