企业级Docker-Harbor
【docker环境部署】
[root@harbor-server ~]# yum install -y yum-utils device-mapper-persistent-data lvm2 #安装docker-ce版本所依赖的软件程序 [root@harbor-server ~]# echo "13.224.2.103 download.docker.com" >>/etc/hosts #本地host解析,防止下载docker-ce的repo源报错 [root@harbor-server ~]# yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo #下载docker-ce的repo的源 [root@harbor-server ~]# yum install -y docker-ce #安装docker-ce [root@harbor-server ~]# systemctl start docker #启动docker并设置自启 [root@harbor-server ~]# systemctl enable docker
【安装docker-compos】
docker-compos是一个用户定义和运行多个容器的docker应用程序,使用定义YAML文件配置应用的服务,只需简单命令即可创建启动所配置的所有服务
docker-compos基本三个流程:
- 在Dockerfile中定义你的应用环境,使其在任何地方复制
- 在docker-conpos.yml中,定义组成应用程序的服务,方便在隔离的环境中一起运行·
- 运行docker up -d.compose将启动并运行整个应用程序
- 参考github上,docker-compos安装https://github.com/docker/compose/releases
[root@harbor-server ~]# yum update nss curl -y [root@harbor-server ~]# echo "52.216.239.107 github-production-release-asset-2e65be.s3.amazonaws.com" >>/etc/hosts [root@harbor-server ~]# echo "13.250.177.223 github.com" >>/etc/hosts [root@harbor-server ~]# curl -L https://github.com/docker/compose/releases/download/1.24.0/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose [root@harbor-server ~]# chmod +x /usr/local/bin/docker-compose [root@harbor-server ~]# ll -d /usr/local/bin/docker-compose -rwxr-xr-x 1 root root 16154160 5月 17 15:06 /usr/local/bin/docker-compose [root@harbor-server ~]# docker-compose --version docker-compose version 1.24.0, build 0aa59064
PS:curl: (35) Peer reports incompatible or unsupported protocol version. #如果上述命令执行出现这种报错,则是因为ncc和url版本过低导致的更新即可,yum update nss curl -y
【安装docker-harbor】
[root@harbor-server ~]# https://storage.googleapis.com/harbor-releases/release-1.7.0/harbor-offline-installer-v1.7.1.tgz
[root@harbor-server ~]# tar zxvf harbor-offline-installer-v1.7.1.tgz -C /usr/local/
root@localhost ~]# cd /usr/local/harbor/
[root@harbor-server ~]# mkdir -p /usr/local/harbor/ssl/
[root@harbor-server ssl]# openssl req -newkey rsa:4096 -nodes -sha256 -keyout ca.key -x509 -days 365 -out ca.crt
Generating a 4096 bit RSA private key ..++ ...................................................................................................................................++ writing new private key to 'ca.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:CN State or Province Name (full name) []: Locality Name (eg, city) [Default City]: Organization Name (eg, company) [Default Company Ltd]: Organizational Unit Name (eg, section) []: Common Name (eg, your name or your server's hostname) []:bixiaoyu Email Address []:
[root@harbor-server ssl]# openssl req -newkey rsa:4096 -nodes -sha256 -keyout reg.bixiaoyu.com.key -out reg.bixiaoyu.com.csr
Generating a 4096 bit RSA private key ............................++ ................................++ writing new private key to 'reg.bixiaoyu.com.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:CN State or Province Name (full name) []: Locality Name (eg, city) [Default City]: Organization Name (eg, company) [Default Company Ltd]: Organizational Unit Name (eg, section) []: Common Name (eg, your name or your server's hostname) []:reg.bixiaoyu.com Email Address []: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []:
[root@harbor-server ssl]# openssl x509 -req -days 365 -in reg.bixiaoyu.com.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out reg.bixiaoyu.com.crt
Signature ok subject=/C=CN/L=Default City/O=Default Company Ltd/CN=reg.bixiaoyu.com Getting CA Private Key
