【Docker】Harbor 分布式仓库管理
阅读原文时间:2023年07月10日阅读:3

一、Harbor 介绍

Harbor 是 VMware 公司开源的企业级 Docker Registry 项目,其目标是帮助用户迅速搭建一个企业级的 Docker Registry (私有仓库)服务。

Harbor以 Docker 公司开源的 Registry 为基础,提供了图形管理 UI 、基于角色的访问控制(Role Based AccessControl) 、AD/LDAP 集成、以及审计日志(Auditlogging) 等企业用户需求的功能,同时还原生支持中文。

Harbor 的每个组件都是以 Docker 容器的形式构建的,使用 docker-compose 来对它进行部署。用于部署 Harbor 的 docker-compose 模板位于 harbor/docker-compose.yml

Harbor的特性

  • 基于角色控制:用户和仓库都是基于项目进行组织的,而用户在项目中可以拥有不同的权限。
  • 基于镜像的复制策略:镜像可以在多个Harbor实例之间进行复制(同步)。
  • 支持 LDAP/AD:Harbor 可以集成企业内部已有的 AD/LDAP(类似数据库的一张表),用于对已经存在的用户认证和管理。
  • 镜像删除和垃圾回收:镜像可以被删除,也可以回收镜像占用的空间。
  • 图形化用户界面:用户可以通过浏览器来浏览,搜索镜像仓库以及对项目进行管理。
  • 审计管理:所有针对镜像仓库的操作都可以被记录追溯,用于审计管理。
  • 支持 RESTful API:RESTful API 提供给管理员对于 Harbor 更多的操控, 使得与其它管理软件集成变得更容易。
  • Harbor和docker registry的关系:Harbor实质上是对docker registry做了封装,扩展了自己的业务模板。

Harbor官方项目:https://github.com/goharbor

Harbor官方网站:https://goharbor.io/

Harbor官方文档:https://goharbor.io/docs/2.8.0/

二、Harbor 架构

如上图所示是 Harbor 2.0 的架构图,从上到下可分为代理层、功能层和数据层。

  • 代理层:代理层实质上是一个 Nginx 反向代理,负责接收不同类型的客户端请求,包括浏览器、用户脚本、Docker 等,并根据请求类型和 URI 转发给不同的后端服务进行处理。
  • 功能层
    • Portal:是一个基于 Argular 的前端应用,提供 Harbor 用户访问的界面。
    • Core:是 Harbor 中的核心组件,封装了 Harbor 绝大部分的业务逻辑。
    • JobService:异步任务组件,负责 Harbor 中很多比较耗时的功能,比如 Artifact 复制、扫描、垃圾回收等。
    • Docker Distribution:Harbor 通过 Distribution 实现 Artifact 的读写和存取等功能。
    • RegistryCtl:Docker Distribution 的控制组件。
    • Notary(可选):基于 TUF 提供镜像签名管理的功能。
    • 扫描工具(可选):镜像的漏洞检测工具。
    • ChartMuseum(可选):提供 API 管理非 OCI 规范的 Helm Chart,随着兼容 OCI 规范的 Helm Chart 在社区上被更广泛地接受,Helm Chart 能以 Artifact 的形式在 Harbor 中存储和管理,不再依赖 ChartMuseum,因此 Harbor 可能会在后续版本中移除对 ChartMuseum 的支持。
  • 数据层
    • Redis:主要作为缓存服务存储一些生命周期较短的数据,同时对于 JobService 还提供了类似队列的功能。
    • PostgreSQL:存储 Harbor 的应用数据,比如项目信息、用户与项目的关系、管理策略、配置信息、Artifact 的元数据等等。
    • Artifact 存储:存储 Artifact 本身的内容,也就是每次推送镜像、Helm Chart 或其他 Artifact 时,数据最终存储的地方。默认情况下,Harbor 会把 Artifact 写入本地文件系统中。用户也可以修改配置,将 Artifact 存储在外部存储中,例如亚马逊的对象存储 S3、谷歌云存储 GCS、阿里云的对象存储 OSS 等等。

三、Harbor 安装与配置

Harbor安装需要确保满足资源要求,磁盘必须大于40G,否则安装过程中会提示空间不足

[root@Harbor-Ubu1804-9:~]# cat docker_install_ubu1804_online.sh
#!/bin/bash

#********************************************************************
#Author: janzen
#Date: 2023-05-04
#FileName: docker_install_ubu1804_apt.sh
#Description: The test script
#Copyright (C): 2023 All rights reserved
#********************************************************************
COLOR="echo -e \\033[1;31m"
END="\033[m"
DOCKER_VERSION="5:19.03.15~3-0~ubuntu-bionic"

install_docker(){
$COLOR"准备安装 Docker……"$END
sleep 10
apt update &> /dev/null
apt install -y ca-certificates curl gnupg && \
install -m 0755 -d /etc/apt/keyrings && \
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg && \
chmod a+r /etc/apt/keyrings/docker.gpg && \

echo \
"deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
"$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | \
tee /etc/apt/sources.list.d/docker.list > /dev/null

apt update
$COLOR"Docker 可安装版本:"$END
apt-cache madison docker-ce | awk '{ print $3 }'
$COLOR"10 秒后即将安装:Docker-"$DOCKER_VERSION"版本"$END
$COLOR"安装其他版本情使用 Ctrl+C 退出,重新选择版本"$END
sleep 10

apt install -y docker-ce=$DOCKER_VERSION docker-ce-cli=$DOCKER_VERSION
mkdir -p /etc/docker
tee /etc/docker/daemon.json << 'EOF'
{
"registry-mirrors": ["https://hub-mirror.c.163.com","https://po3g231a.mirror.aliyuncs.com","https://docker.mirrors.ustc.edu.cn"]
}
EOF
systemctl daemon-reload
systemctl enable --now docker

docker --version && $COLOR"Docker-"$DOCKER_VERSION"安装成功"$END || $COLOR"Docker-"$DOCKER_VERSION"安装失败"$END
}

dpkg -s docker-ce &> /dev/null && { $COLOR"Docker 已安装,程序退出"$END;exit; } || install_docker

[root@Harbor-Ubu1804-9:~]# bash docker_install_ubu1804_online.sh
准备安装 Docker……
Reading package lists… Done
Building dependency tree
Reading state information… Done
ca-certificates is already the newest version (20211016ubuntu0.18.04.1).
ca-certificates set to manually installed.
curl is already the newest version (7.58.0-2ubuntu3.24).
curl set to manually installed.
The following additional packages will be installed:
dirmngr gnupg-l10n gnupg-utils gpg gpg-agent gpg-wks-client gpg-wks-server gpgconf gpgsm gpgv
Suggested packages:
dbus-user-session pinentry-gnome3 tor parcimonie xloadimage scdaemon
The following packages will be upgraded:
dirmngr gnupg gnupg-l10n gnupg-utils gpg gpg-agent gpg-wks-client gpg-wks-server gpgconf gpgsm gpgv
11 upgraded, 0 newly installed, 0 to remove and 115 not upgraded.
Need to get 0 B/2153 kB of archives.
After this operation, 0 B of additional disk space will be used.
(Reading database … 108264 files and directories currently installed.)
Preparing to unpack …/00-gpg-wks-client_2.2.4-1ubuntu1.6_amd64.deb …
Unpacking gpg-wks-client (2.2.4-1ubuntu1.6) over (2.2.4-1ubuntu1.3) …
Preparing to unpack …/01-dirmngr_2.2.4-1ubuntu1.6_amd64.deb …
Unpacking dirmngr (2.2.4-1ubuntu1.6) over (2.2.4-1ubuntu1.3) …
Preparing to unpack …/02-gpg_2.2.4-1ubuntu1.6_amd64.deb …
Unpacking gpg (2.2.4-1ubuntu1.6) over (2.2.4-1ubuntu1.3) …
Preparing to unpack …/03-gnupg-utils_2.2.4-1ubuntu1.6_amd64.deb …
Unpacking gnupg-utils (2.2.4-1ubuntu1.6) over (2.2.4-1ubuntu1.3) …
Preparing to unpack …/04-gnupg-l10n_2.2.4-1ubuntu1.6_all.deb …
Unpacking gnupg-l10n (2.2.4-1ubuntu1.6) over (2.2.4-1ubuntu1.3) …
Preparing to unpack …/05-gpg-agent_2.2.4-1ubuntu1.6_amd64.deb …
Unpacking gpg-agent (2.2.4-1ubuntu1.6) over (2.2.4-1ubuntu1.3) …
Preparing to unpack …/06-gpgsm_2.2.4-1ubuntu1.6_amd64.deb …
Unpacking gpgsm (2.2.4-1ubuntu1.6) over (2.2.4-1ubuntu1.3) …
Preparing to unpack …/07-gpgconf_2.2.4-1ubuntu1.6_amd64.deb …
Unpacking gpgconf (2.2.4-1ubuntu1.6) over (2.2.4-1ubuntu1.3) …
Preparing to unpack …/08-gnupg_2.2.4-1ubuntu1.6_amd64.deb …
Unpacking gnupg (2.2.4-1ubuntu1.6) over (2.2.4-1ubuntu1.3) …
Preparing to unpack …/09-gpg-wks-server_2.2.4-1ubuntu1.6_amd64.deb …
Unpacking gpg-wks-server (2.2.4-1ubuntu1.6) over (2.2.4-1ubuntu1.3) …
Preparing to unpack …/10-gpgv_2.2.4-1ubuntu1.6_amd64.deb …
Unpacking gpgv (2.2.4-1ubuntu1.6) over (2.2.4-1ubuntu1.3) …
Setting up gpgv (2.2.4-1ubuntu1.6) …
Setting up gpgconf (2.2.4-1ubuntu1.6) …
Setting up gpg-agent (2.2.4-1ubuntu1.6) …
Setting up gnupg-l10n (2.2.4-1ubuntu1.6) …
Setting up gpgsm (2.2.4-1ubuntu1.6) …
Setting up gnupg-utils (2.2.4-1ubuntu1.6) …
Setting up dirmngr (2.2.4-1ubuntu1.6) …
Setting up gpg (2.2.4-1ubuntu1.6) …
Setting up gpg-wks-server (2.2.4-1ubuntu1.6) …
Setting up gpg-wks-client (2.2.4-1ubuntu1.6) …
Setting up gnupg (2.2.4-1ubuntu1.6) …
Processing triggers for install-info (6.5.0.dfsg.1-2) …
Processing triggers for man-db (2.8.3-2ubuntu0.1) …
Hit:1 http://cn.archive.ubuntu.com/ubuntu bionic InRelease
Hit:2 http://cn.archive.ubuntu.com/ubuntu bionic-updates InRelease
Get:3 https://download.docker.com/linux/ubuntu bionic InRelease [64.4 kB]
Hit:4 http://cn.archive.ubuntu.com/ubuntu bionic-backports InRelease
Hit:5 http://cn.archive.ubuntu.com/ubuntu bionic-security InRelease
Get:6 https://download.docker.com/linux/ubuntu bionic/stable amd64 Packages [36.6 kB]
Fetched 101 kB in 1s (70.1 kB/s)
Reading package lists… Done
Building dependency tree
Reading state information… Done
115 packages can be upgraded. Run 'apt list --upgradable' to see them.
Docker 可安装版本:
5:23.0.5-1~ubuntu.18.04~bionic
5:23.0.4-1~ubuntu.18.04~bionic
5:23.0.3-1~ubuntu.18.04~bionic
5:23.0.2-1~ubuntu.18.04~bionic
5:23.0.1-1~ubuntu.18.04~bionic
5:23.0.0-1~ubuntu.18.04~bionic
5:20.10.24~3-0~ubuntu-bionic
5:20.10.23~3-0~ubuntu-bionic
5:20.10.22~3-0~ubuntu-bionic
5:20.10.21~3-0~ubuntu-bionic
5:20.10.20~3-0~ubuntu-bionic
5:20.10.19~3-0~ubuntu-bionic
5:20.10.18~3-0~ubuntu-bionic
5:20.10.17~3-0~ubuntu-bionic
5:20.10.16~3-0~ubuntu-bionic
5:20.10.15~3-0~ubuntu-bionic
5:20.10.14~3-0~ubuntu-bionic
5:20.10.13~3-0~ubuntu-bionic
5:20.10.12~3-0~ubuntu-bionic
5:20.10.11~3-0~ubuntu-bionic
5:20.10.10~3-0~ubuntu-bionic
5:20.10.9~3-0~ubuntu-bionic
5:20.10.8~3-0~ubuntu-bionic
5:20.10.7~3-0~ubuntu-bionic
5:20.10.6~3-0~ubuntu-bionic
5:20.10.5~3-0~ubuntu-bionic
5:20.10.4~3-0~ubuntu-bionic
5:20.10.3~3-0~ubuntu-bionic
5:20.10.2~3-0~ubuntu-bionic
5:20.10.1~3-0~ubuntu-bionic
5:20.10.0~3-0~ubuntu-bionic
5:19.03.15~3-0~ubuntu-bionic
5:19.03.14~3-0~ubuntu-bionic
5:19.03.13~3-0~ubuntu-bionic
5:19.03.12~3-0~ubuntu-bionic
5:19.03.11~3-0~ubuntu-bionic
5:19.03.10~3-0~ubuntu-bionic
5:19.03.9~3-0~ubuntu-bionic
5:19.03.8~3-0~ubuntu-bionic
5:19.03.7~3-0~ubuntu-bionic
5:19.03.6~3-0~ubuntu-bionic
5:19.03.5~3-0~ubuntu-bionic
5:19.03.4~3-0~ubuntu-bionic
5:19.03.3~3-0~ubuntu-bionic
5:19.03.2~3-0~ubuntu-bionic
5:19.03.1~3-0~ubuntu-bionic
5:19.03.0~3-0~ubuntu-bionic
5:18.09.9~3-0~ubuntu-bionic
5:18.09.8~3-0~ubuntu-bionic
5:18.09.7~3-0~ubuntu-bionic
5:18.09.6~3-0~ubuntu-bionic
5:18.09.5~3-0~ubuntu-bionic
5:18.09.4~3-0~ubuntu-bionic
5:18.09.3~3-0~ubuntu-bionic
5:18.09.2~3-0~ubuntu-bionic
5:18.09.1~3-0~ubuntu-bionic
5:18.09.0~3-0~ubuntu-bionic
18.06.3~ce~3-0~ubuntu
18.06.2~ce~3-0~ubuntu
18.06.1~ce~3-0~ubuntu
18.06.0~ce~3-0~ubuntu
18.03.1~ce~3-0~ubuntu
10 秒后即将安装:Docker-5:19.03.15~3-0~ubuntu-bionic版本
安装其他版本情使用 Ctrl+C 退出,重新选择版本
Reading package lists… Done
Building dependency tree
Reading state information… Done
The following additional packages will be installed:
aufs-tools cgroupfs-mount containerd.io libltdl7 pigz
The following NEW packages will be installed:
aufs-tools cgroupfs-mount containerd.io docker-ce docker-ce-cli libltdl7 pigz
0 upgraded, 7 newly installed, 0 to remove and 115 not upgraded.
Need to get 95.5 MB of archives.
After this operation, 414 MB of additional disk space will be used.
Get:1 http://cn.archive.ubuntu.com/ubuntu bionic/universe amd64 pigz amd64 2.4-1 [57.4 kB]
Get:2 https://download.docker.com/linux/ubuntu bionic/stable amd64 containerd.io amd64 1.6.20-1 [28.3 MB]
Get:3 http://cn.archive.ubuntu.com/ubuntu bionic/universe amd64 aufs-tools amd64 1:4.9+20170918-1ubuntu1 [104 kB]
Get:4 http://cn.archive.ubuntu.com/ubuntu bionic/universe amd64 cgroupfs-mount all 1.4 [6320 B]
Get:5 http://cn.archive.ubuntu.com/ubuntu bionic/main amd64 libltdl7 amd64 2.4.6-2 [38.8 kB]
Get:6 https://download.docker.com/linux/ubuntu bionic/stable amd64 docker-ce-cli amd64 5:19.03.15~3-0~ubuntu-bionic [44.2 MB]
Get:7 https://download.docker.com/linux/ubuntu bionic/stable amd64 docker-ce amd64 5:19.03.15~3-0~ubuntu-bionic [22.8 MB]
Fetched 95.5 MB in 19s (5086 kB/s)
Selecting previously unselected package pigz.
(Reading database … 108264 files and directories currently installed.)
Preparing to unpack …/0-pigz_2.4-1_amd64.deb …
Unpacking pigz (2.4-1) …
Selecting previously unselected package aufs-tools.
Preparing to unpack …/1-aufs-tools_1%3a4.9+20170918-1ubuntu1_amd64.deb …
Unpacking aufs-tools (1:4.9+20170918-1ubuntu1) …
Selecting previously unselected package cgroupfs-mount.
Preparing to unpack …/2-cgroupfs-mount_1.4_all.deb …
Unpacking cgroupfs-mount (1.4) …
Selecting previously unselected package containerd.io.
Preparing to unpack …/3-containerd.io_1.6.20-1_amd64.deb …
Unpacking containerd.io (1.6.20-1) …
Selecting previously unselected package docker-ce-cli.
Preparing to unpack …/4-docker-ce-cli_5%3a19.03.15~3-0~ubuntu-bionic_amd64.deb …
Unpacking docker-ce-cli (5:19.03.15~3-0~ubuntu-bionic) …
Selecting previously unselected package docker-ce.
Preparing to unpack …/5-docker-ce_5%3a19.03.15~3-0~ubuntu-bionic_amd64.deb …
Unpacking docker-ce (5:19.03.15~3-0~ubuntu-bionic) …
Selecting previously unselected package libltdl7:amd64.
Preparing to unpack …/6-libltdl7_2.4.6-2_amd64.deb …
Unpacking libltdl7:amd64 (2.4.6-2) …
Setting up aufs-tools (1:4.9+20170918-1ubuntu1) …
Setting up containerd.io (1.6.20-1) …
Created symlink /etc/systemd/system/multi-user.target.wants/containerd.service → /lib/systemd/system/containerd.service.
Setting up cgroupfs-mount (1.4) …
Setting up libltdl7:amd64 (2.4.6-2) …
Setting up docker-ce-cli (5:19.03.15~3-0~ubuntu-bionic) …
Setting up pigz (2.4-1) …
Setting up docker-ce (5:19.03.15~3-0~ubuntu-bionic) …
Created symlink /etc/systemd/system/multi-user.target.wants/docker.service → /lib/systemd/system/docker.service.
Created symlink /etc/systemd/system/sockets.target.wants/docker.socket → /lib/systemd/system/docker.socket.
Processing triggers for libc-bin (2.27-3ubuntu1.5) …
Processing triggers for systemd (237-3ubuntu10.50) …
Processing triggers for man-db (2.8.3-2ubuntu0.1) …
Processing triggers for ureadahead (0.100.0-21) …
{
"registry-mirrors": ["https://hub-mirror.c.163.com","https://po3g231a.mirror.aliyuncs.com","https://docker.mirrors.ustc.edu.cn"]
}
Synchronizing state of docker.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable docker
Docker version 19.03.15, build 99e3ed8919
Docker-5:19.03.15~3-0~ubuntu-bionic安装成功

