部署带有证书的harbor集群

一、部署带有证书的harbor集群

　　harbor下载包：http://harbor.orientsoft.cn/

　　docker阿里云地址：https://mirrors.aliyun.com/docker-ce/linux/centos/7/x86_64/stable/Packages/

  一、部署docker（docker-compose）

#安装docker，生产需要docker存储配置足够大的磁盘
yum install -y https://mirrors.aliyun.com/docker-ce/linux/centos/7/x86_64/stable/Packages/docker-ce-18.03.1.ce-1.el7.centos.x86_64.rpm
systemctl  start docker
systemctl  enable  docker
yum install python-pip –y
pip install --upgrade pip
pip install docker-compose

  二、部署带证书的harbor

　　1、生成证书

cd /opt/src
wget https://pkg.cfssl.org/R1.2/cfssl_linux-amd64
wget https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64
wget https://pkg.cfssl.org/R1.2/cfssl-certinfo_linux-amd64
chmod +x cfssl*
cp -rp cfssl* /usr/local/bin/

mkdir -p /opt/src/harbor/certs/
cd /opt/src/harbor/certs/
#生成key
openssl genrsa -out /opt/src/harbor/certs/harbor-ca.key 2048
#生成指定有效期的证书（节点1）
openssl req -x509 -new -nodes -key /opt/src/harbor/certs/harbor-ca.key  -subj "/CN=harbor01.local.com" -days 71200 -out /opt/src/harbor/certs/harbor-ca.crt
#节点2
openssl req -x509 -new -nodes -key /opt/src/harbor/certs/harbor-ca.key  -subj "/CN=harbor02.local.com" -days 71200 -out /opt/src/harbor/certs/harbor-ca.crt

　　2、部署配置harbor

cd /opt/src
wget http://harbor.orientsoft.cn/harbor-v1.5.0/harbor-offline-installer-v1.5.0.tgz
tar xf harbor-offline-installer-v1.5.0.tgz 
cd harbor/

　　更改配置vim harbor.cfg

hostname = harbor01.local.com
ui_url_protocol = https
ssl_cert = /opt/src/harbor/certs/harbor-ca.crt
ssl_cert_key = /opt/src/harbor/certs/harbor-ca.key

　　安装

 ./install.sh

  三、客户端配置

　　1、发送harbor证书到管理节点

mkdir -p /etc/docker/certs.d/habor{01,02}.local.com
#发送证书到管理节点，然后将相关文件发送到所有操作镜像的节点
#node01
scp /opt/src/harbor/certs/harbor-ca.crt 10.0.0.10:/e/docker/certs.d/habor01.local.com/
#node02
scp /opt/src/harbor/certs/harbor-ca.crt 10.0.0.10:/e/docker/certs.d/habor02.local.com/

　　2、docker登录测试

　　登录成功后，生成.docker

　　3、把相关文件送到有操作镜像的节点

#!/bin/bash
#目标主机列表
IP="
10.0.0.11
10.0.0.12
10.0.0.13
10.0.0.14
"
for node in ${IP};do
  sshpass -p 123456 ssh-copy-id  -p 22 ${node}  -o StrictHostKeyChecking=no
  if [ $? -eq 0 ];then
    echo "${node} 秘钥copy完成,准备环境初始化....."
      ssh  -p 22   ${node}  "mkdir /etc/docker/certs.d/harbor{01,02}.local.com -p"
      echo "Harbor 证书目录创建成功!"
      scp -P 22 /etc/docker/certs.d/harbor01.local.com/harbor-ca.crt ${node}:/etc/docker/certs.d/harbor01.local.com/harbor-ca.crt
      scp -P 22 /etc/docker/certs.d/harbor02.local.com/harbor-ca.crt ${node}:/etc/docker/certs.d/harbor02.local.com/harbor-ca.crt
      echo "Harbor 证书拷贝成功!"
      scp -P 22 /etc/hosts ${node}:/etc/hosts
      echo "host 文件拷贝完成"
      scp -r -P 22  /root/.docker  ${node}:/root/
      echo "Harbor 认证文件拷贝完成!"
      scp -r -P 22  /etc/resolv.conf  ${node}:/etc/
  else
    echo "${node} 秘钥copy失败"
  fi
done