harber私有镜像仓库(4)

一、部署准备:

准备harbor软件包
在部署节点上:
#mv harbor-offline-installer-v1.4.0.tgz /opt/ && cd /opt
#tar zxvf harbor-offline-installer-v1.4.0.tgz
#cd harbor

二、修改配置文件:

harbor.cfg docker-compose.clair.yml
准备ca证书tar包,并解压移动到/data/harbor/cert(自己创建)目录下
 
 
找到如下参数,并修为如下配置:
hostname = reg.yunwei.edu
ui_url_protocol = https
ssl_cert = /data/harbor/cert/harbor.crt
ssl_cert_key = /data/harbor/cert/harbor.key
secretkey_path = /data/harbor
harbor_admin_password = admin
 
ssl_cert = /data/harbor/cert/harbor.crt
ssl_cert_key = /data/harbor/cert/harbor.key
以上为ca证书名称,必须与实际文件同名
 
secretkey_path = /data/harbor 为ca证书目录
 
 
docker-compose.clair.yml
找到如下参数,并修为如下配置:
/data/harbor/clair-db:/var/lib/postgresql/data:z
 
docker-compose.notary.yml
找到如下参数,并修为如下配置:
/data/harbor/notary-db:/var/lib/mysql:z
 
docker-compose.yml
找到如下参数,并修为如下配置:
/data/harbor/:/var/log/docker/:z
/data/harbor/registry:/storage:z
/data/harbor/database:/var/lib/mysql:z
/data/harbor/config/:/etc/adminserver/config/:z
/data/harbor/secretkey:/etc/adminserver/key:z
/data/harbor/:/data/:z
/data/harbor/secretkey:/etc/ui/key:z
/data/harbor/ca_download/:/etc/ui/ca/:z
/data/harbor/psc/:/etc/ui/token/:z
/data/harbor/job_logs:/var/log/jobs:z
/data/harbor/secretkey:/etc/jobservice/key:z
 
 

三、安装harbor程序:

执行安装脚本,部署harbor
(1)在/opt/harbor/目录下
sh install.sh
 
#!/bin/bash

#docker version: 1.11.2 
#docker-compose version: 1.7.1 
#Harbor version: 0.4.0 

set +e
set -o noglob

#
# Set Colors
#

bold=$(tput bold)
underline=$(tput sgr 0 1)
reset=$(tput sgr0)

red=$(tput setaf 1)
green=$(tput setaf 76)
white=$(tput setaf 7)
tan=$(tput setaf 202)
blue=$(tput setaf 25)

#
# Headers and Logging
#

underline() { printf "${underline}${bold}%s${reset}
" "$@"
}
h1() { printf "
${underline}${bold}${blue}%s${reset}
" "$@"
}
h2() { printf "
${underline}${bold}${white}%s${reset}
" "$@"
}
debug() { printf "${white}%s${reset}
" "$@"
}
info() { printf "${white}➜ %s${reset}
" "$@"
}
success() { printf "${green}✔ %s${reset}
" "$@"
}
error() { printf "${red}✖ %s${reset}
" "$@"
}
warn() { printf "${tan}➜ %s${reset}
" "$@"
}
bold() { printf "${bold}%s${reset}
" "$@"
}
note() { printf "
${underline}${bold}${blue}Note:${reset} ${blue}%s${reset}
" "$@"
}

set -e
set +o noglob

usage=$'Please set hostname and other necessary attributes in harbor.cfg first. DO NOT use localhost or 127.0.0.1 for hostname, because Harbor needs to be accessed by external clients.
Please set --with-notary if needs enable Notary in Harbor, and set ui_url_protocol/ssl_cert/ssl_cert_key in harbor.cfg bacause notary must run under https. 
Please set --with-clair if needs enable Clair in Harbor'
item=0

# notary is not enabled by default
with_notary=$false
# clair is not enabled by default
with_clair=$false
# HA mode is not enabled by default
harbor_ha=$false
while [ $# -gt 0 ]; do
        case $1 in
            --help)
            note "$usage"
            exit 0;;
            --with-notary)
            with_notary=true;;
            --with-clair)
            with_clair=true;;
            --ha)
            harbor_ha=true;;
            *)
            note "$usage"
            exit 1;;
        esac
        shift || true
done

workdir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
cd $workdir

# The hostname in harbor.cfg has not been modified
if grep 'hostname = reg.mydomain.com' &> /dev/null harbor.cfg
then
    warn "$usage"
    exit 1
fi

function check_docker {
    if ! docker --version &> /dev/null
    then
        error "Need to install docker(1.10.0+) first and run this script again."
        exit 1
    fi
    
