previously on
My system environment is: CentOS Linux release 7.7.1908 (Core)
Before installing Harbor, you need to install Docker and Docker compose (the installation of these two items will not be described in detail)
Harbor introduction
Harbor is an open-source project, which is used to store and distribute Docker images. It extends Docker Distribution provides a simple Web UI interface, role user management, access control, log query, support for copying images between registries, security vulnerability scanning, etc.; in short, harbor is a harbor and a bay, while Docker container is a container, and the container is stored in the port terminal.
His current Release address on GitHub: https://github.com/goharbor/harbor/releases
I downloaded the offline installation package. You can either wget or thunderbolt.
Download address: https://github.com/goharbor/harbor/releases/download/v1.10.1/harbor-offline-installer-v1.10.1.tgz
Installation start
- Download the installation package
[listlessp@VM_0_6_centos ~]$ ll total 658284 -rw-rw-r-- 1 listlessp listlessp 674078519 Mar 8 13:42 harbor-offline-installer-v1.10.1.tgz
- Extract & move directory
[listlessp@VM_0_6_centos ~]$ tar -zxvf harbor-offline-installer-v1.10.1.tgz harbor/harbor.v1.10.1.tar.gz harbor/prepare harbor/LICENSE harbor/install.sh harbor/common.sh harbor/harbor.yml [listlessp@VM_0_6_centos ~]$ ll total 658288 drwxrwxr-x 2 listlessp listlessp 4096 Mar 8 15:44 harbor -rw-rw-r-- 1 listlessp listlessp 674078519 Mar 8 13:42 harbor-offline-installer-v1.10.1.tgz
From here on, I operate with root
[root@VM_0_6_centos listlessp]# mv harbor /usr/local/ [root@VM_0_6_centos listlessp]# cd /usr/local/ [root@VM_0_6_centos local]# ll total 56 drwxr-xr-x. 2 root root 4096 Mar 7 12:08 bin drwxr-xr-x. 2 root root 4096 Apr 11 2018 etc drwxr-xr-x. 2 root root 4096 Apr 11 2018 games drwxr-xr-x 2 root root 4096 Mar 8 13:45 harbor
-
Generate certificates
If you have a domain name, you should have a certificate file. If you don't have a domain name or a local machine, you can generate a certificate through openssl.
Create certificate directory
mkdir -p /data/cert && cd /data/certGenerate CA private key
openssl genrsa -out ca.key 2048Using CA private key to generate CA certificate
openssl req -x509 -new -nodes -key ca.key -days 3650 -out ca.crt -subj "/CN=harbor-ca"Generate server-side private key and csr signature request file
openssl req -newkey rsa:4096 -nodes -sha256 -keyout server.key -out server.csr
Generate server.crt for server signing certificate
[root@VM_0_6_centos cert]# echo subjectAltName = IP:172.17.0.6 > extfile.cnf [root@VM_0_6_centos cert]# ll total 20 -rw-r--r-- 1 root root 1094 Mar 8 13:58 ca.crt -rw-r--r-- 1 root root 1675 Mar 8 13:58 ca.key -rw-r--r-- 1 root root 31 Mar 8 14:07 extfile.cnf -rw-r--r-- 1 root root 1691 Mar 8 14:05 server.csr -rw-r--r-- 1 root root 3272 Mar 8 14:05 server.key [root@VM_0_6_centos cert]# openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -days 3650 -extfile extfile.cnf -out server.crt Signature ok subject=/C=CN/ST=HuNan/L=ChangSha/O=Listlessp/emailAddress=mctavi@qq.com Getting CA Private Key [root@VM_0_6_centos cert]# ll total 28 -rw-r--r-- 1 root root 1094 Mar 8 13:58 ca.crt -rw-r--r-- 1 root root 1675 Mar 8 13:58 ca.key -rw-r--r-- 1 root root 17 Mar 8 14:07 ca.srl -rw-r--r-- 1 root root 31 Mar 8 14:07 extfile.cnf -rw-r--r-- 1 root root 1464 Mar 8 14:07 server.crt -rw-r--r-- 1 root root 1691 Mar 8 14:05 server.csr -rw-r--r-- 1 root root 3272 Mar 8 14:05 server.key
- Edit Harbor profile
Remember to enter the harbor directory first: cd /usr/local/harbor/
