一、部署准备:

准备harbor软件包
在部署节点上:
#mv harbor-offline-installer-v1.4.0.tgz /opt/ && cd /opt
#tar zxvf harbor-offline-installer-v1.4.0.tgz
#cd harbor

二、修改配置文件:

harbor.cfg docker-compose.clair.yml
准备ca证书tar包,并解压移动到/data/harbor/cert(自己创建)目录下
 
 
找到如下参数,并修为如下配置:
hostname = reg.yunwei.edu

ui_url_protocol = https
ssl_cert = /data/harbor/cert/harbor.crt
ssl_cert_key = /data/harbor/cert/harbor.key
secretkey_path = /data/harbor
harbor_admin_password = admin
 
ssl_cert = /data/harbor/cert/harbor.crt
ssl_cert_key = /data/harbor/cert/harbor.key
以上为ca证书名称,必须与实际文件同名
 
secretkey_path = /data/harbor 为ca证书目录
 
 
docker-compose.clair.yml
找到如下参数,并修为如下配置:
/data/harbor/clair-db:/var/lib/postgresql/data:z
 
docker-compose.notary.yml
找到如下参数,并修为如下配置:
/data/harbor/notary-db:/var/lib/mysql:z
 
docker-compose.yml
找到如下参数,并修为如下配置:
/data/harbor/:/var/log/docker/:z
/data/harbor/registry:/storage:z
/data/harbor/database:/var/lib/mysql:z
/data/harbor/config/:/etc/adminserver/config/:z
/data/harbor/secretkey:/etc/adminserver/key:z
/data/harbor/:/data/:z
/data/harbor/secretkey:/etc/ui/key:z
/data/harbor/ca_download/:/etc/ui/ca/:z
/data/harbor/psc/:/etc/ui/token/:z
/data/harbor/job_logs:/var/log/jobs:z
/data/harbor/secretkey:/etc/jobservice/key:z
 
 

三、安装harbor程序:

执行安装脚本,部署harbor
(1)在/opt/harbor/目录下
sh install.sh
 
#!/bin/bash

#docker version: 1.11.

#docker-compose version: 1.7.

#Harbor version: 0.4. 

set +e

set -o noglob

#

# Set Colors

#

bold=$(tput bold)

underline=$(tput sgr  )

reset=$(tput sgr0)

red=$(tput setaf )

green=$(tput setaf )

white=$(tput setaf )

tan=$(tput setaf )

blue=$(tput setaf )

#

# Headers and Logging

#

underline() { printf "${underline}${bold}%s${reset}\n" "$@"

}

h1() { printf "\n${underline}${bold}${blue}%s${reset}\n" "$@"

}

h2() { printf "\n${underline}${bold}${white}%s${reset}\n" "$@"

}

debug() { printf "${white}%s${reset}\n" "$@"

}

info() { printf "${white}➜ %s${reset}\n" "$@"

}

success() { printf "${green}✔ %s${reset}\n" "$@"

}

error() { printf "${red}✖ %s${reset}\n" "$@"

}

warn() { printf "${tan}➜ %s${reset}\n" "$@"

}

bold() { printf "${bold}%s${reset}\n" "$@"

}

note() { printf "\n${underline}${bold}${blue}Note:${reset} ${blue}%s${reset}\n" "$@"

}

set -e

set +o noglob

usage=$'Please set hostname and other necessary attributes in harbor.cfg first. DO NOT use localhost or 127.0.0.1 for hostname, because Harbor needs to be accessed by external clients.

Please set --with-notary if needs enable Notary in Harbor, and set ui_url_protocol/ssl_cert/ssl_cert_key in harbor.cfg bacause notary must run under https.

