Skip to content
SRE运维进阶之路SRE运维进阶之路
github icon

    Harbor 搭建

    author iconClaycalendar icon2021年5月11日category icon
    • 常见服务的搭建
    tag icon
    • harbor
    timer icon大约 1 分钟

    此页内容
    • 安装依赖软件
    • Installation Steps
    • Getting Certificate Authority
    • Getting Server Certificate
    • Configuration and Installation

    # Harbor 搭建

    # Harbor创建

    # 安装依赖软件

    yum -y install openssl
    
    1

    # Installation Steps

    1)Offline installer:

    从github上下载官方最新包,然后上传到服务器上

    2)解压

    tar xvf harbor-offline-installer-<version>.tgz  -C /usr/local/
    
    1

    3)修改配置文件

    # cd /usr/local/harbor
    # vim harbor.yml
    # 将hostname改为对应的本机地址(not localhost or 127.0.0.1)
    # 修改harbor_admin_password管理用户密码,只能在这里改,改后不可再改
    
    1
    2
    3
    4

    hostname一定要用域名

    4)安装启动

    ./install
    
    1

    # Configuring Harbor with HTTPS Access

    # Getting Certificate Authority

    # hostnamectl set-hostname sdqcharbor.com
    # echo "本机地址 sdqcharbor.com" >> /etc/hosts
    # mkdir -p /opt/certs
    # cd /opt/certs
    # openssl genrsa -out ca.key 4096
    # openssl req -x509 -new -nodes -sha512 -days 3650 \
      -subj "/CN=sdqcharbor.com" \
      -key ca.key \
      -out ca.crt
    
    
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10

    # Getting Server Certificate

    1) Create your own Private Key:

    openssl genrsa -out sdqcharbor.com.key 4096
    
    1

    2) Generate a Certificate Signing Request:

    openssl req -sha512 -new \
      -subj "/CN=sdqcharbor.com" \
      -key sdqcharbor.com.key \
      -out sdqcharbor.com.csr
    
    1
    2
    3
    4

    3) Generate the certificate of your registry host:

    cat > v3.ext <<-EOF
    authorityKeyIdentifier=keyid,issuer
    basicConstraints=CA:FALSE
    keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
    extendedKeyUsage = serverAuth 
    subjectAltName = @alt_names
    
    [alt_names]
    DNS.1=sdqcharbor.com
    DNS.2=192.168.162.45
    EOF
    
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    openssl x509 -req -sha512 -days 3650     -extfile v3.ext     -CA ca.crt -CAkey ca.key -CAcreateserial     -in sdqcharbor.com.csr     -out sdqcharbor.com.crt
    
    1

    # Configuration and Installation

    mkdir /data/cert
    cp sdqcharbor.com.crt /data/cert/
    cp sdqcharbor.com.key /data/cert/
    
    1
    2
    3

    2) Configure Server Certificate, Key and CA for Docker

    openssl x509 -inform PEM -in sdqcharbor.com.crt -out sdqcharbor.com.cert
    
    1

    Delpoy .com.cert, yourdomain.com.key, and ca.crt` for Docker:

    mkdir /etc/docker/certs.d/sdqcharbor.com
    cp sdqcharbor.com.cert sdqcharbor.com.key ca.crt /etc/docker/certs.d/sdqcharbor.com
    
    1
    2

    3) Configure Harbor

    vim /usr/local/harbor/harbor.yml

    修改为以下内容

    hostname: sdqcharbor.com
    https:
      certificate: /data/cert/sdqcharbor.com.crt
      private_key: /data/cert/sdqcharbor.com.key
    
    1
    2
    3
    4

    If Harbor is already running, stop and remove the existing instance. Your image data remain in the file system

    docker-compose down -v
    rm -rf /data/database/
    rm -rf /data/registry/
    
    1
    2
    3

    编辑docker中配置文件,daemon.json,去掉"insecure-registries": ["sdqcharbor.com"]这一行

    重启docker

    systemctl daemon-reload
    systemctl restart docker
    
    1
    2

    预编译

    ./prepare
    docker-compose -f ./docker-compose.yml up -d
    
    1
    2

    登录

    docker login sdqcharbor.com
    
    1

    上传镜像

    docker tag centos:latest sdqcharbor.com/library/centos:latest
    docker push sdqcharbor.com/library/centos:latest 
    
    1
    2

    # 参考文档

    官方文档open in new window

    edit icon编辑此页open in new window
    上次编辑于: 2022/4/27 15:33:00
    贡献者: clay-wangzhi
    备案号:冀ICP备2021007336号
    Copyright © 2022 Clay