碼上快樂

相關內容    簡體    繁體

Quay 基礎版安裝和部署

本文轉載自   查看原文   2020-01-25 18:11   1323    kubernetes/ openshift

詳細的安裝手冊可以參考官方文檔,地址在

https://access.redhat.com/documentation/en-us/red_hat_quay/3/html-single/deploy_red_hat_quay_-_basic/index

 

Quay包含了幾個核心組件

  • 數據庫:主要存放鏡像的元數據(非鏡像存儲)
  • redis:存放構建日志和Quay的向導
  • Quay:作為registry
  • Clair: 鏡像掃描功能

安裝的環境至少需要4G內存

  • 安裝步驟

1.安裝docker以及關閉防火牆

yum install docker
systemctl enable docker
systemctl start docker
systemctl is-active docker

systemctl stop firewalld
systemctl disable firewalld

2.安裝mysql數據庫

mkdir -p /var/lib/mysql
chmod 777 /var/lib/mysql
export MYSQL_CONTAINER_NAME=mysql
export MYSQL_DATABASE=enterpriseregistrydb
export MYSQL_PASSWORD=welcome1
export MYSQL_USER=quayuser
export MYSQL_ROOT_PASSWORD=welcome1

docker run \
    --detach \
    --restart=always \
    --env MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD} \
    --env MYSQL_USER=${MYSQL_USER} \
    --env MYSQL_PASSWORD=${MYSQL_PASSWORD} \
    --env MYSQL_DATABASE=${MYSQL_DATABASE} \
    --name ${MYSQL_CONTAINER_NAME} \
    --privileged=true \
    --publish 3306:3306 \
    -v /var/lib/mysql:/var/lib/mysql/data:Z \
    registry.access.redhat.com/rhscl/mysql-57-rhel7

如果是離線環境,需要事先下載鏡像registry.access.redhat.com/rhscl/mysql-57-rhel7

驗證連接性

yum install -y mariadb
mysql -h 192.168.56.107 -u root --password=welcome1
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MySQL connection id is 10184
Server version: 5.7.21 MySQL Community Server (GPL)
Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MySQL [(none)]> status

3.安裝redis

mkdir -p /var/lib/redis
chmod 777 /var/lib/redis
docker run -d --restart=always -p 6379:6379 \
    --privileged=true \
    -v /var/lib/redis:/var/lib/redis/data:Z \
    registry.access.redhat.com/rhscl/redis-32-rhel7

mysql和redis都是以restart=always方式啟動,也就是說docker啟動以后這兩服務就啟動了。

4.配置Quay

docker run --privileged=true -p 8443:8443 -d quay.io/redhat/quay:v3.2.0 config welcome1

這一步拉去quay的鏡像花了不少時間,能夠拉去之前,需要訪問redhat的用戶網站獲取login密碼

https://access.redhat.com/solutions/3533201

拉去完成后會啟動一個配置quay的進程,訪問

https://registry.redhat.ren:8443

登錄通過quayconfig/welcome1

 

 

選擇新建

 

 設置完數據庫后,需要設置super user

 

 

下面這個界面需要設置兩個地方,一個是

Server configuration的Server Hostname,另一個是Redis Hostname

 

 

 

 

 

 

 SSL暫時先不配置,然后保存出一個quay-config.tar.gz

5. 部署Quay

mkdir -p /mnt/quay/config

mkdir -p /mnt/quay/storage

cp quay-config.tar.gz /mnt/quay/config/

tar xvf quay-config.tar.gz
config.yaml

 

docker run --restart=always -p 443:8443 -p 80:8080 \
   --sysctl net.core.somaxconn=4096 \
   --privileged=true \
   -v /mnt/quay/config:/conf/stack:Z \
   -v /mnt/quay/storage:/datastorage:Z \
   -d quay.io/redhat/quay:v3.2.0

訪問http://registry.redhat.ren

然后建立repository,然后push鏡像。

如果是非ssl模式push鏡像,需要在docker上進行設置

[root@registry ssl]# cat /etc/docker/daemon.json 
{
"insecure-registries" : ["registry.redhat.ren"]
}

 

  • SSL配置

生成SSL文件,詳細參考

https://access.redhat.com/documentation/en-us/red_hat_quay/3/html-single/manage_red_hat_quay/index#using-ssl-to-protect-quay

生成rootca

openssl genrsa -out rootCA.key 2048
openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.pem

建立私鑰和認證

openssl genrsa -out device.key 2048
openssl req -new -key device.key -out device.csr

#這個應該設置成openshift node的主機名
Common Name (eg, your name or your server's hostname) []:*.redhat.ren

 

openssl x509 -req -in device.csr -CA rootCA.pem \
       -CAkey rootCA.key -CAcreateserial -out device.crt -days 500 -sha256

將device.crt和device.key重命名為ssl.cert和ssl.key

圖形化配置不work,然后找到一句話

 

 非openshift安裝,可以通過命令行。

將key放到quay的配置目錄下

cp ssl* /mnt/quay/config/
ls /mnt/quay/config/

config.yaml  ssl.cert  ssl.key

修改config.yaml

PREFERRED_URL_SCHEME: https

重新啟動quay

docker restart cbe7b0fa39d8

先用瀏覽器驗證一下 https://registry.redhat.ren

 

 

然后在需要訪問registry的客戶端機器上設置

cp rootCA.pem /etc/docker/certs.d/registry.redhat.ren/ca.crt

驗證。

[root@registry ssl]# docker login registry.redhat.ren
Username (admin): admin
Password: 
Login Succeeded
[root@registry ssl]# docker push  registry.redhat.ren/admin/postgres:latest
The push refers to a repository [registry.redhat.ren/admin/postgres]
881e1c269a4d: Layer already exists 
7db57ad3e021: Layer already exists 
7605e1c60aec: Layer already exists 
a1d223e6e6a4: Layer already exists 
360cf55e74f6: Layer already exists 
fd0cac2972ba: Layer already exists 
a9de3f685bb0: Layer already exists 
dedb3d1e3b58: Layer already exists 
9087d83a2760: Layer already exists 
ee106a0920de: Layer already exists 
237b8fa99d00: Layer already exists 
fd4cba0278cd: Layer already exists 
d2c7e196c047: Layer already exists 
556c5fb0d91b: Layer already exists 
latest: digest: sha256:625225ca4ab31e1f8fc53dcd7dcff96293359c27002b7525522188ca6139cf66 size: 3245
[root@registry ssl]#

 


免責聲明!

本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。



猜您在找 SkyWorking基礎:6.2版本安裝部署 FineUICore基礎版部署到docker實戰 一、tomcat基礎介紹及安裝部署 Splunk安裝部署基礎篇 openstack(pike 版)集群部署(一)----基礎環境部署 Gitlab安裝部署及基礎操作 Jenkins 基礎篇 - 安裝部署 完整部署OpenStack-Ocata版+CentOS7.6 雲平台搭建 -- 2.安裝配置OpenStack基礎服務 mongodb安裝部署3.6版本 Storm集群安裝部署步驟【詳細版】
 
粵ICP備18138465號   © 2018-2025 CODEPRJ.COM