Please set --with-clair if needs enable Clair in Harbor'

item=

# notary is not enabled by default

with_notary=$false

# clair is not enabled by default

with_clair=$false

# HA mode is not enabled by default

harbor_ha=$false

while [ $# -gt  ]; do

        case $ in

            --help)

            note "$usage"

            exit ;;

            --with-notary)

            with_notary=true;;

            --with-clair)

            with_clair=true;;

            --ha)

            harbor_ha=true;;

            *)

            note "$usage"

            exit ;;

        esac

        shift || true

done

workdir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"

cd $workdir

# The hostname in harbor.cfg has not been modified

if grep 'hostname = reg.mydomain.com' &> /dev/null harbor.cfg

then

    warn "$usage"

    exit

fi

function check_docker {

    if ! docker --version &> /dev/null

    then

        error "Need to install docker(1.10.0+) first and run this script again."

        exit

    fi

    # docker has been installed and check its version

    if [[ $(docker --version) =~ (([-]+).([-]+).([-]+)) ]]

    then

        docker_version=${BASH_REMATCH[]}

        docker_version_part1=${BASH_REMATCH[]}

        docker_version_part2=${BASH_REMATCH[]}

        # the version of docker does not meet the requirement

        if [ "$docker_version_part1" -lt  ] || ([ "$docker_version_part1" -eq  ] && [ "$docker_version_part2" -lt  ])

        then

            error "Need to upgrade docker package to 1.10.0+."

            exit

        else

            note "docker version: $docker_version"

        fi

    else

        error "Failed to parse docker version."

        exit

    fi

}

function check_dockercompose {

    if ! docker-compose --version &> /dev/null

    then

        error "Need to install docker-compose(1.7.1+) by yourself first and run this script again."

        exit

    fi

    # docker-compose has been installed, check its version

    if [[ $(docker-compose --version) =~ (([-]+).([-]+).([-]+)) ]]

    then

        docker_compose_version=${BASH_REMATCH[]}

        docker_compose_version_part1=${BASH_REMATCH[]}

        docker_compose_version_part2=${BASH_REMATCH[]}

        # the version of docker-compose does not meet the requirement

        if [ "$docker_compose_version_part1" -lt  ] || ([ "$docker_compose_version_part1" -eq  ] && [ "$docker_compose_version_part2" -lt  ])

        then

            error "Need to upgrade docker-compose package to 1.7.1+."

                        exit

        else

            note "docker-compose version: $docker_compose_version"

        fi

    else

        error "Failed to parse docker-compose version."

        exit

    fi

}

h2 "[Step $item]: checking installation environment ..."; let item+=

check_docker

check_dockercompose

if [ -f harbor*.tar.gz ]

then

    h2 "[Step $item]: loading Harbor images ..."; let item+=

    docker load -i ./harbor*.tar.gz

fi

echo ""

h2 "[Step $item]: preparing environment ...";  let item+=

if [ -n "$host" ]

then

    sed "s/^hostname = .*/hostname = $host/g" -i ./harbor.cfg

fi

prepare_para=

if [ $with_notary ] && [ ! $harbor_ha ]

then

    prepare_para="${prepare_para} --with-notary"

fi

if [ $with_clair ]

then

    prepare_para="${prepare_para} --with-clair"

fi

if [ $harbor_ha ]

then

    prepare_para="${prepare_para} --ha"

fi

./prepare $prepare_para

echo ""

h2 "[Step $item]: checking existing instance of Harbor ..."; let item+=

docker_compose_list='-f docker-compose.yml'

if [ $with_notary ] && [ ! $harbor_ha ]

then

    docker_compose_list="${docker_compose_list} -f docker-compose.notary.yml"

fi

if [ $with_clair ]

then

    docker_compose_list="${docker_compose_list} -f docker-compose.clair.yml"

fi

if [ -n "$(docker-compose $docker_compose_list ps -q)"  ]

then

    note "stopping existing Harbor instance ..."

    docker-compose $docker_compose_list down -v

fi

echo ""

h2 "[Step $item]: starting Harbor ..."

