在linux中安装harbor
会比较快,但是在浏览器中添加就比较慢,这里参考了Harbor部署
mkdir harbor
cd harbor
wget https://github.com/goharbor/harbor/releases/download/v2.6.2/harbor-online-installer-v2.6.2.tgz
tar -zxvf harbor-online-installer-v2.6.2.tgz
创建证书,证书都有好多个
#生成CA证书私钥
openssl genrsa -out harbar_ca.key 4096
#生成CA证书
openssl req -x509 -new -nodes -sha512 -days 3650 \
-subj "/C=CN/ST=WuHan/L=WuHan/O=BS/OU=BS/CN=harbor.test.cn" \
-key harbar_ca.key \
-out harbar_ca.crt
#将服务器证书和密匙复制到Harbor主机上的证书文件夹中
cp harbar_ca.crt /appdata/cert/harbar_ca.crt
cp harbar_ca.key /appdata/cert/harbar_ca.key
openssl genrsa -out harbor.testcom.cn.key 4096
openssl req -sha512 -new \
-subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=harbor.testcom.cn" \
-key harbor.testcom.cn.key \
-out harbor.testcom.cn.csr
cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1=harbor.testcom.cn
DNS.2=bs105.testcom.cn
EOF
openssl x509 -req -sha512 -days 3650 \
-extfile v3.ext \
-CA harbar_ca.crt -CAkey harbar_ca.key -CAcreateserial \
-in harbor.testcom.cn.csr \
-out harbor.testcom.cn.crt
cp harbor.testcom.cn.crt /appdata/harbor/cert
cp harbor.testcom.cn.key /appdata/harbor/cert
openssl x509 -inform PEM -in harbor.testcom.cn.crt -out harbor.testcom.cn.cert
cp harbor.testcom.cn.cert /etc/docker/certs.d/harbor.testcom.cn/
cp harbor.testcom.cn.key /etc/docker/certs.d/harbor.testcom.cn/
cp harbar_ca.crt /etc/docker/certs.d/harbor.testcom.cn/
出现下面的问题
[root@bs8 ~]# docker login -u admin -p Harbor12345 https://192.168.0.105
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
Error response from daemon: Get "https://192.168.0.105/v2/": x509: cannot validate certificate for 192.168.0.105 because it doesn't contain any IP SANs
vi /etc/docker/daemon.json
{ "insecure-registries":["harbor.testcom.cn"] }
# 接着重启docker
systemctl daemon-reload && systemctl restart docker
在配置/etc/docker/daemon.json
时,docker环境起不来了,异常如下,那么问题应该就出现在这个文件,删除/etc/docker/daemon.json
,就可以。
-- Subject: Unit docker.socket has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit docker.socket has finished starting up.
--
-- The start-up result is done.
11月 18 16:19:59 bs8.test.cn systemd[1]: start request repeated too quickly for docker.service
11月 18 16:19:59 bs8.test.cn systemd[1]: Failed to start Docker Application Container Engine.
-- Subject: Unit docker.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit docker.service has failed.
--
-- The result is failed.
11月 18 16:19:59 bs8.test.cn systemd[1]: docker.service failed.
11月 18 16:19:59 bs8.test.cn polkitd[1096]: Unregistered Authentication Agent for unix-process:2649:1041309 (system bus name :1.72, object path /org/freedesktop/PolicyKit1/AuthenticationAge
11月 18 16:20:13 bs8.test.cn auditd[1071]: Audit daemon rotating log files
lines 1535-1555/1555 (END)
重置docker后,harbor的服务并不是所有都能起来
还有不少服务不会自动起来,如下图的就没有起来
先查看docker-compose
目录
[root@bs8 harbor]# which docker-compose
/usr/bin/docker-compose
cd /etc/systemd/system
vi harbor.service
# harbor.service内容如下
[Unit]
Description=harbor
After=docker.service systemd-networkd.service systemd-resolved.service
Requires=docker.service
Documentation=http://github.com/vmware/harbor
[Service]
Type=simple
Restart=on-failure
RestartSec=5
ExecStart=/usr/bin/docker-compose -f /appdata/harbor/harbor/docker-compose.yml up
ExecStop=/usr/bin/docker-compose -f /appdata/harbor/harbor/harbor/docker-compose.yml down
[Install]
WantedBy=multi-user.target
# 设置好权限
chmod -R 777 harbor.service
# 设置开机启动
systemctl enable harbor.service
# 启动
systemctl start harbor.service
第一次没有经验,有经验后,发现harbor
中的配置不合理,故而这里将服务删掉,再重新部署harbor
# 启动所有镜像
docker start $(docker ps -a -q)
# stop停止所有容器
docker stop $(docker ps -a -q)
# remove删除所有容器
docker rm $(docker ps -a -q)
注意harbor
的服务,不能直接删,需要执行systemctl stop harbor.service
,然后再删,否则它会自动重启。
这里调整harbor.yml
中的配置,这里只列出了核心配置
# https related config
https:
# https port for harbor, default is 443
port: 443
# The path of cert and key files for nginx
certificate: /appdata/cert/harbar_ca.crt
private_key: /appdata/cert/harbar_ca.key
# The default data volume
data_volume: /appdata/harbor/data
#
Log configurations
log:
# options are debug, info, warning, error, fatal
level: info
# configs for logs in local storage
local:
# Log files are rotated log_rotate_count times before being removed. If count is 0, old versions are removed rather than rotated.
rotate_count: 50
# Log files are rotated only if they grow bigger than log_rotate_size bytes. If size is followed by k, the size is assumed to be in kilobytes.
# If the M is used, the size is in megabytes, and if G is used, the size is in gigabytes. So size 100, size 100k, size 100M and size 100G
# are all valid.
rotate_size: 200M
# The directory on your host that store log
location: /log/harbor
docker login -u admin -p Harbor12345