CentOS 7 安装harbor1.5.0
1、系统环境
系统化境:CentOS Linux release 7.5.1804 (Core)
Python version:>=2.7
Docker version:>=1.10
Docker Compose version:>=1.6.0
Openssl:直接yum安装最新版本即可(# yum -y install openssl openssl-devel)
2、安装依赖包
1、CentOS 7 自带Python版本2.7,不必更新Python
2、安装Docker(根据自己实际需求,下列安装方式二选一即可)
1) 安装Docker ce (官方链接:https://docs.docker.com/install/linux/docker-ce/centos/)
卸载原来的Docker(如果以前没安装过,略过此步骤即可)
$ sudo yum remove docker \
docker-client \
docker-client-latest \
docker-common \
docker-latest \
docker-latest-logrotate \
docker-logrotate \
docker-selinux \
docker-engine-selinux \
docker-engine
devicemapper存储驱动依赖于yum-utils,device-mapper-persistent-dat a,lvm2
$ sudo yum install -y yum-utils \
device-mapper-persistent-data \
lvm2
添加Docker官方yum源
$ sudo yum-config-manager \
--add-repo \
https://download.docker.com/linux/centos/docker-ce.repo
安装Docker ce
$ sudo yum install docker-ce
2) 安装Docker engine
添加yum源
# cat </root/docker.repo \
> name=Docker
> baseurl=https://yum.dockerproject.org/repo/main/centos/7/
> enabled=1
> gpgcheck=0
> EOF
安装Docker engine
# yum -y install docker-engine-1.13.1
3、安装Docker Compose
下载Docker Compose二进制可执行文件
# curl -L https://github.com/docker/compose/releases/download/1.21.1/docker-compose-$(uname -s)-$(uname -m) -o /usr/local/bin/docker-compose
添加可执行权限
# chmod +x /usr/local/bin/docker-compose
4、下载Harbor离线安装文件
# wget https://storage.googleapis.com/harbor-releases/release-1.5.0/harbor-offline-installer-v1.5.0.tgz
# tar zxf harbor-offline-installer-v1.5.0.tgz -C /opt
5、生成访问harbor时的密钥证书
# mkdir /opt/harbor/cert /opt/harbor/data
# cd /opt/harbor/cert
生成私钥
# openssl genrsa -out private_key.pem 4096
Generating RSA private key, 4096 bit long modulus
.......++
............++
e is 65537 (0x10001)
生成证书
# openssl req -new -x509 -key private_key.pem -out root.crt -days 3650
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN (国家)
State or Province Name (full name) []:Beijing (州或省名称)
Locality Name (eg, city) [Default City]:Beijing (城市)
Organization Name (eg, company) [Default Company Ltd]:harbor (机构名称)
Organizational Unit Name (eg, section) []:harbor (组织单位名称)
Common Name (eg, your name or your server's hostname) []:req.yourdomain.com (访问时用的域名)
Email Address []:[email protected] (邮箱)
# cp /opt/harbor/cert/private_key.pem /opt/harbor/common/config/ui/private_key.pem
# cp /opt/harbor/cert/root.crt /opt/harbor/common/config/registry/root.crt
6、配置https
# cd /opt/harbor/cert
1)
# openssl req -newkey rsa:4096 -nodes -sha256 -keyout ca.key -x509 -days 365 -out ca.crt
Generating a 4096 bit RSA private key
...........................................................................................++
...................................++
writing new private key to 'ca.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN (国家)
State or Province Name (full name) []:Beijing (州或省名称)
Locality Name (eg, city) [Default City]:Beijing (城市)
Organization Name (eg, company) [Default Company Ltd]:harbor (机构名称)
Organizational Unit Name (eg, section) []:harbor (组织单位名称)
Common Name (eg, your name or your server's hostname) []:req.yourdomain.com (访问时用的域名)
Email Address []:[email protected] (邮箱)
# ll
total 20
-rw-r--r--. 1 root root 2082 May 11 15:30 ca.crt
-rw-r--r--. 1 root root 3272 May 11 15:30 ca.key
2)
# openssl req -newkey rsa:4096 -nodes -sha256 -keyout req.yourdomain.com.key -out req.yourdomain.com.csr
Generating a 4096 bit RSA private key
......++
.......................................................................................................................................................................................... ......................++
writing new private key to 'req.yourdomain.com.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN (国家)
State or Province Name (full name) []:Beijing (州或省名称)
Locality Name (eg, city) [Default City]:Beijing (城市)
Organization Name (eg, company) [Default Company Ltd]:harbor (机构名称)
Organizational Unit Name (eg, section) []:harbor (组织单位名称)
Common Name (eg, your name or your server's hostname) []:req.yourdomain.com (访问时用的域名)
Email Address []:[email protected] (邮箱)
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:******
An optional company name []:req.yourdomain.com
