华为云云耀云服务器L实例评测 | 搭建企业级 Registry 服务器 Harbor

大家好，欢迎来到IT知识分享网。

您需要了解

• 本次搭建采用 华为云耀云服务器 ，一键部署、快速搭建企业级 Registry 服务器 Harbor v2.7.0
• Docker 版本为24.0.5，Docker-compose采用 1.29.2,Harbor 采用 v2.7.0，点击这里Github下载。如访问受限，您可通过站内私信进行获取。

Harbor介绍

Harbor是一个开源的企业级Registry服务器，用于管理和存储Docker镜像和OCI容器镜像。作为一个高可用、安全可靠的容器镜像仓库，Harbor提供了丰富的功能和管理工具，以帮助组织有效地构建和管理容器镜像。

Harbor特性和优势

1. 安全可靠：Harbor提供了严格的用户认证和访问控制机制，支持集成LDAP、AD等身份认证系统，保障镜像仓库的安全性。此外，它还提供镜像签名和验证功能，确保镜像的完整性和来源可信。
2. 管理和控制：Harbor具有灵活而强大的权限管理功能，管理员可以精确控制用户对镜像的读写权限，实现细粒度的权限控制。同时，管理员可以轻松管理镜像仓库的生命周期，包括创建、删除、修改和搜索镜像，以及查看镜像的详细信息。
3. 复制和同步：Harbor支持镜像仓库的复制和同步，在多个地理位置或数据中心之间同步镜像，提高可用性和安全性。这使得团队可以更方便地访问和使用镜像，无论其所在的地理位置。
4. 审计和日志记录：Harbor提供全面的审计功能，记录用户的操作和系统事件，方便追踪和审计。这有助于组织监控和管理容器镜像的使用情况，保证合规性和安全性。
5. 镜像扫描和漏洞管理：Harbor集成了容器镜像扫描工具，可以对镜像进行漏洞扫描和安全性检查。这有助于组织及时发现和解决镜像中存在的安全问题，并确保镜像的可信度。
6. 多租户支持：Harbor支持多租户模式，可以根据团队或项目创建独立的命名空间，实现隔离和资源管理。这样不同团队之间可以独立管理自己的镜像仓库，提高开发效率和资源利用率。

系统设置

关闭防火墙

root@hcss-ecs-5c9b:~# ufw disable  Firewall stopped and disabled on system startup 

安装Docker

使用 ssh 连接到云服务器

# 查看云服务器版本 root@hcss-ecs-5c9b:~# lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 22.04.1 LTS Release: 22.04 Codename: jammy # 如果之前安装过请执行此命令卸载docker root@hcss-ecs-5c9b:~# apt-get remove docker docker-engine docker.io 

更新软件包列表并安装 Docker 的依赖项

#更新软件包列表 root@hcss-ecs-5c9b:~# apt-get update # 安装 Docker 软件包依赖项 root@hcss-ecs-5c9b:~# apt-get install apt-transport-https ca-certificates curl gnupg2 software-properties-common 

信任 Docker 的 GPG 公钥

# 信任Docker的GPG公钥: root@hcss-ecs-5c9b:~# curl -fsSL https://repo.huaweicloud.com/docker-ce/linux/ubuntu/gpg | sudo apt-key add - 

添加 Docker 的稳定版存储库

# 对于amd64架构的计算机，添加软件仓库: root@hcss-ecs-5c9b:~# add-apt-repository "deb [arch=amd64] https://repo.huaweicloud.com/docker-ce/linux/ubuntu $(lsb_release -cs) stable" 

更新软件包列表，并安装 Docker

# 更新索引文件并安装 root@hcss-ecs-5c9b:~# apt-get update # 安装 docker root@hcss-ecs-5c9b:~# apt-get install docker-ce docker-ce-cli containerd.io 

