Centos7安装docker仓库Harbor

本文涉及的产品
RDS MySQL Serverless 基础系列,0.5-2RCU 50GB
云数据库 RDS MySQL,高可用系列 2核4GB
RDS MySQL Serverless 高可用系列,价值2615元额度,1个月
简介: Centos7安装docker仓库Harbor


1.安装docker
//安装常用组件包

yum install -y yum-utils  device-mapper-persistent-data  lvm2

//配置docker的yum源

yum-config-manager  --add-repo  https://download.docker.com/linux/centos/docker-ce.repo
//安装Docker
yum install docker-ce
systemctl enable docker  
//启动Docker
systemctl start docker

 

2.安装 docker-compose
yum -y install epel-release    安装python pip依赖
vi /etc/yum.repos.d/epel.repo    修改依赖repo,使用base的地址
yum -y install python-pip    安装python pip
pip install docker-compose    安装docker-compose
 docker-compose --version

3.安装Harbor
(1)下载离线版
https://storage.googleapis.com/harbor-releases/release-1.4.0/harbor-offline-installer-v1.4.0.tgz

(2)上传并解压
                tar  -zxvf harbor-offline-installer-v1.4.0.tgz
 

(3)  修改docker-compose.yml

  version: '2'
services:
  log:
    image: vmware/harbor-log:v1.4.0
    container_name: harbor-log 
    restart: always
    volumes:
      - /var/log/harbor/:/var/log/docker/:z
      - ./common/config/log/:/etc/logrotate.d/:z
    ports:
      - 127.0.0.1:1514:10514
    networks:
      - harbor
  registry:
    image: vmware/registry-photon:v2.6.2-v1.4.0
    container_name: registry
    restart: always
    volumes:
      - /data/registry:/storage:z
      - ./common/config/registry/:/etc/registry/:z
    networks:
      - harbor
    ports:
      - 5000:5000  
    environment:
      - GODEBUG=netdns=cgo
    command:
      ["serve", "/etc/registry/config.yml"]
    depends_on:
      - log
    logging:
      driver: "syslog"
      options:  
        syslog-address: "tcp://127.0.0.1:1514"
        tag: "registry"
  mysql:
    image: vmware/harbor-db:v1.4.0
    container_name: harbor-db
    restart: always
    volumes:
      - /data/database:/var/lib/mysql:z
    networks:
      - harbor
    env_file:
      - ./common/config/db/env
    depends_on:
      - log
    logging:
      driver: "syslog"
      options:  
        syslog-address: "tcp://127.0.0.1:1514"
        tag: "mysql"
  adminserver:
    image: vmware/harbor-adminserver:v1.4.0
    container_name: harbor-adminserver
    env_file:
      - ./common/config/adminserver/env
    restart: always
    volumes:
      - /data/config/:/etc/adminserver/config/:z
      - /data/secretkey:/etc/adminserver/key:z
      - /data/:/data/:z
    networks:
      - harbor
    depends_on:
      - log
    logging:
      driver: "syslog"
      options:  
        syslog-address: "tcp://127.0.0.1:1514"
        tag: "adminserver"
  ui:
    image: vmware/harbor-ui:v1.4.0
    container_name: harbor-ui
    env_file:
      - ./common/config/ui/env
    restart: always
    volumes:
      - ./common/config/ui/app.conf:/etc/ui/app.conf:z
      - ./common/config/ui/private_key.pem:/etc/ui/private_key.pem:z
      - ./common/config/ui/certificates/:/etc/ui/certificates/:z
      - /data/secretkey:/etc/ui/key:z
      - /data/ca_download/:/etc/ui/ca/:z
      - /data/psc/:/etc/ui/token/:z
    networks:
      - harbor
    depends_on:
      - log
      - adminserver
      - registry
    logging:
      driver: "syslog"
      options:  
        syslog-address: "tcp://127.0.0.1:1514"
        tag: "ui"
  jobservice:
    image: vmware/harbor-jobservice:v1.4.0
    container_name: harbor-jobservice
    env_file:
      - ./common/config/jobservice/env
    restart: always
    volumes:
      - /data/job_logs:/var/log/jobs:z
      - ./common/config/jobservice/app.conf:/etc/jobservice/app.conf:z
      - /data/secretkey:/etc/jobservice/key:z
    networks:
      - harbor
    depends_on:
      - ui
      - adminserver
    logging:
      driver: "syslog"
      options:  
        syslog-address: "tcp://127.0.0.1:1514"
        tag: "jobservice"
  proxy:
    image: vmware/nginx-photon:v1.4.0
    container_name: nginx
    restart: always
    volumes:
      - ./common/config/nginx:/etc/nginx:z
    networks:
      - harbor
    ports:
      - 80:80
      - 443:443
      - 4443:4443
    depends_on:
      - mysql
      - registry
      - ui
      - log
    logging:
      driver: "syslog"
      options:  
        syslog-address: "tcp://127.0.0.1:1514"
        tag: "proxy"
networks:
  harbor:
    external: false

