企业级Docker-Harbor
【docker环境部署】
[root@harbor-server ~]# yum install -y yum-utils device-mapper-persistent-data lvm2 #安装docker-ce版本所依赖的软件程序
[root@harbor-server ~]# echo "13.224.2.103 download.docker.com" >>/etc/hosts #本地host解析,防止下载docker-ce的repo源报错
[root@harbor-server ~]# yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo #下载docker-ce的repo的源
[root@harbor-server ~]# yum install -y docker-ce #安装docker-ce
[root@harbor-server ~]# systemctl start docker #启动docker并设置自启
[root@harbor-server ~]# systemctl enable docker
【安装docker-compos】
docker-compos是一个用户定义和运行多个容器的docker应用程序,使用定义YAML文件配置应用的服务,只需简单命令即可创建启动所配置的所有服务
docker-compos基本三个流程:
- 在Dockerfile中定义你的应用环境,使其在任何地方复制
- 在docker-conpos.yml中,定义组成应用程序的服务,方便在隔离的环境中一起运行·
- 运行docker up -d.compose将启动并运行整个应用程序
- 参考github上,docker-compos安装https://github.com/docker/compose/releases
[root@harbor-server ~]# yum update nss curl -y
[root@harbor-server ~]# echo "52.216.239.107 github-production-release-asset-2e65be.s3.amazonaws.com" >>/etc/hosts
[root@harbor-server ~]# echo "13.250.177.223 github.com" >>/etc/hosts
[root@harbor-server ~]# curl -L https://github.com/docker/compose/releases/download/1.24.0/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
[root@harbor-server ~]# chmod +x /usr/local/bin/docker-compose
[root@harbor-server ~]# ll -d /usr/local/bin/docker-compose
-rwxr-xr-x root root 5月 : /usr/local/bin/docker-compose
[root@harbor-server ~]# docker-compose --version
docker-compose version 1.24., build 0aa59064
PS:curl: (35) Peer reports incompatible or unsupported protocol version. #如果上述命令执行出现这种报错,则是因为ncc和url版本过低导致的更新即可,yum update nss curl -y
【安装docker-harbor】
[root@harbor-server ~]# https://storage.googleapis.com/harbor-releases/release-1.7.0/harbor-offline-installer-v1.7.1.tgz
[root@harbor-server ~]# tar zxvf harbor-offline-installer-v1.7.1.tgz -C /usr/local/
root@localhost ~]# cd /usr/local/harbor/
[root@harbor-server ~]# mkdir -p /usr/local/harbor/ssl/
[root@harbor-server ssl]# openssl req -newkey rsa:4096 -nodes -sha256 -keyout ca.key -x509 -days 365 -out ca.crt
Generating a bit RSA private key
..++
...................................................................................................................................++
writing new private key to 'ca.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name ( letter code) [XX]:CN
State or Province Name (full name) []:
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:bixiaoyu
Email Address []:
[root@harbor-server ssl]# openssl req -newkey rsa:4096 -nodes -sha256 -keyout reg.bixiaoyu.com.key -out reg.bixiaoyu.com.csr
Generating a bit RSA private key
............................++
................................++
writing new private key to 'reg.bixiaoyu.com.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name ( letter code) [XX]:CN
State or Province Name (full name) []:
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:reg.bixiaoyu.com
Email Address []: Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@harbor-server ssl]# openssl x509 -req -days 365 -in reg.bixiaoyu.com.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out reg.bixiaoyu.com.crt
Signature ok
subject=/C=CN/L=Default City/O=Default Company Ltd/CN=reg.bixiaoyu.com
Getting CA Private Key
【配置harbor】
[root@localhost harbor]# vim harbor.cfg
hostname = reg.bixiaoyu.com #设置harbor仓库访问的域名 ui_url_protocol = https #支持https协议 ssl_cert = /usr/local/harbor/ssl/reg.bixiaoyu.com.crt #设置证书认证
ssl_cert_key = /usr/local/harbor/ssl/reg.bixiaoyu.com.key harbor_admin_password = 12345 #访问harbor登录密码
[root@harbor-server harbor]# ./prepare
Generated and saved secret to file: /data/secretkey
Generated configuration file: ./common/config/nginx/nginx.conf
Generated configuration file: ./common/config/adminserver/env
Generated configuration file: ./common/config/core/env
Generated configuration file: ./common/config/registry/config.yml
Generated configuration file: ./common/config/db/env
Generated configuration file: ./common/config/jobservice/env
Generated configuration file: ./common/config/jobservice/config.yml
Generated configuration file: ./common/config/log/logrotate.conf
Generated configuration file: ./common/config/registryctl/env
Generated configuration file: ./common/config/core/app.conf
Generated certificate, key file: ./common/config/core/private_key.pem, cert file: ./common/config/registry/root.crt
The configuration files are ready, please use docker-compose to start the service.
