企业级Docker-Harbor

【docker环境部署】

[root@harbor-server ~]# yum install -y yum-utils device-mapper-persistent-data lvm2    #安装docker-ce版本所依赖的软件程序
[root@harbor-server ~]# echo "13.224.2.103 download.docker.com" >>/etc/hosts     #本地host解析，防止下载docker-ce的repo源报错
[root@harbor-server ~]# yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo   #下载docker-ce的repo的源
[root@harbor-server ~]# yum install -y docker-ce    #安装docker-ce
[root@harbor-server ~]# systemctl start docker     #启动docker并设置自启
[root@harbor-server ~]# systemctl enable docker

【安装docker-compos】

docker-compos是一个用户定义和运行多个容器的docker应用程序，使用定义YAML文件配置应用的服务，只需简单命令即可创建启动所配置的所有服务

docker-compos基本三个流程：

• 在Dockerfile中定义你的应用环境，使其在任何地方复制
• 在docker-conpos.yml中，定义组成应用程序的服务，方便在隔离的环境中一起运行·
• 运行docker up -d.compose将启动并运行整个应用程序
• 参考github上，docker-compos安装https://github.com/docker/compose/releases

[root@harbor-server ~]# yum update nss curl -y
[root@harbor-server ~]# echo "52.216.239.107 github-production-release-asset-2e65be.s3.amazonaws.com" >>/etc/hosts
[root@harbor-server ~]# echo "13.250.177.223 github.com" >>/etc/hosts
[root@harbor-server ~]# curl -L https://github.com/docker/compose/releases/download/1.24.0/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
[root@harbor-server ~]# chmod +x /usr/local/bin/docker-compose
[root@harbor-server ~]# ll -d  /usr/local/bin/docker-compose
-rwxr-xr-x  root root  5月   : /usr/local/bin/docker-compose
[root@harbor-server ~]# docker-compose --version
docker-compose version 1.24., build 0aa59064

PS:curl: (35) Peer reports incompatible or unsupported protocol version.  #如果上述命令执行出现这种报错，则是因为ncc和url版本过低导致的更新即可，yum update nss curl -y

【安装docker-harbor】

[root@harbor-server ~]# https://storage.googleapis.com/harbor-releases/release-1.7.0/harbor-offline-installer-v1.7.1.tgz

[root@harbor-server ~]# tar zxvf harbor-offline-installer-v1.7.1.tgz -C /usr/local/

root@localhost ~]# cd /usr/local/harbor/

[root@harbor-server ~]# mkdir -p /usr/local/harbor/ssl/

[root@harbor-server ssl]# openssl req -newkey rsa:4096 -nodes -sha256 -keyout ca.key -x509 -days 365 -out ca.crt

Generating a  bit RSA private key
..++
...................................................................................................................................++
writing new private key to 'ca.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name ( letter code) [XX]:CN
State or Province Name (full name) []:
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:bixiaoyu
Email Address []:

[root@harbor-server ssl]# openssl req -newkey rsa:4096 -nodes -sha256 -keyout reg.bixiaoyu.com.key -out reg.bixiaoyu.com.csr

Generating a  bit RSA private key
............................++
................................++
writing new private key to 'reg.bixiaoyu.com.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name ( letter code) [XX]:CN
State or Province Name (full name) []:
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:reg.bixiaoyu.com
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

[root@harbor-server ssl]# openssl x509 -req -days 365 -in reg.bixiaoyu.com.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out reg.bixiaoyu.com.crt

Signature ok
subject=/C=CN/L=Default City/O=Default Company Ltd/CN=reg.bixiaoyu.com
Getting CA Private Key

