热门标签
热门文章
- 1mathtype运行时错误48_解决"QWindowsContext: OleInitialize() failed"运行时错误
- 2将特定像素点在图像上连接起来_能力提升培训第一场——传统计算机视觉方法分析图像...
- 3vmware(大数据)虚拟机网络配置(学不会打死我)
- 4MySQL CASE 语句
- 5大龄程序员没有出路,真的如此吗?
- 6SpringSecurity6 | 默认用户生成(上)
- 7关于使用git push -u origin master将本地仓库推送到远程仓库时出现的问题
- 8Caused by: io.lettuce.core.RedisCommandTimeoutException: Command timed out after 1 minute(s)
- 9STM32F4discovery_CDC_Device数据传输的一步步实现(USB2.0FS+HS)_../usb_device/app/usbd_cdc_if.c(298): warning: #14
- 10变量的作用域和生命周期及内存管理_为什么要对变量进行生存期管理
当前位置: article > 正文
基于Docker容器DevOps应用方案 (gitlab、jenkins、harbor、docker)
作者:小蓝xlanll | 2024-04-26 18:43:01
赞
踩
基于Docker容器DevOps应用方案 (gitlab、jenkins、harbor、docker)
devops完整搭建教程
1.简介:
DevOps(Development Operations)是一种软件开发方法论和工作流程,旨在促进软件开发团队和运维团队之间的协作与沟通,以实现更高效的软件交付和运营。
2.工作流程:
持续集成(Continuous Integration,CI):开发团队将代码频繁地集成到共享存储库中,确保代码的一致性和稳定性。
持续交付(Continuous Delivery,CD):自动化构建、测试和部署流程,以快速将代码交付到生产环境。
自动化测试(Automated Testing):使用自动化测试工具和技术,确保软件的质量和稳定性。
自动化部署(Automated Deployment):自动化部署工具的使用,以快速、准确地部署软件到目标环境。
监控与日志(Monitoring and Logging):实时监测和记录系统的运行状态和日志,帮助快速发现和解决问题。
3.优缺点
优点:
加快交付速度:通过自动化流程和协作,加快软件的交付速度和发布周期。
提高质量和稳定性:自动化测试和部署流程能够提高软件的质量和稳定性。
促进协作与沟通:DevOps强调开发团队和运维团队之间的协作与沟通,改善工作效率和团队合作。
减少错误和故障:自动化流程和实时监控能够减少人为错误和系统故障的发生。
缺点:
学习成本高:实施和运营DevOps需要一定的学习和实践成本,对团队和组织提出了技术和文化上的要求。
依赖自动化工具:DevOps依赖于各种自动化工具和技术,需要投入一定的资源和成本进行选型、集成和维护。
组织变革需求:DevOps要求开发团队和运维团队之间的协作与沟通,可能需要进行组织结构和文化上的变革。
总体而言,DevOps通过将开发和运维整合在一起,以协作和自动化的方式,提高软件交付效率和质量,同时促进团队协作和沟通。
环境准备:
| 主机名 | IP地址 | 作用 | 安装的软件 | 系统版本 |
|---|---|---|---|---|
| gitlab.example.com | 192.168.10.130 | 本地代码仓库 | gitlab-ce | |
| jenkins.example.com | 192.168.10.131 | 流水线 | jenkins、docker、git、maven | |
| Harbor.example.com | 192.168.10.132 | 本地容器镜像仓库(存储镜像) | harbor、docker-compose、docker | |
| docker.example.com | 192.168.10.133 | 制作镜像、上传镜像 | docker |
环境部署
准备工作:(所有主机都要做)
关闭防火墙、配置selinuex、配置yum源
[root@localhost ~]# systemctl disable --now firewalld.service
[root@localhost ~]# setenforce 0
[root@localhost ~]# sed -i 's/^SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
[root@localhost ~]# rm -rf /etc/yum.repos.d/*
[root@localhost ~]# curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-vault-8.5.2111.repo
[root@localhost ~]# sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repoyum
[root@localhost ~]# clean all
18 files removed
[root@localhost ~]# yum makecache
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
配置gitlab主机(第一台主机)
安装git工具
[root@localhost ~]# yum -y install epel-release git
- 1
安装依赖包
yum -y install curl openssh-server openssh-clients postfix cronie perl
- 1
启动postfix服务并设置开机自启
[root@localhost ~]# systemctl enable --now postfix
Created symlink /etc/systemd/system/multi-user.target.wants/postfix.service → /usr/lib/systemd/system/postfix.service.