验证 Docker 安装是否成功

# 查看 docker 版本 root@hcss-ecs-5c9b:~# docker -v Docker version 24.0.5, build 24.0.5-0ubuntu1~22.04.1 

启动并查看 Docker 服务

# 启动并查看 docker 服务 root@hcss-ecs-5c9b:~# systemctl start docker.service root@hcss-ecs-5c9b:~# systemctl status docker.service ● docker.service - Docker Application Container Engine Loaded: loaded (/lib/systemd/system/docker.service; en> Active: active (running) since Wed 2023-09-20 13:43:42> TriggeredBy: ● docker.socket Docs: https://docs.docker.com Main PID:  (dockerd) Tasks: 9 Memory: 31.3M CPU: 266ms CGroup: /system.slice/docker.service └─ /usr/bin/dockerd -H fd:// --container> 

安装Docker Compose

执行安装命令

# 安装docker-compose root@hcss-ecs-5c9b:~# apt install docker-compose 

验证 Docker Compose 是否成功安装

# 查看版本 root@hcss-ecs-5c9b:~# docker-compose -v docker-compose version 1.29.2, build unknown 

配置镜像加速器

下载默认在dockerhub上拉取镜像,可配置镜像加速器解决拉取过慢问题

# 以root用户登录容器引擎所在的虚拟机 # 修改“/etc/docker/daemon.json”文件（如果没有，可以手动创建），在该文件内添加如下内容 root@hcss-ecs-5c9b:~# vi /etc/docker/daemon.json { 
    "registry-mirrors": [ "https://2a6bf1988cb6428c877f723ec7530dbc.mirror.swr.myhuaweicloud.com" ] } # 按“Esc”，输入:wq保存并退出。 

# 重启容器引擎 root@hcss-ecs-5c9b:~# ystemctl restart docker # 配置结果 root@hcss-ecs-5c9b:~# docker info 

执行docker info，当Registry Mirrors字段的地址为加速器的地址时，说明加速器已经配置成功。

Habor安装

传包并解压

root@hcss-ecs-5c9b:~# ls harbor-offline-installer-v2.7.0.tgz install.sh stackhub HSSInstall snap root@hcss-ecs-5c9b:~# tar -zxvf harbor-offline-installer-v2.7.0.tgz  harbor/harbor.v2.7.0.tar.gz harbor/prepare harbor/LICENSE harbor/install.sh harbor/common.sh harbor/harbor.yml.tmpl 

配置Harbor

修改 harbor.yml

root@hcss-ecs-5c9b:~# ls harbor HSSInstall snap harbor-offline-installer-v2.7.0.tgz install.sh stackhub root@hcss-ecs-5c9b:~# cd harbor/ root@hcss-ecs-5c9b:~/harbor# ls common.sh harbor.yml.tmpl LICENSE harbor.v2.7.0.tar.gz install.sh prepare root@hcss-ecs-5c9b:~/harbor# cp harbor.yml.tmpl harbor.yml root@hcss-ecs-5c9b:~/harbor# vim harbor.yml # Configuration file of Harbor # The IP address or hostname to access admin UI and registry service. # DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients. # 修改主机名为本机IP地址 hostname: 124.71.212.8 # 修改端口号为8888，可自定义 # http related config http: # port for http, default is 80. If https enabled, this port will redirect to https port port: 5000 # 注释 https # https related config #https: # https port for harbor, default is 443 # port: 443 # The path of cert and key files for nginx #certificate: /your/certificate/path #private_key: /your/private/key/path # # Uncomment following will enable tls communication between all harbor components # internal_tls: # # set enabled to true means internal tls is enabled # enabled: true # # put your cert and key files on dir # dir: /etc/harbor/tls/internal # Uncomment external_url if you want to enable external proxy # And when it enabled the hostname will no longer used # external_url: https://reg.mydomain.com:8433 # The initial password of Harbor admin # It only works in first time to install harbor # Remember Change the admin password from UI after launching Harbor. # 修改管理员密码 harbor_admin_password: root 

