企业级Docker-Harbor-白红宇

企业级Docker-Harbor

阅读量：4962 次

发布时间：2019-06-12

本文共 8479 字，大约阅读时间需要 28 分钟。

【docker环境部署】

[root@harbor-server ~]# yum install -y yum-utils device-mapper-persistent-data lvm2    #安装docker-ce版本所依赖的软件程序[root@harbor-server ~]# echo "13.224.2.103 download.docker.com" >>/etc/hosts     #本地host解析，防止下载docker-ce的repo源报错[root@harbor-server ~]# yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo   #下载docker-ce的repo的源[root@harbor-server ~]# yum install -y docker-ce    #安装docker-ce[root@harbor-server ~]# systemctl start docker     #启动docker并设置自启[root@harbor-server ~]# systemctl enable docker

【安装docker-compos】

docker-compos是一个用户定义和运行多个容器的docker应用程序，使用定义YAML文件配置应用的服务，只需简单命令即可创建启动所配置的所有服务

docker-compos基本三个流程：

在Dockerfile中定义你的应用环境，使其在任何地方复制

在docker-conpos.yml中，定义组成应用程序的服务，方便在隔离的环境中一起运行·

运行docker up -d.compose将启动并运行整个应用程序

参考github上，docker-compos安装

[root@harbor-server ~]# yum update nss curl -y[root@harbor-server ~]# echo "52.216.239.107 github-production-release-asset-2e65be.s3.amazonaws.com" >>/etc/hosts[root@harbor-server ~]# echo "13.250.177.223 github.com" >>/etc/hosts[root@harbor-server ~]# curl -L https://github.com/docker/compose/releases/download/1.24.0/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose[root@harbor-server ~]# chmod +x /usr/local/bin/docker-compose [root@harbor-server ~]# ll -d  /usr/local/bin/docker-compose -rwxr-xr-x 1 root root 16154160 5月  17 15:06 /usr/local/bin/docker-compose[root@harbor-server ~]# docker-compose --version docker-compose version 1.24.0, build 0aa59064

PS:curl: (35) Peer reports incompatible or unsupported protocol version. #如果上述命令执行出现这种报错，则是因为ncc和url版本过低导致的更新即可，yum update nss curl -y

【安装docker-harbor】

[root@harbor-server ~]# https://storage.googleapis.com/harbor-releases/release-1.7.0/harbor-offline-installer-v1.7.1.tgz

[root@harbor-server ~]# tar zxvf harbor-offline-installer-v1.7.1.tgz -C /usr/local/

root@localhost ~]# cd /usr/local/harbor/

[root@harbor-server ~]# mkdir -p /usr/local/harbor/ssl/

[root@harbor-server ssl]# openssl req -newkey rsa:4096 -nodes -sha256 -keyout ca.key -x509 -days 365 -out ca.crt

Generating a 4096 bit RSA private key..++...................................................................................................................................++writing new private key to 'ca.key'-----You are about to be asked to enter information that will be incorporatedinto your certificate request.What you are about to enter is what is called a Distinguished Name or a DN.There are quite a few fields but you can leave some blankFor some fields there will be a default value,If you enter '.', the field will be left blank.-----Country Name (2 letter code) [XX]:CNState or Province Name (full name) []:Locality Name (eg, city) [Default City]:Organization Name (eg, company) [Default Company Ltd]:Organizational Unit Name (eg, section) []:Common Name (eg, your name or your server's hostname) []:bixiaoyuEmail Address []:

[root@harbor-server ssl]# openssl req -newkey rsa:4096 -nodes -sha256 -keyout reg.bixiaoyu.com.key -out reg.bixiaoyu.com.csr

