1 Server Information

  • Operating system:Centos 7.9 x64
  • IP address: 10.10.10.13
  • User Name/Password:root/geoscene
  • The name of the machine:ps.geoscene.cd

2 install the Docker

This section describes how to install a stable version of Docker with access to the Internet:

  1. Update system: yum Update

  2. Uninstall old versions of Docker:

yum remove docker \
docker-client \
docker-client-latest \
docker-common \
docker-latest \
docker-latest-logrotate \
docker-logrotate \
docker-engine
Copy the code

  1. Install Docker dependencies: yum install -y yum-utils, yum-config-manager access tool

  2. Add the Docker warehouse: yum – config manager – add – ‘https://download.docker.com/linux/centos/docker-ce.repo

  3. Docker Engine: yum install docker-ce docker-ce cli containerd.io

  4. Start the Docker service: systemctl start Docker

  5. To configure Docker startup: systemctl enable Docker

  6. Check the Dokcer status: systemctl status docker

3 installation docker – compose

  1. Download the stable version:Sudo curl - L "https://github.com/docker/compose/releases/download/1.28.3/docker-compose-$(uname - s) - $(uname -m)" - o /usr/local/bin/docker-compose
  2. Application execution permission:sudo chmod +x /usr/local/bin/docker-compose

4 installed Harbor

  1. copyHarborThe installation packageHarbor - offline installer - v2.0.6 TGZto/usr/localfolder
  2. Decompress the installation package:Tar - XZVF harbor - offline installer - v2.0.6. TGZ
  3. Modify theharbor.yml.tmpFile Name:mv harbor.yml.tmp harbor.yml
  4. Modify theharbor.ymlFile:vi harbor.yml, modifyhttpThe port number is 8081harbor_admind_password
  5. If not neededhttpsAccess, can be maskedhttpsConfiguration, skip Chapter 5; If you needhttpsTo view chapter 5
  6. Retain the default Settings for other configuration items
  7. If you needhttpsAccess, refer to Chapter 5 for configurationhttpsAfter the relevant certificate is specified./preparetonginxconfigurationhttps; If you don’t need ithttpsGo to Step 8
  8. The installationHarbor:./install.sh, dependencies will be automatically installedDockerThe mirror;
  9. accessHarborAnd create the projecttest.

5 Configure HTTPS access

To configure HTTPS access to Harbor, you need to create a certificate for it as follows:

5.1 Generating ca Certificates

The documentation on the official website states that certificates obtained from a CA should be used in production environments. However, in a test or development environment, you can generate your own CA certificates.

  1. generateCAThe private key certificate
$ openssl genrsa -out ca.key 4096
Copy the code
  1. generateCAcertificate
$ openssl req -x509 -new -nodes -sha512 -days 3650 \
 -subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=yourdomain.com" \
 -key ca.key \
 -out ca.crt
Copy the code

5.2 Generating a Server Certificate

  1. Generate a private key
$ openssl genrsa -out ps.geoscene.cd.key 4096
Copy the code
  1. Generate a CSR(Certificate Signing Request)
openssl req -sha512 -new \
    -subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=ps.geoscene.cd" \
    -key ps.geoscene.cd.key \
    -out ps.geoscene.cd.csr
Copy the code
  1. To generate aV3Extended file

This file must be created whenever you connect to the Harbor host using either an FQDN or an IP address to generate a certificate for the Harbor host that complies with the user alternate Name (SAN) and X509 V3 extension requirements.

cat > v3.ext <<-EOF authorityKeyIdentifier=keyid,issuer basicConstraints=CA:FALSE keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment extendedKeyUsage = serverAuth subjectAltName = @alt_names [alt_names] DNS.1=ps.geoscene.cd DNS.2=ps.geoscene.cd DNS.3=hostname EOF
Copy the code
  1. usev3.txtFile forHarborCertificate Generation by the server
openssl x509 -req -sha512 -days 3650 \
    -extfile v3.ext \
    -CA ca.crt -CAkey ca.key -CAcreateserial \
    -in ps.geoscene.cd.csr \
    -out ps.geoscene.cd.crt
Copy the code

5.3 Provide certificates for Harbor and Docker

  1. To view/dataDo you have it in the directorycertFolder, if not, create a folder
  2. Copy server keys and certificates tocertfolder
$ cp ps.geoscene.cd.crt /data/cert/
$ cp ps.geoscene.cd.key /data/cert/
Copy the code
  1. In order toDockerUse,.crtto.cert.Docker daemonwill.crtThe file asCAThe certificate will be.certThe file is regarded as a client certificate
$ openssl x509 -inform PEM -in ps.geoscene.cd.crt -out ps.geoscene.cd.cert
Copy the code
  1. Combine the server certificate, key, andCACopy files toDockerCertificate folder

Create the certs.d folder in the /etc/docker folder and create the ps.geoscene.cd subfile in this folder. If the HTTPS port is not the default 443, add the specified port number to the subfolder name, for example, ps.geoscene. CD :444.

$ cp ps.geoscene.cd.cert /etc/docker/certs.d/ps.geoscene.cd:444/
$ cp ps.geoscene.cd.key /etc/docker/certs.d/ps.geoscene.cd:444/
$ cp ca.crt /etc/docker/certs.d/ps.geoscene.cd:444/
Copy the code
  1. restartdockerServices:systemctl restart docker

6 Verify that Harbor is available

The client system is Windows. Please ensure that Docker has been installed on the system.

  1. Go to the Docker screen, click the Settings button, click “Docker Engine”

  2. Modify the corresponding content of insecure-registries and add 10.10.10.13:8081 and ps.geoscene. CD :8081

  3. Open a command window, access Harbor, docker login ps.geoscene. CD, and enter your user name and password as prompted

  4. Push image from local to Harbor:

$ docker tag SOURCE_IMAGE[:TAG] ps.geoscene.cd:8081/test/REPOSITORY[:TAG]
$ docker push ps.geoscene.cd:8081/test/REPOSITORY[:TAG]
Copy the code
  1. fromHarborPull image to local:docker pull ps.geoscene.cd:8081/test/REPOSITORY[:TAG]

7 Harbor Other operations

  • restartharborAll containers:docker-compose up -d
  • deleteharborAll containers:docker-compose down -v

8 Problems during installation

  1. harbortheredisThe container cannot start properly

The last two lines of the docker logs redis container display the following information:

1:M 05 Mar 06:09:19.140 # Can't handle RDB format version 9
1:M 05 Mar 06:09:19.140 # Fatal error loading the DB: Invalid argument. Exiting.
Copy the code

Solutions:

  • Use commands in the host machinefind / -name *.rdb
  • delete/data/redis/dump.rdbfile
  • restartredisContainer:docker restart redis