    # docker has been installed and check its version
    if [[ $(docker --version) =~ (([0-9]+).([0-9]+).([0-9]+)) ]]
    then
        docker_version=${BASH_REMATCH[1]}
        docker_version_part1=${BASH_REMATCH[2]}
        docker_version_part2=${BASH_REMATCH[3]}
        
        # the version of docker does not meet the requirement
        if [ "$docker_version_part1" -lt 1 ] || ([ "$docker_version_part1" -eq 1 ] && [ "$docker_version_part2" -lt 10 ])
        then
            error "Need to upgrade docker package to 1.10.0+."
            exit 1
        else
            note "docker version: $docker_version"
        fi
    else
        error "Failed to parse docker version."
        exit 1
    fi
}

function check_dockercompose {
    if ! docker-compose --version &> /dev/null
    then
        error "Need to install docker-compose(1.7.1+) by yourself first and run this script again."
        exit 1
    fi
    
    # docker-compose has been installed, check its version
    if [[ $(docker-compose --version) =~ (([0-9]+).([0-9]+).([0-9]+)) ]]
    then
        docker_compose_version=${BASH_REMATCH[1]}
        docker_compose_version_part1=${BASH_REMATCH[2]}
        docker_compose_version_part2=${BASH_REMATCH[3]}
        
        # the version of docker-compose does not meet the requirement
        if [ "$docker_compose_version_part1" -lt 1 ] || ([ "$docker_compose_version_part1" -eq 1 ] && [ "$docker_compose_version_part2" -lt 6 ])
        then
            error "Need to upgrade docker-compose package to 1.7.1+."
                        exit 1
        else
            note "docker-compose version: $docker_compose_version"
        fi
    else
        error "Failed to parse docker-compose version."
        exit 1
    fi
}

h2 "[Step $item]: checking installation environment ..."; let item+=1
check_docker
check_dockercompose

if [ -f harbor*.tar.gz ]
then
    h2 "[Step $item]: loading Harbor images ..."; let item+=1
    docker load -i ./harbor*.tar.gz
fi
echo ""

h2 "[Step $item]: preparing environment ...";  let item+=1
if [ -n "$host" ]
then
    sed "s/^hostname = .*/hostname = $host/g" -i ./harbor.cfg
fi
prepare_para=
if [ $with_notary ] && [ ! $harbor_ha ]
then
    prepare_para="${prepare_para} --with-notary"
fi
if [ $with_clair ]
then
    prepare_para="${prepare_para} --with-clair"
fi
if [ $harbor_ha ]
then
    prepare_para="${prepare_para} --ha"
fi
./prepare $prepare_para
echo ""

h2 "[Step $item]: checking existing instance of Harbor ..."; let item+=1
docker_compose_list='-f docker-compose.yml'
if [ $with_notary ] && [ ! $harbor_ha ]
then
    docker_compose_list="${docker_compose_list} -f docker-compose.notary.yml"
fi
if [ $with_clair ]
then
    docker_compose_list="${docker_compose_list} -f docker-compose.clair.yml"
fi

if [ -n "$(docker-compose $docker_compose_list ps -q)"  ]
then
    note "stopping existing Harbor instance ..." 
    docker-compose $docker_compose_list down -v
fi
echo ""

h2 "[Step $item]: starting Harbor ..."
if [ $harbor_ha ]
then
    mv docker-compose.yml docker-compose.yml.bak 
    cp ha/docker-compose.yml docker-compose.yml
    mv docker-compose.clair.yml docker-compose.clair.yml.bak
    cp ha/docker-compose.clair.yml docker-compose.clair.yml
fi
docker-compose $docker_compose_list up -d

protocol=http
hostname=reg.mydomain.com

if [[ $(cat ./harbor.cfg) =~ ui_url_protocol[[:blank:]]*=[[:blank:]]*(https?) ]]
then
protocol=${BASH_REMATCH[1]}
fi

if [[ $(grep 'hostname[[:blank:]]*=' ./harbor.cfg) =~ hostname[[:blank:]]*=[[:blank:]]*(.*) ]]
then
hostname=${BASH_REMATCH[1]}
fi
echo ""

success $"----Harbor has been installed and started successfully.----

Now you should be able to visit the admin portal at ${protocol}://${hostname}. 
For more details, please visit https://github.com/vmware/harbor .
"
[root@cicd harbor]# cat install.sh 
#!/bin/bash