(4) 修改harbor.cfg
  ## Configuration file of Harbor

The IP address or hostname to access admin UI and registry service.

DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.

hostname = 172.16.0.133

The protocol for accessing the UI and token/notification service, by default it is http.

It can be set to https if ssl is enabled on nginx.

ui_url_protocol = http

Maximum number of job workers in job service  

max_job_workers = 3 

Determine whether or not to generate certificate for the registry's token.

If the value is on, the prepare script creates new root cert and private key 

for generating token to access the registry. If the value is off the default key/cert will be used.

This flag also controls the creation of the notary signer's cert.

customize_crt = on

The path of cert and key files for nginx, they are applied only the protocol is set to https

ssl_cert = /data/cert/server.crt
ssl_cert_key = /data/cert/server.key

The path of secretkey storage

secretkey_path = /data

Admiral's url, comment this attribute, or set its value to NA when Harbor is standalone

admiral_url = NA

Log files are rotated log_rotate_count times before being removed. If count is 0, old versions are removed rather than rotated.

log_rotate_count = 50

Log files are rotated only if they grow bigger than log_rotate_size bytes. If size is followed by k, the size is assumed to be in kilobytes. 

If the M is used, the size is in megabytes, and if G is used, the size is in gigabytes. So size 100, size 100k, size 100M and size 100G 

are all valid.

log_rotate_size = 200M

NOTES: The properties between BEGIN INITIAL PROPERTIES and END INITIAL PROPERTIES

only take effect in the first boot, the subsequent changes of these properties 

should be performed on web ui

BEGIN INITIAL PROPERTIES

Email account settings for sending out password resetting emails.

Email server uses the given username and password to authenticate on TLS connections to host and act as identity.

Identity left blank to act as username.

email_identity = 

email_server = smtp.mydomain.com
email_server_port = 25
email_username = sample_admin@mydomain.com
email_password = abc
email_from = admin <sample_admin@mydomain.com>
email_ssl = false
email_insecure = false

The initial password of Harbor admin, only works for the first time when Harbor starts. 

It has no effect after the first launch of Harbor.

Change the admin password from UI after launching Harbor.

harbor_admin_password = Harbor12345

By default the auth mode is db_auth, i.e. the credentials are stored in a local database.

Set it to ldap_auth if you want to verify a user's credentials against an LDAP server.

auth_mode = db_auth

The url for an ldap endpoint.

ldap_url = ldaps://ldap.mydomain.com

A user's DN who has the permission to search the LDAP/AD server. 

