Dear leaders, the foregoing is as follows:
K8S build automated deployment environment (I) install Kubernetes
K8S build an automated deployment environment (II) install the K8S management tool Kuboard V3
K8S build automated deployment environment (III) Jenkins download, installation and startup
K8S build automated deployment environment (IV) installation and use of Jenkins multi branch pipeline Blue Ocean
Text:
First, download the harbor package, which is relatively large (V2.3.2 has 577M, as shown in the figure below). Please download it patiently.
https://github.com/goharbor/harbor/releases
1. You need to unzip the harbor package to the: / usr/local directory. (other directories are also available)
[root@nb1 local]# tar -zvxf harbor-offline-installer-v2.3.2.tgz harbor/harbor.v2.3.2.tar.gz harbor/prepare harbor/LICENSE harbor/install.sh harbor/common.sh harbor/harbor.yml.tmpl [root@nb1 local]# cd harbor/ [root@nb1 harbor]# ll Total consumption 594380 -rw-r--r-- 1 root root 3361 8 June 18-16:51 common.sh -rw-r--r-- 1 root root 608611132 8 June 18-16:52 harbor.v2.3.2.tar.gz -rw-r--r-- 1 root root 7840 8 June 18-16:51 harbor.yml.tmpl -rwxr-xr-x 1 root root 2500 8 June 18-16:51 install.sh -rw-r--r-- 1 root root 11347 8 June 18-16:51 LICENSE -rwxr-xr-x 1 root root 1881 8 June 18-16:51 prepare
2. Modify the harbor configuration file yml.
Copy harbor first yml. Tmpl is harbor yml
- The hostname should be changed to the local IP address 192.168.1.127
hostname: 192.168.1.127
- For https access, you need to provide a key path
certificate: /your/certificate/path private_key: /your/private/key/path
[Note:]
- Either http configuration or https configuration, and the other annotation;
- http configuration:
hostname: 192.168.1.127 http: port: 80 harbor_admin_password: harbor.2017 data_volume: /data/harbor/data
- https configuration:
hostname: reg.dycoding.top https: # https port for harbor, default is 443 port: 8443 # The path of cert and key files for nginx certificate: /data/harbor/reg/1_reg.dycoding.top_bundle.crt private_key: /data/harbor/reg/2_reg.dycoding.top.key harbor_admin_password: harbor.2017 data_volume: /data/harbor/data
3. Install harbor service
[Note:] the following process is based on http, similar to https.
Execute the following command:
sh /usr/local/harbor/install.sh
Tip: you need to install docker and docker compose in advance
Docker installation through train (pay attention to the latest installation method below): https://blog.csdn.net/wdy_2099/article/details/77367107
Docker compose installation through train: https://blog.csdn.net/wdy_2099/article/details/120042501
If it is not installed, the following information may be prompted:
[root@nb1 harbor]# sh install.sh [Step 0]: checking if docker is installed ... ✖ Need to install docker(17.06.0+) first and run this script again.
Or tips:
[root@nb1 harbor]# sh install.sh [Step 0]: checking if docker is installed ... Note: docker version: 20.10.8 [Step 1]: checking docker-compose is installed ... ✖ Need to install docker-compose(1.18.0+) by yourself first and run this script again.