3)
# openssl x509 -req -days 365 -in req.yourdomain.com.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out req.yourdomain.com.crt
Signature ok
subject=/C=JP/ST=JP/L=JP/O=JP/OU=JP/CN=req.yourdomain.com/[email protected]
Getting CA Private Key
4)
# echo subjectAltName = IP:54.200.9.23 > extfile.cnf
# openssl genrsa -out private_key.pem 4096
Generating RSA private key, 4096 bit long modulus
.......++
............++
e is 65537 (0x10001)
# openssl req -new -x509 -key private_key.pem -out root.crt -days 3650
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN (国家)
State or Province Name (full name) []:Beijing (州或省名称)
Locality Name (eg, city) [Default City]:Beijing (城市)
Organization Name (eg, company) [Default Company Ltd]:harbor (机构名称)
Organizational Unit Name (eg, section) []:harbor (组织单位名称)
Common Name (eg, your name or your server's hostname) []:req.yourdomain.com (访问时用的域名)
Email Address []:[email protected] (邮箱)
7、修改harbor配置文件
# vim /opt/harbor/harbor.cfg
hostname = req.yourdomain.com
ui_url_protocol = https
ssl_cert = /opt/harbor/cert/req.yourdomain.com.crt
ssl_cert_key = /opt/harbor/cert/req.yourdomain.com.key
secretkey_path = /opt/harbor/data
8、修改docker-compose.yml
自己安装的时候手贱,直接修改了harbor.cfg中的secretkey_path参数,导致/data/secretkey一直挂载不上,adminserver容器起不来,如果不修改这个参数,应该也不用修改docker-compose.yml文件
vim /opt/harbor/docker-compose.yml
services:adminserver:volumes
- /opt/harbor/common/config:/etc/adminserver/config/:z
- /opt/harbor/data/secretkey:/etc/adminserver/key:z
- /opt/harbor/data/:/data/:z
9、启动harbor
# cd /opt/harbor
# ./prepare
Clearing the configuration file: ./common/config/adminserver/env
Clearing the configuration file: ./common/config/ui/env
Clearing the configuration file: ./common/config/ui/app.conf
Clearing the configuration file: ./common/config/ui/private_key.pem
Clearing the configuration file: ./common/config/db/env
Clearing the configuration file: ./common/config/jobservice/env
Clearing the configuration file: ./common/config/jobservice/config.yml
Clearing the configuration file: ./common/config/registry/config.yml
Clearing the configuration file: ./common/config/registry/root.crt
Clearing the configuration file: ./common/config/nginx/cert/req.yourdomain.com.crt
Clearing the configuration file: ./common/config/nginx/cert/req.yourdomain.com.key
Clearing the configuration file: ./common/config/nginx/nginx.conf
Clearing the configuration file: ./common/config/log/logrotate.conf
loaded secret from file: /opt/harbor/data/secretkey
Generated configuration file: ./common/config/nginx/nginx.conf
Generated configuration file: ./common/config/adminserver/env
Generated configuration file: ./common/config/ui/env
Generated configuration file: ./common/config/registry/config.yml
Generated configuration file: ./common/config/db/env
Generated configuration file: ./common/config/jobservice/env
Generated configuration file: ./common/config/jobservice/config.yml
Generated configuration file: ./common/config/log/logrotate.conf
Generated configuration file: ./common/config/jobservice/config.yml
Generated configuration file: ./common/config/ui/app.conf
Generated certificate, key file: ./common/config/ui/private_key.pem, cert file: ./common/config/registry/root.crt
The configuration files are ready, please use docker-compose to start the service.
# ./install.sh
[Step 0]: checking installation environment ...
Note: docker version: 18.05.0
Note: docker-compose version: 1.21.1
[Step 1]: loading Harbor images ...
Loaded image: vmware/clair-photon:v2.0.1-v1.5.0
Loaded image: vmware/postgresql-photon:v1.5.0
Loaded image: vmware/harbor-adminserver:v1.5.0
Loaded image: vmware/registry-photon:v2.6.2-v1.5.0
Loaded image: vmware/photon:1.0
Loaded image: vmware/harbor-migrator:v1.5.0
Loaded image: vmware/harbor-ui:v1.5.0
Loaded image: vmware/redis-photon:v1.5.0
Loaded image: vmware/nginx-photon:v1.5.0
Loaded image: vmware/mariadb-photon:v1.5.0
Loaded image: vmware/notary-signer-photon:v0.5.1-v1.5.0
Loaded image: vmware/harbor-log:v1.5.0
Loaded image: vmware/harbor-db:v1.5.0
Loaded image: vmware/harbor-jobservice:v1.5.0
Loaded image: vmware/notary-server-photon:v0.5.1-v1.5.0
[Step 2]: preparing environment ...
