![20210321092312666[1].jpg](/upload/20210321092312666%5B1%5D.jpg)
1)Python应该是 应 2.7或更高版本
2)Docker引擎应为 引 1.10或更高版本
3)DockerCompose需要为 需 1.6.0或更高版本
安装python
# 安装依赖
yum install -y openssl-devel openssl-static zlib-devel lzma tk-devel xz-devel bzip2-devel ncurses-devel gdbm-devel readline-devel sqlite-devel gcc libffi-devel
# 下载
wget https://www.python.org/ftp/python/3.7.0/Python-3.7.0.tgz
# 编译安装
tar -xf Python-3.7.0.tgz cd Python-3.7.6/ ./configure && make && make install
# 生成软链接
ln -s /usr/local/Python-3.7.0/python /usr/bin/python3
# 验证
python3安装docker
# 安装yum-config-manager配置工具
yum -y install yum-utils
# 设置yum源
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
# 安装docker-ce版本
yum install -y docker-ce
# 启动并设置开机自启
systemctl start docker && systemctl enable docker
# 查看版本号
docker -v
# 查看版本具体信息
docker version
# Docker镜像源设置
# 修改文件 /etc/docker/daemon.json,没有这个文件就创建
# 添加以下内容后,重启docker服务:
cat >/etc/docker/daemon.json<<EOF
{
"registry-mirrors": [
"http://hub-mirror.c.163.com",
"https://7vnz06qj.mirror.aliyuncs.com"
],
"exec-opts": ["native.cgroupdriver=systemd"]
}
EOF
# 加载
systemctl reload docker && systemctl restart docker安装docker-compose
https://github.com/docker/compose/releases
# 下载docker-compose
curl -L https://get.daocloud.io/docker/compose/releases/download/1.27.4/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose
# 授予执行权限
chmod +x /usr/local/bin/docker-compose
# 软链接
ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose
# 验证
docker-compose version部署harbor
https://github.com/goharbor/harbor/releases
https://github.com/aquasecurity/trivy
创建证书私钥目录并创建证书私钥
# 1>创建证书私钥目录
mkdir /usr/local/harbor/cert -p
# 2>授予权限
chmod -R 777 /usr/local/harbor/cert
# 3>创建私钥(在/usr/local/harbor/cert执行)
openssl genrsa -des3 -out server.key 2048
# 4>创建公钥
openssl req -new -key server.key -out server.csr
# 5>备份私钥
cp server.key server.key.org
# 6>退密码处理(因为在容器内每次操作都要输入密码)
openssl rsa -in server.key.org -out server.key
# 7>创建无密证书
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt安装漏洞扫描工具
# 安装漏洞扫描工具
wget https://github.com/aquasecurity/trivy/releases/download/v0.44.0/trivy_0.44.0_Linux-64bit.rpm
rpm -ivh trivy_0.44.0_Linux-64bit.rpm安装harbor
# 下载harbor
wget https://github.com/goharbor/harbor/releases/download/v2.5.1/harbor-offline-installer-v2.5.1.tgz
tar -xf harbor-offline-installer-v2.2.2.tgz -C /usr/local/
cd /usr/local/harbor/
cp -a harbor.yml.tmpl harbor.yml
# vim修改配置文件
===========================
# Configuration file of Harbor
# The IP address or hostname to access admin UI and registry service.
# DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
hostname: www.myharbor.com
# http related config
http:
# port for http, default is 80. If https enabled, this port will redirect to https port
port: 80
# https related config
https:
# https port for harbor, default is 443
port: 443
# The path of cert and key files for nginx
certificate: /usr/local/harbor/cert/server.crt
private_key: /usr/local/harbor/cert/server.key
=============================
# 执行安装脚本
# --with-trivy参数来安装Trivy插件
# --with-chartmuseum 参数表示启用Charts存储功能
# --with-notary: 安装镜像签名组件Notary(包括Notary Server和Notary Singer),必须配置HTTPS方可指定该参数
./install.sh --with-notary --with-trivy --with-chartmuseum
# 手动启动服务:
docker-compose start
docker-compose stop
docker-compose up -d
# 验证访问
https://www.myharbor.com
评论区