|NO.Z.00012|——————————|^^^^ 操作 ^^^^|——|Cloud&Docker镜像.V04|——|Harbor企业级Docker私有仓库|

一、Harbor企业级Docker私有仓库
### --- 安装底层需求

~~~     Python应该是2.7或者更高版本
~~~     Docker引擎为1.10或更高版本
~~~     Docker Compose需要为1.6.0或者更高版本
### --- 版本版本包下载

[root@localhost ~]# docker-compose: curl -L https://github.com/docker/compose/releases/download/1.9.0/docker-compose-`uname -s`-`uname -m` /usr/local/bin/docker-compose
二、Harbor安装:部署环境:192.168.1.55
### --- 检查系统环境

[root@localhost ~]# python
Python 2.7.5 (default, Nov 16 2020, 22:23:17) 
[GCC 4.8.5 20150623 (Red Hat 4.8.5-44)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>>
[root@localhost ~]# docker-compose --version
docker-compose version 1.23.1, build b02f1306  
 
[root@localhost ~]# docker info 
Server Version: 17.03.0-ce
### --- 安装部署
~~~     将harbor-offline-installer-v1.2.0.tgz上传到部署服务器

[root@localhost ~]# tar -zxvf harbor-offline-installer-v1.2.0.tgz
[root@localhost ~]# mv harbor /usr/local/ 
[root@localhost ~]# ls /usr/local/ |grep harbor
harbor 
~~~     生成对应的自己做的证书

[root@localhost ~]# openssl genrsa -des3 -out server.key 2048
Generating RSA private key, 2048 bit long modulus
..............+++
...................................................+++
e is 65537 (0x10001)
Enter pass phrase for server.key:                       // 输入密码:123456
Verifying - Enter pass phrase for server.key:           // 输入密码:123456 
~~~     创建证书请求

[root@localhost ~]# openssl req -new -key server.key -out server.csr
Enter pass phrase for server.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN                                    // 国家
State or Province Name (full name) []:BJ                                // 州或者省名
Locality Name (eg, city) [Default City]:BJ                              // 本地名称,默认城市
Organization Name (eg, company) [Default Company Ltd]:yanqi             // 单位名称
Organizational Unit Name (eg, section) []:yanqi                         // 组织单位名称
Common Name (eg, your name or your server's hostname) []:hub.yanqi.com  // 常用名称,您的姓名或您的服务器主机名
Email Address []:yanqi_vip@yeah.net                                     // 个人管理员邮箱地址
                        
Please enter the following 'extra' attributes                           // 输入以下额外属性
to be sent with your certificate request                                // 将于您的证书请求一起发送
A challenge password []:                                                // 更改密码,默认不需要更改
An optional company name []:                                            // 可选公司名称
~~~     备份操作,万一证书在使用的时候比如启动nginx的时候,需要输入私钥的密码;做一下退格操作
[root@localhost ~]# cp server.key server.key.org

~~~ 退秘钥;此刻我们的证书不需要秘钥就可以使用
[root@localhost ~]# openssl rsa -in server.key.org -out server.key
Enter pass phrase for server.key.org:                                   // 输入之前的密码
writing RSA key
~~~     创建证书
[root@localhost ~]# openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Signature ok
subject=/C=CN/ST=BJ/L=BJ/O=yanqi/OU=yanqi/CN=hub.yanqi.com/emailAddress=yanqi_vip@yeah.net
Getting Private key

~~~     创建数据存储目录,在github上会有直接说明
[root@localhost ~]# mkdir -p /data/cert
[root@localhost ~]# chmod -R 777 /data/cert
~~~     把配置文件拿到/data/cert/目录下

[root@localhost ~]# mv server.* /data/cert/
[root@localhost cert]# ls
server.crt  server.csr  server.key  server.key.org
[root@localhost cert]# cd /usr/local/harbor/
~~~     修改hurbor.cfg文件