[root@localhost ~]#
- 1
- 2
- 3
下载policycoreutils-python依赖包
wget http://mirror.centos.org/centos/7/os/x86_64/Packages/policycoreutils-python-2.5-34.el7.x86_64.rpm
- 1
解压
[root@localhost opt]# rpm -ivh --force --nodeps policycoreutils-python-2.5-34.el7.x86_64.rpm
# --nodeps 选项 过滤依赖,只装它本身
# --force 选项 强制安装,因为policycoreutils在安装postfix的时候已经安装了,如果不加这个参数安装不了
warning: policycoreutils-python-2.5-34.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY
Verifying... ################################# [100%]
Preparing... ################################# [100%]
Updating / installing...
1:policycoreutils-python-2.5-34.el7################################# [100%]
[root@localhost opt]#
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
安装清华大学gitlab软件包
[root@localhost opt]# wget https://mirrors.tuna.tsinghua.edu.cn/gitlab-ce/yum/el7/gitlab-ce-16.4.1-ce.0.el7.x86_64.rpm
- 1
解压
[root@localhost opt]# rpm -ivh gitlab-ce-16.4.1-ce.0.el7.x86_64.rpm
- 1
出现这个狐狸头则是成功了
[root@localhost opt]# rpm -ivh gitlab-ce-16.4.1-ce.0.el7.x86_64.rpm warning: gitlab-ce-16.4.1-ce.0.el7.x86_64.rpm: Header V4 RSA/SHA1 Signature, key ID f27eab47: NOKEY Verifying... ################################# [100%] Preparing... ################################# [100%] Updating / installing... 1:gitlab-ce-16.4.1-ce.0.el7 ################################# [100%] It looks like GitLab has not been configured yet; skipping the upgrade script. *. *. *** *** ***** ***** .****** ******* ******** ******** ,,,,,,,,,***********,,,,,,,,, ,,,,,,,,,,,*********,,,,,,,,,,, .,,,,,,,,,,,*******,,,,,,,,,,,, ,,,,,,,,,*****,,,,,,,,,. ,,,,,,,****,,,,,, .,,,***,,,, ,*,. _______ __ __ __ / ____(_) /_/ / ____ _/ /_ / / __/ / __/ / / __ `/ __ \ / /_/ / / /_/ /___/ /_/ / /_/ / \____/_/\__/_____/\__,_/_.___/ Thank you for installing GitLab!
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
配置gitlab配置文件
修改配置文件
[root@localhost ~]# vim /etc/gitlab/gitlab.rb
......
#通过/external_url查找到下面这一行,httpd://后面加这台主机的ip地址
external_url 'http://192.169.10.130'
- 1
- 2
- 3
- 4
通过8080找到一下这两行
/8080
# puma['port'] = 8080 #去掉注释
# gitlab_workhorse['auth_backend'] = "http://localhost:8080" #去掉注释
- 1
- 2
- 3
- 4
- 5
编辑完配置文件后需要重载配置文件并重启gitlab
[root@localhost ~]# gitlab-ctl reconfigure
[root@localhost ~]# gitlab-ctl restart
- 1
- 2
使用ip访问gitlab界面
用户名root,密码在/etc/gitlab/initial_root_password文件里面
[root@localhost ~]# cat /etc/gitlab/initial_root_password
# WARNING: This value is valid only in the following conditions
# 1. If provided manually (either via `GITLAB_ROOT_PASSWORD` environment variable or via `gitlab_rails['initial_root_password']` setting in `gitlab.rb`, it was provided before database was seeded for the first time (usually, the first reconfigure run).
