使用harborv1.8.0-rc1 搭建docker私有镜像仓库

概述

搭建一个私有仓库

harbor介绍

harbor是一个开源的docker容器仓库，由下面几个组件组成

+　proxy：用来接收docker客户端和浏览器端的请求，并且把请求转发给后端的服务

+　registry：就是仓库，用来存储镜像的，

+　核心服务：提供web ui，数据库，token认证，webhook等功能

+　日志服务

• database：用来存储核心服务的一些数据

vmware出品，支持下面几种部署方式

• 在线安装
• 离线安装
• ova安装，这个直接在vcenter上导入就可以了

官方最小配置

• 2个cpu
• 4g内存
• 40g硬盘，因为是存储镜像的所以推荐硬盘大点

官方安装帮助

https://github.com/goharbor/harbor/blob/master/docs/installation_guide.md

Software

Software	Version	Description
Python	version 2.7 or higher	Note that you may have to install Python on Linux distributions (Gentoo, Arch) that do not come with a Python interpreter installed by default
Docker engine	version 17.03.0-ce+ or higher	For installation instructions, please refer to: https://docs.docker.com/engine/installation/
Docker Compose	version 1.18.0 or higher	For installation instructions, please refer to: https://docs.docker.com/compose/install/
Openssl	latest is preferred	Generate certificate and keys for Harbor

Network ports

---

Port	Protocol	Description
443	HTTPS	Harbor portal and core API will accept requests on this port for https protocol
4443	HTTPS	Connections to the Docker Content Trust service for Harbor, only needed when Notary is enabled
80	HTTP	Harbor portal and core API will accept requests on this port for http protocol

安装docker:

https://docs.docker.com/install/linux/docker-ce/centos/

可选安装docker方式１： curl -fsSL get.docker.com -o get-docker.sh

• 移除旧版

sudo yum remove docker \
                  docker-client \
                  docker-client-latest \
                  docker-common \
                  docker-latest \
                  docker-latest-logrotate \
                  docker-logrotate \
                  docker-engine

安装依赖包　　
```
sudo yum install -y yum-utils \
device-mapper-persistent-data \
lvm2
```
添加源　　
```
sudo yum-config-manager \
--add-repo \
https://download.docker.com/linux/centos/docker-ce.repo
```

安装和启动

sudo yum-config-manager --enable docker-ce-nightly

sudo yum install docker-ce docker-ce-cli containerd.io

sudo systemctl start docker

docker-compose安装:

• 安装和测试docker-compose
  
  官网文档　https://docs.docker.com/compose/install/
  
  下载docker-compose可执行文件
  
  sudo curl -L "https://github.com/docker/compose/releases/download/1.24.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
  
  设可执行权限
  
  sudo chmod +x /usr/local/bin/docker-compose
  
  软连接到/usr/bin
  
  sudo ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose
  
  查看安装是否成功
  
  docker-compose --version

安装步骤:

• Download the installer:
  
  下载离线安装包：
  
  https://github.com/goharbor/harbor/releases

  Online installer:

  $ tar xvf harbor-online-installer-<version>.tgz

  Offline installer:

  $ tar xvf harbor-offline-installer-<version>.tgz

• Configure harbor.cfg/harbor.yml（新版已经改成harbor.yml）;

  • 修改配置，协议，证书，管理员密码　
    
    hostname = reg.lvusyy.com

ui_url_protocol = https

ssl_cert = ./ssl/reg.lvusyy.com.crt

ssl_cert_key = ./ssl/reg.lvusyy.com.key

harbor_admin_password = harbor12345
  • 生成配置文件　　

    • 证书可以从 letsencrypt 生成免费的证书..(默认浏览器和工具都不会提示不安全警告的.)
      
      详情参考:https://github.com/Neilpang/acme.sh/wiki/说明
      
      关于配置:
      
      

    • 生成https证书(手动自签发的证书,没有根证书信任)
      
      参考　https://github.com/goharbor/harbor/blob/master/docs/configure_https.md

        #生成ｋｅｙ　　
        `openssl genrsa -out ca.key 4096`　　
      

      　 ＃根据ｋｅｙ生成ca.crt　　

        openssl req -x509 -new -nodes -sha512 -days 3650 \
        -subj "/C=CN/ST=Hangzhou/L=Hangzhou/O=example/OU=Personal/CN=lvusyy.com" \
        -key ca.key \
        -out ca.crt
      

      1. Create your own Private Key:

         openssl genrsa -out reg.lvusyy.com.key 4096

      2. Generate a Certificate Signing Request:

         openssl req -sha512 -new
         
         -subj "/C=CN/ST=Hangzhou/L=Hangzhou/O=example/OU=Personal/CN=reg.lvusyy.com"
         
         -key reg.lvusyy.com.key
         
         -out reg.lvusyy.com.csr

          cat > v3.ext <<-EOF
          authorityKeyIdentifier=keyid,issuer
          basicConstraints=CA:FALSE
          keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
          extendedKeyUsage = serverAuth
          subjectAltName = @alt_names
         
          [alt_names]
          DNS.1=reg.lvusyy.com
          DNS.2=lvusyy
          DNS.3=harbor
          EOF
         

         openssl x509 -req -sha512 -days 3650
         
         -extfile v3.ext
         
         -CA ca.crt -CAkey ca.key -CAcreateserial
         
         -in reg.lvusyy.com.csr
         
         -out reg.lvusyy.com.crt

    • 导入docker镜像　　
      
      sudo docker load < harbor.v1.8.0.tar.gz

    • 生成配置

    • ./prepare

• Run install.sh to install and start Harbor;

• 开始安装

  • ＃注意网络问题哦
    
    ./install　　
    
    到此　harbor　已经安装完成了。

192.168.1.xx reg.lvusyy.com

你可以导入你的根证书让浏览器或wget　不报ssl警告

mkdir /usr/share/ca-certificates/harbor/

cp /media/makeit/Document/harborCa/ca.crt /usr/share/ca-certificates/harbor/

sudo update-ca-certificates

这样就ｏｋ了。

wget -q -O - https://reg.lvusyy.com

如果　curl 访问呢？

* Rebuilt URL to: https://reg.lvusyy.com/
*   Trying 10.1.1.53...
* TCP_NODELAY set
* Connected to reg.lvusyy.com (10.1.1.53) port 443 (#0)
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /home/makeit/anaconda3/ssl/cacert.pem
  CApath: none

它使用　/home/makeit/anaconda3/ssl/cacert.pem　，我们把我们ca重定向进去就可以了呗。

转换格式 .cer 到 .pem

openssl x509 -inform der -in lvusyy.cer -out lvusyy.pem

追加到信任列表

cat lvusyy.pem >> /home/makeit/anaconda3/ssl/cacert.pem

妥了!

chrome呢，firefox,oprea呢

自己设置窗口导入即可。

enjoy!