一、部署带有证书的harbor集群
harbor下载包:http://harbor.orientsoft.cn/
docker阿里云地址:https://mirrors.aliyun.com/docker-ce/linux/centos/7/x86_64/stable/Packages/
一、部署docker(docker-compose)
#安装docker,生产需要docker存储配置足够大的磁盘 yum install -y https://mirrors.aliyun.com/docker-ce/linux/centos/7/x86_64/stable/Packages/docker-ce-18.03.1.ce-1.el7.centos.x86_64.rpm systemctl start docker systemctl enable docker yum install python-pip –y pip install --upgrade pip pip install docker-compose
二、部署带证书的harbor
1、生成证书
cd /opt/src wget https://pkg.cfssl.org/R1.2/cfssl_linux-amd64 wget https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64 wget https://pkg.cfssl.org/R1.2/cfssl-certinfo_linux-amd64 chmod +x cfssl* cp -rp cfssl* /usr/local/bin/ mkdir -p /opt/src/harbor/certs/ cd /opt/src/harbor/certs/ #生成key openssl genrsa -out /opt/src/harbor/certs/harbor-ca.key 2048 #生成指定有效期的证书(节点1) openssl req -x509 -new -nodes -key /opt/src/harbor/certs/harbor-ca.key -subj "/CN=harbor01.local.com" -days 71200 -out /opt/src/harbor/certs/harbor-ca.crt #节点2 openssl req -x509 -new -nodes -key /opt/src/harbor/certs/harbor-ca.key -subj "/CN=harbor02.local.com" -days 71200 -out /opt/src/harbor/certs/harbor-ca.crt
2、部署配置harbor
cd /opt/src wget http://harbor.orientsoft.cn/harbor-v1.5.0/harbor-offline-installer-v1.5.0.tgz tar xf harbor-offline-installer-v1.5.0.tgz cd harbor/
更改配置vim harbor.cfg
hostname = harbor01.local.com ui_url_protocol = https ssl_cert = /opt/src/harbor/certs/harbor-ca.crt ssl_cert_key = /opt/src/harbor/certs/harbor-ca.key
安装
./install.sh
三、客户端配置
1、发送harbor证书到管理节点
mkdir -p /etc/docker/certs.d/habor{01,02}.local.com #发送证书到管理节点,然后将相关文件发送到所有操作镜像的节点 #node01 scp /opt/src/harbor/certs/harbor-ca.crt 10.0.0.10:/e/docker/certs.d/habor01.local.com/ #node02 scp /opt/src/harbor/certs/harbor-ca.crt 10.0.0.10:/e/docker/certs.d/habor02.local.com/
2、docker登录测试
登录成功后,生成.docker
3、把相关文件送到有操作镜像的节点
#!/bin/bash #目标主机列表 IP=" 10.0.0.11 10.0.0.12 10.0.0.13 10.0.0.14 " for node in ${IP};do sshpass -p 123456 ssh-copy-id -p 22 ${node} -o StrictHostKeyChecking=no if [ $? -eq 0 ];then echo "${node} 秘钥copy完成,准备环境初始化....." ssh -p 22 ${node} "mkdir /etc/docker/certs.d/harbor{01,02}.local.com -p" echo "Harbor 证书目录创建成功!" scp -P 22 /etc/docker/certs.d/harbor01.local.com/harbor-ca.crt ${node}:/etc/docker/certs.d/harbor01.local.com/harbor-ca.crt scp -P 22 /etc/docker/certs.d/harbor02.local.com/harbor-ca.crt ${node}:/etc/docker/certs.d/harbor02.local.com/harbor-ca.crt echo "Harbor 证书拷贝成功!" scp -P 22 /etc/hosts ${node}:/etc/hosts echo "host 文件拷贝完成" scp -r -P 22 /root/.docker ${node}:/root/ echo "Harbor 认证文件拷贝完成!" scp -r -P 22 /etc/resolv.conf ${node}:/etc/ else echo "${node} 秘钥copy失败" fi done