(四)Harbor部署

一、选择原因:

1.可以私有化
2.权限访问,角色控制
3.镜像可以复制 可以做 HA
4.漏洞扫描
5.支持LDAP/AD 轻目录访问 控制用户的
...
...

二、环境:

Hardware
Resource Capacity Description
CPU minimal 2 CPU 4 CPU is preferred
Mem minimal 4GB 8GB is preferred
Disk minimal 40GB 160GB is preferred
Software
Software Version Description
Python version 2.7 or higher Note that you may have to install Python on Linux distributions (Gentoo, Arch) that do not come with a Python interpreter installed by default
Docker engine version 1.10 or higher For installation instructions, please refer to: https://docs.docker.com/engine/installation/
Docker Compose version 1.6.0 or higher For installation instructions, please refer to: https://docs.docker.com/compose/install/
Openssl latest is preferred Generate certificate and keys for Harbor

三、部署

1.docker,python准备
2.docker-compose安装

[root@i-mulkuzbd ~]# curl -L "https://github.com/docker/compose/releases/download/1.23.1/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
[root@i-mulkuzbd ~]# chmod +x /usr/local/bin/docker-compose
[root@i-mulkuzbd ~]# docker-compose --version
docker-compose version 1.23.1, build b02f1306

3.harbor部署

//解压harbor离线安装包
[root@i-mulkuzbd ~]# cd /usr/local
[root@i-mulkuzbd ~]# rz
//配置HTTPS Access
//假如部署环境机器不带DNS后缀,按机器名称如hadoop004部署,后面会有一定的问题
[root@hadoop004 local]# ll
total 844696
drwxr-xr-x. 2 root root      4096 Nov 14 14:23 bin
drwxr-xr-x. 2 root root      4096 Nov  5  2016 etc
-rw-r--r--  1 root root 864933610 Nov 14 14:44 harbor-offline-installer-v1.5.1.tgz
drwxr-xr-x. 2 root root      4096 Nov  5  2016 include
drwxr-xr-x. 2 root root      4096 Nov  5  2016 lib
drwxr-xr-x. 2 root root      4096 Nov  5  2016 libexec
drwxr-xr-x. 2 root root      4096 Nov  5  2016 sbin
drwxr-xr-x. 2 root root      4096 Nov  5  2016 src
[root@hadoop004 local]# tar -zxvf harbor-offline-installer-v1.5.1.tgz
[root@hadoop004 local]# ll
total 844700
drwxr-xr-x. 2 root root      4096 Nov 14 14:23 bin
drwxr-xr-x. 2 root root      4096 Nov  5  2016 etc
drwxr-xr-x  4 root root      4096 Nov 14 15:56 harbor
-rw-r--r--  1 root root 864933610 Nov 14 14:44 harbor-offline-installer-v1.5.1.tgz
drwxr-xr-x. 2 root root      4096 Nov  5  2016 include
drwxr-xr-x. 2 root root      4096 Nov  5  2016 lib
drwxr-xr-x. 2 root root      4096 Nov  5  2016 libexec
drwxr-xr-x. 2 root root      4096 Nov  5  2016 sbin
drwxr-xr-x. 2 root root      4096 Nov  5  2016 src
[root@hadoop004 local]# cd harbor
[root@hadoop004 harbor]# ll
total 856148
drwxr-xr-x 3 root root      4096 Nov 14 15:56 common
-rw-r--r-- 1 root root      1185 May 31 14:45 docker-compose.clair.yml
-rw-r--r-- 1 root root      1725 May 31 14:45 docker-compose.notary.yml
-rw-r--r-- 1 root root      3596 May 31 14:45 docker-compose.yml
drwxr-xr-x 3 root root      4096 May 31 14:45 ha
-rw-r--r-- 1 root root      6687 May 31 14:45 harbor.cfg
-rw-r--r-- 1 root root 876607879 May 31 14:46 harbor.v1.5.1.tar.gz
