私有镜像仓库Docker Harbor安装
Harbor介绍
Harbor是由VMware公司开源的企业级Docker Resitry项目
环境:
内存至少需要2G
为Harbor自签发证书
[root@localhost ssl]# hostnamectl set-hostname harbor
[root@localhost ~]# mkdir /data/ssl -p
[root@localhost ~]# cd /data/ssl/
生成ca证书
[root@harbor ssl]# openssl genrsa -out ca.key 3072
[root@harbor ssl]# openssl req -new -x509 -days 3650 -key ca.key -out ca.pem
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:SD
Locality Name (eg, city) [Default City]:QD
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:
Email Address []:
[root@harbor ssl]# openssl genrsa -out harbor.key 3072
[root@harbor ssl]# openssl req -new -key harbor.key -out harbor.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:SD
Locality Name (eg, city) [Default City]:QD
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
[root@harbor ssl]# openssl x509 -req -in harbor.csr -CA ca.pem -CAkey ca.key -CAcreateserial -out harbor.pem -days 3650
Signature ok
subject=/C=cn/ST=SD/L=QD/O=Default Company Ltd
Getting CA Private Key
查看生成的证书
停止firewalld防火墙安装iptables
systemctl stop firewalld && systemctl disable firewalld
yum install iptables-services -y
[root@harbor ssl]# service iptables stop && systemctl disable iptables
Redirecting to /bin/systemctl stop iptables.service
安装时间同步
[root@harbor ssl]# yum install ntp ntpdate -y
[root@harbor ssl]# ntpdate cn.pool.ntp.org
15 Nov 16:00:50 ntpdate[28936]: adjust time server 116.203.151.74 offset -0.028340 sec
安装docker-ce
[root@harbor ssl]# yum install yum-utils -y
[root@harbor ssl]# yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
[root@harbor ssl]# yum install docker-ce -y
启动docker服务
[root@harbor ssl]# systemctl start docker && systemctl enable docker
开启包转发功能和修改内核参数
内核参数修改:br_netfilter模块用于将桥接流量转发至iptables链,br_netfilter内核参数需要开启转发
[root@harbor ssl]# cat>>/etc/sysctl.d/docker.conf<<EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
EOF
[root@harbor ssl]# sysctl -p /etc/sysctl.d/docker.conf
重启docker
[root@harbor ssl]# systemctl restart docker
配置docker加速器
sudo tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["https://vbe25vg3.mirror.aliyuncs.com"]
}
EOF
[root@harbor ssl]# systemctl restart docker
创建安装目录
[root@harbor ssl]# mkdir /data/install
上传harbor镜像
下载地址
链接:https://pan.baidu.com/s/1_fplWEw_Guc922L4Jtt3CQ
提取码:8ymc
--来自百度网盘超级会员V7的分享
解压
[root@harbor install]# tar xf harbor-offline-installer-v2.3.0-rc3.tgz
[root@harbor install]# cd harbor
[root@harbor harbor]# cp harbor.yml.tmpl harbor.yml
vim harbor.yml
5 hostname: harbor
17 certificate: /data/ssl/harbor.pem
18 private_key: /data/ssl/harbor.k
上传docker-compose
[root@harbor install]# mv docker-compose-Linux-x86_64.64 /usr/local/bin/docker-compose
[root@harbor install]# chmod +x /usr/local/bin/docker-compose
上传docker-harbor容器包并导入镜像
[root@harbor install]# docker load -i docker-harbor-2-3-0.tar.gz
查看解压后的镜像
运行脚本安装脚本
[root@harbor install]# cd harbor
[root@harbor harbor]# ./install.sh
安装成功
访问harbor
修改windows的hosts文件
10.2.4.247 harbor
访问一下
默认账号密码
admin/Harbor12345
至此Harbor安装完成!
主题授权提示:请在后台主题设置-主题授权-激活主题的正版授权,授权购买:RiTheme官网
声明:本站所有文章,如无特殊说明或标注,均为本站原创发布。任何个人或组织,在未征得本站同意时,禁止复制、盗用、采集、发布本站内容到任何网站、书籍等各类媒体平台。如若本站内容侵犯了原著者的合法权益,可联系我们进行处理。