企业级Docker-Harbor
【docker环境部署】
[root@harbor-server ~]# yum install -y yum-utils device-mapper-persistent-data lvm2 #安装docker-ce版本所依赖的软件程序
[root@harbor-server ~]# echo "13.224.2.103 download.docker.com" >>/etc/hosts #本地host解析,防止下载docker-ce的repo源报错
[root@harbor-server ~]# yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo #下载docker-ce的repo的源
[root@harbor-server ~]# yum install -y docker-ce #安装docker-ce
[root@harbor-server ~]# systemctl start docker #启动docker并设置自启
[root@harbor-server ~]# systemctl enable docker
【安装docker-compos】
docker-compos是一个用户定义和运行多个容器的docker应用程序,使用定义YAML文件配置应用的服务,只需简单命令即可创建启动所配置的所有服务
docker-compos基本三个流程:
- 在Dockerfile中定义你的应用环境,使其在任何地方复制
- 在docker-conpos.yml中,定义组成应用程序的服务,方便在隔离的环境中一起运行·
- 运行docker up -d.compose将启动并运行整个应用程序
- 参考github上,docker-compos安装https://github.com/docker/compose/releases
[root@harbor-server ~]# yum update nss curl -y
[root@harbor-server ~]# echo "52.216.239.107 github-production-release-asset-2e65be.s3.amazonaws.com" >>/etc/hosts
[root@harbor-server ~]# echo "13.250.177.223 github.com" >>/etc/hosts
[root@harbor-server ~]# curl -L https://github.com/docker/compose/releases/download/1.24.0/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
[root@harbor-server ~]# chmod +x /usr/local/bin/docker-compose
[root@harbor-server ~]# ll -d /usr/local/bin/docker-compose
-rwxr-xr-x root root 5月 : /usr/local/bin/docker-compose
[root@harbor-server ~]# docker-compose --version
docker-compose version 1.24., build 0aa59064
PS:curl: (35) Peer reports incompatible or unsupported protocol version. #如果上述命令执行出现这种报错,则是因为ncc和url版本过低导致的更新即可,yum update nss curl -y
【安装docker-harbor】
[root@harbor-server ~]# https://storage.googleapis.com/harbor-releases/release-1.7.0/harbor-offline-installer-v1.7.1.tgz
[root@harbor-server ~]# tar zxvf harbor-offline-installer-v1.7.1.tgz -C /usr/local/
root@localhost ~]# cd /usr/local/harbor/
[root@harbor-server ~]# mkdir -p /usr/local/harbor/ssl/
[root@harbor-server ssl]# openssl req -newkey rsa:4096 -nodes -sha256 -keyout ca.key -x509 -days 365 -out ca.crt
Generating a bit RSA private key
..++
...................................................................................................................................++
writing new private key to 'ca.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name ( letter code) [XX]:CN
State or Province Name (full name) []:
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:bixiaoyu
Email Address []:
[root@harbor-server ssl]# openssl req -newkey rsa:4096 -nodes -sha256 -keyout reg.bixiaoyu.com.key -out reg.bixiaoyu.com.csr
Generating a bit RSA private key
............................++
................................++
writing new private key to 'reg.bixiaoyu.com.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name ( letter code) [XX]:CN
State or Province Name (full name) []:
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:reg.bixiaoyu.com
Email Address []: Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@harbor-server ssl]# openssl x509 -req -days 365 -in reg.bixiaoyu.com.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out reg.bixiaoyu.com.crt
Signature ok
subject=/C=CN/L=Default City/O=Default Company Ltd/CN=reg.bixiaoyu.com
Getting CA Private Key
【配置harbor】
[root@localhost harbor]# vim harbor.cfg
hostname = reg.bixiaoyu.com #设置harbor仓库访问的域名 ui_url_protocol = https #支持https协议 ssl_cert = /usr/local/harbor/ssl/reg.bixiaoyu.com.crt #设置证书认证
ssl_cert_key = /usr/local/harbor/ssl/reg.bixiaoyu.com.key harbor_admin_password = 12345 #访问harbor登录密码
[root@harbor-server harbor]# ./prepare
Generated and saved secret to file: /data/secretkey
Generated configuration file: ./common/config/nginx/nginx.conf
Generated configuration file: ./common/config/adminserver/env
Generated configuration file: ./common/config/core/env
Generated configuration file: ./common/config/registry/config.yml
Generated configuration file: ./common/config/db/env
Generated configuration file: ./common/config/jobservice/env
Generated configuration file: ./common/config/jobservice/config.yml
Generated configuration file: ./common/config/log/logrotate.conf
Generated configuration file: ./common/config/registryctl/env
Generated configuration file: ./common/config/core/app.conf
Generated certificate, key file: ./common/config/core/private_key.pem, cert file: ./common/config/registry/root.crt
The configuration files are ready, please use docker-compose to start the service.