修改 docker.service

root@hcss-ecs-5c9b:~/harbor# vim /lib/systemd/system/docker.service  #在 ExecStart 参数后面添加 --insecure-registry=124.71.212.8:5000 ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --insecure-registry=124.71.212.8:8888 # 重启服务 root@hcss-ecs-5c9b:~/harbor# systemctl daemon-reload  root@hcss-ecs-5c9b:~/harbor# systemctl restart docker.service  

运行 prepare 脚本准备镜像

root@hcss-ecs-5c9b:~/harbor# ls common.sh harbor.yml install.sh prepare harbor.v2.7.0.tar.gz harbor.yml.tmpl LICENSE root@hcss-ecs-5c9b:~/harbor# ./prepare  prepare base dir is set to /root/harbor Unable to find image 'goharbor/prepare:v2.7.0' locally v2.7.0: Pulling from goharbor/prepare 1871d44f4cdb: Pull complete 9e5f23534b75: Pull complete bcadb4: Pull complete 2ee6e5a578c1: Pull complete 0b0e: Pull complete c4c9b2e450d6: Pull complete c: Pull complete d803a1: Pull complete d53c5290e042: Pull complete 0d8cc28f3d0c: Pull complete Digest: sha256:47df4e214c8fd9ea0352a903dba884a480fa18f39ef426f7b890cf822f Status: Downloaded newer image for goharbor/prepare:v2.7.0 WARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. Please make sure to upgrade to https Generated configuration file: /config/portal/nginx.conf Generated configuration file: /config/log/logrotate.conf Generated configuration file: /config/log/rsyslog_docker.conf Generated configuration file: /config/nginx/nginx.conf Generated configuration file: /config/core/env Generated configuration file: /config/core/app.conf Generated configuration file: /config/registry/config.yml Generated configuration file: /config/registryctl/env Generated configuration file: /config/registryctl/config.yml Generated configuration file: /config/db/env Generated configuration file: /config/jobservice/env Generated configuration file: /config/jobservice/config.yml Generated and saved secret to file: /data/secret/keys/secretkey Successfully called func: create_root_cert Generated configuration file: /compose_location/docker-compose.yml Clean up the input dir 

检查脚本命令

root@hcss-ecs-5c9b:~/harbor# docker compose  docker: 'compose' is not a docker command. See 'docker --help' root@hcss-ecs-5c9b:~/harbor# docker-compose  Define and run multi-container applications with Docker. Usage: docker-compose [-f <arg>...] [--profile <name>...] [options] [--] [COMMAND] [ARGS...] docker-compose -h|--help # 检查 common.sh root@hcss-ecs-5c9b:~/harbor# vim common.sh  119 elif [[ $(docker-compose --version) =~ (([0-9]+)\.([ 0-9]+)([\.0-9]*)) ]] # 检查 install.sh root@hcss-ecs-5c9b:~/harbor# vim install.sh  26 DOCKER_COMPOSE=docker-compose 

