大家下午好,今天给大家带来的是Docker镜像仓库Harbor的安装,希望能给大家带来一点帮助
闲话不说了,开始安装
1、首先下载安装包,官网下载地址是:Harbor下载
2、上传安装包
[root@VM-4-12-centos harbor]# pwd
/opt/harbor
[root@VM-4-12-centos harbor]# ll
total 488976
-rw-r--r-- 1 root root 500705880 May 15 15:31 harbor-offline-installer-v2.0.0.tgz
3、安装Harbor需要的依赖
[root@VM-4-12-centos harbor]# yum -y install lrzsz
3A、然后是安装Docker-compose,这个相当于是Docker的管家,可以一次性拉取多个镜像,另外,运行Harbor需要提前安装好Docker和Docker-compose,没有安装的Docker,Docker安装教程
5、查看Docker是否安装,同时Docker版本不小于1.10.0
[root@VM-4-12-centos harbor]# docker -v
Docker version 20.10.16, build aa7e414
6、安装Docker-compose,官网下载地址
[root@VM-4-12-centos harbor]# wget https://github.com/docker/compose/releases/download/1.25.0/docker-compose-Linux-x86_64
[root@VM-4-12-centos harbor]# mv docker-compose-Linux-x86_64 /usr/bin/docker-compose
[root@VM-4-12-centos harbor]# chmod a+x /usr/bin/docker-compose
7、查看是否安装成功
[root@VM-4-12-centos harbor]# docker-compose --version
docker-compose version 1.25.0, build 0a186604
8、解压Harbor
[root@VM-4-12-centos harbor]# tar -zxvf harbor-offline-installer-v2.0.0.tgz
9、进入Harbor
[root@VM-4-12-centos harbor]# cd harbor/
[root@VM-4-12-centos harbor]# ll
total 491060
-rw-r--r-- 1 root root 3361 May 11 2020 common.sh
-rw-r--r-- 1 root root 502808042 May 11 2020 harbor.v2.0.0.tar.gz
-rw-r--r-- 1 root root 7816 May 11 2020 harbor.yml.tmpl
-rwxr-xr-x 1 root root 2523 May 11 2020 install.sh
-rw-r--r-- 1 root root 11347 May 11 2020 LICENSE
-rwxr-xr-x 1 root root 1856 May 11 2020 prepare
10、增加云服务器主机映射
[root@VM-4-2-centos harbor]# vi /etc/hosts
101.35.245.191 666java.top
11、然后我们需要对Harbor配置Https,可以使用Nginx配置,也可以用我们的域名到云服务器下载一份ssl证书,这里我们使用官方提供的一种自制证书,测试一下,Harbor自制证书教程
[root@VM-4-2-centos harbor]# pwd
/opt/harbor/harbor
[root@VM-4-2-centos harbor]# openssl genrsa -out ca.key 4096
[root@VM-4-2-centos harbor]# openssl req -x509 -new -nodes -sha512 -days 3650 \
-subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=666java.top" \
-key ca.key \
-out ca.crt
[root@VM-4-2-centos harbor]# openssl genrsa -out 666java.top.key 4096
[root@VM-4-2-centos harbor]# openssl req -sha512 -new \
-subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=666java.top" \
-key 666java.top.key \
-out 666java.top.csr
[root@VM-4-2-centos harbor]# cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1=666java.top
DNS.2=666java
DNS.3=101.35.245.191
EOF
[root@VM-4-2-centos harbor]# openssl x509 -req -sha512 -days 3650 \
-extfile v3.ext \
-CA ca.crt -CAkey ca.key -CAcreateserial \
-in 666java.top.csr \
-out 666java.top.crt
[root@VM-4-2-centos harbor]# mkdir -p /data/cert
[root@VM-4-2-centos harbor]# cp 666java.top.crt /data/cert/
[root@VM-4-2-centos harbor]# cp 666java.top.key /data/cert/
