zoukankan      html  css  js  c++  java

  • Quay 基础版安装和部署

    详细的安装手册可以参考官方文档,地址在

    https://access.redhat.com/documentation/en-us/red_hat_quay/3/html-single/deploy_red_hat_quay_-_basic/index

    Quay包含了几个核心组件

    • 数据库:主要存放镜像的元数据(非镜像存储)
    • redis:存放构建日志和Quay的向导
    • Quay:作为registry
    • Clair: 镜像扫描功能

    安装的环境至少需要4G内存

    • 安装步骤

    1.安装docker以及关闭防火墙

    yum install docker
systemctl enable docker
systemctl start docker
systemctl is-active docker

systemctl stop firewalld
systemctl disable firewalld

    2.安装mysql数据库

    mkdir -p /var/lib/mysql
chmod 777 /var/lib/mysql
export MYSQL_CONTAINER_NAME=mysql
export MYSQL_DATABASE=enterpriseregistrydb
export MYSQL_PASSWORD=welcome1
export MYSQL_USER=quayuser
export MYSQL_ROOT_PASSWORD=welcome1

docker run 
    --detach 
    --restart=always 
    --env MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD} 
    --env MYSQL_USER=${MYSQL_USER} 
    --env MYSQL_PASSWORD=${MYSQL_PASSWORD} 
    --env MYSQL_DATABASE=${MYSQL_DATABASE} 
    --name ${MYSQL_CONTAINER_NAME} 
    --privileged=true 
    --publish 3306:3306 
    -v /var/lib/mysql:/var/lib/mysql/data:Z 
    registry.access.redhat.com/rhscl/mysql-57-rhel7

    如果是离线环境,需要事先下载镜像registry.access.redhat.com/rhscl/mysql-57-rhel7

    验证连接性

    yum install -y mariadb
mysql -h 192.168.56.107 -u root --password=welcome1
Welcome to the MariaDB monitor.  Commands end with ; or g.
Your MySQL connection id is 10184
Server version: 5.7.21 MySQL Community Server (GPL)
Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.
MySQL [(none)]> status

    3.安装redis

    mkdir -p /var/lib/redis
chmod 777 /var/lib/redis
docker run -d --restart=always -p 6379:6379 
    --privileged=true 
    -v /var/lib/redis:/var/lib/redis/data:Z 
    registry.access.redhat.com/rhscl/redis-32-rhel7

    mysql和redis都是以restart=always方式启动,也就是说docker启动以后这两服务就启动了。

    4.配置Quay

    docker run --privileged=true -p 8443:8443 -d quay.io/redhat/quay:v3.2.0 config welcome1

    这一步拉去quay的镜像花了不少时间,能够拉去之前,需要访问redhat的用户网站获取login密码

    https://access.redhat.com/solutions/3533201

    拉去完成后会启动一个配置quay的进程,访问

    https://registry.redhat.ren:8443

    登录通过quayconfig/welcome1

    选择新建

     设置完数据库后,需要设置super user

    下面这个界面需要设置两个地方,一个是

    Server configuration的Server Hostname,另一个是Redis Hostname

     SSL暂时先不配置,然后保存出一个quay-config.tar.gz

    5. 部署Quay

    mkdir -p /mnt/quay/config

mkdir -p /mnt/quay/storage

cp quay-config.tar.gz /mnt/quay/config/

tar xvf quay-config.tar.gz
config.yaml
    docker run --restart=always -p 443:8443 -p 80:8080 
   --sysctl net.core.somaxconn=4096 
   --privileged=true 
   -v /mnt/quay/config:/conf/stack:Z 
   -v /mnt/quay/storage:/datastorage:Z 
   -d quay.io/redhat/quay:v3.2.0

    访问http://registry.redhat.ren

    然后建立repository,然后push镜像。

    如果是非ssl模式push镜像,需要在docker上进行设置

    [root@registry ssl]# cat /etc/docker/daemon.json 
{
"insecure-registries" : ["registry.redhat.ren"]
}

    • SSL配置

    生成SSL文件,详细参考

    https://access.redhat.com/documentation/en-us/red_hat_quay/3/html-single/manage_red_hat_quay/index#using-ssl-to-protect-quay

    生成rootca

    openssl genrsa -out rootCA.key 2048
openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.pem

    建立私钥和认证

    openssl genrsa -out device.key 2048
openssl req -new -key device.key -out device.csr

#这个应该设置成openshift node的主机名
Common Name (eg, your name or your server's hostname) []:*.redhat.ren
    openssl x509 -req -in device.csr -CA rootCA.pem 
       -CAkey rootCA.key -CAcreateserial -out device.crt -days 500 -sha256

    将device.crt和device.key重命名为ssl.cert和ssl.key

    图形化配置不work,然后找到一句话

     非openshift安装,可以通过命令行。

    将key放到quay的配置目录下

    cp ssl* /mnt/quay/config/
ls /mnt/quay/config/

config.yaml  ssl.cert  ssl.key

    修改config.yaml

    PREFERRED_URL_SCHEME: https

    重新启动quay

    docker restart cbe7b0fa39d8

    先用浏览器验证一下 https://registry.redhat.ren

    然后在需要访问registry的客户端机器上设置

    cp rootCA.pem /etc/docker/certs.d/registry.redhat.ren/ca.crt

    验证。

    [root@registry ssl]# docker login registry.redhat.ren
Username (admin): admin
Password: 
Login Succeeded
[root@registry ssl]# docker push  registry.redhat.ren/admin/postgres:latest
The push refers to a repository [registry.redhat.ren/admin/postgres]
881e1c269a4d: Layer already exists 
7db57ad3e021: Layer already exists 
7605e1c60aec: Layer already exists 
a1d223e6e6a4: Layer already exists 
360cf55e74f6: Layer already exists 
fd0cac2972ba: Layer already exists 
a9de3f685bb0: Layer already exists 
dedb3d1e3b58: Layer already exists 
9087d83a2760: Layer already exists 
ee106a0920de: Layer already exists 
237b8fa99d00: Layer already exists 
fd4cba0278cd: Layer already exists 
d2c7e196c047: Layer already exists 
556c5fb0d91b: Layer already exists 
latest: digest: sha256:625225ca4ab31e1f8fc53dcd7dcff96293359c27002b7525522188ca6139cf66 size: 3245
[root@registry ssl]#
  • 相关阅读:
    找水王
    哈利波特图书购买问题
    中序线索化二叉树[C语言实现及注释]
    第一篇随文。
    理解Python函数中的的return
    记录一款实时同步的软件——Lsyncd
    for循环
    while循环
    文件操作
    我的第一个博客
  • 原文地址:https://www.cnblogs.com/ericnie/p/12233269.html
Copyright © 2011-2022 走看看