Generating a 4096 bit RSA private key............................++................................++writing new private key to 'reg.bixiaoyu.com.key'-----You are about to be asked to enter information that will be incorporatedinto your certificate request.What you are about to enter is what is called a Distinguished Name or a DN.There are quite a few fields but you can leave some blankFor some fields there will be a default value,If you enter '.', the field will be left blank.-----Country Name (2 letter code) [XX]:CNState or Province Name (full name) []:Locality Name (eg, city) [Default City]:Organization Name (eg, company) [Default Company Ltd]:Organizational Unit Name (eg, section) []:Common Name (eg, your name or your server's hostname) []:reg.bixiaoyu.comEmail Address []:Please enter the following 'extra' attributesto be sent with your certificate requestA challenge password []:An optional company name []:

[root@harbor-server ssl]# openssl x509 -req -days 365 -in reg.bixiaoyu.com.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out reg.bixiaoyu.com.crt

Signature oksubject=/C=CN/L=Default City/O=Default Company Ltd/CN=reg.bixiaoyu.comGetting CA Private Key

【配置harbor】

[root@localhost harbor]# vim harbor.cfg

hostname = reg.bixiaoyu.com     #设置harbor仓库访问的域名ui_url_protocol = https   #支持https协议ssl_cert = /usr/local/harbor/ssl/reg.bixiaoyu.com.crt    #设置证书认证ssl_cert_key = /usr/local/harbor/ssl/reg.bixiaoyu.com.keyharbor_admin_password = 12345    #访问harbor登录密码

[root@harbor-server harbor]# ./prepare

Generated and saved secret to file: /data/secretkeyGenerated configuration file: ./common/config/nginx/nginx.confGenerated configuration file: ./common/config/adminserver/envGenerated configuration file: ./common/config/core/envGenerated configuration file: ./common/config/registry/config.ymlGenerated configuration file: ./common/config/db/envGenerated configuration file: ./common/config/jobservice/envGenerated configuration file: ./common/config/jobservice/config.ymlGenerated configuration file: ./common/config/log/logrotate.confGenerated configuration file: ./common/config/registryctl/envGenerated configuration file: ./common/config/core/app.confGenerated certificate, key file: ./common/config/core/private_key.pem, cert file: ./common/config/registry/root.crtThe configuration files are ready, please use docker-compose to start the service.

[root@harbor-server harbor]# ./install.sh

[Step 3]: checking existing instance of Harbor ...[Step 4]: starting Harbor ...Creating network "harbor_harbor" with the default driverCreating harbor-log ... doneCreating harbor-adminserver ... doneCreating registryctl        ... doneCreating registry           ... doneCreating harbor-db          ... doneCreating redis              ... doneCreating harbor-core        ... doneCreating harbor-jobservice  ... doneCreating harbor-portal      ... doneCreating nginx              ... done✔ ----Harbor has been installed and started successfully.----Now you should be able to visit the admin portal at https://reg.bixiaoyu.com. For more details, please visit https://github.com/goharbor/harbor .

[root@harbor-server harbor]# docker-compose ps #检查关于harbor容器已经运行

Name                     Command                  State                                    Ports                              -------------------------------------------------------------------------------------------------------------------------------------harbor-adminserver   /harbor/start.sh                 Up (healthy)                                                                   harbor-core          /harbor/start.sh                 Up (healthy)                                                                   harbor-db            /entrypoint.sh postgres          Up (healthy)   5432/tcp                                                        harbor-jobservice    /harbor/start.sh                 Up                                                                             harbor-log           /bin/sh -c /usr/local/bin/ ...   Up (healthy)   127.0.0.1:1514->10514/tcp                                       harbor-portal        nginx -g daemon off;             Up (healthy)   80/tcp                                                          nginx                nginx -g daemon off;             Up (healthy)   0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp, 0.0.0.0:80->80/tcpredis                docker-entrypoint.sh redis ...   Up             6379/tcp                                                        registry             /entrypoint.sh /etc/regist ...   Up (healthy)   5000/tcp                                                        registryctl          /harbor/start.sh                 Up (healthy)

Ps:如果在本机访问reg.bixiaoyu.com的harbor域名，需要在本地host解析,这里不再具体说明