Harbor是使用docker-compose进行部署,必须先安装 docke-compose

2.1、通过pip安装,版本较新推荐使用

#apt安装python3-pip
[root@Harbor-Ubu1804-9:~]# apt install -y python3-pip
Reading package lists… Done
Building dependency tree
Reading state information… Done
The following additional packages will be installed:
dh-python libexpat1-dev libpython3-dev libpython3.6 libpython3.6-dev libpython3.6-minimal libpython3.6-stdlib python-pip-whl python3-crypto
python3-dev python3-distutils python3-keyring python3-keyrings.alt python3-lib2to3 python3-secretstorage python3-setuptools python3-wheel
python3-xdg python3.6 python3.6-dev python3.6-minimal
Suggested packages:
python-crypto-doc gnome-keyring libkf5wallet-bin gir1.2-gnomekeyring-1.0 python-secretstorage-doc python-setuptools-doc python3.6-venv
python3.6-doc binfmt-support
The following NEW packages will be installed:
dh-python libexpat1-dev libpython3-dev libpython3.6-dev python-pip-whl python3-crypto python3-dev python3-distutils python3-keyring
python3-keyrings.alt python3-lib2to3 python3-pip python3-secretstorage python3-setuptools python3-wheel python3-xdg python3.6-dev
The following packages will be upgraded:
libpython3.6 libpython3.6-minimal libpython3.6-stdlib python3.6 python3.6-minimal
5 upgraded, 17 newly installed, 0 to remove and 112 not upgraded.
Need to get 48.2 MB/53.7 MB of archives.
After this operation, 87.3 MB of additional disk space will be used.
Get:1 http://cn.archive.ubuntu.com/ubuntu bionic-updates/main amd64 python3-lib2to3 all 3.6.9-1~18.04 [77.4 kB]
Get:2 http://cn.archive.ubuntu.com/ubuntu bionic-updates/main amd64 python3-distutils all 3.6.9-1~18.04 [144 kB]
Get:3 http://cn.archive.ubuntu.com/ubuntu bionic/main amd64 dh-python all 3.20180325ubuntu2 [89.2 kB]
Get:4 http://cn.archive.ubuntu.com/ubuntu bionic-updates/main amd64 libexpat1-dev amd64 2.2.5-3ubuntu0.9 [124 kB]
Get:5 http://cn.archive.ubuntu.com/ubuntu bionic-updates/main amd64 libpython3.6-dev amd64 3.6.9-1~18.04ubuntu1.12 [44.9 MB]
Get:6 http://cn.archive.ubuntu.com/ubuntu bionic-updates/main amd64 libpython3-dev amd64 3.6.7-1~18.04 [7328 B]
Get:7 http://cn.archive.ubuntu.com/ubuntu bionic-updates/universe amd64 python-pip-whl all 9.0.1-2.3~ubuntu1.18.04.8 [1653 kB]
Get:8 http://cn.archive.ubuntu.com/ubuntu bionic/main amd64 python3-crypto amd64 2.6.1-8ubuntu2 [244 kB]
Get:9 http://cn.archive.ubuntu.com/ubuntu bionic-updates/main amd64 python3.6-dev amd64 3.6.9-1~18.04ubuntu1.12 [511 kB]
Get:10 http://cn.archive.ubuntu.com/ubuntu bionic-updates/main amd64 python3-dev amd64 3.6.7-1~18.04 [1288 B]
Get:11 http://cn.archive.ubuntu.com/ubuntu bionic/main amd64 python3-secretstorage all 2.3.1-2 [12.1 kB]
Get:12 http://cn.archive.ubuntu.com/ubuntu bionic/main amd64 python3-keyring all 10.6.0-1 [26.7 kB]
Get:13 http://cn.archive.ubuntu.com/ubuntu bionic/main amd64 python3-keyrings.alt all 3.0-1 [16.6 kB]
Get:14 http://cn.archive.ubuntu.com/ubuntu bionic-updates/universe amd64 python3-pip all 9.0.1-2.3~ubuntu1.18.04.8 [114 kB]
Get:15 http://cn.archive.ubuntu.com/ubuntu bionic-updates/main amd64 python3-setuptools all 39.0.1-2ubuntu0.1 [248 kB]
Get:16 http://cn.archive.ubuntu.com/ubuntu bionic-updates/universe amd64 python3-wheel all 0.30.0-0.2ubuntu0.1 [36.7 kB]
Get:17 http://cn.archive.ubuntu.com/ubuntu bionic-updates/main amd64 python3-xdg all 0.25-4ubuntu1.1 [31.3 kB]
Fetched 48.2 MB in 15s (3133 kB/s)
(Reading database … 108578 files and directories currently installed.)
Preparing to unpack …/00-libpython3.6_3.6.9-1~18.04ubuntu1.12_amd64.deb …
Unpacking libpython3.6:amd64 (3.6.9-1~18.04ubuntu1.12) over (3.6.9-1~18.04ubuntu1.4) …
Preparing to unpack …/01-python3.6_3.6.9-1~18.04ubuntu1.12_amd64.deb …
Unpacking python3.6 (3.6.9-1~18.04ubuntu1.12) over (3.6.9-1~18.04ubuntu1.4) …
Preparing to unpack …/02-libpython3.6-stdlib_3.6.9-1~18.04ubuntu1.12_amd64.deb …
Unpacking libpython3.6-stdlib:amd64 (3.6.9-1~18.04ubuntu1.12) over (3.6.9-1~18.04ubuntu1.4) …
Preparing to unpack …/03-python3.6-minimal_3.6.9-1~18.04ubuntu1.12_amd64.deb …
Unpacking python3.6-minimal (3.6.9-1~18.04ubuntu1.12) over (3.6.9-1~18.04ubuntu1.4) …
Preparing to unpack …/04-libpython3.6-minimal_3.6.9-1~18.04ubuntu1.12_amd64.deb …
Unpacking libpython3.6-minimal:amd64 (3.6.9-1~18.04ubuntu1.12) over (3.6.9-1~18.04ubuntu1.4) …
Selecting previously unselected package python3-lib2to3.
Preparing to unpack …/05-python3-lib2to3_3.6.9-1~18.04_all.deb …
Unpacking python3-lib2to3 (3.6.9-1~18.04) …
Selecting previously unselected package python3-distutils.
Preparing to unpack …/06-python3-distutils_3.6.9-1~18.04_all.deb …
Unpacking python3-distutils (3.6.9-1~18.04) …
Selecting previously unselected package dh-python.
Preparing to unpack …/07-dh-python_3.20180325ubuntu2_all.deb …
Unpacking dh-python (3.20180325ubuntu2) …
Selecting previously unselected package libexpat1-dev:amd64.
Preparing to unpack …/08-libexpat1-dev_2.2.5-3ubuntu0.9_amd64.deb …
Unpacking libexpat1-dev:amd64 (2.2.5-3ubuntu0.9) …
Selecting previously unselected package libpython3.6-dev:amd64.
Preparing to unpack …/09-libpython3.6-dev_3.6.9-1~18.04ubuntu1.12_amd64.deb …
Unpacking libpython3.6-dev:amd64 (3.6.9-1~18.04ubuntu1.12) …
Selecting previously unselected package libpython3-dev:amd64.
Preparing to unpack …/10-libpython3-dev_3.6.7-1~18.04_amd64.deb …
Unpacking libpython3-dev:amd64 (3.6.7-1~18.04) …
Selecting previously unselected package python-pip-whl.
Preparing to unpack …/11-python-pip-whl_9.0.1-2.3~ubuntu1.18.04.8_all.deb …
Unpacking python-pip-whl (9.0.1-2.3~ubuntu1.18.04.8) …
Selecting previously unselected package python3-crypto.
Preparing to unpack …/12-python3-crypto_2.6.1-8ubuntu2_amd64.deb …
Unpacking python3-crypto (2.6.1-8ubuntu2) …
Selecting previously unselected package python3.6-dev.
Preparing to unpack …/13-python3.6-dev_3.6.9-1~18.04ubuntu1.12_amd64.deb …
Unpacking python3.6-dev (3.6.9-1~18.04ubuntu1.12) …
Selecting previously unselected package python3-dev.
Preparing to unpack …/14-python3-dev_3.6.7-1~18.04_amd64.deb …
Unpacking python3-dev (3.6.7-1~18.04) …
Selecting previously unselected package python3-secretstorage.
Preparing to unpack …/15-python3-secretstorage_2.3.1-2_all.deb …
Unpacking python3-secretstorage (2.3.1-2) …
Selecting previously unselected package python3-keyring.
Preparing to unpack …/16-python3-keyring_10.6.0-1_all.deb …
Unpacking python3-keyring (10.6.0-1) …
Selecting previously unselected package python3-keyrings.alt.
Preparing to unpack …/17-python3-keyrings.alt_3.0-1_all.deb …
Unpacking python3-keyrings.alt (3.0-1) …
Selecting previously unselected package python3-pip.
Preparing to unpack …/18-python3-pip_9.0.1-2.3~ubuntu1.18.04.8_all.deb …
Unpacking python3-pip (9.0.1-2.3~ubuntu1.18.04.8) …
Selecting previously unselected package python3-setuptools.
Preparing to unpack …/19-python3-setuptools_39.0.1-2ubuntu0.1_all.deb …
Unpacking python3-setuptools (39.0.1-2ubuntu0.1) …
Selecting previously unselected package python3-wheel.
Preparing to unpack …/20-python3-wheel_0.30.0-0.2ubuntu0.1_all.deb …
Unpacking python3-wheel (0.30.0-0.2ubuntu0.1) …
Selecting previously unselected package python3-xdg.
Preparing to unpack …/21-python3-xdg_0.25-4ubuntu1.1_all.deb …
Unpacking python3-xdg (0.25-4ubuntu1.1) …
Setting up python-pip-whl (9.0.1-2.3~ubuntu1.18.04.8) …
Setting up python3-crypto (2.6.1-8ubuntu2) …
Setting up python3-xdg (0.25-4ubuntu1.1) …
Setting up python3-keyrings.alt (3.0-1) …
Setting up python3-wheel (0.30.0-0.2ubuntu0.1) …
Setting up libpython3.6-minimal:amd64 (3.6.9-1~18.04ubuntu1.12) …
Setting up libexpat1-dev:amd64 (2.2.5-3ubuntu0.9) …
Setting up python3-lib2to3 (3.6.9-1~18.04) …
Setting up python3-secretstorage (2.3.1-2) …
Setting up python3-distutils (3.6.9-1~18.04) …
Setting up libpython3.6-stdlib:amd64 (3.6.9-1~18.04ubuntu1.12) …
Setting up python3-keyring (10.6.0-1) …
Setting up python3.6-minimal (3.6.9-1~18.04ubuntu1.12) …
Setting up python3-pip (9.0.1-2.3~ubuntu1.18.04.8) …
Setting up python3-setuptools (39.0.1-2ubuntu0.1) …
Setting up dh-python (3.20180325ubuntu2) …
Setting up libpython3.6:amd64 (3.6.9-1~18.04ubuntu1.12) …
Setting up python3.6 (3.6.9-1~18.04ubuntu1.12) …
Setting up libpython3.6-dev:amd64 (3.6.9-1~18.04ubuntu1.12) …
Setting up python3.6-dev (3.6.9-1~18.04ubuntu1.12) …
Setting up libpython3-dev:amd64 (3.6.7-1~18.04) …
Setting up python3-dev (3.6.7-1~18.04) …
Processing triggers for man-db (2.8.3-2ubuntu0.1) …
Processing triggers for mime-support (3.60ubuntu1) …
Processing triggers for libc-bin (2.27-3ubuntu1.5) …