[root@harbor-server harbor]# ./install.sh
[Step ]: checking existing instance of Harbor ... [Step ]: starting Harbor ...
Creating network "harbor_harbor" with the default driver
Creating harbor-log ... done
Creating harbor-adminserver ... done
Creating registryctl ... done
Creating registry ... done
Creating harbor-db ... done
Creating redis ... done
Creating harbor-core ... done
Creating harbor-jobservice ... done
Creating harbor-portal ... done
Creating nginx ... done ✔ ----Harbor has been installed and started successfully.---- Now you should be able to visit the admin portal at https://reg.bixiaoyu.com.
For more details, please visit https://github.com/goharbor/harbor .
[root@harbor-server harbor]# docker-compose ps #检查关于harbor容器已经运行
Name Command State Ports
-------------------------------------------------------------------------------------------------------------------------------------
harbor-adminserver /harbor/start.sh Up (healthy)
harbor-core /harbor/start.sh Up (healthy)
harbor-db /entrypoint.sh postgres Up (healthy) /tcp
harbor-jobservice /harbor/start.sh Up
harbor-log /bin/sh -c /usr/local/bin/ ... Up (healthy) 127.0.0.1:->/tcp
harbor-portal nginx -g daemon off; Up (healthy) /tcp
nginx nginx -g daemon off; Up (healthy) 0.0.0.0:->/tcp, 0.0.0.0:->/tcp, 0.0.0.0:->/tcp
redis docker-entrypoint.sh redis ... Up /tcp
registry /entrypoint.sh /etc/regist ... Up (healthy) /tcp
registryctl /harbor/start.sh Up (healthy)
Ps:如果在本机访问reg.bixiaoyu.com的harbor域名,需要在本地host解析,这里不再具体说明
【镜像上传】
[root@localhost ~]# scp root@192.168.175.100:/usr/local/harbor/ssl/reg.bixiaoyu.com.crt /etc/docker/certs.d/reg.bixiaoyu.com/
[root@localhost ~]# scp root@192.168.175.100:/usr/local/harbor/ssl/reg.bixiaoyu.com.key /etc/docker/certs.d/reg.bixiaoyu.com/
[root@localhost ~]# ls /etc/docker/certs.d/reg.bixiaoyu.com/
reg.bixiaoyu.com.crt reg.bixiaoyu.com.key
[root@localhost ~]# docker login reg.bixiaoyu.com
Username: hexunadmin
Password:
Login Succeeded
[root@localhost ~]# docker tag 675bd9a877ed reg.bixiaoyu.com/test/tomcat:v1
[root@localhost ~]# docker push reg.bixiaoyu.com/test/tomcat:v1
[root@localhost ~]# docker pull reg.bixiaoyu.com/test/tomcat:v1
企业级Docker-Harbor的更多相关文章
- 搭建Harbor企业级docker仓库
搭建Harbor企业级docker仓库 一.Harbor简介 1.Harbor介绍 Harbor是一个用于存储和分发Docker镜像的企业级Registry服务器,通过添加一些企业必需的功能特性,例如 ...
- ubuntu 安装企业级容器 docker harbor
安装docker harbor 企业级容器 环境说明: 操作系统: ubuntu16.04.5 LTS IP地址: 192.168.31.129 https://github.com/goh ...
- docker的企业级仓库-harbor
Harbor 一.背景 Docker中要使用镜像,我们一般都会从本地.Docker Hub公共仓库或者其它第三方的公共仓库中下载镜像,但是出于安全和一些内外网的原因考虑,企业级上不会轻易使用.普通的D ...
- .NET遇上Docker - Harbor的安装与基本使用
Harbor是一个开源企业级Docker注册中心,可以用于搭建私有的Docker Image仓库.可以实现权限控制等. 安装Harbor 首先,需要安装Docker和Docker Compose,参考 ...
- Docker Harbor私有仓库部署与管理 (超详细配图)
Docker Harbor私有仓库部署与管理 1.Harbor 介绍 2.Harbor部署 3.Harbor管理 1.Harbor 介绍: 什么是 Harbor ? Harbor 是 VMware 公 ...