[root@harbor-server harbor]# ./install.sh
[Step ]: checking existing instance of Harbor ... [Step ]: starting Harbor ...
Creating network "harbor_harbor" with the default driver
Creating harbor-log ... done
Creating harbor-adminserver ... done
Creating registryctl ... done
Creating registry ... done
Creating harbor-db ... done
Creating redis ... done
Creating harbor-core ... done
Creating harbor-jobservice ... done
Creating harbor-portal ... done
Creating nginx ... done ✔ ----Harbor has been installed and started successfully.---- Now you should be able to visit the admin portal at https://reg.bixiaoyu.com.
For more details, please visit https://github.com/goharbor/harbor .
[root@harbor-server harbor]# docker-compose ps #检查关于harbor容器已经运行
Name Command State Ports
-------------------------------------------------------------------------------------------------------------------------------------
harbor-adminserver /harbor/start.sh Up (healthy)
harbor-core /harbor/start.sh Up (healthy)
harbor-db /entrypoint.sh postgres Up (healthy) /tcp
harbor-jobservice /harbor/start.sh Up
harbor-log /bin/sh -c /usr/local/bin/ ... Up (healthy) 127.0.0.1:->/tcp
harbor-portal nginx -g daemon off; Up (healthy) /tcp
nginx nginx -g daemon off; Up (healthy) 0.0.0.0:->/tcp, 0.0.0.0:->/tcp, 0.0.0.0:->/tcp
redis docker-entrypoint.sh redis ... Up /tcp
registry /entrypoint.sh /etc/regist ... Up (healthy) /tcp
registryctl /harbor/start.sh Up (healthy)
Ps:如果在本机访问reg.bixiaoyu.com的harbor域名,需要在本地host解析,这里不再具体说明
【镜像上传】
[root@localhost ~]# scp root@192.168.175.100:/usr/local/harbor/ssl/reg.bixiaoyu.com.crt /etc/docker/certs.d/reg.bixiaoyu.com/
[root@localhost ~]# scp root@192.168.175.100:/usr/local/harbor/ssl/reg.bixiaoyu.com.key /etc/docker/certs.d/reg.bixiaoyu.com/
[root@localhost ~]# ls /etc/docker/certs.d/reg.bixiaoyu.com/
reg.bixiaoyu.com.crt reg.bixiaoyu.com.key
[root@localhost ~]# docker login reg.bixiaoyu.com
Username: hexunadmin
Password:
Login Succeeded
[root@localhost ~]# docker tag 675bd9a877ed reg.bixiaoyu.com/test/tomcat:v1
[root@localhost ~]# docker push reg.bixiaoyu.com/test/tomcat:v1
[root@localhost ~]# docker pull reg.bixiaoyu.com/test/tomcat:v1
企业级Docker-Harbor的更多相关文章
- 搭建Harbor企业级docker仓库
搭建Harbor企业级docker仓库 一.Harbor简介 1.Harbor介绍 Harbor是一个用于存储和分发Docker镜像的企业级Registry服务器,通过添加一些企业必需的功能特性,例如 ...
- ubuntu 安装企业级容器 docker harbor
安装docker harbor 企业级容器 环境说明: 操作系统: ubuntu16.04.5 LTS IP地址: 192.168.31.129 https://github.com/goh ...
- docker的企业级仓库-harbor
Harbor 一.背景 Docker中要使用镜像,我们一般都会从本地.Docker Hub公共仓库或者其它第三方的公共仓库中下载镜像,但是出于安全和一些内外网的原因考虑,企业级上不会轻易使用.普通的D ...
- .NET遇上Docker - Harbor的安装与基本使用
Harbor是一个开源企业级Docker注册中心,可以用于搭建私有的Docker Image仓库.可以实现权限控制等. 安装Harbor 首先,需要安装Docker和Docker Compose,参考 ...
- Docker Harbor私有仓库部署与管理 (超详细配图)
Docker Harbor私有仓库部署与管理 1.Harbor 介绍 2.Harbor部署 3.Harbor管理 1.Harbor 介绍: 什么是 Harbor ? Harbor 是 VMware 公 ...
