centos7 下 Harbor 安装

docker 安装: https://zhaosongbin.blog.csdn.net/article/details/90476462
harbor 教程: https://github.com/goharbor/harbor/blob/master/docs/installation_guide.md
git版本harbor 下载: https://github.com/goharbor/harbor/releases
镜像版：http://harbor.orientsoft.cn
harbor yml配置文件参数： https://zhaosongbin.blog.csdn.net/article/details/90486034

优点

1. 提供分层传输机制，优化网络传输
   Docker镜像是是分层的，而如果每次传输都使用全量文件(所以用FTP的方式并不适合)，显然不经济。必须提供识别分层传输的机制，以层的UUID为标识，确定传输的对象。

2. 提供WEB界面，优化用户体验
   只用镜像的名字来进行上传下载显然很不方便，需要有一个用户界面可以支持登陆、搜索功能，包括区分公有、私有镜像。

3. 支持水平扩展集群
   当有用户对镜像的上传下载操作集中在某服务器，需要对相应的访问压力作分解。

4. 良好的安全机制
   企业中的开发团队有很多不同的职位，对于不同的职位人员，分配不同的权限，具有更好的安全性。

5. Harbor提供了基于角色的访问控制机制，并通过项目来对镜像进行组织和访问权限的控制。
   kubernetes中 通过namespace来对资源进行隔离，在企业级应用场景中，通过将两者进行结合可以有效将kubernetes使用的镜像资源进行管理和访问控制，增强镜像使用的安全性。尤其是在多租户场景下，可以通过租户、namespace和项目相结合的方式来实现对多租户镜像资源的管理和访问控制。

下载安装包

打开地址: https://github.com/goharbor/harbor/releases
选择在线或者离线安装包下载

wget https://storage.googleapis.com/harbor-releases/release-1.8.0/harbor-offline-installer-v1.8.0.tgz

解压文件

[root@master harbor]# tar xvf harbor-offline-installer-v1.8.0.tgz 
harbor/harbor.v1.8.0.tar.gz
harbor/prepare
harbor/LICENSE
harbor/install.sh
harbor/harbor.yml

[root@master harbor]# cd harbor
[root@master harbor]# ll
total 543152
-rw-r--r--. 1 root root 556153903 May 16 19:55 harbor.v1.8.0.tar.gz
-rw-r--r--. 1 root root      4839 May 16 19:54 harbor.yml
-rwxr-xr-x. 1 root root      5088 May 16 19:54 install.sh
-rw-r--r--. 1 root root     11347 May 16 19:54 LICENSE
-rwxr-xr-x. 1 root root      1654 May 16 19:54 prepare

配置 harbor.yml

在解压后的harbor目录下修改harbor的配置

[root@master harbor]# vim harbor.yml 

修改hostname

hostname = 192.168.1.1

配置 docker

docker默认使用的是https连接，harbor默认使用http连接，我们需要修改docker配置insecure registry

vim /usr/lib/systemd/system/docker.service

ExecStart=/usr/bin/dockerd --insecure-registry=192.168.1.1

执行脚本

执行harbor的安装脚本

[root@master harbor]# ./install.sh 

[Step 0]: checking installation environment ...

Note: docker version: 18.09.6

Note: docker-compose version: 1.24.0

[Step 1]: loading Harbor images ...
23d9f72a5270: Loading layer [==================================================>]  33.25MB/33.25MB
1d4a1da12c02: Loading layer [==================================================>]  50.51MB/50.51MB
8eb1a006f3b0: Loading layer [==================================================>]  3.584kB/3.584kB
41b6f75847f4: Loading layer [==================================================>]  3.072kB/3.072kB
ec9bd6e4d4e8: Loading layer [==================================================>]   2.56kB/2.56kB
6d852bb664c2: Loading layer [==================================================>]  3.072kB/3.072kB
0e4ed2b5a5b8: Loading layer [==================================================>]  3.584kB/3.584kB
8dfb2b644f30: Loading layer [==================================================>]  12.29kB/12.29kB
......
Loaded image: goharbor/notary-signer-photon:v0.6.1-v1.8.0


[Step 2]: preparing environment ...
prepare base dir is set to /home/harbor/harbor
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
Generated and saved secret to file: /secret/keys/secretkey
Generated certificate, key file: /secret/core/private_key.pem, cert file: /secret/registry/root.crt
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir



[Step 3]: starting Harbor ...
Creating network "harbor_harbor" with the default driver
Creating harbor-log ... done
Creating harbor-db   ... done
Creating redis       ... done
Creating registryctl ... done
Creating registry    ... done
Creating harbor-core ... done
Creating harbor-jobservice ... done
Creating harbor-portal     ... done
Creating nginx             ... done

✔ ----Harbor has been installed and started successfully.----

Now you should be able to visit the admin portal at http://192.168.1.1. 
For more details, please visit https://github.com/goharbor/harbor .

测试

在harbor目录下执行脚本

启动

docker-compose start

停止

docker-compose stop

打开浏览器请求：192.168.1.1

默认用户密码是：admin/Harbor12345