Centos7.6 uses docker-compose1.27.4 offline to build harbor2.0.4 private mirror warehouse docker version 19.03.13

table of Contents

 

1. Build the environment

Two, get the rpm package, install docker

Three, install docker-compose

Fourth, make the ssh certificate first

Five, install and configure harbor

 

---

1. Build the environment

 

IP	Hardware environment	The internet	effect
192.168.44.100	centos7.6 virtual machine, 2vCUPs 4GB memory	Analog intranet	Deploy docker-ce, docker-compose, harbor warehouse
192.168.44.110	centos7.6 virtual machine, 1vCUPs2GB memory	Analog extranet	Download related rpm packages, software packages, mirrors, etc.
	Host computer	Extranet

Two, get the rpm package, install docker

1. First, download the rpm package required for offline installation of docker from the external network. Because the installation environment is different, not all rpm packages listed may be used, but it is recommended to download all of them.

# 安装docker所需的全部rpm包如下：
docker-ce-cli-19.03.13-3.el7.x86_64.rpm
checkpolicy-2.5-8.el7.x86_64.rpm 
libcgroup-0.41-21.el7.x86_64.rpm 
python-IPy-0.75-6.el7.noarch.rpm 
setools-libs-3.3.8-4.el7.x86_64.rpm
libsemanage-python-2.5-14.el7.x86_64.rpm
audit-libs-2.8.5-4.el7.x86_64.rpm
audit-2.8.5-4.el7.x86_64.rpm
audit-libs-python-2.8.5-4.el7.x86_64.rpm
policycoreutils-2.5-34.el7.x86_64.rpm
policycoreutils-python-2.5-34.el7.x86_64.rpm 
container-selinux-2.119.2-1.911c772.el7_8.noarch.rpm 
containerd.io-1.4.3-3.1.el7.x86_64.rpm 
docker-ce-19.03.13-3.el7.x86_64.rpm

# 部分系统环境只需要以下4个包
docker-ce-cli-19.03.13-3.el7.x86_64.rpm
container-selinux-2.119.2-1.911c772.el7_8.noarch.rpm
containerd.io-1.4.3-3.1.el7.x86_64.rpm
docker-ce-19.03.13-3.el7.x86_64.rpm

# 极少数情况需要升级原有的依赖包，请参考其他升级文档

Download address 1: https://download.docker.com/linux/centos/7/x86_64/stable/Packages/

Download link 2: http://mirrors.aliyun.com/docker-ce/linux/centos/

This article does not recommend this way of downloading rpm packages one by one on the website, please see the next method

2. The host computer creates a new external network virtual machine with centos7.6 minimized installation. The idea is: download the rpm package from the external network to the local /tmp directory, and then transfer the rpm package to the /tmp directory on the internal network for installation. Pay special attention to the minimum installation of the virtual machine, so as to ensure that the downloaded docker-related rpm package is the most complete.

Assuming that the virtual machine has been installed and the network is configured, perform the following operations in the SSH terminal.

# 安装wget
sudo yum -y install wget 

# 备份yum源
cd /etc/yum.repos.d/ && mv CentOS-Base.repo CentOS-Base.repo_bak

# 下载yum的阿里云
sudo wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo

# 清除yum源并重新建立缓存
sudo yum clean all && yum makecache

# 安装必要的一些系统工具
sudo yum install -y yum-utils device-mapper-persistent-data lvm2

# 添加软件源信息
sudo yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

# 更新Docker-CE
sudo yum makecache fast 

# 查看可安装的docker-ce版本
yum list docker-ce.x86_64 --showduplicates | sort -r

# 下载docker相关的rpm包，--downloadonly参数的作用是只下载相关rpm包，不安装。
sudo yum -y install --downloadonly --downloaddir=/tmp docker-ce-19.03.13 docker-ce-cli-19.03.13

