harbor.logo
类型 | 名称 | 版本 | 备注 |
操作系统 | CentOS | 7.6 以上 | |
数据库 | Postgresql | 9.6.10 以上 | 容器部署 |
第三方组件 | Redis | 4.0.10 以上 | 容器部署 |
资源类型 | 最小资源 | 推荐资源 |
CPU | 2 CPU | 4 CPU |
内存 | 4 GB | 8 GB |
硬盘 | 40 GB | 160 GB |
docker version: 17.06.0-ce+
docker-compose version: 1.18.0+
openssl: 最新版本
$ netstat -ntlp | grep 80如果看到有端口被占用,可以考虑换个端口或者退出 kill 已有服务的端口。
安装包分为在线安装包和离线包。
离线包比在线包多了离线镜像
$ tar -xzf harbor-online-installer-v1.10.11.tgz
$ tree harbor
harbor
├── common.sh
├── docker-compose.yml
├── harbor.yml
├── install.sh
├── LICENSE
└── prepare
0 directories, 6 files$ tar -xzf harbor-online-installer-v1.10.11.tgz
$ tree harbor
harbor
├── common.sh
├── docker-compose.yml
├── harbor.v1.10.11.tar.gz
├── harbor.yml
├── install.sh
├── LICENSE
└── prepare
0 directories, 7 files修改文件 harbor.yml,可配置主机地址和初始密码
# Configuration file of Harbor
# harbor服务和registry服务的ip地址或域名
# 不要使用localhost or 127.0.0.1,因为其他客户端不能连接
hostname: hub.harbor.com
# http related config
http:
# port for http, default is 80. If https enabled, this port will redirect to https port
port: 80
# https related config
#https:
# # https port for harbor, default is 443
# port: 443
# # The path of cert and key files for nginx
# certificate: /your/certificate/path
# private_key: /your/private/key/path
# 如果开启proxy, hostname将不再使用
# external_url: https://reg.mydomain.com:8433
# admin账号密码,会在第一次安装生效
harbor_admin_password: Harbor12345
# Harbor DB configuration
database:
# The password for the root user of Harbor DB. Change this before any production use.
password: root123
# The maximum number of connections in the idle connection pool. If it <=0, no idle connections are retained.
max_idle_conns: 50
# The maximum number of open connections to the database. If it <= 0, then there is no limit on the number of open connections.
# Note: the default number of connections is 100 for postgres.
max_open_conns: 100
# The default data volume
data_volume: /data
# 默认使用 /data 本地存储,如果要使用其他存储,请在下面配置
# storage_service:
# # ca_bundle is the path to the custom root ca certificate, which will be injected into the truststore
# # of registry's and chart repository's containers. This is usually needed when the user hosts a internal storage with self signed certificate.
# ca_bundle:
# # storage backend, default is filesystem, options include filesystem, azure, gcs, s3, swift and oss
# # for more info about this configuration please refer https://docs.docker.com/registry/configuration/
# filesystem:
# maxthreads: 100
# # set disable to true when you want to disable registry redirect
# redirect:
# disabled: false
# Clair configuration
clair:
# The interval of clair updaters, the unit is hour, set to 0 to disable the updaters.
updaters_interval: 12
jobservice:
# Maximum number of job workers in job service
max_job_workers: 10
notification:
# Maximum retry count for webhook job
webhook_job_max_retry: 10
chart:
# Change the value of absolute_url to enabled can enable absolute url in chart
absolute_url: disabled
# Log configurations
log:
# options are debug, info, warning, error, fatal
level: debug
# configs for logs in local storage
local:
# Log files are rotated log_rotate_count times before being removed. If count is 0, old versions are removed rather than rotated.
rotate_count: 50
# Log files are rotated only if they grow bigger than log_rotate_size bytes. If size is followed by k, the size is assumed to be in kilobytes.
# If the M is used, the size is in megabytes, and if G is used, the size is in gigabytes. So size 100, size 100k, size 100M and size 100G
# are all valid.
rotate_size: 200M
# The directory on your host that store log
location: /var/log/harbor
# Uncomment following lines to enable external syslog endpoint.
# external_endpoint:
# # protocol used to transmit log to external endpoint, options is tcp or udp
# protocol: tcp
# # The host of external endpoint
# host: localhost
# # Port of external endpoint
# port: 5140
#This attribute is for migrator to detect the version of the .cfg file, DO NOT MODIFY!
