Installation Harbor, you must first install and docker docker-compose
1. Install docker
(1) install the necessary system tools
$ yum install -y yum-utils device-mapper-persistent-data lvm2
(2) add the software source information
$ yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
(3) update yum cache
$ yum makecache fast
(4) mounted Docker-ce
$ yum -y install docker-ce
(5) Start Docker background service
$ systemctl start docker
2. Installation docker-compose
(1) download binary files
$ curl -L https://github.com/docker/compose/releases/download/1.16.1/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
(2) gives the binary executable permissions
$ chmod +x /usr/local/bin/docker-compose
(3) decide whether to install command completion function according to their own circumstances
$ yum install bash-completion $ curl -L https://raw.githubusercontent.com/docker/compose/1.16.1/contrib/completion/bash/docker-compose -o /etc/bash_completion.d/docker-compose
(4) test whether the installation is successful
$ docker-compose --version
3. Install harbor
(1) Download
$ wget -P /usr/local/src/ https://github.com/vmware/harbor/releases/download/v1.2.0/harbor-online-installer-v1.2.0.tgz
(2) unzip
$ tar zxf harbor-online-installer-v1.2.0.tgz -C /usr/local/
(3) modify the configuration file
$ cd /usr/local/harbor/ $ vim /usr/local/harbor/harbor.cfg
Modify
hostname = harbor (harbor to start for the host name)
Otherwise it will report an exception:
➜ Please set hostname and other necessary attributes in harbor.cfg first. DO NOT use localhost or 127.0.0.1 for hostname, because Harbor needs to be accessed by external clients.
Please set --with-notary if needs enable Notary in Harbor, and set ui_url_protocol/ssl_cert/ssl_cert_key in harbor.cfg bacause notary must run under https.
Please set --with-clair if needs enable Clair in Harbor
(4) the installation
$ ./install.sh
(5) Access:
http://192.168.38.23/harbor/sign-in
The default account password: admin / Harbor12345 change your password after you log
(6) start and restart
Harbor is the daily operation and maintenance management through docker-compose done, Harbor itself has multiple service processes, and put them in a container docker run, we can see through the docker ps command.
View Harbor # Docker Compose PS- start Harbor # Docker Compose Start- Stop Harbor # Docker-comose STOP restart Harbor #-Docker Compose restart
If it is being given a docker-compose start:
ERROR: for nginx UnixHTTPConnectionPool(host='localhost', port=None): Read timed out. (read timeout=60)
ERROR: for harbor-log UnixHTTPConnectionPool(host='localhost', port=None): Read timed out. (read timeout=60)
ERROR: An HTTP request took too long to complete. Retry with --verbose to obtain debug information.
Therefore, the use of docker-compose up -d start
4. Upload and download
(1) Configuration daemon.json
$ vim /etc/docker/daemon.json
{
"registry-mirrors": ["https://njrds9qc.mirror.aliyuncs.com"],
"insecure-registries":["192.168.38.23"]
}
Then turn execute the following command:
$ docker-compose stop $ systemctl daemon-reload $ systemctl restart docker $ docker-compose up -d
(2)客户端将镜像打tag
命令格式:docker tag SOURCE_IMAGE[:TAG] harbor/library/IMAGE[:TAG]
docker tag 83f3f8af3613 192.168.38.23/library/tomcat:7.0.69-jre7
(3)客户端push镜像之前,先登录服务端
$ docker login 192.168.38.23 Username: admin Password:
用户名密码:admin / Harbor12345
备注:如果登录时出现 Error response from daemon: Get http://192.168.38.23/v2/: Get http://harbor/service/token?account=admin&client_id=docker&offline_token=true&service=harbor-registry: dial tcp: lookup harbor on 192.168.38.2:53: no such host.
则需要执行第5步操作,配置TLS证书
(4)客户端push
push命令格式: docker push harbor/library/IMAGE[:TAG]
$ docker push 192.168.38.23/library/tomcat:7.0.69-jre7
5.Harbor配置TLS证书
(1)修改Harbor配置文件
因为Harbor默认使用http协议访问,所以我们这里在配置文件中,开启https配置;
配置harbor.cfg
hostname = 192.168.38.23
ui_url_protocol = https
ssl_cert = /etc/certs/ca.crt
ssl_cert_key = /etc/certs/ca.key
(2)创建自签名证书key文件
$ mkdir /etc/certs $ openssl genrsa -out /etc/certs/ca.key 2048 Generating RSA private key, 2048 bit long modulus ....+++ ..................................................+++ e is 65537 (0x10001)
(3)创建自签名证书crt文件
$ openssl req -x509 -new -nodes -key /etc/certs/ca.key -subj "/CN=192.168.38.23" -days 5000 -out /etc/certs/ca.crt
(4)开始安装Harbor
$ ./install.sh
(5)客户端配置
客户端需要创建证书文件存放的位置,并且把服务端创建的证书拷贝到该目录下,然后重启客户端docker
$ mkdir -p /etc/docker/certs.d/192.168.38.23
把服务端crt证书文件拷贝到客户端,这里的客户端为192.168.38.21
$ scp /etc/certs/ca.crt [email protected]:/etc/docker/certs.d/192.168.38.23/
重启客户端docker
$ systemctl restart docker
(6)客户端docker pull 测试
备注:如果pull不成功,可能需要修改daemon.json 文件