# 查看rpm包是否已经下载到/tmp目录
[root@localhost tmp]# ll
总用量 100856
-rw-r--r--. 1 root root   261632 8月  23 2019 audit-2.8.5-4.el7.x86_64.rpm
-rw-r--r--. 1 root root   104408 8月  23 2019 audit-libs-2.8.5-4.el7.x86_64.rpm
-rw-r--r--. 1 root root    78256 8月  23 2019 audit-libs-python-2.8.5-4.el7.x86_64.rpm
-rw-r--r--. 1 root root   302068 11月 12 2018 checkpolicy-2.5-8.el7.x86_64.rpm
-rw-r--r--. 1 root root 34677436 12月  9 09:48 containerd.io-1.4.3-3.1.el7.x86_64.rpm
-rw-r--r--. 1 root root    40816 7月   6 22:33 container-selinux-2.119.2-1.911c772.el7_8.noarch.rpm
-rw-r--r--. 1 root root 25268380 9月  18 03:06 docker-ce-19.03.13-3.el7.x86_64.rpm
-rw-r--r--. 1 root root 40247476 12月 10 11:06 docker-ce-cli-19.03.13-3.el7.x86_64.rpm
-rw-r--r--. 1 root root    67720 8月  23 2019 libcgroup-0.41-21.el7.x86_64.rpm
-rw-r--r--. 1 root root   115284 11月 12 2018 libsemanage-python-2.5-14.el7.x86_64.rpm
-rw-r--r--. 1 root root   938736 4月   4 2020 policycoreutils-2.5-34.el7.x86_64.rpm
-rw-r--r--. 1 root root   468316 4月   4 2020 policycoreutils-python-2.5-34.el7.x86_64.rpm
-rw-r--r--. 1 root root    32880 7月   4 2014 python-IPy-0.75-6.el7.noarch.rpm
-rw-r--r--. 1 root root   635184 11月 12 2018 setools-libs-3.3.8-4.el7.x86_64.rpm
[root@localhost tmp]# 

3. Upload the rpm package downloaded in the previous step to the intranet /tmp, and execute the installation statement in the /tmp directory.

# 进入rpm包所在目录，执行安装语句
cd /tmp
yum -y localinstall *.rpm

# 启动docker并加入开机自启
systemctl start docker && systemctl enable docker

# 查看docker版本
[root@localhost tmp]# docker version
Client: Docker Engine - Community
 Version:           19.03.13
 API version:       1.40
 Go version:        go1.13.15
 Git commit:        4484c46d9d
 Built:             Wed Sep 16 17:03:45 2020
 OS/Arch:           linux/amd64
 Experimental:      false

Server: Docker Engine - Community
 Engine:
  Version:          19.03.13
  API version:      1.40 (minimum version 1.12)
  Go version:       go1.13.15
  Git commit:       4484c46d9d
  Built:            Wed Sep 16 17:02:21 2020
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.4.3
  GitCommit:        269548fa27e0089a8b8278fc4fc781d7f65a939b
 runc:
  Version:          1.0.0-rc92
  GitCommit:        ff819c7e9184c13b7c2607fe6c30ae19403a7aff
 docker-init:
  Version:          0.18.0
  GitCommit:        fec3683

Three, install docker-compose

1. The installation of docker-compose is very simple. Upload the external network download package to the internal network directory: /usr/local/bin/, download address: https://github.com/docker/compose/releases/download/1.27.4/docker-compose-Linux-x86_64

If downloading the package is slow, you can leave a message and ask me to get it

[root@localhost bin]# ll
总用量 11936
-rw-r--r-- 1 root root 12218968 11月 10 17:22 docker-compose-Linux-x86_64
[root@localhost bin]# 

2. Rename and grant executable permissions

[root@localhost bin]# mv docker-compose-Linux-x86_64 docker-compose && chmod +x docker-compose

3. Verify the docker-compose version

[root@localhost bin]# docker-compose version
docker-compose version 1.27.4, build 40524192
docker-py version: 4.3.1
CPython version: 3.7.7
OpenSSL version: OpenSSL 1.1.0l  10 Sep 2019
[root@localhost bin]# 

Fourth, make the ssh certificate first

If you use a domain name to make a certificate, just replace the IP below with the corresponding domain name. Here we test using IP to make a certificate

1. Create an ssh certificate directory, and enter the directory to make the CA certificate private key

mkdir -p /usr/local/ssh/ && cd /usr/local/ssh/

openssl genrsa -out ca.key 4096

2. Generate CA certificate

openssl req -x509 -new -nodes -sha512 -days 3650 \
 -subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=192.168.44.100" \
 -key ca.key \
 -out ca.crt

