这里写目录标题
1. 安装docker
Ubuntu 14.04/16.04(使用 apt-get 进行安装)
# step 1: 安装必要的一些系统工具
sudo apt-get update
sudo apt-get -y install apt-transport-https ca-certificates curl software-properties-common
# step 2: 安装GPG证书
curl -fsSL https://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | sudo apt-key add -
# Step 3: 写入软件源信息
sudo add-apt-repository "deb [arch=amd64] https://mirrors.aliyun.com/docker-ce/linux/ubuntu $(lsb_release -cs) stable"
# Step 4: 更新并安装Docker-CE
sudo apt-get -y update
sudo apt-get -y install docker-ce
# 安装指定版本的Docker-CE:
# Step 1: 查找Docker-CE的版本:
# apt-cache madison docker-ce
# docker-ce | 17.03.1~ce-0~ubuntu-xenial | https://mirrors.aliyun.com/docker-ce/linux/ubuntu xenial/stable amd64 Packages
# docker-ce | 17.03.0~ce-0~ubuntu-xenial | https://mirrors.aliyun.com/docker-ce/linux/ubuntu xenial/stable amd64 Packages
# Step 2: 安装指定版本的Docker-CE: (VERSION例如上面的17.03.1~ce-0~ubuntu-xenial)
# sudo apt-get -y install docker-ce=[VERSION]
CentOS 7(使用 yum 进行安装)
# step 1: 安装必要的一些系统工具
sudo yum install -y yum-utils device-mapper-persistent-data lvm2
# Step 2: 添加软件源信息
sudo yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
# 或者
sudo wget -O /etc/yum.repos.d/docker-ce.repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
# Step 3: 更新并安装Docker-CE
sudo yum makecache
sudo yum -y install docker-ce
# Step 4: 开启Docker服务
sudo systemctl start docker
sudo systemctl enable docker
# 注意:
# 官方软件源默认启用了最新的软件,您可以通过编辑软件源的方式获取各个版本的软件包。例如官方并没有将测试版本的软件源置为可用,您可以通过以下方式开启。同理可以开启各种测试版本等。
# vim /etc/yum.repos.d/docker-ce.repo
# 将[docker-ce-test]下方的enabled=0修改为enabled=1
#
# 安装指定版本的Docker-CE:
# Step 1: 查找Docker-CE的版本:
# yum list docker-ce.x86_64 --showduplicates | sort -r
# Loading mirror speeds from cached hostfile
# Loaded plugins: branch, fastestmirror, langpacks
# docker-ce.x86_64 17.03.1.ce-1.el7.centos docker-ce-stable
# docker-ce.x86_64 17.03.1.ce-1.el7.centos @docker-ce-stable
# docker-ce.x86_64 17.03.0.ce-1.el7.centos docker-ce-stable
# Available Packages
# Step2: 安装指定版本的Docker-CE: (VERSION例如上面的17.03.0.ce.1-1.el7.centos)
# sudo yum -y install docker-ce-[VERSION]
安装校验
使用docker version命令查看已安装docker软件版本
[root@docker ~]# docker version
Client: Docker Engine - Community
Version: 23.0.1
API version: 1.42
Go version: go1.19.5
Git commit: a5ee5b1
Built: Thu Feb 9 19:51:00 2023
OS/Arch: linux/amd64
Context: default
Server: Docker Engine - Community
Engine:
Version: 23.0.1
API version: 1.42 (minimum version 1.12)
Go version: go1.19.5
Git commit: bc3805a
Built: Thu Feb 9 19:48:42 2023
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.6.18
GitCommit: 2456e983eb9e37e47538f59ea18f2043c9a73640
runc:
Version: 1.1.4
GitCommit: v1.1.4-0-g5fd4c4d
docker-init:
Version: 0.19.0
GitCommit: de40ad0
2. 生成ssl证书
创建目录
mkdir -p /program/harbor/certs
cd /program/harbor/certs
生成CA证书私钥
openssl genrsa -out ca.key 4096
生成CA证书
openssl req -x509 -new -nodes -sha512 -days 3650 \
-subj "/C=CN/ST=JiangSu/L=WuXi/O=weijc/OU=Personal/CN=docker.vms.weijc" \
-key ca.key \
-out ca.crt
生成私钥
openssl genrsa -out docker.vms.weijc.key 4096
生成证书签名请求(CSR)
openssl req -sha512 -new \
-subj "/C=CN/ST=JiangSu/L=WuXi/O=weijc/OU=Personal/CN=docker.vms.weijc" \
-key docker.vms.weijc.key \
-out docker.vms.weijc.csr
生成x509 v3扩展文件
cat << EOF > v3.ext
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1=docker.vms.weijc
EOF
使用v3.ext文件为Harbor主机生成证书
openssl x509 -req -sha512 -days 3650 \
-extfile v3.ext \
-CA ca.crt -CAkey ca.key -CAcreateserial \
-in docker.vms.weijc.csr \
-out docker.vms.weijc.crt
3. 配置harbor
cat << EOF > /program/harbor/harbor.yml
#公网(内网)ip或者hostname
hostname: docker.vms.weijc
EOF
执行预备脚本
[root@docker harbor]# ./prepare
prepare base dir is set to /usr/local/src/harbor
Unable to find image 'goharbor/prepare:v2.7.1' locally
v2.7.1: Pulling from goharbor/prepare
e8f9c57a1510: Pull complete
d38031c5a89d: Pull complete
49449379f742: Pull complete
46341b7aa6f4: Pull complete
c79337be634a: Pull complete
ee29b7a24d5c: Pull complete
914a67ccfb6e: Pull complete
d206894dacc5: Pull complete
2d90b70a0c60: Pull complete
1f485bc975b6: Pull complete
Digest: sha256:412d21213b04dd3c9de5814445a32d374ff551cd68b5fb1209de243f9d007199
Status: Downloaded newer image for goharbor/prepare:v2.7.1
Generated configuration file: /config/portal/nginx.conf
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/registryctl/config.yml
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
Generated and saved secret to file: /data/secret/keys/secretkey
Successfully called func: create_root_cert
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir
执行安装脚本
[root@docker harbor]# ./install.sh
[Step 0]: checking if docker is installed ...
