harbor | 192.168.100.40 |
---|
ps: 这个是我在21年,还很稚嫩的时候写的笔记,当时是在有道云上面写的,这个是我翻新的,可能有一些错误问题
初始配置
1️⃣ 在各个节点 daemon.json
文件中添加
"insecure-registries" : ["192.168.100.40"]
2️⃣ 重启docker
systemctl restart docker
3️⃣ 将compose上传到harbor节点中去,也就是安装compose
[root@harbor ~]# ls
docker-compose
[root@harbor ~]# mv docker-compose /usr/bin/
[root@harbor ~]# chmod u+x /usr/bin/docker-compose
[root@harbor ~]# docker-compose version
docker-compose version 1.23.1, build b02f1306
docker-py version: 3.5.0
CPython version: 3.6.7
OpenSSL version: OpenSSL 1.1.0f 25 May 2017
4️⃣ 修改 hosts
文件
[root@node2 ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.100.10 master
192.168.100.20 node1
192.168.100.30 node2
192.168.100.40 harbor.tanc.com
配置harbor
1️⃣ 将harbor文件上传到harbor节点并解压
[root@harbor ~]# ls
harbor-offline-installer-v1.2.0.tg
[root@harbor ~]# tar zxvf harbor-offline-installer-v1.2.0.tg
2️⃣ 修改 harbor.cfg
文件
cd harbor
vim harbor.cfg
5 hostname = harbor.tanc.com ##修改域名,这个要和各个节点的hosts文件对应
24 ssl_cert = /data/cert/server.crt ##这俩个式用来存放密钥的目录要自己创建
25 ssl_cert_key = /data/cert/server.key
mkdir /data/cert
cd /data/cert
3️⃣ 创建密钥
[root@harbor cert]# openssl genrsa -des3 -out server.key 2048
Generating RSA private key, 2048 bit long modulus
......................................+++
.......+++
e is 65537 (0x10001)
Enter pass phrase for server.key:
Verifying - Enter pass phrase for server.key:
[root@harbor cert]# ls
server.key
4️⃣ 创建证书签名请求
[root@harbor cert]# openssl req -new -key server.key -out server.csr
Enter pass phrase for server.key: //不输入密码
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN ##国家
State or Province Name (full name) []:HN ##省
Locality Name (eg, city) [Default City]:CS ##长沙
Organization Name (eg, company) [Default Company Ltd]:tanc ##公司名
Organizational Unit Name (eg, section) []:tanc ##组织名
Common Name (eg, your name or your server's hostname) []:hub.tanc.com ##域名
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@harbor cert]# ls
server.csr server.key
5️⃣ 备份私钥
cp server.key server.key.org
6️⃣ 签名证书请求
[root@harbor cert]# openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Signature ok
subject=/C=CN/ST=HN/L=CS/O=tanc/OU=tanc/CN=hub.tanc.com
Getting Private key
7️⃣给目录赋予执行权限
[root@harbor ~]# chmod -R 777 /data/cert/
8️⃣ 安装
[root@harbor harbor]# ./install.sh
完成后查看docker 运行
[root@harbor harbor]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
7d18e9a71407 vmware/nginx-photon:1.11.13 "nginx -g 'daemon of…" 2 minutes ago Up 2 minutes 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp nginx
0ba8f751f00a vmware/harbor-jobservice:v1.2.0 "/harbor/harbor_jobs…" 2 minutes ago Up 2 minutes harbor-jobservice
10c888f62c84 vmware/harbor-ui:v1.2.0 "/harbor/harbor_ui" 2 minutes ago Up 2 minutes harbor-ui
8212804be91f vmware/harbor-db:v1.2.0 "docker-entrypoint.s…" 2 minutes ago Up 2 minutes 3306/tcp harbor-db
8c7ba002e430 vmware/registry:2.6.2-photon "/entrypoint.sh serv…" 2 minutes ago Up 2 minutes 5000/tcp registry
2f70683e73af vmware/harbor-adminserver:v1.2.0 "/harbor/harbor_admi…" 2 minutes ago Up 2 minutes harbor-adminserver
f491f9fbb08f vmware/harbor-log:v1.2.0 "/bin/sh -c 'crond &…" 2 minutes ago Up 2 minutes 127.0.0.1:1514->514/tcp harbor-log
使用浏览器登录
之后就可以用docker login https://harbor.tanc.com来登录到仓库了