_version: 1.10.0
# Uncomment external_database if using external database.
# external_database:
# harbor:
# host: harbor_db_host
# port: harbor_db_port
# db_name: harbor_db_name
# username: harbor_db_username
# password: harbor_db_password
# ssl_mode: disable
# max_idle_conns: 2
# max_open_conns: 0
# clair:
# host: clair_db_host
# port: clair_db_port
# db_name: clair_db_name
# username: clair_db_username
# password: clair_db_password
# ssl_mode: disable
# notary_signer:
# host: notary_signer_db_host
# port: notary_signer_db_port
# db_name: notary_signer_db_name
# username: notary_signer_db_username
# password: notary_signer_db_password
# ssl_mode: disable
# notary_server:
# host: notary_server_db_host
# port: notary_server_db_port
# db_name: notary_server_db_name
# username: notary_server_db_username
# password: notary_server_db_password
# ssl_mode: disable
# Uncomment external_redis if using external Redis server
# external_redis:
# host: redis
# port: 6379
# password:
# # db_index 0 is for core, it's unchangeable
# registry_db_index: 1
# jobservice_db_index: 2
# chartmuseum_db_index: 3
# clair_db_index: 4
proxy:
http_proxy:
https_proxy:
no_proxy:
components:
- core
- jobservice
- clair./install.sh [–with-chartmuseum][–with-clair] [–with-notary]
可选项:
• --with-chartmuseum:带 helm-chart 仓库
• --with-clair:镜像扫描工具(可选)
• --with-notary:镜像扫描工具(可选),需要在 https 环境下使用
此时脚本会将初始化配置并下载或导入镜像
$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
goharbor/prepare v1.10.11 9b9aacc93431 2 hours ago 253MB
goharbor/harbor-portal v1.10.11 02cbd8f75d7a 7 hours ago 53.1MB
goharbor/harbor-core v1.10.11 028ea1e6af4e 8 hours ago 112MB
goharbor/clair-photon v1.10.11 4354e5c3737e 3 weeks ago 168MB
goharbor/harbor-registryctl v1.10.11 dec45d8390ba 3 weeks ago 99.7MB
goharbor/registry-photon v1.10.11 8611db8953e1 3 weeks ago 84.9MB
goharbor/nginx-photon v1.10.11 bc2e668b96cc 3 weeks ago 45MB
goharbor/harbor-log v1.10.11 56dfebf16f5c 3 weeks ago 159MB
goharbor/harbor-jobservice v1.10.11 eb1cba459db5 3 weeks ago 122MB
goharbor/harbor-db v1.10.11 2be587245164 3 weeks ago 223MB
goharbor/redis-photon v1.10.11 06ad6eada710 6 weeks ago 165MB
goharbor/chartmuseum-photon v1.10.11 773df6c5b46e 5 months ago 174MB
goharbor/clair-adapter-photon v1.10.11 2c79c99ead4f 19 months ago 57.9MB查看容器是否已启动
$ docker-compose ps
Name Command State Ports
------------------------------------------------------------------------------------------------------------
chartmuseum ./docker-entrypoint.sh Up (healthy)
harbor-core /harbor/harbor_core Up (healthy)
harbor-db /docker-entrypoint.sh Up (healthy) 0.0.0.0:5432->5432/tcp,:::5432->5432/tcp
harbor-jobservice /harbor/harbor_jobservice ... Up (healthy)
harbor-log /bin/sh -c /usr/local/bin/ ... Up (healthy) 127.0.0.1:1514->10514/tcp
harbor-portal nginx -g daemon off; Up (healthy) 8080/tcp
nginx nginx -g daemon off; Up (healthy) 0.0.0.0:80->8080/tcp,:::80->8080/tcp
redis redis-server /etc/redis.conf Up (healthy) 6379/tcp
registry /home/harbor/entrypoint.sh Up (healthy) 5000/tcp
registryctl /home/harbor/start.sh Up (healthy)在浏览器输入配置信息中的 hostname或者是externalURL(如果配置的话),跳转到登陆页面
默认管理员账号为 admin,密码为Harbor12345(配置文件中的 harbor_admin_password)。
默认 docker 不支持 http 连接,如果使用 http 连接需要如下配置
修改/etc/docker/daemon.json
$ cat /etc/docker/daemon.json
{
"insecure-registries": ["http://hub.harbor.com"]
}修改完成后重新加载配置并重启 docker
$ systemctl daemon-reload
$ systemctl restart dockerdocker 登陆
$ docker login hub.harbor.com –u admin –p Harbor12345之后就可以上传镜像
$ docker push hub.harbor.com/base/apline:latest由于 harbor 底层是通过 registry 存储镜像,可以使用对象存储,支持如下方式
存储类型 | 描述 |
filesystem | 使用本地磁盘存储镜像,驱动文档 |
azure | 使用 Microsoft Azure Blob存储,驱动文档 |
gcs | 使用谷歌云存储,驱动文档 |
s3 | 使用 Amazon Simple Storage Service (S3) 和兼容的存储服务。驱动文档 |
swift | 使用 Openstack Swift对象存储。驱动文档 |
oss | 使用阿里云OSS进行对象存储。驱动文档 |
