企业级Docker-Harbor

【docker环境部署】

[root@harbor-server ~]# yum install -y yum-utils device-mapper-persistent-data lvm2    #安装docker-ce版本所依赖的软件程序
[root@harbor-server ~]# echo "13.224.2.103 download.docker.com" >>/etc/hosts     #本地host解析,防止下载docker-ce的repo源报错
[root@harbor-server ~]# yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo   #下载docker-ce的repo的源
[root@harbor-server ~]# yum install -y docker-ce    #安装docker-ce
[root@harbor-server ~]# systemctl start docker     #启动docker并设置自启
[root@harbor-server ~]# systemctl enable docker

 

【安装docker-compos

docker-compos是一个用户定义和运行多个容器的docker应用程序,使用定义YAML文件配置应用的服务,只需简单命令即可创建启动所配置的所有服务

docker-compos基本三个流程:

  • 在Dockerfile中定义你的应用环境,使其在任何地方复制
  • 在docker-conpos.yml中,定义组成应用程序的服务,方便在隔离的环境中一起运行·
  • 运行docker up -d.compose将启动并运行整个应用程序
  • 参考github上,docker-compos安装https://github.com/docker/compose/releases
[root@harbor-server ~]# yum update nss curl -y
[root@harbor-server ~]# echo "52.216.239.107 github-production-release-asset-2e65be.s3.amazonaws.com" >>/etc/hosts
[root@harbor-server ~]# echo "13.250.177.223 github.com" >>/etc/hosts
[root@harbor-server ~]# curl -L https://github.com/docker/compose/releases/download/1.24.0/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
[root@harbor-server ~]# chmod +x /usr/local/bin/docker-compose 
[root@harbor-server ~]# ll -d  /usr/local/bin/docker-compose 
-rwxr-xr-x 1 root root 16154160 5月  17 15:06 /usr/local/bin/docker-compose
[root@harbor-server ~]# docker-compose --version 
docker-compose version 1.24.0, build 0aa59064

 

PS:curl: (35) Peer reports incompatible or unsupported protocol version.  #如果上述命令执行出现这种报错,则是因为ncc和url版本过低导致的更新即可,yum update nss curl -y

【安装docker-harbor】

[root@harbor-server ~]# https://storage.googleapis.com/harbor-releases/release-1.7.0/harbor-offline-installer-v1.7.1.tgz

[root@harbor-server ~]# tar zxvf harbor-offline-installer-v1.7.1.tgz -C /usr/local/

root@localhost ~]# cd /usr/local/harbor/

[root@harbor-server ~]# mkdir -p /usr/local/harbor/ssl/

[root@harbor-server ssl]# openssl req -newkey rsa:4096 -nodes -sha256 -keyout ca.key -x509 -days 365 -out ca.crt

Generating a 4096 bit RSA private key
..++
...................................................................................................................................++
writing new private key to 'ca.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:bixiaoyu
Email Address []:

 

[root@harbor-server ssl]# openssl req -newkey rsa:4096 -nodes -sha256 -keyout reg.bixiaoyu.com.key -out reg.bixiaoyu.com.csr

Generating a 4096 bit RSA private key
............................++
................................++
writing new private key to 'reg.bixiaoyu.com.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:reg.bixiaoyu.com
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

 

[root@harbor-server ssl]# openssl x509 -req -days 365 -in reg.bixiaoyu.com.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out reg.bixiaoyu.com.crt

Signature ok
subject=/C=CN/L=Default City/O=Default Company Ltd/CN=reg.bixiaoyu.com
Getting CA Private Key

 

【配置harbor】

[root@localhost harbor]# vim harbor.cfg

hostname = reg.bixiaoyu.com     #设置harbor仓库访问的域名

ui_url_protocol = https   #支持https协议

ssl_cert = /usr/local/harbor/ssl/reg.bixiaoyu.com.crt    #设置证书认证
ssl_cert_key = /usr/local/harbor/ssl/reg.bixiaoyu.com.key

harbor_admin_password = 12345    #访问harbor登录密码

 