After solving the above two software problems, re execute SH / usr / local / Harbor / install SH command
If the following ERROR message is prompted
Error happened in config validation... ERROR:root:Error: The protocol is https but attribute ssl_cert is not set
Just note the https configuration. CallBack, the above points of note are: http configuration and https configuration are optional, and the other is a comment;
# https related config # https: # https port for harbor, default is 443 # port: 443 # The path of cert and key files for nginx # certificate: /your/certificate/path # private_key: /your/private/key/path
Re execute SH / usr / local / Harbor / install SH command:
[root@nb1 harbor]# sh install.sh [Step 0]: checking if docker is installed ... Note: docker version: 20.10.8 [Step 1]: checking docker-compose is installed ... Note: docker-compose version: 1.29.2 [Step 2]: loading Harbor images ... Loaded image: goharbor/redis-photon:v2.3.2 Loaded image: goharbor/nginx-photon:v2.3.2 Loaded image: goharbor/harbor-portal:v2.3.2 Loaded image: goharbor/trivy-adapter-photon:v2.3.2 Loaded image: goharbor/chartmuseum-photon:v2.3.2 Loaded image: goharbor/notary-signer-photon:v2.3.2 Loaded image: goharbor/harbor-core:v2.3.2 Loaded image: goharbor/harbor-log:v2.3.2 Loaded image: goharbor/harbor-registryctl:v2.3.2 Loaded image: goharbor/harbor-exporter:v2.3.2 Loaded image: goharbor/notary-server-photon:v2.3.2 Loaded image: goharbor/prepare:v2.3.2 Loaded image: goharbor/harbor-db:v2.3.2 Loaded image: goharbor/harbor-jobservice:v2.3.2 Loaded image: goharbor/registry-photon:v2.3.2 [Step 3]: preparing environment ... [Step 4]: preparing harbor configs ... prepare base dir is set to /usr/local/harbor WARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. Please make sure to upgrade to https Generated configuration file: /config/portal/nginx.conf Generated configuration file: /config/log/logrotate.conf Generated configuration file: /config/log/rsyslog_docker.conf Generated configuration file: /config/nginx/nginx.conf Generated configuration file: /config/core/env Generated configuration file: /config/core/app.conf Generated configuration file: /config/registry/config.yml Generated configuration file: /config/registryctl/env Generated configuration file: /config/registryctl/config.yml Generated configuration file: /config/db/env Generated configuration file: /config/jobservice/env Generated configuration file: /config/jobservice/config.yml Generated and saved secret to file: /data/secret/keys/secretkey Successfully called func: create_root_cert Generated configuration file: /compose_location/docker-compose.yml Clean up the input dir [Step 5]: starting Harbor ... Creating network "harbor_harbor" with the default driver Creating harbor-log ... done Creating harbor-db ... done Creating harbor-portal ... done Creating redis ... done Creating registry ... done Creating registryctl ... done Creating harbor-core ... done Creating harbor-jobservice ... done Creating nginx ... done ✔ ----Harbor has been installed and started successfully.----
Above, appear ✔ ---- Harbor has been installed and started successfully.---- It means that harbor is successfully installed.
4. Verify startup
You can view it with the docker ps -a command or the docker compose PS command.
[root@nb1 harbor]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
37555f540f9b goharbor/nginx-photon:v2.3.2 "nginx -g 'daemon of..." About a minute ago Up About a minute (healthy) 0.0.0.0:80->8080/tcp, :::80->8080/tcp nginx
a1279e837eb5 goharbor/harbor-jobservice:v2.3.2 "/harbor/entrypoint...." About a minute ago Up About a minute (healthy) harbor-jobservice
4aa506a7b793 goharbor/harbor-core:v2.3.2 "/harbor/entrypoint...." About a minute ago Up About a minute (healthy) harbor-core
089768d0fe69 goharbor/harbor-registryctl:v2.3.2 "/home/harbor/start...." About a minute ago Up About a minute (healthy) registryctl
42a11fa321d1 goharbor/registry-photon:v2.3.2 "/home/harbor/entryp..." About a minute ago Up About a minute (healthy) registry
0761ec738a51 goharbor/redis-photon:v2.3.2 "redis-server /etc/r..." About a minute ago Up About a minute (healthy) redis
81e787ab6c95 goharbor/harbor-portal:v2.3.2 "nginx -g 'daemon of..." About a minute ago Up About a minute (healthy) harbor-portal
a131e3336753 goharbor/harbor-db:v2.3.2 "/docker-entrypoint...." About a minute ago Up About a minute (healthy) harbor-db
a339d4255f2a goharbor/harbor-log:v2.3.2 "/bin/sh -c /usr/loc..." About a minute ago Up About a minute (healthy) 127.0.0.1:1514->10514/tcp harbor-log
[root@nb1 harbor]# docker-compose ps
Name Command State Ports
--------------------------------------------------------------------------------------------------------
harbor-core /harbor/entrypoint.sh Up (healthy)
harbor-db /docker-entrypoint.sh 96 13 Up (healthy)
harbor-jobservice /harbor/entrypoint.sh Up (healthy)
harbor-log /bin/sh -c /usr/local/bin/ ... Up (healthy) 127.0.0.1:1514->10514/tcp
harbor-portal nginx -g daemon off; Up (healthy)
nginx nginx -g daemon off; Up (healthy) 0.0.0.0:80->8080/tcp,:::80->8080/tcp
redis redis-server /etc/redis.conf Up (healthy)
registry /home/harbor/entrypoint.sh Up (healthy)
registryctl /home/harbor/start.sh Up (healthy)
[root@nb1 harbor]#
5. Log in to Harbor WebUI
Enter your host IP access from the browser: http://192.168.1.127
Enter the user name admin and password Harbor12345 to log in.