- 014.Docker Harbor+Keepalived+LVS+共享存储高可用架构
一 多Harbor高可用介绍 共享后端存储是一种比较标准的方案,将多个Harbor实例共享同一个后端存储,任何一个实例持久化到存储的镜像,都可被其他实例中读取.通过前置LB组件,如Keepalived ...
- Kubernetes(k8s)集群部署(k8s企业级Docker容器集群管理)系列目录
0.目录 整体架构目录:ASP.NET Core分布式项目实战-目录 k8s架构目录:Kubernetes(k8s)集群部署(k8s企业级Docker容器集群管理)系列目录 一.感谢 在此感谢.net ...
- Kubernetes(k8s)集群部署(k8s企业级Docker容器集群管理)系列之集群部署环境规划(一)
0.前言 整体架构目录:ASP.NET Core分布式项目实战-目录 k8s架构目录:Kubernetes(k8s)集群部署(k8s企业级Docker容器集群管理)系列目录 一.环境规划 软件 版本 ...
- Kubernetes(k8s)集群部署(k8s企业级Docker容器集群管理)系列之自签TLS证书及Etcd集群部署(二)
0.前言 整体架构目录:ASP.NET Core分布式项目实战-目录 k8s架构目录:Kubernetes(k8s)集群部署(k8s企业级Docker容器集群管理)系列目录 一.服务器设置 1.把每一 ...
- Kubernetes(k8s)集群部署(k8s企业级Docker容器集群管理)系列之flanneld网络介绍及部署(三)
0.前言 整体架构目录:ASP.NET Core分布式项目实战-目录 k8s架构目录:Kubernetes(k8s)集群部署(k8s企业级Docker容器集群管理)系列目录 一.flanneld介绍 ...
随机推荐
- MySQL安装-windows安装
windows下安装MySQL 在windows下面安装MySQL 本文以5.7.17为示例 MySQL下载 官网:https://dev.mysql.com/downloads/mysql/ 本次安 ...
- macOS修改Dock隐藏速度
延迟时间 修改延迟时间改为0,默认为1. defaults write com.apple.dock autohide-delay -int 0; killall Dock 修改为浮点数值,例如0.1 ...
- python之OpenCv(三)---基本绘图
opencv 提供了绘制直线.圆形.矩形等基本绘图的功能 1.绘直线 cv2.line(画布,起点坐标,终点坐标,颜色,宽度) 例如: cv2.line(image,(20,60),(300,400) ...
- 时间序列分析模型——ARIMA模型
时间序列分析模型——ARIMA模型 一.研究目的 传统的经济计量方法是以经济理论为基础来描述变量关系的模型.但经济理论通常不足以对变量之间的动态联系提供一个严密的说明,而且内生变量既可以出现在方程的左 ...
- vue---slot,slot-scoped,以及2.6版本之后插槽的用法
slot 插槽 ,是用在组件中,向组件分发内容.它的内容可以包含任何模板代码,包括HTML. vue 在 2.6.0 中,具名插槽和作用域插槽引入了一个新的统一的语法 (即 v-slot 指令).它取 ...
- platform驱动分离
目录 platform驱动分离 框架结构 与输入子系统联系 设备描述 驱动算法 注册机制 程序 测试 platform驱动分离 框架结构 与输入子系统联系 设备描述 驱动算法 注册机制 程序 测试 - ...
- JN_0002:Win10禁止U盘拷贝文件的方法
1,在电脑桌面使用快捷键win键+r唤出运行窗口,在搜索框中输入gpedit.msc,然后点击确定. 2,打开的本地组策略编辑器中依次点击展开计算机配置—管理模块—系统,在系统下找到并选中可移动存储访 ...
- Educational Codeforces Round 52 (Rated for Div. 2)
题目链接 A. Vasya and Chocolate 题意 已知钱,价格,赠送规则求最多获得巧克力数 思路常规算即可 代码 #include <bits/stdc++.h> #defin ...
- 【vue】路由配置
一般组件我们会有全屏组件,或是在页面的某个部分显示组件,所以路由的第一层一般是全屏显示的,而在/目录下的组件为页面的某个部分显示的,通常需求是这样的,登录是全屏显示的,而普通页面是在页面的某个部分进行 ...
- 集成方法 Boosting原理
1.Boosting方法思路 Boosting方法通过将一系列的基本分类器组合,生成更好的强学习器 基本分类器是通过迭代生成的,每一轮的迭代,会使误分类点的权重增大 Boosting方法常用的算法是A ...