# 2. Password hasn't been changed manually, either via UI or via command line.
#
# If the password shown here doesn't work, you must reset the admin password following https://docs.gitlab.com/ee/security/reset_user_password.html#reset-your-root-password.
Password: TgH0QvS3wUKxUUjfDiVr4B5ART2At2UnsutyJL9wP9g= #这里是密码
# NOTE: This file will be automatically deleted in the first reconfigure run after 24 hours.
#这里提示此文件将在第一次重新配置运行24小时后自动删除,所以登录后记得修改密码
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
登录后的界面
修改密码
保存后会自动退出到登录界面,输入新的密码登录
登录成功
部署tomcat和Jenkins(第二台主机)
tomcat需要jdk的环境先下载jdk
[root@localhost ~]# yum -y install java-17-openjdk java-17-openjdk-devel
- 1
下载tomcat
[root@localhost ~]# wget https://archive.apache.org/dist/tomcat/tomcat-9/v9.0.80/bin/apache-tomcat-9.0.80.tar.gz
[root@localhost ~]# ls
anaconda-ks.cfg apache-tomcat-9.0.80.tar.gz
- 1
- 2
- 3
解压缩至/usr/local/目录下
[root@localhost ~]# tar xf apache-tomcat-9.0.80.tar.gz -C /usr/local/
[root@localhost ~]# ls /usr/local/
apache-tomcat-9.0.80 bin etc games include lib lib64 libexec sbin share src
[root@localhost ~]# mv /usr/local/apache-tomcat-9.0.80 /usr/local/apache-tomcat
[root@localhost ~]# ls /usr/local/
apache-tomcat bin etc games include lib lib64 libexec sbin share src
[root@localhost ~]#
- 1
- 2
- 3
- 4
- 5
- 6
- 7
创建软连接
[root@localhost ~]# ln -s /usr/local/apache-tomcat /usr/local/tomcat [root@localhost ~]# cd /usr/local/ [root@localhost local]# ll total 0 drwxr-xr-x 9 root root 220 Oct 11 15:50 apache-tomcat drwxr-xr-x. 2 root root 6 Jun 22 2021 bin drwxr-xr-x. 2 root root 6 Jun 22 2021 etc drwxr-xr-x. 2 root root 6 Jun 22 2021 games drwxr-xr-x. 2 root root 6 Jun 22 2021 include drwxr-xr-x. 2 root root 6 Jun 22 2021 lib drwxr-xr-x. 3 root root 17 Jul 14 09:33 lib64 drwxr-xr-x. 2 root root 6 Jun 22 2021 libexec drwxr-xr-x. 2 root root 6 Jun 22 2021 sbin drwxr-xr-x. 5 root root 49 Jul 14 09:33 share drwxr-xr-x. 2 root root 6 Jun 22 2021 src lrwxrwxrwx 1 root root 24 Oct 11 15:52 tomcat -> /usr/local/apache-tomcat [root@localhost local]#
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
查看tomcat目录里的文件
[root@localhost ~]# cd /usr/local/tomcat/
[root@localhost tomcat]# ls
bin conf lib logs README.md RUNNING.txt webapps
BUILDING.txt CONTRIBUTING.md LICENSE NOTICE RELEASE-NOTES temp work
[root@localhost tomcat]# cd bin/
[root@localhost bin]# ls # 下面这些文件有启动,关闭tomcat,检查配置文件的文件
bootstrap.jar ciphers.sh daemon.sh setclasspath.bat startup.sh version.bat
catalina.bat commons-daemon.jar digest.bat setclasspath.sh tomcat-juli.jar version.sh
catalina.sh commons-daemon-native.tar.gz digest.sh shutdown.bat tomcat-native.tar.gz
catalina-tasks.xml configtest.bat makebase.bat shutdown.sh tool-wrapper.bat
ciphers.bat configtest.sh makebase.sh startup.bat tool-wrapper.sh
[root@localhost bin]#
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
启动tomcat服务