[root@localhost harbor]# vim harbor.cfg 
hostname = hub.yanqi.com
ui_url_protocol = https                                     // 协议、docker默认是https协议,改为https
db_password = root123                                       // 数据库的默认密码,可以改也可以不改
max_job_workers = 3                                         // 复制仓库镜像的时候允许采用最大性能数
ssl_cert = /data/cert/server.crt                            // 指定证书私钥的位置
ssl_cert_key = /data/cert/server.key                        // 指定证书秘钥的位置
secretkey_path = /data                                      // 指定证书大概位置
admiral_url = NA
harbor_admin_password = 123456                              // 官方hub的root密码
### --- 安装Harbor

[root@localhost harbor]# ./install.sh
[Step 0]: checking installation environment ...             // 验证环境是否正确
Note: docker version: 17.03.0
Note: docker-compose version: 1.23.1
[Step 1]: loading Harbor images ...
Loaded image: vmware/registry:2.6.2-photon
Loaded image: photon:1.0
Loaded image: vmware/notary-photon:signer-0.5.0
Loaded image: vmware/clair:v2.0.1-photon
Loaded image: vmware/harbor-ui:v1.2.0
Loaded image: vmware/harbor-log:v1.2.0
Loaded image: vmware/harbor-db:v1.2.0
Loaded image: vmware/nginx-photon:1.11.13
Loaded image: vmware/postgresql:9.6.4-photon
Loaded image: vmware/harbor-adminserver:v1.2.0
Loaded image: vmware/harbor-jobservice:v1.2.0
Loaded image: vmware/notary-photon:server-0.5.0
Loaded image: vmware/harbor-notary-db:mariadb-10.1.10
[Step 4]: starting Harbor ...
Creating network "harbor_harbor" with the default driver
Creating harbor-log ... done
Creating harbor-adminserver ... done
Creating registry           ... done
Creating harbor-db          ... done
Creating harbor-ui          ... done
Creating harbor-jobservice  ... done
Creating nginx              ... done

✔ ----Harbor has been installed and started successfully.----

Now you should be able to visit the admin portal at https://hub.yanqi.com. 
For more details, please visit https://github.com/vmware/harbor .
### --- 在本地host文件中添加解析

C:\Windows\System32\drivers\etc
192.168.1.55 hub.yanqi.com
三、WEB_UI登录验证:
### --- WEB_UI登录验证:

~~~     通过IE浏览器访问Harbor服务器地址:https://192.168.1.55/harbor/sign-in
~~~     # OR
~~~     https://hub.yanqi.com/harbor/sign-in
后台管理界面
四、指定镜像仓库地址
### --- 指定镜像仓库地址:告诉它地址是安全的。

[root@localhost ~]# vim /etc/docker/daemon.json
 {
    "insecure-registries": ["hub.yanqi.com"]
}
[root@localhost ~]# vim /etc/hosts 
192.168.1.55 hub.yanqi.com 
[root@localhost ~]# systemctl restart docker.service
[root@localhost ~]# docker ps -a                                        // 查看对应的容器全部为up
### --- 将tomcat镜像推送到Harbor镜像仓库中
~~~     可以在docker私有服务器可以查看到docker镜像

[root@localhost ~]# docker push hub.yanqi.com/library/tomcat:v1.0       // 将tomcat打包成镜像      //更改tomcat镜像的名称
[root@localhost ~]# docker images 
REPOSITORY                    TAG                 IMAGE ID            CREATED             SIZE
hub.yanqi.com/yanqi/tomcat    v1.0                fccacb5afac5        5 minutes ago       642 MB
tomcat                        v1.0                fccacb5afac5        5 minutes ago       642 MB
[root@localhost ~]# docker push hub.yanqi.com/library/tomcat:v1.0       // 推送到仓库
[root@localhost ~]# docker login hub.yanqi.com                          // 登录我们的私有仓库服务器
Username: admin
Password:123456
### --- 将我们推送到docker私有服务器的镜像下载下来
### --- 运行这个tomcat容器

[root@localhost ~]# docker pull hub.yanqi.com/library/tomcat:v1.0 
[root@localhost ~]# docker run --name tomcat -p 80:8080 -d fccacb5afac5
附录一:
### --- Harbor官方地址: https://github.com/vmware/harbor/releases
~~~     解压软件包: tar xvf harbor-offline-installer-<version>.tgz

[root@localhost ~]# https://github.com/vmware/harbor/releases/download/v1.2.0/harbor-offline-installer-v1.2.0.tgz
### --- 配置 harbor.cfg

