目录
Node & System/Software Lists
Architecture Overview of Harbor
Install Harbor 2.8
Harbor Installation Prerequisites
Install Docker and Docker Compose
Install Harbor
Pull and Push image from Harbor
Reference documentation
Node & System/Software Lists
| HOSTNAME | IP | NODE TYPE | CONFIG |
| master1 | 192.168.1.100 | harbor server | 4vCPU4G |
| System | Version |
kernel | 3.10.0-1160.el7.x86_64 |
| centos | CentOS Linux release 7.9.2009 (Core) |
| Software Name | Version |
| docker | 24.0.2 |
| docker compose | v2.18.1 |
| harbor | v2.8.1 |
Architecture Overview of Harbor
With Harbor V2.0, users can manage images, manifest lists, Helm charts, CNABs, OPAs among others which all adhere to the OCI image specification.You can read more here[1].
Install Harbor 2.8
Here we start to install Harbor 2.8 on the target host.following below steps and get Harold installed:
- Harbor Installation Prerequisites
- Install Docker and Docker Compose
- Install Harbor
- Pull and Push image from Harbor
Harbor Installation Prerequisites
Harbor is deployed as several Docker containers. You can therefore deploy it on any Linux distribution that supports Docker. The target host requires Hardware,Software,Network ports show like below.
Hardware
| Resource | Minimum | Recommended |
|---|---|---|
| CPU | 2 CPU | 4 CPU |
| Mem | 4 GB | 8 GB |
| Disk | 40 GB | 160 GB |
Software
| Software | Version | Description |
|---|---|---|
| Docker Engine | Version 17.06.0-ce+ or higher | For installation instructions, see Docker Engine documentation |
| Docker Compose | docker-compose (v1.18.0+) or docker compose v2 (docker-compose-plugin) | For installation instructions, see Docker Compose documentation |
| OpenSSL | Latest is preferred | Used to generate certificate and keys for Harbor |
Network ports
| Port | Protocol | Description |
|---|---|---|
| 443 | HTTPS | Harbor portal and core API accept HTTPS requests on this port. |
| 4443 | HTTPS | Connections to the Docker Content Trust service for Harbor. Only required if Notary is enabled. |
| 80 | HTTP | Harbor portal and core API accept HTTP requests on this port. |
Install Docker and Docker Compose
You can copy and run all there shell commands and get docker components and docker-compose:
sudo yum install -y yum-utils
sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
sudo yum install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
sudo systemctl start docker
sudo systemctl enable docker
sudo curl -SL https://github.com/docker/compose/releases/download/v2.18.1/docker-compose-sudo linux-x86_64 -o /usr/bin/docker-compose
sudo chmod +x /usr/bin/docker-composeInstall Harbor
Copying and running all the bellow shells:
mkdir ~/harbor && cd ~/harbor
wget https://github.com/goharbor/harbor/releases/download/v2.8.1/harbor-offline-installer-v2.8.1.tgz
tar zxf harbor-offline-installer-v2.8.1.tgz-C /usr/local/
The harbor.yml.tmpl in this folder and we need copy and turn to harbor.yml which is harbor server read this name by default.Replace the hostname and comment out the https line temporary.Then run `./install.sh` to install harbor.
[root@master1 harbor]# ls
common.sh harbor.v2.8.1.tar.gz harbor.yml.tmpl install.sh LICENSE prepare
[root@master1 harbor]# cp harbor.yml.tmpl harbor.yml
[root@master1 harbor]# vim harbor.yml
..........
hostname: harbor_node01.example.com //Replace hostname to your hostip or hostname
.........
#https: //Comment out the https line
# https port for harbor, default is 443
#port: 443
# The path of cert and key files for nginx
#certificate: /your/certificate/path
#private_key: /your/private/key/path
.........
[root@master1 harbor]# ./install.sh
[Step 0]: checking if docker is installed ...
Note: docker version: 24.0.2
[Step 1]: checking docker-compose is installed ...
Note: Docker Compose version v2.18.1
[Step 2]: loading Harbor images ...
