NSX-T NAPP Harbor 安装
NSX-T NAPP Harbor 安装
NSX-T NAPP 要用到私有化Harbor 镜像仓库用于DOCKER 拉取镜像文件,所以要先安装HARBOR.
1.先安装DOCKER
卸载旧版本DOCKER
sudo yum remove docker \
docker-client \
docker-client-latest \
docker-common \
docker-latest \
docker-latest-logrotate \
docker-logrotate \
docker-engine
安装方法
设置存储库安装软件包
sudo yum install -y yum-utils
sudo yum-config-manager \
--add-repo \
https://download.docker.com/linux/centos/docker-ce.repo
安装 Docker 引擎
sudo yum install docker-ce docker-ce-cli containerd.io
启动 Docker
sudo systemctl start docker
sudo systemctl enable docker
通过运行映像验证 Docker 引擎是否已正确安装
sudo docker run hello-world
==============================================================================
2.下载harbor并解压缩安装程序
[root@Harbor ~]# wget https://github.com/goharbor/harbor/releases/download/v2.4.1/harbor-online-installer-v2.4.1.tgz
[root@Harbor ~]# tar xzvf harbor-online-installer-v2.4.1.tgz
安装 Docker Compose
[root@Harbor ~]# sudo curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
[root@Harbor ~]# sudo chmod +x /usr/local/bin/docker-compose
测试安装
[root@Harbor ~]# docker-compose --version
==============================================================================
3.新建文件夹,并上传证书
[root@Harbor /]# mkdir -p /data/ssl
[root@Harbor /]# cd /data/ssl/
[root@Harbor ssl]# rz
上传证书
==============================================================================
[root@Harbor ~]# cd harbor
[root@Harbor harbor]# cp harbor.yml.tmpl harbor.yml
[root@Harbor harbor]# vim harbor.yml
修改下文件
hostname: Harbor.cnwansun.com
certificate: /data/ssl/cnwansun.com.pem
private_key: /data/ssl/cnwansun.com.key
harbor_admin_password: Harbor12345
password: root1A2B3C
data_volume: /data
==============================================================================
[root@Harbor harbor]# ./install.sh --with-chartmuseum --with-trivy --with-notary
安装HARBOR,有扫描–with-trivy ,有认证–with-notary,有helm charts 模块加入–with-chartmuseum
Status: Downloaded newer image for goharbor/nginx-photon:v2.4.1
Creating harbor-log ... done
Creating redis ... done
Creating registry ... done
Creating registryctl ... done
Creating harbor-portal ... done
Creating harbor-db ... done
Creating harbor-core ... done
Creating harbor-jobservice ... done
Creating nginx ... done
✔ ----Harbor has been installed and started successfully.----
==============================================================================
#查看是否运行
[root@Harbor harbor]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
279ab04229d3 goharbor/nginx-photon:v2.4.1 "nginx -g 'daemon of…" 6 minutes ago Up 6 minutes (healthy) 0.0.0.0:80->8080/tcp, :::80->8080/tcp, 0.0.0.0:443->8443/tcp, :::443->8443/tcp nginx
29b38a89875f goharbor/harbor-jobservice:v2.4.1 "/harbor/entrypoint.…" 6 minutes ago Up 6 minutes (healthy)
在HARBOR 平台先建项目,与配置文件相同
上传VMware-NSX-Application-Platform-3.2.0.0.0.19067744.tgz文件到HARBOR上
[root@Harbor ]# mkdir vmware-NSX-Application
[root@Harbor vmware-NSX-Application]# rz VMware-NSX-Application-Platform-3.2.0.0.0.19067744.tgz
[root@Harbor vmware-NSX-Application]# tar xvf VMware-NSX-Application-Platform-3.2.0.0.0.19067744.tgz
[root@Harbor vmware-NSX-Application]# vim upload_artifacts_to_private_harbor.sh
DOCKER_REPO=harbor.xxxx.com/nsx-t
DOCKER_USERNAME=admin
DOCKER_PASSWORD=Harbor12345
root@Harbor vm]# chmod +x upload_artifacts_to_private_harbor.sh
[root@Harbor vm]# ./upload_artifacts_to_private_harbor.sh
如提示示找到命令,要安装helm 命令
[root@Harbor vm]# wget https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3
或者官网查看
https://github.com/helm/helm/blob/d3dbd659975a7e73c06da94c1e59a87996f19b8a/scripts/get-helm-3
[root@Harbor vm]# mv get-helm-3 get-helm-3.sh
[root@Harbor vm]# chmod +x get-helm-3.sh
[root@Harbor vm]# ./get-helm-3.sh
[root@Harbor vm]# ./upload_artifacts_to_private_harbor.sh
在次运行
[root@Harbor vm]# ./upload_artifacts_to_private_harbor.sh
如果不行就要修改脚本
helm repo add --username=$HELM_USERNAME --password=$HELM_PASSWORD helm_repo $HELM_REPO --ca-file /root/certs/ca.crt --cert-file /root/certs/harbor-01.demo.com.crt --key-file /root/certs/harbor-01.demo.com.key
–ca-file /root/certs/ca.crt --cert-file /root/certs/harbor-01.demo.com.crt --key-file /root/certs/harbor-01.demo.com.key
用自签名证书,你的harbor需要导入ca和server两种证书
到这里NSX-T NAPP的前期工作就准备好了,接下来就是在安装K8S或者TANZU.