[root@VM_0_6_centos harbor]# vim harbor.yml # Configuration file of Harbor # The IP address or hostname to access admin UI and registry service. # DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients hostname: dockerhub.listlessp.com # http related config http: # port for http, default is 80. If https enabled, this port will redirect to https port port: 80 # https related config enable Https https: # https port for harbor, default is 443 port: 443 # The path of cert and key files for nginx certificate file certificate key certificate: /data/cert/server.crt private_key: /data/cert/server.key # Uncomment external_url if you want to enable external proxy # And when it enabled the hostname will no longer used # external_url: https://reg.mydomain.com:8433 # The initial password of Harbor admin # It only works in first time to install harbor # Remember Change the admin password from UI after launching Harbor harbor_admin_password: easy123456 # Harbor DB configuration database: # The password for the root user of Harbor DB. Change this before any production use password: tooeasy123 # The maximum number of connections in the idle connection pool. If it <=0, no idle connections are retained. max_idle_conns: 50 # The maximum number of open connections to the database. If it <= 0, then there is no limit on the number of open connections. # Note: the default number of connections is 100 for postgres. max_open_conns: 100 # The default data volume data storage path data_volume: /data/harbor
- Execute installation script
[root@VM_0_6_centos harbor]# ./install.sh [Step 0]: checking if docker is installed ... Note: docker version: 19.03.7 [Step 1]: checking docker-compose is installed ... Note: docker-compose version: 1.25.4 [Step 2]: loading Harbor images ... 47a4bb1cfbc7: Loading layer [==================================================>] 34.26MB/34.26MB c2d9cf7a4eaf: Loading layer [==================================================>] 9.056MB/9.056MB 32b7eca4f03e: Loading layer [==================================================>] 9.71MB/9.71MB 5d104292391f: Loading layer [==================================================>] 9.71MB/9.71MB Loaded image: goharbor/clair-adapter-photon:v1.0.1-v1.10.1 0039915754c6: Loading layer [==================================================>] 12.83MB/12.83MB 0a4ba5bc8bc2: Loading layer [==================================================>] 49.37MB/49.37MB Loaded image: goharbor/harbor-jobservice:v1.10.1 db95a8bece9e: Loading layer [==================================================>] 78.32MB/78.32MB f9aa9f9a3393: Loading layer [==================================================>] 3.072kB/3.072kB f0baa86a6ccd: Loading layer [==================================================>] 59.9kB/59.9kB 2b8f0a44b78f: Loading layer [==================================================>] 61.95kB/61.95kB Loaded image: goharbor/redis-photon:v1.10.1 a9f6374f6301: Loading layer [==================================================>] 9.05MB/9.05MB b3c39a738965: Loading layer [==================================================>] 6.239MB/6.239MB dce1aa68054e: Loading layer [==================================================>] 16.04MB/16.04MB 612aac9b538e: Loading layer [==================================================>] 28.24MB/28.24MB 8612386fb841: Loading layer [==================================================>] 22.02kB/22.02kB 53883649d694: Loading layer [==================================================>] 50.52MB/50.52MB Loaded image: goharbor/notary-server-photon:v0.6.1-v1.10.1 f3967aa0de5f: Loading layer [==================================================>] 115.8MB/115.8MB 42fd590be962: Loading layer [==================================================>] 12.14MB/12.14MB 096b03f3e32b: Loading layer [==================================================>] 3.072kB/3.072kB aa66bf3b8224: Loading layer [==================================================>] 49.15kB/49.15kB 8e76391190c9: Loading layer [==================================================>] 3.584kB/3.584kB 131573c722d5: Loading layer [==================================================>] 13.02MB/13.02MB Loaded image: goharbor/clair-photon:v2.1.1-v1.10.1 69e43242ff64: Loading layer [==================================================>] 50.39MB/50.39MB 5a3a8e835993: Loading layer [==================================================>] 3.584kB/3.584kB 4dff480c159c: Loading layer [==================================================>] 3.072kB/3.072kB 2be454a39481: Loading layer [==================================================>] 2.56kB/2.56kB d6b4877d5c4e: Loading layer [==================================================>] 3.072kB/3.072kB 609537197cce: Loading layer [==================================================>] 3.584kB/3.584kB b52d06cad304: Loading layer [==================================================>] 12.29kB/12.29kB