centos离线安装Harbor

Posted Leo Han

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了centos离线安装Harbor相关的知识,希望对你有一定的参考价值。

本文记录自己在centos7上离线安装Harbor过程,其中借鉴了不少网上的资源,如有重复拷贝请联系。
现在机器上安装docker,如果不知道请看: centos离线二进制安装kubernetes和docker

安装环境如下:

组件版本
docker19.03.9
docker-compose1.28.6
harbor2.1.6

首先下载安装docker-compose

wget https://github.com/docker/compose/releases/download/1.28.6/docker-compose-Linux-x86_64
mv docker-compose-Linux-x86_64 docker-compose
chmod +x docker-compose
cp docker-compose /usr/local/bin

下载harbor:

wget  https://github.com/goharbor/harbor/releases/download/v2.1.6/harbor-offline-installer-v2.1.6.tgz

然后生成HTTPS相关证书:

mkdir -p /data1/harbor/ssl
cd /root/harbor/ssl
openssl genrsa -out ca.key 4096

openssl req -x509 -new -nodes -sha512 -days 3650 \\
 -subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=my.registry.harbor.com" \\
 -key ca.key \\
 -out ca.crt

openssl genrsa -out my.registry.harbor.com.key 4096

openssl req -sha512 -new \\
    -subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=my.registry.harbor.com" \\
    -key my.registry.harbor.com.key \\
    -out my.registry.harbor.com.csr



cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names

[alt_names]
DNS.1=my.registry.harbor.com
DNS.2=my.registry.harbor
DNS.3=harbor
EOF


openssl x509 -req -sha512 -days 3650 \\
    -extfile v3.ext \\
    -CA ca.crt -CAkey ca.key -CAcreateserial \\
    -in my.registry.harbor.com.csr \\
    -out my.registry.harbor.com.crt


openssl x509 -inform PEM -in my.registry.harbor.com.crt -out my.registry.harbor.com.cert

复制证书到docker配置中:

mkdir -p /etc/docker/certs.d/my.registry.harbor.com/
cp my.registry.harbor.com.cert /etc/docker/certs.d/my.registry.harbor.com/
cp my.registry.harbor.com.key /etc/docker/certs.d/my.registry.harbor.com/
cp ca.crt /etc/docker/certs.d/my.registry.harbor.com/

重启docker:

systemctl restart docker

启动
然后解压缩配置harbor:

tar -zxvf harbor-offline-installer-v2.1.6.tgz

解压完之后,有一个harbor.yml.tmpl,这是默认的配置模板,我这边配置如下:

然后执行如下安装语句:

./prepare
./install.sh

本机浏览器输入:
my.registry.harbor.com
即可访问


(注意需要配置域名具体对应本地IP地址)

另外,由于有HTTPS证书,需要在docker使用节点上安装相关证书,执行如下步骤:

mkdir -p /etc/docker/certs.d/my.registry.harbor.com/
cp my.registry.harbor.com.cert /etc/docker/certs.d/my.registry.harbor.com/
cp my.registry.harbor.com.key /etc/docker/certs.d/my.registry.harbor.com/
cp ca.crt /etc/docker/certs.d/my.registry.harbor.com/

以上是关于centos离线安装Harbor的主要内容,如果未能解决你的问题,请参考以下文章

系列CentOS 7.3 离线安装(无网络环境)CI CD环境之harbor

centos7 离线安装自签名harbor

centos7 使用非标准端口 离线安装自签名harbor

harbor离线安装

CentOS7部署Harbor

harbor 离线安装