【配置harbor】

[root@localhost harbor]# vim harbor.cfg

hostname = reg.bixiaoyu.com     #设置harbor仓库访问的域名

ui_url_protocol = https   #支持https协议

ssl_cert = /usr/local/harbor/ssl/reg.bixiaoyu.com.crt    #设置证书认证
ssl_cert_key = /usr/local/harbor/ssl/reg.bixiaoyu.com.key

harbor_admin_password = 12345    #访问harbor登录密码

[root@harbor-server harbor]# ./prepare

Generated and saved secret to file: /data/secretkey
Generated configuration file: ./common/config/nginx/nginx.conf
Generated configuration file: ./common/config/adminserver/env
Generated configuration file: ./common/config/core/env
Generated configuration file: ./common/config/registry/config.yml
Generated configuration file: ./common/config/db/env
Generated configuration file: ./common/config/jobservice/env
Generated configuration file: ./common/config/jobservice/config.yml
Generated configuration file: ./common/config/log/logrotate.conf
Generated configuration file: ./common/config/registryctl/env
Generated configuration file: ./common/config/core/app.conf
Generated certificate, key file: ./common/config/core/private_key.pem, cert file: ./common/config/registry/root.crt
The configuration files are ready, please use docker-compose to start the service.

[root@harbor-server harbor]# ./install.sh

[Step ]: checking existing instance of Harbor ...

[Step ]: starting Harbor ...
Creating network "harbor_harbor" with the default driver
Creating harbor-log ... done
Creating harbor-adminserver ... done
Creating registryctl        ... done
Creating registry           ... done
Creating harbor-db          ... done
Creating redis              ... done
Creating harbor-core        ... done
Creating harbor-jobservice  ... done
Creating harbor-portal      ... done
Creating nginx              ... done

✔ ----Harbor has been installed and started successfully.----

Now you should be able to visit the admin portal at https://reg.bixiaoyu.com.
For more details, please visit https://github.com/goharbor/harbor .

[root@harbor-server harbor]# docker-compose ps    #检查关于harbor容器已经运行

       Name                     Command                  State                                    Ports
-------------------------------------------------------------------------------------------------------------------------------------
harbor-adminserver   /harbor/start.sh                 Up (healthy)
harbor-core          /harbor/start.sh                 Up (healthy)
harbor-db            /entrypoint.sh postgres          Up (healthy)   /tcp
harbor-jobservice    /harbor/start.sh                 Up
harbor-log           /bin/sh -c /usr/local/bin/ ...   Up (healthy)   127.0.0.1:->/tcp
harbor-portal        nginx -g daemon off;             Up (healthy)   /tcp
nginx                nginx -g daemon off;             Up (healthy)   0.0.0.0:->/tcp, 0.0.0.0:->/tcp, 0.0.0.0:->/tcp
redis                docker-entrypoint.sh redis ...   Up             /tcp
registry             /entrypoint.sh /etc/regist ...   Up (healthy)   /tcp
registryctl          /harbor/start.sh                 Up (healthy)   

Ps:如果在本机访问reg.bixiaoyu.com的harbor域名，需要在本地host解析,这里不再具体说明

【镜像上传】

[root@localhost ~]# scp root@192.168.175.100:/usr/local/harbor/ssl/reg.bixiaoyu.com.crt /etc/docker/certs.d/reg.bixiaoyu.com/

[root@localhost ~]# scp root@192.168.175.100:/usr/local/harbor/ssl/reg.bixiaoyu.com.key /etc/docker/certs.d/reg.bixiaoyu.com/

[root@localhost ~]# ls /etc/docker/certs.d/reg.bixiaoyu.com/
reg.bixiaoyu.com.crt reg.bixiaoyu.com.key

[root@localhost ~]# docker login reg.bixiaoyu.com
Username: hexunadmin
Password:
Login Succeeded

[root@localhost ~]# docker tag 675bd9a877ed reg.bixiaoyu.com/test/tomcat:v1

[root@localhost ~]# docker push reg.bixiaoyu.com/test/tomcat:v1

[root@localhost ~]# docker pull reg.bixiaoyu.com/test/tomcat:v1