Loaded image: goharbor/harbor-log:v1.10.1 badcf9296df7: Loading layer [==================================================>] 9.056MB/9.056MB 8b17ed0102b2: Loading layer [==================================================>] 3.584kB/3.584kB 4d1cd50b8d4f: Loading layer [==================================================>] 3.072kB/3.072kB 491c41e50d6a: Loading layer [==================================================>] 21.76MB/21.76MB 0101dc4148c7: Loading layer [==================================================>] 22.59MB/22.59MB Loaded image: goharbor/registry-photon:v2.7.1-patch-2819-2553-v1.10.1 77965b8f534b: Loading layer [==================================================>] 14.61MB/14.61MB 940bf05c9601: Loading layer [==================================================>] 28.24MB/28.24MB 7ca206eb72e3: Loading layer [==================================================>] 22.02kB/22.02kB 9898774a5bad: Loading layer [==================================================>] 49.09MB/49.09MB Loaded image: goharbor/notary-signer-photon:v0.6.1-v1.10.1 86340c56281e: Loading layer [==================================================>] 9.055MB/9.055MB 8ac45c34690f: Loading layer [==================================================>] 42.31MB/42.31MB 4aa70453f992: Loading layer [==================================================>] 3.072kB/3.072kB 6cbc6ab111b2: Loading layer [==================================================>] 3.584kB/3.584kB d6d7b70c18b5: Loading layer [==================================================>] 43.14MB/43.14MB Loaded image: goharbor/chartmuseum-photon:v0.9.0-v1.10.1 07efa003923d: Loading layer [==================================================>] 9.056MB/9.056MB 96dd65c291de: Loading layer [==================================================>] 3.584kB/3.584kB 802a1397679e: Loading layer [==================================================>] 21.76MB/21.76MB 92c283f6895a: Loading layer [==================================================>] 3.072kB/3.072kB 8b61b91240a6: Loading layer [==================================================>] 8.662MB/8.662MB 1fd753477b6f: Loading layer [==================================================>] 31.24MB/31.24MB Loaded image: goharbor/harbor-registryctl:v1.10.1 48cda078e98d: Loading layer [==================================================>] 10.89MB/10.89MB Loaded image: goharbor/nginx-photon:v1.10.1 2c00d9af2c3f: Loading layer [==================================================>] 34.31MB/34.31MB 0e4ae15c3d4e: Loading layer [==================================================>] 339.9MB/339.9MB 27810c9ff1a9: Loading layer [==================================================>] 135.2kB/135.2kB Loaded image: goharbor/harbor-migrator:v1.10.1 93e0577272a9: Loading layer [==================================================>] 34.24MB/34.24MB fb3507ff707e: Loading layer [==================================================>] 117.4MB/117.4MB f59c6315bf8a: Loading layer [==================================================>] 42.32MB/42.32MB 5c5501748347: Loading layer [==================================================>] 2.56kB/2.56kB 3710d94e58dd: Loading layer [==================================================>] 1.536kB/1.536kB 06e0f1585c01: Loading layer [==================================================>] 166.4kB/166.4kB bf5ac9b9c61c: Loading layer [==================================================>] 3.01MB/3.01MB Loaded image: goharbor/prepare:v1.10.1 9ea2dad46741: Loading layer [==================================================>] 10.89MB/10.89MB b280b9e7ca3b: Loading layer [==================================================>] 7.696MB/7.696MB a1ce7c1130ee: Loading layer [==================================================>] 223.2kB/223.2kB 3b0492a7358b: Loading layer [==================================================>] 195.1kB/195.1kB c64d6e6c80dd: Loading layer [==================================================>] 15.36kB/15.36kB ace4e9064f06: Loading layer [==================================================>] 3.584kB/3.584kB Loaded image: goharbor/harbor-portal:v1.10.1 b74d8257d4e7: Loading layer [==================================================>] 12.83MB/12.83MB 92f141040819: Loading layer [==================================================>] 