zoukankan      html  css  js  c++  java
  • Quay 基础版安装和部署

    详细的安装手册可以参考官方文档,地址在

    https://access.redhat.com/documentation/en-us/red_hat_quay/3/html-single/deploy_red_hat_quay_-_basic/index

    Quay包含了几个核心组件

    • 数据库:主要存放镜像的元数据(非镜像存储)
    • redis:存放构建日志和Quay的向导
    • Quay:作为registry
    • Clair: 镜像扫描功能

    安装的环境至少需要4G内存

    • 安装步骤

    1.安装docker以及关闭防火墙

    yum install docker
    systemctl enable docker
    systemctl start docker
    systemctl is-active docker
    
    systemctl stop firewalld
    systemctl disable firewalld

    2.安装mysql数据库

    mkdir -p /var/lib/mysql
    chmod 777 /var/lib/mysql
    export MYSQL_CONTAINER_NAME=mysql
    export MYSQL_DATABASE=enterpriseregistrydb
    export MYSQL_PASSWORD=welcome1
    export MYSQL_USER=quayuser
    export MYSQL_ROOT_PASSWORD=welcome1
    
    docker run 
        --detach 
        --restart=always 
        --env MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD} 
        --env MYSQL_USER=${MYSQL_USER} 
        --env MYSQL_PASSWORD=${MYSQL_PASSWORD} 
        --env MYSQL_DATABASE=${MYSQL_DATABASE} 
        --name ${MYSQL_CONTAINER_NAME} 
        --privileged=true 
        --publish 3306:3306 
        -v /var/lib/mysql:/var/lib/mysql/data:Z 
        registry.access.redhat.com/rhscl/mysql-57-rhel7

    如果是离线环境,需要事先下载镜像registry.access.redhat.com/rhscl/mysql-57-rhel7

    验证连接性

    yum install -y mariadb
    mysql -h 192.168.56.107 -u root --password=welcome1
    Welcome to the MariaDB monitor.  Commands end with ; or g.
    Your MySQL connection id is 10184
    Server version: 5.7.21 MySQL Community Server (GPL)
    Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.
    Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.
    MySQL [(none)]> status

    3.安装redis

    mkdir -p /var/lib/redis
    chmod 777 /var/lib/redis
    docker run -d --restart=always -p 6379:6379 
        --privileged=true 
        -v /var/lib/redis:/var/lib/redis/data:Z 
        registry.access.redhat.com/rhscl/redis-32-rhel7

    mysql和redis都是以restart=always方式启动,也就是说docker启动以后这两服务就启动了。

    4.配置Quay

    docker run --privileged=true -p 8443:8443 -d quay.io/redhat/quay:v3.2.0 config welcome1

    这一步拉去quay的镜像花了不少时间,能够拉去之前,需要访问redhat的用户网站获取login密码

    https://access.redhat.com/solutions/3533201

    拉去完成后会启动一个配置quay的进程,访问

    https://registry.redhat.ren:8443

    登录通过quayconfig/welcome1

    选择新建

     设置完数据库后,需要设置super user

    下面这个界面需要设置两个地方,一个是

    Server configuration的Server Hostname,另一个是Redis Hostname

     SSL暂时先不配置,然后保存出一个quay-config.tar.gz

    5. 部署Quay

    mkdir -p /mnt/quay/config
    
    mkdir -p /mnt/quay/storage
    
    cp quay-config.tar.gz /mnt/quay/config/
    
    tar xvf quay-config.tar.gz
    config.yaml
    docker run --restart=always -p 443:8443 -p 80:8080 
       --sysctl net.core.somaxconn=4096 
       --privileged=true 
       -v /mnt/quay/config:/conf/stack:Z 
       -v /mnt/quay/storage:/datastorage:Z 
       -d quay.io/redhat/quay:v3.2.0

    访问http://registry.redhat.ren

    然后建立repository,然后push镜像。

    如果是非ssl模式push镜像,需要在docker上进行设置

    [root@registry ssl]# cat /etc/docker/daemon.json 
    {
    "insecure-registries" : ["registry.redhat.ren"]
    }
    • SSL配置

    生成SSL文件,详细参考

    https://access.redhat.com/documentation/en-us/red_hat_quay/3/html-single/manage_red_hat_quay/index#using-ssl-to-protect-quay

    生成rootca

    openssl genrsa -out rootCA.key 2048
    openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.pem

    建立私钥和认证

    openssl genrsa -out device.key 2048
    openssl req -new -key device.key -out device.csr
    
    #这个应该设置成openshift node的主机名
    Common Name (eg, your name or your server's hostname) []:*.redhat.ren
    openssl x509 -req -in device.csr -CA rootCA.pem 
           -CAkey rootCA.key -CAcreateserial -out device.crt -days 500 -sha256

    将device.crt和device.key重命名为ssl.cert和ssl.key

    图形化配置不work,然后找到一句话

     非openshift安装,可以通过命令行。

    将key放到quay的配置目录下

    cp ssl* /mnt/quay/config/
    ls /mnt/quay/config/
    
    config.yaml  ssl.cert  ssl.key

    修改config.yaml

    PREFERRED_URL_SCHEME: https

    重新启动quay

    docker restart cbe7b0fa39d8

    先用浏览器验证一下 https://registry.redhat.ren

    然后在需要访问registry的客户端机器上设置

    cp rootCA.pem /etc/docker/certs.d/registry.redhat.ren/ca.crt

    验证。

    [root@registry ssl]# docker login registry.redhat.ren
    Username (admin): admin
    Password: 
    Login Succeeded
    [root@registry ssl]# docker push  registry.redhat.ren/admin/postgres:latest
    The push refers to a repository [registry.redhat.ren/admin/postgres]
    881e1c269a4d: Layer already exists 
    7db57ad3e021: Layer already exists 
    7605e1c60aec: Layer already exists 
    a1d223e6e6a4: Layer already exists 
    360cf55e74f6: Layer already exists 
    fd0cac2972ba: Layer already exists 
    a9de3f685bb0: Layer already exists 
    dedb3d1e3b58: Layer already exists 
    9087d83a2760: Layer already exists 
    ee106a0920de: Layer already exists 
    237b8fa99d00: Layer already exists 
    fd4cba0278cd: Layer already exists 
    d2c7e196c047: Layer already exists 
    556c5fb0d91b: Layer already exists 
    latest: digest: sha256:625225ca4ab31e1f8fc53dcd7dcff96293359c27002b7525522188ca6139cf66 size: 3245
    [root@registry ssl]# 
  • 相关阅读:
    C#
    C#
    ssh学习笔记
    (已解决)Could not open '/var/lib/nova/mnt/*/volume-*': Permission denied
    RPCVersionCapError: Requested message version, 4.17 is incompatible. It needs to be equal in major version and less than or equal in minor version as the specified version cap 4.11.
    如何在linux下安装idea
    The system has no LUN copy license
    调整mysql数据库最大连接数
    mysql数据库编码问题
    cinder支持nfs快照
  • 原文地址:https://www.cnblogs.com/ericnie/p/12233269.html
Copyright © 2011-2022 走看看