Harbor—镜像仓库

1、Harbor介绍
        Docker容器应用的开发和运行离不开可靠的镜像管理，虽然Docker官方也提供了公共的镜像仓库，但是从安全和效率等方面考虑，部署我们私有环境内的Registry也是非常必要的。Harbor是由VMware公司开源的企业级的Docker Registry管理项目，它包括权限管理(RBAC)、LDAP、日志审核、管理界面、自我注册、镜像复制和中文支持等功能。
        官网地址：https://github.com/goharbor/harbor

2、Harbor镜像仓库部署
2.1、环境准备
harbor：192.168.4.5 2CPU、内存4G

关闭防火墙、selinux

2.2、自签发证书
1）创建存放证书目录

[[email protected] ~]# openssl version     # 检查是否安装了openssl
[[email protected] ~]# mkdir /opt/harbor-ca-key
[[email protected] ~]# cd /opt/harbor-ca-key/
2）创建ca证书

[[email protected] harbor-ca-key]# openssl genrsa -out ca.key 3072  # 生成3072位的ca.key的私钥
[[email protected] harbor-ca-key]# openssl req -new -x509 -days 3650 -key ca.key -out ca.pem  # 生成一个数字证书 ca.pem，3650 表示证书的有效时间是 10 年，按箭头提示填写即可，没有箭头 标注的为空：
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:guangdong
Locality Name (eg, city) [Default City]:guangzhou
Organization Name (eg, company) [Default Company Ltd]:harbor
Organizational Unit Name (eg, section) []:CA
Common Name (eg, your name or your server's hostname) []:harbor64.cn
Email Address []:[email protected]
3）生成域名的证书 

 
[[email protected] harbor-ca-key]# openssl genrsa -out harbor.key 3072   # 生成一个 3072 位的 key，也就是私钥
 
[[email protected] harbor-ca-key]# openssl req -new -key harbor.key -out harbor.csr  #生成一个证书请求，一会签发证书时需要的，标箭头的按提示填写，没有箭头标注的为空：
 
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:guangdong
Locality Name (eg, city) [Default City]:guangzhou
Organization Name (eg, company) [Default Company Ltd]:harbor
Organizational Unit Name (eg, section) []:CA
Common Name (eg, your name or your server's hostname) []:harbor64.cn
Email Address []:[email protected]
 
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:1234
An optional company name []:harbor
4）签发证书

[[email protected] harbor-ca-key]# openssl x509 -req -in harbor.csr -CA ca.pem -CAkey ca.key -CAcreateserial -out harbor.pem -days 3650
Signature ok
subject=/C=CN/ST=guangdong/L=guangzhou/O=harbor/OU=CA/CN=harbor64.cn/[email protected]
Getting CA Private Key
 
[[email protected] harbor-ca-key]# openssl x509 -noout -text -in harbor.pem   # 查看证书是否有效
 
Certificate:
    Data:
        Version: 1 (0x0)
        Serial Number:
            ed:66:8a:c0:ca:d3:2b:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=CN, ST=guangdong, L=guangzhou, O=harbor, OU=CA, CN=harbor64.cn/[email protected]
        Validity
            Not Before: Jun  5 10:33:54 2022 GMT
            Not After : Jun  2 10:33:54 2032 GMT
        Subject: C=CN, ST=guangdong, L=guangzhou, O=harbor, OU=CA, CN=harbor64.cn/[email protected]
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (3072 bit)
                Modulus:
…………………………………………………… # 显示以上内容证明有效
 
[[email protected] harbor-ca-key]# ls
ca.key  ca.pem  ca.srl  harbor.csr  harbor.key  harbor.pem

2.3、安装 Harbor
1）安装docker、docker-compose 

[[email protected] ~]# yum -y install wget
 
# 安装epel源，并将repo 配置中的地址替换为阿里云镜像站地址
[[email protected] ~]# wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
[[email protected] ~]# sed -i 's|^#baseurl=https://download.fedoraproject.org/pub|baseurl=https://mirrors.aliyun.com|' /etc/yum.repos.d/epel*
[[email protected] ~]# sed -i 's|^metalink|#metalink|' /etc/yum.repos.d/epel*
 
# 下载阿里云的yum源文件
[[email protected] ~]# wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.cloud.tencent.com/repo/centos7_base.repo
 
 
# 配置docker源
[[email protected] ~]# wget https://download.docker.com/linux/centos/docker-ce.repo -P /etc/yum.repos.d/
 
[[email protected] ~]# yum clean all && yum makecache 
[[email protected] ~]# yum install -y docker-ce docker-compose
[[email protected] ~]# systemctl enable docker
[[email protected] ~]# systemctl restart docker
2）安装harbor