Centos7安装镜像仓库Harbor

## 安装docker-ce社区版（192.168.200.154）

# yum -y install yum-utils device-mapper-persistent-data lvm2 

# curl https://download.docker.com/linux/centos/docker-ce.repo -o /etc/yum.repos.d/docker-ce.repo

# yum -y install docker-ce

# systemctl start docker

# systemctl enable docker

# docker version

 

##添加docker国内公有镜像源

# cat /etc/docker/daemon.json

{

  "registry-mirrors":[ "https://registry.docker-cn.com" ]

}

# systemctl daemon-reload

# systemctl restart docker

 

## 创建目录及下载harbor离线包

# mkdir /data && cd /data

# wget https://github.com/goharbor/harbor/releases/download/v2.2.0/harbor-offline-installer-v2.2.0.tgz

# tar xf harbor-offline-installer-v2.2.0.tgz

## 修改harbor配置

# cd harbor

# cp harbor.yml.tmpl  harbor.yml

# vim  harbor.yml

    5 hostname: www.yunjisuan.com

    17 certificate: /data/harbor/ssl/tls.cert

    18 private_key: /data/harbor/ssl/tls.key

34 harbor_admin_password: harbor666

 

## 创建harbor访问域名证书

# mkdir /data/harbor/ssl && cd /data/harbor/ssl

# openssl genrsa -out tls.key 2048

# openssl req -new -x509 -key tls.key -out tls.cert -days 360 -subj /CN=*.yunjisuan.com

 

## 准备好单机编排工具`docker-compose`

# curl -L https://get.daocloud.io/docker/compose/releases/download/1.25.1/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose

# ll /usr/local/bin/docker-compose

# chmod +x /usr/local/bin/docker-compose

# docker-compose --version

 

## 开始安装（有扫描 --with-trivy ,有认证 --with-notary，有helm charts 模块加入--with-chartmuseum 其中--with-clair已弃用）

# ./install.sh

#其他命令

docker-compose start开启
docker-compose stop关闭
docker-compose down关闭并删除

docker-compose up -d 后台启动所有harbor容器进程
./prepare清理缓存

 

## 推送镜像到harbor

# echo '192.168.200.154  www.yunjisuan.com' >> /etc/hosts

# docker pull centos:7  #harbor本地下载一个公有仓库镜像centos:7

# docker tag centos:7 www.yunjisuan.com/library/centos:7

# docker login www.yunjisuan.com #登陆验证harbor私有仓库

# docker push www.yunjisuan.com/library/centos:7  # 推送镜像到harbor

# docker logout www.yunjisuan.com #退出harbor私有仓库

##在浏览器查看http://192.168.200.154

 

## 在其他节点上面拉取harbor镜像192.168.200.151

# echo '192.168.200.154  www.yunjisuan.com'  >> /etc/hosts

# ping www.yunjisuan.com  #是否网络通

# mkdir -p /etc/docker/certs.d/harbor.boge.com

# scp 192.168.200.154:/data/harbor/ssl/tls.cert /etc/docker/certs.d/harbor.boge.com/ca.crt

# docker pull nginx:latest  #harbor本地下载一个公有仓库镜像nginx

# docker tag nginx:latest www.yunjisuan.com/library/nginx:latest

# docker login www.yunjisuan.com #登陆验证harbor私有仓库

# docker push www.yunjisuan.com/library/centos:7  # 推送镜像到harbor

# docker logout www.yunjisuan.com #退出harbor私有仓库，不退出的话在 ~/.docker/config.json文件里存账号密码 echo YWRtaW46Ym9nZTY2Ng== | base64 -d