3. Generate server private key

openssl genrsa -out 192.168.44.100.key 4096

4. Generate a server certificate signing request (CSR)

openssl req -sha512 -new \
    -subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=192.168.44.100" \
    -key 192.168.44.100.key \
    -out 192.168.44.100.csr

5. Create a v3.ext extension file

cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth 
subjectAltName = @alt_names
[alt_names]
IP=192.168.44.100
EOF

6. Use the v3.ext file to generate a certificate for the harbor host

openssl x509 -req -sha512 -days 3650 \
    -extfile v3.ext \
    -CA ca.crt -CAkey ca.key -CAcreateserial \
    -in 192.168.44.100.csr \
    -out 192.168.44.100.crt

7. Provide certificates for docker to use. First convert 192.168.44.100.crt to 192.168.44.100.cert, otherwise docker will not recognize the certificate

# 转换证书
openssl x509 -inform PEM -in 192.168.44.100.crt -out 192.168.44.100.cert

# 按以下标准格式创建docker证书目录。harbor官方建议，如更改了默认的443端口号，则证书目录如下：
mkdir -p /etc/docker/certs.d/192.168.44.100:9443/
# 如使用默认的443端口，则这样创建docker证书目录
mkdir -p /etc/docker/certs.d/192.168.44.100/

# 复制证书到docker证书目录
cp -a /usr/local/ssh/192.168.44.100.cert /etc/docker/certs.d/192.168.44.100:9443/
cp -a /usr/local/ssh/192.168.44.100.key /etc/docker/certs.d/192.168.44.100:9443/
cp -a /usr/local/ssh/ca.crt /etc/docker/certs.d/192.168.44.100:9443/
或
cp -a /usr/local/ssh/192.168.44.100.cert /etc/docker/certs.d/192.168.44.100/
cp -a /usr/local/ssh/192.168.44.100.key /etc/docker/certs.d/192.168.44.100/
cp -a /usr/local/ssh/ca.crt /etc/docker/certs.d/192.168.44.100/   

8. The ssh related certificate directory we obtained so far should be like this

# 生成的所有证书目录
[root@localhost ssh]# ll /usr/local/ssh/
总用量 32
-rw-r--r-- 1 root root 2078 12月  8 16:51 192.168.44.100.cert
-rw-r--r-- 1 root root 2078 12月  8 15:23 192.168.44.100.crt
-rw-r--r-- 1 root root 1716 12月  8 15:23 192.168.44.100.csr
-rw-r--r-- 1 root root 3243 12月  8 15:23 192.168.44.100.key
-rw-r--r-- 1 root root 2053 12月  8 15:22 ca.crt
-rw-r--r-- 1 root root 3247 12月  8 15:19 ca.key
-rw-r--r-- 1 root root   17 12月  8 15:23 ca.srl
-rw-r--r-- 1 root root  230 12月  8 15:23 v3.ext

# docker 配置https访问证书目录
[root@localhost ssh]# ll /etc/docker/certs.d/192.168.44.100\:9443
总用量 12
-rw-r--r-- 1 root root 2078 12月  8 16:51 192.168.44.100.cert
-rw-r--r-- 1 root root 3243 12月  8 15:23 192.168.44.100.key
-rw-r--r-- 1 root root 2053 12月  8 15:22 ca.crt

9. Restart docker to take effect

systemctl restart docker

Five, install and configure harbor

1. Upload the harbor installation package downloaded from the external network to the internal network server, I put it in: /usr/local

[root@localhost local]# ll /usr/local/ | grep harbor-offline-installer-v2.0.4.tgz 
-rw-r--r--  1 root root 535415029 11月 23 16:12 harbor-offline-installer-v2.0.4.tgz
[root@localhost local]#

2. Unzip the harbor installation package, configure harbor.yml and provide the certificate for harbor to use

# 解压
[root@localhost local]# tar -zxvf harbor-offline-installer-v2.0.4.tgz 
harbor/harbor.v2.0.4.tar.gz
harbor/prepare
harbor/LICENSE
harbor/install.sh
harbor/common.sh
harbor/harbor.yml.tmpl

# 查看解压生成目录
[root@localhost local]# ll | grep harbor
drwxr-xr-x  3 root root       180 12月  9 15:20 harbor
-rw-r--r--  1 root root 535415029 11月 23 16:12 harbor-offline-installer-v2.0.4.tgz