[root@VM-4-2-centos harbor]# openssl x509 -inform PEM -in 666java.top.crt -out 666java.top.cert
[root@VM-4-2-centos harbor]# mkdir -p /etc/docker/certs.d/666java.top/
[root@VM-4-2-centos harbor]# cp /opt/harbor/harbor/666java.top.cert /etc/docker/certs.d/666java.top/
[root@VM-4-2-centos harbor]# cp /opt/harbor/harbor/666java.top.key /etc/docker/certs.d/666java.top/
[root@VM-4-2-centos harbor]# cp /opt/harbor/harbor/ca.crt /etc/docker/certs.d/666java.top/
12、重启Docker
[root@VM-4-2-centos harbor]# systemctl restart docker
13、拷贝一份配置,然后修改Harbor配置
[root@VM-4-12-centos harbor]# cp harbor.yml.tmpl harbor.yml
[root@VM-4-2-centos harbor]# vi harbor.yml
修改内容如下:
hostname: 666java.top
# http related config
http:
# port for http, default is 80. If https enabled, this port will redirect to https port
port: 8081
# https related config
https:
# https port for harbor, default is 443
port: 443
# The path of cert and key files for nginx
certificate: /data/cert/666java.top.crt
private_key: /data/cert/666java.top.key
14、运行prepare脚本,启用https
[root@VM-4-2-centos harbor]# ./prepare
15、启动Harbor,–with-clair参数是启用漏洞扫描功能,然后出现以下提示,说明启动成功,–with-clair也可以不带
[root@VM-4-12-centos harbor]# ./install.sh --with-clair
16、我们也可以查看一下,对外访问的端口是否启动
[root@VM-4-12-centos harbor]# netstat -ntlp
tcp 0 0 0.0.0.0:8081 0.0.0.0:* LISTEN 533420/docker-proxy
17、访问 https://666java.top/
18、最后,Harbor是部署在Docker里面的,我们需要到Docker里面,拿到用户名和密码
[root@VM-4-12-centos harbor]# docker exec -it harbor-core /bin/bash
19、查看密码,初始密码是Harbor12345
printenv | grep PASSWORD
20、退出Harbor,输入exit
harbor [ /harbor ]$ exit
exit
21、然后输入用户名和密码
22、登录成功以后,我们可以在右上角修改用户信息和修改密码
23、然后来到用户管理,新增一个用户
24、再次登录,成功
25、验证Docker 客户端是否可以登录Harbor,第一次需要输入用户名和密码,老哥已经登录过一次了,不需要输入
[root@VM-4-2-centos harbor]# docker login 666java.top
Authenticating with existing credentials...
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
26、然后我们切换到admin用户,新建一个镜像仓库
27、最后我们测试一下,镜像仓库的推送和拉取,我们先从远程阿里云拉取一个rabbitmq镜像
[root@VM-4-2-centos harbor]# docker pull rabbitmq
[root@VM-4-2-centos harbor]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
rabbitmq latest 8f1ae3bf88be 7 days ago 224MB
28、然后打包,推送到我们自己的Harbor仓库,在主界面上,官方提供了实例命令
[root@VM-4-2-centos harbor]# docker tag rabbitmq:latest 666java.top/test/rabbitmq:latest
[root@VM-4-2-centos harbor]# docker push 666java.top/test/rabbitmq:latest
29、我们可以看到界面上已经有了rabbitmq
30、然后我们把docker里面的rabbitmq镜像删除
[root@VM-4-2-centos harbor]# docker rmi 666java.top/test/rabbitmq:latest
31、这次从我们的Harbor仓库拉取,官方也提供了实例命令,结束!
[root@VM-4-2-centos harbor]# docker pull 666java.top/test/rabbitmq@sha256:b7b61de711694729b32bfbea88756c40fe00ef88e62220eda08ca400c407c8a4
32、最后,就默默的说一句,屏幕前的各位大帅逼,还有大漂亮,看到这里,麻烦给老哥一个点赞、关注、收藏三连好吗,你的支持是老哥更新最大的动力,谢谢!