#升级pip3版本
[root@Harbor-Ubu1804-9:~]# python3 -m pip install --upgrade pip
Collecting pip
Downloading https://files.pythonhosted.org/packages/a4/6d/6463d49a933f547439d6b5b98b46af8742cc03ae83543e4d7688c2420f8b/pip-21.3.1-py3-none-any.whl (1.7MB)
100% |████████████████████████████████| 1.7MB 310kB/s
Installing collected packages: pip
Found existing installation: pip 9.0.1
Not uninstalling pip at /usr/lib/python3/dist-packages, outside environment /usr
Successfully installed pip-21.3.1

#pip3安装docker-compose
[root@Harbor-Ubu1804-9:~]# pip3 install docker-compose
WARNING: pip is being invoked by an old script wrapper. This will fail in a future version of pip.
Please see https://github.com/pypa/pip/issues/5599 for advice on fixing the underlying issue.
To avoid this problem you can invoke Python with '-m pip' instead of running pip directly.
Collecting docker-compose
Using cached docker_compose-1.29.2-py2.py3-none-any.whl (114 kB)
Requirement already satisfied: PyYAML<6,>=3.10 in /usr/lib/python3/dist-packages (from docker-compose) (3.12)
Collecting cached-property<2,>=1.2.0
Using cached cached_property-1.5.2-py2.py3-none-any.whl (7.6 kB)
Collecting texttable<2,>=0.9.0
Using cached texttable-1.6.7-py2.py3-none-any.whl (10 kB)
Requirement already satisfied: jsonschema<4,>=2.5.1 in /usr/lib/python3/dist-packages (from docker-compose) (2.6.0)
Collecting dockerpty<1,>=0.4.1
Using cached dockerpty-0.4.1.tar.gz (13 kB)
Preparing metadata (setup.py) … done
Collecting python-dotenv<1,>=0.13.0
Using cached python_dotenv-0.20.0-py3-none-any.whl (17 kB)
Collecting distro<2,>=1.5.0
Using cached distro-1.8.0-py3-none-any.whl (20 kB)
Collecting websocket-client<1,>=0.32.0
Using cached websocket_client-0.59.0-py2.py3-none-any.whl (67 kB)
Collecting docker[ssh]>=5
Using cached docker-5.0.3-py2.py3-none-any.whl (146 kB)
Collecting docopt<1,>=0.6.1
Using cached docopt-0.6.2.tar.gz (25 kB)
Preparing metadata (setup.py) … done
Collecting requests<3,>=2.20.0
Using cached requests-2.27.1-py2.py3-none-any.whl (63 kB)
Collecting paramiko>=2.4.2
Using cached paramiko-3.1.0-py3-none-any.whl (211 kB)
Requirement already satisfied: six>=1.3.0 in /usr/lib/python3/dist-packages (from dockerpty<1,>=0.4.1->docker-compose) (1.11.0)
Requirement already satisfied: urllib3<1.27,>=1.21.1 in /usr/lib/python3/dist-packages (from requests<3,>=2.20.0->docker-compose) (1.22)
Requirement already satisfied: idna<4,>=2.5 in /usr/lib/python3/dist-packages (from requests<3,>=2.20.0->docker-compose) (2.6)
Collecting charset-normalizer~=2.0.0
Using cached charset_normalizer-2.0.12-py3-none-any.whl (39 kB)
Requirement already satisfied: certifi>=2017.4.17 in /usr/lib/python3/dist-packages (from requests<3,>=2.20.0->docker-compose) (2018.1.18)
Collecting cryptography>=3.3
Downloading cryptography-40.0.2-cp36-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (3.7 MB)
|████████████████████████████████| 3.7 MB 5.6 MB/s
Collecting pynacl>=1.5
Downloading PyNaCl-1.5.0-cp36-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_24_x86_64.whl (856 kB)
|████████████████████████████████| 856 kB 6.8 MB/s
Collecting bcrypt>=3.2
Downloading bcrypt-4.0.1-cp36-abi3-manylinux_2_24_x86_64.whl (593 kB)
|████████████████████████████████| 593 kB 6.1 MB/s
Collecting cffi>=1.12
Downloading cffi-1.15.1-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.whl (402 kB)
|████████████████████████████████| 402 kB 6.7 MB/s
Collecting pycparser
Downloading pycparser-2.21-py2.py3-none-any.whl (118 kB)
|████████████████████████████████| 118 kB 6.7 MB/s
Building wheels for collected packages: dockerpty, docopt
Building wheel for dockerpty (setup.py) … done
Created wheel for dockerpty: filename=dockerpty-0.4.1-py3-none-any.whl size=15382 sha256=33b5b9afbc2c8997e84638ac0042225a216ec8bacbbef30e38f9e25daaa57119
Stored in directory: /root/.cache/pip/wheels/61/8f/e3/247046231ee138b48be905e4a748d570630e1f3ec24632b00b
Building wheel for docopt (setup.py) … done
Created wheel for docopt: filename=docopt-0.6.2-py2.py3-none-any.whl size=19852 sha256=2292e4aab1e61506744fc93262cc4e8b861f4895e7850d1c20acbb0ef4e6f779
Stored in directory: /root/.cache/pip/wheels/3f/2a/fa/4d7a888e69774d5e6e855d190a8a51b357d77cc05eb1c097c9
Successfully built dockerpty docopt
Installing collected packages: pycparser, charset-normalizer, cffi, websocket-client, requests, pynacl, cryptography, bcrypt, paramiko, docker, texttable, python-dotenv, docopt, dockerpty, distro, cached-property, docker-compose
Attempting uninstall: requests
Found existing installation: requests 2.18.4
Uninstalling requests-2.18.4:
Successfully uninstalled requests-2.18.4
Attempting uninstall: cryptography
Found existing installation: cryptography 2.1.4
Uninstalling cryptography-2.1.4:
Successfully uninstalled cryptography-2.1.4
Successfully installed bcrypt-4.0.1 cached-property-1.5.2 cffi-1.15.1 charset-normalizer-2.0.12 cryptography-40.0.2 distro-1.8.0 docker-5.0.3 docker-compose-1.29.2 dockerpty-0.4.1 docopt-0.6.2 paramiko-3.1.0 pycparser-2.21 pynacl-1.5.0 python-dotenv-0.20.0 requests-2.27.1 texttable-1.6.7 websocket-client-0.59.0
WARNING: Running pip as the 'root' user can result in broken permissions and conflicting behaviour with the system package manager. It is recommended to use a virtual environment instead: https://pip.pypa.io/warnings/venv

#查看docker-compose版本
[root@Harbor-Ubu1804-9:~]# docker-compose --version
/usr/local/lib/python3.6/dist-packages/paramiko/transport.py:32: CryptographyDeprecationWarning: Python 3.6 is no longer supported by the Python core team. Therefore, support for it is deprecated in cryptography. The next release of cryptography will remove support for Python 3.6.
from cryptography.hazmat.backends import default_backend
docker-compose version 1.29.2, build unknown

2.2、直接从github下载安装对应版本

官方github地址:https://github.com/docker/compose/releases

[root@Harbor-Ubu1804-10:~]# curl -L https://github.com/docker/compose/releases/download/v2.17.3/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0
100 51.9M 100 51.9M 0 0 15242 0 0:59:33 0:59:33 --:--:-- 11665
[root@Harbor-Ubu1804-10:~]# chmod +x /usr/local/bin/docker-compose
[root@Harbor-Ubu1804-10:~]# docker-compose --version
Docker Compose version v2.17.3

