华为云云耀云服务器L实例评测 | 搭建企业级 Registry 服务器 Harbor

文章目录

- 您需要了解
- Harbor介绍
- Harbor特性和优势
- 系统设置
- Habor安装
- 测试

您需要了解

本次搭建采用华为云耀云服务器，一键部署、快速搭建企业级 Registry 服务器 Harbor v2.7.0

Docker 版本为24.0.5，Docker-compose采用 1.29.2,Harbor 采用 v2.7.0，点击这里Github下载。如访问受限，您可通过站内私信进行获取。

Harbor介绍

Harbor是一个开源的企业级Registry服务器，用于管理和存储Docker镜像和OCI容器镜像。作为一个高可用、安全可靠的容器镜像仓库，Harbor提供了丰富的功能和管理工具，以帮助组织有效地构建和管理容器镜像。

Harbor特性和优势

安全可靠：Harbor提供了严格的用户认证和访问控制机制，支持集成LDAP、AD等身份认证系统，保障镜像仓库的安全性。此外，它还提供镜像签名和验证功能，确保镜像的完整性和来源可信。
管理和控制：Harbor具有灵活而强大的权限管理功能，管理员可以精确控制用户对镜像的读写权限，实现细粒度的权限控制。同时，管理员可以轻松管理镜像仓库的生命周期，包括创建、删除、修改和搜索镜像，以及查看镜像的详细信息。
复制和同步：Harbor支持镜像仓库的复制和同步，在多个地理位置或数据中心之间同步镜像，提高可用性和安全性。这使得团队可以更方便地访问和使用镜像，无论其所在的地理位置。
审计和日志记录：Harbor提供全面的审计功能，记录用户的操作和系统事件，方便追踪和审计。这有助于组织监控和管理容器镜像的使用情况，保证合规性和安全性。
镜像扫描和漏洞管理：Harbor集成了容器镜像扫描工具，可以对镜像进行漏洞扫描和安全性检查。这有助于组织及时发现和解决镜像中存在的安全问题，并确保镜像的可信度。
多租户支持：Harbor支持多租户模式，可以根据团队或项目创建独立的命名空间，实现隔离和资源管理。这样不同团队之间可以独立管理自己的镜像仓库，提高开发效率和资源利用率。

系统设置

关闭防火墙

root@hcss-ecs-5c9b:~# ufw disable 
Firewall stopped and disabled on system startup

安装Docker

使用 ssh 连接到云服务器

# 查看云服务器版本
root@hcss-ecs-5c9b:~# lsb_release -a
No LSB modules are available.
Distributor ID:	Ubuntu
Description:	Ubuntu 22.04.1 LTS
Release:	22.04
Codename:	jammy

# 如果之前安装过请执行此命令卸载docker
root@hcss-ecs-5c9b:~# apt-get remove docker docker-engine docker.io

更新软件包列表并安装 Docker 的依赖项

#更新软件包列表
root@hcss-ecs-5c9b:~# apt-get update

# 安装 Docker 软件包依赖项
root@hcss-ecs-5c9b:~# apt-get install apt-transport-https ca-certificates curl gnupg2 software-properties-common

信任 Docker 的 GPG 公钥

# 信任Docker的GPG公钥:
root@hcss-ecs-5c9b:~# curl -fsSL https://repo.huaweicloud.com/docker-ce/linux/ubuntu/gpg | sudo apt-key add -

添加 Docker 的稳定版存储库

# 对于amd64架构的计算机，添加软件仓库:
root@hcss-ecs-5c9b:~#  add-apt-repository "deb [arch=amd64] https://repo.huaweicloud.com/docker-ce/linux/ubuntu $(lsb_release -cs) stable"

更新软件包列表，并安装 Docker

# 更新索引文件并安装
root@hcss-ecs-5c9b:~# apt-get update
# 安装 docker
root@hcss-ecs-5c9b:~# apt-get install docker-ce docker-ce-cli containerd.io

