docker的私有仓库harbor
[root@localhost ~]# mkdir -p /data/ssl
[root@localhost ~]# cd /data/ssl/
[root@localhost ssl]# openssl req -newkey rsa:4096 -nodes -sha256 -keyout ca.key -x509 -days 365 -out ca.crt
Generating a 4096 bit RSA private key
.................++
.................++
writing new private key to 'ca.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:Beijing
Locality Name (eg, city) [Default City]:Beijing
Organization Name (eg, company) [Default Company Ltd]:yunjisuan
Organizational Unit Name (eg, section) []:yunjisuan
Common Name (eg, your name or your server's hostname) []:www.yunjisuan.com
Email Address []:
[root@localhost ssl]# openssl req -newkey rsa:4096 -nodes -sha256 -keyout www.yunjisuan.com.key -out www.yunjisuan.com.csr
Generating a 4096 bit RSA private key
......................................................................................................................................................................++
.........................................................................................................................................................................................................................................++
writing new private key to 'www.yunjisuan.com.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:Beijing
Locality Name (eg, city) [Default City]:Beijing
Organization Name (eg, company) [Default Company Ltd]:yunjisuan
Organizational Unit Name (eg, section) []:yunjisuan
Common Name (eg, your name or your server's hostname) []:www.yunjisuan.com
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@localhost ssl]# ls
ca.crt ca.key www.yunjisuan.com.csr www.yunjisuan.com.key
[root@bogon ssl]# openssl x509 -req -days 365 -in www.yunjisuan.com.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out www.yunjisuan.com.crt
Signature ok
subject=/C=CN/ST=Beijing/L=Beijing/O=yunjisuan/OU=yunjisuan/CN=www.yunjisuan.com
Getting CA Private Key
[root@bogon ssl]# ls
ca.crt ca.key ca.srl www.yunjisuan.com.crt www.yunjisuan.com.csr www.yunjisuan.com.key
[root@bogon ssl]# cp www.yunjisuan.com.crt /etc/pki/ca-trust/source/anchors/ #签发证书
[root@bogon ssl]# update-ca-trust enable
[root@bogon ssl]# update-ca-trust extract #让证书立即生效
[root@bogon ssl]# sestatus
SELinux status: disabled #查看se的状态
[root@bogon ssl]# systemctl stop firewalld #关闭防火墙
[root@bogon ssl]# yum -y install yum-utils device-mapper-persistent-data lvm2 #安装依赖包
[root@bogon ssl]# curl https://download.docker.com/linux/centos/docker-ce.repo -o /etc/yum.repos.d/docker-ce.repo
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 1919 100 1919 0 0 2141 0 --:--:-- --:--:-- --:--:-- 2139
[root@bogon ssl]# yum -y install docker-ce
[root@bogon ssl]# systemctl start docker
[root@bogon ssl]# systemctl status docker
● docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor preset: disabled)
Active: active (running) since 二 2024-01-23 19:36:45 CST; 9s ago
Docs: https://docs.docker.com
Main PID: 75367 (dockerd)
Tasks: 8
Memory: 29.0M
CGroup: /system.slice/docker.service
└─75367 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
1月 23 19:36:44 bogon systemd[1]: Starting Docker Application Container Engine...
1月 23 19:36:44 bogon dockerd[75367]: time="2024-01-23T19:36:44.876530652+08:00" level=info msg="Starting up"
1月 23 19:36:44 bogon dockerd[75367]: time="2024-01-23T19:36:44.994809327+08:00" level=info msg="Loading containers: start."
1月 23 19:36:45 bogon dockerd[75367]: time="2024-01-23T19:36:45.795362083+08:00" level=info msg="Loading containers: done."
1月 23 19:36:45 bogon dockerd[75367]: time="2024-01-23T19:36:45.827181646+08:00" level=info msg="Docker daemon" commit=61...=25.0.0
1月 23 19:36:45 bogon dockerd[75367]: time="2024-01-23T19:36:45.827463867+08:00" level=info msg="Daemon has completed ini...zation"
1月 23 19:36:45 bogon dockerd[75367]: time="2024-01-23T19:36:45.887077116+08:00" level=info msg="API listen on /run/docker.sock"
1月 23 19:36:45 bogon systemd[1]: Started Docker Application Container Engine.
Hint: Some lines were ellipsized, use -l to show in full.
[root@bogon ssl]# systemctl enable docker
Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.
