Harbor 1.6 安装
环境
Centos:CentOSLinuxrelease7.5.1804Docker:Dockerversion18.06.1-ce,builde68fc7aDocker-composer:docker-composeversion1.20.0,buildca8d3c6Harbor:harbor-online-installer-v1.6.0.tgz
docker-composer
$ curl -Lhttps://github.com/docker/compose/releases/download/1.20.0/docker-compose-`uname -s`-`uname -m`>/usr/local/bin/docker-compose$ chmod +x /usr/local/bin/docker-compose
download harbor
选择在线安装方式,离线版本也可以,就是在安装包比较大
$ wgethttps://storage.googleapis.com/harbor-releases/release-1.6.0/harbor-online-installer-v1.6.0.tgz
解压并配置harbor
#创建工作目录
mkdir -p /home/docker_data/Harbor
#删除软链接(如果存在,请注意不要误删)
rm -r /data
#创建软链接
ln -s /home/docker_data/Harbor /data
#创建证书目录
mkdir /data/cert
#赋权
chmod -R 777 /home/docker_data/Harbor
chmod -R 777 /data
#创建证书 www.harbor.com
1[root@www cert]# openssl req -newkey rsa:4096 -nodes -sha256 -keyout /data/cert/ca.key -x509 -days 3650 -out /data/cert/ca.crt
----------------------------------------------------------------------------------------------------------------
Generating a 4096 bit RSA private key
...........................................................................................................................................++
................................++
writing new private key to '/data/cert/ca.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:bj
Locality Name (eg, city) [Default City]:bj
Organization Name (eg, company) [Default Company Ltd]:bj
Organizational Unit Name (eg, section) []:bj
Common Name (eg, your name or your server's hostname) []:www.harbor.com
Email Address []:test@bj.com.cn
-----------------------------------------------------------------------------------------------------------------------------------------------
[root@www cert]# openssl req -newkey rsa:4096 -nodes -sha256 -keyout /data/cert/www.harbor.com.key -out /data/cert/www.harbor.com.csr
-----------------------------------------------------------------------------------------------------------------------------------------------
Generating a 4096 bit RSA private key
............++
............................................++
writing new private key to '/data/cert/www.harbor.com.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:bj
Locality Name (eg, city) [Default City]:bj
Organization Name (eg, company) [Default Company Ltd]:bj
Organizational Unit Name (eg, section) []:bj
Common Name (eg, your name or your server's hostname) []:www.harbor.com
Email Address []:test@bj.com.cn
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
------------------------------------------------------------------------------------------------------------------------------------------
3[root@www cert]# openssl x509 -req -days 3650 -in /data/cert/www.harbor.com.csr -CA /data/cert/ca.crt -CAkey /data/cert/ca.key -CAcreateserial -out /data/cert/www.harbor.com.crt
------------------------------------------------------------------------------------------------------------------------------------------
Signature ok
subject=/C=CN/ST=bj/L=bj/O=bj/OU=bj/CN=www.bj.harbor.com/emailAddress=test@bj.com.cn
Getting CA Private Key
解压并配置harbor
$ tar xf harbor-online-installer-v1.6.0.tgz$ cd harbor
#配置harbor.cfg,关键配置项
hostname = www.harbor.com:8088
ui_url_protocol = https
ssl_cert = /data/cert/www.harbor.com.crt
ssl_cert_key = /data/cert/www.harbor.com.key
harbor_admin_password = Harbor123456
#配置 docker-compose.yml ,关键配置项
ports:
- 8081:80
- 8088:443
- 4443:4443
#部署
chmod -R 777 *
./install.sh
#访问
https://IP:8088
https://www.harbor.com:8088 (需配置hosts或搭建DNS服务器)
#Docker 客户端配置
#修改HOSTS文件(非必需)
vi /etc/hosts
IP www.harbor.com
#创建目录
mkdir /etc/docker/certs.d
mkdir /etc/docker/certs.d/www.harbor.com:8088
# 拷贝ca.crt到/etc/docker/certs.d/www.harbor.com:8089
chmod 777 /etc/docker/certs.d/www.harbor.com:8088/ca.crt
cp -f /etc/docker/certs.d/www.harbor.com:8088/ca.crt /etc/pki/ca-trust/source/anchors/ca.crt
证书只是用于https所有
update-ca-trust
#注意!!!不必重启 docker 服务
#登陆验证
docker login --username=admin --password=Harbor123456 www.harbor.com:8088/
接下来向Harbor推一个镜像:
1、首先在Harbor上创建一个项目”bj”。(推荐不要用admin用户,新建一个用户)
2、查看本地的镜像:
root@docker:~# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
jenkins 2.112 21d71a370755 4 months ago 815MB
rancher v1.6.11 6c4395b5515a 8 months ago 970MB
3、给”jenkins”这个镜像打上tag:
docker tag 21d71a370755 www.harbor.com:8088/bj/jenkins:2.112
4、推送至Harbor:
root@docker:~# docker push www.harbor.com:8088/bj/jenkins:2.112
The push refers to a repository [www.harbor.com:8088/bj/jenkins]
1206d45cbbbb: Pushed
c5a57a65b805: Pushed
482ab61ab3ea: Pushed
7d7236ad0e61: Pushed
4b622a1887bb: Pushed
13f00c4fe026: Pushed
6a9badfe78e2: Pushed
d0c4c512b2e9: Pushed
34d2a7a215ad: Pushed
29ebe0863109: Pushed
43591c877745: Pushed
e95144644244: Pushed
d35dd2235ffe: Pushed
88b33af4b42c: Pushed
a6b86e3ee470: Pushed
7e912d203101: Pushed
638babc3b650: Pushed
0ef6a87794b5: Pushed
20c527f217db: Pushed
61c06e07759a: Pushed
bcbe43405751: Pushed
e1df5dc88d2c: Pushed
2.112: digest: sha256:30ff8d6c06d287fcf79f28bb93a98ba07f3a275b10f8e85bb0d9e122797b06bc size: 4919
5.在Harbor上bj项目下可以看到这个镜像
6.拉取上传的镜像 (重要:要是客户端要配置hosts文件本地重定向至harbor服务器IP)
[root@www home]# docker pull www.harbor.com:8088/bj/jenkins:2.112
2.112: Pulling from bj/jenkins
c73ab1c6897b: Pull complete
1ab373b3deae: Pull complete
b542772b4177: Pull complete
57c8de432dbe: Pull complete
da44f64ae999: Pull complete
0bbc7b377a91: Pull complete
1b6c70b3786f: Pull complete
48010c1717c7: Pull complete
7a6123cacadf: Pull complete
0328005fa00f: Pull complete
0fea27bea434: Pull complete
3637d4ffed7f: Pull complete
0955f498aa90: Pull complete
61dd5dfd4199: Pull complete
e32c19b28f74: Pull complete
bf2f3fca31b5: Pull complete
c3d384d8681a: Pull complete
0fa50f757ae4: Pull complete
f4be1cdbaa43: Pull complete
67107c2a412f: Pull complete
80dd755e5377: Pull complete
00a55451a86f: Pull complete
Digest: sha256:30ff8d6c06d287fcf79f28bb93a98ba07f3a275b10f8e85bb0d9e122797b06bc
Status: Downloaded newer image for www.harbor.com:8088/bj/jenkins:2.112
网友评论