一、Harbor企业级Docker私有仓库
### --- 安装底层需求
~~~ Python应该是2.7或者更高版本
~~~ Docker引擎为1.10或更高版本
~~~ Docker Compose需要为1.6.0或者更高版本
### --- 版本版本包下载
[root@localhost ~]# docker-compose: curl -L https://github.com/docker/compose/releases/download/1.9.0/docker-compose-`uname -s`-`uname -m` /usr/local/bin/docker-compose
二、Harbor安装:部署环境:192.168.1.55
### --- 检查系统环境
[root@localhost ~]# python
Python 2.7.5 (default, Nov 16 2020, 22:23:17)
[GCC 4.8.5 20150623 (Red Hat 4.8.5-44)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>>
[root@localhost ~]# docker-compose --version
docker-compose version 1.23.1, build b02f1306
[root@localhost ~]# docker info
Server Version: 17.03.0-ce
### --- 安装部署
~~~ 将harbor-offline-installer-v1.2.0.tgz上传到部署服务器
[root@localhost ~]# tar -zxvf harbor-offline-installer-v1.2.0.tgz
[root@localhost ~]# mv harbor /usr/local/
[root@localhost ~]# ls /usr/local/ |grep harbor
harbor
~~~ 生成对应的自己做的证书
[root@localhost ~]# openssl genrsa -des3 -out server.key 2048
Generating RSA private key, 2048 bit long modulus
..............+++
...................................................+++
e is 65537 (0x10001)
Enter pass phrase for server.key: // 输入密码:123456
Verifying - Enter pass phrase for server.key: // 输入密码:123456
~~~ 创建证书请求
[root@localhost ~]# openssl req -new -key server.key -out server.csr
Enter pass phrase for server.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN // 国家
State or Province Name (full name) []:BJ // 州或者省名
Locality Name (eg, city) [Default City]:BJ // 本地名称,默认城市
Organization Name (eg, company) [Default Company Ltd]:yanqi // 单位名称
Organizational Unit Name (eg, section) []:yanqi // 组织单位名称
Common Name (eg, your name or your server's hostname) []:hub.yanqi.com // 常用名称,您的姓名或您的服务器主机名
Email Address []:yanqi_vip@yeah.net // 个人管理员邮箱地址
Please enter the following 'extra' attributes // 输入以下额外属性
to be sent with your certificate request // 将于您的证书请求一起发送
A challenge password []: // 更改密码,默认不需要更改
An optional company name []: // 可选公司名称
~~~ 备份操作,万一证书在使用的时候比如启动nginx的时候,需要输入私钥的密码;做一下退格操作
[root@localhost ~]# cp server.key server.key.org
~~~ 退秘钥;此刻我们的证书不需要秘钥就可以使用
[root@localhost ~]# openssl rsa -in server.key.org -out server.key
Enter pass phrase for server.key.org: // 输入之前的密码
writing RSA key
~~~ 创建证书
[root@localhost ~]# openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Signature ok
subject=/C=CN/ST=BJ/L=BJ/O=yanqi/OU=yanqi/CN=hub.yanqi.com/emailAddress=yanqi_vip@yeah.net
Getting Private key
~~~ 创建数据存储目录,在github上会有直接说明
[root@localhost ~]# mkdir -p /data/cert
[root@localhost ~]# chmod -R 777 /data/cert
~~~ 把配置文件拿到/data/cert/目录下
[root@localhost ~]# mv server.* /data/cert/
[root@localhost cert]# ls
server.crt server.csr server.key server.key.org
[root@localhost cert]# cd /usr/local/harbor/
~~~ 修改hurbor.cfg文件
[root@localhost harbor]# vim harbor.cfg
hostname = hub.yanqi.com
ui_url_protocol = https // 协议、docker默认是https协议,改为https
db_password = root123 // 数据库的默认密码,可以改也可以不改
max_job_workers = 3 // 复制仓库镜像的时候允许采用最大性能数
ssl_cert = /data/cert/server.crt // 指定证书私钥的位置
ssl_cert_key = /data/cert/server.key // 指定证书秘钥的位置
secretkey_path = /data // 指定证书大概位置
admiral_url = NA
harbor_admin_password = 123456 // 官方hub的root密码
### --- 安装Harbor
[root@localhost harbor]# ./install.sh
[Step 0]: checking installation environment ... // 验证环境是否正确
Note: docker version: 17.03.0
Note: docker-compose version: 1.23.1
[Step 1]: loading Harbor images ...
Loaded image: vmware/registry:2.6.2-photon
Loaded image: photon:1.0
Loaded image: vmware/notary-photon:signer-0.5.0
Loaded image: vmware/clair:v2.0.1-photon
Loaded image: vmware/harbor-ui:v1.2.0
Loaded image: vmware/harbor-log:v1.2.0
Loaded image: vmware/harbor-db:v1.2.0
Loaded image: vmware/nginx-photon:1.11.13
Loaded image: vmware/postgresql:9.6.4-photon
Loaded image: vmware/harbor-adminserver:v1.2.0
Loaded image: vmware/harbor-jobservice:v1.2.0
Loaded image: vmware/notary-photon:server-0.5.0
Loaded image: vmware/harbor-notary-db:mariadb-10.1.10
[Step 4]: starting Harbor ...
