（四）Harbor部署

一、选择原因：

1.可以私有化
2.权限访问，角色控制
3.镜像可以复制可以做 HA
4.漏洞扫描
5.支持LDAP/AD 轻目录访问控制用户的
...
...

二、环境：

Hardware

Resource	Capacity	Description
CPU	minimal 2 CPU	4 CPU is preferred
Mem	minimal 4GB	8GB is preferred
Disk	minimal 40GB	160GB is preferred

Software

Software	Version	Description
Python	version 2.7 or higher	Note that you may have to install Python on Linux distributions (Gentoo, Arch) that do not come with a Python interpreter installed by default
Docker engine	version 1.10 or higher	For installation instructions, please refer to: https://docs.docker.com/engine/installation/
Docker Compose	version 1.6.0 or higher	For installation instructions, please refer to: https://docs.docker.com/compose/install/
Openssl	latest is preferred	Generate certificate and keys for Harbor

三、部署

1.docker，python准备
2.docker-compose安装

[root@i-mulkuzbd ~]# curl -L "https://github.com/docker/compose/releases/download/1.23.1/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
[root@i-mulkuzbd ~]# chmod +x /usr/local/bin/docker-compose
[root@i-mulkuzbd ~]# docker-compose --version
docker-compose version 1.23.1, build b02f1306

3.harbor部署

//解压harbor离线安装包
[root@i-mulkuzbd ~]# cd /usr/local
[root@i-mulkuzbd ~]# rz
//配置HTTPS Access
//假如部署环境机器不带DNS后缀，按机器名称如hadoop004部署，后面会有一定的问题
[root@hadoop004 local]# ll
total 844696
drwxr-xr-x. 2 root root      4096 Nov 14 14:23 bin
drwxr-xr-x. 2 root root      4096 Nov  5  2016 etc
-rw-r--r--  1 root root 864933610 Nov 14 14:44 harbor-offline-installer-v1.5.1.tgz
drwxr-xr-x. 2 root root      4096 Nov  5  2016 include
drwxr-xr-x. 2 root root      4096 Nov  5  2016 lib
drwxr-xr-x. 2 root root      4096 Nov  5  2016 libexec
drwxr-xr-x. 2 root root      4096 Nov  5  2016 sbin
drwxr-xr-x. 2 root root      4096 Nov  5  2016 src
[root@hadoop004 local]# tar -zxvf harbor-offline-installer-v1.5.1.tgz
[root@hadoop004 local]# ll
total 844700
drwxr-xr-x. 2 root root      4096 Nov 14 14:23 bin
drwxr-xr-x. 2 root root      4096 Nov  5  2016 etc
drwxr-xr-x  4 root root      4096 Nov 14 15:56 harbor
-rw-r--r--  1 root root 864933610 Nov 14 14:44 harbor-offline-installer-v1.5.1.tgz
drwxr-xr-x. 2 root root      4096 Nov  5  2016 include
drwxr-xr-x. 2 root root      4096 Nov  5  2016 lib
drwxr-xr-x. 2 root root      4096 Nov  5  2016 libexec
drwxr-xr-x. 2 root root      4096 Nov  5  2016 sbin
drwxr-xr-x. 2 root root      4096 Nov  5  2016 src
[root@hadoop004 local]# cd harbor
[root@hadoop004 harbor]# ll
total 856148
drwxr-xr-x 3 root root      4096 Nov 14 15:56 common
-rw-r--r-- 1 root root      1185 May 31 14:45 docker-compose.clair.yml
-rw-r--r-- 1 root root      1725 May 31 14:45 docker-compose.notary.yml
-rw-r--r-- 1 root root      3596 May 31 14:45 docker-compose.yml
drwxr-xr-x 3 root root      4096 May 31 14:45 ha
-rw-r--r-- 1 root root      6687 May 31 14:45 harbor.cfg
