更新yum源
1.1 centOS7的镜像源文件的目录默认都在该路径下:/etc/yum.repos.d/
cd /etc/yum.repos.d/
1.2 备份原来的yum镜像源【如果出现错误可以恢复原配置】
cp /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.bak
1.3 下载国内常用的镜像源并重命名为CentOS-Base.repo,将其作为当前系统的镜像源
【网易镜像站】
如果想使用网易镜像,请使用以下命令:
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.163.com/.help/CentOS7-Base-163.repo
1.4 清理缓存
yum的缓存文件的存放目录是以下路径下:/var/cache/yum 直接清空给目录,或者使用一下命令均可
yum clean all
1.5 重新生成缓存
yum makecache
通过以上操作yum的镜像源就更新完成了。
升级docker
[root@itdev7004 ~]# rpm -qa | grep docker
docker-common-1.13.1-208.git7d71120.el7_9.x86_64
docker-1.13.1-208.git7d71120.el7_9.x86_64
docker-client-1.13.1-208.git7d71120.el7_9.x86_64
[root@itdev7004 ~]#
[root@itdev7004 ~]# yum remove docker-common-1.13.1-208.git7d71120.el7_9.x86_64 -y
[root@itdev7004 ~]# yum remove docker-1.13.1-208.git7d71120.el7_9.x86_64 -y
[root@itdev7004 ~]# yum remove docker-client-1.13.1-208.git7d71120.el7_9.x86_64 -y
# 重装
curl -fsSL https://get.docker.com/ | sh
systemctl restart docker
# 重起
[root@itdev7004 ~]# systemctl restart docker
[root@itdev7004 ~]# docker -v
Docker version 20.10.7, build f0df350
[root@itdev7004 ~]#
# 开机启动
[root@itdev7004 ~]# systemctl enable docker
Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.
[root@itdev7004 ~]#
安装docker-compose
[root@iep-02 ~]# sudo curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 633 100 633 0 0 146 0 0:00:04 0:00:04 --:--:-- 146
100 12.1M 100 12.1M 0 0 457k 0 0:00:27 0:00:27 --:--:-- 448k
[root@iep-02 ~]#
[root@iep-02 ~]#
[root@iep-02 ~]# docker-compose --version
-bash: /usr/local/bin/docker-compose: 权限不够
[root@iep-02 ~]# chmod +x /usr/local/bin/docker-compose
[root@iep-02 ~]# docker-compose --version
docker-compose version 1.29.2, build 5becea4c
[root@iep-02 ~]#
安装harbor
tar zxvf harbor-offline-installer-v2.2.3.tgz
[root@iep-02 harbor]# cd harbor/
[root@iep-02 harbor]# ls
common.sh harbor.v2.2.3.tar.gz harbor.yml.tmpl install.sh LICENSE prepare
[root@iep-02 harbor]#
[root@iep-02 harbor]# cp harbor.yml.tmpl harbor.yml
[root@iep-02 harbor]#
# 创建数据目录
[root@itdev7004 harbor]# mkdir /opt/harbor/data
修改vim harbor.yml
# Configuration file of Harbor
# The IP address or hostname to access admin UI and registry service.
# DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
hostname: 172.18.5.209
# http related config
http:
# port for http, default is 80. If https enabled, this port will redirect to https port
port: 5000
# https related config
#https:
# https port for harbor, default is 443
port: 443
# The path of cert and key files for nginx
#certificate: /your/certificate/path
#private_key: /your/private/key/path
# # Uncomment following will enable tls communication between all harbor components
# internal_tls:
# # set enabled to true means internal tls is enabled
# enabled: true
# # put your cert and key files on dir
# dir: /etc/harbor/tls/internal
# Uncomment external_url if you want to enable external proxy
# And when it enabled the hostname will no longer used
# external_url: https://reg.mydomain.com:8433
# The initial password of Harbor admin
# It only works in first time to install harbor
# Remember Change the admin password from UI after launching Harbor.
harbor_admin_password: Harbor123
# Harbor DB configuration
database:
# The password for the root user of Harbor DB. Change this before any production use.
password: root123+-
# The default data volume
data_volume: /opt/harbor/data
执行安装
# 执行检查
[root@itdev7004 harbor]# ./prepare
prepare base dir is set to /opt/harbor/harbor
Unable to find image 'goharbor/prepare:v2.2.3' locally
v2.2.3: Pulling from goharbor/prepare
371e9e93d1bf: Pull complete
ae181009f596: Pull complete
0b51c2be787f: Pull complete
945af96f6ae0: Pull complete
c4833705357e: Pull complete
1664ddbb551a: Pull complete
17674bce0cc0: Pull complete
fa018e36a4f1: Pull complete
Digest: sha256:37afb03aa02ba0e15edf55ec47f4534659b684e8b9a40511954e5e32a2512429
Status: Downloaded newer image for goharbor/prepare:v2.2.3
WARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. Please make sure to upgrade to https
Generated configuration file: /config/portal/nginx.conf
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/registryctl/config.yml
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
Generated and saved secret to file: /data/secret/keys/secretkey
Successfully called func: create_root_cert
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir
[root@itdev7004 harbor]#
# 执行安装
[root@itdev7004 harbor]# ./install.sh
[Step 0]: checking if docker is installed ...