验证 Docker 安装是否成功

# 查看 docker 版本
root@hcss-ecs-5c9b:~# docker -v
Docker version 24.0.5, build 24.0.5-0ubuntu1~22.04.1

启动并查看 Docker 服务

# 启动并查看 docker 服务
root@hcss-ecs-5c9b:~# systemctl start  docker.service
root@hcss-ecs-5c9b:~# systemctl status docker.service
● docker.service - Docker Application Container Engine
     Loaded: loaded (/lib/systemd/system/docker.service; en>
     Active: active (running) since Wed 2023-09-20 13:43:42>
TriggeredBy: ● docker.socket
       Docs: https://docs.docker.com
   Main PID: 363725 (dockerd)
      Tasks: 9
     Memory: 31.3M
        CPU: 266ms
     CGroup: /system.slice/docker.service
             └─363725 /usr/bin/dockerd -H fd:// --container>

安装Docker Compose

执行安装命令

# 安装docker-compose
root@hcss-ecs-5c9b:~# apt install docker-compose

验证 Docker Compose 是否成功安装

# 查看版本
root@hcss-ecs-5c9b:~# docker-compose -v
docker-compose version 1.29.2, build unknown

配置镜像加速器

下载默认在dockerhub上拉取镜像,可配置镜像加速器解决拉取过慢问题

# 以root用户登录容器引擎所在的虚拟机
# 修改“/etc/docker/daemon.json”文件（如果没有，可以手动创建），在该文件内添加如下内容

root@hcss-ecs-5c9b:~# vi /etc/docker/daemon.json

{
    "registry-mirrors": [ "https://2a6bf1988cb6428c877f723ec7530dbc.mirror.swr.myhuaweicloud.com" ]
}

# 按“Esc”，输入:wq保存并退出。

在这里插入图片描述

# 重启容器引擎
root@hcss-ecs-5c9b:~# ystemctl restart docker

# 配置结果
root@hcss-ecs-5c9b:~# docker info

执行docker info，当Registry Mirrors字段的地址为加速器的地址时，说明加速器已经配置成功。

在这里插入图片描述

Habor安装

传包并解压

root@hcss-ecs-5c9b:~# ls
harbor-offline-installer-v2.7.0.tgz  install.sh  stackhub
HSSInstall                           snap
root@hcss-ecs-5c9b:~# tar -zxvf harbor-offline-installer-v2.7.0.tgz 
harbor/harbor.v2.7.0.tar.gz
harbor/prepare
harbor/LICENSE
harbor/install.sh
harbor/common.sh
harbor/harbor.yml.tmpl

配置Harbor

修改 harbor.yml

root@hcss-ecs-5c9b:~# ls
harbor                               HSSInstall  snap
harbor-offline-installer-v2.7.0.tgz  install.sh  stackhub
root@hcss-ecs-5c9b:~# cd harbor/
root@hcss-ecs-5c9b:~/harbor# ls
common.sh             harbor.yml.tmpl  LICENSE
harbor.v2.7.0.tar.gz  install.sh       prepare
root@hcss-ecs-5c9b:~/harbor# cp harbor.yml.tmpl harbor.yml
root@hcss-ecs-5c9b:~/harbor# vim harbor.yml
# Configuration file of Harbor

# The IP address or hostname to access admin UI and registry service.
# DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.

# 修改主机名为本机IP地址
hostname: 124.71.212.8

# 修改端口号为8888，可自定义
# http related config
http:
  # port for http, default is 80. If https enabled, this port will redirect to https port
  port: 5000

# 注释 https
# https related config
#https:
  # https port for harbor, default is 443
  # port: 443
  # The path of cert and key files for nginx
  #certificate: /your/certificate/path
  #private_key: /your/private/key/path

# # Uncomment following will enable tls communication between all harbor components
# internal_tls:
#   # set enabled to true means internal tls is enabled
#   enabled: true
#   # put your cert and key files on dir
#   dir: /etc/harbor/tls/internal

# Uncomment external_url if you want to enable external proxy
# And when it enabled the hostname will no longer used
# external_url: https://reg.mydomain.com:8433

# The initial password of Harbor admin
# It only works in first time to install harbor
# Remember Change the admin password from UI after launching Harbor.

