102-9 机器上安装部署harbor (一)
https://harbor.meng.com
账号:admin
密码:Harbor12345
cd /data/tools/harbor
# 下载包
wget https://github.com/goharbor/harbor/releases/download/v2.6.2/harbor-online-installer-v2.6.2.tgz
#自签名证书
mkdir -p /data/harbordata/cert
cd /data/harbordata/cert
vi genCert.sh
#!/bin/bashopenssl genrsa -out ca.key 4096openssl req -x509 -new -nodes -sha512 -days 3650 \ -subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=harbor.petroglory.com" \ -key ca.key \ -out ca.crtopenssl genrsa -out harbor.petroglory.com.key 4096openssl req -sha512 -new \ -subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=harbor.petroglory.com" \ -key harbor.petroglory.com.key \ -out harbor.petroglory.com.csrcat > v3.ext <<-EOFauthorityKeyIdentifier=keyid,issuerbasicConstraints=CA:FALSEkeyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEnciphermentextendedKeyUsage = serverAuthsubjectAltName = @alt_names[alt_names]DNS.1=harbor.petroglory.comDNS.2=petroglory.comDNS.3=petrogloryEOFopenssl x509 -req -sha512 -days 3650 \ -extfile v3.ext \ -CA ca.crt -CAkey ca.key -CAcreateserial \ -in harbor.petroglory.com.csr \ -out harbor.petroglory.com.crtsh genCert.sh
不重启docker情况下,从harbor拉取或者推送镜像
#注意修改域名
#转换格式openssl x509 -inform PEM -in harbor.petroglory.com.crt -out harbor.petroglory.com.certmkdir -p /etc/docker/certs.d/harbor.petroglory.com/cp harbor.petroglory.com.cert /etc/docker/certs.d/harbor.petroglory.com/cp harbor.petroglory.com.key /etc/docker/certs.d/harbor.petroglory.com/cp ca.crt /etc/docker/certs.d/harbor.petroglory.com/ openssl x509 -inform PEM -in harbor.meng.com.crt -out harbor.meng.com.certmkdir -p /etc/docker/certs.d/harbor.meng.com/cp harbor.meng.com.cert /etc/docker/certs.d/harbor.meng.com/cp harbor.meng.com.key /etc/docker/certs.d/harbor.meng.com/cp ca.crt /etc/docker/certs.d/harbor.meng.com/#导入镜像
tar zxvf harbor_v2.6.2_images.tgz
for i in `ls *#*.tgz`;do echo $i;docker load < $i;done# 解压
tar -xf harbor-online-installer-v2.6.2.tgz
#生成docker-compose.yaml文件
cd /data/tools/harbor # 复制并修改为下面的harbor.yaml文件cp harbor.yml.tmpl harbor.yml#修改配置参数
vi harbor.yml
hostname: harbor.meng.com certificate: /data/harbordata/cert/harbor.meng.com.crt private_key: /data/harbordata/cert/harbor.meng.com.keyharbor_admin_password: Harbor12345data_volume: /data/harbordata# 修改配置项,把chart的配置项配置为enabledchart: absolute_url: enabled