Note: docker version: 23.0.1
[Step 1]: checking docker-compose is installed ...
Note: Docker Compose version v2.16.0
[Step 2]: loading Harbor images ...
Loaded image: goharbor/notary-signer-photon:v2.7.1
Loaded image: goharbor/notary-server-photon:v2.7.1
Loaded image: goharbor/harbor-portal:v2.7.1
Loaded image: goharbor/harbor-db:v2.7.1
Loaded image: goharbor/harbor-jobservice:v2.7.1
Loaded image: goharbor/harbor-exporter:v2.7.1
Loaded image: goharbor/nginx-photon:v2.7.1
Loaded image: goharbor/registry-photon:v2.7.1
Loaded image: goharbor/trivy-adapter-photon:v2.7.1
Loaded image: goharbor/chartmuseum-photon:v2.7.1
Loaded image: goharbor/harbor-core:v2.7.1
Loaded image: goharbor/harbor-log:v2.7.1
Loaded image: goharbor/harbor-registryctl:v2.7.1
Loaded image: goharbor/redis-photon:v2.7.1
[Step 3]: preparing environment ...
[Step 4]: preparing harbor configs ...
prepare base dir is set to /usr/local/src/harbor
Clearing the configuration file: /config/portal/nginx.conf
Clearing the configuration file: /config/log/logrotate.conf
Clearing the configuration file: /config/log/rsyslog_docker.conf
Clearing the configuration file: /config/nginx/nginx.conf
Clearing the configuration file: /config/core/env
Clearing the configuration file: /config/core/app.conf
Clearing the configuration file: /config/registry/passwd
Clearing the configuration file: /config/registry/config.yml
Clearing the configuration file: /config/registryctl/env
Clearing the configuration file: /config/registryctl/config.yml
Clearing the configuration file: /config/db/env
Clearing the configuration file: /config/jobservice/env
Clearing the configuration file: /config/jobservice/config.yml
Generated configuration file: /config/portal/nginx.conf
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/registryctl/config.yml
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
loaded secret from file: /data/secret/keys/secretkey
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir
Note: stopping existing Harbor instance ...
[Step 5]: starting Harbor ...
[+] Running 10/10
⠿ Network harbor_harbor Created
⠿ Container harbor-log Started
⠿ Container registryctl Started
⠿ Container redis Started
⠿ Container harbor-db Started
⠿ Container harbor-portal Started
⠿ Container registry Started
⠿ Container harbor-core Started
⠿ Container nginx Started
⠿ Container harbor-jobservice Started
✔ ----Harbor has been installed and started successfully.----
验证运行情况
[root@docker harbor]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
69a3f2b379b5 goharbor/harbor-jobservice:v2.7.1 "/harbor/entrypoint.…" 5 minutes ago Up 5 minutes (healthy) harbor-jobservice
3b49df149b42 goharbor/harbor-core:v2.7.1 "/harbor/entrypoint.…" 5 minutes ago Up 5 minutes (healthy) harbor-core
6242c53c7727 goharbor/harbor-portal:v2.7.1 "nginx -g 'daemon of…" 5 minutes ago Up 5 minutes (healthy) harbor-portal
cd918c16d08f goharbor/harbor-db:v2.7.1 "/docker-entrypoint.…" 5 minutes ago Up 5 minutes (healthy) harbor-db
946e51c72722 goharbor/harbor-registryctl:v2.7.1 "/home/harbor/start.…" 5 minutes ago Up 5 minutes (healthy) registryctl
dafb3af20f82 goharbor/redis-photon:v2.7.1 "redis-server /etc/r…" 5 minutes ago Up 5 minutes (healthy) redis
b147699e07a8 goharbor/registry-photon:v2.7.1 "/home/harbor/entryp…" 5 minutes ago Up 5 minutes (healthy) registry
3ef25ed9bc8c goharbor/harbor-log:v2.7.1 "/bin/sh -c /usr/loc…" 5 minutes ago Up 5 minutes (healthy) 127.0.0.1:1514->10514/tcp harbor-log
5b7fd6a5b7c4 nginx:latest "/docker-entrypoint.…" 17 hours ago Up 17 hours 80/tcp loving_cartwright
服务状态
#harbor会自动生成docker-conpose
启动: docker-compose up -d
停止: docker-compose down
重启: docker-compose restart