2.3、apt直接安装,版本较低,不推荐

ed: sha256:eeb6ee3f44bd0b5103bb561b4c16bcb82328cfe5809ab675bb17ab3a16c517c9
Deleted: sha256:174f5685490326fc0a1c0f5570b8663732189b327007e47ff13d2ca59673db02
Error: No such image: 0bb6d36c85ca
Error: No such image: b9d392225b3e
Error: No such image: 7614ae9453d1
Error: No such image: feb5d9fea6a5
[root@Docker-Ubu1804-p11:~]# df -Th
Filesystem Type Size Used Avail Use% Mounted on
udev devtmpfs 447M 0 447M 0% /dev
tmpfs tmpfs 96M 924K 96M 1% /run
/dev/mapper/ubuntu--vg-ubuntu--lv ext4 8.8G 6.7G 1.7G 81% /
tmpfs tmpfs 480M 0 480M 0% /dev/shm
tmpfs tmpfs 5.0M 0 5.0M 0% /run/lock
tmpfs tmpfs 480M 0 480M 0% /sys/fs/cgroup
/dev/sda2 ext4 974M 152M 755M 17% /boot
tmpfs tmpfs 96M 0 96M 0% /run/user/1000
[root@Docker-Ubu1804-p11:~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@Docker-Ubu1804-p11:~]#
[root@Docker-Ubu1804-p11:~]# apt install -y docker-compose
Reading package lists… Done
Building dependency tree
Reading state information… Done
The following additional packages will be installed:
docker-ce docker-ce-cli golang-docker-credential-helpers libpython-stdlib libpython2.7-minimal libpython2.7-stdlib libsecret-1-0
libsecret-common python python-asn1crypto python-backports.ssl-match-hostname python-cached-property python-certifi python-cffi-backend
python-chardet python-cryptography python-docker python-dockerpty python-dockerpycreds python-docopt python-enum34 python-funcsigs
python-functools32 python-idna python-ipaddress python-jsonschema python-minimal python-mock python-openssl python-pbr python-pkg-resources
python-requests python-six python-texttable python-urllib3 python-websocket python-yaml python2.7 python2.7-minimal
Suggested packages:
python-doc python-tk python-cryptography-doc python-cryptography-vectors python-enum34-doc python-funcsigs-doc python-mock-doc
python-openssl-doc python-openssl-dbg python-setuptools python-socks python-ntlm python2.7-doc binfmt-support
Recommended packages:
docker-ce-rootless-extras docker-buildx-plugin docker-compose-plugin docker.io
The following NEW packages will be installed:
docker-compose golang-docker-credential-helpers libpython-stdlib libpython2.7-minimal libpython2.7-stdlib libsecret-1-0 libsecret-common
python python-asn1crypto python-backports.ssl-match-hostname python-cached-property python-certifi python-cffi-backend python-chardet
python-cryptography python-docker python-dockerpty python-dockerpycreds python-docopt python-enum34 python-funcsigs python-functools32
python-idna python-ipaddress python-jsonschema python-minimal python-mock python-openssl python-pbr python-pkg-resources python-requests
python-six python-texttable python-urllib3 python-websocket python-yaml python2.7 python2.7-minimal
The following packages will be upgraded:
docker-ce docker-ce-cli
2 upgraded, 38 newly installed, 0 to remove and 61 not upgraded.
Need to get 41.3 MB of archives.
After this operation, 135 MB disk space will be freed.
Get:1 http://cn.archive.ubuntu.com/ubuntu bionic-updates/main amd64 libpython2.7-minimal amd64 2.7.17-1~18.04ubuntu1.11 [335 kB]
Get:2 https://download.docker.com/linux/ubuntu bionic/stable amd64 docker-ce-cli amd64 5:23.0.5-1~ubuntu.18.04~bionic [13.2 MB]
Get:3 http://cn.archive.ubuntu.com/ubuntu bionic-updates/main amd64 python2.7-minimal amd64 2.7.17-1~18.04ubuntu1.11 [1294 kB]
Get:4 http://cn.archive.ubuntu.com/ubuntu bionic/main amd64 python-minimal amd64 2.7.15~rc1-1 [28.1 kB]
Get:5 http://cn.archive.ubuntu.com/ubuntu bionic-updates/main amd64 libpython2.7-stdlib amd64 2.7.17-1~18.04ubuntu1.11 [1919 kB]
Get:6 https://download.docker.com/linux/ubuntu bionic/stable amd64 docker-ce amd64 5:23.0.5-1~ubuntu.18.04~bionic [22.0 MB]
Get:7 http://cn.archive.ubuntu.com/ubuntu bionic-updates/main amd64 python2.7 amd64 2.7.17-1~18.04ubuntu1.11 [248 kB]
Get:8 http://cn.archive.ubuntu.com/ubuntu bionic/main amd64 libpython-stdlib amd64 2.7.15~rc1-1 [7620 B]
Get:9 http://cn.archive.ubuntu.com/ubuntu bionic/main amd64 python amd64 2.7.15~rc1-1 [140 kB]
Get:10 http://cn.archive.ubuntu.com/ubuntu bionic/universe amd64 python-backports.ssl-match-hostname all 3.5.0.1-1 [7024 B]
Get:11 http://cn.archive.ubuntu.com/ubuntu bionic-updates/main amd64 python-pkg-resources all 39.0.1-2ubuntu0.1 [128 kB]
Get:12 http://cn.archive.ubuntu.com/ubuntu bionic/universe amd64 python-cached-property all 1.3.1-1 [7568 B]
Get:13 http://cn.archive.ubuntu.com/ubuntu bionic/main amd64 python-six all 1.11.0-2 [11.3 kB]
Get:14 http://cn.archive.ubuntu.com/ubuntu bionic/main amd64 libsecret-common all 0.18.6-1 [4452 B]
Get:15 http://cn.archive.ubuntu.com/ubuntu bionic/main amd64 libsecret-1-0 amd64 0.18.6-1 [94.6 kB]
Get:16 http://cn.archive.ubuntu.com/ubuntu bionic-updates/universe amd64 golang-docker-credential-helpers amd64 0.5.0-2ubuntu0.1 [477 kB]
Get:17 http://cn.archive.ubuntu.com/ubuntu bionic/universe amd64 python-dockerpycreds all 0.2.1-1 [4138 B]
Get:18 http://cn.archive.ubuntu.com/ubuntu bionic/main amd64 python-certifi all 2018.1.18-2 [144 kB]
Get:19 http://cn.archive.ubuntu.com/ubuntu bionic/main amd64 python-chardet all 3.0.4-1 [80.3 kB]
Get:20 http://cn.archive.ubuntu.com/ubuntu bionic/main amd64 python-idna all 2.6-1 [32.4 kB]
Get:21 http://cn.archive.ubuntu.com/ubuntu bionic-updates/main amd64 python-urllib3 all 1.22-1ubuntu0.18.04.2 [86.0 kB]
Get:22 http://cn.archive.ubuntu.com/ubuntu bionic-updates/main amd64 python-requests all 2.18.4-2ubuntu0.1 [58.5 kB]
Get:23 http://cn.archive.ubuntu.com/ubuntu bionic/universe amd64 python-websocket all 0.44.0-0ubuntu2 [30.7 kB]
Get:24 http://cn.archive.ubuntu.com/ubuntu bionic/main amd64 python-ipaddress all 1.0.17-1 [18.2 kB]
Get:25 http://cn.archive.ubuntu.com/ubuntu bionic/universe amd64 python-docker all 2.5.1-1 [69.0 kB]
Get:26 http://cn.archive.ubuntu.com/ubuntu bionic/universe amd64 python-dockerpty all 0.4.1-1 [10.8 kB]
Get:27 http://cn.archive.ubuntu.com/ubuntu bionic/universe amd64 python-docopt all 0.6.2-1build1 [25.6 kB]
Get:28 http://cn.archive.ubuntu.com/ubuntu bionic/main amd64 python-enum34 all 1.1.6-2 [34.8 kB]
Get:29 http://cn.archive.ubuntu.com/ubuntu bionic/main amd64 python-functools32 all 3.2.3.2-3 [10.8 kB]
Get:30 http://cn.archive.ubuntu.com/ubuntu bionic/main amd64 python-funcsigs all 1.0.2-4 [13.5 kB]
Get:31 http://cn.archive.ubuntu.com/ubuntu bionic/main amd64 python-pbr all 3.1.1-3ubuntu3 [53.7 kB]
Get:32 http://cn.archive.ubuntu.com/ubuntu bionic/main amd64 python-mock all 2.0.0-3 [47.4 kB]
Get:33 http://cn.archive.ubuntu.com/ubuntu bionic/main amd64 python-jsonschema all 2.6.0-2 [31.5 kB]
Get:34 http://cn.archive.ubuntu.com/ubuntu bionic/universe amd64 python-texttable all 0.9.1-1 [8160 B]
Get:35 http://cn.archive.ubuntu.com/ubuntu bionic/main amd64 python-yaml amd64 3.12-1build2 [115 kB]
Get:36 http://cn.archive.ubuntu.com/ubuntu bionic/universe amd64 docker-compose all 1.17.1-2 [76.3 kB]
Get:37 http://cn.archive.ubuntu.com/ubuntu bionic/main amd64 python-asn1crypto all 0.24.0-1 [72.7 kB]
Get:38 http://cn.archive.ubuntu.com/ubuntu bionic/main amd64 python-cffi-backend amd64 1.11.5-1 [63.4 kB]
Get:39 http://cn.archive.ubuntu.com/ubuntu bionic-updates/main amd64 python-cryptography amd64 2.1.4-1ubuntu1.4 [276 kB]
Get:40 http://cn.archive.ubuntu.com/ubuntu bionic/main amd64 python-openssl all 17.5.0-1ubuntu1 [41.3 kB]
Fetched 41.3 MB in 26s (1612 kB/s)
Extracting templates from packages: 100%
Selecting previously unselected package libpython2.7-minimal:amd64.
(Reading database … 108939 files and directories currently installed.)
Preparing to unpack …/0-libpython2.7-minimal_2.7.17-1~18.04ubuntu1.11_amd64.deb …
Unpacking libpython2.7-minimal:amd64 (2.7.17-1~18.04ubuntu1.11) …
Selecting previously unselected package python2.7-minimal.
Preparing to unpack …/1-python2.7-minimal_2.7.17-1~18.04ubuntu1.11_amd64.deb …
Unpacking python2.7-minimal (2.7.17-1~18.04ubuntu1.11) …
Selecting previously unselected package python-minimal.
Preparing to unpack …/2-python-minimal_2.7.15~rc1-1_amd64.deb …
Unpacking python-minimal (2.7.15~rc1-1) …
Selecting previously unselected package libpython2.7-stdlib:amd64.
Preparing to unpack …/3-libpython2.7-stdlib_2.7.17-1~18.04ubuntu1.11_amd64.deb …
Unpacking libpython2.7-stdlib:amd64 (2.7.17-1~18.04ubuntu1.11) …
Selecting previously unselected package python2.7.
Preparing to unpack …/4-python2.7_2.7.17-1~18.04ubuntu1.11_amd64.deb …
Unpacking python2.7 (2.7.17-1~18.04ubuntu1.11) …
Selecting previously unselected package libpython-stdlib:amd64.
Preparing to unpack …/5-libpython-stdlib_2.7.15~rc1-1_amd64.deb …
Unpacking libpython-stdlib:amd64 (2.7.15~rc1-1) …
Setting up libpython2.7-minimal:amd64 (2.7.17-1~18.04ubuntu1.11) …
Setting up python2.7-minimal (2.7.17-1~18.04ubuntu1.11) …
Linking and byte-compiling packages for runtime python2.7…
Setting up python-minimal (2.7.15~rc1-1) …
Selecting previously unselected package python.
(Reading database … 109687 files and directories currently installed.)
Preparing to unpack …/00-python_2.7.15~rc1-1_amd64.deb …
Unpacking python (2.7.15~rc1-1) …
Preparing to unpack …/01-docker-ce-cli_5%3a23.0.5-1~ubuntu.18.04~bionic_amd64.deb …
Unpacking docker-ce-cli (5:23.0.5-1~ubuntu.18.04~bionic) over (5:19.03.15~3-0~ubuntu-bionic) …
Preparing to unpack …/02-docker-ce_5%3a23.0.5-1~ubuntu.18.04~bionic_amd64.deb …
Unpacking docker-ce (5:23.0.5-1~ubuntu.18.04~bionic) over (5:19.03.15~3-0~ubuntu-bionic) …
Selecting previously unselected package python-backports.ssl-match-hostname.
Preparing to unpack …/03-python-backports.ssl-match-hostname_3.5.0.1-1_all.deb …
Unpacking python-backports.ssl-match-hostname (3.5.0.1-1) …
Selecting previously unselected package python-pkg-resources.
Preparing to unpack …/04-python-pkg-resources_39.0.1-2ubuntu0.1_all.deb …
Unpacking python-pkg-resources (39.0.1-2ubuntu0.1) …
Selecting previously unselected package python-cached-property.
Preparing to unpack …/05-python-cached-property_1.3.1-1_all.deb …
Unpacking python-cached-property (1.3.1-1) …
Selecting previously unselected package python-six.
Preparing to unpack …/06-python-six_1.11.0-2_all.deb …
Unpacking python-six (1.11.0-2) …
Selecting previously unselected package libsecret-common.
Preparing to unpack …/07-libsecret-common_0.18.6-1_all.deb …
Unpacking libsecret-common (0.18.6-1) …
Selecting previously unselected package libsecret-1-0:amd64.
Preparing to unpack …/08-libsecret-1-0_0.18.6-1_amd64.deb …
Unpacking libsecret-1-0:amd64 (0.18.6-1) …
Selecting previously unselected package golang-docker-credential-helpers.
Preparing to unpack …/09-golang-docker-credential-helpers_0.5.0-2ubuntu0.1_amd64.deb …
Unpacking golang-docker-credential-helpers (0.5.0-2ubuntu0.1) …
Selecting previously unselected package python-dockerpycreds.
Preparing to unpack …/10-python-dockerpycreds_0.2.1-1_all.deb …
Unpacking python-dockerpycreds (0.2.1-1) …
Selecting previously unselected package python-certifi.
Preparing to unpack …/11-python-certifi_2018.1.18-2_all.deb …
Unpacking python-certifi (2018.1.18-2) …
Selecting previously unselected package python-chardet.
Preparing to unpack …/12-python-chardet_3.0.4-1_all.deb …
Unpacking python-chardet (3.0.4-1) …
Selecting previously unselected package python-idna.
Preparing to unpack …/13-python-idna_2.6-1_all.deb …
Unpacking python-idna (2.6-1) …
Selecting previously unselected package python-urllib3.
Preparing to unpack …/14-python-urllib3_1.22-1ubuntu0.18.04.2_all.deb …
Unpacking python-urllib3 (1.22-1ubuntu0.18.04.2) …
Selecting previously unselected package python-requests.
Preparing to unpack …/15-python-requests_2.18.4-2ubuntu0.1_all.deb …
Unpacking python-requests (2.18.4-2ubuntu0.1) …
Selecting previously unselected package python-websocket.
Preparing to unpack …/16-python-websocket_0.44.0-0ubuntu2_all.deb …
Unpacking python-websocket (0.44.0-0ubuntu2) …
Selecting previously unselected package python-ipaddress.
Preparing to unpack …/17-python-ipaddress_1.0.17-1_all.deb …
Unpacking python-ipaddress (1.0.17-1) …
Selecting previously unselected package python-docker.
Preparing to unpack …/18-python-docker_2.5.1-1_all.deb …
Unpacking python-docker (2.5.1-1) …
Selecting previously unselected package python-dockerpty.
Preparing to unpack …/19-python-dockerpty_0.4.1-1_all.deb …
Unpacking python-dockerpty (0.4.1-1) …
Selecting previously unselected package python-docopt.
Preparing to unpack …/20-python-docopt_0.6.2-1build1_all.deb …
Unpacking python-docopt (0.6.2-1build1) …
Selecting previously unselected package python-enum34.
Preparing to unpack …/21-python-enum34_1.1.6-2_all.deb …
Unpacking python-enum34 (1.1.6-2) …
Selecting previously unselected package python-functools32.
Preparing to unpack …/22-python-functools32_3.2.3.2-3_all.deb …
Unpacking python-functools32 (3.2.3.2-3) …
Selecting previously unselected package python-funcsigs.
Preparing to unpack …/23-python-funcsigs_1.0.2-4_all.deb …
Unpacking python-funcsigs (1.0.2-4) …
Selecting previously unselected package python-pbr.
Preparing to unpack …/24-python-pbr_3.1.1-3ubuntu3_all.deb …
Unpacking python-pbr (3.1.1-3ubuntu3) …
Selecting previously unselected package python-mock.
Preparing to unpack …/25-python-mock_2.0.0-3_all.deb …
Unpacking python-mock (2.0.0-3) …
Selecting previously unselected package python-jsonschema.
Preparing to unpack …/26-python-jsonschema_2.6.0-2_all.deb …
Unpacking python-jsonschema (2.6.0-2) …
Selecting previously unselected package python-texttable.
Preparing to unpack …/27-python-texttable_0.9.1-1_all.deb …
Unpacking python-texttable (0.9.1-1) …
Selecting previously unselected package python-yaml.
Preparing to unpack …/28-python-yaml_3.12-1build2_amd64.deb …
Unpacking python-yaml (3.12-1build2) …
Selecting previously unselected package docker-compose.
Preparing to unpack …/29-docker-compose_1.17.1-2_all.deb …
Unpacking docker-compose (1.17.1-2) …
Selecting previously unselected package python-asn1crypto.
Preparing to unpack …/30-python-asn1crypto_0.24.0-1_all.deb …
Unpacking python-asn1crypto (0.24.0-1) …
Selecting previously unselected package python-cffi-backend.
Preparing to unpack …/31-python-cffi-backend_1.11.5-1_amd64.deb …
Unpacking python-cffi-backend (1.11.5-1) …
Selecting previously unselected package python-cryptography.
Preparing to unpack …/32-python-cryptography_2.1.4-1ubuntu1.4_amd64.deb …
Unpacking python-cryptography (2.1.4-1ubuntu1.4) …
Selecting previously unselected package python-openssl.
Preparing to unpack …/33-python-openssl_17.5.0-1ubuntu1_all.deb …
Unpacking python-openssl (17.5.0-1ubuntu1) …
Setting up libsecret-common (0.18.6-1) …
Setting up docker-ce-cli (5:23.0.5-1~ubuntu.18.04~bionic) …
Setting up libsecret-1-0:amd64 (0.18.6-1) …
Setting up libpython2.7-stdlib:amd64 (2.7.17-1~18.04ubuntu1.11) …
Setting up docker-ce (5:23.0.5-1~ubuntu.18.04~bionic) …
Setting up python2.7 (2.7.17-1~18.04ubuntu1.11) …
Setting up libpython-stdlib:amd64 (2.7.15~rc1-1) …
Setting up golang-docker-credential-helpers (0.5.0-2ubuntu0.1) …
Setting up python (2.7.15~rc1-1) …
Setting up python-idna (2.6-1) …
Setting up python-texttable (0.9.1-1) …
Setting up python-functools32 (3.2.3.2-3) …
Setting up python-yaml (3.12-1build2) …
Setting up python-asn1crypto (0.24.0-1) …
Setting up python-certifi (2018.1.18-2) …
Setting up python-pkg-resources (39.0.1-2ubuntu0.1) …
Setting up python-backports.ssl-match-hostname (3.5.0.1-1) …
Setting up python-cffi-backend (1.11.5-1) …
Setting up python-six (1.11.0-2) …
Setting up python-dockerpty (0.4.1-1) …
Setting up python-pbr (3.1.1-3ubuntu3) …
update-alternatives: using /usr/bin/python2-pbr to provide /usr/bin/pbr (pbr) in auto mode
Setting up python-enum34 (1.1.6-2) …
Setting up python-funcsigs (1.0.2-4) …
Setting up python-docopt (0.6.2-1build1) …
Setting up python-ipaddress (1.0.17-1) …
Setting up python-cached-property (1.3.1-1) …
Setting up python-urllib3 (1.22-1ubuntu0.18.04.2) …
Setting up python-chardet (3.0.4-1) …
Setting up python-dockerpycreds (0.2.1-1) …
Setting up python-mock (2.0.0-3) …
Setting up python-websocket (0.44.0-0ubuntu2) …
update-alternatives: using /usr/bin/python2-wsdump to provide /usr/bin/wsdump (wsdump) in auto mode
Setting up python-cryptography (2.1.4-1ubuntu1.4) …
Setting up python-requests (2.18.4-2ubuntu0.1) …
Setting up python-jsonschema (2.6.0-2) …
update-alternatives: using /usr/bin/python2-jsonschema to provide /usr/bin/jsonschema (jsonschema) in auto mode
Setting up python-openssl (17.5.0-1ubuntu1) …
Setting up python-docker (2.5.1-1) …
Setting up docker-compose (1.17.1-2) …
Processing triggers for systemd (237-3ubuntu10.57) …
Processing triggers for man-db (2.8.3-2ubuntu0.1) …
Processing triggers for mime-support (3.60ubuntu1) …
Processing triggers for ureadahead (0.100.0-21) …
Processing triggers for libc-bin (2.27-3ubuntu1.5) …
[root@Docker-Ubu1804-p11:~]# docker-compose --version
docker-compose version 1.17.1, build unknown