安装Horbor

root@hcss-ecs-5c9b:~/harbor# ./install.sh  # 完整日志流记录 [Step 0]: checking if docker is installed ... Note: docker version: 24.0.5 [Step 1]: checking docker-compose is installed ... Note: docker-compose version: 1.29.2 [Step 2]: loading Harbor images ... Loaded image: goharbor/prepare:v2.7.0 e41c45: Loading layer 145.8MB/145.8MB af0525d96b0b: Loading layer 16.72MB/16.72MB d7cbf6: Loading layer 5.12kB/5.12kB 005530be0f99: Loading layer 6.144kB/6.144kB 9764bccefdd0: Loading layer 3.072kB/3.072kB 38fe09b6e0e7: Loading layer 2.048kB/2.048kB 9da: Loading layer 2.56kB/2.56kB bee3f2947ec7: Loading layer 2.56kB/2.56kB e4e05d8658d3: Loading layer 2.56kB/2.56kB e7991cc39265: Loading layer 9.728kB/9.728kB Loaded image: goharbor/harbor-db:v2.7.0 d79110caaa26: Loading layer 8.902MB/8.902MB b8cddfca4e88: Loading layer 3.584kB/3.584kB 071b47da1d9b: Loading layer 2.56kB/2.56kB d22932d9f6c7: Loading layer 84.83MB/84.83MB b2f2e9cbceac: Loading layer 5.632kB/5.632kB 53cce0f5bd54: Loading layer 108kB/108kB 40a6c61dcc44: Loading layer 44.03kB/44.03kB 6d7dba: Loading layer 85.77MB/85.77MB 44309ebcfcf7: Loading layer 2.56kB/2.56kB Loaded image: goharbor/harbor-core:v2.7.0 cebcabcec86e: Loading layer 127MB/127MB f3a76df94b70: Loading layer 3.584kB/3.584kB ac9852cda3ce: Loading layer 3.072kB/3.072kB a5bab3cf8af7: Loading layer 2.56kB/2.56kB d52202b6a929: Loading layer 3.072kB/3.072kB bd8a7ca8438d: Loading layer 3.584kB/3.584kB a6a0: Loading layer 20.99kB/20.99kB Loaded image: goharbor/harbor-log:v2.7.0 1a3b490c3dc4: Loading layer 8.902MB/8.902MB 7cbd50b78394: Loading layer 25.65MB/25.65MB 7119ae84be31: Loading layer 4.608kB/4.608kB c9c5875f25c8: Loading layer 26.44MB/26.44MB Loaded image: goharbor/harbor-exporter:v2.7.0 c8c89cfdc06a: Loading layer 119.1MB/119.1MB Loaded image: goharbor/nginx-photon:v2.7.0 59736e: Loading layer 5.759MB/5.759MB 6ccb61: Loading layer 91.75MB/91.75MB a56e97e08300: Loading layer 3.072kB/3.072kB 57925eac82a6: Loading layer 4.096kB/4.096kB 6e36a605c736: Loading layer 92.54MB/92.54MB Loaded image: goharbor/chartmuseum-photon:v2.7.0 175f4dc2d45f: Loading layer 119.1MB/119.1MB 4e26408b204b: Loading layer 6.143MB/6.143MB f2e93a87e40b: Loading layer 1.249MB/1.249MB e5cceb0b0435: Loading layer 1.194MB/1.194MB Loaded image: goharbor/harbor-portal:v2.7.0 b887c32c40a7: Loading layer 8.902MB/8.902MB 938a7e3c75f5: Loading layer 3.584kB/3.584kB 5a5a: Loading layer 2.56kB/2.56kB ebab1e49abda: Loading layer 103.3MB/103.3MB 4ce14e0439d9: Loading layer 104MB/104MB Loaded image: goharbor/harbor-jobservice:v2.7.0 fbaa7a10893c: Loading layer 5.759MB/5.759MB c688ac7b41fa: Loading layer 4.096kB/4.096kB d7c1e408fc7d: Loading layer 17.41MB/17.41MB b639: Loading layer 3.072kB/3.072kB a914e1c2d3e7: Loading layer 30.69MB/30.69MB ba72: Loading layer 48.89MB/48.89MB Loaded image: goharbor/harbor-registryctl:v2.7.0 4bfd949c2891: Loading layer 5.759MB/5.759MB 7fd746eb54cc: Loading layer 4.096kB/4.096kB 026a4a79ef61: Loading layer 3.072kB/3.072kB 4e8dca75f609: Loading layer 17.41MB/17.41MB 7e017925a772: Loading layer 18.2MB/18.2MB Loaded image: goharbor/registry-photon:v2.7.0 bd6904b66a79: Loading layer 5.754MB/5.754MB 4bea: Loading layer 8.987MB/8.987MB 629d40c48f45: Loading layer 15.88MB/15.88MB 48d73b35455c: Loading layer 