harbor部署

单机部署harbor

# 1. 安装docker
# 2. 安装docker-compose
# 3. 下载安装包
# 4. 修改配置(hostname)
# 5. 安装
./install.sh --with-clair --with-trivy --with-chartmuseum

使用外部存储

harbor目前只支持postgresql,本人使用9.5版本不能后又升级为12版本就可以了。 建议使用高版本。

安装postgresql-12

# postgresql 12 安装
# Install the repository RPM:
yum install -y https://download.postgresql.org/pub/repos/yum/reporpms/EL-7-x86_64/pgdg-redhat-repo-latest.noarch.rpm

# Install PostgreSQL:
yum install -y postgresql12-server

# Optionally initialize the database and enable automatic start:
/usr/pgsql-12/bin/postgresql-12-setup initdb
systemctl enable postgresql-12
# 修改服务监听端口
# 数据目录下的postgresql.conf 中listen_addresses = '*'
systemctl start postgresql-12

配置数据库


# 创建对应数据库。

CREATE USER harbor with password 'harbor';
create database harbor_db_name owner harbor;
create database clair_db_name owner harbor;
create database notary_signer_db_name owner harbor;
create database notary_server_db_name owner harbor;

# 授权
GRANT ALL PRIVILEGES ON DATABASE harbor_db_name to harbor;
GRANT ALL PRIVILEGES ON DATABASE clair_db_name to harbor;
GRANT ALL PRIVILEGES ON DATABASE notary_signer_db_name to harbor;
GRANT ALL PRIVILEGES ON DATABASE notary_server_db_name to harbor;

# 创建本地认证用户
useradd harbor
echo 'harbor' | passwd harbor --stdin 

# 修改用户登录权限
# 查看服务的system service配置文件可以查到服务的数据目录
# pg_hba.conf
host    all             all             172.0.0.0/8             md5

harbor配置

增加外部存储配置。

postgreslq负责存储数据,redis负责保持session(这里没有配置外部redis,生产环境最好配置)。

external_database:
  harbor:
    host: 172.29.203.58
    port: 5432
    db_name: harbor_db_name
    username: harbor
    password: harbor
    ssl_mode: disable
    max_idle_conns: 2
    max_open_conns: 0
  clair:
    host: 172.29.203.58
    port: 5432
    db_name: clair_db_name
    username: harbor
    password: harbor
    ssl_mode: disable
  notary_signer:
    host: 172.29.203.58
    port: 5432
    db_name: notary_signer_db_name
    username: harbor
    password: harbor
    ssl_mode: disable
  notary_server:
    host: 172.29.203.58
    port: 5432
    db_name: notary_server_db_name
    username: harbor
    password: harbor
    ssl_mode: disable

你可能感兴趣的