通过使用 postgresql 集群来达到数据库高可用,参考postgresql 集群方案(https://github.com/sameersbn/docker-postgresql)
容器启动默认配置为集群中的主节点
$ docker run --name postgresql-master -itd --restart always \
-p 5433:5432 \
--env 'DB_USER=registry' \
--env 'DB_PASS=registry' \
--env 'DB_NAME=registry' \
--env 'REPLICATION_USER=repluser' \
--env 'REPLICATION_PASS=repluserpass' \
sameersbn/postgresql:12-20200524创建从节点,设置 REPLICATION_MODE 为 slave,还需要指定 REPLICATION_HOST、REPLICATION_PORT 、REPLICATION_SSLMODE, REPLICATION_USER 和REPLICATION_PASS
$ docker run --name postgresql-slave01 -itd --restart always \
--link postgresql-master:master \
--env 'REPLICATION_MODE=slave' \
--env 'REPLICATION_SSLMODE=prefer' \
--env 'REPLICATION_HOST=master' \
--env 'REPLICATION_PORT=5432' \
--env 'REPLICATION_USER=repluser' \
--env 'REPLICATION_PASS=repluserpass' \
sameersbn/postgresql:12-20200524`关于集群使用:
和设置从节点类似,可以设置主节点的快照 REPLICATION_MODE=snapshot
$ docker run --name postgresql-snapshot -itd --restart always \
--link postgresql-master:master \
--env 'REPLICATION_MODE=snapshot' \
--env 'REPLICATION_SSLMODE=prefer' \
--env 'REPLICATION_HOST=master' \
--env 'REPLICATION_PORT=5432' \
--env 'REPLICATION_USER=repluser' \
--env 'REPLICATION_PASS=repluserpass' \
sameersbn/postgresql:12-20200524slave 和 snapshot 的区别在于 slave 是只读的,只要 master 数据更新就更新,而 snapshot 是读写的,在 master 数据的初始快照后不更新
和设置从节点和备份节点类似,通过指定 REPLICATION_MODE=backup
$ docker run --name postgresql-backup -it --rm \
--link postgresql-master:master \
--env 'REPLICATION_MODE=backup' \
--env 'REPLICATION_SSLMODE=prefer' \
--env 'REPLICATION_HOST=master' \
--env 'REPLICATION_PORT=5432' \
--env 'REPLICATION_USER=repluser' \
--env 'REPLICATION_PASS=repluserpass' \
--volume /srv/docker/backups/postgresql.$(date +%Y%m%d%H%M%S):/var/lib/postgresql \
sameersbn/postgresql:12-20200524生成备份后,容器将退出,主数据的备份将在 /srv/docker/backups/postgresql.$(date +%Y%m%d%H%M%S)。如果需要恢复,重启容器
默认情况下,postgresql 服务器日志会发送到标准输出,可以配置参数使日志发送到文件
$ docker run --name postgresql -itd --restart always \ sameersbn/postgresql:12-20200524 -c logging_collector=on要访问 PostgreSQL 日志,您可以使用docker exec. 例如:
$ docker exec -it postgresql tail -f /var/log/postgresql/postgresql-9.4-main.logversion: "3.4"
services:
lb:
image: dockercloud/haproxy:1.6.7
links:
- postgres-slave
volumes:
- /var/run/docker.sock:/var/run/docker.sock
ports:
- "15432:5432"
postgres-master:
image: sameersbn/postgresql:12-20200524
container_name: postgres-master
restart: always
environment:
- DEBUG=false
- DB_USER=postgres
- DB_PASS=postgres
- DB_NAME=postgres
- REPLICATION_USER=repluser
- REPLICATION_PASS=replpass
- PG_TRUST_LOCALNET=true
- DB_EXTENSION=unaccent,pg_trgm
ports:
- "5432:5432"
volumes:
- /var/lib/postgresql
postgres-slave:
restart: always
image: sameersbn/postgresql:12-20200524
links:
- postgres-master
environment:
- DEBUG=false
- REPLICATION_MODE=slave
- REPLICATION_SSLMODE=prefer
- REPLICATION_HOST=postgres-master
- REPLICATION_PORT=5432
- REPLICATION_USER=repluser
- REPLICATION_PASS=replpass
- PG_TRUST_LOCALNET=true
- DB_EXTENSION=unaccent,pg_trgm
- TCP_PORTS=15432,5432
volumes:
- /var/lib/postgresql
ports:
- "5432"由于没有使用默认的 harbor-db,所以需要创建数据库,参考harbor 新建数据库
使用 initial-registry.sql 创建数据库,如果使用镜像扫描器 notary,需要执行initial-notaryserver.sql 和initial-notarysigner.sql
如下面创建 regsitry 数据库
$ docker exec -it 76abcbcfa8fa bash
root@76abcbcfa8fa:/var/lib/postgresql# psql -U registry
registry-> create database registry;
CREATE DATABASE
registry-> \c registry
You are now connected to database "registry" as user "registry".
registry-> CREATE TABLE schema_migrations(version bigint not null primary key, dirty boolean not null);
registry-> \dt
List of relations
Schema | Name | Type | Owner
--------+-------------------+-------+----------
public | schema_migrations | table | registry
(1 row)在 harbor.yml 的 external_database 配置已经部署好的 postgresql 集群,然后重启。
| 留言与评论(共有 0 条评论) “” |