Note: docker version: 20.10.7
[Step 1]: checking docker-compose is installed ...
Note: docker-compose version: 1.29.2
[Step 2]: loading Harbor images ...
a83376660555: Loading layer [==================================================>] 4.688MB/4.688MB
55dbe126d2dc: Loading layer [==================================================>] 4.096kB/4.096kB
316b2c164544: Loading layer [==================================================>] 3.072kB/3.072kB
0cc4eb5df972: Loading layer [==================================================>] 18.99MB/18.99MB
2f63715a324c: Loading layer [==================================================>] 19.81MB/19.81MB
Loaded image: goharbor/registry-photon:v2.2.3
95fa8fa8c8b5: Loading layer [==================================================>] 4.683MB/4.683MB
b04207c2a07f: Loading layer [==================================================>] 5.926MB/5.926MB
9c21cbf6f3c8: Loading layer [==================================================>] 15.88MB/15.88MB
4b0a51bd154f: Loading layer [==================================================>] 29.29MB/29.29MB
b5be88b7a49a: Loading layer [==================================================>] 22.02kB/22.02kB
a77b13426c89: Loading layer [==================================================>] 15.88MB/15.88MB
Loaded image: goharbor/notary-server-photon:v2.2.3
dd3112a91be7: Loading layer [==================================================>] 5.766MB/5.766MB
a55f692a874f: Loading layer [==================================================>] 4.096kB/4.096kB
72d880dc3db3: Loading layer [==================================================>] 3.072kB/3.072kB
9897d3b8d791: Loading layer [==================================================>] 28.3MB/28.3MB
0f0de80af9e5: Loading layer [==================================================>] 11.38MB/11.38MB
cde03c17578c: Loading layer [==================================================>] 40.5MB/40.5MB
Loaded image: goharbor/trivy-adapter-photon:v2.2.3
82a6093684d9: Loading layer [==================================================>] 7.818MB/7.818MB
59f53b314e67: Loading layer [==================================================>] 3.584kB/3.584kB
fb95236c02f1: Loading layer [==================================================>] 2.56kB/2.56kB
36ea3ff05a81: Loading layer [==================================================>] 61.09MB/61.09MB
832a8b3a24cf: Loading layer [==================================================>] 61.91MB/61.91MB
Loaded image: goharbor/harbor-jobservice:v2.2.3
2d3d8dedad7d: Loading layer [==================================================>] 4.688MB/4.688MB
28e4c2e7031b: Loading layer [==================================================>] 4.096kB/4.096kB
639228d7cb5e: Loading layer [==================================================>] 18.99MB/18.99MB
d92d89972cd4: Loading layer [==================================================>] 3.072kB/3.072kB
f2d73a8223e9: Loading layer [==================================================>] 25.32MB/25.32MB
9b2fac1cc278: Loading layer [==================================================>] 45.14MB/45.14MB
Loaded image: goharbor/harbor-registryctl:v2.2.3
cfbf455876cf: Loading layer [==================================================>] 37.16MB/37.16MB
594066f58496: Loading layer [==================================================>] 3.072kB/3.072kB
57b756644de9: Loading layer [==================================================>] 59.9kB/59.9kB
ba8c28512827: Loading layer [==================================================>] 61.95kB/61.95kB
Loaded image: goharbor/redis-photon:v2.2.3
1134cb1e483a: Loading layer [==================================================>] 4.688MB/4.688MB
d5c22f295fa1: Loading layer [==================================================>] 62.71MB/62.71MB
21551e00ccef: Loading layer [==================================================>] 3.072kB/3.072kB
06339f4bec70: Loading layer [==================================================>] 4.096kB/4.096kB
d4a919b83e11: Loading layer [==================================================>] 63.53MB/63.53MB
Loaded image: goharbor/chartmuseum-photon:v2.2.3
Loaded image: goharbor/prepare:v2.2.3
822cfe952bf4: Loading layer [==================================================>] 65.01MB/65.01MB
32801e508a6e: Loading layer [==================================================>] 85.06MB/85.06MB
46fbe6b83f19: Loading layer [==================================================>] 6.144kB/6.144kB
0e1736d94bf2: Loading layer [==================================================>] 2.56kB/2.56kB
2506cdcf03e3: Loading layer [==================================================>] 2.56kB/2.56kB
9b0f8574cbdf: Loading layer [==================================================>] 2.56kB/2.56kB