Note: the password is in harbor YML can be seen and modified
# The initial password of Harbor admin # It only works in first time to install harbor # Remember Change the admin password from UI after launching Harbor. harbor_admin_password: Harbor12345
The effect after login is as follows:
Question 1: when we log in to harbor with docker, we refuse access (connection rejected):
[root@nb1 harbor]# docker login -u admin -p Harbor12345 http://192.168.1.127 WARNING! Using --password via the CLI is insecure. Use --password-stdin. Error response from daemon: Get "https://192.168.1.127/v2/": dial tcp 192.168.1.127:443: connect: connection refused
The solution is as follows:
As shown in the figure below, comment out the original ExecStart and add the following code. Set the registered IP to the host IP where Harbor is installed
ExecStart=/usr/bin/dockerd -H fd:// --insecure-registry 192.168.1.127 --containerd=/run/containerd/containerd.sock
After modification, the docker service needs to be restarted
systemctl daemon-reload systemctl restart docker
Log in to harbor again with docker:
[root@nb1 harbor]# docker login -u admin -p Harbor12345 http://192.168.1.127 WARNING! Using --password via the CLI is insecure. Use --password-stdin. WARNING! Your password will be stored unencrypted in /root/.docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store Login Succeeded
Question 2: if you find that harbor is not started, you need to execute the following command in the harbor directory (/ usr/local/harbor: the directory where docker-compose.yml is located):
[root@nb1 harbor]# docker-compose up -d harbor-log is up-to-date Starting harbor-portal ... Starting harbor-portal ... done Starting registry ... done Starting harbor-db ... done Starting redis ... done Starting harbor-core ... done Starting harbor-jobservice ... Starting harbor-jobservice ... done
5. After logging in, Tag the local image and push it to the harbor server:
[to execute the following commands, you need to log in to harbor: docker login - U admin - P harbor 12345 first http://192.168.1.127 ]
docker tag nginx 192.168.1.127/test/nginx:test docker push 192.168.1.127/test/nginx:test
The detailed process is as follows:
1. Pull an nginx image from the official image as an example:
[root@nb1 docker]# docker pull nginx Using default tag: latest latest: Pulling from library/nginx e1acddbe380c: Pull complete e21006f71c6f: Pull complete f3341cc17e58: Pull complete 2a53fa598ee2: Pull complete 12455f71a9b5: Pull complete b86f2ba62d17: Pull complete Digest: sha256:4d4d96ac750af48c6a551d757c1cbfc071692309b491b70b2b8976e102dd3fef Status: Downloaded newer image for nginx:latest docker.io/library/nginx:latest [root@nb1 docker]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE nginx latest dd34e67e3371 2 weeks ago 133MB # 2. Hit TAG [root@nb1 docker]# docker tag nginx 192.168.1.127/test/nginx:test # 3. Push to harbor warehouse [root@nb1 docker]# docker push 192.168.1.127/test/nginx:test The push refers to repository [192.168.1.127/test/nginx] fb04ab8effa8: Pushed 8f736d52032f: Pushed 009f1d338b57: Pushed 678bbd796838: Pushed d1279c519351: Pushed f68ef921efae: Pushed test: digest: sha256:5e95e5eb8be4322e3b3652d737371705e56809ed8b307ad68ec59ddebaaf60e4 size: 1570
Then you can see from the Web UI of Harbor that nginx already exists:
4. Pull image:
[root@nb001 harbor]# docker pull 192.168.1.127/test/nginx:test 93e71db: Pulling from test/nginx bb7d5a84853b: Already exists f02b617c6a8c: Already exists d32e17419b7e: Already exists c9d2d81226a4: Already exists fab4960f9cd2: Already exists 510989d8108c: Already exists c14538dbe225: Already exists 4a89eb6a8885: Pull complete 7bf621c94cdf: Pull complete Digest: sha256:2d986246856d675930fb9bf1a0fa54ebac31359952713521447317855a278c1a Status: Downloaded newer image for 192.168.1.127/test/nginx:test 192.168.1.127/test/nginx:test