#docker version: 1.11.2 
#docker-compose version: 1.7.1 
#Harbor version: 0.4.0 

set +e
set -o noglob

#
# Set Colors
#

bold=$(tput bold)
underline=$(tput sgr 0 1)
reset=$(tput sgr0)

red=$(tput setaf 1)
green=$(tput setaf 76)
white=$(tput setaf 7)
tan=$(tput setaf 202)
blue=$(tput setaf 25)

#
# Headers and Logging
#

underline() { printf "${underline}${bold}%s${reset}
" "$@"
}
h1() { printf "
${underline}${bold}${blue}%s${reset}
" "$@"
}
h2() { printf "
${underline}${bold}${white}%s${reset}
" "$@"
}
debug() { printf "${white}%s${reset}
" "$@"
}
info() { printf "${white}➜ %s${reset}
" "$@"
}
success() { printf "${green}✔ %s${reset}
" "$@"
}
error() { printf "${red}✖ %s${reset}
" "$@"
}
warn() { printf "${tan}➜ %s${reset}
" "$@"
}
bold() { printf "${bold}%s${reset}
" "$@"
}
note() { printf "
${underline}${bold}${blue}Note:${reset} ${blue}%s${reset}
" "$@"
}

set -e
set +o noglob

usage=$'Please set hostname and other necessary attributes in harbor.cfg first. DO NOT use localhost or 127.0.0.1 for hostname, because Harbor needs to be accessed by external clients.
Please set --with-notary if needs enable Notary in Harbor, and set ui_url_protocol/ssl_cert/ssl_cert_key in harbor.cfg bacause notary must run under https. 
Please set --with-clair if needs enable Clair in Harbor'
item=0

# notary is not enabled by default
with_notary=$false
# clair is not enabled by default
with_clair=$false
# HA mode is not enabled by default
harbor_ha=$false
while [ $# -gt 0 ]; do
        case $1 in
            --help)
            note "$usage"
            exit 0;;
            --with-notary)
            with_notary=true;;
            --with-clair)
            with_clair=true;;
            --ha)
            harbor_ha=true;;
            *)
            note "$usage"
            exit 1;;
        esac
        shift || true
done

workdir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
cd $workdir

# The hostname in harbor.cfg has not been modified
if grep 'hostname = reg.mydomain.com' &> /dev/null harbor.cfg
then
    warn "$usage"
    exit 1
fi

function check_docker {
    if ! docker --version &> /dev/null
    then
        error "Need to install docker(1.10.0+) first and run this script again."
        exit 1
    fi
    
    # docker has been installed and check its version
    if [[ $(docker --version) =~ (([0-9]+).([0-9]+).([0-9]+)) ]]
    then
        docker_version=${BASH_REMATCH[1]}
        docker_version_part1=${BASH_REMATCH[2]}
        docker_version_part2=${BASH_REMATCH[3]}
        
        # the version of docker does not meet the requirement
        if [ "$docker_version_part1" -lt 1 ] || ([ "$docker_version_part1" -eq 1 ] && [ "$docker_version_part2" -lt 10 ])
        then
            error "Need to upgrade docker package to 1.10.0+."
            exit 1
        else
            note "docker version: $docker_version"
        fi
    else
        error "Failed to parse docker version."
        exit 1
    fi
}

function check_dockercompose {
    if ! docker-compose --version &> /dev/null
    then
        error "Need to install docker-compose(1.7.1+) by yourself first and run this script again."
        exit 1
    fi
    
    # docker-compose has been installed, check its version
    if [[ $(docker-compose --version) =~ (([0-9]+).([0-9]+).([0-9]+)) ]]
    then
        docker_compose_version=${BASH_REMATCH[1]}
        docker_compose_version_part1=${BASH_REMATCH[2]}
        docker_compose_version_part2=${BASH_REMATCH[3]}
        
        # the version of docker-compose does not meet the requirement
        if [ "$docker_compose_version_part1" -lt 1 ] || ([ "$docker_compose_version_part1" -eq 1 ] && [ "$docker_compose_version_part2" -lt 6 ])
        then
            error "Need to upgrade docker-compose package to 1.7.1+."
                        exit 1
        else
            note "docker-compose version: $docker_compose_version"
        fi
    else
        error "Failed to parse docker-compose version."
        exit 1
    fi
}

h2 "[Step $item]: checking installation environment ..."; let item+=1
check_docker
check_dockercompose

if [ -f harbor*.tar.gz ]
then
    h2 "[Step $item]: loading Harbor images ..."; let item+=1
    docker load -i ./harbor*.tar.gz
fi
echo ""

