1.安装配置Harbor

环境rhel 7.6 

• 安装docker,python
• 安装docker-compose

sudo curl -L https://github.com/docker/compose/releases/download/1.21.2/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose

chmod +x /usr/local/docker-compose[root@harbor harbor]# docker-compose versiondocker-compose version 1.21.2, build a133471docker-py version: 3.3.0CPython version: 3.6.5OpenSSL version: OpenSSL 1.0.1t  3 May 2016

 

• 下载harbor

https://github.com/goharbor/harbor/releases

我选择的是harbor-offline-installer-v1.6.2.tgz, 之前 1.5的版本没有镜像了，所以建议选择新一点的。

tar -xvf harbor-offline-installer-v1.6.2.tgz

 

• 修改配置harbor.cfg，我就修改了hostname

[root@harbor harbor]# cat harbor.cfg## Configuration file of Harbor#This attribute is for migrator to detect the version of the .cfg file, DO NOT MODIFY!_version = 1.6.0#The IP address or hostname to access admin UI and registry service.#DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.hostname = 192.168.56.107:8060#The protocol for accessing the UI and token/notification service, by default it is http.#It can be set to https if ssl is enabled on nginx.ui_url_protocol = http#Maximum number of job workers in job service  max_job_workers = 10

• 修改配置docker-compose.yml,将端口映射修改为8060

networks:      - harbor    ports:      - 8060:80      - 443:443      - 4443:4443

• 根据docker-compose.yml中的镜像把镜像下载到本地

[root@harbor ~]# docker imagesREPOSITORY                              TAG                 IMAGE ID            CREATED             SIZEdocker.io/openjdk                       latest              8e7eacedab93        5 days ago          986 MBdocker.io/goharbor/redis-photon         v1.6.2              473bfdd9d245        3 weeks ago         210 MBdocker.io/goharbor/registry-photon      v2.6.2-v1.6.2       62c30cdb384a        3 weeks ago         196 MBdocker.io/goharbor/nginx-photon         v1.6.2              c0602500e829        3 weeks ago         132 MBdocker.io/goharbor/harbor-log           v1.6.2              781ee4ceb5d3        3 weeks ago         197 MBdocker.io/goharbor/harbor-jobservice    v1.6.2              3419a2276f96        3 weeks ago         192 MBdocker.io/goharbor/harbor-ui            v1.6.2              66268686bb96        3 weeks ago         215 MBdocker.io/goharbor/harbor-adminserver   v1.6.2              4024440925a4        3 weeks ago         181 MBdocker.io/goharbor/harbor-db            v1.6.2              0ed4186be0d1        3 weeks ago         219 MB

 

• 修改docker配置 /etc/sysconfig/docker，主要是OPTIONS,ADD_REGISTRY,INSECURE_REGISTRY

[root@harbor harbor]# cat /etc/sysconfig/docker# /etc/sysconfig/docker# Modify these options if you want to change the way the docker daemon runsOPTIONS='--selinux-enabled=false --log-driver=journald --insecure-registry=192.168.56.107:8060'if [ -z "${DOCKER_CERT_PATH}" ]; then    DOCKER_CERT_PATH=/etc/dockerfi# Do not add registries in this file anymore. Use /etc/containers/registries.conf# instead. For more information reference the registries.conf(5) man page.ADD_REGISTRY='--add-registry 192.168.56.107:8060'INSECURE_REGISTRY='--insecure-registry=192.168.56.107:8060'# Location used for temporary files, such as those created by# docker load and build operations. Default is /var/lib/docker/tmp# Can be overriden by setting the following environment variable.# DOCKER_TMPDIR=/var/tmp# Controls the /etc/cron.daily/docker-logrotate cron job status.# To disable, uncomment the line below.# LOGROTATE=false

• 重启docker服务

systemctl daemon-reloadsystemctl restart docker.service

• 安装

[root@harbor harbor]# ./prepareGenerated and saved secret to file: /data/secretkeyGenerated configuration file: ./common/config/nginx/nginx.confGenerated configuration file: ./common/config/adminserver/envGenerated configuration file: ./common/config/ui/envGenerated configuration file: ./common/config/registry/config.ymlGenerated configuration file: ./common/config/db/envGenerated configuration file: ./common/config/jobservice/envGenerated configuration file: ./common/config/jobservice/config.ymlGenerated configuration file: ./common/config/log/logrotate.confGenerated configuration file: ./common/config/registryctl/envGenerated configuration file: ./common/config/ui/app.confGenerated certificate, key file: ./common/config/ui/private_key.pem, cert file: ./common/config/registry/root.crtThe configuration files are ready, please use docker-compose to start the service.