30d6fa29909b: Loading layer [==================================================>] 2.56kB/2.56kB
a0c1d0631a0c: Loading layer [==================================================>] 11.26kB/11.26kB
Loaded image: goharbor/harbor-db:v2.2.3
46b004fb764e: Loading layer [==================================================>] 4.683MB/4.683MB
e80463cb25f1: Loading layer [==================================================>] 5.926MB/5.926MB
5dce0d09475d: Loading layer [==================================================>] 14.47MB/14.47MB
26868aed28ba: Loading layer [==================================================>] 29.29MB/29.29MB
593c297a7d75: Loading layer [==================================================>] 22.02kB/22.02kB
8bd1c554ed89: Loading layer [==================================================>] 14.47MB/14.47MB
Loaded image: goharbor/notary-signer-photon:v2.2.3
278c21e22253: Loading layer [==================================================>] 6.535MB/6.535MB
8880ca81ca33: Loading layer [==================================================>] 9.098MB/9.098MB
cc6f5393115b: Loading layer [==================================================>] 1.691MB/1.691MB
Loaded image: goharbor/harbor-portal:v2.2.3
7bc8df5fdf64: Loading layer [==================================================>] 75.85MB/75.85MB
03eab410e000: Loading layer [==================================================>] 3.584kB/3.584kB
83d7aff5b19b: Loading layer [==================================================>] 3.072kB/3.072kB
bccd0f01fe81: Loading layer [==================================================>] 2.56kB/2.56kB
1d6438933969: Loading layer [==================================================>] 3.072kB/3.072kB
28bde883d639: Loading layer [==================================================>] 3.584kB/3.584kB
220b795b222f: Loading layer [==================================================>] 12.29kB/12.29kB
Loaded image: goharbor/harbor-log:v2.2.3
3b79fc17a108: Loading layer [==================================================>] 6.535MB/6.535MB
Loaded image: goharbor/nginx-photon:v2.2.3
ea72ec1a2d8d: Loading layer [==================================================>] 7.819MB/7.819MB
d3d5c023994b: Loading layer [==================================================>] 3.584kB/3.584kB
3f15d053d27c: Loading layer [==================================================>] 2.56kB/2.56kB
04f3b7c2c77d: Loading layer [==================================================>] 53.31MB/53.31MB
52ba70aa3427: Loading layer [==================================================>] 5.632kB/5.632kB
93d1afecadbb: Loading layer [==================================================>] 92.16kB/92.16kB
615f7655d738: Loading layer [==================================================>] 11.78kB/11.78kB
a29d5082d52a: Loading layer [==================================================>] 54.24MB/54.24MB
60ccd9fad08d: Loading layer [==================================================>] 2.56kB/2.56kB
Loaded image: goharbor/harbor-core:v2.2.3
85d62b95f1ea: Loading layer [==================================================>] 7.819MB/7.819MB
2b7d91448dd3: Loading layer [==================================================>] 17.61MB/17.61MB
c77d11ac83ca: Loading layer [==================================================>] 4.608kB/4.608kB
57257faa1ad2: Loading layer [==================================================>] 18.43MB/18.43MB
Loaded image: goharbor/harbor-exporter:v2.2.3
[Step 3]: preparing environment ...
[Step 4]: preparing harbor configs ...
prepare base dir is set to /opt/harbor/harbor
WARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. Please make sure to upgrade to https
Clearing the configuration file: /config/portal/nginx.conf
Clearing the configuration file: /config/log/logrotate.conf
Clearing the configuration file: /config/log/rsyslog_docker.conf
Clearing the configuration file: /config/nginx/nginx.conf
Clearing the configuration file: /config/core/env
Clearing the configuration file: /config/core/app.conf
Clearing the configuration file: /config/registry/passwd
Clearing the configuration file: /config/registry/config.yml
Clearing the configuration file: /config/registryctl/env
Clearing the configuration file: /config/registryctl/config.yml
Clearing the configuration file: /config/db/env
Clearing the configuration file: /config/jobservice/env
Clearing the configuration file: /config/jobservice/config.yml
Generated configuration file: /config/portal/nginx.conf
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/registryctl/config.yml
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
loaded secret from file: /data/secret/keys/secretkey
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir
[Step 5]: starting Harbor ...
