Harbor 是一个企业级的 Docker Registry,可以实现 images 的私有存储和日志统计权限控制等功能,并支持创建多项目(Harbor 提出的概念),基于官方 Registry V2 实现。
下面为搭建过程:
1、安装docker,过程略。
2、安装docker-compose
# curl -L https://github.com/docker/compose/releases/download/1.7.0/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose # chmod +x /usr/local/bin/docker-compose
3、配置SSL
# touch /etc/pki/CA/{index.txt,serial}
# echo 01 > /etc/pki/CA/serial
# (umask 077;openssl genrsa -out /etc/pki/CA/private/cakey.pem 2048)
填写的信息:
Country Name (2 letter code) [XX]:CN State or Province Name (full name) []:China Locality Name (eg, city) [Default City]:Beijing Organization Name (eg, company) [Default Company Ltd]:wts Organizational Unit Name (eg, section) []:sysops Common Name (eg, your name or your server's hostname) []:wts.com Email Address []:admin@wts.com
# cat /etc/pki/CA/cacert.pem >> /etc/pki/tls/certs/ca-bundle.crt # mkdir /app/ssl # (umask 077;openssl genrsa -out /app/ssl/harbor.key 2048) # openssl req -new -key /app/ssl/harbor.key -out /app/ssl/harbor.csr
填写的信息:
Country Name (2 letter code) [XX]:CN State or Province Name (full name) []:China Locality Name (eg, city) [Default City]:Beijing Organization Name (eg, company) [Default Company Ltd]:wts Organizational Unit Name (eg, section) []:sysops Common Name (eg, your name or your server's hostname) []:wts.com Email Address []:admin@wts.com Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []:
# openssl ca -in /app/ssl/harbor.csr -out /app/ssl/harbor.crt -days 3650
Using configuration from /etc/pki/tls/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 1 (0x1)
Validity
Not Before: May 19 17:46:32 2017 GMT
Not After : May 17 17:46:32 2027 GMT
Subject:
countryName = CN
stateOrProvinceName = China
organizationName = wts
organizationalUnitName = sysops
commonName = wts.com
emailAddress = admin@wts.com
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
12:71:95:95:F2:6E:FE:88:F0:3E:DF:24:1F:D6:01:E6:24:83:05:B5
X509v3 Authority Key Identifier:
keyid:B6:44:15:87:F1:3D:14:4E:7A:A0:BA:35:53:69:2D:3C:E9:9E:77:22
Certificate is to be certified until May 17 17:46:32 2027 GMT (3650 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
docker创建根证书
# mkdir -p /etc/docker/certs.d/wts.com # cp /etc/pki/CA/cacert.pem /etc/docker/certs.d/wts.com/ca.crt
重启docker
# systemctl daemon-reload # systemctl restart docker
4、下载安装Harbor
# wget https://github.com/vmware/harbor/releases/download/v1.1.1-rc1/harbor-online-installer-v1.1.1-rc1.tgz # tar xf harbor-online-installer-v1.1.1-rc1.tgz # cd harbor # vim harbor.cfg hostname = wtx.com ui_url_protocol = https ssl_cert = /app/ssl/harbor.crt ssl_cert_key = /app/ssl/harbor.key
# ./install.sh [Step 0]: checking installation environment ... Note: docker version: 17.05.0 Note: docker-compose version: 1.7.0 ...... Creating harbor-log Creating registry Creating harbor-adminserver Creating harbor-db Creating harbor-ui Creating harbor-jobservice Creating nginx
常用操作
#启动 docker-compose start #关闭 docker-compose stop #修改配置文件步骤 docker-compose down -v vim harbor.cfg ./prepare docker-compose up -d docker-compose start
如果没有DNS,修改hosts文件
# cat >>/etc/hosts <<EOF 192.168.116.148 wts.com EOF
测试
# docker login wts.com Username: admin Password: #密码为Harbor12345,harbor.cfg文件中配置 Login Succeeded
其他主机测试
# mkdir -p /etc/docker/certs.d/wts.com # scp /etc/docker/certs.d/wts.com/ca.crt 192.168.116.147:/etc/docker/certs.d/wts.com/ca.crt # /etc/init.d/docker restart
浏览器测试
访问https://192.168.116.148
上传镜像:
# docker tag centos wts.com/library/centos # docker push wts.com/library/centos
查看:
日志:
创建用户
为项目添加成员
测试使用user1用户push镜像
查看日志