[root@localhost bin]# ./catalina.sh stop #停止服务 [root@localhost bin]# ./catalina.sh start #开启服务 Using CATALINA_BASE: /usr/local/tomcat Using CATALINA_HOME: /usr/local/tomcat Using CATALINA_TMPDIR: /usr/local/tomcat/temp Using JRE_HOME: /usr Using CLASSPATH: /usr/local/tomcat/bin/bootstrap.jar:/usr/local/tomcat/bin/tomcat-juli.jar Using CATALINA_OPTS: Tomcat started. [root@localhost bin]# ss -antl #8080和8005端口就是tomcat服务的端口,其中8080是网页端口 State Recv-Q Send-Q Local Address:Port Peer Address:Port Process LISTEN 0 128 0.0.0.0:22 0.0.0.0:* LISTEN 0 100 *:8080 *:* LISTEN 0 128 [::]:22 [::]:* LISTEN 0 1 [::ffff:127.0.0.1]:8005 *:* [root@localhost bin]#
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
这时就可以通过8080端口访问tomcat页面了
创建java页面
[root@localhost tomcat]# cd /usr/local/tomcat/webapps/ #进入webapps目录 [root@localhost webapps]# ls docs examples host-manager manager ROOT [root@localhost webapps]# mkdir test #在webapps目录下创建存放网页文件的目录 [root@localhost webapps]# cd test/ [root@localhost test]# vim index.jsp #创建网页文件.jsp就是表示Java语言的后缀 [root@localhost test]# cat index.jsp <html> <head> <title>test page</title> </head> <body> <% out.println("Hellow World"); %> </body> </html> [root@localhost test]#
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
在ip访问的路径下加上test目录
但是这个时候访问webapps目录下的其它页面都需要设置权限
根据图中提示修改/usr/local/tomcat1/conf目录下的tomcat-users.xml文件
[root@localhost ~]# vim /usr/local/tomcat/conf/tomcat-users.xml
#在文件的最后面添加下面的内容
-->
<role rolename="manager-gui"/>
<user username="hte" password="hte666!" roles="manager-gui"/> #定义用户
</tomcat-users> #注意,内容只能写道这一行上面
- 1
- 2
- 3
- 4
- 5
- 6
修改了配置文件后要重启服务
[root@localhost tomcat]# pwd /usr/local/tomcat [root@localhost tomcat]# ./bin/catalina.sh stop #停止服务 Using CATALINA_BASE: /usr/local/tomcat Using CATALINA_HOME: /usr/local/tomcat Using CATALINA_TMPDIR: /usr/local/tomcat/temp Using JRE_HOME: /usr Using CLASSPATH: /usr/local/tomcat/bin/bootstrap.jar:/usr/local/tomcat/bin/tomcat-juli.jar Using CATALINA_OPTS: NOTE: Picked up JDK_JAVA_OPTIONS: --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/java.io=ALL-UNNAMED --add-opens=java.base/java.util=ALL-UNNAMED --add-opens=java.base/java.util.concurrent=ALL-UNNAMED --add-opens=java.rmi/sun.rmi.transport=ALL-UNNAMED [root@localhost tomcat]# ./bin/catalina.sh start #开启服务 Using CATALINA_BASE: /usr/local/tomcat Using CATALINA_HOME: /usr/local/tomcat Using CATALINA_TMPDIR: /usr/local/tomcat/temp Using JRE_HOME: /usr Using CLASSPATH: /usr/local/tomcat/bin/bootstrap.jar:/usr/local/tomcat/bin/tomcat-juli.jar Using CATALINA_OPTS: Tomcat started. [root@localhost tomcat]#
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
修改manager下的context.xml配置文件
[root@localhost ~]# cd /usr/local/tomcat/webapps/manager/META-INF
[root@localhost META-INF]# ls
context.xml
[root@localhost META-INF]# vim context.xml
<Context antiResourceLocking="false" privileged="true" >
<CookieProcessor className="org.apache.tomcat.util.http.Rfc6265CookieProcessor"
sameSiteCookies="strict" />
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" /> #这里是正则表达式,要在这里把我们主机的网段添加进去
修改为 allow="192\.168\.10\.\d+|127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" /> #|表示或