[root@bogon ssl]# docker version
Client: Docker Engine - Community
Version: 25.0.0
API version: 1.44
Go version: go1.21.6
Git commit: e758fe5
Built: Thu Jan 18 17:13:17 2024
OS/Arch: linux/amd64
Context: default
Server: Docker Engine - Community
Engine:
Version: 25.0.0
API version: 1.44 (minimum version 1.24)
Go version: go1.21.6
Git commit: 615dfdf
Built: Thu Jan 18 17:12:10 2024
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.6.27
GitCommit: a1496014c916f9e62104b33d1bb5bd03b0858e59
runc:
Version: 1.1.11
GitCommit: v1.1.11-0-g4bccb38
docker-init:
Version: 0.19.0
GitCommit: de40ad0
[root@bogon ssl]# mkdir -p /etc/ssl/harbor #创建证书目录并复制
[root@bogon ssl]# cp www.yunjisuan.com.crt www.yunjisuan.com.key /etc/ssl/harbor/
[root@Harbor install]# wget http://harbor.orientsoft.cn/harbor-v1.5.0/harbor-off1ine-installer-v1.5.0.te2
[root@bogon ssl]# mkdir -p /data/install
[root@192 ~]# tar xf harbor-offline-installer-v1.5.0.tgz -C /data/install/
[root@192 ~]# cd /data/install/harbor/
[root@192 harbor]# vim harbor.cfg
[ root@Harbor ~]# curl -L https://github.com/docker/compose/releases/download/1.21.2/docker-compose-$(uname -s)-$(uname -m) -o /usr/local/bin/docker-compose #安装docker-compose命令
[root@192 bin]# chmod +x docker-compose
[root@192 bin]# mv docker-compose /usr/bin/
[root@192 bin]# which docker-compose
/usr/bin/docker-compose
[root@192 bin]# docker-compose --version
docker-compose version 1.21.2, build a133471
[root@192 harbor]# ./install.sh --with-notary --with-clair
✔ ----Harbor has been installed and started successfully.----
Now you should be able to visit the admin portal at https://www.yunjisuan.com.
For more details, please visit https://github.com/vmware/harbor . #显示这个即可
#用户名:admin 密码:Harbor12345
#改好以后点击保存
[root@192 ~]# docker login 192.168.200.217 #这里报错是正常的,的用域名访问
Username: admin
Password:
Error response from daemon: Get https://192.168.200.217/v1/users/: x509: cannot validate certificate for 192.168.200.217 because it doesn't contain any IP SANs
[root@192 ~]# echo '192.168.200.217 www.yunjisuan.com'>>/etc/hosts
[root@192 ~]# docker login -uadmin -pHarbor12345 www.yunjisuan.com
Login Succeeded
[root@192 ~]# docker images #查看镜像
REPOSITORY TAG IMAGE ID CREATED SIZE
vmware/redis-photon v1.5.0 7c03076402d9 5 years ago 207 MB
vmware/clair-photon v2.0.1-v1.5.0 7ae4e0670a3f 5 years ago 301 MB
vmware/notary-server-photon v0.5.1-v1.5.0 0b2b23300552 5 years ago 211 MB
vmware/notary-signer-photon v0.5.1-v1.5.0 67c41b4a1283 5 years ago 209 MB
vmware/registry-photon v2.6.2-v1.5.0 3059f44f4b9a 5 years ago 198 MB
vmware/nginx-photon v1.5.0 e100456182fc 5 years ago 135 MB
vmware/harbor-log v1.5.0 62bb6b8350d9 5 years ago 200 MB
vmware/harbor-jobservice v1.5.0 aca9fd2e867f 5 years ago 194 MB
vmware/harbor-ui v1.5.0 1055166068d0 5 years ago 212 MB
vmware/harbor-adminserver v1.5.0 019bc4544829 5 years ago 183 MB
vmware/harbor-db v1.5.0 82354dcf564f 5 years ago 526 MB
vmware/mariadb-photon v1.5.0 403e7e656499 5 years ago 526 MB
vmware/postgresql-photon v1.5.0 35c891dea9cf 5 years ago 221 MB
vmware/harbor-migrator v1.5.0 466c57ab0dc3 5 years ago 1.16 GB
vmware/photon 1.0 4b481ecbef2a 5 years ago 130 MB
[root@www ~]# docker pull centos
Using default tag: latest
Trying to pull repository docker.io/library/centos ...
latest: Pulling from docker.io/library/centos
a1d0c7532777: Pull complete
Digest: sha256:a27fd8080b517143cbbbab9dfb7c8571c40d67d534bbdee55bd6c473f432b177
Status: Downloaded newer image for docker.io/centos:latest
[root@www ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/centos latest 5d0da3dc9764 2 years ago 231 MB
[root@www ~]# docker tag docker.io/centos:latest www.yunjisuan.com/library/centos:s1 #对镜像进行改名
[root@www ~]# docker push www.yunjisuan.com/library/centos:s1 #上传镜像
The push refers to a repository [www.yunjisuan.com/library/centos]
74ddd0ec08fa: Pushed
s1: digest: sha256:a1801b843b1bfaf77c501e7a6d3f709401a1e0c83863037fa3aab063a7fdb9dc size: 529
备:
[root@localhost ~]# docker login -uadmin -pHarbor12345 www.yunjisuan.com
Login Succeeded
[root@localhost ~]# docker pull www.yunjisuan.com/library/centos:s1
Trying to pull repository www.yunjisuan.com/library/centos ...
s1: Pulling from www.yunjisuan.com/library/centos
Digest: sha256:a1801b843b1bfaf77c501e7a6d3f709401a1e0c83863037fa3aab063a7fdb9dc
Status: Image is up to date for www.yunjisuan.com/library/centos:s1
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/centos latest 5d0da3dc9764 2 years ago 231 MB
www.yunjisuan.com/library/centos s1 5d0da3dc9764 2 years ago 231 MB
[root@www2 ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.200.217 www.yunjisuan.com
192.168.200.231 www2.yunjisuan.com #主备都需要映射配置文件
[root@www2 ~]# cd /etc/pki/ca-trust/source/anchors/
[root@www2 anchors]# ls
www2.yunjisuan.com.crt www.yunjisuan.com.crt #两边的证书都有
[root@localhost ~]# yum -y install bind bind-chroot bind-utils
[root@localhost ~]# cp /etc/named.conf{,.bak}