-rwxr-xr-x 1 root root      5773 May 31 14:45 install.sh
-rw-r--r-- 1 root root     10771 May 31 14:45 LICENSE
-rw-r--r-- 1 root root       482 May 31 14:45 NOTICE
-rwxr-xr-x 1 root root     27379 May 31 14:45 prepare
[root@hadoop004 harbor]# mkdir -p ./data/cert
[root@hadoop004 harbor]# cd data/cert
[root@hadoop004 cert]# openssl genrsa -out ca.key 4096
Generating RSA private key, 4096 bit long modulus
.....................++
............++
e is 65537 (0x10001)
[root@hadoop004 cert]# openssl req -x509 -new -nodes -sha512 -days 3650 \
>     -subj "/C=CN/ST=Beijing/L=Beijing/O=huluwa/OU=huluwa/CN=hadoop004" \
>     -key ca.key \
>     -out ca.crt
[root@hadoop004 cert]# ll
total 8
-rw-r--r-- 1 root root 2013 Nov 14 15:59 ca.crt
-rw-r--r-- 1 root root 3243 Nov 14 15:58 ca.key
[root@hadoop004 cert]# openssl genrsa -out hadoop004.key 4096
Generating RSA private key, 4096 bit long modulus
.....................................................++
.............................................................++
e is 65537 (0x10001)
[root@hadoop004 cert]# openssl req -sha512 -new \
>     -subj "/C=CN/ST=Beijing/L=Beijing/O=huluwa/OU=huluwa/CN=hadoop004" \
>     -key hadoop004.key \
>     -out hadoop004.csr 
[root@hadoop004 cert]# ll
total 16
-rw-r--r-- 1 root root 2013 Nov 14 15:59 ca.crt
-rw-r--r-- 1 root root 3243 Nov 14 15:58 ca.key
-rw-r--r-- 1 root root 1695 Nov 14 16:00 hadoop004.csr
-rw-r--r-- 1 root root 3243 Nov 14 16:00 hadoop004.key
[root@hadoop004 cert]# cat > v3.ext <<-EOF
> authorityKeyIdentifier=keyid,issuer
> basicConstraints=CA:FALSE
> keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
> extendedKeyUsage = serverAuth 
> subjectAltName = @alt_names
> 
> [alt_names]
> DNS.1=hadoop004
> DNS.2=hadoop004
> DNS.3=hadoop004
> EOF
[root@hadoop004 cert]# openssl x509 -req -sha512 -days 3650 \
>     -extfile v3.ext \
>     -CA ca.crt -CAkey ca.key -CAcreateserial \
>     -in hadoop004.csr \
>     -out hadoop004.crt
Signature ok
subject=/C=CN/ST=Beijing/L=Beijing/O=huluwa/OU=huluwa/CN=hadoop004
Getting CA Private Key
[root@hadoop004 cert]# ll
total 28
-rw-r--r-- 1 root root 2013 Nov 14 15:59 ca.crt
-rw-r--r-- 1 root root 3243 Nov 14 15:58 ca.key
-rw-r--r-- 1 root root   17 Nov 14 16:01 ca.srl
-rw-r--r-- 1 root root 2074 Nov 14 16:01 hadoop004.crt
-rw-r--r-- 1 root root 1695 Nov 14 16:00 hadoop004.csr
-rw-r--r-- 1 root root 3243 Nov 14 16:00 hadoop004.key
-rw-r--r-- 1 root root  261 Nov 14 16:01 v3.ext
[root@hadoop004 cert]# cd ../..
[root@hadoop004 harbor]# vi harbor.cfg
hostname = hadoop004
ui_url_protocol = https
ssl_cert = /usr/local/harbor/data/cert/hadoop004.crt
ssl_cert_key = /usr/local/harbor/data/cert/hadoop004.key
[root@hadoop004 ~]# /bin/systemctl start docker.service  //记得启动docker服务,如果已启动,忽略此步骤
[root@hadoop004 harbor]# ./install.sh

[Step 0]: checking installation environment ...