<Manager sessionAttributeValueClassNameFilter="java\.lang\.(?:Boolean|Integer|Long|Number|String)|org\.apache\.catalina\.filters\.CsrfPreventionFilter\$LruCache(?:\$1)?|java\.util\.(?:Linked)?HashMap"/>
</Context>
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
再次访问manager界面
其它web页面的服务也是这么写
例如 Host manager
编辑/usr/local/tomcat/conf/tomcat-users.xml
[root@localhost ~]# vim /usr/local/tomcat/conf/tomcat-users.xml
<role rolename="manager-gui"/>
<role rolename="admin-gui"/> #添加一个新的角色
<user username="hte" password="hte666!" roles="manager-gui,admin-gui"/> #把新的角色添加到之前的用户
</tomcat-users>
- 1
- 2
- 3
- 4
- 5
在host-manager文件中放行本机的IP地址
[root@localhost ~]# cd /usr/local/tomcat/webapps/
[root@localhost webapps]# ls
docs examples host-manager manager ROOT test
[root@localhost webapps]# vim host-manager/META-INF/context.xml
<Context antiResourceLocking="false" privileged="true" >
<CookieProcessor className="org.apache.tomcat.util.http.Rfc6265CookieProcessor"
sameSiteCookies="strict" />
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="192\.168\.10\.\d+|127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" /> #同样这样添加IP
<Manager sessionAttributeValueClassNameFilter="java\.lang\.(?:Boolean|Integer|Long|Number|String)|org\.apache\.catalina\.filters\.CsrfPreventionFilter\$LruCache(?:\$1)?|java\.util\.(?:Linked)?HashMap"/>
</Context>
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
重启服务
[root@localhost webapps]# cd ..
[root@localhost tomcat]# ./bin/catalina.sh stop
[root@localhost tomcat]# ./bin/catalina.sh start
- 1
- 2
- 3
再次访问页面试试
输入用户名和密码
部署Jenkins部署
首先下载jenkins.war包
[root@localhost ~]# wget https://get.jenkins.io/war-stable/2.414.2/jenkins.war
[root@localhost ~]# ls
anaconda-ks.cfg jenkins.war #后缀为war的包是Java程序打包后的包
- 1
- 2
- 3
安装Jenkins所需要的Java17
[root@localhost ~]# yum -y install java-17-openjdk java-17-openjdk-devel
- 1
由于安装tomcat时安装的Java1.8,但是Jenkins需要Java17,所以切换一下Java版本
[root@localhost ~]# alternatives --config java
There are 2 programs which provide 'java'.
Selection Command
-----------------------------------------------
*+ 1 java-1.8.0-openjdk.x86_64 (/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.312.b07-2.el8_5.x86_64/jre/bin/java)
2 java-17-openjdk.x86_64 (/usr/lib/jvm/java-17-openjdk-17.0.1.0.12-2.el8_5.x86_64/bin/java)
Enter to keep the current selection[+], or type selection number: 2 #选择第二个版本
[root@localhost ~]#
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
java -jar命令用于执行Java程序的可执行JAR文件。
[root@localhost ~]# ls
anaconda-ks.cfg jenkins.war
[root@localhost ~]# java -jar jenkins.war
- 1
- 2
- 3
然后将这个war包移动到tomcat的webapps目录下
[root@localhost ~]# cp jenkins.war /usr/local/tomcat/webapps/
[root@localhost ~]# ls /usr/local/tomcat/webapps/
docs examples host-manager jenkins.war manager ROOT test
[root@localhost ~]#
- 1
- 2
- 3
- 4
重启tomcat服务,war将自动解压缩
[root@localhost ~]# cd /usr/local/tomcat/bin/
[root@localhost bin]# ./catalina.sh stop
[root@localhost bin]# ./catalina.sh start
[root@localhost bin]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 100 *:8080 *:*