# 修改管理员密码
harbor_admin_password: root

修改 docker.service

root@hcss-ecs-5c9b:~/harbor# vim /lib/systemd/system/docker.service 

#在 ExecStart 参数后面添加 --insecure-registry=124.71.212.8:5000
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --insecure-registry=124.71.212.8:8888

# 重启服务
root@hcss-ecs-5c9b:~/harbor# systemctl daemon-reload 
root@hcss-ecs-5c9b:~/harbor# systemctl restart docker.service

运行 prepare 脚本准备镜像

root@hcss-ecs-5c9b:~/harbor# ls
common.sh             harbor.yml       install.sh  prepare
harbor.v2.7.0.tar.gz  harbor.yml.tmpl  LICENSE
root@hcss-ecs-5c9b:~/harbor# ./prepare 
prepare base dir is set to /root/harbor
Unable to find image 'goharbor/prepare:v2.7.0' locally
v2.7.0: Pulling from goharbor/prepare
1871d44f4cdb: Pull complete 
9e5f23534b75: Pull complete 
b234075cadb4: Pull complete 
2ee6e5a578c1: Pull complete 
0b0e76074063: Pull complete 
c4c9b2e450d6: Pull complete 
c70804059354: Pull complete 
721611d803a1: Pull complete 
d53c5290e042: Pull complete 
0d8cc28f3d0c: Pull complete 
Digest: sha256:47df4e214c8fd9ea0352a903dba884a480fa18f39ef426f7b890cf822f848139
Status: Downloaded newer image for goharbor/prepare:v2.7.0
WARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. Please make sure to upgrade to https
Generated configuration file: /config/portal/nginx.conf
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/registryctl/config.yml
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
Generated and saved secret to file: /data/secret/keys/secretkey
Successfully called func: create_root_cert
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir

检查脚本命令

root@hcss-ecs-5c9b:~/harbor# docker compose 
docker: 'compose' is not a docker command.
See 'docker --help'

root@hcss-ecs-5c9b:~/harbor# docker-compose 
Define and run multi-container applications with Docker.

Usage:
  docker-compose [-f <arg>...] [--profile <name>...] [options] [--] [COMMAND] [ARGS...]
  docker-compose -h|--help
  
# 检查 common.sh
root@hcss-ecs-5c9b:~/harbor# vim common.sh 
119         elif [[ $(docker-compose --version) =~ (([0-9]+)\.([    0-9]+)([\.0-9]*)) ]]

# 检查 install.sh
root@hcss-ecs-5c9b:~/harbor# vim install.sh 
 26 DOCKER_COMPOSE=docker-compose

安装Horbor

root@hcss-ecs-5c9b:~/harbor# ./install.sh 

# 完整日志流记录
[Step 0]: checking if docker is installed ...

Note: docker version: 24.0.5

[Step 1]: checking docker-compose is installed ...