官方github地址:https://github.com/goharbor/harbor/releases

3.1、下载并解压离线安装包

[root@Harbor-Ubu1804-9:~]# wget https://github.com/goharbor/harbor/releases/download/v2.8.0/harbor-offline-installer-v2.8.0.tgz
--2023-05-04 06:44:13-- https://github.com/goharbor/harbor/releases/download/v2.8.0/harbor-offline-installer-v2.8.0.tgz
Resolving github.com (github.com)… 20.205.243.166
Connecting to github.com (github.com)|20.205.243.166|:443… connected.
HTTP request sent, awaiting response… 302 Found
Location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/50613991/3264ff53-d69e-4d73-b601-285a81844054?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20230503%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20230503T224414Z&X-Amz-Expires=300&X-Amz-Signature=56f78b1f71515177b32050e70d8364172789ee7061978bff34970e8b9979e021&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=50613991&response-content-disposition=attachment%3B%20filename%3Dharbor-offline-installer-v2.8.0.tgz&response-content-type=application%2Foctet-stream [following]
--2023-05-04 06:44:14-- https://objects.githubusercontent.com/github-production-release-asset-2e65be/50613991/3264ff53-d69e-4d73-b601-285a81844054?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20230503%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20230503T224414Z&X-Amz-Expires=300&X-Amz-Signature=56f78b1f71515177b32050e70d8364172789ee7061978bff34970e8b9979e021&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=50613991&response-content-disposition=attachment%3B%20filename%3Dharbor-offline-installer-v2.8.0.tgz&response-content-type=application%2Foctet-stream
Resolving objects.githubusercontent.com (objects.githubusercontent.com)… 185.199.111.133
Connecting to objects.githubusercontent.com (objects.githubusercontent.com)|185.199.111.133|:443… connected.
HTTP request sent, awaiting response… 200 OK
Length: 633942863 (605M) [application/octet-stream]
Saving to: ‘harbor-offline-installer-v2.8.0.tgz’

harbor-offline-installer-v2.8.0.tgz 100%[===================================================================>] 604.57M 5.90MB/s in 1m 43s

2023-05-04 06:45:59 (5.85 MB/s) - ‘harbor-offline-installer-v2.8.0.tgz’ saved [633942863/633942863]

[root@Harbor-Ubu1804-9:~]# ls
disk.sh docker_install_ubu1804_online.sh harbor-offline-installer-v2.8.0.tgz issue os.version redis_install.sh system_info.sh
[root@Harbor-Ubu1804-9:~]# mkdir /apps
[root@Harbor-Ubu1804-9:~]# tar xvf harbor-offline-installer-v2.8.0.tgz -C /apps/
harbor/harbor.v2.8.0.tar.gz
harbor/prepare
harbor/LICENSE
harbor/install.sh
harbor/common.sh
harbor/harbor.yml.tmpl
[root@Harbor-Ubu1804-9:~]# tree /apps/
/apps/
└── harbor
├── LICENSE
├── common.sh
├── harbor.v2.8.0.tar.gz
├── harbor.yml.tmpl
├── install.sh
└── prepare

1 directory, 6 files

3.2、下载并解压在线安装包

[root@Harbor-Ubu1804-10:~]# wget https://github.com/goharbor/harbor/releases/download/v2.8.0/harbor-online-installer-v2.8.0.tgz
--2023-05-04 22:34:03-- https://github.com/goharbor/harbor/releases/download/v2.8.0/harbor-online-installer-v2.8.0.tgz
Resolving github.com (github.com)… 20.205.243.166
Connecting to github.com (github.com)|20.205.243.166|:443… connected.
HTTP request sent, awaiting response… 302 Found
Location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/50613991/5b13b62e-9582-430d-937c-7add3750b641?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20230504%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20230504T143403Z&X-Amz-Expires=300&X-Amz-Signature=00160a898b7b7e86a791af42a75b2ac9f4b1ee834dfcf31b310ec10a7116c999&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=50613991&response-content-disposition=attachment%3B%20filename%3Dharbor-online-installer-v2.8.0.tgz&response-content-type=application%2Foctet-stream [following]
--2023-05-04 22:34:04-- https://objects.githubusercontent.com/github-production-release-asset-2e65be/50613991/5b13b62e-9582-430d-937c-7add3750b641?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20230504%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20230504T143403Z&X-Amz-Expires=300&X-Amz-Signature=00160a898b7b7e86a791af42a75b2ac9f4b1ee834dfcf31b310ec10a7116c999&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=50613991&response-content-disposition=attachment%3B%20filename%3Dharbor-online-installer-v2.8.0.tgz&response-content-type=application%2Foctet-stream
Resolving objects.githubusercontent.com (objects.githubusercontent.com)… 185.199.111.133, 185.199.109.133, 185.199.108.133, …
Connecting to objects.githubusercontent.com (objects.githubusercontent.com)|185.199.111.133|:443… connected.
HTTP request sent, awaiting response… 200 OK
Length: 11022 (11K) [application/octet-stream]
Saving to: ‘harbor-online-installer-v2.8.0.tgz’

harbor-online-installer-v2.8.0.tgz 100%[===================================================================>] 10.76K 56.5KB/s in 0.2s