h2 "[Step $item]: preparing environment ...";  let item+=1
if [ -n "$host" ]
then
    sed "s/^hostname = .*/hostname = $host/g" -i ./harbor.cfg
fi
prepare_para=
if [ $with_notary ] && [ ! $harbor_ha ]
then
    prepare_para="${prepare_para} --with-notary"
fi
if [ $with_clair ]
then
    prepare_para="${prepare_para} --with-clair"
fi
if [ $harbor_ha ]
then
    prepare_para="${prepare_para} --ha"
fi
./prepare $prepare_para
echo ""

h2 "[Step $item]: checking existing instance of Harbor ..."; let item+=1
docker_compose_list='-f docker-compose.yml'
if [ $with_notary ] && [ ! $harbor_ha ]
then
    docker_compose_list="${docker_compose_list} -f docker-compose.notary.yml"
fi
if [ $with_clair ]
then
    docker_compose_list="${docker_compose_list} -f docker-compose.clair.yml"
fi

if [ -n "$(docker-compose $docker_compose_list ps -q)"  ]
then
    note "stopping existing Harbor instance ..." 
    docker-compose $docker_compose_list down -v
fi
echo ""

h2 "[Step $item]: starting Harbor ..."
if [ $harbor_ha ]
then
    mv docker-compose.yml docker-compose.yml.bak 
    cp ha/docker-compose.yml docker-compose.yml
    mv docker-compose.clair.yml docker-compose.clair.yml.bak
    cp ha/docker-compose.clair.yml docker-compose.clair.yml
fi
docker-compose $docker_compose_list up -d

protocol=http
hostname=reg.mydomain.com

if [[ $(cat ./harbor.cfg) =~ ui_url_protocol[[:blank:]]*=[[:blank:]]*(https?) ]]
then
protocol=${BASH_REMATCH[1]}
fi

if [[ $(grep 'hostname[[:blank:]]*=' ./harbor.cfg) =~ hostname[[:blank:]]*=[[:blank:]]*(.*) ]]
then
hostname=${BASH_REMATCH[1]}
fi
echo ""

success $"----Harbor has been installed and started successfully.----

Now you should be able to visit the admin portal at ${protocol}://${hostname}. 
For more details, please visit https://github.com/vmware/harbor .
"
install.sh
(2)验证harbor是否部署成功:
必须在/opt/harbor/目录下执行
#docker-compose ps
 
 
 

四、各节点设置登陆harbor私有镜像仓库:

为各节点分发ca证书
(1)在每个节点(包括harbor节点)的/etc/docker/目录下,创建certs.d/reg.yunwei.edu/目录
ansible自动部署:ansible all -m shell -a 'mkdir -p /etc/docker/certs.d/reg.yunwei.edu'
 
(2)harbor节点上,将harbor的ca证书中的ca.crt拷贝到/etc/docker目录下
#cp /data/harbor/cert/ca.crt /etc/docker/certs.d/reg.yunwei.edu/
 
(3)将harbor节点的ca.crt文件,分发给各节点的/etc/docker/certs.d/reg.yunwei.edu/下
scp /etc/docker/certs.d/reg.yunwei.edu/ca.crt node1:/etc/docker/certs.d/reg.yunwei.edu/
scp /etc/docker/certs.d/reg.yunwei.edu/ca.crt node1:/etc/docker/certs.d/reg.yunwei.edu/
scp /etc/docker/certs.d/reg.yunwei.edu/ca.crt node1:/etc/docker/certs.d/reg.yunwei.edu/
 
(4)harbor镜像库验证
 
命令行:各节点登陆镜像库地址后,输入用户名/密码(admin/admin)后出现 Login Succeeded
 
#docker login reg.yunwei.edu
确保能够解析到自己的IP(/etc/hosts)
 
 
web浏览器:浏览器输入harbor节点ip
 
 
 
 

五、上传镜像到harbor私有镜像仓库:

本地镜像重新打tag
(1)例如将如下本地镜像
 
(2)重新打tag
#docker tag itsthenetwork/nfs-server-alpine:latest reg.yunwei.edu/learn/nfs-server-alpine:latest
 
将重新打tag之后的镜像上传到镜像库
 
私有镜像库的使用
(1)在harbor镜像库中查看镜像
 
 
(2)节点配置好了ca证书的ca.crt后,便可执行如下命令下载镜像。在kubernets集群中节点在启动pod时,会自动下载镜像
 
原文地址:https://www.cnblogs.com/daisyyang/p/11058466.html