Harbor構築

6887 ワード

これを初めて使用したのは、入社したばかりの最初のタスクで、HarborはDockerミラーを格納および配布するエンタープライズクラスのRegistryサーバであることがわかりました.
なぜ私有倉庫を使うのか、主に簡単で、第一に自分のサーバー環境を他の人に見せたくないのか、なぜ国内の他の私有クラウドサービスを使わないのか.公網と比較して、内網のダウンロード速度はもっと速いのではないでしょうか.
準備作業
1.Docker 2.Docker-compose 3.Harbor
Dockerのインストール
ここではCentos 7.6を例に

#   selinux
sudo sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
#     
systemctl stop firewalld.service && systemctl disable firewalld.service
#    
ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
#    
sudo echo 'LANG="en_US.UTF-8"' >> /etc/profile;source /etc/profile
#      
NEW_USER=rancher
#     (  )
sudo adduser $NEW_USER
#         
sudo passwd $NEW_USER
#       sudo  
sudo echo "$NEW_USER ALL=(ALL) ALL" >> /etc/sudoers
#      Docker  
sudo yum remove docker \
              docker-client \
              docker-client-latest \
              docker-common \
              docker-latest \
              docker-latest-logrotate \
              docker-logrotate \
              docker-selinux \
              docker-engine-selinux \
              docker-engine \
              container*
#       
export docker_version=18.06.3
#             ，      （  ）
sudo yum update -y;
#            
sudo yum install -y yum-utils device-mapper-persistent-data \
    lvm2 bash-completion;
# Step 2:        
sudo yum-config-manager --add-repo \
    http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo;
# Step 3:       Docker-CE
sudo yum makecache all;
version=$(yum list docker-ce.x86_64 --showduplicates | sort -r|grep ${docker_version}|awk '{print $2}');
sudo yum -y install --setopt=obsoletes=0 docker-ce-${version} docker-ce-selinux-${version};
#          Docker,       (  )
yum downgrade --setopt=obsoletes=0 -y docker-ce-${version} docker-ce-selinux-${version};
#        docker 
sudo usermod -aG docker $NEW_USER;
#       
sudo systemctl enable docker;

vim /etc/docker/daemon.json
{
    "registry-mirrors": ["https://7bezldxe.mirror.aliyuncs.com/","https://IP:PORT/"]
}

Docker-composeのインストール

       docker-compose

sudo curl -L https://github.com/docker/compose/releases/download/1.17.0/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose

            

chmod +x /usr/local/bin/docker-compose

   docker-compose      

docker-compose --version

    
docker-compose version 1.17.1, build 6d101fb

この方法はダウンロードできないことが多い.
pipを使用してインストールできます

wget --no-check-certificate https://pypi.python.org/packages/source/s/setuptools/setuptools-1.4.2.tar.gz

tar -vxf setuptools-1.4.2.tar.gz

cd setuptools-1.4.2

python2.7 setup.py install        //        Python 2.7

easy_install-2.7 pip

pip install docker-compose

Harborのインストール

wget https://github.com/vmware/harbor/releases/download/v1.1.2/harbor-offline-installer-v1.1.2.tgz

     ,    ，            ，     ，  ，          ，       ！

tar -zxvf harbor-offline-installer-v1.1.2.tgz

次にharbor.cfgを構成する必要があります

## Configuration file of Harbor

# hostname      ，    ip、  ，      127.0.0.1 localhost
hostname = 115.159.227.249   #           IP  

#     ，   http，     https，    https， nginx ssl    on
ui_url_protocol = http

# mysql   root      root123，        
db_password = root123

#Maximum number of job workers in job service
max_job_workers = 3

#Determine whether or not to generate certificate for the registry's token.
#If the value is on, the prepare script creates new root cert and private key
#for generating token to access the registry. If the value is off the default key/cert will be used.
#This flag also controls the creation of the notary signer's cert.
customize_crt = on

#The path of cert and key files for nginx, they are applied only the protocol is set to https
ssl_cert = /data/cert/server.crt
ssl_cert_key = /data/cert/server.key

#The path of secretkey storage
secretkey_path = /data

#Admiral's url, comment this attribute, or set its value to NA when Harbor is standalone
admiral_url = NA

#NOTES: The properties between BEGIN INITIAL PROPERTIES and END INITIAL PROPERTIES
#only take effect in the first boot, the subsequent changes of these properties
#should be performed on web ui

#************************BEGIN INITIAL PROPERTIES************************

#Email account settings for sending out password resetting emails.

#Email server uses the given username and password to authenticate on TLS connections to host and act as identity.
#Identity left blank to act as username.
email_identity =

email_server = smtp.mydomain.com
email_server_port = 25
email_username = [email protected]
email_password = abc
email_from = admin 
email_ssl = false

##The initial password of Harbor admin, only works for the first time when Harbor starts.
#It has no effect after the first launch of Harbor.
#   Harbor ，   UI     ，   Harbor12345
harbor_admin_password = Harbor12345

#     ，          ， LADP、    、     。   db_auth，mysql     
auth_mode = db_auth

#The url for an ldap endpoint.
ldap_url = ldaps://ldap.mydomain.com

#A user's DN who has the permission to search the LDAP/AD server.
#If your LDAP/AD server does not support anonymous search, you should configure this DN and ldap_search_pwd.
#ldap_searchdn = uid=searchuser,ou=people,dc=mydomain,dc=com

#the password of the ldap_searchdn
#ldap_search_pwd = password

#The base DN from which to look up a user in LDAP/AD
ldap_basedn = ou=people,dc=mydomain,dc=com

#Search filter for LDAP/AD, make sure the syntax of the filter is correct.
#ldap_filter = (objectClass=person)

# The attribute used in a search to match a user, it could be uid, cn, email, sAMAccountName or other attributes de
pending on your LDAP/AD  ldap_uid = uid

#the scope to search for users, 1-LDAP_SCOPE_BASE, 2-LDAP_SCOPE_ONELEVEL, 3-LDAP_SCOPE_SUBTREE
ldap_scope = 3

#Timeout (in seconds)  when connecting to an LDAP Server. The default value (and most reasonable) is 5 seconds.
ldap_timeout = 5

#        
self_registration = on

# Token    ，  30  
token_expiration = 30

#           ，   everyone（   ），      adminonly（     ）
project_creation_restriction = everyone

#Determine whether the job service should verify the ssl cert when it connects to a remote registry.
#Set this flag to off when the remote registry uses a self-signed or untrusted certificate.
verify_remote_cert = on
#************************END INITIAL PROPERTIES************************

harborを起動し、プロファイルを変更した後、現在のディレクトリで./install.shを実行すると、Harborサービスは当期ディレクトリのdocker-compose.ymlに基づいて依存するミラーのダウンロードを開始し、検出して順番に各サービスを開始します.
起動が完了したら、設定したhostnameにアクセスします.http://115.159.227.249/デフォルトは80ポートです.ポートが占有されている場合は、docker-compose.ymlファイルの対応するサービスのポートマッピングを変更できます.

Vuexの基本的な使用

Windows Server 2008 R 2にExcelをインポート