if [ $harbor_ha ]

then

    mv docker-compose.yml docker-compose.yml.bak

    cp ha/docker-compose.yml docker-compose.yml

    mv docker-compose.clair.yml docker-compose.clair.yml.bak

    cp ha/docker-compose.clair.yml docker-compose.clair.yml

fi

docker-compose $docker_compose_list up -d

protocol=http

hostname=reg.mydomain.com

if [[ $(cat ./harbor.cfg) =~ ui_url_protocol[[:blank:]]*=[[:blank:]]*(https?) ]]

then

protocol=${BASH_REMATCH[]}

fi

if [[ $(grep 'hostname[[:blank:]]*=' ./harbor.cfg) =~ hostname[[:blank:]]*=[[:blank:]]*(.*) ]]

then

hostname=${BASH_REMATCH[]}

fi

echo ""

success $"----Harbor has been installed and started successfully.----

Now you should be able to visit the admin portal at ${protocol}://${hostname}.

For more details, please visit https://github.com/vmware/harbor .

"

[root@cicd harbor]# cat install.sh

#!/bin/bash

#docker version: 1.11.

#docker-compose version: 1.7.

#Harbor version: 0.4. 

set +e

set -o noglob

#

# Set Colors

#

bold=$(tput bold)

underline=$(tput sgr  )

reset=$(tput sgr0)

red=$(tput setaf )

green=$(tput setaf )

white=$(tput setaf )

tan=$(tput setaf )

blue=$(tput setaf )

#

# Headers and Logging

#

underline() { printf "${underline}${bold}%s${reset}\n" "$@"

}

h1() { printf "\n${underline}${bold}${blue}%s${reset}\n" "$@"

}

h2() { printf "\n${underline}${bold}${white}%s${reset}\n" "$@"

}

debug() { printf "${white}%s${reset}\n" "$@"

}

info() { printf "${white}➜ %s${reset}\n" "$@"

}

success() { printf "${green}✔ %s${reset}\n" "$@"

}

error() { printf "${red}✖ %s${reset}\n" "$@"

}

warn() { printf "${tan}➜ %s${reset}\n" "$@"

}

bold() { printf "${bold}%s${reset}\n" "$@"

}

note() { printf "\n${underline}${bold}${blue}Note:${reset} ${blue}%s${reset}\n" "$@"

}

set -e

set +o noglob

usage=$'Please set hostname and other necessary attributes in harbor.cfg first. DO NOT use localhost or 127.0.0.1 for hostname, because Harbor needs to be accessed by external clients.

Please set --with-notary if needs enable Notary in Harbor, and set ui_url_protocol/ssl_cert/ssl_cert_key in harbor.cfg bacause notary must run under https.

Please set --with-clair if needs enable Clair in Harbor'

item=

# notary is not enabled by default

with_notary=$false

# clair is not enabled by default

with_clair=$false

# HA mode is not enabled by default

harbor_ha=$false

while [ $# -gt  ]; do

        case $ in

            --help)

            note "$usage"

            exit ;;

            --with-notary)

            with_notary=true;;

            --with-clair)

            with_clair=true;;

            --ha)

            harbor_ha=true;;

            *)

            note "$usage"

            exit ;;

        esac

        shift || true

done

workdir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"

cd $workdir

# The hostname in harbor.cfg has not been modified

if grep 'hostname = reg.mydomain.com' &> /dev/null harbor.cfg

then

    warn "$usage"

    exit

fi

function check_docker {

    if ! docker --version &> /dev/null

    then

        error "Need to install docker(1.10.0+) first and run this script again."

        exit

    fi

    # docker has been installed and check its version

    if [[ $(docker --version) =~ (([-]+).([-]+).([-]+)) ]]

    then

        docker_version=${BASH_REMATCH[]}

        docker_version_part1=${BASH_REMATCH[]}

        docker_version_part2=${BASH_REMATCH[]}

        # the version of docker does not meet the requirement

        if [ "$docker_version_part1" -lt  ] || ([ "$docker_version_part1" -eq  ] && [ "$docker_version_part2" -lt  ])

        then

            error "Need to upgrade docker package to 1.10.0+."