2023-05-04 22:34:05 (56.5 KB/s) - ‘harbor-online-installer-v2.8.0.tgz’ saved [11022/11022]
[root@Harbor-Ubu1804-10:~]# ls
disk.sh docker-compose-Linux-x86_64.1 harbor-online-installer-v2.8.0.tgz os.version system_info.sh
docker-compose-Linux-x86_64 docker_install_ubu1804_online.sh issue redis_install.sh
[root@Harbor-Ubu1804-10:~]# mkdir /apps -p
[root@Harbor-Ubu1804-10:~]# tar zxvf harbor-online-installer-v2.8.0.tgz -C /apps
harbor/prepare
harbor/LICENSE
harbor/install.sh
harbor/common.sh
harbor/harbor.yml.tmpl
[root@Harbor-Ubu1804-10:~]# tree /apps
/apps
└── harbor
├── LICENSE
├── common.sh
├── harbor.yml.tmpl
├── install.sh
└── prepare

1 directory, 5 files

[root@Harbor-Ubu1804-9:~]# sed -e "/^hostname: .*$/c hostname: 10.0.0.10" \
-e "/harbor_admin_password: .*$/c harbor_admin_password: janzen" \
-e "/https:/s/^/#/" \
-e "/port: 443/s/^/#/" \
-e "/certificate:/s/^/#/" \
-e "/private_key:/s/^/#/" \
/apps/harbor/harbor.yml.tmpl > /apps/harbor/harbor.yml

5.1、离线安装包安装

[root@Harbor-Ubu1804-9:/apps/harbor]# ./install.sh

[Step 0]: checking if docker is installed …

Note: docker version: 19.03.15

[Step 1]: checking docker-compose is installed …
/usr/local/lib/python3.6/dist-packages/paramiko/transport.py:32: CryptographyDeprecationWarning: Python 3.6 is no longer supported by the Python core team. Therefore, support for it is deprecated in cryptography. The next release of cryptography will remove support for Python 3.6.
from cryptography.hazmat.backends import default_backend

Note: docker-compose version: 1.29.2

[Step 2]: loading Harbor images …
Loaded image: goharbor/harbor-log:v2.8.0
Loaded image: goharbor/notary-signer-photon:v2.8.0
Loaded image: goharbor/harbor-registryctl:v2.8.0
Loaded image: goharbor/harbor-exporter:v2.8.0
Loaded image: goharbor/redis-photon:v2.8.0
Loaded image: goharbor/notary-server-photon:v2.8.0
Loaded image: goharbor/prepare:v2.8.0
Loaded image: goharbor/harbor-jobservice:v2.8.0
Loaded image: goharbor/trivy-adapter-photon:v2.8.0
Loaded image: goharbor/registry-photon:v2.8.0
Loaded image: goharbor/harbor-portal:v2.8.0
Loaded image: goharbor/harbor-core:v2.8.0
Loaded image: goharbor/harbor-db:v2.8.0
Loaded image: goharbor/nginx-photon:v2.8.0

[Step 3]: preparing environment …

[Step 4]: preparing harbor configs …
prepare base dir is set to /apps/harbor
WARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. Please make sure to upgrade to https
Generated configuration file: /config/portal/nginx.conf
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/registryctl/config.yml
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
Generated and saved secret to file: /data/secret/keys/secretkey
Successfully called func: create_root_cert
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir

Note: stopping existing Harbor instance …
/usr/local/lib/python3.6/dist-packages/paramiko/transport.py:32: CryptographyDeprecationWarning: Python 3.6 is no longer supported by the Python core team. Therefore, support for it is deprecated in cryptography. The next release of cryptography will remove support for Python 3.6.
from cryptography.hazmat.backends import default_backend
Removing network harbor_harbor
WARNING: Network harbor_harbor not found.

[Step 5]: starting Harbor …
/usr/local/lib/python3.6/dist-packages/paramiko/transport.py:32: CryptographyDeprecationWarning: Python 3.6 is no longer supported by the Python core team. Therefore, support for it is deprecated in cryptography. The next release of cryptography will remove support for Python 3.6.
from cryptography.hazmat.backends import default_backend
Creating network "harbor_harbor" with the default driver
Creating harbor-log … done
Creating registry … done
Creating redis … done
Creating registryctl … done
Creating harbor-portal … done
Creating harbor-db … done
Creating harbor-core … done
Creating harbor-jobservice … done
Creating nginx … done
----Harbor has been installed and started successfully.----
[root@Harbor-Ubu1804-9:/apps/harbor]#

5.2、在线安装包安装

[root@Harbor-Ubu1804-10:~]# bash /apps/harbor/install.sh

[Step 0]: checking if docker is installed …

Note: docker version: 19.03.15

[Step 1]: checking docker-compose is installed …

Note: docker-compose version: 2.17.3

[Step 2]: preparing environment …

[Step 3]: preparing harbor configs …
prepare base dir is set to /apps/harbor
Unable to find image 'goharbor/prepare:v2.8.0' locally
v2.8.0: Pulling from goharbor/prepare
bf71dcb41a4d: Pull complete
484253c2f382: Pull complete
e74d2a96ccb2: Pull complete
01db2f770c78: Pull complete
b560365c90c1: Pull complete
1f3dd0d587a1: Pull complete
838bdf6426be: Pull complete
51525c7a4951: Pull complete
7afee3de0d7c: Pull complete
3613dc8f55e8: Pull complete
Digest: sha256:2e3945da3cf6e444177e1c99b46e302fd89a61b24dd9787df3b9d2713ab1b6c3
Status: Downloaded newer image for goharbor/prepare:v2.8.0
WARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. Please make sure to upgrade to https
Generated configuration file: /config/portal/nginx.conf
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/registryctl/config.yml
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
Generated and saved secret to file: /data/secret/keys/secretkey
Successfully called func: create_root_cert
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir

Note: stopping existing Harbor instance …

[Step 4]: starting Harbor …
[+] Running 60/25
log 7 layers [⣿⣿⣿⣿⣿⣿⣿] 0B/0B Pulled 57.8s
registry 6 layers [⣿⣿⣿⣿⣿⣿] 0B/0B Pulled 7.4s
redis 4 layers [⣿⣿⣿⣿] 0B/0B Pulled 40.9s
proxy 1 layers [⣿] 0B/0B Pulled 874.6s
registryctl 6 layers [⣿⣿⣿⣿⣿⣿] 0B/0B Pulled 20.4s
postgresql 10 layers [⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿] 0B/0B Pulled 144.4s
core 9 layers [⣿⣿⣿⣿⣿⣿⣿⣿⣿] 0B/0B Pulled 41.3s
jobservice 5 layers [⣿⣿⣿⣿⣿] 0B/0B Pulled 96.2s
portal 3 layers [⣿⣿⣿] 0B/0B Pulled 54.7s

[+] Running 10/10
Network harbor_harbor Created 0.1s
Container harbor-log Started 1.5s
Container redis Started 5.0s
Container registryctl Started 2.9s
Container harbor-db Started 4.3s
Container harbor-portal Started 4.1s
Container registry Started 4.2s
Container harbor-core Started 5.6s
Container nginx Started 7.5s
Container harbor-jobservice Started 7.6s
----Harbor has been installed and started successfully.----

6.1、systemd

[root@Harbor-Ubu1804-9:/apps/harbor]# vim /lib/systemd/system/harbor.service
[root@Harbor-Ubu1804-9:/apps/harbor]# cat /lib/systemd/system/harbor.service
[Unit]
Description=Harbor
After=docker.service systemd-networkd.service systemd-reslove.service
Requires=docker.service
Documentation=http://github.com/vmware/harbor

[Service]
Type=simple
Restart=on-failure
RestartSec=5
ExecStart=/usr/local/bin/docker-compose -f /apps/harbor/docker-compose.yml up
ExecStop=/usr/local/bin/docker-compose -f /apps/harbor/docker-compose.yml down

[Install]
WantedBy=multi-user.target

[root@Harbor-Ubu1804-9:/apps/harbor]# systemctl daemon-reload
[root@Harbor-Ubu1804-9:/apps/harbor]# systemctl enable --now harbor.service
Created symlink /etc/systemd/system/multi-user.target.wants/harbor.service → /lib/systemd/system/harbor.service.

四、Harbor 单机使用配置

[root@Docker-Ubu1804-p11:~]# docker login 10.0.0.10
Username: admin
Password:
Error response from daemon: Get https://10.0.0.10/v2/: dial tcp 10.0.0.10:443: connect: connection refused

#提示需要使用https协议访问,但是由于目标harbor并未开启SSL认证,修改docker默认配置允许对目标使用http协议访问

修改仓库连接使用协议

#方法一:修改 daemon.json 配置允许使用http协议访问
[root@Docker-Ubu1804-p11:~]# sed -i.bak "/{/a \"insecure-registries\" : [\"10.0.0.10\",\"10.0.0.9\"]," /etc/docker/daemon.json
[root@Docker-Ubu1804-p11:~]# cat /etc/docker//daemon.json
{
"insecure-registries" : ["10.0.0.10","10.0.0.9"],
"registry-mirrors": ["https://hub-mirror.c.163.com","https://po3g231a.mirror.aliyuncs.com","https://docker.mirrors.ustc.edu.cn"],
"bip": "172.17.1.1/24",
"fixed-cidr": "172.17.1.0/24"
}
[root@Docker-Ubu1804-p11:~]# systemctl daemon-reload
[root@Docker-Ubu1804-p11:~]# systemctl restart docker
[root@Docker-Ubu1804-p11:~]# docker login 10.0.0.10
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

#方法二:修改docker.service文件
[root@Docker-Ubu1804-p11:~]# sed -i.bak '/ExecStart=/s/$/ --insecure-registry "10.0.0.9"/' /lib/systemd/system/docker.service
[root@Docker-Ubu1804-p11:~]# sed -i.bak '/ExecStart=/s/$/ --insecure-registry "10.0.0.10"/' /lib/systemd/system/docker.service
[root@Docker-Ubu1804-p11:~]# cat /lib/systemd/system/docker.service
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
BindsTo=containerd.service
After=network-online.target firewalld.service containerd.service
Wants=network-online.target
Requires=docker.socket

[Service]
Type=notify

the default is not to use systemd for cgroups because the delegate issues still

exists and systemd currently does not support the cgroup feature set required

for containers run by docker

ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --insecure-registry "10.0.0.9" --insecure-registry "10.0.0.10"
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always

Note that StartLimit* options were moved from "Service" to "Unit" in systemd 229.

Both the old, and new location are accepted by systemd 229 and up, so using the old location

to make them work for either version of systemd.

StartLimitBurst=3

Note that StartLimitInterval was renamed to StartLimitIntervalSec in systemd 230.

Both the old, and new name are accepted by systemd 230 and up, so using the old name to make

this option work for either version of systemd.

StartLimitInterval=60s

Having non-zero Limit*s causes performance problems due to accounting overhead

in the kernel. We recommend using cgroups to do container-local accounting.

LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity

Comment TasksMax if your systemd version does not support it.

Only systemd 226 and above support this option.

TasksMax=infinity

set delegate yes so that systemd does not reset the cgroups of docker containers

Delegate=yes

kill only the docker process, not all processes in the cgroup

KillMode=process

[Install]
WantedBy=multi-user.target
[root@Docker-Ubu1804-p11:~]# systemctl daemon-reload ; systemctl restart docker
[root@Docker-Ubu1804-p11:~]# docker login 10.0.0.10
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded
[root@Docker-Ubu1804-p11:~]# docker login 10.0.0.9
Authenticating with existing credentials…
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

修改image名称,不使用指定格式命名image无法进行上传

image标准命名格式:仓库地址:<仓库端口 默认80>/项目名/image名称:<版本信息 默认latest>

[root@Docker-Ubu1804-p11:~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
janzen/app1 latest f65a9531bfc7 7 days ago 572MB
janzen/app1 v3.0 f65a9531bfc7 7 days ago 572MB
janzen/nginx-centos7 1.20.1-v2.0 4919aacb5ea0 7 days ago 562MB
janzen/centos7 v1.0 b9d392225b3e 10 days ago 529MB
mysql latest 8189e588b0e8 2 weeks ago 564MB
busybox 1.36 7cfbbec8963d 6 weeks ago 4.86MB
busybox 1.35.0 a711f05d3384 16 months ago 1.24MB
busybox latest beae173ccac6 16 months ago 1.24MB
nginx latest 605c77e624dd 16 months ago 141MB
redis latest 7614ae9453d1 16 months ago 113MB
alpine latest c059bfaa849c 17 months ago 5.59MB
redis 5.0.14-alpine3.14 2089be2db78e 17 months ago 29.4MB
ubuntu 18.04 5a214d77f5d7 19 months ago 63.1MB
hello-world latest feb5d9fea6a5 19 months ago 13.3kB
centos 7 eeb6ee3f44bd 19 months ago 204MB
[root@Docker-Ubu1804-p11:~]# docker tag janzen/centos7:v1.0 10.0.0.10/janzen/centos7:v1.0
[root@Docker-Ubu1804-p11:~]# docker tag janzen/centos7:v1.0 10.0.0.10/janzen/centos7
[root@Docker-Ubu1804-p11:~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
janzen/app1 latest f65a9531bfc7 7 days ago 572MB
janzen/app1 v3.0 f65a9531bfc7 7 days ago 572MB
janzen/nginx-centos7 1.20.1-v2.0 4919aacb5ea0 7 days ago 562MB
10.0.0.10/janzen/centos7 latest b9d392225b3e 10 days ago 529MB
10.0.0.10/janzen/centos7 v1.0 b9d392225b3e 10 days ago 529MB
janzen/centos7 v1.0 b9d392225b3e 10 days ago 529MB
mysql latest 8189e588b0e8 2 weeks ago 564MB
busybox 1.36 7cfbbec8963d 6 weeks ago 4.86MB
busybox 1.35.0 a711f05d3384 16 months ago 1.24MB
busybox latest beae173ccac6 16 months ago 1.24MB
nginx latest 605c77e624dd 16 months ago 141MB
redis latest 7614ae9453d1 16 months ago 113MB
alpine latest c059bfaa849c 17 months ago 5.59MB
redis 5.0.14-alpine3.14 2089be2db78e 17 months ago 29.4MB
ubuntu 18.04 5a214d77f5d7 19 months ago 63.1MB
hello-world latest feb5d9fea6a5 19 months ago 13.3kB
centos 7 eeb6ee3f44bd 19 months ago 204MB

