CentOS7部署Harbor

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了CentOS7部署Harbor相关的知识,希望对你有一定的参考价值。

1、环境

操作系统:CentOS 7.x
Docker版本:20.10.x
Docker-Compose版本:2.5.x
Harbor版本:2.5.离线版

2、安装Docker-Compose

# 安装
curl -SL https://github.com/docker/compose/releases/download/v2.5.0/docker-compose-linux-x86_64 -o /usr/local/bin/docker-compose

# 添加权限
chmod +x /usr/local/bin/docker-compose

3、安装Docker

# 卸载旧版本
yum remove docker \\
docker-client \\
docker-client-latest \\
docker-common \\
docker-latest \\
docker-latest-logrotate \\
docker-logrotate \\
docker-engine

# 配置yum仓库
yum install -y yum-utils
yum-config-manager \\
--add-repo \\
https://download.docker.com/linux/centos/docker-ce.repo

# 安装docker
yum list docker-ce --showduplicates | sort -r
yum -y install docker-ce docker-ce-cli containerd.io

# 配置docker
mkdir -pv /etc/docker /data/docker
cat > /etc/docker/daemon.json <<EOF

"exec-opts": ["native.cgroupdriver=systemd"],
"insecure-registries": ["https://hub.lnso.org"],

"exec-opts": ["native.cgroupdriver=systemd"],
"insecure-registries": ["https://hub.lnso.org"],
"data-root": "/data/docker"

EOF

# 启动docker
systemctl daemon-reload
systemctl enable --now docker

4、安装Harbor

# 官网下载,并解压
tar xf harbor-offline-installer-v2.5.0.tgz -C /opt/

# 创建数据目录
mkdir -pv /data/harbor

# 修改配置(注释https配置)
cd /opt/harbor
cp -a harbor.yml.tmpl harbor.yml
vi harbor.yml
hostname: hub.lnso.org
#https:
# port: 443
# certificate: /opt/harbor/certs.d/hub.lnso.org.crt
# private_key: /opt/harbor/certs.d/hub.lnso.org.key
data_volume: /data/harbor

# 配置加载并安装
./prepare
./install.sh

# 访问
http://hub.lnso.org
账户:admin
密码:Harbor12345

5、启动HTTPS访问

# 创建证书目录
mkdir -pv /opt/harbor/certs.d
cd /opt/harbor/certs.d/

# 生成CA证书密钥
openssl genrsa -out ca.key 4096

# 生成 CA 证书
openssl req -x509 -new -nodes -sha512 -days 3650 \\
-subj "/C=CN/ST=Beijing/L=Beijing/O=lnso.org/OU=Technology/CN=hub.lnso.org" \\
-key ca.key \\
-out ca.crt

# 生成服务器证书密钥
openssl genrsa -out hub.lnso.org.key 4096

# 生成证书签名请求 (CSR)
openssl req -sha512 -new \\
-subj "/C=CN/ST=Beijing/L=Beijing/O=lnso.org/OU=Technology/CN=hub.lnso.org" \\
-key hub.lnso.org.key \\
-out hub.lnso.org.csr

# 生成 x509 v3 扩展文件
cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names

[alt_names]
DNS.1=hub.lnso.org
DNS.2=lnso.org
DNS.3=k8s-master-01
EOF

# 使用该v3.ext文件为您的 Harbor 主机生成证书
openssl x509 -req -sha512 -days 3650 \\
-extfile v3.ext \\
-CA ca.crt -CAkey ca.key -CAcreateserial \\
-in hub.lnso.org.csr \\
-out hub.lnso.org.crt

# 配置docker证书
转换hub.lnso.org.crt为hub.lnso.org.cert, 供 Docker 使用
openssl x509 -inform PEM -in hub.lnso.org.crt -out hub.lnso.org.cert
mkdir -pv /etc/docker/certs.d/
cp -a ca.crt hub.lnso.org.crt hub.lnso.org.key /etc/docker/certs.d/
systemctl restart docker