            exit

        else

            note "docker version: $docker_version"

        fi

    else

        error "Failed to parse docker version."

        exit

    fi

}

function check_dockercompose {

    if ! docker-compose --version &> /dev/null

    then

        error "Need to install docker-compose(1.7.1+) by yourself first and run this script again."

        exit

    fi

    # docker-compose has been installed, check its version

    if [[ $(docker-compose --version) =~ (([-]+).([-]+).([-]+)) ]]

    then

        docker_compose_version=${BASH_REMATCH[]}

        docker_compose_version_part1=${BASH_REMATCH[]}

        docker_compose_version_part2=${BASH_REMATCH[]}

        # the version of docker-compose does not meet the requirement

        if [ "$docker_compose_version_part1" -lt  ] || ([ "$docker_compose_version_part1" -eq  ] && [ "$docker_compose_version_part2" -lt  ])

        then

            error "Need to upgrade docker-compose package to 1.7.1+."

                        exit

        else

            note "docker-compose version: $docker_compose_version"

        fi

    else

        error "Failed to parse docker-compose version."

        exit

    fi

}

h2 "[Step $item]: checking installation environment ..."; let item+=

check_docker

check_dockercompose

if [ -f harbor*.tar.gz ]

then

    h2 "[Step $item]: loading Harbor images ..."; let item+=

    docker load -i ./harbor*.tar.gz

fi

echo ""

h2 "[Step $item]: preparing environment ...";  let item+=

if [ -n "$host" ]

then

    sed "s/^hostname = .*/hostname = $host/g" -i ./harbor.cfg

fi

prepare_para=

if [ $with_notary ] && [ ! $harbor_ha ]

then

    prepare_para="${prepare_para} --with-notary"

fi

if [ $with_clair ]

then

    prepare_para="${prepare_para} --with-clair"

fi

if [ $harbor_ha ]

then

    prepare_para="${prepare_para} --ha"

fi

./prepare $prepare_para

echo ""

h2 "[Step $item]: checking existing instance of Harbor ..."; let item+=

docker_compose_list='-f docker-compose.yml'

if [ $with_notary ] && [ ! $harbor_ha ]

then

    docker_compose_list="${docker_compose_list} -f docker-compose.notary.yml"

fi

if [ $with_clair ]

then

    docker_compose_list="${docker_compose_list} -f docker-compose.clair.yml"

fi

if [ -n "$(docker-compose $docker_compose_list ps -q)"  ]

then

    note "stopping existing Harbor instance ..."

    docker-compose $docker_compose_list down -v

fi

echo ""

h2 "[Step $item]: starting Harbor ..."

if [ $harbor_ha ]

then

    mv docker-compose.yml docker-compose.yml.bak

    cp ha/docker-compose.yml docker-compose.yml

    mv docker-compose.clair.yml docker-compose.clair.yml.bak

    cp ha/docker-compose.clair.yml docker-compose.clair.yml

fi

docker-compose $docker_compose_list up -d

protocol=http

hostname=reg.mydomain.com

if [[ $(cat ./harbor.cfg) =~ ui_url_protocol[[:blank:]]*=[[:blank:]]*(https?) ]]

then

protocol=${BASH_REMATCH[]}

fi

if [[ $(grep 'hostname[[:blank:]]*=' ./harbor.cfg) =~ hostname[[:blank:]]*=[[:blank:]]*(.*) ]]

then

hostname=${BASH_REMATCH[]}

fi

echo ""

success $"----Harbor has been installed and started successfully.----

Now you should be able to visit the admin portal at ${protocol}://${hostname}.

For more details, please visit https://github.com/vmware/harbor .

