企业级镜像私有仓库Harbor

# 设置hostname
[root@localhost ~]# hostnamectl set-hostname harbor.example.com
#安装依赖包
[root@localhost ~]# yum install -y yum-utils device-mapper-persistent-data lvm2 vim net-tools vim wget epel-release
#设置yum源
[root@localhost ~]# yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
#更新yum缓存
[root@localhost ~]# yum makecache fast
#安装docker-ce
[root@localhost ~]# yum -y install docker-ce
#启动docker后台服务
[root@localhost ~]# systemctl start docker
[root@localhost ~]# systemctl enable docker
#配置镜像加速
[root@localhost ~]# curl -sSL https://get.daocloud.io/daotools/set_mirror.sh | sh -s http://f1361db2.m.daocloud.io
[root@localhost ~]# systemctl daemon-reload 
[root@localhost ~]# systemctl restart docker

[root@localhost ~]# curl -L "https://github.com/docker/compose/releases/download/1.23.1/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
[root@localhost ~]# chmod +x /usr/local/bin/docker-compose
[root@localhost ~]# docker-compose --version
[root@localhost ~]# docker-compose version 1.23.1, build b02f1306

#下载安装包 自行选择要安装的包
[root@localhost ~]# wget https://storage.googleapis.com/harbor-releases/release-1.6.0/harbor-offline-installer-v1.6.2.tgz
[root@localhost ~]# wget https://storage.googleapis.com/harbor-releases/release-1.7.0/harbor-offline-installer-v1.7.6.tgz
[root@localhost ~]# wget https://storage.googleapis.com/harbor-releases/release-1.8.0/harbor-offline-installer-v1.8.0.tgz
[root@localhost ~]# wget https://storage.googleapis.com/harbor-releases/release-1.9.0/harbor-offline-installer-v1.9.0.tgz
[root@localhost ~]# tar xf harbor-offline-installer-v1.6.2.tgz 
[root@localhost ~]# cd harbor
#使用https访问harbor配置
#获得证书授权
[root@localhost harbor]# mkdir ssl && cd ssl
[root@localhost ssl]# openssl genrsa -out ca.key 4096
[root@localhost ssl]# openssl req -x509 -new -nodes -sha512 -days 3650 -subj "/C=TW/ST=Taipei/L=Taipei/O=example/OU=Personal/CN=harbor.example.com" -key ca.key -out ca.crt
#创建自己的私钥
[root@localhost ssl]# openssl genrsa -out harbor.example.com.key 4096
#生成证书签名请求
[root@localhost ssl]# openssl req -sha512 -new -subj "/C=TW/ST=Taipei/L=Taipei/O=example/OU=Personal/CN=harbor.example.com" -key harbor.example.com.key -out harbor.example.com.csr
#生成注册表主机证书
[root@localhost ssl]# vim v3.ext
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth 
subjectAltName = @alt_names

[alt_names]
DNS.1=harbor.example.com
DNS.2=harbor.example
DNS.3=hostname
[root@localhost ssl]# openssl x509 -req -sha512 -days 3650 -extfile v3.ext -CA ca.crt -CAkey ca.key -CAcreateserial -in harbor.example.com.csr -out harbor.example.com.crt
#配置服务器证书和密钥
[root@localhost ssl]# mkdir /data/cert/
[root@localhost ssl]# cp harbor.example.com.crt /data/cert/
[root@localhost ssl]# cp harbor.example.com.key /data/cert/
#为docker配置证书密钥和CA
[root@localhost ssl]# mkdir -p /etc/docker/certs.d/harbor.example.com
[root@localhost ssl]# cp harbor.example.com.crt /etc/docker/certs.d/harbor.example.com/
[root@localhost ssl]# cp harbor.example.com.key /etc/docker/certs.d/harbor.example.com/
#配置harbor
[root@localhost harbor]# vim harbor.cfg 
hostname = harbor.example.com
ui_url_protocol = https
ssl_cert = /data/cert/harbor.example.com.crt
ssl_cert_key = /data/cert/harbor.example.com.key
#生成harbor配置文件
[root@localhost harbor]# ./prepare 
#开始安装
[root@localhost harbor]# ./install.sh
# 如果想换成公有证书，可以去阿里云申请免费的证书，然后下载nginx配置
[root@localhost harbor]# vim harbor.cfg
hostname = harbor.example.com
ui_url_protocol = https
ssl_cert = /data/cert/harbor.example.com.crt
ssl_cert_key = /data/cert/harbor.example.com.key
#生成harbor配置文件
[root@localhost harbor]# ./prepare 
#开始安装
[root@localhost harbor]# ./install.sh

[root@reg harbor]# docker-compose ps
       Name                     Command                  State                                    Ports
-------------------------------------------------------------------------------------------------------------------------------------
harbor-adminserver   /harbor/start.sh                 Up (healthy)
harbor-db            /entrypoint.sh postgres          Up (healthy)   5432/tcp
harbor-jobservice    /harbor/start.sh                 Up
harbor-log           /bin/sh -c /usr/local/bin/ ...   Up (healthy)   127.0.0.1:1514->10514/tcp
harbor-ui            /harbor/start.sh                 Up (healthy)
nginx                nginx -g daemon off;             Up (healthy)   0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp, 0.0.0.0:80->80/tcp
redis                docker-entrypoint.sh redis ...   Up             6379/tcp
registry             /entrypoint.sh /etc/regist ...   Up (healthy)   5000/tcp
组件　　　　　　　　　　　　　　　　功能
harbor-adminserver　　　　　　配置管理中心
harbor-db　　　　　　　　　　　Mysql数据库
harbor-jobservice　　　　　　负责镜像复制
harbor-log　　　　　　　　　　记录操作日志
harbor-ui　　　　　　　　　　 Web管理页面和API
nginx　　　　　　　　　　　　 前端代理，负责前端页面和镜像上传/下载转发
redis　　　　　　　　　　　　 会话
registry　　　　　　　　　　　镜像存储

[root@harbor harbor]# docker login harbor.example.com
Username: wangzhenghui
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

[root@localhost ~]# docker pull nginx
[root@harbor harbor]# docker tag nginx:latest harbor.example.com/devops/nginx:v1
[root@harbor harbor]# docker push harbor.example.com/devops/nginx:v1
The push refers to repository [harbor.example.com/devops/nginx]
ce3539cc1849: Pushed
16d1b1dd2a23: Pushed
2db44bce66cd: Pushed
v1: digest: sha256:55e7a6f2bb43e38cc34285af03b4973d61f523d26cd8a57e9d00cf4154792d20 size: 948
[root@harbor ~]# docker pull tomcat
[root@harbor ~]# docker tag tomcat:latest harbor.example.com/devops/tomcat:v1
[root@harbor ~]# docker push harbor.example.com/devops/tomcat:v1