1. Goal
Install the docker private warehouse software harbor2.0 version (the latest version on May 19, 2020) on centos7.6.
2. Analysis
Harbor is orchestrated by docker-compose, and docker-compose is run by docker, so we have to install docker first, and then docker-compose. Among them, docker is best installed with docker-ce version.
Three, install docker-ce and docker-compose
1. Turn off the firewall and modify the host name
systemctl stop firewalld
systemctl disable firewalld
setenforce 0
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
hostnamectl set-hostname harbor.hiibm.com2. Install docker-ce
yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum install docker-ce -y
systemctl start docker
systemctl enable docker
docker -v3. Install docker-compose
curl -L "https://github.com/docker/compose/releases/download/1.23.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
docker-compose version
Three, install harbor 2.0
1. Download the harbor offline package
You can go to https://github.com/goharbor/harbor/releases to find a suitable version to download, or use this address directly https://github.com/goharbor/harbor/releases/download/v2.0.0/harbor-offline- Installer-v2.0.0.tgz download it with Thunder and then upload it to centos.
Or use the command directly on centos, but this process is relatively slow, this thing is about 478M.
wget -P /usr/local/src/ https://github.com/goharbor/harbor/releases/download/v2.0.0/harbor-offline-installer-v2.0.0.tgz2. Unzip the harbor compressed package
tar -zxvf /usr/local/src/harbor-offline-installer-v2.0.0.tgz -C /usr/local
cd /usr/local/harbor/3. Write configuration files to harbor
Note:
● In hostname, write the address of the harbor you want to access as the host name.
● certificate and private_key are the paths of certificates that support HTTPS access. The file name should correspond to the host name for easy memory.
● harbor_admin_password is the default harbor login password
● database-password I guess is the default harbor database password, the default is root123, it is recommended to change it.
● data_volume is the default storage directory for data, that is, the harbor's docker persistent directory is placed under /data by default.
cat > /usr/local/harbor/harbor.yml <<EOF
hostname: harbor.hiibm.com
http:
port: 80
https:
port: 443
certificate: /usr/local/harbor/certs/harbor.hiibm.com.crt
private_key: /usr/local/harbor/certs/harbor.hiibm.com.key
harbor_admin_password: Harbor12345
database:
password: harbor123db
max_idle_conns: 50
max_open_conns: 100
data_volume: /data
clair:
updaters_interval: 12
trivy:
ignore_unfixed: false
skip_update: false
insecure: false
jobservice:
max_job_workers: 10
notification:
webhook_job_max_retry: 10
chart:
absolute_url: disabled
log:
level: info
local:
rotate_count: 50
rotate_size: 200M
location: /var/log/harbor
_version: 2.0.0
proxy:
http_proxy:
https_proxy:
no_proxy:
components:
- core
- jobservice
- clair
- trivy
EOF4. Create an SSL certificate for harbor
● Install openssl certificate tool
yum install -y openssl● Create a certificate storage folder
mkdir /usr/local/harbor/certs
cd /usr/local/harbor/certs● Generate an unencrypted private key of the root certificate (note that you must enter the certificate directory)
openssl genrsa -out ca.key 4096
● Use the private key just generated to make a self-signed certificate (replace harbor.hiibm.com here with your domain name)
openssl req -x509 -new -nodes -sha512 -days 3650 -subj "/C=CN/ST=Beijing/L=Beijing/O=harbor.hiibm.com/OU=harbor.hiibm.com/CN=harbor.hiibm.com" -key ca.key -out ca.crt
● Generate the key of your own domain name on the server side (replace harbor.hiibm.com here with your domain name)
openssl genrsa -out harbor.hiibm.com.key 4096
● Generate a CSR signature request for your own domain name on the server side (replace harbor.hiibm.com here with your domain name)
openssl req -sha512 -new -subj "/C=CN/ST=Beijing/L=Beijing/O=harbor.hiibm.com/OU=harbor.hiibm.com/CN=harbor.hiibm.com" -key harbor.hiibm.com.key -out harbor.hiibm.com.csr
● Generate an external configuration file xexternalfile required by the openssl command .ext(replace harbor.hiibm.com here with your domain name)
cat > xexternalfile.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1=harbor.hiibm.com
EOF
● externalfile.extGenerate crt through external configuration files x and csr (replace harbor.hiibm.com here with your domain name)
openssl x509 -req -sha512 -days 3650 -extfile xexternalfile.ext -CA ca.crt -CAkey ca.key -CAcreateserial -in harbor.hiibm.com.csr -out harbor.hiibm.com.crt
● Convert the crt of the server to the cert used by the client (replace harbor.hiibm.com here with your domain name)
openssl x509 -inform PEM -in harbor.hiibm.com.crt -out harbor.hiibm.com.cert
5. Pre-compiled harbor (this process may take ten minutes, because you have to obtain various necessary images from outside)
cd /usr/local/harbor
./prepare
6. Start to install harbor (long-winded: you must enter the /usr/local/harbor directory)
cd /usr/local/harbor
./install.sh
It is not until you see [✔ ----Harbor has been installed and started successfully.----] that the harbor has been installed successfully.
7. (Can be skipped) Check the docker process to see if the harbor is installed successfully
docker ps
Normally, you will see a bunch of docker ps processes containing harbor
-At this point, harbor2.0 is installed.
Fourth, log in to the web page of harbor
1. Modify the windows hosts file to do harbor domain name resolution. (If your domain name is on the public network, there is no need to do this step)
2. Open harbor in the browser: https://harbor.hiibm.com, click "Advanced", "Continue to harbor.hiibm.com (unsafe)"
3. Harbor's default login account is admin, and the default password is Harbor12345
4. The time has come to freeze people's hearts
At this point, harbor is completely installed.
6. Start and stop of harbor
cd /usr/local/harbor
#停止harbor
docker-compose -f docker-compose.yml down
#启动harbor
docker-compose -f docker-compose.yml up -dOr it is more convenient to write two simple scripts
cat > ~/stopHarbor.sh <<EOF
#!/usr/bin/env bash
docker-compose -f /usr/local/harbor/docker-compose.yml down
if [ $? -eq 0 ];then
echo -e "\e[1;32mINFO: harbor is close!!!\e[0m"
else
echo -e "\e[1;31mERROR: harbor has failed to close...\e[0m"
fi
EOF
cat > ~/startHarbor.sh <<EOF
#!/usr/bin/env bash
docker-compose -f /usr/local/harbor/docker-compose.yml up -d
if [ $? -eq 0 ];then
echo -e "\e[1;32mINFO: harbor is running!!!\e[0m"
else
echo -e "\e[1;31mERROR: harbor start failed...\e[0m"
fi
EOF------------Part of this post refers to the post of jason9211 . Hereby thank you--------
-------------Send chicken soup: I can't help but my fate, it's a devil or a fairy, I have the final say ----------------- ---------