Clearing the configuration file: ./common/config/adminserver/env
Clearing the configuration file: ./common/config/ui/env
Clearing the configuration file: ./common/config/ui/app.conf
Clearing the configuration file: ./common/config/ui/private_key.pem
Clearing the configuration file: ./common/config/db/env
Clearing the configuration file: ./common/config/jobservice/env
Clearing the configuration file: ./common/config/jobservice/config.yml
Clearing the configuration file: ./common/config/registry/config.yml
Clearing the configuration file: ./common/config/registry/root.crt
Clearing the configuration file: ./common/config/nginx/cert/req.yourdomain.com.crt
Clearing the configuration file: ./common/config/nginx/cert/req.yourdomain.com.key
Clearing the configuration file: ./common/config/nginx/nginx.conf
Clearing the configuration file: ./common/config/log/logrotate.conf
loaded secret from file: /opt/harbor/data/secretkey
Generated configuration file: ./common/config/nginx/nginx.conf
Generated configuration file: ./common/config/adminserver/env
Generated configuration file: ./common/config/ui/env
Generated configuration file: ./common/config/registry/config.yml
Generated configuration file: ./common/config/db/env
Generated configuration file: ./common/config/jobservice/env
Generated configuration file: ./common/config/jobservice/config.yml
Generated configuration file: ./common/config/log/logrotate.conf
Generated configuration file: ./common/config/jobservice/config.yml
Generated configuration file: ./common/config/ui/app.conf
Generated certificate, key file: ./common/config/ui/private_key.pem, cert file: ./common/config/registry/root.crt
The configuration files are ready, please use docker-compose to start the service.
[Step 3]: checking existing instance of Harbor ...
Note: stopping existing Harbor instance ...
Removing harbor-jobservice ... done
Removing nginx ... done
Removing harbor-ui ... done
Removing harbor-adminserver ... done
Removing harbor-db ... done
Removing registry ... done
Removing redis ... done
Removing harbor-log ... done
Removing network harbor_harbor
[Step 4]: starting Harbor ...
Creating network "harbor_harbor" with the default driver
Creating harbor-log ... done
Creating redis ... done
Creating harbor-db ... done
Creating registry ... done
Creating harbor-adminserver ... done
Creating harbor-ui ... done
Creating nginx ... done
Creating harbor-jobservice ... done
✔ ----Harbor has been installed and started successfully.----
Now you should be able to visit the admin portal at https://harbor.qmerry.com.
For more details, please visit https://github.com/vmware/harbor .
到这里基本就安装成功了!
# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
857d2e3c5e91 vmware/harbor-jobservice:v1.5.0 "/harbor/start.sh" 4 minutes ago Up 4 minutes harbor-jobservice
93b02ce9ef3b vmware/nginx-photon:v1.5.0 "nginx -g 'daemon of…" 4 minutes ago Up 4 minutes (healthy) 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp nginx
c6299d3aa34a vmware/harbor-ui:v1.5.0 "/harbor/start.sh" 4 minutes ago Up 4 minutes (healthy) harbor-ui
5a897145ce25 vmware/harbor-adminserver:v1.5.0 "/harbor/start.sh" 4 minutes ago Up 4 minutes (healthy) harbor-adminserver
bd07edaf4935 vmware/registry-photon:v2.6.2-v1.5.0 "/entrypoint.sh serv…" 4 minutes ago Up 4 minutes (healthy) 5000/tcp registry
6faf515da058 vmware/harbor-db:v1.5.0 "/usr/local/bin/dock…" 4 minutes ago Up 4 minutes (healthy) 3306/tcp harbor-db
cdde2dc4346b vmware/redis-photon:v1.5.0 "docker-entrypoint.s…" 4 minutes ago Up 4 minutes 6379/tcp redis
721ad4e4c0bd vmware/harbor-log:v1.5.0 "/bin/sh -c /usr/loc…" 4 minutes ago Up 4 minutes (healthy) 127.0.0.1:1514->10514/tcp harbor-log
10、验证
打开浏览器访问:https://yourdomain.com
# [ ! -d /etc/docker/certs.d/reg.yourdomain.com ] && mkdir -p /etc/docker/certs.d/reg.yourdomain.com
# cp /opt/harbor/cert/ca.crt /etc/docker/certs.d/reg.yourdomain.com
# docker login reg.yourdomain.com
Username: admin
Password: (默认密码为:Harbor12345,可在harbor.cfg文件中修改)
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
以上全部参考官方文档一步步安装整理的:
Docker:https://docs.docker.com/install/linux/docker-ce/centos/#install-using-the-repository
Harbor:https://github.com/vmware/harbor/blob/master/docs/installation_guide.md