harbor仓库搭建

在linux中安装harbor会比较快，但是在浏览器中添加就比较慢,这里参考了Harbor部署

mkdir harbor
cd harbor
wget https://github.com/goharbor/harbor/releases/download/v2.6.2/harbor-online-installer-v2.6.2.tgz
tar -zxvf harbor-online-installer-v2.6.2.tgz

创建证书，证书都有好多个

#生成CA证书私钥
openssl genrsa -out harbar_ca.key 4096
#生成CA证书
openssl req -x509 -new -nodes -sha512 -days 3650 \-subj "/C=CN/ST=WuHan/L=WuHan/O=BS/OU=BS/CN=harbor.test.cn" \-key harbar_ca.key \-out harbar_ca.crt
#将服务器证书和密匙复制到Harbor主机上的证书文件夹中
cp harbar_ca.crt /appdata/cert/harbar_ca.crt
cp harbar_ca.key /appdata/cert/harbar_ca.key
openssl genrsa -out harbor.testcom.cn.key 4096
openssl req -sha512 -new \-subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=harbor.testcom.cn" \-key harbor.testcom.cn.key \-out harbor.testcom.cn.csrcat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names[alt_names]
DNS.1=harbor.testcom.cn
DNS.2=bs105.testcom.cn
EOFopenssl x509 -req -sha512 -days 3650 \-extfile v3.ext \-CA harbar_ca.crt -CAkey harbar_ca.key -CAcreateserial \-in harbor.testcom.cn.csr \-out harbor.testcom.cn.crtcp harbor.testcom.cn.crt /appdata/harbor/cert
cp harbor.testcom.cn.key /appdata/harbor/certopenssl x509 -inform PEM -in harbor.testcom.cn.crt -out harbor.testcom.cn.certcp harbor.testcom.cn.cert /etc/docker/certs.d/harbor.testcom.cn/
cp harbor.testcom.cn.key /etc/docker/certs.d/harbor.testcom.cn/
cp harbar_ca.crt /etc/docker/certs.d/harbor.testcom.cn/

出现下面的问题

[root@bs8 ~]# docker login -u admin -p Harbor12345 https://192.168.0.105
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
Error response from daemon: Get "https://192.168.0.105/v2/": x509: cannot validate certificate for 192.168.0.105 because it doesn't contain any IP SANs

vi /etc/docker/daemon.json
{ "insecure-registries":["harbor.testcom.cn"] }  
# 接着重启docker
systemctl daemon-reload && systemctl restart docker

在配置/etc/docker/daemon.json时，docker环境起不来了，异常如下，那么问题应该就出现在这个文件，删除/etc/docker/daemon.json，就可以。

-- Subject: Unit docker.socket has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit docker.socket has finished starting up.
-- 
-- The start-up result is done.
11月 18 16:19:59 bs8.test.cn systemd[1]: start request repeated too quickly for docker.service
11月 18 16:19:59 bs8.test.cn systemd[1]: Failed to start Docker Application Container Engine.
-- Subject: Unit docker.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit docker.service has failed.
-- 
-- The result is failed.
11月 18 16:19:59 bs8.test.cn systemd[1]: docker.service failed.
11月 18 16:19:59 bs8.test.cn polkitd[1096]: Unregistered Authentication Agent for unix-process:2649:1041309 (system bus name :1.72, object path /org/freedesktop/PolicyKit1/AuthenticationAge
11月 18 16:20:13 bs8.test.cn auditd[1071]: Audit daemon rotating log files
lines 1535-1555/1555 (END)

重置docker后，harbor的服务并不是所有都能起来

还有不少服务不会自动起来,如下图的就没有起来

先查看docker-compose目录

[root@bs8 harbor]#  which docker-compose
/usr/bin/docker-compose

cd /etc/systemd/system
vi harbor.service
# harbor.service内容如下
[Unit]
Description=harbor
After=docker.service systemd-networkd.service systemd-resolved.service
Requires=docker.service
Documentation=http://github.com/vmware/harbor[Service]
Type=simple
Restart=on-failure
RestartSec=5
ExecStart=/usr/bin/docker-compose -f /appdata/harbor/harbor/docker-compose.yml up
ExecStop=/usr/bin/docker-compose -f /appdata/harbor/harbor/harbor/docker-compose.yml down[Install]
WantedBy=multi-user.target# 设置好权限
chmod -R 777 harbor.service
# 设置开机启动
systemctl enable harbor.service
# 启动
systemctl start harbor.service

第一次没有经验，有经验后，发现harbor中的配置不合理，故而这里将服务删掉，再重新部署harbor

# 启动所有镜像
docker start $(docker ps -a -q)
# stop停止所有容器
docker stop $(docker ps -a -q)
# remove删除所有容器
docker rm $(docker ps -a -q) 

注意harbor的服务，不能直接删，需要执行systemctl stop harbor.service，然后再删，否则它会自动重启。
这里调整harbor.yml中的配置，这里只列出了核心配置

# https related config
https:# https port for harbor, default is 443port: 443# The path of cert and key files for nginxcertificate: /appdata/cert/harbar_ca.crtprivate_key: /appdata/cert/harbar_ca.key# The default data volume
data_volume: /appdata/harbor/data
#Log configurations
log:# options are debug, info, warning, error, fatallevel: info# configs for logs in local storagelocal:# Log files are rotated log_rotate_count times before being removed. If count is 0, old versions are removed rather than rotated.rotate_count: 50# Log files are rotated only if they grow bigger than log_rotate_size bytes. If size is followed by k, the size is assumed to be in kilobytes.# If the M is used, the size is in megabytes, and if G is used, the size is in gigabytes. So size 100, size 100k, size 100M and size 100G# are all valid.rotate_size: 200M# The directory on your host that store loglocation: /log/harbor

docker login -u admin -p Harbor12345

本文来自互联网用户投稿，文章观点仅代表作者本人，不代表本站立场，不承担相关法律责任。如若转载，请注明出处。 如若内容造成侵权/违法违规/事实不符，请点击【内容举报】进行投诉反馈！