Note: docker version: 18.06.1

Note: docker-compose version: 1.23.1

[Step 1]: loading Harbor images ...
52ef9064d2e4: Loading layer  135.9MB/135.9MB
4a6862dbadda: Loading layer  23.25MB/23.25MB
58b7d0c522b2: Loading layer   24.4MB/24.4MB
9cd4bb748634: Loading layer  7.168kB/7.168kB
c81302a14908: Loading layer  10.56MB/10.56MB
7848e9ba72a3: Loading layer  24.39MB/24.39MB
Loaded image: vmware/harbor-ui:v1.5.1
f1691b5a5198: Loading layer  73.15MB/73.15MB
a529013c99e4: Loading layer  3.584kB/3.584kB
d9b4853cff8b: Loading layer  3.072kB/3.072kB
3d305073979e: Loading layer  4.096kB/4.096kB
c9e17074f54a: Loading layer  3.584kB/3.584kB
956055840e30: Loading layer  9.728kB/9.728kB
Loaded image: vmware/harbor-log:v1.5.1
185db06a02d0: Loading layer  23.25MB/23.25MB
835213979c70: Loading layer   20.9MB/20.9MB
f74eeb41c1c9: Loading layer   20.9MB/20.9MB
Loaded image: vmware/harbor-jobservice:v1.5.1
9bd5c7468774: Loading layer  23.25MB/23.25MB
5fa6889b9a6d: Loading layer   2.56kB/2.56kB
bd3ac235b209: Loading layer   2.56kB/2.56kB
cb5d493833cc: Loading layer  2.048kB/2.048kB
557669a074de: Loading layer   22.8MB/22.8MB
f02b4f30a9ac: Loading layer   22.8MB/22.8MB
Loaded image: vmware/registry-photon:v2.6.2-v1.5.1
5d3b562db23e: Loading layer  23.25MB/23.25MB
8edca1b0e3b0: Loading layer  12.16MB/12.16MB
ce5f11ea46c0: Loading layer   17.3MB/17.3MB
93750d7ec363: Loading layer  15.87kB/15.87kB
36f81937e80d: Loading layer  3.072kB/3.072kB
37e5df92b624: Loading layer  29.46MB/29.46MB
Loaded image: vmware/notary-server-photon:v0.5.1-v1.5.1
0a2f8f90bd3a: Loading layer  401.3MB/401.3MB
41fca4deb6bf: Loading layer  9.216kB/9.216kB
f2e28262e760: Loading layer  9.216kB/9.216kB
68677196e356: Loading layer   7.68kB/7.68kB
2b006714574e: Loading layer  1.536kB/1.536kB
Loaded image: vmware/mariadb-photon:v1.5.1
a8c4992c632e: Loading layer  156.3MB/156.3MB
0f37bf842677: Loading layer  10.75MB/10.75MB
9f34c0cd38bf: Loading layer  2.048kB/2.048kB
91ca17ca7e16: Loading layer  48.13kB/48.13kB
5a7e0da65127: Loading layer   10.8MB/10.8MB
Loaded image: vmware/clair-photon:v2.0.1-v1.5.1
0e782fe069e7: Loading layer  23.25MB/23.25MB
67fc1e2f7009: Loading layer  15.36MB/15.36MB
8db2141aa82c: Loading layer  15.36MB/15.36MB
Loaded image: vmware/harbor-adminserver:v1.5.1
3f87a34f553c: Loading layer  4.772MB/4.772MB
Loaded image: vmware/nginx-photon:v1.5.1
Loaded image: vmware/photon:1.0
ad58f3ddcb1b: Loading layer  10.95MB/10.95MB
9b50f12509bf: Loading layer   17.3MB/17.3MB
2c21090fd212: Loading layer  15.87kB/15.87kB
38bec864f23e: Loading layer  3.072kB/3.072kB
6e81ea7b0fa6: Loading layer  28.24MB/28.24MB
Loaded image: vmware/notary-signer-photon:v0.5.1-v1.5.1
897a26fa09cb: Loading layer  95.02MB/95.02MB
16e3a10a21ba: Loading layer  6.656kB/6.656kB
85ecac164331: Loading layer  2.048kB/2.048kB
37a2fb188706: Loading layer   7.68kB/7.68kB
Loaded image: vmware/postgresql-photon:v1.5.1
bed9f52be1d1: Loading layer  11.78kB/11.78kB
d731f2986f6e: Loading layer   2.56kB/2.56kB
c3fde9a69f96: Loading layer  3.072kB/3.072kB
Loaded image: vmware/harbor-db:v1.5.1
7844feb13ef3: Loading layer  78.68MB/78.68MB
de0fd8aae388: Loading layer  3.072kB/3.072kB
3f79efb720fd: Loading layer   59.9kB/59.9kB
1c02f801c2e8: Loading layer  61.95kB/61.95kB
Loaded image: vmware/redis-photon:v1.5.1
454c81edbd3b: Loading layer  135.2MB/135.2MB
e99db1275091: Loading layer  395.4MB/395.4MB
051e4ee23882: Loading layer  9.216kB/9.216kB
6cca4437b6f6: Loading layer  9.216kB/9.216kB
1d48fc08c8bc: Loading layer   7.68kB/7.68kB
0419724fd942: Loading layer  1.536kB/1.536kB
543c0c1ee18d: Loading layer  655.2MB/655.2MB
4190aa7e89b8: Loading layer  103.9kB/103.9kB
Loaded image: vmware/harbor-migrator:v1.5.0