-rw-r--r-- 1 root root 876607879 May 31 14:46 harbor.v1.5.1.tar.gz
-rwxr-xr-x 1 root root      5773 May 31 14:45 install.sh
-rw-r--r-- 1 root root     10771 May 31 14:45 LICENSE
-rw-r--r-- 1 root root       482 May 31 14:45 NOTICE
-rwxr-xr-x 1 root root     27379 May 31 14:45 prepare
[root@hadoop004 harbor]# mkdir -p ./data/cert
[root@hadoop004 harbor]# cd data/cert
[root@hadoop004 cert]# openssl genrsa -out ca.key 4096
Generating RSA private key, 4096 bit long modulus
.....................++
............++
e is 65537 (0x10001)
[root@hadoop004 cert]# openssl req -x509 -new -nodes -sha512 -days 3650 \
>     -subj "/C=CN/ST=Beijing/L=Beijing/O=huluwa/OU=huluwa/CN=hadoop004" \
>     -key ca.key \
>     -out ca.crt
[root@hadoop004 cert]# ll
total 8
-rw-r--r-- 1 root root 2013 Nov 14 15:59 ca.crt
-rw-r--r-- 1 root root 3243 Nov 14 15:58 ca.key
[root@hadoop004 cert]# openssl genrsa -out hadoop004.key 4096
Generating RSA private key, 4096 bit long modulus
.....................................................++
.............................................................++
e is 65537 (0x10001)
[root@hadoop004 cert]# openssl req -sha512 -new \
>     -subj "/C=CN/ST=Beijing/L=Beijing/O=huluwa/OU=huluwa/CN=hadoop004" \
>     -key hadoop004.key \
>     -out hadoop004.csr 
[root@hadoop004 cert]# ll
total 16
-rw-r--r-- 1 root root 2013 Nov 14 15:59 ca.crt
-rw-r--r-- 1 root root 3243 Nov 14 15:58 ca.key
-rw-r--r-- 1 root root 1695 Nov 14 16:00 hadoop004.csr
-rw-r--r-- 1 root root 3243 Nov 14 16:00 hadoop004.key
[root@hadoop004 cert]# cat > v3.ext <<-EOF
> authorityKeyIdentifier=keyid,issuer
> basicConstraints=CA:FALSE
> keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
> extendedKeyUsage = serverAuth 
> subjectAltName = @alt_names
> 
> [alt_names]
> DNS.1=hadoop004
> DNS.2=hadoop004
> DNS.3=hadoop004
> EOF
[root@hadoop004 cert]# openssl x509 -req -sha512 -days 3650 \
>     -extfile v3.ext \
>     -CA ca.crt -CAkey ca.key -CAcreateserial \
>     -in hadoop004.csr \
>     -out hadoop004.crt
Signature ok
subject=/C=CN/ST=Beijing/L=Beijing/O=huluwa/OU=huluwa/CN=hadoop004
Getting CA Private Key
[root@hadoop004 cert]# ll
total 28
-rw-r--r-- 1 root root 2013 Nov 14 15:59 ca.crt
-rw-r--r-- 1 root root 3243 Nov 14 15:58 ca.key
-rw-r--r-- 1 root root   17 Nov 14 16:01 ca.srl
-rw-r--r-- 1 root root 2074 Nov 14 16:01 hadoop004.crt
-rw-r--r-- 1 root root 1695 Nov 14 16:00 hadoop004.csr
-rw-r--r-- 1 root root 3243 Nov 14 16:00 hadoop004.key
-rw-r--r-- 1 root root  261 Nov 14 16:01 v3.ext
[root@hadoop004 cert]# cd ../..
[root@hadoop004 harbor]# vi harbor.cfg
hostname = hadoop004
ui_url_protocol = https
ssl_cert = /usr/local/harbor/data/cert/hadoop004.crt
ssl_cert_key = /usr/local/harbor/data/cert/hadoop004.key
[root@hadoop004 ~]# /bin/systemctl start docker.service  //记得启动docker服务，如果已启动，忽略此步骤
[root@hadoop004 harbor]# ./install.sh