[root@Docker-Ubu1804-p11:~]# docker push 10.0.0.10/janzen/centos7
The push refers to repository [10.0.0.10/janzen/centos7]
ae552106ea81: Pushed
174f56854903: Pushed
latest: digest: sha256:51a4e1432a50d31261ca2a34d565f0cbbfd7cc17fd0bd6162516899c851cfff3 size: 742
ae552106ea81: Layer already exists
174f56854903: Layer already exists
v1.0: digest: sha256:51a4e1432a50d31261ca2a34d565f0cbbfd7cc17fd0bd6162516899c851cfff3 size: 742
[root@Docker-Ubu1804-p11:~]# docker push 10.0.0.10/janzen/centos7:v1.0
The push refers to repository [10.0.0.10/janzen/centos7]
ae552106ea81: Layer already exists
174f56854903: Layer already exists
v1.0: digest: sha256:51a4e1432a50d31261ca2a34d565f0cbbfd7cc17fd0bd6162516899c851cfff3 size: 742

[root@temp-ubuntu-1804-server:~]# docker pull 10.0.0.10/janzen/centos7
Using default tag: latest
latest: Pulling from janzen/centos7
2d473b07cdd5: Pull complete
b92dee35c852: Pull complete
Digest: sha256:51a4e1432a50d31261ca2a34d565f0cbbfd7cc17fd0bd6162516899c851cfff3
Status: Downloaded newer image for 10.0.0.10/janzen/centos7:latest
10.0.0.10/janzen/centos7:latest
[root@temp-ubuntu-1804-server:~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
10.0.0.10/janzen/centos7 latest b9d392225b3e 10 days ago 529MB

方法一:/apps/harbor/prepare

[root@Harbor-Ubu1804-10:~]# systemctl stop harbor.service
[root@Harbor-Ubu1804-10:~]# vim /apps/harbor/harbor.yml

http:
# port for http, default is 80. If https enabled, this port will redirect to https port
port: 8080

[root@Harbor-Ubu1804-10:~]# /apps/harbor/prepare
prepare base dir is set to /apps/harbor
WARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. Please make sure to upgrade to https
Clearing the configuration file: /config/registryctl/env
Clearing the configuration file: /config/registryctl/config.yml
Clearing the configuration file: /config/core/app.conf
Clearing the configuration file: /config/core/env
Clearing the configuration file: /config/portal/nginx.conf
Clearing the configuration file: /config/log/rsyslog_docker.conf
Clearing the configuration file: /config/log/logrotate.conf
Clearing the configuration file: /config/registry/passwd
Clearing the configuration file: /config/registry/config.yml
Clearing the configuration file: /config/jobservice/env
Clearing the configuration file: /config/jobservice/config.yml
Clearing the configuration file: /config/nginx/nginx.conf
Clearing the configuration file: /config/db/env
Generated configuration file: /config/portal/nginx.conf
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/registryctl/config.yml
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
loaded secret from file: /data/secret/keys/secretkey
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir
[root@Harbor-Ubu1804-10:~]# systemctl start harbor.service
[root@Harbor-Ubu1804-10:~]# ss -ntlp
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 127.0.0.1:1514 0.0.0.0:* users:(("docker-proxy",pid=123526,fd=4))
LISTEN 0 128 127.0.0.53%lo:53 0.0.0.0:* users:(("systemd-resolve",pid=836,fd=13))
LISTEN 0 128 0.0.0.0:22 0.0.0.0:* users:(("sshd",pid=928,fd=3))
LISTEN 0 128 127.0.0.1:6010 0.0.0.0:* users:(("sshd",pid=1376,fd=10))
LISTEN 0 128 *:8080 *:* users:(("docker-proxy",pid=124252,fd=4))
LISTEN 0 128 [::]:22 [::]:* users:(("sshd",pid=928,fd=4))
LISTEN 0 128 [::1]:6010 [::]:* users:(("sshd",pid=1376,fd=9))

方法二:/apps/harbor/install.sh

[root@Harbor-Ubu1804-10:~]# vim /apps/harbor/harbor.yml

http:
port: 80

[root@Harbor-Ubu1804-10:~]# /apps/harbor/install.sh

[Step 0]: checking if docker is installed …

Note: docker version: 19.03.15

[Step 1]: checking docker-compose is installed …

Note: docker-compose version: 2.17.3

[Step 2]: preparing environment …

[Step 3]: preparing harbor configs …
prepare base dir is set to /apps/harbor
WARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. Please make sure to upgrade to https
Clearing the configuration file: /config/registryctl/env
Clearing the configuration file: /config/registryctl/config.yml
Clearing the configuration file: /config/core/app.conf
Clearing the configuration file: /config/core/env
Clearing the configuration file: /config/portal/nginx.conf
Clearing the configuration file: /config/log/rsyslog_docker.conf
Clearing the configuration file: /config/log/logrotate.conf
Clearing the configuration file: /config/registry/passwd
Clearing the configuration file: /config/registry/config.yml
Clearing the configuration file: /config/registry/root.crt
Clearing the configuration file: /config/jobservice/env
Clearing the configuration file: /config/jobservice/config.yml
Clearing the configuration file: /config/nginx/nginx.conf
Clearing the configuration file: /config/db/env
Generated configuration file: /config/portal/nginx.conf
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/registryctl/config.yml
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
loaded secret from file: /data/secret/keys/secretkey
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir

Note: stopping existing Harbor instance …
[+] Running 10/10
Container nginx Removed 0.5s
Container harbor-jobservice Removed 0.4s
Container registryctl Removed 10.3s
Container harbor-portal Removed 0.4s
Container harbor-core Removed 0.4s
Container harbor-db Removed 0.7s
Container registry Removed 0.4s
Container redis Removed 0.5s
Container harbor-log Removed 10.3s
Network harbor_harbor Removed 0.1s

[Step 4]: starting Harbor …
[+] Running 10/10
Network harbor_harbor Created 0.1s
Container harbor-log Started 1.3s
Container registryctl Started 3.9s
Container harbor-db Started 3.2s
Container redis Started 3.0s
Container harbor-portal Started 5.5s
Container registry Started 4.2s
Container harbor-core Started 4.5s
Container nginx Started 6.5s
Container harbor-jobservice Started 6.0s
----Harbor has been installed and started successfully.----
[root@Harbor-Ubu1804-10:~]# ss -ntlp
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 127.0.0.1:1514 0.0.0.0:* users:(("docker-proxy",pid=126673,fd=4))
LISTEN 0 128 127.0.0.53%lo:53 0.0.0.0:* users:(("systemd-resolve",pid=836,fd=13))
LISTEN 0 128 0.0.0.0:22 0.0.0.0:* users:(("sshd",pid=928,fd=3))
LISTEN 0 128 127.0.0.1:6010 0.0.0.0:* users:(("sshd",pid=1376,fd=10))
LISTEN 0 128 *:80 *:* users:(("docker-proxy",pid=127375,fd=4))
LISTEN 0 128 [::]:22 [::]:* users:(("sshd",pid=928,fd=4))
LISTEN 0 128 [::1]:6010 [::]:* users:(("sshd",pid=1376,fd=9))

#!/bin/bash

#********************************************************************
#Author: janzen
#Date: 2023-05-05
#FileName:
#Description: The test script
#Copyright (C): 2023 All rights reserved
#********************************************************************

ERR="echo -e \033[1;31m"
SUCC="echo -e \033[1;32m"
WARN="echo -e \033[1;33m"
END="\033[m"

DOCS(){
echo "$0 [IMAGE] "
echo ":"
echo ""
echo "-h show this page"
echo "-b build image from .DockerFile, default; false"
echo "-i set host ip, default: 10.0.0.9"
echo "-u set username, default: admin"
echo "-p set password, default: janzen"
echo "-r registry, default: janzen"
exit
}

image_tag() {
[ `docker images $HOST/$REGISTRY/$IMAGE_NAME:$TAG -q` ] && { $WARN"$HOST/$REGISTRY/$IMAGE_NAME:$TAG is exist"$END;return; } || [ `docker images $IMAGE_NAME:$TAG -q` ] && docker tag $IMAGE_NAME:$TAG $HOST/$REGISTRY/$IMAGE_NAME:$TAG || [ `docker images $REGISTRY\/$IMAGE_NAME:$TAG -q` ] && docker tag $REGISTRY/$IMAGE_NAME:$TAG $HOST/$REGISTRY/$IMAGE_NAME:$TAG || { $ERR"$IMAGE_NAME:$TAG not exist,if you want build image Please Usage $0 -b [IMAGE] "$END; DOCS;}
}

while getopts 'hbi:u:p:r:' OPT; do
case $OPT in
b)
BUILD=true
;;
i)
HOST=${OPTARG}
;;
u)
REGISTRY_USER=${OPTARG}
;;
p)
PASSWD=${OPTARG}
;;
r)
REGISTRY=${OPTARG}
;;
h)
DOCS
;;
?)
DOCS
;;
esac
done
shift $(($OPTIND - 1))

IMAGE_NAME=$1
TAG=$2
TAG=${TAG:-latest}
HOST=${HOST:-"10.0.0.9"}
REGISTRY_USER=${REGISTRY_USER:-admin}
PASSWD=${PASSWD:-janzen}
REGISTRY=${REGISTRY:-janzen}

[ $BUILD ] && docker build -t $HOST/$REGISTRY/$IMAGE_NAME:$TAG . || image_tag && $SUCC"Tag Image successd"$END

docker login $HOST -u $REGISTRY_USER -p $PASSWD && { docker push $HOST/$REGISTRY/$IMAGE_NAME:$TAG; $SUCC"push $HOST/$REGISTRY/$IMAGE_NAME:$TAG to $HOST successed"$END;} || $ERR"login $HOST faild"$END

五、Harbor 分布式集群配置

Harbor09

Harbor10

每分钟自动从 Harbor10 上同步全部镜像

手动执行触发 复制规则

从客户端上传镜像到Harbor10

[root@Docker-Ubu1804-p11:~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
janzen/app1 latest f65a9531bfc7 8 days ago 572MB
janzen/app1 v3.0 f65a9531bfc7 8 days ago 572MB
janzen/nginx-centos7 1.20.1-v2.0 4919aacb5ea0 8 days ago 562MB
10.0.0.10/janzen/centos7 latest b9d392225b3e 10 days ago 529MB
10.0.0.10/janzen/centos7 v1.0 b9d392225b3e 10 days ago 529MB
janzen/centos7 v1.0 b9d392225b3e 10 days ago 529MB
mysql latest 8189e588b0e8 2 weeks ago 564MB
busybox 1.36 7cfbbec8963d 6 weeks ago 4.86MB
busybox 1.35.0 a711f05d3384 16 months ago 1.24MB
busybox latest beae173ccac6 16 months ago 1.24MB
nginx latest 605c77e624dd 16 months ago 141MB
redis latest 7614ae9453d1 16 months ago 113MB
alpine latest c059bfaa849c 17 months ago 5.59MB
redis 5.0.14-alpine3.14 2089be2db78e 17 months ago 29.4MB
ubuntu 18.04 5a214d77f5d7 19 months ago 63.1MB
hello-world latest feb5d9fea6a5 19 months ago 13.3kB
centos 7 eeb6ee3f44bd 19 months ago 204MB
[root@Docker-Ubu1804-p11:~]# docker tag janzen/nginx-centos7:1.20.1-v2.0 10.0.0.10/janzen/nginx-centos7:1.20.1-v2.0
[root@Docker-Ubu1804-p11:~]# docker tag janzen/nginx-centos7:1.20.1-v2.0 10.0.0.10/janzen/nginx-centos7
[root@Docker-Ubu1804-p11:~]# docker push 10.0.0.10/janzen/nginx-centos7
The push refers to repository [10.0.0.10/janzen/nginx-centos7]
b82538224854: Pushed
174f56854903: Mounted from janzen/centos7
1.20.1-v2.0: digest: sha256:36213ec0d340a5c174e8e7811de648044034dd7ec6a2511a6eadde9d4ac18e37 size: 742
b82538224854: Layer already exists
174f56854903: Layer already exists
latest: digest: sha256:36213ec0d340a5c174e8e7811de648044034dd7ec6a2511a6eadde9d4ac18e37 size: 742
[root@Docker-Ubu1804-p11:~]# docker push 10.0.0.10/janzen/nginx-centos7:1.20.1-v2.0
The push refers to repository [10.0.0.10/janzen/nginx-centos7]
b82538224854: Layer already exists
174f56854903: Layer already exists
1.20.1-v2.0: digest: sha256:36213ec0d340a5c174e8e7811de648044034dd7ec6a2511a6eadde9d4ac18e37 size: 742