"

install.sh

(2)验证harbor是否部署成功:
必须在/opt/harbor/目录下执行
#docker-compose ps
 
 
 

四、各节点设置登陆harbor私有镜像仓库:

为各节点分发ca证书
(1)在每个节点(包括harbor节点)的/etc/docker/目录下,创建certs.d/reg.yunwei.edu/目录
ansible自动部署:ansible all -m shell -a 'mkdir -p /etc/docker/certs.d/reg.yunwei.edu'
 
(2)harbor节点上,将harbor的ca证书中的ca.crt拷贝到/etc/docker目录下
#cp /data/harbor/cert/ca.crt /etc/docker/certs.d/reg.yunwei.edu/
 
(3)将harbor节点的ca.crt文件,分发给各节点的/etc/docker/certs.d/reg.yunwei.edu/下
scp /etc/docker/certs.d/reg.yunwei.edu/ca.crt node1:/etc/docker/certs.d/reg.yunwei.edu/
scp /etc/docker/certs.d/reg.yunwei.edu/ca.crt node1:/etc/docker/certs.d/reg.yunwei.edu/
scp /etc/docker/certs.d/reg.yunwei.edu/ca.crt node1:/etc/docker/certs.d/reg.yunwei.edu/
 
(4)harbor镜像库验证
 
命令行:各节点登陆镜像库地址后,输入用户名/密码(admin/admin)后出现 Login Succeeded
 
#docker login reg.yunwei.edu
确保能够解析到自己的IP(/etc/hosts)
 
 
web浏览器:浏览器输入harbor节点ip
 
 
 
 

五、上传镜像到harbor私有镜像仓库:

本地镜像重新打tag
(1)例如将如下本地镜像
 
(2)重新打tag
#docker tag itsthenetwork/nfs-server-alpine:latest reg.yunwei.edu/learn/nfs-server-alpine:latest
 
将重新打tag之后的镜像上传到镜像库
 
私有镜像库的使用
(1)在harbor镜像库中查看镜像
 
 
(2)节点配置好了ca证书的ca.crt后,便可执行如下命令下载镜像。在kubernets集群中节点在启动pod时,会自动下载镜像
 

harber私有镜像仓库(4)的更多相关文章

  1. 使用Nexus3构建Docker私有镜像仓库

    一.安装Nexus3 Nexus3是Sonatype提供的仓库管理平台,Nuexus Repository OSS3能够支持Maven.npm.Docker.YUM.Helm等格式数据的存储和发布:并 ...

  2. 详解docker实战之搭建私有镜像仓库 - kurbernetes

    1.实战目的 搭建企业私有的镜像仓库,满足从开发环境推送和拉取镜像.当我们使用k8s来编排和调度容器时,操作的基本单位是镜像,所以需要从仓库去拉取镜像到当前的工作节点.本来使用公共的docker hu ...

  3. 【Docker】(4)搭建私有镜像仓库

    [Docker](4)搭建私有镜像仓库 说明 1. 这里是通过阿里云,搭建Docker私有镜像仓库. 2. 这里打包的镜像是从官网拉下来的,并不是自己项目创建的新镜像,主要测试功能 一.搭建过程 首先 ...

  4. Harbor私有镜像仓库(上)

    上图配置为工作环境 特别注意:win10现在不允许使用私有ca证书,到时登录浏览器会失败,可以选用火狐浏览器. 创建自己的CA证书 openssl req -newkey rsa:4096 -node ...

  5. [转]Ubuntu18.04下使用Docker Registry快速搭建私有镜像仓库

    本文转自:https://blog.csdn.net/BigData_Mining/article/details/88233015 1.背景 在 Docker 中,当我们执行 docker pull ...

  6. 手动搭建Docker本地私有镜像仓库

    实验环境:两个Centos7虚拟机,一个是Server,用作客户端,另一个是Registry,用作Docker私有镜像仓库. 基础配置 查看一下两台虚拟机的IP地址 Server的IP地址是192.1 ...

