zoukankan      html  css  js  c++  java

  • Harbor部署

    一、Harbor

    是由VMware公司的中国团队开发的。私有的docker镜像仓库。

Harbor是一个开放源代码可信云本机注册表项目,用于存储,签名和扫描内容。Harbor通过添加
用户通常需要的功能(例如安全性,身份和管理)扩展了开源Docker Distribution。使注册表更
接近于构建和运行环境可以提高图像传输效率。Harbor支持在注册表之间复制映像,还提供高级
安全功能,例如用户管理,访问控制和活动审核。

官方:https://hub.docker.com/

第三方:https://registry.cn-hangzhou.aliyuncs.com

私有的docker镜像仓库:Harbor

	1、登录注册
	2、安全认证
	3、镜像仓库

官网:https://goharbor.io/
    硬件 最低要求 推荐
    CPU 2 CPU 4 CPU
    内存 4GB 8 GB
    磁盘 40 GB 160 GB

    二、安装部署Harbor

    #安装依赖
[root@harbor ~]# yum install -y yum-utils device-mapper-persistent-data lvm2

#安装阿里云源仓库
[root@harbor ~]# yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

[root@harbor ~]# sed -i 's+download.docker.com+mirrors.aliyun.com/docker-ce+' /etc/yum.repos.d/docker-ce.repo

#查看docker版本
[root@harbor ~]# yum list docker-ce --showduplicates | sort -r

#选择19版本,进行安装
[root@harbor ~]# yum install -y docker-ce-19.03.9

[root@harbor ~]# mkdir /etc/docker -p
[root@harbor ~]# cd /etc/docker
[root@harbor ~]# cat > /etc/docker/daemon.json <<EOF
{
  "registry-mirrors": ["https://dp0vxr93.mirror.aliyuncs.com"]
}
EOF

[root@harbor ~]# systemctl daemon-reload
[root@harbor ~]# systemctl enable --now docker


#安装OpenSSL
[root@harbor ~]# yum install openssl openssl-devel -y

#下载Harbor
下载地址: https://github.com/goharbor/harbor/releases
[root@harbor ~]# tar xf harbor-offline-installer-v2.3.3.tgz -C /usr/local/

#安装docker-compose
下载地址:https://github.com/docker/compose/releases
[root@harbor /usr/local/bin]# wget https://github.com/docker/compose/releases/download/1.29.2/docker-compose-Linux-x86_64
[root@harbor /usr/local/bin]# mv docker-compose-Linux-x86_64 docker-compose
[root@harbor /usr/local/bin]# chmod +x docker-compose
[root@harbor /usr/local/bin]# docker-compose version
docker-compose version 1.29.2, build 5becea4c
docker-py version: 5.0.0
CPython version: 3.7.10
OpenSSL version: OpenSSL 1.1.0l  10 Sep 2019


#生成CA证书私钥
[root@harbor ~]# mkdir /opt/ssl 
[root@harbor ~]# cd /opt/ssl

[root@harbor /opt/ssl]# openssl genrsa -out ca.key 4096

#生成CA证书
[root@harbor /opt/ssl]# openssl req -x509 -new -nodes -sha512 -days 3650 -subj "/C=CN/ST=ShangHai/L=ShangHai/O=example/OU=Personal/CN=10.0.0.75" -key ca.key -out ca.crt

#生成服务器端证书
1.生成私钥
[root@harbor /opt/ssl]# openssl genrsa -out 10.0.0.75.key 4096

2.生成证书签名请求
[root@harbor /opt/ssl]# openssl req -sha512 -new -subj "/C=CN/ST=ShangHai/L=ShangHai/O=example/OU=Personal/CN=10.0.0.75" -key 10.0.0.75.key  -out 10.0.0.75.csr

#生成x509 v3服务文件
[root@harbor /opt/ssl]# cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = IP:10.0.0.75
EOF