29.29MB/29.29MB fe12338e806d: Loading layer 22.02kB/22.02kB dcbe4fc18411: Loading layer 15.88MB/15.88MB Loaded image: goharbor/notary-server-photon:v2.7.0 cc039d70dda6: Loading layer 119.9MB/119.9MB c128fc8dd5aa: Loading layer 3.072kB/3.072kB e0f0: Loading layer 59.9kB/59.9kB f7a67f51f6d5: Loading layer 61.95kB/61.95kB Loaded image: goharbor/redis-photon:v2.7.0 c4c80dff091a: Loading layer 5.754MB/5.754MB 26f51848acfb: Loading layer 8.987MB/8.987MB fb0e59f893b6: Loading layer 14.47MB/14.47MB e17fcd490db6: Loading layer 29.29MB/29.29MB f0f3d13b4bdf: Loading layer 22.02kB/22.02kB 73965e1762cb: Loading layer 14.47MB/14.47MB Loaded image: goharbor/notary-signer-photon:v2.7.0 2d831b255ec9: Loading layer 6.287MB/6.287MB b77185: Loading layer 4.096kB/4.096kB edbbda0ede29: Loading layer 3.072kB/3.072kB 11ccb87ea0a3: Loading layer 180.6MB/180.6MB 13afce1af948: Loading layer 13.22MB/13.22MB b0: Loading layer 194.6MB/194.6MB Loaded image: goharbor/trivy-adapter-photon:v2.7.0 [Step 3]: preparing environment ... [Step 4]: preparing harbor configs ... prepare base dir is set to /root/harbor WARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. Please make sure to upgrade to https Clearing the configuration file: /config/nginx/nginx.conf Clearing the configuration file: /config/jobservice/env Clearing the configuration file: /config/jobservice/config.yml Clearing the configuration file: /config/registry/passwd Clearing the configuration file: /config/registry/config.yml Clearing the configuration file: /config/log/logrotate.conf Clearing the configuration file: /config/log/rsyslog_docker.conf Clearing the configuration file: /config/core/app.conf Clearing the configuration file: /config/core/env Clearing the configuration file: /config/db/env Clearing the configuration file: /config/registryctl/env Clearing the configuration file: /config/registryctl/config.yml Clearing the configuration file: /config/portal/nginx.conf Generated configuration file: /config/portal/nginx.conf Generated configuration file: /config/log/logrotate.conf Generated configuration file: /config/log/rsyslog_docker.conf Generated configuration file: /config/nginx/nginx.conf Generated configuration file: /config/core/env Generated configuration file: /config/core/app.conf Generated configuration file: /config/registry/config.yml Generated configuration file: /config/registryctl/env Generated configuration file: /config/registryctl/config.yml Generated configuration file: /config/db/env Generated configuration file: /config/jobservice/env Generated configuration file: /config/jobservice/config.yml loaded secret from file: /data/secret/keys/secretkey Generated configuration file: /compose_location/docker-compose.yml Clean up the input dir Note: stopping existing Harbor instance ... Removing network harbor_harbor WARNING: Network harbor_harbor not found. [Step 5]: starting Harbor ... Creating network "harbor_harbor" with the default driver Creating harbor-log ... done Creating harbor-portal ... done Creating redis ... done Creating registryctl ... done Creating registry ... done Creating harbor-db ... done Creating harbor-core ... done Creating harbor-jobservice ... done Creating nginx ... done ✔ ----Harbor has been installed and started successfully.---- 