LISTEN 0 128 *:80 *:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 1 [::ffff:127.0.0.1]:8005 *:*
[root@localhost bin]# cd ../webapps/
[root@localhost webapps]# ls
docs examples host-manager jenkins jenkins.war manager ROOT test #jenkins已经解压了
[root@localhost webapps]#
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
访问Jenkins页面
IP地址后接:8080/Jenkins
根据提示密码在/root/.jenkins/secrets/initialAdminPassword这个位置
[root@localhost webapps]# cat /root/.jenkins/secrets/initialAdminPassword
e76d60ca73a94f629e2911d2104476cf
[root@localhost webapps]#
- 1
- 2
- 3
输入密码登录后出现这个界面
选择安装推荐的插件
选择后会自动安装插件
安装完成后会要求你创建一个用户
部署docker服务(第三、四台主机)
安装及使用docker
docker安装
cd /etc/yum.repos.d/
curl -o docker-ce.repo https://mirrors.tuna.tsinghua.edu.cn/docker-ce/linux/centos/docker-ce.repo
sed -i 's@https://download.docker.com@https://mirrors.tuna.tsinghua.edu.cn/docker-ce@g' docker-ce.repo
yum -y install docker-ce
- 1
- 2
- 3
- 4
- 5
docker加速
docker-ce的配置文件是/etc/docker/daemon.json,此文件默认不存在,需要我们手动创建并进行配置,而docker的加速就是通过配置此文件来实现的。
docker的加速有多种方式:
- docker cn
- 中国科技大学加速器
- 阿里云加速器(需要通过阿里云开发者平台注册帐号,免费使用个人私有的加速器)
阿里云平台域名:www.aliyun.com
登录平台后进入控制台
点击这三条杠
搜索容器镜像服务
配置加速器
sudo mkdir -p /etc/docker #docker目录启动docker服务后自动存在
sudo tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["https://lgc3bg0m.mirror.aliyuncs.com"]
}
EOF
sudo systemctl daemon-reload
sudo systemctl restart docker
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
查看加速器
[root@localhost ~]# docker info #使用这个命令
.......
Registry Mirrors:
https://lgc3bg0m.mirror.aliyuncs.com/ #能看到这个就是加速器配置成功
Live Restore Enabled: false
[root@localhost ~]# docker info
- 1
- 2
- 3
- 4
- 5
- 6
- 7
部署Harbor私有仓库(第3台主机)
配置步骤
关闭防火墙、配置selinuex、配置yum源
[root@localhost ~]# systemctl disable --now firewalld.service
[root@localhost ~]# setenforce 0
[root@localhost ~]# sed -i 's/^SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
[root@localhost ~]# rm -rf /etc/yum.repos.d/*
[root@localhost ~]# curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-vault-8.5.2111.repo
[root@localhost ~]# sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repoyum
[root@localhost ~]# clean all
18 files removed
[root@localhost ~]# yum makecache
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
添加映射关系
[root@Harbor ~]# vim /etc/hosts
[root@Harbor ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.10.132 Harbor.example.com
#在Harbor和容器所在的主机的/etc/hosts文件中添加Harbor
- 1
- 2
- 3
- 4
- 5
- 6
- 7
安装docker,开启docker服务并添加加速器(两台主机都要操作)
[root@Harbor ~]# cd /etc/yum.repos.d/
[root@Harbor yum.repos.d]# curl -o docker-ce.repo https://mirrors.tuna.tsinghua.edu.cn/docker-ce/linux/centos/docker-ce.repo
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 1919 100 1919 0 0 8379 0 --:--:-- --:--:-- --:--:-- 8343
[root@Harbor yum.repos.d]# sed -i 's@https://download.docker.com@https://mirrors.tuna.tsinghua.edu.cn/docker-ce@g' docker-ce.repo
[root@Harbor yum.repos.d]# yum -y install docker-ce
......
[root@Harbor ~]# systemctl enable --now docker
Created symlink /etc/systemd/system/multi-user.target.wants/docker.service → /usr/lib/systemd/system/docker.service.
