镜像下载、域名解析、时间同步请点击 阿里云开源镜像站
问题:搭建私库认证不通过x509: certificate signed by unknown authority
首先确保配置harbor私库地址
[root@master harbor]# grep hostname harbor.cfg
#The IP address or hostname to access admin UI and registry service.
hostname = hub.bingo.com
方法一:/etc/docker/daemon.json,添加私库地址
{
"insecure-registries":["私库地址"]
}
方法二:vim /usr/lib/systemd/system/docker.service
ExecStart=/usr/bin/dockerd --insecure-registry 私库地址
[root@master data]# systemctl daemon-reload
[root@master data]# systemctl restart docker
[root@master data]# docker info
修改完成后输入,doucker info查看下
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
hub.bingo.com #这个地址,做解析
127.0.0.0/8
Live Restore Enabled: false
注意:如果是域名形式,记得修改下hosts文件,解析下
ps:多个节点共享同一个harbor仓库,需配置私有仓库地址以及将主节点的认证文件传递到其他节点的相同目录下scp -r /data/cert/ root@node1:/data/cert/,配置重启即可
docker莫名启动不了,查看状态发现如下原因,
[root@master system]# systemctl status docker.service
● docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor preset: disabled)
Active: failed (Result: start-limit) since Fri 2021-12-31 11:35:48 +08; 14s ago
Docs: https://docs.docker.com
Process: 17557 ExecStart=/usr/bin/dockerd (code=exited, status=1/FAILURE)
Main PID: 17557 (code=exited, status=1/FAILURE)
Dec 31 11:35:47 master systemd[1]: Failed to start Docker Application Container Engine.
Dec 31 11:35:47 master systemd[1]: Unit docker.service entered failed state.
Dec 31 11:35:47 master systemd[1]: docker.service failed.
Dec 31 11:35:48 master systemd[1]: docker.service holdoff time over, scheduling restart.
Dec 31 11:35:48 master systemd[1]: Stopped Docker Application Container Engine.
Dec 31 11:35:48 master systemd[1]: start request repeated too quickly for docker.service
Dec 31 11:35:48 master systemd[1]: Failed to start Docker Application Container Engine.
Dec 31 11:35:48 master systemd[1]: Unit docker.service entered failed state.
Dec 31 11:35:48 master systemd[1]: docker.service failed.
解决方法:
若配置了国内加载镜像,镜像文件为/etc/docker/daemon.json,则修改文件后缀为.conf即可正常启动docker 服务
[root@master data]# docker login -u admin -p Harbor12345 hub.bingo.com
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
可以愉快的玩耍了
https认证:
cd/data/cert/
openssl genrsa -des3 -out server.key 2048 #创建私钥
openssl req -new -key server.key -out server.csr #发起请求
cp server.key server.key.org #备份私钥
openssl rsa -in server.key.org -out server.key #转化证书
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt #签名
chmod-R777/data/cert
原文链接:https://blog.csdn.net/weixin_45961525/article/details/122253256