[Step 0]: checking installation environment ...

Note: docker version: 18.06.1

Note: docker-compose version: 1.23.1

[Step 1]: loading Harbor images ...
52ef9064d2e4: Loading layer  135.9MB/135.9MB
4a6862dbadda: Loading layer  23.25MB/23.25MB
58b7d0c522b2: Loading layer   24.4MB/24.4MB
9cd4bb748634: Loading layer  7.168kB/7.168kB
c81302a14908: Loading layer  10.56MB/10.56MB
7848e9ba72a3: Loading layer  24.39MB/24.39MB
Loaded image: vmware/harbor-ui:v1.5.1
f1691b5a5198: Loading layer  73.15MB/73.15MB
a529013c99e4: Loading layer  3.584kB/3.584kB
d9b4853cff8b: Loading layer  3.072kB/3.072kB
3d305073979e: Loading layer  4.096kB/4.096kB
c9e17074f54a: Loading layer  3.584kB/3.584kB
956055840e30: Loading layer  9.728kB/9.728kB
Loaded image: vmware/harbor-log:v1.5.1
185db06a02d0: Loading layer  23.25MB/23.25MB
835213979c70: Loading layer   20.9MB/20.9MB
f74eeb41c1c9: Loading layer   20.9MB/20.9MB
Loaded image: vmware/harbor-jobservice:v1.5.1
9bd5c7468774: Loading layer  23.25MB/23.25MB
5fa6889b9a6d: Loading layer   2.56kB/2.56kB
bd3ac235b209: Loading layer   2.56kB/2.56kB
cb5d493833cc: Loading layer  2.048kB/2.048kB
557669a074de: Loading layer   22.8MB/22.8MB
f02b4f30a9ac: Loading layer   22.8MB/22.8MB
Loaded image: vmware/registry-photon:v2.6.2-v1.5.1
5d3b562db23e: Loading layer  23.25MB/23.25MB
8edca1b0e3b0: Loading layer  12.16MB/12.16MB
ce5f11ea46c0: Loading layer   17.3MB/17.3MB
93750d7ec363: Loading layer  15.87kB/15.87kB
36f81937e80d: Loading layer  3.072kB/3.072kB
37e5df92b624: Loading layer  29.46MB/29.46MB
Loaded image: vmware/notary-server-photon:v0.5.1-v1.5.1
0a2f8f90bd3a: Loading layer  401.3MB/401.3MB
41fca4deb6bf: Loading layer  9.216kB/9.216kB
f2e28262e760: Loading layer  9.216kB/9.216kB
68677196e356: Loading layer   7.68kB/7.68kB
2b006714574e: Loading layer  1.536kB/1.536kB
Loaded image: vmware/mariadb-photon:v1.5.1
a8c4992c632e: Loading layer  156.3MB/156.3MB
0f37bf842677: Loading layer  10.75MB/10.75MB
9f34c0cd38bf: Loading layer  2.048kB/2.048kB
91ca17ca7e16: Loading layer  48.13kB/48.13kB
5a7e0da65127: Loading layer   10.8MB/10.8MB
Loaded image: vmware/clair-photon:v2.0.1-v1.5.1
0e782fe069e7: Loading layer  23.25MB/23.25MB
67fc1e2f7009: Loading layer  15.36MB/15.36MB
8db2141aa82c: Loading layer  15.36MB/15.36MB
Loaded image: vmware/harbor-adminserver:v1.5.1
3f87a34f553c: Loading layer  4.772MB/4.772MB
Loaded image: vmware/nginx-photon:v1.5.1
Loaded image: vmware/photon:1.0
ad58f3ddcb1b: Loading layer  10.95MB/10.95MB
9b50f12509bf: Loading layer   17.3MB/17.3MB
2c21090fd212: Loading layer  15.87kB/15.87kB
38bec864f23e: Loading layer  3.072kB/3.072kB
6e81ea7b0fa6: Loading layer  28.24MB/28.24MB
Loaded image: vmware/notary-signer-photon:v0.5.1-v1.5.1
897a26fa09cb: Loading layer  95.02MB/95.02MB
16e3a10a21ba: Loading layer  6.656kB/6.656kB
85ecac164331: Loading layer  2.048kB/2.048kB
37a2fb188706: Loading layer   7.68kB/7.68kB
Loaded image: vmware/postgresql-photon:v1.5.1
bed9f52be1d1: Loading layer  11.78kB/11.78kB
d731f2986f6e: Loading layer   2.56kB/2.56kB
c3fde9a69f96: Loading layer  3.072kB/3.072kB
Loaded image: vmware/harbor-db:v1.5.1
7844feb13ef3: Loading layer  78.68MB/78.68MB
de0fd8aae388: Loading layer  3.072kB/3.072kB
3f79efb720fd: Loading layer   59.9kB/59.9kB
1c02f801c2e8: Loading layer  61.95kB/61.95kB
Loaded image: vmware/redis-photon:v1.5.1
454c81edbd3b: Loading layer  135.2MB/135.2MB
e99db1275091: Loading layer  395.4MB/395.4MB
051e4ee23882: Loading layer  9.216kB/9.216kB
6cca4437b6f6: Loading layer  9.216kB/9.216kB
1d48fc08c8bc: Loading layer   7.68kB/7.68kB
0419724fd942: Loading layer  1.536kB/1.536kB
543c0c1ee18d: Loading layer  655.2MB/655.2MB
4190aa7e89b8: Loading layer  103.9kB/103.9kB
Loaded image: vmware/harbor-migrator:v1.5.0


[Step 2]: preparing environment ...
Generated and saved secret to file: /data/secretkey
Generated configuration file: ./common/config/nginx/nginx.conf
Generated configuration file: ./common/config/adminserver/env
Generated configuration file: ./common/config/ui/env
Generated configuration file: ./common/config/registry/config.yml
Generated configuration file: ./common/config/db/env
Generated configuration file: ./common/config/jobservice/env
Generated configuration file: ./common/config/jobservice/config.yml
Generated configuration file: ./common/config/log/logrotate.conf
Generated configuration file: ./common/config/jobservice/config.yml
Generated configuration file: ./common/config/ui/app.conf
Generated certificate, key file: ./common/config/ui/private_key.pem, cert file: ./common/config/registry/root.crt
The configuration files are ready, please use docker-compose to start the service.


[Step 3]: checking existing instance of Harbor ...


[Step 4]: starting Harbor ...
Creating network "harbor_harbor" with the default driver
Creating harbor-log ... done
Creating harbor-adminserver ... done
Creating registry           ... done
Creating redis              ... done
Creating harbor-db          ... done
Creating harbor-ui          ... done
Creating harbor-jobservice  ... done
Creating nginx              ... done

✔ ----Harbor has been installed and started successfully.----

Now you should be able to visit the admin portal at https://hadoop004. 
For more details, please visit https://github.com/vmware/harbor .

harbor至此部署完成

（四）Harbor部署

一、选择原因：

二、环境：

Hardware

Software

三、部署

你可能感兴趣的:(（四）Harbor部署)