Note: docker-compose version: 1.29.2

[Step 2]: loading Harbor images ...
Loaded image: goharbor/prepare:v2.7.0
716575e41c45: Loading layer  145.8MB/145.8MB
af0525d96b0b: Loading layer  16.72MB/16.72MB
939977d7cbf6: Loading layer   5.12kB/5.12kB
005530be0f99: Loading layer  6.144kB/6.144kB
9764bccefdd0: Loading layer  3.072kB/3.072kB
38fe09b6e0e7: Loading layer  2.048kB/2.048kB
9d659849215a: Loading layer   2.56kB/2.56kB
bee3f2947ec7: Loading layer   2.56kB/2.56kB
e4e05d8658d3: Loading layer   2.56kB/2.56kB
e7991cc39265: Loading layer  9.728kB/9.728kB
Loaded image: goharbor/harbor-db:v2.7.0
d79110caaa26: Loading layer  8.902MB/8.902MB
b8cddfca4e88: Loading layer  3.584kB/3.584kB
071b47da1d9b: Loading layer   2.56kB/2.56kB
d22932d9f6c7: Loading layer  84.83MB/84.83MB
b2f2e9cbceac: Loading layer  5.632kB/5.632kB
53cce0f5bd54: Loading layer    108kB/108kB
40a6c61dcc44: Loading layer  44.03kB/44.03kB
6d7dba633513: Loading layer  85.77MB/85.77MB
44309ebcfcf7: Loading layer   2.56kB/2.56kB
Loaded image: goharbor/harbor-core:v2.7.0
cebcabcec86e: Loading layer    127MB/127MB
f3a76df94b70: Loading layer  3.584kB/3.584kB
ac9852cda3ce: Loading layer  3.072kB/3.072kB
a5bab3cf8af7: Loading layer   2.56kB/2.56kB
d52202b6a929: Loading layer  3.072kB/3.072kB
bd8a7ca8438d: Loading layer  3.584kB/3.584kB
a6a054173348: Loading layer  20.99kB/20.99kB
Loaded image: goharbor/harbor-log:v2.7.0
1a3b490c3dc4: Loading layer  8.902MB/8.902MB
7cbd50b78394: Loading layer  25.65MB/25.65MB
7119ae84be31: Loading layer  4.608kB/4.608kB
c9c5875f25c8: Loading layer  26.44MB/26.44MB
Loaded image: goharbor/harbor-exporter:v2.7.0
c8c89cfdc06a: Loading layer  119.1MB/119.1MB
Loaded image: goharbor/nginx-photon:v2.7.0
59736e375413: Loading layer  5.759MB/5.759MB
6cc787909b61: Loading layer  91.75MB/91.75MB
a56e97e08300: Loading layer  3.072kB/3.072kB
57925eac82a6: Loading layer  4.096kB/4.096kB
6e36a605c736: Loading layer  92.54MB/92.54MB
Loaded image: goharbor/chartmuseum-photon:v2.7.0
175f4dc2d45f: Loading layer  119.1MB/119.1MB
4e26408b204b: Loading layer  6.143MB/6.143MB
f2e93a87e40b: Loading layer  1.249MB/1.249MB
e5cceb0b0435: Loading layer  1.194MB/1.194MB
Loaded image: goharbor/harbor-portal:v2.7.0
b887c32c40a7: Loading layer  8.902MB/8.902MB
938a7e3c75f5: Loading layer  3.584kB/3.584kB
5a5a28182655: Loading layer   2.56kB/2.56kB
ebab1e49abda: Loading layer  103.3MB/103.3MB
4ce14e0439d9: Loading layer    104MB/104MB
Loaded image: goharbor/harbor-jobservice:v2.7.0
fbaa7a10893c: Loading layer  5.759MB/5.759MB
c688ac7b41fa: Loading layer  4.096kB/4.096kB
d7c1e408fc7d: Loading layer  17.41MB/17.41MB
55958792b639: Loading layer  3.072kB/3.072kB
a914e1c2d3e7: Loading layer  30.69MB/30.69MB
b91233145a72: Loading layer  48.89MB/48.89MB
Loaded image: goharbor/harbor-registryctl:v2.7.0
4bfd949c2891: Loading layer  5.759MB/5.759MB
7fd746eb54cc: Loading layer  4.096kB/4.096kB
026a4a79ef61: Loading layer  3.072kB/3.072kB
4e8dca75f609: Loading layer  17.41MB/17.41MB
7e017925a772: Loading layer   18.2MB/18.2MB
Loaded image: goharbor/registry-photon:v2.7.0
bd6904b66a79: Loading layer  5.754MB/5.754MB
4bea14657109: Loading layer  8.987MB/8.987MB
629d40c48f45: Loading layer  15.88MB/15.88MB
48d73b35455c: Loading layer  29.29MB/29.29MB
fe12338e806d: Loading layer  22.02kB/22.02kB
dcbe4fc18411: Loading layer  15.88MB/15.88MB
Loaded image: goharbor/notary-server-photon:v2.7.0
cc039d70dda6: Loading layer  119.9MB/119.9MB
c128fc8dd5aa: Loading layer  3.072kB/3.072kB
e030017184f0: Loading layer   59.9kB/59.9kB
f7a67f51f6d5: Loading layer  61.95kB/61.95kB
Loaded image: goharbor/redis-photon:v2.7.0
c4c80dff091a: Loading layer  5.754MB/5.754MB
26f51848acfb: Loading layer  8.987MB/8.987MB
fb0e59f893b6: Loading layer  14.47MB/14.47MB
e17fcd490db6: Loading layer  29.29MB/29.29MB
f0f3d13b4bdf: Loading layer  22.02kB/22.02kB
73965e1762cb: Loading layer  14.47MB/14.47MB
Loaded image: goharbor/notary-signer-photon:v2.7.0
2d831b255ec9: Loading layer  6.287MB/6.287MB
603534b77185: Loading layer  4.096kB/4.096kB
edbbda0ede29: Loading layer  3.072kB/3.072kB
11ccb87ea0a3: Loading layer  180.6MB/180.6MB
13afce1af948: Loading layer  13.22MB/13.22MB
b05259901192: Loading layer  194.6MB/194.6MB
Loaded image: goharbor/trivy-adapter-photon:v2.7.0