Loaded image: goharbor/registry-photon:v2.8.1
Loaded image: goharbor/notary-server-photon:v2.8.1
Loaded image: goharbor/harbor-core:v2.8.1
Loaded image: goharbor/harbor-jobservice:v2.8.1
Loaded image: goharbor/harbor-exporter:v2.8.1
Loaded image: goharbor/trivy-adapter-photon:v2.8.1
Loaded image: goharbor/prepare:v2.8.1
Loaded image: goharbor/redis-photon:v2.8.1
Loaded image: goharbor/nginx-photon:v2.8.1
Loaded image: goharbor/notary-signer-photon:v2.8.1
Loaded image: goharbor/harbor-portal:v2.8.1
Loaded image: goharbor/harbor-log:v2.8.1
Loaded image: goharbor/harbor-db:v2.8.1
Loaded image: goharbor/harbor-registryctl:v2.8.1
[Step 3]: preparing environment ...
[Step 4]: preparing harbor configs ...
prepare base dir is set to /usr/local/harbor
WARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. Please make sure to upgrade to https
Generated configuration file: /config/portal/nginx.conf
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/registryctl/config.yml
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
Generated and saved secret to file: /data/secret/keys/secretkey
Successfully called func: create_root_cert
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir
Note: stopping existing Harbor instance ...
[Step 5]: starting Harbor ...
[+] Building 0.0s (0/0)
[+] Running 10/10
✔ Network harbor_harbor Created 0.1s
✔ Container harbor-log Started 1.7s
✔ Container registryctl Started 2.1s
✔ Container harbor-portal Started 2.8s
✔ Container registry Started 2.8s
✔ Container harbor-db Started 2.8s
✔ Container redis Started 2.8s
✔ Container harbor-core Started 3.6s
✔ Container harbor-jobservice Started 5.1s
✔ Container nginx Started 5.1s
✔ ----Harbor has been installed and started successfully.----
Note: After updating harbor.yml,running the prepare script to populate the configuration.And
vim harbor.yml
sudo ./prepare
sudo docker-compose up -dTo reconfigure Harbor to install Notary and Trivy, include all of the components in the prepare command.
sudo ./prepare --with-notary --with-trivyWe use docker-compose to manage harbor like bellow. For more enter `docker-compose --help`
[root@master1 harbor]# docker-compose ls
NAME STATUS CONFIG FILES
harbor running(9) /usr/local/harbor/docker-compose.yml
[root@master1 harbor]# docker-compose ps
NAME IMAGE COMMAND SERVICE CREATED STATUS PORTS
harbor-core goharbor/harbor-core:v2.8.1 "/harbor/entrypoint.…" core 22 hours ago Up 11 minutes (healthy)
harbor-db goharbor/harbor-db:v2.8.1 "/docker-entrypoint.…" postgresql 22 hours ago Up 11 minutes (healthy)
harbor-jobservice goharbor/harbor-jobservice:v2.8.1 "/harbor/entrypoint.…" jobservice 22 hours ago Up 11 minutes (healthy)
harbor-log goharbor/harbor-log:v2.8.1 "/bin/sh -c /usr/loc…" log 22 hours ago Up 11 minutes (healthy) 127.0.0.1:1514->10514/tcp
harbor-portal goharbor/harbor-portal:v2.8.1 "nginx -g 'daemon of…" portal 22 hours ago Up 11 minutes (healthy)
nginx goharbor/nginx-photon:v2.8.1 "nginx -g 'daemon of…" proxy 22 hours ago Up 11 minutes (healthy) 0.0.0.0:80->8080/tcp, :::80->8080/tcp
redis goharbor/redis-photon:v2.8.1 "redis-server /etc/r…" redis 22 hours ago Up 11 minutes (healthy)
registry goharbor/registry-photon:v2.8.1 "/home/harbor/entryp…" registry 22 hours ago Up 11 minutes (healthy)
registryctl goharbor/harbor-registryctl:v2.8.1 "/home/harbor/start.…" registryctl 22 hours ago Up 11 minutes (healthy)
[root@master1 harbor]# docker-compose images
CONTAINER REPOSITORY TAG IMAGE ID SIZE
harbor-core goharbor/harbor-core v2.8.1 075ed731ac18 165MB
harbor-db goharbor/harbor-db v2.8.1 01ca249e7dc2 174MB
harbor-jobservice goharbor/harbor-jobservice v2.8.1 977ee6bff288 141MB
harbor-log goharbor/harbor-log v2.8.1 145a69b937ca 134MB
harbor-portal goharbor/harbor-portal v2.8.1 6c2b21221aca 134MB
nginx goharbor/nginx-photon v2.8.1 cea1bb2450ee 127MB
redis goharbor/redis-photon v2.8.1 cb8b735b33ba 128MB
registry goharbor/registry-photon v2.8.1 c125efcb6c2a 79.1MB
registryctl goharbor/harbor-registryctl v2.8.1 c141d82ffd0a 141MB
[root@master1 harbor]# docker-compose stop
[+] Stopping 9/9
✔ Container nginx Stopped 0.7s
✔ Container harbor-jobservice Stopped 0.6s
✔ Container registryctl Stopped 10.3s
✔ Container harbor-portal Stopped 0.3s
✔ Container harbor-core Stopped 0.2s
✔ Container harbor-db Stopped 0.3s
✔ Container registry Stopped 0.3s
✔ Container redis Stopped 0.3s
✔ Container harbor-log Stopped 10.2s
[root@master1 harbor]# docker-compose start
[+] Running 9/9
✔ Container harbor-log Started 0.6s
✔ Container harbor-portal Started 0.8s
✔ Container registryctl Started 1.1s
✔ Container redis Started 0.7s
✔ Container harbor-db Started 0.9s
✔ Container registry Started 0.9s
✔ Container harbor-core Started 0.4s
✔ Container harbor-jobservice Started 0.7s
✔ Container nginx Started 0.8s Use the browser to enter "http://hostip:80"(for me is http://192.168.1.100:80 to access it.
