Harbor 1.6 安装

环境

Centos:CentOSLinuxrelease7.5.1804Docker:Dockerversion18.06.1-ce,builde68fc7aDocker-composer:docker-composeversion1.20.0,buildca8d3c6Harbor:harbor-online-installer-v1.6.0.tgz

docker-composer

$ curl -Lhttps://github.com/docker/compose/releases/download/1.20.0/docker-compose-`uname -s`-`uname -m`>/usr/local/bin/docker-compose$ chmod +x /usr/local/bin/docker-compose

download harbor

选择在线安装方式，离线版本也可以，就是在安装包比较大

$ wgethttps://storage.googleapis.com/harbor-releases/release-1.6.0/harbor-online-installer-v1.6.0.tgz

解压并配置harbor

#创建工作目录

mkdir -p /home/docker_data/Harbor

#删除软链接（如果存在，请注意不要误删）

rm -r /data

#创建软链接

ln -s /home/docker_data/Harbor /data

#创建证书目录

mkdir /data/cert

#赋权

chmod -R 777 /home/docker_data/Harbor

chmod -R 777 /data

#创建证书 www.harbor.com

1[root@www cert]# openssl req -newkey rsa:4096 -nodes -sha256 -keyout /data/cert/ca.key -x509 -days 3650 -out /data/cert/ca.crt

----------------------------------------------------------------------------------------------------------------

Generating a 4096 bit RSA private key

...........................................................................................................................................++

................................++

writing new private key to '/data/cert/ca.key'

-----

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [XX]:CN

State or Province Name (full name) []:bj

Locality Name (eg, city) [Default City]:bj

Organization Name (eg, company) [Default Company Ltd]:bj

Organizational Unit Name (eg, section) []:bj

Common Name (eg, your name or your server's hostname) []:www.harbor.com

Email Address []:test@bj.com.cn

-----------------------------------------------------------------------------------------------------------------------------------------------

[root@www cert]# openssl req -newkey rsa:4096 -nodes -sha256 -keyout /data/cert/www.harbor.com.key -out /data/cert/www.harbor.com.csr

-----------------------------------------------------------------------------------------------------------------------------------------------

Generating a 4096 bit RSA private key

............++

............................................++

writing new private key to '/data/cert/www.harbor.com.key'

-----

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [XX]:CN

State or Province Name (full name) []:bj

Locality Name (eg, city) [Default City]:bj

Organization Name (eg, company) [Default Company Ltd]:bj

Organizational Unit Name (eg, section) []:bj

Common Name (eg, your name or your server's hostname) []:www.harbor.com

Email Address []:test@bj.com.cn

Please enter the following 'extra' attributes

to be sent with your certificate request

A challenge password []:

An optional company name []:

------------------------------------------------------------------------------------------------------------------------------------------

3[root@www cert]# openssl x509 -req -days 3650 -in /data/cert/www.harbor.com.csr -CA /data/cert/ca.crt -CAkey /data/cert/ca.key -CAcreateserial -out /data/cert/www.harbor.com.crt

------------------------------------------------------------------------------------------------------------------------------------------

Signature ok

subject=/C=CN/ST=bj/L=bj/O=bj/OU=bj/CN=www.bj.harbor.com/emailAddress=test@bj.com.cn

Getting CA Private Key

解压并配置harbor

$ tar xf  harbor-online-installer-v1.6.0.tgz$ cd harbor

#配置harbor.cfg，关键配置项

hostname = www.harbor.com:8088

ui_url_protocol = https

ssl_cert = /data/cert/www.harbor.com.crt

ssl_cert_key = /data/cert/www.harbor.com.key

harbor_admin_password = Harbor123456

#配置 docker-compose.yml ，关键配置项

ports:

  - 8081:80

  - 8088:443

  - 4443:4443

#部署

chmod -R 777 *

./install.sh

#访问

https://IP:8088

https://www.harbor.com:8088 （需配置hosts或搭建DNS服务器）

#Docker 客户端配置

#修改HOSTS文件（非必需）

vi /etc/hosts

IP  www.harbor.com

#创建目录

mkdir /etc/docker/certs.d

mkdir /etc/docker/certs.d/www.harbor.com:8088

# 拷贝ca.crt到/etc/docker/certs.d/www.harbor.com:8089

chmod 777 /etc/docker/certs.d/www.harbor.com:8088/ca.crt

cp -f /etc/docker/certs.d/www.harbor.com:8088/ca.crt /etc/pki/ca-trust/source/anchors/ca.crt

证书只是用于https所有

update-ca-trust

#注意！！！不必重启 docker 服务

#登陆验证

docker login --username=admin --password=Harbor123456 www.harbor.com:8088/

接下来向Harbor推一个镜像：

1、首先在Harbor上创建一个项目”bj”。（推荐不要用admin用户，新建一个用户）

2、查看本地的镜像：

root@docker:~# docker images

REPOSITORY          TAG                IMAGE ID            CREATED            SIZE

jenkins            2.112              21d71a370755        4 months ago        815MB

rancher            v1.6.11            6c4395b5515a        8 months ago        970MB

3、给”jenkins”这个镜像打上tag：

docker tag 21d71a370755 www.harbor.com:8088/bj/jenkins:2.112

4、推送至Harbor：

root@docker:~# docker push www.harbor.com:8088/bj/jenkins:2.112

The push refers to a repository [www.harbor.com:8088/bj/jenkins]

1206d45cbbbb: Pushed

c5a57a65b805: Pushed

482ab61ab3ea: Pushed

7d7236ad0e61: Pushed

4b622a1887bb: Pushed

13f00c4fe026: Pushed

6a9badfe78e2: Pushed

d0c4c512b2e9: Pushed

34d2a7a215ad: Pushed

29ebe0863109: Pushed

43591c877745: Pushed

e95144644244: Pushed

d35dd2235ffe: Pushed

88b33af4b42c: Pushed

a6b86e3ee470: Pushed

7e912d203101: Pushed

638babc3b650: Pushed

0ef6a87794b5: Pushed

20c527f217db: Pushed

61c06e07759a: Pushed

bcbe43405751: Pushed

e1df5dc88d2c: Pushed

2.112: digest: sha256:30ff8d6c06d287fcf79f28bb93a98ba07f3a275b10f8e85bb0d9e122797b06bc size: 4919

5.在Harbor上bj项目下可以看到这个镜像

6.拉取上传的镜像 （重要：要是客户端要配置hosts文件本地重定向至harbor服务器IP）

[root@www home]# docker pull www.harbor.com:8088/bj/jenkins:2.112

2.112: Pulling from bj/jenkins

c73ab1c6897b: Pull complete

1ab373b3deae: Pull complete

b542772b4177: Pull complete

57c8de432dbe: Pull complete

da44f64ae999: Pull complete

0bbc7b377a91: Pull complete

1b6c70b3786f: Pull complete

48010c1717c7: Pull complete

7a6123cacadf: Pull complete

0328005fa00f: Pull complete

0fea27bea434: Pull complete

3637d4ffed7f: Pull complete

0955f498aa90: Pull complete

61dd5dfd4199: Pull complete

e32c19b28f74: Pull complete

bf2f3fca31b5: Pull complete

c3d384d8681a: Pull complete

0fa50f757ae4: Pull complete

f4be1cdbaa43: Pull complete

67107c2a412f: Pull complete

80dd755e5377: Pull complete

00a55451a86f: Pull complete

Digest: sha256:30ff8d6c06d287fcf79f28bb93a98ba07f3a275b10f8e85bb0d9e122797b06bc

Status: Downloaded newer image for www.harbor.com:8088/bj/jenkins:2.112