Creating network "harbor_harbor" with the default driver
Creating harbor-log ... done
Creating harbor-adminserver ... done
Creating registry ... done
Creating harbor-db ... done
Creating harbor-ui ... done
Creating harbor-jobservice ... done
Creating nginx ... done
✔ ----Harbor has been installed and started successfully.----
Now you should be able to visit the admin portal at https://hub.yanqi.com.
For more details, please visit https://github.com/vmware/harbor .
### --- 在本地host文件中添加解析
C:\Windows\System32\drivers\etc
192.168.1.55 hub.yanqi.com
三、WEB_UI登录验证:
### --- WEB_UI登录验证:
~~~ 通过IE浏览器访问Harbor服务器地址:https://192.168.1.55/harbor/sign-in
~~~ # OR
~~~ https://hub.yanqi.com/harbor/sign-in
后台管理界面
四、指定镜像仓库地址
### --- 指定镜像仓库地址:告诉它地址是安全的。
[root@localhost ~]# vim /etc/docker/daemon.json
{
"insecure-registries": ["hub.yanqi.com"]
}
[root@localhost ~]# vim /etc/hosts
192.168.1.55 hub.yanqi.com
[root@localhost ~]# systemctl restart docker.service
[root@localhost ~]# docker ps -a // 查看对应的容器全部为up
### --- 将tomcat镜像推送到Harbor镜像仓库中
~~~ 可以在docker私有服务器可以查看到docker镜像
[root@localhost ~]# docker push hub.yanqi.com/library/tomcat:v1.0 // 将tomcat打包成镜像 //更改tomcat镜像的名称
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
hub.yanqi.com/yanqi/tomcat v1.0 fccacb5afac5 5 minutes ago 642 MB
tomcat v1.0 fccacb5afac5 5 minutes ago 642 MB
[root@localhost ~]# docker push hub.yanqi.com/library/tomcat:v1.0 // 推送到仓库
[root@localhost ~]# docker login hub.yanqi.com // 登录我们的私有仓库服务器
Username: admin
Password:123456
### --- 将我们推送到docker私有服务器的镜像下载下来
### --- 运行这个tomcat容器
[root@localhost ~]# docker pull hub.yanqi.com/library/tomcat:v1.0
[root@localhost ~]# docker run --name tomcat -p 80:8080 -d fccacb5afac5
附录一:
### --- Harbor官方地址: https://github.com/vmware/harbor/releases
~~~ 解压软件包: tar xvf harbor-offline-installer-<version>.tgz
[root@localhost ~]# https://github.com/vmware/harbor/releases/download/v1.2.0/harbor-offline-installer-v1.2.0.tgz
### --- 配置 harbor.cfg
~~~ # 必选参数
~~~ hostname:目标的主机名或者完全限定域名
~~~ ui_url_protocol: http或 https。默认为 http
~~~ db_password:用于 db_auth的 MySQL数据库的根密码。更改此密码进行任何生产用途
~~~ max_job_workers:(默认值为 3)作业服务中的复制工作人员的最大数量。
~~~ 对于每个映像复制作业,工作人员将存储库的所有标签同步到远程目标。
~~~ 增加此数字允许系统中更多的并发复制作业。
~~~ 但是,由于每个工作人员都会消耗一定数量的网络 / CPU / IO资源,
~~~ 请根据主机的硬件资源,仔细选择该属性的值
~~~ customize_crt:( on或 off。默认为 on)当此属性打开时,
~~~ prepare脚本将为注册表的令牌的生成 /验证创建私钥和根证书
~~~ ssl_cert: SSL证书的路径,仅当协议设置为 https时才应用
~~~ ssl_cert_key: SSL密钥的路径,仅当协议设置为 https时才应用
~~~ secretkey_path:用于在复制策略中加密或解密远程注册表的密码的密钥路径
### --- 创建 https 证书以及配置相关目录权限
openssl genrsa -des3 -out server.key 2048
openssl req -new -key server.key -out server.csr
cp server.key server.key.org
openssl rsa -in server.key.org -out server.key
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
mkdir /data/cert
chmod -R 777 /data/cert
### --- 运行脚本进行安装
./install.sh
### --- 访问测试
~~~ https://reg.yourdomain.com 的管理员门户
~~~ (将 reg.yourdomain.com更改为您的主机名 harbor.cfg)。
~~~ 请注意,默认管理员用户名 /密码为 admin / Harbor12345
### --- 上传镜像进行上传测试
~~~ 指定镜像仓库地址
vim /etc/docker/daemon.json
{
"insecure-registries": ["serverip"]
}
~~~ 下载测试镜像
docker pull hello-world
~~~ 给镜像重新打标签
docker tag hello-world serverip/hello-world:latest
~~~ 登录进行上传
docker login serverip
### --- 其它 Docker 客户端下载测试
~~~ 指定镜像仓库地址
vim /etc/docker/daemon.json
{
"insecure-registries": ["serverip"]
}
~~~ 下载测试镜像
docker pull serverip/hello-world:latest本文章为转载内容,我们尊重原作者对文章享有的著作权。如有内容错误或侵权问题,欢迎原作者联系我们进行内容更正或删除文章。
