CentOS7部署Harbor
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了CentOS7部署Harbor相关的知识,希望对你有一定的参考价值。
1、环境
操作系统:CentOS 7.x
Docker版本:20.10.x
Docker-Compose版本:2.5.x
Harbor版本:2.5.离线版
2、安装Docker-Compose
# 安装
curl -SL https://github.com/docker/compose/releases/download/v2.5.0/docker-compose-linux-x86_64 -o /usr/local/bin/docker-compose
# 添加权限
chmod +x /usr/local/bin/docker-compose
3、安装Docker
# 卸载旧版本
yum remove docker \\
docker-client \\
docker-client-latest \\
docker-common \\
docker-latest \\
docker-latest-logrotate \\
docker-logrotate \\
docker-engine
# 配置yum仓库
yum install -y yum-utils
yum-config-manager \\
--add-repo \\
https://download.docker.com/linux/centos/docker-ce.repo
# 安装docker
yum list docker-ce --showduplicates | sort -r
yum -y install docker-ce docker-ce-cli containerd.io
# 配置docker
mkdir -pv /etc/docker /data/docker
cat > /etc/docker/daemon.json <<EOF
"exec-opts": ["native.cgroupdriver=systemd"],
"insecure-registries": ["https://hub.lnso.org"],
"exec-opts": ["native.cgroupdriver=systemd"],
"insecure-registries": ["https://hub.lnso.org"],
"data-root": "/data/docker"
EOF
# 启动docker
systemctl daemon-reload
systemctl enable --now docker
4、安装Harbor
# 官网下载,并解压
tar xf harbor-offline-installer-v2.5.0.tgz -C /opt/
# 创建数据目录
mkdir -pv /data/harbor
# 修改配置(注释https配置)
cd /opt/harbor
cp -a harbor.yml.tmpl harbor.yml
vi harbor.yml
hostname: hub.lnso.org
#https:
# port: 443
# certificate: /opt/harbor/certs.d/hub.lnso.org.crt
# private_key: /opt/harbor/certs.d/hub.lnso.org.key
data_volume: /data/harbor
# 配置加载并安装
./prepare
./install.sh
# 访问
http://hub.lnso.org
账户:admin
密码:Harbor12345
5、启动HTTPS访问
# 创建证书目录
mkdir -pv /opt/harbor/certs.d
cd /opt/harbor/certs.d/
# 生成CA证书密钥
openssl genrsa -out ca.key 4096
# 生成 CA 证书
openssl req -x509 -new -nodes -sha512 -days 3650 \\
-subj "/C=CN/ST=Beijing/L=Beijing/O=lnso.org/OU=Technology/CN=hub.lnso.org" \\
-key ca.key \\
-out ca.crt
# 生成服务器证书密钥
openssl genrsa -out hub.lnso.org.key 4096
# 生成证书签名请求 (CSR)
openssl req -sha512 -new \\
-subj "/C=CN/ST=Beijing/L=Beijing/O=lnso.org/OU=Technology/CN=hub.lnso.org" \\
-key hub.lnso.org.key \\
-out hub.lnso.org.csr
# 生成 x509 v3 扩展文件
cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1=hub.lnso.org
DNS.2=lnso.org
DNS.3=k8s-master-01
EOF
# 使用该v3.ext文件为您的 Harbor 主机生成证书
openssl x509 -req -sha512 -days 3650 \\
-extfile v3.ext \\
-CA ca.crt -CAkey ca.key -CAcreateserial \\
-in hub.lnso.org.csr \\
-out hub.lnso.org.crt
# 配置docker证书
转换hub.lnso.org.crt为hub.lnso.org.cert, 供 Docker 使用
openssl x509 -inform PEM -in hub.lnso.org.crt -out hub.lnso.org.cert
mkdir -pv /etc/docker/certs.d/
cp -a ca.crt hub.lnso.org.crt hub.lnso.org.key /etc/docker/certs.d/
systemctl restart docker
# 修改配置
vi harbor.yml
https:
port: 443
certificate: /opt/harbor/certs.d/hub.lnso.org.crt
private_key: /opt/harbor/certs.d/hub.lnso.org.key
data_volume: /data/harbor
# 重新加载配置
./prepare
docker-compose down
docker-compose up -d
6、测试
# 修改镜像tag
docker tag nginx:latest hub.lnso.org/cloud/nginx:latest
# 第一次上传需登录
docker login hub.lnso.org
docker push hub.lnso.org/cloud/nginx:latest
# 下载
docker pull hub.lnso.org/cloud/nginx:latest
7、复制模式
Push-based:从本地仓库推送到远程仓库,双主模式两个harbor同时配置
Pull-based:从远程仓库拉去到本地仓库,一主多从模式的从库可配置,主从模式从库可配置
Harbor和YUM部署for CentOS 7
Harbor部署for CentOS 7
下载
wget https://storage.googleapis.com/harbor-releases/release-1.7.0/harbor-offline-installer-v1.7.1.tgz
?
tar xvf harbor-offline-installer-<version>.tgz
Configure harbor.cfg
hostname = 192.192.49.87
harbor_admin_password = Harbor12345
Install
sudo ./install.sh
END
yum部署for CentOS 7
建立文件夹
sudo mkdir -p /var/yum_data/centos/7/{os,updates,extras,other}/x86_64
sudo yum -y install createrepo
?
#同步某个repo到指定目录,不建议用
sudo reposync -r docker-ce-stable -p /var/yum_data/centos/7/other/
sudo reposync -r base -p /var/yum_data/centos/7/os/
?
#下载某个软件到指定目录,也不建议用
sudo yum install --downloadonly --downloaddir=
/var/yum_data/centos/7/other/x86_64/docker-ce-stable
docker-ce
?
创建repo
#下载rpm到目标目录
sudo yum install --downloadonly --downloaddir=/var/yum_data/centos/7/other/x86_64/nginx/ nginx
?
sudo yumdownloader --resolve --destdir=/var/yum_data/centos/7/other/x86_64/docker-ce-stable/ docker-ce-18.09.1-3.el7
?
sudo yumdownloader --resolve --destdir=/var/yum_data/centos/7/other/x86_64/mariadb/ mariadb mariadb-server
?
sudo createrepo /var/yum_data/centos/7/other/x86_64
sudo createrepo --update /var/yum_data/centos/7/other/x86_64
?
nginx映射
#harbor的yml 的proxy下添加
volumes:
- ./common/config/nginx:/etc/nginx:z
- /var/yum_data:/var/yum_data:z
?
Harbor的nginx配置添加如下
/home/centos/harbor/common/config/nginx
location /centos/ {
root /var/yum_data;
autoindex_exact_size off;
}
?
客户端repo设置
下载添加repo
sudo yum install -y yum-utils device-mapper-persistent-data lvm2
?
sudo yum-config-manager --add-repo
http://192.192.49.87/centos/7/other/cnicg.repo
?
sudo yum clean all
sudo yum makecache
sudo yum --disablerepo=base,updates,extras install -y mariadb mariadb-server
cnicg.repo
# cnicg repo
# copy this repo to destination-host,‘/etc/yum.repos.d/‘
# and run ‘sudo yum clean all && sudo yum makecache‘
?
[cnicg]
name=CentOS-$releasever - cnicg
baseurl=http://192.192.49.87/centos/$releasever/other/$basearch/
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
以上是关于CentOS7部署Harbor的主要内容,如果未能解决你的问题,请参考以下文章