查看Harbor10上的项目内容

查看Harbor09上的项目内容

[root@Docker-Ubu1804-p11:~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
janzen/app1 latest f65a9531bfc7 8 days ago 572MB
janzen/app1 v3.0 f65a9531bfc7 8 days ago 572MB
10.0.0.10/janzen/nginx-centos7 1.20.1-v2.0 4919aacb5ea0 8 days ago 562MB
10.0.0.10/janzen/nginx-centos7 latest 4919aacb5ea0 8 days ago 562MB
janzen/nginx-centos7 1.20.1-v2.0 4919aacb5ea0 8 days ago 562MB
10.0.0.10/janzen/centos7 latest b9d392225b3e 10 days ago 529MB
10.0.0.10/janzen/centos7 v1.0 b9d392225b3e 10 days ago 529MB
janzen/centos7 v1.0 b9d392225b3e 10 days ago 529MB
mysql latest 8189e588b0e8 2 weeks ago 564MB
busybox 1.36 7cfbbec8963d 6 weeks ago 4.86MB
busybox 1.35.0 a711f05d3384 16 months ago 1.24MB
busybox latest beae173ccac6 16 months ago 1.24MB
nginx latest 605c77e624dd 16 months ago 141MB
redis latest 7614ae9453d1 16 months ago 113MB
alpine latest c059bfaa849c 17 months ago 5.59MB
redis 5.0.14-alpine3.14 2089be2db78e 17 months ago 29.4MB
ubuntu 18.04 5a214d77f5d7 19 months ago 63.1MB
hello-world latest feb5d9fea6a5 19 months ago 13.3kB
centos 7 eeb6ee3f44bd 19 months ago 204MB
[root@Docker-Ubu1804-p11:~]# docker tag janzen/app1:v3.0 10.0.0.9/janzen/app1:v3.0
[root@Docker-Ubu1804-p11:~]# docker tag janzen/app1:v3.0 10.0.0.9/janzen/app1
[root@Docker-Ubu1804-p11:~]# docker push 10.0.0.9/janzen/app1
The push refers to repository [10.0.0.9/janzen/app1]
f04a4d2ea341: Layer already exists
188c1c5e9297: Layer already exists
b82538224854: Layer already exists
174f56854903: Layer already exists
latest: digest: sha256:c2ff655ee6b16bf088a522ad0868067a6be61167d75b37664d9bc34bf6b3e2ea size: 1161
f04a4d2ea341: Layer already exists
188c1c5e9297: Layer already exists
b82538224854: Layer already exists
174f56854903: Layer already exists
v3.0: digest: sha256:c2ff655ee6b16bf088a522ad0868067a6be61167d75b37664d9bc34bf6b3e2ea size: 1161
[root@Docker-Ubu1804-p11:~]# docker push 10.0.0.9/janzen/app1:v3.0
The push refers to repository [10.0.0.9/janzen/app1]
f04a4d2ea341: Layer already exists
188c1c5e9297: Layer already exists
b82538224854: Layer already exists
174f56854903: Layer already exists
v3.0: digest: sha256:c2ff655ee6b16bf088a522ad0868067a6be61167d75b37664d9bc34bf6b3e2ea size: 1161
[root@Docker-Ubu1804-p11:~]#

六、Harbor 安全之https配置

官方配置HTTPS文档:https://goharbor.io/docs/2.8.0/install-config/configure-https/

#创建存放私钥和证书的目录
[root@Harbor-Ubu1804-9:~]# mkdir /apps/harbor/certs
[root@Harbor-Ubu1804-9:~]# cd /apps/harbor/certs/

#生成CA证书
[root@Harbor-Ubu1804-9:/apps/harbor/certs]# openssl req -newkey rsa:4096 -nodes -sha256 -keyout ca.key -x509 -subj "/CN=ca.janzen.com" -days 365 -out ca.crt
Can't load /root/.rnd into RNG
139892179550656:error:2406F079:random number generator:RAND_load_file:Cannot open file:../crypto/rand/randfile.c:88:Filename=/root/.rnd
Generating a RSA private key
…………………………………………………………………………………………………………………………………………………………………………………….++++
……………….++++

writing new private key to 'ca.key'

#生成Harbor证书申请
[root@Harbor-Ubu1804-9:/apps/harbor/certs]# openssl req -newkey rsa:4096 -nodes -sha256 -keyout harbor.janzen.com.key -subj "/CN=harbor.janzen.com" -out harbor.janzen.com.csr
Can't load /root/.rnd into RNG
140464486539712:error:2406F079:random number generator:RAND_load_file:Cannot open file:../crypto/rand/randfile.c:88:Filename=/root/.rnd
Generating a RSA private key
…………………………………………………………………………………………………………………++++
…………………………………………………………………………..++++

writing new private key to 'harbor.janzen.com.key'

#给Harbor颁发证书
[root@Harbor-Ubu1804-9:/apps/harbor/certs]# openssl x509 -req -in harbor.janzen.com.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out harbor.janzen.com.crt
Signature ok
subject=CN = harbor.janzen.com
Getting CA Private Key

[root@Harbor-Ubu1804-9:/apps/harbor/certs]# tree /apps/harbor/certs/
/apps/harbor/certs/
├── ca.crt
├── ca.key
├── ca.srl
├── harbor.janzen.com.crt
├── harbor.janzen.com.csr
└── harbor.janzen.com.key

0 directories, 6 files

#配置x509 v3 版本的 SAN证书
[root@Harbor-Ubu1804-9:/apps/harbor/certs]# cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1=janzen.com
DNS.2=harbor.janzen.com
EOF
[root@Harbor-Ubu1804-9:/apps/harbor/certs]# openssl x509 -req -extfile v3.ext -in harbor.janzen.com.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out harbor.janzen.com.crt
Signature ok
subject=CN = harbor.janzen.com
Getting CA Private Key

#修改Harbor配置文件
[root@Harbor-Ubu1804-9:~]# vim /apps/harbor/harbor.yml

hostname: harbor.janzen.com
https:
# https port for harbor, default is 443
port: 443
# The path of cert and key files for nginx
certificate: /apps/harbor/certs/harbor.janzen.com.crt
private_key: /apps/harbor/certs/harbor.janzen.com.key

#停用Harbor服务(针对已安装Harbor,未安装情况下直接执行安装即可)
[root@Harbor-Ubu1804-9:~]# docker-compose -f /apps/harbor/docker-compose.yml down
/usr/local/lib/python3.6/dist-packages/paramiko/transport.py:32: CryptographyDeprecationWarning: Python 3.6 is no longer supported by the Python core team. Therefore, support for it is deprecated in cryptography. The next release of cryptography will remove support for Python 3.6.
from cryptography.hazmat.backends import default_backend
Stopping harbor-jobservice … done
Stopping nginx … done
Stopping harbor-core … done
Stopping registry … done
Stopping redis … done
Stopping harbor-db … done
Stopping registryctl … done
Stopping harbor-portal … done
Stopping harbor-log … done
Removing harbor-jobservice … done
Removing nginx … done
Removing harbor-core … done
Removing registry … done
Removing redis … done
Removing harbor-db … done
Removing registryctl … done
Removing harbor-portal … done
Removing harbor-log … done
Removing network harbor_harbor

#执行配置更新
[root@Harbor-Ubu1804-9:~]# /apps/harbor/prepare
prepare base dir is set to /apps/harbor
Clearing the configuration file: /config/registryctl/env
Clearing the configuration file: /config/registryctl/config.yml
Clearing the configuration file: /config/core/app.conf
Clearing the configuration file: /config/core/env
Clearing the configuration file: /config/portal/nginx.conf
Clearing the configuration file: /config/log/rsyslog_docker.conf
Clearing the configuration file: /config/log/logrotate.conf
Clearing the configuration file: /config/registry/passwd
Clearing the configuration file: /config/registry/config.yml
Clearing the configuration file: /config/registry/root.crt
Clearing the configuration file: /config/jobservice/env
Clearing the configuration file: /config/jobservice/config.yml
Clearing the configuration file: /config/nginx/nginx.conf
Clearing the configuration file: /config/db/env
Generated configuration file: /config/portal/nginx.conf
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/registryctl/config.yml
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
loaded secret from file: /data/secret/keys/secretkey
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir

#重新启动Harbor服务
[root@Harbor-Ubu1804-9:~]# docker-compose -f /apps/harbor/docker-compose.yml up -d
/usr/local/lib/python3.6/dist-packages/paramiko/transport.py:32: CryptographyDeprecationWarning: Python 3.6 is no longer supported by the Python core team. Therefore, support for it is deprecated in cryptography. The next release of cryptography will remove support for Python 3.6.
from cryptography.hazmat.backends import default_backend
Creating network "harbor_harbor" with the default driver
Creating harbor-log … done
Creating registryctl … done
Creating redis … done
Creating harbor-portal … done
Creating registry … done
Creating harbor-db … done
Creating harbor-core … done
Creating harbor-jobservice … done
Creating nginx … done

#未使用x509 v3 版本证书出现以下报错
[root@Docker-Ubu1804-p11:~]# docker login haobor.janzen.com
Authenticating with existing credentials…
Login did not succeed, error: Error response from daemon: Get "https://harbor.janzen.com/v2/": x509: cannot validate certificate for harbor.janzen.com because it doesn't contain any IP SANs
Username (admin): admin
Password:
Error response from daemon: Get "https://harbor.janzen.com/v2/": x509: cannot validate certificate for harbor.janzen.com because it doesn't contain any SANs

#客户端未配置证书,出现以下报错
[root@Docker-Ubu1804-p11:~]# docker login harbor.janzen.com
Authenticating with existing credentials…
Login did not succeed, error: Error response from daemon: Get "https://harbor.janzen.com/v2/": x509: certificate signed by unknown authority
Username (admin): admin
Password:
Error response from daemon: Get "https://harbor.janzen.com/v2/": x509: certificate signed by unknown authority

#在客户端下载之前生成的CA证书
[root@Docker-Ubu1804-p11:~]# mkdir -pv /etc/docker/certs.d/harbor.janzen.com/
mkdir: created directory '/etc/docker/certs.d'
mkdir: created directory '/etc/docker/certs.d/harbor.janzen.com/'
[root@Docker-Ubu1804-p11:~]# scp -r 10.0.0.9:/apps/harbor/certs/ca.crt /etc/docker/certs.d/harbor.janzen.com/ca.crt
root@10.0.0.9's password:
ca.crt

[root@Docker-Ubu1804-p11:~]# docker login harbor.janzen.com
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

#拉取镜像
[root@Docker-Ubu1804-p11:~]# docker pull harbor.janzen.com/janzen/centos7
Using default tag: latest
latest: Pulling from janzen/centos7
2d473b07cdd5: Pull complete
b0ed90275bd0: Pull complete
Digest: sha256:c77e9270bf47f226ddb76d00a6abf1c645c165efc18121a648279a4c9ae4443e
Status: Downloaded newer image for harbor.janzen.com/janzen/centos7:latest
harbor.janzen.com/janzen/centos7:latest
[root@Docker-Ubu1804-p11:~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
harbor.janzen.com/janzen/centos7 latest f3ad589cce4c 30 hours ago 289MB

Successfully built 1a1060e6ff30
Successfully tagged harbor.janzen.com/janzen/centos7:v1.3
Tag Image successd
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

#镜像打包并上传
[root@Docker-Ubu1804-p11:/images/system/centos]# image_push
:latest not exist,if you want build image Please Usage /usr/bin/image_push -b [IMAGE]
/usr/bin/image_push [IMAGE]
:

-h show this page
-b build image from .DockerFile, default; false
-i set host ip, default: 10.0.0.9
-u set username, default: admin
-p set password, default: janzen
-r registry, default: janzen
[root@Docker-Ubu1804-p11:/images/system/centos]# image_push -b -i harbor.janzen.com centos7 v1.3
Login Succeeded
The push refers to repository [harbor.janzen.com/janzen/centos7]
89022798c4bb: Pushed
174f56854903: Layer already exists
v1.3: digest: sha256:53b65e68f90a0564704a9c3c6ef2ab435ad45e6495c21eefedf1eefa160960b0 size: 742
push harbor.janzen.com/janzen/centos7:v1.3 to harbor.janzen.com successed