【配置harbor】
[root@localhost harbor]# vim harbor.cfg
hostname = reg.bixiaoyu.com #设置harbor仓库访问的域名 ui_url_protocol = https #支持https协议 ssl_cert = /usr/local/harbor/ssl/reg.bixiaoyu.com.crt #设置证书认证 ssl_cert_key = /usr/local/harbor/ssl/reg.bixiaoyu.com.key harbor_admin_password = 12345 #访问harbor登录密码
[root@harbor-server harbor]# ./prepare
Generated and saved secret to file: /data/secretkey Generated configuration file: ./common/config/nginx/nginx.conf Generated configuration file: ./common/config/adminserver/env Generated configuration file: ./common/config/core/env Generated configuration file: ./common/config/registry/config.yml Generated configuration file: ./common/config/db/env Generated configuration file: ./common/config/jobservice/env Generated configuration file: ./common/config/jobservice/config.yml Generated configuration file: ./common/config/log/logrotate.conf Generated configuration file: ./common/config/registryctl/env Generated configuration file: ./common/config/core/app.conf Generated certificate, key file: ./common/config/core/private_key.pem, cert file: ./common/config/registry/root.crt The configuration files are ready, please use docker-compose to start the service.
[root@harbor-server harbor]# ./install.sh
[Step 3]: checking existing instance of Harbor ... [Step 4]: starting Harbor ... Creating network "harbor_harbor" with the default driver Creating harbor-log ... done Creating harbor-adminserver ... done Creating registryctl ... done Creating registry ... done Creating harbor-db ... done Creating redis ... done Creating harbor-core ... done Creating harbor-jobservice ... done Creating harbor-portal ... done Creating nginx ... done ✔ ----Harbor has been installed and started successfully.---- Now you should be able to visit the admin portal at https://reg.bixiaoyu.com. For more details, please visit https://github.com/goharbor/harbor .
[root@harbor-server harbor]# docker-compose ps #检查关于harbor容器已经运行
Name Command State Ports ------------------------------------------------------------------------------------------------------------------------------------- harbor-adminserver /harbor/start.sh Up (healthy) harbor-core /harbor/start.sh Up (healthy) harbor-db /entrypoint.sh postgres Up (healthy) 5432/tcp harbor-jobservice /harbor/start.sh Up harbor-log /bin/sh -c /usr/local/bin/ ... Up (healthy) 127.0.0.1:1514->10514/tcp harbor-portal nginx -g daemon off; Up (healthy) 80/tcp nginx nginx -g daemon off; Up (healthy) 0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp, 0.0.0.0:80->80/tcp redis docker-entrypoint.sh redis ... Up 6379/tcp registry /entrypoint.sh /etc/regist ... Up (healthy) 5000/tcp registryctl /harbor/start.sh Up (healthy)
Ps:如果在本机访问reg.bixiaoyu.com的harbor域名,需要在本地host解析,这里不再具体说明
【镜像上传】
[root@localhost ~]# scp root@192.168.175.100:/usr/local/harbor/ssl/reg.bixiaoyu.com.crt /etc/docker/certs.d/reg.bixiaoyu.com/
[root@localhost ~]# scp root@192.168.175.100:/usr/local/harbor/ssl/reg.bixiaoyu.com.key /etc/docker/certs.d/reg.bixiaoyu.com/
[root@localhost ~]# ls /etc/docker/certs.d/reg.bixiaoyu.com/
reg.bixiaoyu.com.crt reg.bixiaoyu.com.key
[root@localhost ~]# docker login reg.bixiaoyu.com
Username: hexunadmin
Password:
Login Succeeded
[root@localhost ~]# docker tag 675bd9a877ed reg.bixiaoyu.com/test/tomcat:v1
[root@localhost ~]# docker push reg.bixiaoyu.com/test/tomcat:v1
[root@localhost ~]# docker pull reg.bixiaoyu.com/test/tomcat:v1