[Step 3]: preparing environment ...

[Step 4]: preparing harbor configs ...
prepare base dir is set to /root/harbor
WARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. Please make sure to upgrade to https
Clearing the configuration file: /config/nginx/nginx.conf
Clearing the configuration file: /config/jobservice/env
Clearing the configuration file: /config/jobservice/config.yml
Clearing the configuration file: /config/registry/passwd
Clearing the configuration file: /config/registry/config.yml
Clearing the configuration file: /config/log/logrotate.conf
Clearing the configuration file: /config/log/rsyslog_docker.conf
Clearing the configuration file: /config/core/app.conf
Clearing the configuration file: /config/core/env
Clearing the configuration file: /config/db/env
Clearing the configuration file: /config/registryctl/env
Clearing the configuration file: /config/registryctl/config.yml
Clearing the configuration file: /config/portal/nginx.conf
Generated configuration file: /config/portal/nginx.conf
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/registryctl/config.yml
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
loaded secret from file: /data/secret/keys/secretkey
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir


Note: stopping existing Harbor instance ...
Removing network harbor_harbor
WARNING: Network harbor_harbor not found.



[Step 5]: starting Harbor ...
Creating network "harbor_harbor" with the default driver
Creating harbor-log ... done
Creating harbor-portal ... done
Creating redis         ... done
Creating registryctl   ... done
Creating registry      ... done
Creating harbor-db     ... done
Creating harbor-core   ... done
Creating harbor-jobservice ... done
Creating nginx             ... done
✔ ----Harbor has been installed and started successfully.----

登录Harbor

在控制台配置安全组规则，默认放行 5000端口

在这里插入图片描述

默认管理员账号 admin，密码为 harbor.yml 文件中的自定义密码

登录访问： 宿主机ip：5000

在这里插入图片描述

测试

创建项目

访问级别设置为 公开，可以进行匿名拉取，存储容量默认 -1表示大小没有限制

在这里插入图片描述

推送镜像

进入项目后，在右上角推送命令中可查看操作语句，注意推送镜像之前需要身份认证

在这里插入图片描述

# 标记镜像
root@hcss-ecs-5c9b:~/harbor# docker images | grep mysql
mysql                           latest    8da80fe49fcf   9 days ago     577MB
root@hcss-ecs-5c9b:~/harbor# docker tag mysql:latest 124.71.212.8:5000/test/mysql:latest
root@hcss-ecs-5c9b:~/harbor# docker images | grep mysql
124.71.212.8:5000/test/mysql    latest    8da80fe49fcf   9 days ago     577MB
mysql                           latest    8da80fe49fcf   9 days ago     577MB

