Harbor 1.6 安裝
環(huán)境
Centos:CentOSLinuxrelease7.5.1804Docker:Dockerversion18.06.1-ce,builde68fc7aDocker-composer:docker-composeversion1.20.0,buildca8d3c6Harbor:harbor-online-installer-v1.6.0.tgz
docker-composer
$ curl -Lhttps://github.com/docker/compose/releases/download/1.20.0/docker-compose-`uname -s`-`uname -m`>/usr/local/bin/docker-compose$ chmod +x /usr/local/bin/docker-compose
download harbor
選擇在線安裝方式熊镣,離線版本也可以赔癌,就是在安裝包比較大
$ wgethttps://storage.googleapis.com/harbor-releases/release-1.6.0/harbor-online-installer-v1.6.0.tgz
解壓并配置harbor
#創(chuàng)建工作目錄
mkdir -p /home/docker_data/Harbor
#刪除軟鏈接(如果存在,請注意不要誤刪)
rm -r /data
#創(chuàng)建軟鏈接
ln -s /home/docker_data/Harbor /data
#創(chuàng)建證書目錄
mkdir /data/cert
#賦權(quán)
chmod -R 777 /home/docker_data/Harbor
chmod -R 777 /data
#創(chuàng)建證書 www.harbor.com
1[root@www cert]# openssl req -newkey rsa:4096 -nodes -sha256 -keyout /data/cert/ca.key -x509 -days 3650 -out /data/cert/ca.crt
----------------------------------------------------------------------------------------------------------------
Generating a 4096 bit RSA private key
...........................................................................................................................................++
................................++
writing new private key to '/data/cert/ca.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:bj
Locality Name (eg, city) [Default City]:bj
Organization Name (eg, company) [Default Company Ltd]:bj
Organizational Unit Name (eg, section) []:bj
Common Name (eg, your name or your server's hostname) []:www.harbor.com
Email Address []:test@bj.com.cn
-----------------------------------------------------------------------------------------------------------------------------------------------
[root@www cert]# openssl req -newkey rsa:4096 -nodes -sha256 -keyout /data/cert/www.harbor.com.key -out /data/cert/www.harbor.com.csr
-----------------------------------------------------------------------------------------------------------------------------------------------
Generating a 4096 bit RSA private key
............++
............................................++
writing new private key to '/data/cert/www.harbor.com.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:bj
Locality Name (eg, city) [Default City]:bj
Organization Name (eg, company) [Default Company Ltd]:bj
Organizational Unit Name (eg, section) []:bj
Common Name (eg, your name or your server's hostname) []:www.harbor.com
Email Address []:test@bj.com.cn
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
------------------------------------------------------------------------------------------------------------------------------------------
3[root@www cert]# openssl x509 -req -days 3650 -in /data/cert/www.harbor.com.csr -CA /data/cert/ca.crt -CAkey /data/cert/ca.key -CAcreateserial -out /data/cert/www.harbor.com.crt
------------------------------------------------------------------------------------------------------------------------------------------
Signature ok
subject=/C=CN/ST=bj/L=bj/O=bj/OU=bj/CN=www.bj.harbor.com/emailAddress=test@bj.com.cn
