安装docker

离线部署

1
2
3
4
[root@harbor-server data]# python InstallDocker.py 
Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /etc/systemd/system/docker.service.
Docker Version as follows:
Docker version 18.06.1-ce, build e68fc7a

导入docker-compose执行文件

1
2
[root@harbor-server data]# chmod 777 docker-compose 
[root@harbor-server data]# mv docker-compose /usr/bin/

导入harbor安装包

1
2
3
4
[root@harbor-server data]# tar zxf harbor-offline-installer-v2.3.1.tgz
[root@harbor-server docker]# cd harbor/
[root@harbor-server harbor]# mkdir pki
[root@harbor-server harbor]# cd pki/

创建私钥文件、证书请求文件、证书文件

使用算法3DES生成大小为2048的秘钥文件KEY

1
2
3
4
5
6
7
8

[root@harbor-server pki]# openssl genrsa -des3 -out server.key 2048
Generating RSA private key, 2048 bit long modulus
.................................+++
........................+++
e is 65537 (0x10001)
Enter pass phrase for server.key: redhat
Verifying - Enter pass phrase for server.key: redhat

生成根证书请求文件CSR

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
[root@harbor-server pki]# openssl req -new -key server.key -out server.csr
Enter pass phrase for server.key:redhat
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:BJ
Locality Name (eg, city) [Default City]:BJ
Organization Name (eg, company) [Default Company Ltd]:AAA
Organizational Unit Name (eg, section) []:BBB
Common Name (eg, your name or your server's hostname) []:CCC
Email Address []:zuxuan8@aliyun.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:回车
An optional company name []:回车

备份私钥文件

1
2
3
4
5
[root@harbor-server pki]# cp server.key server.key.org
[root@harbor-server pki]# openssl rsa -in server.key.org -out server.key
Enter pass phrase for server.key.org:redhat
writing RSA key

生成根证书CA

1
2
3
4
[root@harbor-server pki]# openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt
Signature ok
subject=/C=CN/ST=BJ/L=BJ/O=AAA/OU=BBB/CN=CCC/emailAddress=zuxuan8@aliyun.com
Getting Private key

参数详解:

  • -new:表示生成一个新的证书签署请求;
  • -x509:专用于生成CA自签证书;
  • -key:指定生成证书用到的私钥文件;
  • -out FILNAME:指定生成的证书的保存路径;
  • -days:指定证书的有效期限,单位为day,默认是365天;

查看证书信息

1
2
3
4
5
[root@harbor-server pki]# openssl x509 -in ./server.crt -noout -serial -dates -subject
serial=E89A11182C2EEA4B
notBefore=Oct 28 07:11:04 2021 GMT
notAfter=Oct 26 07:11:04 2031 GMT
subject= /C=CN/ST=BJ/L=BJ/O=AAA/OU=BBB/CN=CCC/emailAddress=zuxuan8@aliyun.com

修改Harbor配置文件

1
2
3
4
5
6
7
8
9
10
11
[root@harbor-server pki]# cd ..
[root@harbor-server harbor]# ls
common.sh  harbor.v2.3.1.tar.gz  harbor.yml.tmpl  install.sh  LICENSE  pki  prepare
[root@harbor-server harbor]# cp harbor.yml.tmpl harbor.yml
[root@harbor-server harbor]# vi harbor.yml
# 改动如下:
hostname: harbor.k8s.com
  certificate: /data/harbor/pki/server.crt
  private_key: /data/harbor/pki/server.key
harbor_admin_password: as2a2nf0
data_volume: /data/harbor

执行安装

1
2
3
4
5
6
7
8
9
10
11
12
13
14
[root@harbor-server harbor]# ./install.sh 
Creating registry ... done
Creating harbor-core ... done
Creating network "harbor_harbor" with the default driver
Creating harbor-jobservice ... done
Creating registryctl ... 
Creating harbor-db ... 
Creating registry ... 
Creating redis ... 
Creating harbor-portal ... 
Creating harbor-core ... 
Creating harbor-jobservice ... 
Creating nginx ... 
✔ ----Harbor has been installed and started successfully.----

查看容器信息

1
2
3
4
5
6
7
8
9
10
11
[root@harbor-server harbor]# docker ps
CONTAINER ID        IMAGE                                COMMAND                  CREATED             STATUS                    PORTS                                         NAMES
036612728ade        goharbor/harbor-jobservice:v2.3.1    "/harbor/entrypoint.…"   35 seconds ago      Up 33 seconds (healthy)                                                 harbor-jobservice
5015536e5c6a        goharbor/nginx-photon:v2.3.1         "nginx -g 'daemon of…"   35 seconds ago      Up 33 seconds (healthy)   0.0.0.0:80->8080/tcp, 0.0.0.0:443->8443/tcp   nginx
24981bc8eb73        goharbor/harbor-core:v2.3.1          "/harbor/entrypoint.…"   36 seconds ago      Up 34 seconds (healthy)                                                 harbor-core
be63d94426c6        goharbor/registry-photon:v2.3.1      "/home/harbor/entryp…"   37 seconds ago      Up 35 seconds (healthy)                                                 registry
2722461b169f        goharbor/harbor-portal:v2.3.1        "nginx -g 'daemon of…"   37 seconds ago      Up 35 seconds (healthy)                                                 harbor-portal
2af630b04583        goharbor/redis-photon:v2.3.1         "redis-server /etc/r…"   37 seconds ago      Up 35 seconds (healthy)                                                 redis
78a8eb416f5d        goharbor/harbor-registryctl:v2.3.1   "/home/harbor/start.…"   37 seconds ago      Up 35 seconds (healthy)                                                 registryctl
a5c84bf68622        goharbor/harbor-db:v2.3.1            "/docker-entrypoint.…"   37 seconds ago      Up 35 seconds (healthy)                                                 harbor-db
1f8e4e8dee62        goharbor/harbor-log:v2.3.1           "/bin/sh -c /usr/loc…"   37 seconds ago      Up 36 seconds (healthy)   127.0.0.1:1514->10514/tcp                     harbor-log

验证访问

1
https://harbor.k8s.com/