[Step 2]: preparing environment ...
Generated and saved secret to file: /data/secretkey
Generated configuration file: ./common/config/nginx/nginx.conf
Generated configuration file: ./common/config/adminserver/env
Generated configuration file: ./common/config/ui/env
Generated configuration file: ./common/config/registry/config.yml
Generated configuration file: ./common/config/db/env
Generated configuration file: ./common/config/jobservice/env
Generated configuration file: ./common/config/jobservice/config.yml
Generated configuration file: ./common/config/log/logrotate.conf
Generated configuration file: ./common/config/jobservice/config.yml
Generated configuration file: ./common/config/ui/app.conf
Generated certificate, key file: ./common/config/ui/private_key.pem, cert file: ./common/config/registry/root.crt
The configuration files are ready, please use docker-compose to start the service.


[Step 3]: checking existing instance of Harbor ...


[Step 4]: starting Harbor ...
Creating network "harbor_harbor" with the default driver
Creating harbor-log ... done
Creating harbor-adminserver ... done
Creating registry           ... done
Creating redis              ... done
Creating harbor-db          ... done
Creating harbor-ui          ... done
Creating harbor-jobservice  ... done
Creating nginx              ... done

✔ ----Harbor has been installed and started successfully.----

Now you should be able to visit the admin portal at https://hadoop004. 
For more details, please visit https://github.com/vmware/harbor .

