CentOS 7.3 安装 Harbor 镜像仓库

准备阶段

开启 80、443、4443 端口

当然你也可以选择关掉防火墙

firewall-cmd --zone=public --add-port=80/tcp --permanent
firewall-cmd --zone=public --add-port=443/tcp --permanent
firewall-cmd --zone=public --add-port=4443/tcp --permanent

firewall-cmd --reload

安装 Docker

# step 1: 安装必要的一些系统工具
sudo yum install -y yum-utils device-mapper-persistent-data lvm2

# Step 2: 添加软件源信息
sudo yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

# Step 3: 更新并安装Docker-CE
sudo yum makecache fast
sudo yum -y install docker-ce

# Step 4: 开启Docker服务
sudo systemctl enable docker --now

安装 docker-compose

sudo curl -L "https://github.com/docker/compose/releases/download/1.26.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose

sudo chmod +x /usr/local/bin/docker-compose

sudo ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose

安装最新 openssl

yum install openssl -y

下载离线 Harbor v2.0.0 安装包与校验文件

wget https://github.com/goharbor/harbor/releases/download/v2.0.0/harbor-offline-installer-v2.0.0.tgz

wget https://github.com/goharbor/harbor/releases/download/v2.0.0/harbor-offline-installer-v2.0.0.tgz.asc

校验下载的安装包

• 检验 MD5

  wget https://github.com/goharbor/harbor/releases/download/v2.0.0/md5sum
  
  md5sum -c md5sum

如果校验成功会显示如下信息

md5sum: harbor-online-installer-v2.0.0.tgz: No such file or directory
harbor-online-installer-v2.0.0.tgz: FAILED open or read
md5sum: harbor-online-installer-v2.0.0.tgz.asc: No such file or directory
harbor-online-installer-v2.0.0.tgz.asc: FAILED open or read
harbor-offline-installer-v2.0.0.tgz: OK
harbor-offline-installer-v2.0.0.tgz.asc: OK
md5sum: WARNING: 2 listed files could not be read

上面的信息包含刚刚下载的离线安装包提示 OK

harbor-offline-installer-v2.0.0.tgz: OK
harbor-offline-installer-v2.0.0.tgz.asc: OK

• 校验 GnuPG 签名

获取签名公钥

gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys 644FF454C0B4115C

获取成功后信息如下

gpg: requesting key C0B4115C from hkps server keyserver.ubuntu.com
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: key C0B4115C: public key "Harbor-sign (The key for signing Harbor build) <jiangd@vmware.com>" imported
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)

验证文件

gpg -v --keyserver hkps://keyserver.ubuntu.com --verify harbor-offline-installer-v2.0.0.tgz.asc

成功看到签名信息如下

Version: GnuPG v1
gpg: armor header:
gpg: assuming signed data in `harbor-offline-installer-v2.0.0.tgz'
gpg: Signature made Mon 11 May 2020 06:49:33 PM CST using RSA key ID C0B4115C
gpg: using PGP trust model
gpg: Good signature from "Harbor-sign (The key for signing Harbor build) <jiangd@vmware.com>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 7722 D168 DAEC 4578 06C9  6FF9 644F F454 C0B4 115C
gpg: binary signature, digest algorithm SHA1

安装准备

把解压出来的 harbor 文件夹放到你想安装的地方，比如 /usr/local/harbor

# step 1: 解压离线安装包
tar xvf harbor-offline-installer-v2.0.0.tgz

# step 2: 编辑配置文件
cd harbor
cp harbor.yml.tmpl harbor.yml
vim harbor.yml

需要修改以下内容

• hostname：修改成需要使用的域名，为了能外部访问，不要使用 127.0.0.1 或 localhost

  hostname: reg.mydomain.com

• https 配置如果没有可以先注释掉

  # https related config
  https:
    # https port for harbor, default is 443
    port: 443
    # The path of cert and key files for nginx
    certificate: /your/certificate/path
    private_key: /your/private/key/path

• data_volume：文件存储地址

  data_volume: /data

开始安装

执行以下命令开始安装

bash install.sh

最后看到

Harbor has been installed and started successfully.

就是安装成功了

访问 Harbor

访问之前配置的域名 reg.mydomain.com 或使用 ip 地址访问就可以进入页面

使用用户名 admin 与 之前配置文件中的密码登录，没有修改密码的话默认 Harbor12345