Creating network "harbor_harbor" with the default driver
Creating harbor-log ... done
Creating registryctl ... done
Creating harbor-db ... done
Creating redis ... done
Creating registry ... done
Creating harbor-portal ... done
Creating harbor-core ... done
Creating nginx ... done
Creating harbor-jobservice ... done
✔ ----Harbor has been installed and started successfully.----
[root@itdev7004 harbor]#
查看状态
[root@itdev7004 harbor]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
79b36fce660a goharbor/harbor-jobservice:v2.2.3 "/harbor/entrypoint.…" 3 minutes ago Up 3 minutes (healthy) harbor-jobservice
20c2f652903e goharbor/nginx-photon:v2.2.3 "nginx -g 'daemon of…" 3 minutes ago Up 3 minutes (healthy) 0.0.0.0:5000->8080/tcp, :::5000->8080/tcp nginx
163caf53a5b9 goharbor/harbor-core:v2.2.3 "/harbor/entrypoint.…" 3 minutes ago Up 3 minutes (healthy) harbor-core
abcab2c24db4 goharbor/harbor-portal:v2.2.3 "nginx -g 'daemon of…" 3 minutes ago Up 3 minutes (healthy) harbor-portal
318489d2045e goharbor/registry-photon:v2.2.3 "/home/harbor/entryp…" 3 minutes ago Up 3 minutes (healthy) registry
5f959242065a goharbor/harbor-db:v2.2.3 "/docker-entrypoint.…" 3 minutes ago Up 3 minutes (healthy) harbor-db
89318e505dbc goharbor/redis-photon:v2.2.3 "redis-server /etc/r…" 3 minutes ago Up 3 minutes (healthy) redis
ba98ece8b673 goharbor/harbor-registryctl:v2.2.3 "/home/harbor/start.…" 3 minutes ago Up 3 minutes (healthy) registryctl
8891152812de goharbor/harbor-log:v2.2.3 "/bin/sh -c /usr/loc…" 3 minutes ago Up 3 minutes (healthy) 127.0.0.1:1514->10514/tcp harbor-log
[root@itdev7004 harbor]#
打开防火墙
firewall-cmd --zone=public --add-port=5000/tcp --permanent
#刷新防火墙
firewall-cmd --reload
访问http://172.18.5.211:5000/
用户名:admin
密码:passwd
Harbor如何停止与启动
# cd soft/harbor //切换到harbor安装包目录
# docker-compose stop //停止Harbor
# docker-compose start //启动Harbor
docker-compose up -d # 后台启动,如果容器不存在根据镜像自动创建
docker-compose down -v # 停止容器并删除容器
docker-compose start # 启动容器,容器不存在就无法启动,不会自动创建镜像
docker-compose stop # 停止容器
Harbor修改配置文件如何生效?
进入harbor的安装目录
修改harbor.yml
./prepare
docker-compose down -v
docker-compose up -d
配合nginx错误解决:
[root@VM-0-16-centos ~]# docker pull harbor.domain.com/xxx/xxx-gateway:latest
Error response from daemon: Head "https://harbor.domain.com/v2/xxx/xxx-gateway/manifests/latest": Get "http://172.18.5.211:5000/service/token?scope=repository%3Aomo%2Fomo-gateway%3Apull&service=harbor-registry": dial tcp 172.18.5.211:5000: i/o timeout
nginx配置,让支持https同时代理隐藏IP
server {
listen 80;
server_name harbor.domain.com;
#access_log /var/log/nginx/pro.log;
rewrite ^(.*)$ https://$host$1 permanent;
}
server {
listen 443 ssl;
server_name harbor.domain.com;
#access_log /var/log/nginx/pro.log;
ssl_certificate certs/full_chain.crt;
ssl_certificate_key certs/private_key.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
ssl_session_timeout 10m;
location / {
# add_header Content-Security-Policy upgrade-insecure-requests;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 10240m;
proxy_pass http://172.18.5.211:5000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 900s;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
修改vim harbor.yml
关键:external_url: https://harbor.domain.com
cat harbor.yml | grep -vE '^#|^$|#'
hostname: 0.0.0.0
http:
port: 5000
external_url: https://harbor.domain.com
harbor_admin_password: passwd
database:
password: passwd
max_idle_conns: 50
max_open_conns: 1000
data_volume: /opt/harbor/data
trivy:
ignore_unfixed: false
skip_update: false
insecure: false
jobservice:
max_job_workers: 10
notification:
webhook_job_max_retry: 10
chart:
absolute_url: disabled
log:
level: info
local:
rotate_count: 50
rotate_size: 200M
location: /var/log/harbor
_version: 2.2.0
proxy:
http_proxy:
https_proxy:
no_proxy:
components:
- core
- jobservice
- trivy
网友评论