The default username and password are admin/Harbor12345
Pull and Push image from Harbor
Push
Push an image refer three steps:
- set docker-harbor insecure-registary(or set .cert file)
- docker login harbor (required this login user have push permissions)
- docker tag and docker push(tag format like harbor-host:ip/project name/imagename:v)
Here is a sample of push a image named busybox:latest.
[root@localhost ~]# vim /etc/docker/daemon.json
{
"insecure-registries": ["192.168.1.100:80","0.0.0.0"]
}
[root@master1 harbor]# docker pull busybox:latest
[root@master1 harbor]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
busybox latest 8135583d97fe 12 days ago 4.86MB
[root@master1 harbor]# docker tag busybox:latest 192.168.1.100:80/library/busybox:v0.1
[root@master1 harbor]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.1.100:80/library/busybox v0.1 8135583d97fe 12 days ago 4.86MB
busybox latest 8135583d97fe 12 days ago 4.86MB
[root@master1 harbor]# docker login -u admin -p Harbor12345 http://192.168.1.100:80
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
[root@master1 harbor]# docker push 192.168.1.100:80/library/busybox:v0.1
The push refers to repository [192.168.1.100:80/library/busybox]
9547b4c33213: Pushed
v0.1: digest: sha256:5cd3db04b8be5773388576a83177aff4f40a03457a63855f4b9cbe30542b9a43 size: 528
Pull
Pull an image refer three steps:
- set docker-harbor insecure-registary(or set .cert file)
- docker login harbor(required this login user have pull permissions)
- docker pull
Here are two methods to pull an imgae from Harbor.One is set configuration of "registry-mirrors' and pull an image via unfull name which means no need to enter all addresses and specify labels.Two is pull an image via specify image name and tag.
//method1:
[root@master1 harbor]# vim /etc/docker/daemon.json
{
"registry-mirrors": ["http://192.168.1.100:80"],
"insecure-registries": ["192.168.1.100:80","0.0.0.0"]
}
[root@master1 harbor]# docker pull busybox
Using default tag: latest
latest: Pulling from library/busybox
325d69979d33: Pull complete
Digest: sha256:560af6915bfc8d7630e50e212e08242d37b63bd5c1ccf9bd4acccf116e262d5b
Status: Downloaded newer image for busybox:latest
docker.io/library/busybox:latest
//or
[root@master1 harbor]# docker pull busybox:v0.1
v0.1: Pulling from library/busybox
Digest: sha256:5cd3db04b8be5773388576a83177aff4f40a03457a63855f4b9cbe30542b9a43
Status: Downloaded newer image for busybox:v0.1
docker.io/library/busybox:v0.1
//method2:
[root@master1 harbor]# docker pull 192.168.1.100:80/library/busybox:v0.1
v0.1: Pulling from library/busybox
325d69979d33: Pull complete
Digest: sha256:5cd3db04b8be5773388576a83177aff4f40a03457a63855f4b9cbe30542b9a43
Status: Downloaded newer image for 192.168.1.100:80/library/busybox:v0.1
192.168.1.100:80/library/busybox:v0.1 You can copy command to get image address like below:
Delete
Login into harbor-webui and operate it if you want delete image.
Reference documentation
[1] Architecture Overview of Harbor · goharbor/harbor Wiki · GitHub
