|
前言
harbor是一个docker/podman镜像管理库,可用于存储私人镜像。现将本人在debian12系统搭建harbor镜像库的过程记录下来,留作后续参考。
可以参考github harbor项目给定的安装教程,很详细了:https://goharbor.io/docs/2.11.0/install-config/configure-https/
本篇博客着重参考了博客园另一位作者的文章 私有镜像仓库harbor之手把手搭建步骤,在此基础上做了一些补充。
正文
harbor 镜像管理库依赖于docker环境,并且会使用 docker-compose 的方式启动,所以需要先安装docker以及docker-compose,然后从github下载harbor离线安装包安装。由于是个人学习实验使用,安装环境是本地的debian12,安装全程使用root用户。
harbor安装包使用github目前最新的版本:https://github.com/goharbor/harbor/releases/download/v2.9.5-rc1/harbor-offline-installer-v2.9.5-rc1.tgz
根据官网上的说法,harbor对于环境有一定要求:
- 硬件要求
The following table lists the minimum and recommended hardware configurations for deploying Harbor.
ResourceMinimumRecommendedCPU2 CPU4 CPUMem4 GB8 GBDisk40 GB160 GB- 软件要求
The following table lists the software versions that must be installed on the target host.
SoftwareVersionDescriptionDocker EngineVersion 20.10.10-ce+ or higherFor installation instructions, see Docker Engine documentationDocker Composedocker-compose (v1.18.0+) or docker compose v2 (docker-compose-plugin)For installation instructions, see Docker Compose documentationOpenSSLLatest is preferredUsed to generate certificate and keys for Harbor- 网络端口要求
Harbor requires that the following ports be open on the target host.
PortProtocolDescription443HTTPSHarbor portal and core API accept HTTPS requests on this port. You can change this port in the configuration file.4443HTTPSConnections to the Docker Content Trust service for Harbor. You can change this port in the configuration file.80HTTPHarbor portal and core API accept HTTP requests on this port. You can change this port in the configuration file.1. 安装docker
- apt update
- apt install docker.io
- docker --version
- # Docker version 20.10.24+dfsg1, build 297e128
复制代码 配置docker镜像- cd /etc/docker/
- touch daemon.json
复制代码 编辑 daemon.json (如果这个不可用,需要自行寻找可用镜像源)- {
- "registry-mirrors": ["https://docker.nastool.de"]
- }
复制代码 测试docker镜像可用性 -- 可略过- docker search hello-world
- # NAME DESCRIPTION # STARS OFFICIAL AUTOMATED
- # hello-world Hello World! (an example of minimal Dockeriz… 2269 [OK]
- docker pull hello-world
- docker images |grep hello-world
- # hello-world latest d2c94e258dcb 14 months ago 13.3kB
- docker run --rm --name=tst hello-world
- # Hello from Docker!
- # This message shows that your installation appears to be working correctly.
- #
- # To generate this message, Docker took the following steps:
- # 1. The Docker client contacted the Docker daemon.
- # 2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
- # (amd64)
- # 3. The Docker daemon created a new container from that image which runs the
- # executable that produces the output you are currently reading.
- # 4. The Docker daemon streamed that output to the Docker client, which sent it to your terminal.
