第4篇创建harbor私有镜像库
一、部署准备:
1、准备harbor软件包
在部署节点上:
![](https://img2018.cnblogs.com/blog/1584426/201905/1584426-20190501123243531-1994399884.jpg)
![](https://img2018.cnblogs.com/blog/1584426/201905/1584426-20190501123326894-2048995436.png)
2、挂载一个磁盘,专门存储harbor镜像和文件
![](https://img2018.cnblogs.com/blog/1584426/201905/1584426-20190501123356497-215816806.png)
![](https://img2018.cnblogs.com/blog/1584426/201905/1584426-20190501123508510-1876964908.png)
3、进入到/etc/docker/harbor/目录,修改如下配置文件
![](https://img2018.cnblogs.com/blog/1584426/201905/1584426-20190501123525137-325219524.png)
找到如下参数,并修为如下配置:
hostname = reg.yunwei.edu ui_url_protocol = https ssl_cert = /data/harbor/cert/harbor.crt ssl_cert_key = /data/harbor/cert/harbor.key secretkey_path = /data/harbor harbor_admin_password = admin ssl_cert = /data/harbor/cert/harbor.crt ssl_cert_key = /data/harbor/cert/harbor.key 以上为ca证书名称,必须与实际文件同名 secretkey_path = /data/harbor 为ca证书目录
找到如下参数,并修为如下配置: /data/harbor/clair-db:/var/lib/postgresql/data:z
找到如下参数,并修为如下配置: /data/harbor/notary-db:/var/lib/mysql:z
找到如下参数,并修为如下配置: /data/harbor/:/var/log/docker/:z /data/harbor/registry:/storage:z /data/harbor/database:/var/lib/mysql:z /data/harbor/config/:/etc/adminserver/config/:z /data/harbor/secretkey:/etc/adminserver/key:z /data/harbor/:/data/:z /data/harbor/secretkey:/etc/ui/key:z /data/harbor/ca_download/:/etc/ui/ca/:z /data/harbor/psc/:/etc/ui/token/:z /data/harbor/job_logs:/var/log/jobs:z /data/harbor/secretkey:/etc/jobservice/key:z
4、获取证书目录ca/,移动到/data/harbor/下并重命名为cert。
与harbor.cfg文件相互对应
![](https://img2018.cnblogs.com/blog/1584426/201905/1584426-20190501124128951-652363437.png)
![](https://img2018.cnblogs.com/blog/1584426/201905/1584426-20190501124148301-73146586.png)
5、执行脚本,安装harbor
![](https://img2018.cnblogs.com/blog/1584426/201905/1584426-20190501124442096-480052341.png)
6、验证harbor是否部署成功:必须在/opt/harbor/目录下执行
docker-compose:批量管理docker的工具,执行的目录中必须要有docker-compose文件。
dockers-compose --help可以查看命令
注:docker-compose开启的docker只能用该命令停止或者删除,不能用docker rm
#docker-compose ps
![](https://img2018.cnblogs.com/blog/1584426/201905/1584426-20190501130020606-1132814665.png)
7、将证书的ca.crt文件拷贝到/etc/docker/certs.d/reg.yunwei.edu/下
注:此文件安装harbor过程有可能已经做过,查看目录,如做过,可省略
![](https://img2018.cnblogs.com/blog/1584426/201905/1584426-20190501124525110-1814141520.png)
8、将证书文件发送给各个节点,保证各个节点都能访问到镜像库,并下载镜像
![](https://img2018.cnblogs.com/blog/1584426/201905/1584426-20190501124800379-1512733342.png)
9、将部署镜像库的节点,进行域名解析,这里ansible节点与私有镜像库节点为同一台机器,故ip一样
![](https://img2018.cnblogs.com/blog/1584426/201905/1584426-20190501124856243-2036660147.png)
![](https://img2018.cnblogs.com/blog/1584426/201905/1584426-20190501125123563-1567053156.png)
10、将/etc/hosts文件分发到各个节点
![](https://img2018.cnblogs.com/blog/1584426/201905/1584426-20190501125207896-1180056458.png)
11、在部署节点进行登陆测试,成功即可。用户名和密码均为admin,密码在harbor.cfg文件中进行过修改
![](https://img2018.cnblogs.com/blog/1584426/201905/1584426-20190501125226749-709623886.png)
浏览器中直接输入ip即可访问
![](https://img2018.cnblogs.com/blog/1584426/201905/1584426-20190501125514270-166340182.png)
12、上传镜像测试
![](https://img2018.cnblogs.com/blog/1584426/201905/1584426-20190501125438603-1876978810.png)
![](https://img2018.cnblogs.com/blog/1584426/201905/1584426-20190501125558683-399514254.png)
13、下载镜像测试(在其他节点)
![](https://img2018.cnblogs.com/blog/1584426/201905/1584426-20190501125624417-1341860019.png)