部署Harbor仓库
提前安装docker
准备
下载docker-compose
官方的命令
curl -L https://github.com/docker/compose/releases/download/1.22.0/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
由于网络问题
移动、改名
mv docker-compose-Linux-x86_64 /usr/local/bin/docker-compose
给操作权限
chmod +x /usr/local/bin/docker-compose
下载harbor-offline-installer-v1.4.0.tgz
wget https://storage.googleapis.com/harbor-releases/release-1.8.0/harbor-offline-installer-v1.8.0.tgz
如果不行,把网址放浏览器上↓
移动、改名
mv harbor-offline-installer-v1.8.0.tgz /opt/ && cd /opt
拆包
tar xf harbor-offline-installer-v1.8.0.tgz
修改配置文件
http访问方式的配置
修改 harbor.yml文件
cd harbor
vim harbor.yml
hostname = 192.168.1.200(本机ip)
执行安装脚本
./install.sh
错误:
Creating network "harbor_harbor" with the default driver
ERROR: Failed to Setup IP tables: Unable to enable SKIP DNAT
rule: (iptables failed: iptables --wait -t nat -I DOCKER -i br-bf56844f908f -j RETURN:
iptables: No chain/target/match by that name.
(exit status 1))
![](https://img-blog.csdnimg.cn/20200115170435392.png)
可能是修改harbor.yml文件时,ip(域名)没有进行本地解析,做了解析没有重启机器
解决:
做本地解析
重启集器
浏览器http测试:
https 访问方式的配置
生成证书
mkdir -p /data/ssl && cd /data/ssl
openssl req -newkey rsa:4096 -nodes -sha256 -keyout harbor.key -x509 -days 365 -out harbor.crt
openssl req -newkey rsa:4096 -nodes -sha256 -keyout sun.harbor.com.key -out sun.harbor.com.csr
openssl x509 -req -days 365 -in sun.harbor.com.csr -CA harbor.crt -CAkey harbor.key -CAcreateserial -out sun.harbor.com.crt
CN
Beijing
Beijing
cp sun.harbor.com.crt /etc/pki/ca-trust/source/anchors/
update-ca-trust enable
update-ca-trust extract
mkdir -p /etc/ssl/harbor
cp sun.harbor.com.{key,crt} /etc/ssl/harbor/
ll /etc/ssl/harbor/
修改harbor.yml文件
cp harbor.yml{,.bak}
vim harbor.yml
ssl_cert = /etc/ssl/harbor/sun.harbor.com.crt
ssl_cert_key = /etc/ssl/harbor/sun.harbor.com.key
应用配置并重起服务
cd /opt/harbor
./prepare 注意:重启服务不做这一步
docker-compose down
docker-compose up -d
回显:
./prepare
docker-compose down
docker-compose up -d
浏览器https测试
客户端配置
(每个访问harbor的机器上都要配置)
vim /etc/docker/daemon.json
{
"insecure-registries": ["172.22.211.175"]
}
注意标点符号,是英文半角
systemctl daemon-reload
systemctl restart docker
±—+如果是在harbor上做这一步,重启完docker后https的可能不能访问,
重新做 应用配置并重起服务±—+
清理harbor环境
cd /opt/harbor
docker-compose down
docker rmi 60a4caf66227 765880263e76 66d7402d2770 7570a336afd5 e8552306a936 9736ac6c508e 0ca3e2b624f5 1e7d99ccba24 4a4b48b32ae4 e718bdc405a3 d47940dd883f b07a1a4be17f 76298a1ef089 d1e0b3df3e95 769ca785dab0
rm -r /data/*