登录Harbor

在控制台配置安全组规则，默认放行 5000端口

默认管理员账号 admin，密码为 harbor.yml 文件中的自定义密码

登录访问 ： 宿主机ip：5000

测试

创建项目

访问级别设置为 公开，可以进行匿名拉取，存储容量默认 -1表示大小没有限制

推送镜像

进入项目后，在右上角推送命令中可查看操作语句，注意推送镜像之前需要身份认证

# 标记镜像 root@hcss-ecs-5c9b:~/harbor# docker images | grep mysql mysql latest 8da80fe49fcf 9 days ago 577MB root@hcss-ecs-5c9b:~/harbor# docker tag mysql:latest 124.71.212.8:5000/test/mysql:latest root@hcss-ecs-5c9b:~/harbor# docker images | grep mysql 124.71.212.8:5000/test/mysql latest 8da80fe49fcf 9 days ago 577MB mysql latest 8da80fe49fcf 9 days ago 577MB # 登录镜像仓库（身份认证） root@hcss-ecs-5c9b:~/harbor# docker login 124.71.212.8:5000 Username: admin Password: WARNING! Your password will be stored unencrypted in /root/.docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store Login Succeeded # 推送镜像 root@hcss-ecs-5c9b:~/harbor# docker push 124.71.212.8:5000/test/ mysql:latest The push refers to repository [124.71.212.8:5000/test/mysql] 070004d6f2b9: Pushed 4a8bc1dfb84c: Pushed ea5c2f5028eb: Pushed 8a1ed57d6b0b: Pushed db54cc7f7801: Pushed a5edafed24d3: Pushed 5a3901a789d1: Pushed 288a6a: Pushed 39b5c3aa669c: Pushed baf7: Pushed latest: digest: sha256:ecf2a95e14266b1d3fb72968b84ba2f32f1a0e9288d4ed2dc72f2012d3bb8587 size: 2411 

拉取镜像

# 删除mysql镜像 root@hcss-ecs-5c9b:~/harbor# docker rmi $(docker images |grep mysql |awk '{print $1}') Untagged: mysql:latest Untagged: mysql@sha256:85ab57eb4a48ada2a341dcf7d96733ce2f370fffb8e8eb106e50fa6434 Untagged: 124.71.212.8:5000/test/mysql:latest Untagged: 124.71.212.8:5000/test/mysql@sha256:ecf2a95e14266b1d3fb72968b84ba2f32f1a0e9288d4ed2dc72f2012d3bb8587 Deleted: sha256:8da80fe49fcfad1ac311a2e34c42730ccf5e4feeb6d77cdbc1f Deleted: sha256:1deeed4aab830ff58c69c33fd79be8fcf20476d5b588a Deleted: sha256:e1357e089c858dea603ec3ed9902c0aecbc0b60fd0b120f17 Deleted: sha256:bcbe5b3c714fe855e5caa78834e4e6c90f325ddeee88adc07fb6 Deleted: sha256:08c58bd0ff85ecfde80f12e0eab1f04c8065fcd85e7b83a2 Deleted: sha256:eab11e45b99d4cfc2f4279c9d1d1b5ccd28195f744e281ecfe0e5ee19 Deleted: sha256:90140e11eaaf32841d4b0eb9495e6bdb2e9ddac6060c872da49b7476 Deleted: sha256:2532b8812e263a74092c4317eee7b70536a0afe1270fe1 Deleted: sha256:9a1bca0e16e16d75dc59ea61f9bdc2b8319bbfbe5a8c0b139a8618 Deleted: sha256:6403d78b2f772e1c0205e736bf2cbfbaf7676d0403ec4b3a63de0e88f68b1eaf Deleted: sha256:baf7a6dbd742a1e2807c34237cc631aece53a8f9d99e036daa # 拉取mysql镜像 root@hcss-ecs-5c9b:~/harbor# docker pull 124.71.212.8:5000/test/mysql:latest latest: Pulling from test/mysql bc377bce3181: Pull complete 80bab949ab51: Pull complete afb7: Pull complete d1c32d: Pull complete c90c: Pull complete 7490cd8f4d9b: Pull complete decb3b: Pull complete 39564f901a1e: Pull complete c95e6efa291a: Pull complete 8366d05afd7c: Pull complete Digest: sha256:ecf2a95e14266b1d3fb72968b84ba2f32f1a0e9288d4ed2dc72f2012d3bb8587 Status: Downloaded newer image for 124.71.212.8:5000/test/mysql:latest 124.71.212.8:5000/test/mysql:latest root@hcss-ecs-5c9b:~/harbor# docker images |grep mysql 124.71.212.8:5000/test/mysql latest 8da80fe49fcf 9 days ago 577MB 

·END