[root@Harbor ~]#
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
4.进入harbor官网,拉取harbor二进制包
解压到/usr/local目录下
[root@Harbor ~]# tar xf harbor-offline-installer-v2.9.1.tgz
[root@Harbor ~]# ls
anaconda-ks.cfg harbor harbor-offline-installer-v2.9.1.tgz
[root@Harbor ~]# mv harbor /usr/local/
[root@Harbor ~]# ls /usr/local/
bin etc games harbor include lib lib64 libexec sbin share src
[root@Harbor local]# cd harbor/
[root@Harbor harbor]# ls
common.sh harbor.v2.9.1.tar.gz harbor.yml.tmpl install.sh LICENSE prepare
[root@Harbor harbor]#
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
复制出一份harbor.yml文件,编辑/usr/local/harbor/下的harbor.yml文件
[root@Harbor harbor]# cp harbor.yml.tmpl harbor.yml [root@Harbor harbor]# ls common.sh harbor.v2.9.1.tar.gz harbor.yml harbor.yml.tmpl install.sh LICENSE prepare [root@Harbor harbor]# [root@Harbor harbor]# vim harbor.yml ...... # The IP address or hostname to access admin UI and registry service. # DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients. hostname: Harbor.example.com #把这里改成主机名 ....... # https related config #把https注释掉 #https: # https port for harbor, default is 443 # port: 443 # The path of cert and key files for nginx # certificate: /your/certificate/path # private_key: /your/private/key/path ...... # The default data volume data_volume: /data #这里是存储位置 ...... # insecure The flag to skip verifying registry certificate insecure: true #跳过证书验证 ...... # Remember Change the admin password from UI after launching Harbor. harbor_admin_password: Harbor12345 #Harbor的密码,默认为Harbor12345
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
执行install.sh文件
[root@Harbor harbor]# ls common common.sh docker-compose.yml harbor.v2.9.1.tar.gz harbor.yml harbor.yml.tmpl install.sh LICENSE prepare [root@Harbor harbor]# ./install.sh ....... [+] Running 10/10 ✔ Network harbor_harbor Created 0.1s ✔ Container harbor-log Started 0.1s ✔ Container harbor-portal Started 0.1s ✔ Container registry Started 0.1s ✔ Container redis Started 0.1s ✔ Container registryctl Started 0.1s ✔ Container harbor-db Started 0.1s ✔ Container harbor-core Started 0.0s ✔ Container nginx Started 0.0s ✔ Container harbor-jobservice Started 0.0s ✔ ----Harbor has been installed and started successfully.---- [root@Harbor harbor]#
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
通过IP访问harbor的web界面
将harbor设置为开机自启
由于想要关闭或开启harbor需要进入到有docker-compose.yml文件的目录下执行,所以我们将该命令放到虚拟机启动最后执行的一个文件中去,也就是/etc/rc.local文件中
[root@Harbor harbor]# vim /etc/rc.local [root@Harbor harbor]# cat /etc/rc.local #!/bin/bash cd /usr/local/harbor/ && docker-compose start #添加这一行,系统启动时会自动执行这条命令 # THIS FILE IS ADDED FOR COMPATIBILITY PURPOSES # # It is highly advisable to create own systemd services or udev rules # to run scripts during boot instead of using this file. # # In contrast to previous versions due to parallel execution during boot # this script will NOT be run after all other services. # # Please note that you must run 'chmod +x /etc/rc.d/rc.local' to ensure # that this script will be executed during boot. touch /var/lock/subsys/local [root@Harbor harbor]# ll /etc/rc.local lrwxrwxrwx. 1 root root 13 Feb 11 2022 /etc/rc.local -> rc.d/rc.local [root@Harbor harbor]# chmod +x /etc/rc.d/rc.local [root@Harbor harbor]# ll /etc/rc.d/rc.local -rwxr-xr-x. 1 root root 520 Nov 10 22:15 /etc/rc.d/rc.local [root@Harbor harbor]#
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
登录到docker的私有镜像仓库(harbor)
在登录我们的harbor私有仓库时,需在/etc/docker/daemon.json文件中添加harbor仓库的信息
