Harbor 是一个用于存储和分发 Docker 镜像的企业级 Registry 服务器,通过添加一些企业必需的功能特性,例如安全、标识和管理等,扩展了开源 Docker Distribution。作为一个企业级私有 Registry 服务器,Harbor 提供了更好的性能和安全。提升用户使用 Registry 构建和运行环境传输镜像的效率。Harbor 支持安装在多个 Registry 节点的镜像资源复制,镜像全部保存在私有 Registry 中, 确保数据和知识产权在公司内部网络中管控。另外,Harbor 也提供了高级的安全特性,诸如用户管理,访问控制和活动审计等。
安装
安装参见官方文档:Harbor - Installation and Configuration Guide,
修改 harbor.yml 时,需要注意的有:
- 使用 https 时,要自己生成证书,然后在
harbor.yml 里配置好证书的路径。
data_volume 可以指定为 /data/harbor,然后要定期备份这个文件夹。(或者直接在新机器上装个 harbor,用 harbor 自带的仓库复制功能做定期备份。)- 企业的话,可能还需要配置 ldap 集成验证。
然后赋权sudo chomod +x ./install.sh
执行 sudo ./install.sh 安装 harbor(貌似必须用 sudo,因为生成出来的配置文件的 owner 都是 root,而且权限设得很严格。)
安装完成后会自动启动 harbor.
自动启动
查看 harbor 目录下的自动生成的 docker-compose.yml 会发现,所有的 containers 都配置了 restart: always:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
| version: '2.3'
services:
log:
image: goharbor/harbor-log:v1.9.0
container_name: harbor-log
restart: always
·····省略·······
proxy:
image: goharbor/nginx-photon:v1.9.0
container_name: nginx
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
- NET_BIND_SERVICE
volumes:
- ./common/config/nginx:/etc/nginx:z
networks:
- harbor
dns_search: .
ports:
- 9090:8080
depends_on:
- registry
- core
- portal
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "proxy"
networks:
harbor:
external: false
|
这表示所有的容器在意外关闭后都会自动重启,比如 docker 重启或服务器重启。(手动 stop 不会自动重启)
但是我在手动运行 docker-compose up -d,然后重启服务器后,发现有几个 container 并没有自动重启:
1
2
3
4
5
6
7
8
9
10
11
| [ryan
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f30d802002a4 goharbor/nginx-photon:v1.8.1 "nginx -g 'daemon of…" 13 hours ago Exited (128) 27 minutes ago 0.0.0.0:80->80/tcp nginx
21472ce8a993 goharbor/harbor-portal:v1.8.1 "nginx -g 'daemon of…" 13 hours ago Exited (128) 27 minutes ago 80/tcp harbor-portal
5d866bb17c58 goharbor/harbor-jobservice:v1.8.1 "/harbor/start.sh" 13 hours ago Exited (137) 26 minutes ago harbor-jobservice
0cf0f93b5a87 goharbor/harbor-core:v1.8.1 "/harbor/start.sh" 13 hours ago Up 11 seconds (health: starting) harbor-core
cba280d9b945 goharbor/redis-photon:v1.8.1 "docker-entrypoint.s…" 13 hours ago Exited (137) 26 minutes ago 6379/tcp redis
473e46d1f746 goharbor/harbor-registryctl:v1.8.1 "/harbor/start.sh" 13 hours ago Up 11 seconds (health: starting) registryctl
51f105f1691d goharbor/registry-photon:v2.7.1-patch-2819-v1.8.1 "/entrypoint.sh /etc…" 13 hours ago Exited (137) 26 minutes ago 5000/tcp registry
c41594ec7779 goharbor/harbor-db:v1.8.1 "/entrypoint.sh post…" 13 hours ago Up 11 seconds (health: starting) 5432/tcp harbor-db
713bd4961772 goharbor/harbor-log:v1.8.1 "/bin/sh -c /usr/loc…" 13 hours ago Up 11 seconds (health: starting) 127.0.0.1:1514->10514/tcp harbor-log
|
可以看到下列五个容器都处于 Exited 状态:
goharbor/nginx-photon:v1.8.1goharbor/harbor-portal:v1.8.1goharbor/harbor-jobservice:v1.8.1goharbor/redis-photon:v1.8.1goharbor/registry-photon:v2.7.1-patch-2819-v1.8.1
搜索发现有人提过这个 issue: https://github.com/goharbor/harbor/issues/7008
于是尝试将 harbor 配成systemd的服务,添加配置文件 /lib/systemd/system/harbor.service,内容如下:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
| [Unit]
Description=Harbor
After=docker.service systemd-networkd.service systemd-resolved.service
Requires=docker.service
Documentation=http://github.com/vmware/harbor
[Service]
Type=simple
Restart=on-failure
RestartSec=5
ExecStart=/usr/local/bin/docker-compose -f $harbor_path/harbor/docker-compose.yml up
ExecStop=/usr/local/bin/docker-compose -f $harbor_path/harbor/docker-compose.yml down
[Install]
WantedBy=multi-user.target
|
其中$harbor_path 换成自己的 harbor 安装路径。
还有 docker-compose 的绝对路径,请通过 which docker-compose 查看,默认路径为/usr/local/bin/docker-compose。
此时通过docker-compose down关闭harbor
然后通过systemd设置为开机启动并启动该项服务:
1
2
| sudo systemctl enable harbor
sudo systemctl start harbor
|
若提示找不到harbor.servce,则执行systemctl daemon-reload重启systemd服务
systemctl status harobr查看 harbor.service 的情况:
1
2
3
4
5
6
7
8
9
10
11
| ● harbor.service - Harbor
Loaded: loaded (/lib/systemd/system/harbor.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2019-10-14 18:55:28 CST; 49s ago
Docs: http://github.com/vmware/harbor
Main PID: 15706 (docker-compose)
Tasks: 12 (limit: 2312)
CGroup: /system.slice/harbor.service
├─15706 /usr/local/bin/docker-compose -f /usr/local/harbor/harbor/docker-compose.yml up
└─15717 /usr/local/bin/docker-compose -f /usr/local/harbor/harbor/docker-compose.yml up
.....省略.....
|
状态为:active
重启再看,发现 harbor 容器组终于全部 up 了:
docker-compose ps
1
2
3
4
5
6
7
8
9
10
11
| Name Command State Ports
---------------------------------------------------------------------------------------------
harbor-core /harbor/harbor_core Up (healthy)
harbor-db /docker-entrypoint.sh Up (healthy) 5432/tcp
harbor-jobservice /harbor/harbor_jobservice ... Up (healthy)
harbor-log /bin/sh -c /usr/local/bin/ ... Up (healthy) 127.0.0.1:1514->10514/tcp
harbor-portal nginx -g daemon off; Up (healthy) 8080/tcp
nginx nginx -g daemon off; Up (healthy) 0.0.0.0:9090->8080/tcp
redis redis-server /etc/redis.conf Up (healthy) 6379/tcp
registry /entrypoint.sh /etc/regist ... Up (healthy) 5000/tcp
registryctl /harbor/start.sh Up (healthy)
|
Web端Harbor也可正常访问:
参考