# 进入、查看目录文件
[root@localhost local]# cd harbor
[root@localhost harbor]# ll
总用量 525080
-rw-r--r-- 1 root root      3361 11月 13 16:17 common.sh
-rw-r--r-- 1 root root 537645661 11月 13 16:18 harbor.v2.0.4.tar.gz
-rw-r--r-- 1 root root      7828 11月 13 16:17 harbor.yml.tmpl
-rwxr-xr-x 1 root root      2523 11月 13 16:17 install.sh
-rw-r--r-- 1 root root     11347 11月 13 16:17 LICENSE
-rwxr-xr-x 1 root root      1856 11月 13 16:17 prepare

# 复制一个配置文件并改名为harbor.yml
[root@localhost harbor]# cp -a harbor.yml.tmpl harbor.yml

# 修改配置文件,修改内容如下，密码默认，其他保持不变，harbor和docker不同，它识别.crt的证书，因此不用转换。
[root@localhost harbor]# vi harbor.yml
hostname: 192.168.44.100
http:
  port: 9080
https:
  port: 9443
  certificate: /usr/local/ssh/192.168.44.100.crt  
  private_key: /usr/local/ssh/192.168.44.100.key  

3. Execute ./install.sh to install harbor and wait for the installation to complete

# 执行安装程序
[root@localhost harbor]# ./install.sh 

[Step 0]: checking if docker is installed ...

Note: docker version: 19.03.13

[Step 1]: checking docker-compose is installed ...

Note: docker-compose version: 1.27.4

[Step 2]: loading Harbor images ...

.....

5. Browser login harbor, address: https://192.168.44.100:9443 or https://192.168.44.100:443, log in with the default password set in harbor.yml configuration file, default password: Harbor12345

 The interface after login is as follows, you can store your own mirror image in the default project library, you can also create a new project, and you can also modify the theme color.

6. Docker successfully logged into the harbor offline private warehouse.

# 使用docker login 192.168.44.100:9443 或 docker login 192.168.44.100:443登录

[root@localhost harbor]# docker login 192.168.44.100:9443
Authenticating with existing credentials...
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded
[root@localhost harbor]# 

7. Upload and download images in the harbor offline private warehouse

# 上传镜像
# 首先要有一个镜像。外网环境用docker下载一个mysql5.7镜像
docker pull mysql:5.7

# 下载完成后，将mysql:5.7镜像打包在当前目录
docker save mysql:5.7 -o mysql:5.7.tar

# 将此压缩包用U盘或其他方式转移到内网，并载入docker镜像
docker load < mysql:5.7.tar

# docker登录harbor
docker login 192.168.44.100:9443

# 重新标记要推送的镜像 docker tag SOURCE_IMAGE[:TAG] 192.168.44.100:9443/rancher/REPOSITORY[:TAG]
docker tag mysql:5.7 192.168.44.100:9443/rancher/mysql:v5.7

# 将标记的镜像推送至harbor仓库的rancher项目里 docker push 192.168.44.100:9443/rancher/REPOSITORY[:TAG]
docker push 192.168.44.100:9443/rancher/mysql:v5.7

# 在harbor的web页面确认是否推送成功




# 下载镜像
# 删除docker本地镜像，这个操作不会删除已上传至harbor离线仓库的镜像
docker rmi 192.168.44.100:9443/rancher/mysql:v5.7
docker rmi mysql:5.7

# 重新从harbor离线仓库下载镜像
docker pull 192.168.44.100:9443/rancher/mysql@sha256:ec6742af6625f76f98162b17fd62d22e1824d13fd80f214ab9184c7b6b50bad5
或者
docker pull 192.168.44.100:9443/rancher/mysql:v5.7（推荐）

# 查看是否下载成功
docker images

.If you are unable to log in to the harbor warehouse in the subsequent process, you can try this:

# 依次执行，必要时可先重启docker，再执行以下操作

# 重加载配置文件
[root@localhost harbor]# ./prepare
# 停止并删除实例（此操作不会删除已上传的镜像和其他数据）
[root@localhost harbor]# docker-compose down -v
# 重启harbor
[root@localhost harbor]# docker-compose up -d