■ SSL 적용을 위한 OPENSSL 설치
※주의 ssl 적용하고 harbor install 할것
#yum install openssl
#mkdir ~/ssl
#cd ~/ssl
#openssl genrsa -out ca.key 4096
#openssl req -x509 -new -nodes -sha512 -days 3650
-subj "/C=KR/ST=Seoul/L=Seoul/O=조직명/OU=Personal/CN=Repository서버 도메인"
-key ca.key
-out ca.crt
#openssl genrsa -out harbor.key 4096
#openssl req -sha512 -new
-subj "/C=KR/ST=Seoul/L=Seoul/O=조직명/OU=Personal/CN=Repository서버 도메인"
-key harbor.key
-out harbor.csr
#cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1=Repository서버 도메인
EOF
#openssl x509 -req -sha512 -days 3650
-extfile v3.ext
-CA ca.crt -CAkey ca.key -CAcreateserial
-in harbor.csr
-out harbor.crt
#openssl x509 -inform PEM -in harbor.crt -out harbor.cert
/root/ssl/harbor.cert
/root/ssl/harbor.crt
/root/ssl/harbor.key
■ YUM 최신버전 설치
#yum install -y yum-utils device-mapper-persistent-data lvm2
■ docker 최신버전
#yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
#yum install docker-ce
■ docker compose 설치
#curl -L https://github.com/docker/compose/releases/download/1.21.2/docker-compose-$(uname -s)-$(uname -m) -o /usr/local/bin/docker-compose
#chmod +x /usr/local/bin/docker-compose
■ harbor 설치
#wget https://github.com/goharbor/harbor/releases/download/v1.10.1/harbor-offline-installer-v1.10.1.tgz
#tar -xvf harbor-offline-installer-v1.10.1.tgz
#cd harbor
#vi harbor.yml
- hostname 변경 [실제 호스트 네임으로]
- https: 는 모두 주석
#./install.sh
#firewall-cmd --zone=public --permanent --add-port=443/tcp
#firewall-cmd --reload
■ harbor systemctl 등록하기
#vi /etc/systemd/system/harbor.service
[Unit]
Description=Harbor Service
After=network.target docker.service
[Service]
Type=forking
ExecStart=/usr/local/bin/docker-compose -f /root/harbor/docker-compose.yml start
ExecStop=/usr/local/bin/docker-compose -f /root/harbor/docker-compose.yml stop
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target
#systemctl daemon-reload
■ docker 서버에서 registry 연동
서버에서만든 ca.crt파일을 /etc/docker/certs.d/Repository서버도메인/에 복사
#docker login Repository서버도메인 로 로그인
■ push 하기
docker tag SOURCE_IMAGE[:TAG] Repository서버도메인/library/IMAGE[:TAG]
docker tag docker.io/mysql:5.7 Repository서버도메인/library/mysql:5.7
docker push Repository서버도메인/library/mysql:5.7
docker tag docker.io/wordpress Repository서버도메인/library/wordpress
docker push Repository서버도메인/library/wordpress
■ docker compose 및 Harbor를 설치하는 다른방법 (Amazon Linux 용)
$ sudo yum update -y
$ sudo yum -y install wget tar
$ sudo yum install -y docker
$ sudo service docker start
$ sudo usermod -a -G docker ec2-user
$ sudo curl -L "https://github.com/docker/compose/releases/download/1.27.4/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
$ sudo chmod +x /usr/local/bin/docker-compose
$ sudo ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose$ curl -LO https://storage.googleapis.com/harbor-releases/harbor-online-installer-v1.5.2.tgz
$ tar -xvf harbor-online-installer-v1.5.2.tgz
$ cd harbor$ vi harbor.cfg
# hostname = reg.mydomain.com 수정$ ./install.sh
'PaaS > CI CD' 카테고리의 다른 글
| (Jenkins, Github, Docker) Github에서 불러와 Docker빌드 (0) | 2021.07.10 |
|---|---|
| (Docker) Python 웹페이지를 띄울수 있는 Dockerfile만들어서 빌드 및 배포하기 (0) | 2021.07.07 |
| (Jenkins) Jenkins 설치하기 (0) | 2021.07.04 |
| 배포전략 - Rolling, Blue/Green, Canary 배포 (0) | 2021.06.28 |
| Git 서버 및 클라이언트 설치 (0) | 2021.05.12 |