# 登录镜像仓库（身份认证）
root@hcss-ecs-5c9b:~/harbor# docker login 124.71.212.8:5000
Username: admin
Password: 
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

# 推送镜像
root@hcss-ecs-5c9b:~/harbor# docker push 124.71.212.8:5000/test/
mysql:latest 
The push refers to repository [124.71.212.8:5000/test/mysql]
070004d6f2b9: Pushed 
4a8bc1dfb84c: Pushed 
ea5c2f5028eb: Pushed 
8a1ed57d6b0b: Pushed 
db54cc7f7801: Pushed 
a5edafed24d3: Pushed 
5a3901a789d1: Pushed 
288a6a601202: Pushed 
39b5c3aa669c: Pushed 
b69087572af7: Pushed 
latest: digest: sha256:ecf2a95e14266b1d3fb72968b84ba2f32f1a0e9288d4ed2dc72f2012d3bb8587 size: 2411

在这里插入图片描述

拉取镜像

# 删除mysql镜像
root@hcss-ecs-5c9b:~/harbor# docker rmi $(docker images |grep mysql |awk '{print $1}')
Untagged: mysql:latest
Untagged: mysql@sha256:85ab57eb4a48ada2a341dcf7d96733ce2f370fffb8e8e216991b106e50fa6434
Untagged: 124.71.212.8:5000/test/mysql:latest
Untagged: 124.71.212.8:5000/test/mysql@sha256:ecf2a95e14266b1d3fb72968b84ba2f32f1a0e9288d4ed2dc72f2012d3bb8587
Deleted: sha256:8da80fe49fcfad1ac311a2e34c42730c943706c2008083f5e4feeb6d77cdbc1f
Deleted: sha256:1dee80423727000ed4aab830ff58c69c33f28026588d79be8fcf20476d5b588a
Deleted: sha256:89108480e1357e089c858de8226520a603ec3ed9902c0aecbc0b60fd0b120f17
Deleted: sha256:bcbe5b3c714fe855e5c201297aa78834e4e6c90f325dd521544eee88adc07fb6
Deleted: sha256:08c58bd0ff85ec37381585fde80f12e0e53531925ab1f04c8065fcd85e7b83a2
Deleted: sha256:eab11e45b99d4cfc2f4279c9d1d1b5ccd28195f744e281ec8303049fe0e5ee19
Deleted: sha256:90140e11eaa56000514f32841d4b0eb9495e6bdb2e9ddac6060c872da49b7476
Deleted: sha256:2532b8812e20521428449263a74092c4317e4651278ee7b70536a0afe1270fe1
Deleted: sha256:9a1bca0e16e16d75dc59ea61f9b3854621622dc2b8319bbfbe5a8c0b139a8618
Deleted: sha256:6403d78b2f772e1c0205e736bf2cbfbaf7676d0403ec4b3a63de0e88f68b1eaf
Deleted: sha256:b69087572af7a6dbd742a1e2807c34237c995257c631aece53a8f9d99e036daa


# 拉取mysql镜像
root@hcss-ecs-5c9b:~/harbor# docker pull 124.71.212.8:5000/test/mysql:latest
latest: Pulling from test/mysql
bc377bce3181: Pull complete 
80bab949ab51: Pull complete 
73682200afb7: Pull complete 
d1c32d486523: Pull complete 
54341582c90c: Pull complete 
7490cd8f4d9b: Pull complete 
de967683cb3b: Pull complete 
39564f901a1e: Pull complete 
c95e6efa291a: Pull complete 
8366d05afd7c: Pull complete 
Digest: sha256:ecf2a95e14266b1d3fb72968b84ba2f32f1a0e9288d4ed2dc72f2012d3bb8587
Status: Downloaded newer image for 124.71.212.8:5000/test/mysql:latest
124.71.212.8:5000/test/mysql:latest

root@hcss-ecs-5c9b:~/harbor# docker images |grep mysql
124.71.212.8:5000/test/mysql    latest    8da80fe49fcf   9 days ago     577MB