Getting CA Private Key
解壓并配置harbor
$ tar xf? harbor-online-installer-v1.6.0.tgz$ cd harbor
#配置harbor.cfg茄螃,關(guān)鍵配置項
hostname = www.harbor.com:8088
ui_url_protocol = https
ssl_cert = /data/cert/www.harbor.com.crt
ssl_cert_key = /data/cert/www.harbor.com.key
harbor_admin_password = Harbor123456
#配置 docker-compose.yml ,關(guān)鍵配置項
ports:
? - 8081:80
? - 8088:443
? - 4443:4443
#部署
chmod -R 777 *
./install.sh
#訪問
https://IP:8088
https://www.harbor.com:8088 (需配置hosts或搭建DNS服務(wù)器)
#Docker 客戶端配置
#修改HOSTS文件(非必需)
vi /etc/hosts
IP? www.harbor.com
#創(chuàng)建目錄
mkdir /etc/docker/certs.d
mkdir /etc/docker/certs.d/www.harbor.com:8088
# 拷貝ca.crt到/etc/docker/certs.d/www.harbor.com:8089
chmod 777 /etc/docker/certs.d/www.harbor.com:8088/ca.crt
cp -f /etc/docker/certs.d/www.harbor.com:8088/ca.crt /etc/pki/ca-trust/source/anchors/ca.crt
證書只是用于https所有
update-ca-trust
#注意W巢弧!兼耀!不必重啟 docker 服務(wù)
#登陸驗證
docker login --username=admin --password=Harbor123456 www.harbor.com:8088/
接下來向Harbor推一個鏡像:
1品嚣、首先在Harbor上創(chuàng)建一個項目”bj”炕倘。(推薦不要用admin用戶,新建一個用戶)
2翰撑、查看本地的鏡像:
root@docker:~# docker images
REPOSITORY? ? ? ? ? TAG? ? ? ? ? ? ? ? IMAGE ID? ? ? ? ? ? CREATED? ? ? ? ? ? SIZE
jenkins? ? ? ? ? ? 2.112? ? ? ? ? ? ? 21d71a370755? ? ? ? 4 months ago? ? ? ? 815MB
rancher? ? ? ? ? ? v1.6.11? ? ? ? ? ? 6c4395b5515a? ? ? ? 8 months ago? ? ? ? 970MB
3罩旋、給”jenkins”這個鏡像打上tag:
docker tag 21d71a370755 www.harbor.com:8088/bj/jenkins:2.112
4、推送至Harbor:
root@docker:~# docker push www.harbor.com:8088/bj/jenkins:2.112
The push refers to a repository [www.harbor.com:8088/bj/jenkins]
1206d45cbbbb: Pushed
c5a57a65b805: Pushed
482ab61ab3ea: Pushed
7d7236ad0e61: Pushed
4b622a1887bb: Pushed
13f00c4fe026: Pushed
6a9badfe78e2: Pushed
d0c4c512b2e9: Pushed
34d2a7a215ad: Pushed
29ebe0863109: Pushed
43591c877745: Pushed
e95144644244: Pushed
d35dd2235ffe: Pushed
88b33af4b42c: Pushed
a6b86e3ee470: Pushed
7e912d203101: Pushed
638babc3b650: Pushed
0ef6a87794b5: Pushed
20c527f217db: Pushed
61c06e07759a: Pushed
bcbe43405751: Pushed
e1df5dc88d2c: Pushed
2.112: digest: sha256:30ff8d6c06d287fcf79f28bb93a98ba07f3a275b10f8e85bb0d9e122797b06bc size: 4919
5.在Harbor上bj項目下可以看到這個鏡像
6.拉取上傳的鏡像 (重要:要是客戶端要配置hosts文件本地重定向至harbor服務(wù)器IP)
[root@www home]# docker pull www.harbor.com:8088/bj/jenkins:2.112
2.112: Pulling from bj/jenkins
c73ab1c6897b: Pull complete
1ab373b3deae: Pull complete
b542772b4177: Pull complete
57c8de432dbe: Pull complete
da44f64ae999: Pull complete
0bbc7b377a91: Pull complete
1b6c70b3786f: Pull complete
48010c1717c7: Pull complete
7a6123cacadf: Pull complete
0328005fa00f: Pull complete
0fea27bea434: Pull complete
3637d4ffed7f: Pull complete
0955f498aa90: Pull complete
61dd5dfd4199: Pull complete
e32c19b28f74: Pull complete
bf2f3fca31b5: Pull complete
c3d384d8681a: Pull complete
0fa50f757ae4: Pull complete
f4be1cdbaa43: Pull complete
67107c2a412f: Pull complete
80dd755e5377: Pull complete
00a55451a86f: Pull complete
Digest: sha256:30ff8d6c06d287fcf79f28bb93a98ba07f3a275b10f8e85bb0d9e122797b06bc
Status: Downloaded newer image for www.harbor.com:8088/bj/jenkins:2.112
