博客
关于我
强烈建议你试试无所不能的chatGPT,快点击我
搭建企业级Docker Registry -- Harbor
阅读量:5859 次
发布时间:2019-06-19

本文共 4134 字,大约阅读时间需要 13 分钟。

Harbor 是一个企业级的 Docker Registry,可以实现 images 的私有存储和日志统计权限控制等功能,并支持创建多项目(Harbor 提出的概念),基于官方 Registry V2 实现。
下面为搭建过程:
1、安装docker,过程略。
2、安装docker-compose
# curl -L https://github.com/docker/compose/releases/download/1.7.0/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose# chmod +x /usr/local/bin/docker-compose

3、配置SSL

# touch /etc/pki/CA/{index.txt,serial}# echo 01 > /etc/pki/CA/serial# (umask 077;openssl genrsa -out  /etc/pki/CA/private/cakey.pem 2048)

填写的信息:

Country Name (2 letter code) [XX]:CNState or Province Name (full name) []:ChinaLocality Name (eg, city) [Default City]:BeijingOrganization Name (eg, company) [Default Company Ltd]:wtsOrganizational Unit Name (eg, section) []:sysopsCommon Name (eg, your name or your server's hostname) []:wts.comEmail Address []:admin@wts.com

 

# cat /etc/pki/CA/cacert.pem >> /etc/pki/tls/certs/ca-bundle.crt# mkdir /app/ssl# (umask 077;openssl genrsa -out /app/ssl/harbor.key 2048)# openssl req -new -key /app/ssl/harbor.key -out /app/ssl/harbor.csr

填写的信息:

Country Name (2 letter code) [XX]:CNState or Province Name (full name) []:ChinaLocality Name (eg, city) [Default City]:BeijingOrganization Name (eg, company) [Default Company Ltd]:wtsOrganizational Unit Name (eg, section) []:sysopsCommon Name (eg, your name or your server's hostname) []:wts.comEmail Address []:admin@wts.comPlease enter the following 'extra' attributesto be sent with your certificate requestA challenge password []:An optional company name []:

 

# openssl ca -in /app/ssl/harbor.csr -out /app/ssl/harbor.crt -days 3650Using configuration from /etc/pki/tls/openssl.cnfCheck that the request matches the signatureSignature okCertificate Details:        Serial Number: 1 (0x1)        Validity            Not Before: May 19 17:46:32 2017 GMT            Not After : May 17 17:46:32 2027 GMT        Subject:            countryName               = CN            stateOrProvinceName       = China            organizationName          = wts            organizationalUnitName    = sysops            commonName                = wts.com            emailAddress              = admin@wts.com        X509v3 extensions:            X509v3 Basic Constraints:                CA:FALSE            Netscape Comment:                OpenSSL Generated Certificate            X509v3 Subject Key Identifier:                12:71:95:95:F2:6E:FE:88:F0:3E:DF:24:1F:D6:01:E6:24:83:05:B5            X509v3 Authority Key Identifier:                keyid:B6:44:15:87:F1:3D:14:4E:7A:A0:BA:35:53:69:2D:3C:E9:9E:77:22Certificate is to be certified until May 17 17:46:32 2027 GMT (3650 days)Sign the certificate? [y/n]:y1 out of 1 certificate requests certified, commit? [y/n]yWrite out database with 1 new entriesData Base Updated

docker创建根证书

# mkdir -p /etc/docker/certs.d/wts.com# cp /etc/pki/CA/cacert.pem /etc/docker/certs.d/wts.com/ca.crt

重启docker

# systemctl daemon-reload# systemctl restart docker

4、下载安装Harbor

# wget https://github.com/vmware/harbor/releases/download/v1.1.1-rc1/harbor-online-installer-v1.1.1-rc1.tgz# tar xf harbor-online-installer-v1.1.1-rc1.tgz# cd harbor# vim harbor.cfghostname = wtx.comui_url_protocol = httpsssl_cert = /app/ssl/harbor.crtssl_cert_key = /app/ssl/harbor.key

 

# ./install.sh[Step 0]: checking installation environment ...Note: docker version: 17.05.0Note: docker-compose version: 1.7.0......Creating harbor-logCreating registryCreating harbor-adminserverCreating harbor-dbCreating harbor-uiCreating harbor-jobserviceCreating nginx

常用操作

#启动docker-compose start#关闭docker-compose stop#修改配置文件步骤docker-compose down -vvim harbor.cfg./preparedocker-compose up -ddocker-compose start
如果没有DNS,修改hosts文件
# cat >>/etc/hosts <

测试

# docker login wts.comUsername: adminPassword:   #密码为Harbor12345,harbor.cfg文件中配置Login Succeeded
其他主机测试
# mkdir -p /etc/docker/certs.d/wts.com# scp /etc/docker/certs.d/wts.com/ca.crt 192.168.116.147:/etc/docker/certs.d/wts.com/ca.crt# /etc/init.d/docker restart

浏览器测试
访问https://192.168.116.148

上传镜像:
# docker tag centos wts.com/library/centos# docker push wts.com/library/centos

查看:

日志:

创建用户

为项目添加成员

测试使用user1用户push镜像

查看日志

 

 

转载于:https://www.cnblogs.com/Eivll0m/p/7094340.html

你可能感兴趣的文章
Android窗口机制(三)Window和WindowManager的创建与Activity
查看>>
2016上海
查看>>
让IDEA生成链式编程风格的类
查看>>
mongoDB 入门指南、示例
查看>>
进攻型病毒攻击Tumblr博客
查看>>
解决JSP中文乱码问题
查看>>
Git连载(8)克隆与分支
查看>>
查看外键的关联有什么表
查看>>
机器学习 F1-Score, recall, precision
查看>>
ubuntu windows下为python3安装opencv3
查看>>
Java8的十大新特性之一lambda表达式
查看>>
.net与Java 各个框架之间的对应关系
查看>>
自动取词,并提取大文本的关键字
查看>>
IOS ARC 和 非ARC 之间的转换方法
查看>>
Android 编译出错解决
查看>>
Docker使用阿里云镜像加速
查看>>
正则匹配记录包含不包含
查看>>
Tomcat安装及eclipse配置
查看>>
运用myeclipse导入Java项目后,在项目文件上出现一个红色的"!"
查看>>
A公司商户检索底层架构设计【上篇】
查看>>