42.5MB/42.5MB 33c99383fac5: Loading layer [==================================================>] 5.632kB/5.632kB 2bacc160d10f: Loading layer [==================================================>] 40.45kB/40.45kB f51bed904fbe: Loading layer [==================================================>] 42.5MB/42.5MB Loaded image: goharbor/harbor-core:v1.10.1 a2ffdaaa3434: Loading layer [==================================================>] 63.56MB/63.56MB 5745ac9e0297: Loading layer [==================================================>] 54.44MB/54.44MB dc1d24cbb1d5: Loading layer [==================================================>] 5.632kB/5.632kB 4280f2f98340: Loading layer [==================================================>] 2.048kB/2.048kB 0f9279b20eec: Loading layer [==================================================>] 2.56kB/2.56kB 8b9162d25131: Loading layer [==================================================>] 2.56kB/2.56kB 50ad7481e5af: Loading layer [==================================================>] 2.56kB/2.56kB 54b809bfb5ec: Loading layer [==================================================>] 10.24kB/10.24kB Loaded image: goharbor/harbor-db:v1.10.1 [Step 3]: preparing environment ... [Step 4]: preparing harbor configs ... prepare base dir is set to /usr/local/harbor Generated configuration file: /config/log/logrotate.conf Generated configuration file: /config/log/rsyslog_docker.conf Generated configuration file: /config/nginx/nginx.conf Generated configuration file: /config/core/env Generated configuration file: /config/core/app.conf Generated configuration file: /config/registry/config.yml Generated configuration file: /config/registryctl/env Generated configuration file: /config/db/env Generated configuration file: /config/jobservice/env Generated configuration file: /config/jobservice/config.yml Generated and saved secret to file: /secret/keys/secretkey Generated certificate, key file: /secret/core/private_key.pem, cert file: /secret/registry/root.crt Generated configuration file: /compose_location/docker-compose.yml Clean up the input dir [Step 5]: starting Harbor ... Creating network "harbor_harbor" with the default driver Creating harbor-log ... done Creating redis ... Creating registry ... error Creating registryctl ... Creating redis ... done Creating harbor-portal ... Creating registryctl ... done Creating harbor-db ... done Creating harbor-portal ... done ERROR: for registry Cannot create container for service registry: Conflict. The container name "/registry" is already in use by container "6d0674c0277587e405dc9c9b051d503e3c574439d19abe36c66a82e6ea7d78da". You have to remove (or rename) that container to be able to reuse that name. ERROR: Encountered errors while bringing up the project.
The above ERROR is because I have used the registry image to build a private server, and the container name is also called registry, which is also used by harbor, so there is a conflict. The above ERROR information has been written clearly, so I delete the container named by my own registry, and then run the installation script again.
[root@VM_0_6_centos harbor]# ./install.sh [Step 0]: checking if docker is installed ... Note: docker version: 19.03.7 [Step 1]: checking docker-compose is installed ... Note: docker-compose version: 1.25.4 [Step 2]: loading Harbor images ... Loaded image: goharbor/clair-adapter-photon:v1.0.1-v1.10.1 Loaded image: goharbor/harbor-jobservice:v1.10.1 Loaded image: goharbor/redis-photon:v1.10.1 Loaded image: goharbor/notary-server-photon:v0.6.1-v1.10.1 Loaded image: goharbor/clair-photon:v2.1.1-v1.10.1 Loaded image: goharbor/harbor-log:v1.10.1 Loaded image: goharbor/registry-photon:v2.7.1-patch-2819-2553-v1.10.1 Loaded image: goharbor/notary-signer-photon:v0.6.1-v1.10.1 Loaded image: goharbor/chartmuseum-photon:v0.9.0-v1.10.1 Loaded image: goharbor/harbor-registryctl:v1.10.1 Loaded image: goharbor/nginx-photon:v1.10.1 Loaded image: goharbor/harbor-migrator:v1.10.1 Loaded image: goharbor/prepare:v1.10.1 Loaded image: goharbor/harbor-portal:v1.10.1 Loaded image: goharbor/harbor-core:v1.10.1 Loaded image: goharbor/harbor-db:v1.10.1 [Step 3]: preparing environment ... [Step 4]: preparing harbor configs ... prepare base dir is set to /usr/local/harbor Clearing the configuration file: /config/registryctl/config.yml Clearing the configuration file: /config/registryctl/env Clearing the configuration file: /config/db/env Clearing the configuration file: /config/registry/config.yml Clearing the configuration file: /config/core/app.conf Clearing the configuration file: /config/core/env Clearing the configuration file: /config/log/rsyslog_docker.conf Clearing the configuration file: /config/log/logrotate.conf Clearing the configuration file: /config/nginx/nginx.conf Clearing the configuration file: /config/jobservice/config.yml Clearing the configuration file: /config/jobservice/env Generated configuration file: /config/log/logrotate.conf Generated configuration file: /config/log/rsyslog_docker.conf Generated configuration file: /config/nginx/nginx.conf Generated configuration file: /config/core/env Generated configuration file: /config/core/app.conf Generated configuration file: /config/registry/config.yml Generated configuration file: /config/registryctl/env Generated configuration file: /config/db/env Generated configuration file: /config/jobservice/env Generated configuration file: /config/jobservice/config.yml loaded secret from file: /secret/keys/secretkey Generated configuration file: /compose_location/docker-compose.yml Clean up the input dir [Step 5]: starting Harbor ... Creating network "harbor_harbor" with the default driver Creating harbor-log ... done Creating harbor-portal ... done Creating redis ... done Creating harbor-db ... done Creating registryctl ... done Creating registry ... done Creating harbor-core ... done Creating nginx ... done Creating harbor-jobservice ... done ✔ ----Harbor has been installed and started successfully.----
- Management command of Harbor service
Enter the harbor directory first: cd /usr/local/harbor/
View service running status: docker compose PS
[root@VM_0_6_centos harbor]# docker-compose ps Name Command State Ports ------------------------------------------------------------------------------------------------------------------------ harbor-core /harbor/harbor_core Up (health: starting) harbor-db /docker-entrypoint.sh Up (health: starting) 5432/tcp harbor-jobservice /harbor/harbor_jobservice ... Up (health: starting) harbor-log /bin/sh -c /usr/local/bin/ ... Up (health: starting) 127.0.0.1:1514->10514/tcp harbor-portal nginx -g daemon off; Up (health: starting) 8080/tcp nginx nginx -g daemon off; Up (health: starting) 0.0.0.0:80->8080/tcp, 0.0.0.0:443->8443/tcp redis redis-server /etc/redis.conf Up (health: starting) 6379/tcp registry /home/harbor/entrypoint.sh Up (health: starting) 5000/tcp registryctl /home/harbor/start.sh Up (health: starting
Shutdown service: docker compose down
[root@VM_0_6_centos harbor]# docker-compose down Stopping harbor-jobservice ... done Stopping nginx ... done Stopping harbor-core ... done Stopping registry ... done Stopping harbor-db ... done Stopping redis ... done Stopping registryctl ... done Stopping harbor-portal ... done Stopping harbor-log ... done Removing harbor-jobservice ... done Removing nginx ... done Removing harbor-core ... done Removing registry ... done Removing harbor-db ... done Removing redis ... done Removing registryctl ... done Removing harbor-portal ... done Removing harbor-log ... done Removing network harbor_harbor
Start service: docker compose up - D
[root@VM_0_6_centos harbor]# docker-compose up -d Creating network "harbor_harbor" with the default driver Creating harbor-log ... done Creating registry ... done Creating redis ... done Creating harbor-portal ... done Creating registryctl ... done Creating harbor-db ... done Creating harbor-core ... done Creating nginx ... done Creating harbor-jobservice ... done
Login Harbor
Enter your address, for example: dockerhub.listlessp.com; the first login is to use the administrator account admin, and the password is the value of harbor_admin_password configured in the yml file just now.
Create a new user as shown in the following three steps:
Create a private warehouse project
After entering the warehouse, click the image warehouse. There is the "push image docker command" button in the upper right corner of the list. Click to expand the command example.
