搭建docker的企业版镜像仓库harbor
一、系统环境
操作系统:centos 7
python: 2.7
docker: 18.09
docker-compose:1.23.2
本机ip: 164.52.44.210
本机域名:req.baofeng.com (/etc/hosts 添加映射)
二、安装docker-ce 与docker-compose
1、CentOS 7 自带Python版本2.7,不必更新Python
1) 安装Docker ce (官方链接:https://docs.docker.com/install/linux/docker-ce/centos/)
卸载原来的Docker(如果以前没安装过,略过此步骤即可)
$ sudo yum remove docker \
docker-client \
docker-client-latest \
docker-common \
docker-latest \
docker-latest-logrotate \
docker-logrotate \
docker-selinux \
docker-engine-selinux \
docker-engine
devicemapper存储驱动依赖于yum-utils,device-mapper-persistent-dat a,lvm2
$ sudo yum install -y yum-utils \
device-mapper-persistent-data \
lvm2
添加Docker官方yum源
$ sudo yum-config-manager \
--add-repo \
https://download.docker.com/linux/centos/docker-ce.repo
安装Docker ce
$ sudo yum install docker-ce
yum -y install python-pip openssl openssl-devel
pip install --upgrade pip
pip install docker-compose
pip install --upgrade docker-compose
docker-compose -v
三、安装harbor
下载安装包:
wget https://storage.googleapis.com/harbor-releases/release-1.6.0/harbor-offline-installer-v1.6.3.tgz
解压:
tar xf harbor-offline-installer-v1.6.3.tgz
四、创建存放私钥和证书目录
#创建认证文件存储目录
[root@localhost harour]# mkdir cert
[root@localhost harour]# cd cert/
[root@localhost cert]# pwd
/root/harbor/cert
五、配置https认证登录
[root@localhost cert]# openssl req -newkey rsa:4096 -nodes -sha256 -keyout ca.key -x509 -days 3650 -out ca.crt
Country Name (2 letter code) [XX]:CN (国家)
State or Province Name (full name) []:
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:req.baofeng.com (访问时用的域名)
Email Address []:[root@localhost cert]# openssl req -newkey rsa:4096 -nodes -sha256 -keyout req.baofeng.com.key -out req.baofeng.com.csr
Country Name (2 letter code) [XX]:CN (国家)
State or Province Name (full name) []:
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:req.baofeng.com (访问时用的域名)
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:Duan19931017
An optional company name []:req.baofeng.com[root@localhost cert]# openssl x509 -req -days 365 -in req.baofeng.com.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out req.baofeng.com.crt
echo subjectAltName = IP:164.52.44.210 > extfile.cnf #164.52.44.210为机器IP
[root@localhost cert]# ll
-rw-r--r-- 1 root root 1984 Jan 23 17:12 ca.crt
-rw-r--r-- 1 root root 3268 Jan 23 17:12 ca.key
-rw-r--r-- 1 root root 17 Jan 23 17:42 ca.srl
-rw-r--r-- 1 root root 34 Jan 23 17:43 extfile.cnf
-rw-r--r-- 1 root root 3247 Jan 23 17:43 private_key.pem
-rw-r--r-- 1 root root 1866 Jan 23 17:42 req.baofeng.com.crt
-rw-r--r-- 1 root root 1765 Jan 23 17:41 req.baofeng.com.csr
-rw-r--r-- 1 root root 3272 Jan 23 17:41 req.baofeng.com.key
-rw-r--r-- 1 root root 1984 Jan 23 17:44 root.crt[root@localhost cert]# vim ../harbor/harbor.cfg
六、重新加载配置并安装
[root@localhost ~]# cd /root/harbor/harbor/
[root@localhost harbor]# ./prepare
Clearing the configuration file: ./common/config/adminserver/env
Clearing the configuration file: ./common/config/ui/env
Clearing the configuration file: ./common/config/ui/app.conf
Clearing the configuration file: ./common/config/ui/private_key.pem
Clearing the configuration file: ./common/config/db/env
Clearing the configuration file: ./common/config/jobservice/env
Clearing the configuration file: ./common/config/jobservice/config.yml
Clearing the configuration file: ./common/config/registry/config.yml
Clearing the configuration file: ./common/config/registry/root.crt
Clearing the configuration file: ./common/config/registryctl/env
Clearing the configuration file: ./common/config/registryctl/config.yml
Clearing the configuration file: ./common/config/nginx/nginx.conf
Clearing the configuration file: ./common/config/log/logrotate.conf
Generated and saved secret to file: /secretkey
Generated configuration file: ./common/config/nginx/nginx.conf
Generated configuration file: ./common/config/adminserver/env
Generated configuration file: ./common/config/ui/env
Generated configuration file: ./common/config/registry/config.yml
Generated configuration file: ./common/config/db/env
Generated configuration file: ./common/config/jobservice/env
Generated configuration file: ./common/config/jobservice/config.yml
Generated configuration file: ./common/config/log/logrotate.conf
Generated configuration file: ./common/config/registryctl/env
Generated configuration file: ./common/config/ui/app.conf
Generated certificate, key file: ./common/config/ui/private_key.pem, cert file: ./common/config/registry/root.crt
The configuration files are ready, please use docker-compose to start the service.[root@localhost harbor]# ./install.sh
[Step 0]: checking installation environment ...
