NSX ALB + Harbor + OpenShift 4.8 UPI安装配置实验笔记系列目录
目录
1.2 在线安装docker、docker-compose、helm
1.3 离线方式安装docker、docker-compose、helm
本实验笔记使用了VMware 天池自带的的Harbor,以下是使用CentOS 7.9安装Harbor的过程参考。
1). 安装CentOS7(略)
2). 关闭OS防火墙
- systemctl stop firewalld
- systemctl disable firewalld
3). 关闭SELinux
- sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
- reboot
4). 安装基础软件包:
yum install -y yum-utils device-mapper-persistent-data lvm21). 更新yum源
- yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
-
- 国内请用阿里的yum源:
- yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
2). 查看docker版本
yum list docker-ce --showduplicates | sort -r3). 安装docker
- yum install -y docker-ce
- 指定版本:yum install docker-ce-<VERSION_STRING>
- curl -L https://github.com/docker/compose/releases/download/2.3.3/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
- chmod +x /usr/local/bin/docker-compose
curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash从Index of linux/centos/7/x86_64/stable/Packages/ 下载docker安装包:
- containerd.io-1.4.3-3.1.el7.x86_64.rpm
- docker-ce-20.10.2-3.el7.x86_64.rpm
- docker-ce-cli-20.10.2-3.el7.x86_64.rpm
- docker-ce-rootless-extras-20.10.2-3.el7.x86_64.rpm
从Index of /centos/7.9.2009/extras/x86_64/Packages/ 下载以下载扩展安装包:
- container-selinux-2.119.2-1.911c772.el7_8.noarch.rpm
- fuse3-libs-3.6.1-4.el7.x86_64.rpm
- fuse-overlayfs-0.7.2-6.el7_8.x86_64.rpm
- slirp4netns-0.4.3-4.el7_8.x86_64.rpm
进入安装包所在目录,执行以下命令:
yum install *.rpm -y从https://github.com/docker/compose/releases/download/1.27.4/docker-compose 下载docker-compose包:
- Linux-x86_64
- docker-compose-Linux-x86_64
下载后执行以下命令:
- mv docker-compose-Linux-x86_64 /usr/local/bin/docker-compose
- chmod +x /usr/local/bin/docker-compose
从https://github.com/helm/helm/releases下载对应helm版本,然后安装:
- tar -zxvf helm-v3.0.0-linux-amd64.tar.gz
- mv linux-amd64/helm /usr/local/bin/helm
- systemctl start docker
- systemctl enable docker
1). 新建目录并进入:
mkdir -p /data/ssl && cd /data/ssl2). 制作ca证书和密钥:
- openssl genrsa -out ca.key 4096
- openssl req -x509 -new -nodes -sha512 -days 3650 -subj "/C=CN/ST=Jiangsu/L=Suzhou/O=Securities/OU=IT/CN=harbor.corp.tanzu" -key ca.key -out ca.crt
3). 制作服务端密钥:
openssl genrsa -out harbor.corp.tanzu.key 40964). 制作服务端请求文件:
openssl req -sha512 -new -subj "/C=CN/ST=Jiangsu/L=Suzhou/O=Securities/OU=IT/CN=harbor.corp.tanzu" -key harbor.corp.tanzu.key -out harbor.corp.tanzu.csr5). 用ca给服务端的密钥制作证书:
- openssl x509 -req -sha512 -in harbor.corp.tanzu.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out harbor.corp.tanzu.crt -days 3650
- openssl x509 -inform PEM -in harbor.corp.tanzu.crt -out harbor.corp.tanzu.cert
1). 下载Harbor安装包:
- cd /software
- wget https://github.com/goharbor/harbor/releases/download/v2.4.2/harbor-offline-installer-v2.4.2.tgz
2). 安装harbor
- tar zxvf harbor-offline-installer-v2.4.2.tgz -C /opt
- cd /opt/harbor
- cp harbor.yml.tmpl harbor.yml
3). 编辑harbor.yml
- vi harbor.yml
-
- 修改以下类似信息:
- hostname: harbor.corp.tanzu
- certificate: /data/ssl/harbor.corp.tanzu.cert
- private_key: /data/ssl/harbor.corp.tanzu.key
- harbor_admin_password: VMware1!
- data_volume: /data
- password: VMware1!
4). 整合helm的安装:
./install.sh --with-clair --with-chartmuseum
以下命令需要进入Harbor目录 :
- cd /opt/harbor
- docker-compose up -d (启动)
- docker-compose stop(停止)
- docker-compose restart(重启)
- docker-compose ps(状态)