harbor至此部署完成

©著作权归作者所有,转载或内容合作请联系作者
  • 人面猴
    序言:七十年代末,一起剥皮案震惊了整个滨河市,随后出现的几起案子,更是在滨河造成了极大的恐慌,老刑警刘岩,带你破解...
    沈念sama阅读 194,491评论 5 459
  • 死咒
    序言:滨河连续发生了三起死亡事件,死亡现场离奇诡异,居然都是意外死亡,警方通过查阅死者的电脑和手机,发现死者居然都...
    沈念sama阅读 81,856评论 2 371
  • 救了他两次的神仙让他今天三更去死
    文/潘晓璐 我一进店门,熙熙楼的掌柜王于贵愁眉苦脸地迎上来,“玉大人,你说我怎么就摊上这事。” “怎么了?”我有些...
    开封第一讲书人阅读 141,745评论 0 319
  • 道士缉凶录:失踪的卖姜人
    文/不坏的土叔 我叫张陵,是天一观的道长。 经常有香客问我,道长,这世上最难降的妖魔是什么? 我笑而不...
    开封第一讲书人阅读 52,196评论 1 263
  • 港岛之恋(遗憾婚礼)
    正文 为了忘掉前任,我火速办了婚礼,结果婚礼上,老公的妹妹穿的比我还像新娘。我一直安慰自己,他们只是感情好,可当我...
    茶点故事阅读 61,073评论 4 355
  • 恶毒庶女顶嫁案:这布局不是一般人想出来的
    文/花漫 我一把揭开白布。 她就那样静静地躺着,像睡着了一般。 火红的嫁衣衬着肌肤如雪。 梳的纹丝不乱的头发上,一...
    开封第一讲书人阅读 46,112评论 1 272
  • 城市分裂传说
    那天,我揣着相机与录音,去河边找鬼。 笑死,一个胖子当着我的面吹牛,可吹牛的内容都是我干的。 我是一名探鬼主播,决...
    沈念sama阅读 36,531评论 3 381
  • 双鸳鸯连环套:你想象不到人心有多黑
    文/苍兰香墨 我猛地睁开眼,长吁一口气:“原来是场噩梦啊……” “哼!你这毒妇竟也来了?” 一声冷哼从身侧响起,我...
    开封第一讲书人阅读 35,215评论 0 253
  • 万荣杀人案实录
    序言:老挝万荣一对情侣失踪,失踪者是张志新(化名)和其女友刘颖,没想到半个月后,有当地人在树林里发现了一具尸体,经...
    沈念sama阅读 39,485评论 1 290
  • 护林员之死
    正文 独居荒郊野岭守林人离奇死亡,尸身上长有42处带血的脓包…… 初始之章·张勋 以下内容为张勋视角 年9月15日...
    茶点故事阅读 34,578评论 2 309
  • 白月光启示录
    正文 我和宋清朗相恋三年,在试婚纱的时候发现自己被绿了。 大学时的朋友给我发了我未婚夫和他白月光在一起吃饭的照片。...
    茶点故事阅读 36,356评论 1 326
  • 活死人
    序言:一个原本活蹦乱跳的男人离奇死亡,死状恐怖,灵堂内的尸体忽然破棺而出,到底是诈尸还是另有隐情,我是刑警宁泽,带...
    沈念sama阅读 32,215评论 3 312
  • 日本核电站爆炸内幕
    正文 年R本政府宣布,位于F岛的核电站,受9级特大地震影响,放射性物质发生泄漏。R本人自食恶果不足惜,却给世界环境...
    茶点故事阅读 37,583评论 3 299
  • 男人毒药:我在死后第九天来索命
    文/蒙蒙 一、第九天 我趴在偏房一处隐蔽的房顶上张望。 院中可真热闹,春花似锦、人声如沸。这庄子的主人今日做“春日...
    开封第一讲书人阅读 28,898评论 0 17
  • 一桩弑父案,背后竟有这般阴谋
    文/苍兰香墨 我抬头看了看天上的太阳。三九已至,却和暖如春,着一层夹袄步出监牢的瞬间,已是汗流浃背。 一阵脚步声响...
    开封第一讲书人阅读 30,174评论 1 250
  • 情欲美人皮
    我被黑心中介骗来泰国打工, 没想到刚下飞机就差点儿被人妖公主榨干…… 1. 我叫王不留,地道东北人。 一个月前我还...
    沈念sama阅读 41,497评论 2 341
  • 代替公主和亲
    正文 我出身青楼,却偏偏与公主长得像,于是被迫代替她去往敌国和亲。 传闻我的和亲对象是个残疾皇子,可洞房花烛夜当晚...
    茶点故事阅读 40,697评论 2 335

推荐阅读更多精彩内容