标签:ase iptables 自启 harbor get pid 开机自启动 main 请求
harbor版本:harbor-offline-installer-v1.8.3.tgz
docker-compose version 1.24.1, build 4667896b
curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.163.com/.help/CentOS7-Base-163.repo
curl -o /etc/yum.repos.d/docker-ce.repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum clean all && yum makecache
先检查docker-ce位于哪个仓库,安装时一定要选择stable(稳定版)的
yum list docker-ce --showduplicates | sort -r
yum install docker-ce -y
yum install docker-ce-18.09.8 -y
docker设置
vim /usr/lib/systemd/system/docker.service Environment="HTTPS_PROXY=http://www.ik8s.io" Environment="NO_PROXY=127.0.0.0/8,172.20.0.0/16,10.10.10.0/24" ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock # ExecStartPost=/usr/sbin/iptables -P FORWARD ACCEPT # ExecStartPost=/usr/sbin/iptables -I FORWARD -s 0.0.0.0/0 -j ACCEPT ExecReload=/bin/kill -s HUP $MAINPID TimeoutSec=0 mkdir /etc/docker cat > /etc/docker/daemon.json << EOF { "registry-mirrors": ["https://kz7brmw7.mirror.aliyuncs.com"] } EOF
启动docker
if ! which cfssl; then
wget https://pkg.cfssl.org/R1.2/cfssl_linux-amd64 -O /usr/local/bin/cfssl
fi
if ! which cfssljson; then
wget https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64 -O /usr/local/bin/cfssljson
fi
if ! which cfssl-certinfo; then
wget https://pkg.cfssl.org/R1.2/cfssl-certinfo_linux-amd64 -O /usr/local/bin/cfssl-certinfo
fi
chmod +x /usr/local/bin/cfssl*
# 创建ca证书请求文件 cat << EOF > ca-csr.json { "CN": "Private CA Root certificate", "key": { "algo": "rsa","size": 2048 }, "ca": { "expiry": "876000h" }, "names": [ { "C": "CN", "L": "BJ", "ST": "BeiJing", "O": "Private CA certificates are issued", "OU": "" } ] } EOF cfssl gencert -initca ca-csr.json | cfssljson -bare ca # 创建配置文件 cat << EOF > ca-config.json { "signing": { "default": { "expiry": "8760h" }, "profiles": { "harbor": { "expiry": "876000h", "usages": [ "signing", "key encipherment", "server auth", "client auth" ] } } } } EOF # 创建证书签名请求文件 cat << EOF > harbor-csr.json { "CN": "harbor.hub.com", "hosts": [ "127.0.0.1", "10.10.10.21", "harbor.hub.com" ], "key": { "algo": "rsa", "size": 2048 }, "names": [ { "C": "CN", "L": "ZJ", "ST": "HZ", "O": "harbor", "OU": "" } ] } EOF # 生成证书 cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=harbor harbor-csr.json | cfssljson -bare harbor
# The IP address or hostname to access admin UI and registry service. # DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients. hostname: harbor.hub.com # 此处修改 # http related config #http: # 此处修改 # port for http, default is 80. If https enabled, this port will redirect to https port # port: 80 # 此处修改 # https related config https: # 此处修改 # # https port for harbor, default is 443 port: 443 # 此处修改 # # The path of cert and key files for nginx certificate: /home/harbor/certs/domain.crt # 此处修改 private_key: /home/harbor/certs/domain.key # 此处修改 ······ # The default data volume data_volume: /home/harbor/data # 此处修改 ······
./install.sh
https://harbor.hub.com 设置 hosts 映射文件。默认管理员用户名 / 密码为 admin / Harbor12345
vim /etc/docker/daemon.json { "insecure-registries": ["harbor.hub.com"] }
docker pull hello-world
docker tag hello-world:latest harbor.hub.com/library/word:latest docker login harbor.hub.com -uadmin -pHarbor12345 docker push harbor.hub.com/library/word:latest
cat<< ‘EOF‘ > /usr/lib/systemd/system/harbor.service
[Unit]
Description=harbor service
After=docker.target
[Service]
Type=forking
ExecStart=/home/harbor/start.sh
[Install]
WantedBy=multi-user.target
EOF
cat << ‘EOF‘ > /home/harbor/start.sh
#!/bin/bash
SHHOME=$(cd `dirname $0`; pwd)
cd $SHHOME
/usr/local/bin/docker-compose up -d &
EOF
chmod +x /home/harbor/start.sh
systemctl daemon-reload
systemctl start harbor.service
systemctl status harbor.service
systemctl enable harbor.service
标签:ase iptables 自启 harbor get pid 开机自启动 main 请求
原文地址:https://www.cnblogs.com/outsrkem/p/12597759.html