Shulou(Shulou.com)06/02 Report--

Preparatory work:

1. Upgrade the system

Cd / etc/yum.repos.d/

Wget-O / etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo

Yum update-y

[root@harbor ~] # cat / etc/redhat-release

CentOS Linux release 7.6.1810 (Core)

two。 Configure the DNS domain name and test

Vi / etc/hosts

10.100.13.77 hctest.cn

Download yum source: wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

Install docker-ce

Yum-y install docker-ce

Start docker

Systemctl start docker

Configure docker domestic images:

Vi / etc/docker/daemon.json

{

"registry-mirrors": ["https://registry.docker-cn.com"]"

}

Restart

Systemctl restart docker

Install docker-compose

Curl-L https://github.com/docker/compose/releases/download/1.23.1/docker-compose-`uname-s-uname-M`-o / usr/local/bin/docker-compose

Authorization

Chmod + x / usr/local/bin/docker-compose

Soft connection:

Ln-sv / usr/local/bin/docker-compose / usr/sbin/docker-compose

[root@test] # docker-compose-- version

Docker-compose version 1.23.1, build b02f1306

Install harbor

Wget https://storage.googleapis.com/harbor-releases/release-1.6.0/harbor-online-installer-v1.6.2.tgz

Tar-zxf harbor-online-installer-v1.6.2.tgz

Mkdir / data

Mv harbor / data/harbor

Create a CA certificate:

Mkdir / data/cert

Cd / data/cert

Openssl req-nodes-subj "/ CN=hchctest.cn"-newkey rsa:4096-keyout hchctest.cn.key-out hchctest.cn.csr

Openssl x509-req-days 3650-in hchctest.cn.csr-signkey hchctest.cn.key-out hchctest.cn.crt

Openssl x509-req-in hchctest.cn.csr-CA hchctest.cn.crt-CAkey hchctest.cn.key-CAcreateserial-out hchctest.cn.crt-days 10000

Configure harbor:

Vim / data/harbor/ harbor.cfg

Modify the following:

Hostname = hctest.cn

Ui_url_protocol = https

Ssl_cert = / data/cert/hchctest.cn.crt

Ssl_cert_key = / data/cert/hchctest.cn.key

Harbor_admin_password = Harbor12345 # change login password

Start harbor

. / install.sh

Modify docker.service

Vim / usr/lib/systemd/system/docker.service

ExecStart=/usr/bin/dockerd-- graph=/data/docker-H unix://-- insecure-registry hchctest.cn

Note:-- graph=/data/docker docker image storage path

Test:

[root@test harbor] # docker login hctest.cn

Username: admin

Password:

WARNING! Your password will be stored unencrypted in / root/.docker/config.json.

Configure a credential helper to remove this warning. See

Https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

Note: because harbor is choreographed based on docker-compose services, you can start it directly using the docker-compose command.

Restart the configuration file without modification: docker-compose start | stop | restart

1. Stop harbor docker-compose down-v

two。 Start harbor docker-compose up-d

Client use

Note: because of the https protocol, the client needs crt to copy the hchctest.cn.crt from the server

Mkdir / etc/docker/certs.d/hchctest.cn/

Scp / data/cert/hchctest.cn.crt root@master:/etc/docker/certs.d/hchctest.cn/

Client test:

Error troubleshooting:

Prompt x509: certificate signed by unknown authority when docker login

Solution: the self-signed certificate is not trusted by the system. You need to copy / hchctest.cn.crt to / etc/docker/certs.d/hchctest.cn/, without restarting docker.

The specific operations are as follows

Mdkir / etc/docker/certs.d/hchctest.cn/

Cp / data/cert/hchctest.cn.crt / etc/docker/certs.d/hchctest.cn/

Log in again to solve the problem!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.