二、centos7.6安装harbor

先决条件:必须安装docker和docker-compose并且启动docker

1、安装docker

安装必要系统工具

yum install -y yum-utils device-mapper-persistent-data lvm2

添加软件源信息

yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

更新yum缓存

yum makecache fast

安装docker-ce

yum -y install docker-ce

启动docker后台服务

systemctl start docker

设置docker开机自启动

systemctl enable docker

2、安装docker-compose

查看有没有安装docker-compose

docker-compose -v

下载二进制文件

curl -L https://github.com/docker/compose/releases/tag/1.25.0/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose

赋予二进制文件可执行权限

chmod +x /usr/local/bin/docker-compose

根据自己的情况决定是否安装命令补全功能

yum install bash-completion
curl -L https://raw.githubusercontent.com/docker/compose/1.25.0/contrib/completion/bash/docker-compose -o /etc/bash_completion.d/docker-compose

测试是否安装成功

docker-compose --version

centos7安装docker-copmsoe的三种方式

3、 harbor安装

下载

wget -P /usr/local/src/ https://github.com/goharbor/harbor/releases/download/v2.8.1/harbor-online-installer-v2.8.1.tgz

解压

tar zxf harbor-online-installer-v2.8.1.tgz  -C /usr/local/

修改配置文件

cd /usr/local/harbor/
#复制基础配置文件
cp harbor.yml.tmpl  harbor.yml
# 创建用于存放harbor的持久化数据目录
mkdir -p /data/harbor
# 修改配置
vim harbor.yml

主要修改参数:

hostname: 192.168.10.10          //需要写IP地址或者域名
#http配置
http:
# port for http, default is 80. If https enabled, this port will redirect to https port
port: 80

#https配置(如不需要 需要注释掉Https配置)

# https related config
#https:(注释掉)
# https port for harbor, default is 443
 #port: 443(注释掉)
# The path of cert and key files for nginx
 #certificate: /your/certificate/path(注释掉)
 #private_key: /your/private/key/path(注释掉)

harbor_admin_password: Harbor12345         //admin密码

#数据库配置
database:
# The password for the root user of Harbor DB. Change this before any production use.
password: root123
# The maximum number of connections in the idle connection pool. If it <=0, no idle connections are retained.
max_idle_conns: 50
# The maximum number of open connections to the database. If it <= 0, then there is no limit on the number of open connections.
# Note: the default number of connections is 100 for postgres.
max_open_conns: 100

#持久化数据目录
data_volume: /data/harbor
……

执行安装

./install.sh

如果报错:ERROR:root:Error: The protocol is https but attribute ssl_cert is not set

vim harbor.yml

访问

http://192.168.10.10
默认账户密码:admin/Harbor12345 登录后修改密码

启动和重启

Harbor的日常运维管理是通过docker-compose来完成的,Harbor本身有多个服务进程,都放在docker容器中运行,可以通过docker ps命令查看

# 切换到harbor安装目录
cd /usr/local/harbor
# 查看Harbor
docker-compose ps
# 启动Harbor
docker-compose start
# 停止Harbor
docker-compose stop
# 重启Harbor
docker-compose restart

如果是用 docker-compose start 会报错:
ERROR: for nginx UnixHTTPConnectionPool(host='localhost', port=None): Read timed out. (read timeout=60)
ERROR: for harbor-log UnixHTTPConnectionPool(host='localhost', port=None): Read timed out. (read timeout=60)
ERROR: An HTTP request took too long to complete. Retry with --verbose to obtain debug information.

因此使用 docker-compose up -d 启动

命令行登录

docker login 192.168.10.10 -u admin -p Harbor12345

第一次登录都会报错:Error response from daemon: Get "https://192.168.10.10/v2/": dial tcp 10.130.77.48:443: connect: no route to host
原因:Docker自从1.3.X之后docker registry交互默认使用的是HTTPS,但是我们搭建私有镜像默认使用的是HTTP服务,所以与私有镜像交时出现以上错误。
解决:修改Docker的配置文件/etc/docker/daemon.json :

# vim /etc/docker/daemon.json 
{
"registry-mirrors": ["https://k728i8z5.mirror.aliyuncs.com"],
#如更改过harbor.yml的http端口需要加上端口号
"insecure-registries":["192.168.10.10:80"]
}
# 然后依次执行如下命令:
docker-compose stop
systemctl daemon-reload
systemctl restart docker
docker-compose up -d

开机自启动

  • 配置文件
    cd /etc/systemd/system
    vim harbor.service
    [Unit]
    Description=Harbor
    After=docker.service systemd-networkd.service systemd-resolved.service
    Requires=docker.service
    Documentation=http://github.com/vmware/harbor
    [Service]
    Type=simple
    Restart=on-failure
    RestartSec=5
    ExecStart=/usr/local/bin/docker-compose -f /usr/local/harbor/docker-compose.yml up
    ExecStop=/usr/local/bin/docker-compose -f /usr/local/harbor/docker-compose.yml down
    [Install]
    WantedBy=multi-user.target
    
  • 配置权限
    chmod 755 harbor.service
    
  • 开启开机自启
    systemctl daemon-reload
    systemctl enable harbor
    systemctl start harbor
    systemctl status harbor
    
  • 验证
    reboot
    systemctl status harbor
    

4、上传和下载

客户端拉取镜像

docker pull nginx

客户端将镜像打tag

命令格式:docker tag SOURCE_IMAGE[:TAG] harbor/library/IMAGE[:TAG]

docker tag nginx:latest 192.168.10.10/library/nginx:latest

客户端push镜像之前,先登录服务端

docker login 192.168.10.10 -u admin -p Harbor12345

客户端push

push命令格式: docker push harbor/library/IMAGE[:TAG]

docker push 192.168.10.10/library/nginx:latest

5、配置https

ssl:

前提:

  • 拥有一个域名
  • 域名A解析指向本地Harbor服务器地址
  • 申请子域SSL证书(nginx类型)

修改配置文件,启用https

# Configuration file of Harbor

# The IP address or hostname to access admin UI and registry service.
# DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
hostname: harbor.ninexch.com #更改为本地解析IP的域名

# http related config
http:
  # port for http, default is 80. If https enabled, this port will redirect to https port
  port: 80
# https related config
https: #开启Https
  # https port for harbor, default is 443
  port: 443 #开启端口
  # The path of cert and key files for nginx
  certificate: /data/cert/harbor.ninexch.com.pem #指定SSL公有证书
  private_key: /data/cert/harbor.ninexch.com.key #指定SSL私有证书

重新编译配置文件

./prepare
docker-compose down -v
docker-compose up -d

TSL:

posted @ 2023-05-16 12:36  嘸杺  阅读(161)  评论(0编辑  收藏  举报