[root@docker ~]# vi /etc/docker/daemon.json [root@docker ~]# cat /etc/docker/daemon.json { "dns": ["114.114.114.114"], "insecure-registries": ["Harbor.example.com"], #添加这一行,添加的是私有仓库 "registry-mirrors": ["https://lgc3bg0m.mirror.aliyuncs.com"] } [root@docker ~]# systemctl restart docker.service #重启服务 [root@docker ~]# docker login Harbor.example.com #登录仓库 Username: admin Password: WARNING! Your password will be stored unencrypted in /root/.docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store Login Succeeded #登陆成功 [root@docker ~]#
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
拉取一个官方镜像,将官方镜像名称更改后上传到我们的私有仓库
[root@docker ~]# docker pull nginx Using default tag: latest latest: Pulling from library/nginx a2abf6c4d29d: Pull complete a9edb18cadd1: Pull complete 589b7251471a: Pull complete 186b1aaa4aa6: Pull complete b4df32aa5a72: Pull complete a0bcbecc962e: Pull complete Digest: sha256:0d17b565c37bcbd895e9d92315a05c1c3c9a29f762b011a10c54a66cd53c9b31 Status: Downloaded newer image for nginx:latest docker.io/library/nginx:latest [root@docker ~]# [root@docker ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE nginx latest 605c77e624dd 22 months ago 141MB [root@docker ~]# docker tag nginx:latest Harbor.example.com/library/nginx:v0.1 [root@docker ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE Harbor.example.com/library/nginx v0.1 605c77e624dd 22 months ago 141MB nginx latest 605c77e624dd 22 months ago 141MB [root@docker ~]# docker push Harbor.example.com/library/nginx:v0.1 The push refers to repository [Harbor.example.com/library/nginx] d874fd2bc83b: Pushed 32ce5f6a5106: Pushed f1db227348d0: Pushed b8d6e692a25e: Pushed e379e8aedd4d: Pushed 2edcec3590a4: Pushed v0.1: digest: sha256:ee89b00528ff4f02f2405e4ee221743ebc3f8e8dd0bfd5c4c20a2fa2aaa7ede3 size: 1570 [root@docker ~]#
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
进入私有仓库查看
删除现存镜像,尝试从私有仓库拉取镜像
[root@docker ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE Harbor.example.com/library/nginx v0.1 605c77e624dd 22 months ago 141MB nginx latest 605c77e624dd 22 months ago 141MB [root@docker ~]# docker rmi -f 605c77e624dd [root@docker ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE [root@docker ~]# docker pull Harbor.example.com/library/nginx:v0.1 v0.1: Pulling from library/nginx a2abf6c4d29d: Pull complete a9edb18cadd1: Pull complete 589b7251471a: Pull complete 186b1aaa4aa6: Pull complete b4df32aa5a72: Pull complete a0bcbecc962e: Pull complete Digest: sha256:ee89b00528ff4f02f2405e4ee221743ebc3f8e8dd0bfd5c4c20a2fa2aaa7ede3 Status: Downloaded newer image for Harbor.example.com/library/nginx:v0.1 Harbor.example.com/library/nginx:v0.1 [root@docker ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE Harbor.example.com/library/nginx v0.1 605c77e624dd 22 months ago 141MB #拉取成功 [root@docker ~]#
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
以上环境部署完成
在
c77e624dd 22 months ago 141MB
[root@docker ~]# docker rmi -f 605c77e624dd
[root@docker ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
[root@docker ~]# docker pull Harbor.example.com/library/nginx:v0.1
v0.1: Pulling from library/nginx
a2abf6c4d29d: Pull complete
a9edb18cadd1: Pull complete
589b7251471a: Pull complete
186b1aaa4aa6: Pull complete
b4df32aa5a72: Pull complete
a0bcbecc962e: Pull complete
Digest: sha256:ee89b00528ff4f02f2405e4ee221743ebc3f8e8dd0bfd5c4c20a2fa2aaa7ede3
Status: Downloaded newer image for Harbor.example.com/library/nginx:v0.1
Harbor.example.com/library/nginx:v0.1
[root@docker ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
Harbor.example.com/library/nginx v0.1 605c77e624dd 22 months ago 141MB #拉取成功
[root@docker ~]#
### 以上环境部署完成 在
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/小蓝xlanll/article/detail/492536
推荐阅读
相关标签