If your LDAP/AD server does not support anonymous search, you should configure this DN and ldap_search_pwd.

ldap_searchdn = uid=searchuser,ou=people,dc=mydomain,dc=com

the password of the ldap_searchdn

ldap_search_pwd = password

The base DN from which to look up a user in LDAP/AD

ldap_basedn = ou=people,dc=mydomain,dc=com

Search filter for LDAP/AD, make sure the syntax of the filter is correct.

ldap_filter = (objectClass=person)

The attribute used in a search to match a user, it could be uid, cn, email, sAMAccountName or other attributes depending on your LDAP/AD  

ldap_uid = uid 

the scope to search for users, 0-LDAP_SCOPE_BASE, 1-LDAP_SCOPE_ONELEVEL, 2-LDAP_SCOPE_SUBTREE

ldap_scope = 2 

Timeout (in seconds)  when connecting to an LDAP Server. The default value (and most reasonable) is 5 seconds.

ldap_timeout = 5

Verify certificate from LDAP server

ldap_verify_cert = true

Turn on or off the self-registration feature

self_registration = on

The expiration time (in minute) of token created by token service, default is 30 minutes

token_expiration = 30

The flag to control what users have permission to create projects

The default value "everyone" allows everyone to creates a project. 

Set to "adminonly" so that only admin user can create project.

project_creation_restriction = everyone

END INITIAL PROPERTIES

Harbor DB configuration section

The address of the Harbor database. Only need to change when using external db.

db_host = mysql

The password for the root user of Harbor DB. Change this before any production use.

db_password = root123

The port of Harbor database host

db_port = 3306

The user name of Harbor database

db_user = root

End of Harbor DB configuration

The redis server address. Only needed in HA installation.

redis_url =

Clair DB configuration

Clair DB host address. Only change it when using an exteral DB.

clair_db_host = postgres

The password of the Clair's postgres database. Only effective when Harbor is deployed with Clair.

Please update it before deployment. Subsequent update will cause Clair's API server and Harbor unable to access Clair's database.

clair_db_password = password

Clair DB connect port

clair_db_port = 5432

Clair DB username

clair_db_username = postgres

Clair default database

clair_db = postgres

End of Clair DB configuration

The following attributes only need to be set when auth mode is uaa_auth

uaa_endpoint = uaa.mydomain.org
uaa_clientid = id
uaa_clientsecret = secret
uaa_verify_cert = true
uaa_ca_cert = /path/to/ca.pem

Docker Registry setting

registry_storage_provider can be: filesystem, s3, gcs, azure, etc.

registry_storage_provider_name = filesystem

registry_storage_provider_config is a comma separated "key: value" pairs, e.g. "key1: value, key2: value2".

Refer to https://docs.docker.com/registry/configuration/#storage for all available configuration.

registry_storage_provider_config =

(5)安装

在harbor目录中执行./prepare命令,接着在harbor目录下执行./install.sh命令即可,会自动导入镜像并启动对应的容器,待脚本跑完之后使用docke-compose ps即可查看,常用命令包含以下几个:
docker-compose up -d               ###后台启动,如果容器不存在根据镜像自动创建
docker-compose down   -v         ###停止容器并删除容器
docker-compose start                 ###启动容器,容器不存在就无法启动,不会自动创建镜像
docker-compose stop                 ###停止容器
注:其实上面是停止docker-compose.yml中定义的所有容器,默认情况下docker-compose就是操作同目录下的docker-compose.yml文件,如果使用其他yml文件,可以使用-f自己指定。

(6)验证仓库是否创建成功
docker配置文件/usr/lib/systemd/system/docker.service添加私有仓库和加速器配置

[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target firewalld.service
Wants=network-online.target

[Service]
Type=notify

the default is not to use systemd for cgroups because the delegate issues still

exists and systemd currently does not support the cgroup feature set required

for containers run by docker

ExecStart=/usr/bin/dockerd --registry-mirror=https://u1qbyfsc.mirror.aliyuncs.com \
         --insecure-registry 172.16.0.133:5000
ExecReload=/bin/kill -s HUP $MAINPID

Having non-zero Limit*s causes performance problems due to accounting overhead

in the kernel. We recommend using cgroups to do container-local accounting.

LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity

Uncomment TasksMax if your systemd version supports it.

Only systemd 226 and above support this version.