- 014.Docker Harbor+Keepalived+LVS+共享存储高可用架构
一 多Harbor高可用介绍 共享后端存储是一种比较标准的方案,将多个Harbor实例共享同一个后端存储,任何一个实例持久化到存储的镜像,都可被其他实例中读取.通过前置LB组件,如Keepalived ...
- Kubernetes(k8s)集群部署(k8s企业级Docker容器集群管理)系列目录
0.目录 整体架构目录:ASP.NET Core分布式项目实战-目录 k8s架构目录:Kubernetes(k8s)集群部署(k8s企业级Docker容器集群管理)系列目录 一.感谢 在此感谢.net ...
- Kubernetes(k8s)集群部署(k8s企业级Docker容器集群管理)系列之集群部署环境规划(一)
0.前言 整体架构目录:ASP.NET Core分布式项目实战-目录 k8s架构目录:Kubernetes(k8s)集群部署(k8s企业级Docker容器集群管理)系列目录 一.环境规划 软件 版本 ...
- Kubernetes(k8s)集群部署(k8s企业级Docker容器集群管理)系列之自签TLS证书及Etcd集群部署(二)
0.前言 整体架构目录:ASP.NET Core分布式项目实战-目录 k8s架构目录:Kubernetes(k8s)集群部署(k8s企业级Docker容器集群管理)系列目录 一.服务器设置 1.把每一 ...
- Kubernetes(k8s)集群部署(k8s企业级Docker容器集群管理)系列之flanneld网络介绍及部署(三)
0.前言 整体架构目录:ASP.NET Core分布式项目实战-目录 k8s架构目录:Kubernetes(k8s)集群部署(k8s企业级Docker容器集群管理)系列目录 一.flanneld介绍 ...
随机推荐
- 初学cdq分治学习笔记(可能有第二次的学习笔记)
前言骚话 本人蒟蒻,一开始看到模板题就非常的懵逼,链接,学到后面就越来越清楚了. 吐槽,cdq,超短裙分治....(尴尬) 正片开始 思想 和普通的分治,还是分而治之,但是有一点不一样的是一般的分治在 ...
- [M$]重装或更换主板后提示“由于指定产品密钥激活次数“ office 2016
https://answers.microsoft.com/zh-hans/msoffice/forum/all/%E6%8C%87%E5%AE%9A%E4%BA%A7%E5%93%81%E5%AF% ...
- Linux基本命令总结(六)
接上篇: 27,diff在命令行中打印每一个行的改动.最新版本的diff还支持二进制文件.diff程序的输出被称为补丁 (patch),因为Linux系统中还有一个patch程序,可以根据diff的输 ...
- (一)Qt5模块,QtCreator常用快捷键,命名规范
常用快捷键 1)帮助文件:F1 (光标在函数名字或类名上,按 F1 即可跳转到对应帮助文档,查看其详细用法) 2).h 文件和对应.cpp 文件切换:F4 3)编译并运行:Ctrl + R 4)函数声 ...
- Springboot 6.Springboot 返回cookies信息的验证和post接口开发及常见错误解决
在介绍之前先将一个小插件:lombok ,在prefrence里面点击plugins,然后搜索lombok,进行install就可以了 首先将pom文件里面的lombok引进来 <depend ...
- LFYZ-OJ ID: 1024 火车站
火车过站 问题描述 火车从始发站(称为第1站)开出,在始发站上车的人数为a,然后到达第2站,在第2站有人上.下车,但上.下车的人数相同,因此在第2站开出时(即在到达第3站之前)车上的人数保持为a人.从 ...
- Generator和Coroutine学习
简单的生产者消费者模型 #!/usr/bin/python2.7 def consumer(): while True: newn = yield print 'Consumer : {}'.form ...
- 使用 MERGE 语句实现增删改
Ø 简介 在平常编写增删改的 SQL 语句时,我们用的最多的就是 INSERT.UPDATE 和 DELETE 语句,这是最基本的增删改语句.其实,SQL Server 中还有另外一个可以实现增删改 ...
- [译]Ocelot - Logging
原文 Ocelot使用标准的日志接口ILoggerFactory和ILogger<T>.它们封装在IOcelotLogger 和 IOcelotLoggerFactory中,因为ocelo ...
- Oracle 自定义函数、存储过程
讲函数之前,先介绍一下程序结构 3.程序结构 新建一个测试窗口,举一个小例子 declare -- 声明变量,包括游标 begin -- 执行部分 dbms_output.put_line('hell ...