Note: docker version: 18.09.1
Note: docker-compose version: 1.23.2
[Step 1]: loading Harbor images ...
Loaded image: goharbor/harbor-ui:v1.6.3
Loaded image: goharbor/harbor-jobservice:v1.6.3
Loaded image: goharbor/notary-signer-photon:v0.5.1-v1.6.3
Loaded image: goharbor/clair-photon:v2.0.6-v1.6.3
Loaded image: goharbor/nginx-photon:v1.6.3
Loaded image: goharbor/registry-photon:v2.6.2-v1.6.3
Loaded image: goharbor/notary-server-photon:v0.5.1-v1.6.3
Loaded image: goharbor/harbor-migrator:v1.6.3
Loaded image: goharbor/harbor-adminserver:v1.6.3
Loaded image: goharbor/harbor-log:v1.6.3
Loaded image: goharbor/harbor-db:v1.6.3
Loaded image: goharbor/redis-photon:v1.6.3
Loaded image: goharbor/chartmuseum-photon:v0.7.1-v1.6.3
[Step 2]: preparing environment ...
Clearing the configuration file: ./common/config/adminserver/env
Clearing the configuration file: ./common/config/ui/env
Clearing the configuration file: ./common/config/ui/app.conf
Clearing the configuration file: ./common/config/ui/private_key.pem
Clearing the configuration file: ./common/config/db/env
Clearing the configuration file: ./common/config/jobservice/env
Clearing the configuration file: ./common/config/jobservice/config.yml
Clearing the configuration file: ./common/config/registry/config.yml
Clearing the configuration file: ./common/config/registry/root.crt
Clearing the configuration file: ./common/config/registryctl/env
Clearing the configuration file: ./common/config/registryctl/config.yml
Clearing the configuration file: ./common/config/nginx/cert/req.baofeng.com.crt
Clearing the configuration file: ./common/config/nginx/cert/req.baofeng.com.key
Clearing the configuration file: ./common/config/nginx/nginx.conf
Clearing the configuration file: ./common/config/log/logrotate.conf
loaded secret from file: /secretkey
Generated configuration file: ./common/config/nginx/nginx.conf
Generated configuration file: ./common/config/adminserver/env
Generated configuration file: ./common/config/ui/env
Generated configuration file: ./common/config/registry/config.yml
Generated configuration file: ./common/config/db/env
Generated configuration file: ./common/config/jobservice/env
Generated configuration file: ./common/config/jobservice/config.yml
Generated configuration file: ./common/config/log/logrotate.conf
Generated configuration file: ./common/config/registryctl/env
Generated configuration file: ./common/config/ui/app.conf
Generated certificate, key file: ./common/config/ui/private_key.pem, cert file: ./common/config/registry/root.crt
The configuration files are ready, please use docker-compose to start the service.
[Step 3]: checking existing instance of Harbor ...
[Step 4]: starting Harbor ...
Creating harbor-log ... done
Creating harbor-adminserver ... done
Creating redis ... done
Creating registry ... done
Creating harbor-db ... done
Creating harbor-ui ... done
Creating harbor-jobservice ... done
Creating nginx ... done
✔ ----Harbor has been installed and started successfully.----
Now you should be able to visit the admin portal at https://req.baofeng.com.
For more details, please visit https://github.com/goharbor/harbor .七、验证:查看harbor的所有进程,up为正常
[root@localhost harbor]# docker-compose ps
#登陆界面
账号:admin 密码:Harbor12345
成功!!!
4744
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