TasksMax=infinity

TimeoutStartSec=0

set delegate yes so that systemd does not reset the cgroups of docker containers

Delegate=yes

kill only the docker process, not all processes in the cgroup

KillMode=process

restart the docker process if it exits prematurely

Restart=on-failure
StartLimitBurst=3
StartLimitInterval=60s

[Install]
WantedBy=multi-user.target

然后重新启动docker

   //拉取镜像
   docker pull hello-world 
   //上传镜像
   docker tag 172.16.0.133:5000/library/hello-world:v1 hello-world:latest
   docker login 172.16.0.133:5000
   Username (admin): admin
   Password: Harbor123456
   Login Succeeded 
   docker push 172.16.0.133:5000/library/hello-world:v1
在浏览器输入172.16.0.133登录Harbor的web界面

账号admin密码Harbor12345

相关文章
|
3月前
|
关系型数据库 应用服务中间件 nginx
Docker一键安装中间件(RocketMq、Nginx、MySql、Minio、Jenkins、Redis)
本系列脚本提供RocketMQ、Nginx、MySQL、MinIO、Jenkins和Redis的Docker一键安装与配置方案,适用于快速部署微服务基础环境。
|
16天前
|
关系型数据库 数据库 PostgreSQL
docker 安装 Postgres 17.6
本文介绍如何通过Docker安装和配置PostgreSQL 17.6。内容包括拉取镜像、导出配置文件、运行容器并挂载数据与配置文件目录,以及进入容器使用psql操作数据库的完整步骤,便于持久化管理和自定义配置。
105 3
docker 安装 Postgres 17.6
kde
|
12天前
|
运维 Ubuntu Linux
2025 最新 docker 可用镜像源仓库地址(9月记录)
本文分享运维组调研的稳定快速的Docker镜像源——轩辕镜像,支持多仓库且性价比高。提供Linux、macOS、Windows系统的一键及手动配置方法,适用于企业级长期使用场景。
kde
447 5
|
4月前
|
存储 NoSQL MongoDB
Docker中安装MongoDB并配置数据、日志、配置文件持久化。
现在,你有了一个运行在Docker中的MongoDB,它拥有自己的小空间,对高楼大厦的崩塌视而不见(会话丢失和数据不持久化的问题)。这个MongoDB的数据、日志、配置文件都会妥妥地保存在你为它精心准备的地方,天旋地转,它也不会失去一丁点儿宝贵的记忆(即使在容器重启后)。
417 4
|
3月前
|
Linux Docker Windows
windows docker安装报错适用于 Linux 的 Windows 子系统必须更新到最新版本才能继续。可通过运行 “wsl.exe --update” 进行更新。
适用于 Linux 的 Windows 子系统需更新至最新版本(如 wsl.2.4.11.0.x64.msi)以解决 2025 年 Windows 更新后可能出现的兼容性问题。用户可通过运行 “wsl.exe --update” 或访问提供的链接下载升级包进行更新。
878 0
|
8月前
|
监控 Linux PHP
【02】客户端服务端C语言-go语言-web端PHP语言整合内容发布-优雅草网络设备监控系统-2月12日优雅草简化Centos stream8安装zabbix7教程-本搭建教程非docker搭建教程-优雅草solution
【02】客户端服务端C语言-go语言-web端PHP语言整合内容发布-优雅草网络设备监控系统-2月12日优雅草简化Centos stream8安装zabbix7教程-本搭建教程非docker搭建教程-优雅草solution
200 20
|
12月前
|
Linux Docker 容器
Centos安装docker(linux安装docker)——超详细小白可操作手把手教程,包好用!!!
本篇博客重在讲解Centos安装docker,经博主多次在不同服务器上测试,极其的稳定,尤其是阿里的服务器,一路复制命令畅通无阻。
19059 5
Centos安装docker(linux安装docker)——超详细小白可操作手把手教程,包好用!!!
|
存储 Linux Docker
CentOS 7.6安装Docker实战案例及存储引擎和服务进程简介
关于如何在CentOS 7.6上安装Docker、介绍Docker存储引擎以及服务进程关系的实战案例。
602 3
CentOS 7.6安装Docker实战案例及存储引擎和服务进程简介