Geekwolf's Blog 关注Linux运维,MySQL数据,自动化运维,分布式存储,集群,IT技术博客

部署环境

Centos7.3 x64
docker-ce-17.06.0
docker-compose-1.15.0
Python-2.7.5(系统默认)

部署目标

使用HTTPS协议
支持Clair(在Harbor1.2版本会支持)

支持HTTPS

生产环境最好由权威CA机构签发证书(免费的推荐StartSSL,可参考https://www.wosign.com/Support/Nginx.html),这里为了测试方便使用自签发的证书
* 创建CA证书

         openssl req  -newkey rsa:4096 -nodes -sha256 -keyout ca.key -x509 -days 365 -out ca.crt

1 2	openssl req -newkey rsa:4096 -nodes -sha256 -keyout ca.key -x509 -days 365 -out ca.crt

生成CSR公钥

  openssl req  -newkey rsa:4096 -nodes -sha256 -keyout hub.wow.key  -out hub.wow.csr

1 2	openssl req -newkey rsa:4096 -nodes -sha256 -keyout hub.wow.key -out hub.wow.csr

颁发证书

  openssl x509 -req -days 365 -in hub.wow.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out hub.wow.crt

openssl x509 -req -days 365 -in hub.wow.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out hub.wow.crt

部署证书

cp hub.wow.crt hub.wow.key   /data/harbor/keys/
vim /data/harbor/harbor.cfg
  hostname = hub.wow
  ui_url_protocol = https
  ssl_cert = /data/harbor/keys/hub.wow.crt
  ssl_cert_key = /data/harbor/keys/hub.wow.key

    cd /data/harbor
    ./prepare  重新生成配置文件
    docker-compose down
    docker-compose up

cp hub.wow.crt hub.wow.key /data/harbor/keys/

vim /data/harbor/harbor.cfg

hostname = hub.wow

ui_url_protocol = https

ssl_cert = /data/harbor/keys/hub.wow.crt

ssl_cert_key = /data/harbor/keys/hub.wow.key

cd /data/harbor

./prepare 重新生成配置文件

docker-compose down

docker-compose up

通过HTTPS访问私有仓库

WebUI: https://how.wow
Docker Client:

[root@hub ~]# docker login -u admin -p Harbor12345 hub.wow
Login Succeeded

WebUI: https://how.wow

Docker Client:

[root@hub ~]# docker login -u admin -p Harbor12345 hub.wow

问题：
docker login时提示x509: certificate signed by unknown authority
解决方法: 自签名的证书不被系统信任,需要cp ca.crt /etc/docker/certs.d/hub.wow/, 无需重启docker

部署环境

Centos7.3 x64
docker-ce-17.06.0
docker-compose-1.15.0
Python-2.7.5(系统默认)

Docker及Docker-compose安装

 yum install -y yum-utils device-mapper-persistent-data lvm2
 yum-config-manager \
    --add-repo \
    https://download.docker.com/linux/centos/docker-ce.repo
 yum-config-manager --enable docker-ce-edge
 yum makecache fast
 systemctl start docker 
 systemctl enable docker

curl -L https://github.com/docker/compose/releases/download/1.15.0/docker-compose-`uname -s`-`uname -m` &gt; /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose

yum install -y yum-utils device-mapper-persistent-data lvm2

yum-config-manager \

--add-repo \

https://download.docker.com/linux/centos/docker-ce.repo

yum-config-manager --enable docker-ce-edge

yum makecache fast

systemctl start docker

systemctl enable docker

curl -L https://github.com/docker/compose/releases/download/1.15.0/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose

chmod +x /usr/local/bin/docker-compose

Habor部署配置

wget https://github.com/vmware/harbor/releases/download/v1.1.2/harbor-offline-installer-v1.1.2.tgz
tar xf harbor-offline-installer-v1.1.2.tgz
cd harbor/

vim harbor.cfg
hostname = hub.wow
其他默认(http协议)

./install.sh
安装成功后，可以通过http://hub.wow/访问

wget https://github.com/vmware/harbor/releases/download/v1.1.2/harbor-offline-installer-v1.1.2.tgz

tar xf harbor-offline-installer-v1.1.2.tgz

cd harbor/

vim harbor.cfg

hostname = hub.wow

其他默认(http协议)

./install.sh

安装成功后，可以通过http://hub.wow/访问

Docker客户端使用

由于Harbor默认使用的http协议,故需要在Docker client上的Dockerd服务增加–insecure-registry hub.wow
Centos7修改方式为:

vim /lib/systemd/system/docker.service
ExecStart=/usr/bin/dockerd  --insecure-registry hub.wow

systemctl daemon-reload
systemctl reload docker

vim /lib/systemd/system/docker.service

ExecStart=/usr/bin/dockerd --insecure-registry hub.wow

systemctl daemon-reload

systemctl reload docker

[root@localhost harbor]# docker login -u admin -p Harbor12345 hub.wow
官方仓库下载busybox镜像
[root@localhost harbor]# docker pull busybox 
[root@localhost harbor]# docker images
REPOSITORY                  TAG                 IMAGE ID            CREATED             SIZE
busybox                     latest              efe10ee6727f        2 weeks ago         1.13MB
本地基于busybox:latest创建标记hub.wow/busybox:latest
[root@localhost harbor]# docker tag busybox:latest hub.wow/project_name/busybox:latest
推送本地镜像busybox:latest 到hub.wow私有仓库
[root@localhost harbor]# docker push hub.wow/project_name/busybox:latest

[root@localhost harbor]# docker login -u admin -p Harbor12345 hub.wow

官方仓库下载busybox镜像

[root@localhost harbor]# docker pull busybox

[root@localhost harbor]# docker images

REPOSITORY TAG IMAGE ID CREATED SIZE

busybox latest efe10ee6727f 2 weeks ago 1.13MB

本地基于busybox:latest创建标记hub.wow/busybox:latest

[root@localhost harbor]# docker tag busybox:latest hub.wow/project_name/busybox:latest

推送本地镜像busybox:latest 到hub.wow私有仓库

[root@localhost harbor]# docker push hub.wow/project_name/busybox:latest

Harbor服务管理

cd harbor/
docker-compose -f ./docker-compose.yml [ up|down|ps|stop|start ]

Geekwolf's Blog

The quieter you become,the more you are able to hear…Linux & MySQL

企业级Docker私有仓库部署(https)

部署环境

部署目标

支持HTTPS

企业级Docker私有仓库之Harbor部署(http)

部署环境

Docker及Docker-compose安装

Habor部署配置

Docker客户端使用

Harbor服务管理