[root@harbor-server harbor]# ./prepare

Generated and saved secret to file: /data/secretkey
Generated configuration file: ./common/config/nginx/nginx.conf
Generated configuration file: ./common/config/adminserver/env
Generated configuration file: ./common/config/core/env
Generated configuration file: ./common/config/registry/config.yml
Generated configuration file: ./common/config/db/env
Generated configuration file: ./common/config/jobservice/env
Generated configuration file: ./common/config/jobservice/config.yml
Generated configuration file: ./common/config/log/logrotate.conf
Generated configuration file: ./common/config/registryctl/env
Generated configuration file: ./common/config/core/app.conf
Generated certificate, key file: ./common/config/core/private_key.pem, cert file: ./common/config/registry/root.crt
The configuration files are ready, please use docker-compose to start the service.

[root@harbor-server harbor]# ./install.sh

[Step 3]: checking existing instance of Harbor ...


[Step 4]: starting Harbor ...
Creating network "harbor_harbor" with the default driver
Creating harbor-log ... done
Creating harbor-adminserver ... done
Creating registryctl        ... done
Creating registry           ... done
Creating harbor-db          ... done
Creating redis              ... done
Creating harbor-core        ... done
Creating harbor-jobservice  ... done
Creating harbor-portal      ... done
Creating nginx              ... done

✔ ----Harbor has been installed and started successfully.----

Now you should be able to visit the admin portal at https://reg.bixiaoyu.com. 
For more details, please visit https://github.com/goharbor/harbor .

 

[root@harbor-server harbor]# docker-compose ps    #检查关于harbor容器已经运行

       Name                     Command                  State                                    Ports                              
-------------------------------------------------------------------------------------------------------------------------------------
harbor-adminserver   /harbor/start.sh                 Up (healthy)                                                                   
harbor-core          /harbor/start.sh                 Up (healthy)                                                                   
harbor-db            /entrypoint.sh postgres          Up (healthy)   5432/tcp                                                        
harbor-jobservice    /harbor/start.sh                 Up                                                                             
harbor-log           /bin/sh -c /usr/local/bin/ ...   Up (healthy)   127.0.0.1:1514->10514/tcp                                       
harbor-portal        nginx -g daemon off;             Up (healthy)   80/tcp                                                          
nginx                nginx -g daemon off;             Up (healthy)   0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp, 0.0.0.0:80->80/tcp
redis                docker-entrypoint.sh redis ...   Up             6379/tcp                                                        
registry             /entrypoint.sh /etc/regist ...   Up (healthy)   5000/tcp                                                        
registryctl          /harbor/start.sh                 Up (healthy)   

Ps:如果在本机访问reg.bixiaoyu.com的harbor域名,需要在本地host解析,这里不再具体说明

 

 

【镜像上传】

[root@localhost ~]# scp root@192.168.175.100:/usr/local/harbor/ssl/reg.bixiaoyu.com.crt /etc/docker/certs.d/reg.bixiaoyu.com/

[root@localhost ~]# scp root@192.168.175.100:/usr/local/harbor/ssl/reg.bixiaoyu.com.key /etc/docker/certs.d/reg.bixiaoyu.com/

[root@localhost ~]# ls /etc/docker/certs.d/reg.bixiaoyu.com/
reg.bixiaoyu.com.crt reg.bixiaoyu.com.key

[root@localhost ~]# docker login reg.bixiaoyu.com
Username: hexunadmin
Password:
Login Succeeded

[root@localhost ~]# docker tag 675bd9a877ed reg.bixiaoyu.com/test/tomcat:v1

[root@localhost ~]# docker push reg.bixiaoyu.com/test/tomcat:v1

[root@localhost ~]# docker pull reg.bixiaoyu.com/test/tomcat:v1

posted @ 2018-10-22 09:12  Mr&Yu  阅读(448)  评论(0编辑  收藏  举报