[root@harbor harbor]# ./install.sh[Step 0]: checking installation environment ...Note: docker version: 1.13.1Note: docker-compose version: 1.21.2[Step 1]: loading Harbor images ...Loaded image: goharbor/registry-photon:v2.6.2-v1.6.20155cb3a636c: Loading layer [==================================================>] 23.38 MB/23.38 MB62f917db5fed: Loading layer [==================================================>] 12.16 MB/12.16 MB2e192a070c25: Loading layer [==================================================>]  17.3 MB/17.3 MB64fa72e486ec: Loading layer [==================================================>] 11.26 kB/11.26 kB23afd47b0f1a: Loading layer [==================================================>] 3.072 kB/3.072 kB3fa7415d357e: Loading layer [==================================================>] 29.46 MB/29.46 MBLoaded image: goharbor/notary-server-photon:v0.5.1-v1.6.22f06068ec40a: Loading layer [==================================================>]   158 MB/158 MBd6e5bcc842f3: Loading layer [==================================================>] 10.93 MB/10.93 MBc272c6b03ae0: Loading layer [==================================================>] 2.048 kB/2.048 kB7b0653de0007: Loading layer [==================================================>] 48.13 kB/48.13 kB484f0b8e979d: Loading layer [==================================================>] 3.072 kB/3.072 kB72004696fb26: Loading layer [==================================================>] 10.98 MB/10.98 MB

 

• 验证

[root@harbor harbor]# docker-compose ps       Name                     Command                  State                                     Ports                               ---------------------------------------------------------------------------------------------------------------------------------------harbor-adminserver   /harbor/start.sh                 Up (healthy)                                                                     harbor-db            /entrypoint.sh postgres          Up (healthy)   5432/tcp                                                          harbor-jobservice    /harbor/start.sh                 Up                                                                               harbor-log           /bin/sh -c /usr/local/bin/ ...   Up (healthy)   127.0.0.1:1514->10514/tcp                                         harbor-ui            /harbor/start.sh                 Up (healthy)                                                                     nginx                nginx -g daemon off;             Up (healthy)   0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp, 0.0.0.0:8060->80/tcpredis                docker-entrypoint.sh redis ...   Up             6379/tcp                                                          registry             /entrypoint.sh /etc/regist ...   Up (healthy)   5000/tcp

 

登录192.168.56.107:8060, admin/Harbor12345

添加用户，添加项目，然后push镜像验证。

 

2.Openshift配置

 

1.需要在每个拉取镜像的节点上配置docker的配置，配置方法参照步骤1的docker配置。

2.修改/etc/origin/master/master-config.yaml配置文件，加入下面这一句

imagePolicyConfig:  internalRegistryHostname: docker-registry.default.svc:5000  externalRegistryHostname: 192.168.56.107:8060

3.重新启动master

# master-restart api# master-restart controllers

在项目中就可以对harbor的公有镜像进行随意拉取和启动了

 

 ==============================================================================

openshift相当于一个Harbor的客户端，但是oc自己有一套管理用户权限的机制(可以绑定LDAP），而Harbor自己也有一套管理镜像的权限机制(可以绑定LDAP做认证)

因此这两套机制如何统一联动是个问题。

在原来的interregistry下，每个项目是可以看到自己下面的镜像的

但以相同的路径加入Harbor的镜像明显不再管理之列

 

而且发现一个bug,通过命令get is的时候发现镜像前全部换成了外部镜像库的地址，不知道是不是我忘了什么地方没有配置