  7. 使用docker Registry快速搭建私有镜像仓库

    当我们执行docker pull xxx的时候,docker默认是从registry.docker.com这个地址上去查找我们所需要的镜像文件,然后执行下载操作.这类的镜像仓库就是docker默认的公 ...

  8. harbor私有镜像仓库的搭建与使用与主从复制

    harbor私有镜像仓库,私有仓库有两种,一种是harbor,一种是小型的私有仓库,harbor有两种模式,一种是主 从,一种是高可用仓库,项目需求,需要两台服务器,都有docker.ldap权限统一 ...

  9. 搭建Harbor私有镜像仓库--v1.5.1

     搭建Harbor私有镜像仓库--v1.5.1 1.介绍 Docker容器应用的开发和运行离不开可靠的镜像管理,虽然Docker官方也提供了公共的镜像仓库,但是从安全和效率等方面考虑,部署我们私有环境 ...

随机推荐

  1. 计算机基础与python入门

    一.计算机.cpu与存储器 二.操作系统.编程语言及编写python.变量 三.数据类型.输入输出及基本运算 四.流程控制之if判断.while与for循环 一.计算机.cpu与存储器 1. 什么是编 ...

  2. 构建之法第二次作业【使用git和Vs实现四则运算】

    [相关信息] Q A GIT地址 git地址 GIT用户名 Lin-000 学号后五位 62501 博客地址 博客地址 作业链接 此次作业链接 1.项目需求 程序接收一个命令行参数 n,然后随机产生 ...

  3. 一步步实现ArcMenu效果

    先来看一下最终要实验的效果: 是不是跟国外的一款Path的菜单效果类似,这里的动画采用补间动画去实现,正而操练一下补间动画. 布局和子视图的测量处理: 新建一自定义View继承ViewGroup: 然 ...

  4. 域知识深入学习二:建立AD DS域

    2.1 建立AD DS域前的准备工作 先安装一台服务器,然后将其升级(promote)为域控 2.1.1 选择适当的DNS域名 AD DS域名采用DNS的架构与命名方式 2.1.2 准备好一台支持AD ...

  5. [TJOI2019]唱、跳、rap和篮球——容斥原理+生成函数

    先附一组sd图 然后放上原题链接 注意,队伍不同指的是喜好不同,不是人不同 先想到\(DP\),然后你会发现并没有什么优秀的状态设计,然后我们考虑容斥 设\(lim\)表示选的癌坤组数的上限,\(f_ ...

  6. SendMessage到底是如何工作的?

    以下内容摘自<<Windows核心编程>>: 概要: SendMessage对于在同一个线程中调用的话,直接调用的是当前线程所属窗口的窗口过程函数(WndProc);如果是跨线 ...

  7. JavaScript中的类(Class)

    基本上,ES6的class可以看作只是一个语法糖,它的绝大部分功能,ES5都可以做到的,新的class写法是让对象原型的写法更加清晰,更像面向对象编程的语法而已. ES5生成例对象传统方法是通过构造函 ...

  8. 第四章 Jinja2模版

    模板简介: 在之前的章节中,视图函数只是直接返回文本,而在实际生产环境中的页面大多是带有样式和复杂逻辑的HTML代码,这可以让浏览器渲染出非常漂亮的页面.目前市面上有非常多的模板系统,其中最知名好用的 ...

  9. mysql你问我答

    1.尊敬的先生,请您谈谈mysql数据库的引擎 数据库中的表设定了什么存储引擎,那么该表在数据存储方式.数据更新方式.数据查询性能以及是否支持索引等方面就会有不同的“效果”. mysql引擎大致分两类 ...

  10. 正整数n拆分成几个不同的平方数——DFS&&打表

    考虑将正整数n拆分成几个不同的平方数之和,比如30=1^2 + 2^2 + 5^2=1^2 + 2^2 + 3^2 + 4^2,而8不存在这样的拆分. #include<bits/stdc++. ...