CentOS部署Harbor
原创
环境信息
- 操作系统:CentOS Linux release 7.8.2003
- docker:19.03.11
- docker-compose:1.26.0
- harbor:1.10.3
准备工作
假设当前您的CentOS系统是全新安装,以下所有操作都是用root账号进行的;
- 更新:
yum update -y- 关闭防火墙:
systemctl stop firewalld;systemctl disable firewalld;setenforce 0- 关闭SELINUX,修改文件/etc/selinux/config,将SELINUX的值改成disabled,修改后如下图红框所示:
- 重启操作系统,重启后重新SSH登录;
更新yum源
为了能顺利安装应用,建议更新yum源;
- 先安装wget:
yum -y install wget- 备份当前源:
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup- 下载国内源:
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo- 清理并重建yum缓存:
yum clean all && yum makecache- 再次更新:
yum -y update安装docker
- 新建用户组docker:
groupadd docker- 当前账号加入docker群组:
gpasswd -a root docker- 安装docker:
curl -sSL https://get.docker.com | sh- 安装完成后,启动docker,并设置为开机自启动:
systemctl start docker && systemctl enable docker- 查看是否启动成功,如果能看到Server相关的信息,表明启动成功:
[root@centos7 ~]# docker version
Client: Docker Engine - Community
Version: 19.03.11
API version: 1.40
Go version: go1.13.10
Git commit: 42e35e61f3
Built: Mon Jun 1 09:13:48 2020
OS/Arch: linux/amd64
Experimental: false
Server: Docker Engine - Community
Engine:
Version: 19.03.11
API version: 1.40 (minimum version 1.12)
Go version: go1.13.10
Git commit: 42e35e61f3
Built: Mon Jun 1 09:12:26 2020
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.2.13
GitCommit: 7ad184331fa3e55e52b890ea95e65ba581ae3429
runc:
Version: 1.0.0-rc10
GitCommit: dc9208a3303feef5b3839f4323d9beb36df0a9dd
docker-init:
Version: 0.18.0
GitCommit: fec3683安装docker镜像加速器
推荐安装docker镜像加速器,方法有多种,如果您有阿里云的注册账号可以参考以下操作:
- 创建目录:
mkdir -p /etc/docker- 添加镜像加速配置,请将下面的xxxxxxx改成阿里云给您配置的镜像地址:
tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["https://xxxxxxx.mirror.aliyuncs.com"]
}
EOF- 重启服务:
systemctl daemon-reload \
&& systemctl restart docker安装docker-compose
- 安装依赖工具:
yum -y install tree python-devel gcc epel-release python-pip注意:上述操作如果遇到安装失败,请分开重试;
- 升级pip:
pip install --upgrade pip- 安装docker-compose:
pip install docker-compose- 安装完毕后,查看docker-compose版本信息:
[root@centos7 ~]# docker-compose version
docker-compose version 1.26.0, build unknown
docker-py version: 4.2.1
CPython version: 2.7.5
OpenSSL version: OpenSSL 1.0.2k-fips 26 Jan 2017安装harbor
- 下载harbar的在线安装包,并解压:
wget https://github.com/goharbor/harbor/releases/download/v1.10.3/harbor-online-installer-v1.10.3.tgz \
&& tar -zxvf harbor-online-installer-v1.10.3.tgz- 得到harbor目录,内容如下:
[root@centos7 ~]# tree harbor
harbor
├── common.sh
├── harbor.yml
├── install.sh
├── LICENSE
└── prepare- 打开配置文件harbor.yml,接下来开始修改配置;
- hostname配置成本机的域名,如果没有域名就配置成IP:
- 如果需要修改http端口就修改下图红框位置:
- 如果不需要https,一定要将相关配置注释掉(否则会导致无法启动),如下图红框所示:
- 如果要修改https设置,就修改下图红框位置:
- 如果要修改管理员账号的初始密码,就修改下图红框位置:
- 在harbor目录下执行./prepare,控制条输出如下:
[root@centos7 harbor]# clear
[root@centos7 harbor]# ./prepare
prepare base dir is set to /root/harbor
WARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. Please make sure to upgrade to https
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
Generated and saved secret to file: /secret/keys/secretkey
Generated certificate, key file: /secret/core/private_key.pem, cert file: /secret/registry/root.crt
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir- 在harbor目录下执行./install.sh,控制台输出如下:
...
...
Digest: sha256:7903f39d47db4182f424539ec36294c407e7ac1e2e39fa095609a296e180b9e0
Status: Downloaded newer image for goharbor/harbor-registryctl:v1.10.3
Creating harbor-log ... done
Creating harbor-db ... done
Creating registry ... done
Creating redis ... done
Creating harbor-portal ... done
Creating registryctl ... done
Creating harbor-core ... done
Creating harbor-jobservice ... done
Creating nginx ... done
✔ ----Harbor has been installed and started successfully.----- 启动成功,浏览器访问服务器地址可见登录页面:
- 账号是admin,密码Harbor12345,登录成功如下图:
至此,harbor部署成功,接下来验证一下是否可用;
验证
- 接下来验证harbor是否可用,验证方式是从另一台Linux电脑(下面称之为A电脑)远程推送镜像到harbor机器;
- harbor默认是不允许http连接的,需要修改设置来支持http连接,以便后续操作;
- 如果要从A电脑连接harbor服务器,那么要对A电脑做设置,这里A电脑是Linux操作系统;
- 编辑A电脑的/etc/docker/daemon.json文件(如果不存在就新建),增加以下内容,192.168.133.174是harbor服务器的IP地址:
{
"insecure-registries":["192.168.133.174"]
}- 重启使配置生效:
systemctl daemon-reload && systemctl restart docker再次提醒:这里修改是远程连接Harbor服务的机器的配置,而不是Harbor服务器的配置;
验证推送镜像
- 在A电脑上,有个tomcat镜像,id是2eb5a120304e,如下所示:
[root@centos7 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
tomcat latest 2eb5a120304e 3 days ago 647MB- 按照dockr镜像仓库规则,给这个镜像打tag:
docker tag 2eb5a120304e 192.168.133.174/library/tomcat:latest- 打好tag的效果如下:
[root@centos7 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.133.174/library/tomcat latest 2eb5a120304e 3 days ago 647MB
tomcat latest 2eb5a120304e 3 days ago 647MB- 登录harbor:
docker login 192.168.133.174 -u admin -p Harbor12345- 推送此镜像到harbor:
docker push 192.168.133.174/library/tomcat:latest- 因为是局域网,推送速度相对较快:
- 去harbor网页,可见最新上传的镜像:
至此,harbor-1.10的部署和验证就完成了,如果您也在部署harbor,希望本文能给您一些参考;
原创声明:本文系作者授权腾讯云开发者社区发表,未经许可,不得转载。
如有侵权,请联系 cloudcommunity@tencent.com 删除。
原创声明:本文系作者授权腾讯云开发者社区发表,未经许可,不得转载。
如有侵权,请联系 cloudcommunity@tencent.com 删除。
评论
登录后参与评论
推荐阅读
目录
相关产品与服务
容器服务
腾讯云容器服务(Tencent Kubernetes Engine, TKE)基于原生 kubernetes 提供以容器为核心的、高度可扩展的高性能容器管理服务,覆盖 Serverless、边缘计算、分布式云等多种业务部署场景,业内首创单个集群兼容多种计算节点的容器资源管理模式。同时产品作为云原生 Finops 领先布道者,主导开源项目Crane,全面助力客户实现资源优化、成本控制。
腾讯云开发者