Local test private warehouse
If you use the self signed certificate generated above, you need to set up an insecure warehouse in the local docker and restart the docker service
Log in to private warehouse
C:\Users\listlessp>docker login dockerhub.listlessp.com -u kobe -p Kb123456 WARNING! Using --password via the CLI is insecure. Use --password-stdin. Login Succeeded
Mark a local image and put it into the private warehouse (I am in the tag latest version, so the image is not followed by the version number)
C:\Users\listlessp>docker tag nginx dockerhub.listlessp.com/lakers/nginx C:\Users\listlessp>docker images REPOSITORY TAG IMAGE ID CREATED SIZE testvue 1 f91812c2a92d 21 hours ago 146MB nginx latest 6678c7c2e56c 3 days ago 127MB dockerhub.listlessp.com/lakers/nginx latest 6678c7c2e56c 3 days ago 127MB redis latest 7eed8df88d3b 10 days ago 98.2MB dockerhub.listlessp.com/library/redis latest 7eed8df88d3b 10 days ago 98.2MB nginx 1.16 8c5ec390a315 10 days ago 127MB mysql latest c8ad2be69a22 10 days ago 465MB mongo latest bcef5fd2979d 2 weeks ago 386MB centos 7 5e35e350aded 3 months ago 203MB centos 6 d0957ffdf8a2 11 months ago 194MB
Upload the image to the private warehouse (remember to perform the above login before uploading)
C:\Users\listlessp>docker push dockerhub.listlessp.com/lakers/nginx The push refers to repository [dockerhub.listlessp.com/lakers/nginx] 55a77731ed26: Pushed 71f2244bc14d: Pushed f2cb0ecef392: Mounted from library/redis latest: digest: sha256:3936fb3946790d711a68c58be93628e43cbca72439079e16d154b5db216b58da size: 948
Pull image on private warehouse
docker pull dockerhub.listlessp.com/lakers/nginx
Pull the image on the private warehouse after the test exits
C:\Users\listlessp>docker logout dockerhub.listlessp.com Removing login credentials for dockerhub.listlessp.com C:\Users\listlessp>docker images REPOSITORY TAG IMAGE ID CREATED SIZE testvue 1 f91812c2a92d 24 hours ago 146MB nginx latest 6678c7c2e56c 3 days ago 127MB dockerhub.listlessp.com/lakers/nginx latest 6678c7c2e56c 3 days ago 127MB redis latest 7eed8df88d3b 10 days ago 98.2MB dockerhub.listlessp.com/library/redis latest 7eed8df88d3b 10 days ago 98.2MB nginx 1.16 8c5ec390a315 10 days ago 127MB mysql latest c8ad2be69a22 10 days ago 465MB mongo latest bcef5fd2979d 2 weeks ago 386MB centos 7 5e35e350aded 3 months ago 203MB centos 6 d0957ffdf8a2 11 months ago 194MB C:\Users\listlessp>docker rmi dockerhub.listlessp.com/lakers/nginx Untagged: dockerhub.listlessp.com/lakers/nginx:latest Untagged: dockerhub.listlessp.com/lakers/nginx@sha256:3936fb3946790d711a68c58be93628e43cbca72439079e16d154b5db216b58da C:\Users\listlessp>docker rmi dockerhub.listlessp.com/library/redis Untagged: dockerhub.listlessp.com/library/redis:latest Untagged: dockerhub.listlessp.com/library/redis@sha256:ee1d00c5250b5a886b09be2d5f9506add35dfb557f1ef37a7e4b8f0138f32956 C:\Users\listlessp>docker images REPOSITORY TAG IMAGE ID CREATED SIZE testvue 1 f91812c2a92d 24 hours ago 146MB nginx latest 6678c7c2e56c 3 days ago 127MB redis latest 7eed8df88d3b 10 days ago 98.2MB nginx 1.16 8c5ec390a315 10 days ago 127MB mysql latest c8ad2be69a22 10 days ago 465MB mongo latest bcef5fd2979d 2 weeks ago 386MB centos 7 5e35e350aded 3 months ago 203MB centos 6 d0957ffdf8a2 11 months ago 194MB C:\Users\listlessp> C:\Users\listlessp>docker pull dockerhub.listlessp.com/lakers/nginx Using default tag: latest Error response from daemon: pull access denied for dockerhub.listlessp.com/lakers/nginx, repository does not exist or may require 'docker login': denied: requested access to the resource is denied
You can see that the Error information indicates that you need to log in to pull the image of the private warehouse