~~~     # 必选参数
~~~     hostname:目标的主机名或者完全限定域名
~~~     ui_url_protocol: http或 https。默认为 http
~~~     db_password:用于 db_auth的 MySQL数据库的根密码。更改此密码进行任何生产用途
~~~     max_job_workers:(默认值为 3)作业服务中的复制工作人员的最大数量。
~~~     对于每个映像复制作业,工作人员将存储库的所有标签同步到远程目标。
~~~     增加此数字允许系统中更多的并发复制作业。
~~~     但是,由于每个工作人员都会消耗一定数量的网络 / CPU / IO资源,
~~~     请根据主机的硬件资源,仔细选择该属性的值
~~~     customize_crt:( on或 off。默认为 on)当此属性打开时, 
~~~     prepare脚本将为注册表的令牌的生成 /验证创建私钥和根证书
~~~     ssl_cert: SSL证书的路径,仅当协议设置为 https时才应用
~~~     ssl_cert_key: SSL密钥的路径,仅当协议设置为 https时才应用
~~~     secretkey_path:用于在复制策略中加密或解密远程注册表的密码的密钥路径
### --- 创建 https 证书以及配置相关目录权限

openssl genrsa -des3 -out server.key 2048
openssl req -new -key server.key -out server.csr
cp server.key server.key.org
openssl rsa -in server.key.org -out server.key
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
mkdir /data/cert
chmod -R 777 /data/cert
### --- 运行脚本进行安装

./install.sh
### --- 访问测试

~~~     https://reg.yourdomain.com 的管理员门户
~~~     (将 reg.yourdomain.com更改为您的主机名 harbor.cfg)。
~~~     请注意,默认管理员用户名 /密码为 admin / Harbor12345
### --- 上传镜像进行上传测试
~~~     指定镜像仓库地址

vim /etc/docker/daemon.json
{
"insecure-registries": ["serverip"]
}
~~~     下载测试镜像
docker pull hello-world

~~~     给镜像重新打标签
docker tag hello-world serverip/hello-world:latest

~~~     登录进行上传
docker login serverip
### --- 其它 Docker 客户端下载测试
~~~     指定镜像仓库地址
vim /etc/docker/daemon.json
{
"insecure-registries": ["serverip"]
}

~~~     下载测试镜像
docker pull serverip/hello-world:latest

 

 
 
 
 
 
 
 
 
 
Walter Savage Landor:strove with none,for none was worth my strife.Nature I loved and, next to Nature, Art:I warm'd both hands before the fire of life.It sinks, and I am ready to depart
                                                                                                                                                   ——W.S.Landor
 

 

posted on   yanqi_vip  阅读(30)  评论(0编辑  收藏  举报

相关博文:
· |NO.Z.00046|——————————|^^ 配置 ^^|——|CI/CD&Jenkins_Harbor部署.V03|——|配置_harbor.v2.0.0.V02|
· |NO.Z.00045|——————————|^^ 部署 ^^|——|CI/CD&Jenkins_Harbor部署.V02|——|部署_harbor.v2.0.0.V01|
· 企业级镜像仓库Harbor
· 5、Docker 仓库
· Docker-企业级私有仓库harbor
阅读排行:
· 全程不用写代码,我用AI程序员写了一个飞机大战
· MongoDB 8.0这个新功能碉堡了,比商业数据库还牛
· 记一次.NET内存居高不下排查解决与启示
· 白话解读 Dapr 1.15:你的「微服务管家」又秀新绝活了
· DeepSeek 开源周回顾「GitHub 热点速览」
< 2025年3月 >
23 24 25 26 27 28 1
2 3 4 5 6 7 8
9 10 11 12 13 14 15
16 17 18 19 20 21 22
23 24 25 26 27 28 29
30 31 1 2 3 4 5

导航

统计

点击右上角即可分享
微信分享提示