系統(tǒng)運(yùn)維 一·http方式

 harbor項(xiàng)目現(xiàn)托管在github上面，在此處以harbor v1.7.5為例演示。
  1·將harbor的二進(jìn)制包下載到/usr/local/src目錄下
  2·解壓縮 tar xvf harbor.v.1.7.5.tar
  3·進(jìn)如到解壓harbor目錄中，修改harbor.cfg文件

成都創(chuàng)新互聯(lián)公司是一家集網(wǎng)站建設(shè),大通企業(yè)網(wǎng)站建設(shè),大通品牌網(wǎng)站建設(shè),網(wǎng)站定制,大通網(wǎng)站建設(shè)報(bào)價(jià),網(wǎng)絡(luò)營(yíng)銷,網(wǎng)絡(luò)優(yōu)化,大通網(wǎng)站推廣為一體的創(chuàng)新建站企業(yè)，幫助傳統(tǒng)企業(yè)提升企業(yè)形象加強(qiáng)企業(yè)競(jìng)爭(zhēng)力。可充分滿足這一群體相比中小企業(yè)更為豐富、高端、多元的互聯(lián)網(wǎng)需求。同時(shí)我們時(shí)刻保持專業(yè)、時(shí)尚、前沿，時(shí)刻以成就客戶成長(zhǎng)自我，堅(jiān)持不斷學(xué)習(xí)、思考、沉淀、凈化自己，讓我們?yōu)楦嗟钠髽I(yè)打造出實(shí)用型網(wǎng)站。

1 ## Configuration file of Harbor
  2 
  3 #This attribute is for migrator to detect the version of the .cfg fil    e, DO NOT MODIFY!
  4 _version = 1.7.0
  5 #The IP address or hostname to access admin UI and registry service.
  6 #DO NOT use localhost or 127.0.0.1, because Harbor needs to be access    ed by external clients.
  7 #DO NOT comment out this line, modify the value of hostname directl    y, or the installation will fail.
  8 hostname = 192.168.238.7
  9 
 10 #The protocol for accessing the UI and token/notification service, by     default it is http.
 11 #It can be set to https if ssl is enabled on nginx.
 12 ui_url_protocol = http
 13 
 14 #Maximum number of job workers in job service  
 15 max_job_workers = 10 
 ...
 58 email_server = smtp.mydomain.com
 59 email_server_port = 25
 60 email_username = sample_admin@mydomain.com
 61 email_password = abc
 62 email_from = admin <sample_admin@mydomain.com>
 63 email_ssl = false
 64 email_insecure = false
 65 
 66 ##The initial password of Harbor admin, only works for the first time     when Harbor starts. 
 67 #It has no effect after the first launch of Harbor.
 68 #Change the admin password from UI after launching Harbor.
 69 harbor_admin_password = 123456

  主要修改hostname和adminpasswd。
  4·查看install.sh文件，查看安裝harbor所需環(huán)境

#!/bin/bash

#docker version: 1.11.2 
#docker-compose version: 1.7.1 
#Harbor version: 0.4.0 

  此為低版本要求，docker的安裝可以在阿里鏡像站按照步驟一步步安裝，但是docker-compose若是要安裝最新版本就需要下載python-pip一個(gè)類似yum或apt的工具，然后在使用pip install docker-compose安裝即可
  5·運(yùn)行install.sh腳本安裝，至此，安裝完成

我們上傳的鏡像會(huì)存放在宿主機(jī)的docker/registry/v2/repositories/ 需要上傳和下載harbor鏡像的docker服務(wù)器需要在docker的啟動(dòng)腳本中添加信任不可靠的鏡像原

vim /lib/systemd/system/docker.service
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --insecure-registry 192.168.238.12(harbor地址)

重啟docker 上傳鏡像時(shí)首先要登陸到harbor服務(wù)器
docker login 192.168.238.7
輸入賬號(hào)為admin密碼為harbor.cfg中所配置密碼登陸成功，然后對(duì)制作的鏡像重新打tag，例如
tag nginx:laste 192.168.238.7/NGINX/nginx:5.2
其中NGINX必須要有這個(gè)項(xiàng)目方可上傳 在網(wǎng)頁(yè)打開(kāi)192.168.238.7，輸入賬號(hào)密碼，創(chuàng)建NGINX項(xiàng)目
<img src="harbor1.png" width = "80%"/> docker push 192.168.238.7/NGINX/nginx:5.2   2·實(shí)現(xiàn)高可用的harbor