#使用该 v3.ext 文件为您的Harbor主机生成证书
[root@harbor /opt/ssl]# openssl x509 -req -sha512 -days 3650 \
-extfile v3.ext \
-CA ca.crt -CAkey ca.key -CAcreateserial \
-in 10.0.0.75.csr \
-out 10.0.0.75.crt

#使用该 v3.ext 文件为您的Harbor主机生成证书
[root@harbor /opt/ssl]# openssl x509 -inform PEM -in 10.0.0.75.crt -out 10.0.0.75.cert

[root@harbor /opt/ssl]# ll
-rw-r--r-- 1 root root 2053 Nov 10 20:13 10.0.0.75.cert
-rw-r--r-- 1 root root 2053 Nov 10 20:12 10.0.0.75.crt
-rw-r--r-- 1 root root 1704 Nov 10 20:10 10.0.0.75.csr
-rw-r--r-- 1 root root 3243 Nov 10 20:09 10.0.0.75.key
-rw-r--r-- 1 root root 2033 Nov 10 20:06 ca.crt
-rw-r--r-- 1 root root 3243 Nov 10 20:06 ca.key
-rw-r--r-- 1 root root   17 Nov 10 20:12 ca.srl
-rw-r--r-- 1 root root  201 Nov 10 20:12 v3.ext

#创建docker证书存放目录
[root@harbor /opt/ssl]# mkdir -p /etc/docker/certs.d/10.0.0.75

[root@harbor /opt/ssl]# cp 10.0.0.75.key /etc/docker/certs.d/10.0.0.75/
[root@harbor /opt/ssl]# cp 10.0.0.75.cert /etc/docker/certs.d/10.0.0.75/        
[root@harbor /opt/ssl]# cp ca.crt /etc/docker/certs.d/10.0.0.75/
[root@harbor /opt/ssl]# ll /etc/docker/certs.d/10.0.0.75
-rw-r--r-- 1 root root 2053 Nov 10 20:16 10.0.0.75.cert
-rw-r--r-- 1 root root 3243 Nov 10 20:16 10.0.0.75.key
-rw-r--r-- 1 root root 2033 Nov 10 20:16 ca.crt

[root@harbor /opt/ssl]# systemctl restart docker

#编辑yml文件
[root@harbor /opt/ssl]# cd /usr/local/harbor
[root@harbor /usr/local/harbor]# cp harbor.yml.tmpl harbor.yml
[root@harbor /usr/local/harbor]# vim harbor.yml        
hostname: 10.0.0.75                    
  certificate: /opt/ssl/10.0.0.75.crt
  private_key: /opt/ssl/10.0.0.75.key 

#生成配置并安装
[root@harbor /usr/local/harbor]# ./prepare
[root@harbor /usr/local/harbor]# ./install.sh

#浏览器访问10.0.0.75:80
#用户:admin
#密码:Harbor12345

    3.报错

    [root@harbor /usr/local/harbor]# docker login 10.0.0.75
Username: root
Password: 
Error response from daemon: Get https://10.0.0.75/v2/: x509: certificate signed by unknown authority

#修改 /lib/systemd/system/docker.service 文件里的 ExecStart= 行:
[root@harbor /usr/local/harbor]# vim /lib/systemd/system/docker.service
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --insecure-registry=10.0.0.75

#重载、重启 docker 服务
[root@harbor /usr/local/harbor]# systemctl daemon-reload
[root@harbor /usr/local/harbor]# systemctl restart docker

#登录
[root@harbor /usr/local/harbor]# docker login 10.0.0.75
Username: root
Password: 
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded
  • 相关阅读:
    保研练习题(5)
    保研练习题(4)
    保研练习题(3)
    保研练习题(2)
    保研练习题(1)
    基于邻接矩阵的拓扑排序--升级版
    基于邻接矩阵的拓扑排序
    vue 父组件调用子组件的函数
    vue 子组件调用父组件的函数
    JS 打乱数组顺序
  • 原文地址:https://www.cnblogs.com/backz/p/15536044.html
Copyright © 2011-2022 走看看