# 修改配置
vi harbor.yml
https:
port: 443
certificate: /opt/harbor/certs.d/hub.lnso.org.crt
private_key: /opt/harbor/certs.d/hub.lnso.org.key
data_volume: /data/harbor

# 重新加载配置
./prepare
docker-compose down
docker-compose up -d

6、测试

# 修改镜像tag
docker tag nginx:latest hub.lnso.org/cloud/nginx:latest

# 第一次上传需登录
docker login hub.lnso.org
docker push hub.lnso.org/cloud/nginx:latest

# 下载
docker pull hub.lnso.org/cloud/nginx:latest

7、复制模式

Push-based:从本地仓库推送到远程仓库,双主模式两个harbor同时配置
Pull-based:从远程仓库拉去到本地仓库,一主多从模式的从库可配置,主从模式从库可配置

Harbor和YUM部署for CentOS 7

Harbor部署for CentOS 7

下载

  wget https://storage.googleapis.com/harbor-releases/release-1.7.0/harbor-offline-installer-v1.7.1.tgz
?
tar xvf harbor-offline-installer-<version>.tgz

Configure harbor.cfg

  hostname = 192.192.49.87
harbor_admin_password = Harbor12345

Install

  sudo ./install.sh

END

yum部署for CentOS 7

建立文件夹

  sudo mkdir -p /var/yum_data/centos/7/{os,updates,extras,other}/x86_64
sudo yum -y install createrepo
?
#同步某个repo到指定目录,不建议用
sudo reposync -r docker-ce-stable -p /var/yum_data/centos/7/other/
sudo reposync -r base -p /var/yum_data/centos/7/os/
?
#下载某个软件到指定目录,也不建议用
sudo yum install --downloadonly --downloaddir=
/var/yum_data/centos/7/other/x86_64/docker-ce-stable
docker-ce
?

创建repo

  #下载rpm到目标目录
sudo yum install --downloadonly --downloaddir=/var/yum_data/centos/7/other/x86_64/nginx/ nginx
?
sudo yumdownloader --resolve --destdir=/var/yum_data/centos/7/other/x86_64/docker-ce-stable/ docker-ce-18.09.1-3.el7
?
sudo yumdownloader --resolve --destdir=/var/yum_data/centos/7/other/x86_64/mariadb/ mariadb mariadb-server
?
sudo createrepo /var/yum_data/centos/7/other/x86_64
sudo createrepo --update /var/yum_data/centos/7/other/x86_64
?

nginx映射

  #harbor的yml 的proxy下添加
  volumes:
     - ./common/config/nginx:/etc/nginx:z
     - /var/yum_data:/var/yum_data:z
?

Harbor的nginx配置添加如下

/home/centos/harbor/common/config/nginx

      location /centos/ {
    root /var/yum_data;
    autoindex_exact_size off;
  }
?

客户端repo设置

下载添加repo

  sudo yum install -y  yum-utils device-mapper-persistent-data lvm2
?
sudo yum-config-manager --add-repo
http://192.192.49.87/centos/7/other/cnicg.repo
?
sudo yum clean all
sudo yum makecache
sudo yum --disablerepo=base,updates,extras install -y mariadb mariadb-server

cnicg.repo

  # cnicg repo
# copy this repo to destination-host,‘/etc/yum.repos.d/‘
# and run ‘sudo yum clean all && sudo yum makecache‘
?
[cnicg]
name=CentOS-$releasever - cnicg
baseurl=http://192.192.49.87/centos/$releasever/other/$basearch/
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

END















































以上是关于CentOS7部署Harbor的主要内容,如果未能解决你的问题,请参考以下文章

harbor部署

harbor部署

harbor部署之centos7的网络配置

centos7案例实战——docker仓库Harbor服务安装部署

Harbor的简单部署

docker私库Harbor部署