    1·配置同上新建一個(gè)harbor服務(wù)
    2·在docker的啟動(dòng)腳本中加上兩個(gè)harbor服務(wù)器的地址
    3·在主harbor服務(wù)器的網(wǎng)頁(yè)上做如下操作
<img src="harbor新建規(guī)則.png" width = "80%"/>
按照提示一步步添加另一臺(tái)harbor

二·https方式

 1·如上http方式部署。只是不用在docker的啟動(dòng)腳本中添加受信任的地址
 2.在harbor的安裝目錄下創(chuàng)建一個(gè)certs目錄
mkdir certs
 3·生成私鑰和公鑰（注：公鑰的地址要與harbor.cfg中的hostname相同）
openssl genrsa -out harbor-ca.key
touch /root/.rnd
openssl req -x509 -new -nodes -key harbor-ca.key -subj /CN=harbor.magedu.net -days 7120 -out harbor-ca.crt
 4·修改harbor.cfg配置文件

1 ## Configuration file of Harbor
  2 
  3 #This attribute is for migrator to detect the version of the .cfg fil    e, DO NOT MODIFY!
  4 _version = 1.7.0
  5 #The IP address or hostname to access admin UI and registry service.
  6 #DO NOT use localhost or 127.0.0.1, because Harbor needs to be access    ed by external clients.
  7 #DO NOT comment out this line, modify the value of hostname directl    y, or the installation will fail.
  8 hostname = harbor.magedu.net
  9 
 10 #The protocol for accessing the UI and token/notification service, by     default it is http.
 11 #It can be set to https if ssl is enabled on nginx.
 12 ui_url_protocol = https
13 
 14 #Maximum number of job workers in job service  
 15 max_job_workers = 10 
 16 
 17 #Determine whether or not to generate certificate for the registry\'s     token.
 18 #If the value is on, the prepare script creates new root cert and pri    vate key 
 19 #for generating token to access the registry. If the value is off the     default key/cert will be used.
 20 #This flag also controls the creation of the notary signer\'s cert.
 21 customize_crt = on
 22 
 23 #The path of cert and key files for nginx, they are applied only the     protocol is set to https
 24 ssl_cert = /usr/local/src/harbor/certs/harbor-ca.crt
 25 ssl_cert_key = /usr/local/src/harbor/certs/harbor-ca.key
 26 
 *67 #It has no effect after the first launch of Harbor.
 68 #Change the admin password from UI after launching Harbor.
 69 harbor_admin_password = 123456
*

這個(gè)域名要有dns解析或者是hosts文件
 5·docker客戶端分發(fā)公鑰
mkdir -p /etc/docker/certs.d/(harbor.cfg中的hostname)
將harbor的公鑰拷貝過(guò)來(lái) /etc/docker/certs.d/(harbor.cfg中的hostname）重啟docker即可

分享題目：harbor基于http和https的創(chuàng)建與使用
文章出自：http://chinadenli.net/article30/cjehso.html

成都網(wǎng)站建設(shè)公司_創(chuàng)新互聯(lián)，為您提供網(wǎng)頁(yè)設(shè)計(jì)公司、網(wǎng)站排名、品牌網(wǎng)站設(shè)計(jì)、云服務(wù)器、微信小程序、網(wǎng)站維護(hù)

廣告

聲明：本網(wǎng)站發(fā)布的內(nèi)容（圖片、視頻和文字）以用戶投稿、用戶轉(zhuǎn)載內(nèi)容為主，如果涉及侵權(quán)請(qǐng)盡快告知，我們將會(huì)在第一時(shí)間刪除。文章觀點(diǎn)不代表本網(wǎng)站立場(chǎng)，如需處理請(qǐng)聯(lián)系客服。電話：028-86922220；郵箱：631063699@qq.com。內(nèi)容未經(jīng)允許不得轉(zhuǎn)載，或轉(zhuǎn)載時(shí)需注明來(lái)源： 創(chuàng)新互聯(lián)