Server:CentOS-7-x86_64-1611(CentOS 7.3)
IP:10.11.51.71
2. dockerDocker: version 1.12.6, build 78d1802
Docker-compose:version 1.16.1, build 6d1ac21
3. harbor(截止20171026)Harbor: version 1.2.2
二.部署harbor服务 1. 部署docker-compose#docker服务已提前部署,可参考:https://docs.docker.com/engine/installation/linux/docker-ce/centos/ #如果使用curl或wget下载较慢,可以通过其他渠道提前下载后上传到服务器 [root@harbor ~]# curl -L https://github.com/docker/compose/releases/download/1.16.1/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose #赋权 [root@harbor ~]# chmod +x /usr/local/bin/docker-compose #验证docker-compose是否部署成功 [root@harbor ~]# docker-compose --version
2. 下载harbor
#这里下载的是离线安装文件,在线安装文件为" harbor-online-installer-v1.2.2.tgz" [root@harbor ~]# cd /usr/local/src/ [root@harbor src]# wget https://github.com/vmware/harbor/releases/download/v1.2.2/harbor-offline-installer-v1.2.2.tgz [root@harbor src]# tar -zxvf harbor-offline-installer-v1.2.2.tgz
3. 配置harbor.cfg[root@harbor src]# cd harbor #解压目录下的harbor.cfg文件即配置文件,详细的配置项可见参考文档: [root@harbor harbor]# vim harbor.cfg #设置访问地址,可用ip,域名,不能使用127.0.0.1或localhost hostname = 10.11.51.71 #默认使用http协议访问UI与token/notification服务;如果采用https,需要将nginx ssl设置为on,可参考:https://github.com/vmware/harbor/blob/master/docs/configure_https.md ui_url_protocol = http #mysql数据库root用户默认密码root123. db_password = root123 #image复制并发量 max_job_workers = 3 #是否为token生成证书,默认为on customize_crt = on #nginx cert与key文件的路径, 只有采用https协议是才有意义 ssl_cert = /data/cert/server.crt ssl_cert_key = /data/cert/server.key #The path of secretkey storage secretkey_path = /data #Admiral's url, comment this attribute, or set its value to NA when Harbor is standalone admiral_url = NA #未启用calir服务,但解压目录下的”./prepare”文件中要检查以下相关参数配置,不能注释,否则环境准备检查不能通过,报”ConfigParser.NoOptionError: No option u'clair_db_password' in section: u'configuration' ”相关错误;或者在”./prepare”中注释相关检查与定义,但需要注意,文件中的关联太多,推荐修改“harbor.cfg”文件即可 clair_db_password = password #以下配置为option配置,只在首次启动生效,可以登陆UI后修改 #email相关配置,均为默认配置 email_identity = email_server = smtp.mydomain.com email_server_port = 25 email_username = sample_admin@mydomain.com email_password = abc email_from = admin <sample_admin@mydomain.com> email_ssl = false #UI登陆默认密码 harbor_admin_password = Harbor12345 ##By default the auth mode is db_auth, i.e. the credentials are stored in a local database. #Set it to ldap_auth if you want to verify a user's credentials against an LDAP server. #默认认证db_auth为本地认证,支持ladp认证 auth_mode = db_auth #ladp相关设置,虽然未采用ldap认证,但解压目录下的”./prepare”文件中要检查以下相关参数配置,不能注释,否则环境准备检查不能通过,报”ConfigParser.NoOptionError: No option u'ldap_timeout' in section: u'configuration' ”相关错误;或者在”./prepare”中注释相关检查与定义,但需要注意,文件中的关联太多,推荐修改“harbor.cfg”文件即可 ldap_url = ldaps://ldap.mydomain.com # ldap_searchdn = uid=searchuser,ou=people,dc=mydomain,dc=com # ldap_search_pwd = password ldap_basedn = ou=people,dc=mydomain,dc=com # ldap_filter = (objectClass=person) ldap_uid = uid ldap_scope = 3 ldap_timeout = 5 #默认开启自注册 self_registration = on #token有效时间,默认30minutes token_expiration = 30 #创建项目权限控制,默认是"everyone"(所有人),可设置为"adminonly"(管理员) project_creation_restriction = everyone #与远程registry通信时是否采用验证ssl verify_remote_cert = on
4. 配置后端存储(optional)默认情况下,harbor存储images在本地文件系统,但生产环境中会有更稳定的后端存储代替本地文件系统。