- # To try something more ambitious, you can run an Ubuntu container with:
- # $ docker run -it ubuntu bash
- # Share images, automate workflows, and more with a free Docker ID:
- # https://hub.docker.com/
- # For more examples and ideas, visit:
- # https://docs.docker.com/get-started/
复制代码 2. 安装docker-complose
- apt install docker-compose
- # docker-compose version 1.29.2, build unknown
复制代码 3. 下载harbor安装包
从github下载安装包,安装包比较大(621M),需要想办法下载。- # 比如下载到/root/harbor/目录
- mkdir -p /root/harbor
- cd /root/harbor
- # 可以用aria2c下载
- # apt install aria2c
- # 从这个页面找到最新安装包或最适合的版本 https://github.com/goharbor/harbor/releases
- # 下面的链接是我用浏览器点击下载后获取到的下载链接,应该会变,需要实时获取
- aria2c "https://objects.githubusercontent.com/github-production-release-asset-2e65be/50613991/8905e864-0824-4b9c-87c1-44a9e0b4db4f?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20240630%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240630T170549Z&X-Amz-Expires=300&X-Amz-Signature=484b6cdee5c9f515d800c41cbf3253d918b470b9d9401db224d2a1cfd36fc021&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=50613991&response-content-disposition=attachment%3B%20filename%3Dharbor-offline-installer-v2.9.5-rc1.tgz&response-content-type=application%2Foctet-stream"
复制代码 4. 解压缩 & 创建文件夹
- cd /root/harbor
- tar -zxvf ./harbor-offline-installer-v2.9.5-rc1.tgz -C /opt
- cd /opt/harbor/
- mkdir -p /opt/harbor/certs
- mkdir -p /opt/harbor/data
复制代码 5. 准备证书
harbor 安装时内部使用了nginx, 从浏览器访问网页需要用到证书(https 单向认证)
更详细介绍可以参考:https://goharbor.io/docs/2.11.0/install-config/configure-https/- cd /opt/harbor/certs
- # 我把官网的制作证书的过程写到了shell中
- touch mkcerts.sh
复制代码 mkcerts.sh- #!/bin/bash
- # 你想要配置的域名 -- 需要按需修改
- domain=brian-harbor
- # 域名全称
- host=${domain}.com
- # 证书私钥 (docker-compose启动时)需要的证书私钥
- key=${host}.key
- # 证书申请文件 - 用于申请证书
- csr=${host}.csr
- # harbor (docker-compose启动时)需要的证书
- crt=${host}.crt
- # docker 需要配置的证书,基于crt生成
- cert=${host}.cert
- # 部署harbor的主机名称 -- 需要按需修改
- ip=192.168.1.9
- # ca 证书
- openssl genrsa -out ca.key 4096
- openssl req -x509 -new -nodes -sha512 -days 3650 \
- -subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=MyPersonal Root CA" \
- -key ca.key \
- -out ca.crt
- # cert 域名证书
- openssl genrsa -out ${key} 4096
- openssl req -sha512 -new \
- -subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=${host}" \
- -key ${key} \
- -out ${csr}
- cat > v3.ext <<-EOF
- authorityKeyIdentifier=keyid,issuer
- basicConstraints=CA:FALSE
- keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
- extendedKeyUsage = serverAuth
- subjectAltName = @alt_names
- [alt_names]
- DNS.1=${host}
- DNS.2=${domain}
- DNS.3=${ip}
- EOF
- openssl x509 -req -sha512 -days 3650 \
- -extfile v3.ext \
- -CA ca.crt -CAkey ca.key -CAcreateserial \
- -in ${csr} \
- -out ${crt}
- openssl x509 -inform PEM -in ${crt} -out ${cert}
复制代码 打开浏览器,访问 https://192.168.1.9, 浏览器会提示证书不可信,选择跳过。
输入admin/Harbor12345进入
8. 设备登陆测试
- # 制作证书
- chmod +x mkcerts.sh
- ./mkcerts.sh
- ls
- # brian-harbor.com.cert brian-harbor.com.crt brian-harbor.com.csr brian-harbor.com.key ca.crt ca.key ca.srl mkcerts.sh v3.ext
复制代码- vim /etc/hosts
- # 添加一行
- 192.168.1.9 brian-harbor.com
复制代码 参考文章
[1]. 私有镜像仓库harbor之手把手搭建步骤
[2]. https://goharbor.io/docs/2.11.0/install-config/configure-https/
来源:https://www.cnblogs.com/brian-sun/p/18277288
免责声明:由于采集信息均来自互联网,如果侵犯了您的权益,请联系我们【E-Mail:cb@itdo.tech】 我们会及时删除侵权内容,谢谢合作! |
本帖子中包含更多资源
您需要 登录 才可以下载或查看,没有账号?立即注册
x
|