详细的安装手册可以参考官方文档,地址在
Quay包含了几个核心组件
安装的环境至少需要4G内存
1.安装docker以及关闭防火墙
yum install docker
systemctl enable docker
systemctl start docker
systemctl is-active docker
systemctl stop firewalld
systemctl disable firewalld
2.安装mysql数据库
mkdir -p /var/lib/mysql
chmod 777 /var/lib/mysql
export MYSQL_CONTAINER_NAME=mysql
export MYSQL_DATABASE=enterpriseregistrydb
export MYSQL_PASSWORD=welcome1
export MYSQL_USER=quayuser
export MYSQL_ROOT_PASSWORD=welcome1
docker run \\
--detach \\
--restart=always \\
--env MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD} \\
--env MYSQL_USER=${MYSQL_USER} \\
--env MYSQL_PASSWORD=${MYSQL_PASSWORD} \\
--env MYSQL_DATABASE=${MYSQL_DATABASE} \\
--name ${MYSQL_CONTAINER_NAME} \\
--privileged=true \\
--publish 3306:3306 \\
-v /var/lib/mysql:/var/lib/mysql/data:Z \\
registry.access.redhat.com/rhscl/mysql-57-rhel7
如果是离线环境,需要事先下载镜像registry.access.redhat.com/rhscl/mysql-57-rhel7
验证连接性
yum install -y mariadb
mysql -h 192.168.56.107 -u root --password=welcome1
Welcome to the MariaDB monitor. Commands end with ; or \\g.
Your MySQL connection id is 10184
Server version: 5.7.21 MySQL Community Server (GPL)
Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\\h' for help. Type '\\c' to clear the current input statement.
MySQL [(none)]> status
3.安装redis
mkdir -p /var/lib/redis
chmod 777 /var/lib/redis
docker run -d --restart=always -p 6379:6379 \\
--privileged=true \\
-v /var/lib/redis:/var/lib/redis/data:Z \\
registry.access.redhat.com/rhscl/redis-32-rhel7
mysql和redis都是以restart=always方式启动,也就是说docker启动以后这两服务就启动了。
4.配置Quay
docker run --privileged=true -p 8443:8443 -d quay.io/redhat/quay:v3.2.0 config welcome1
这一步拉去quay的镜像花了不少时间,能够拉去之前,需要访问redhat的用户网站获取login密码
https://access.redhat.com/solutions/3533201
拉去完成后会启动一个配置quay的进程,访问
https://registry.redhat.ren:8443
登录通过quayconfig/welcome1
选择新建
设置完数据库后,需要设置super user
下面这个界面需要设置两个地方,一个是
Server configuration的Server Hostname,另一个是Redis Hostname
SSL暂时先不配置,然后保存出一个quay-config.tar.gz
5.部署Quay
mkdir -p /mnt/quay/config
mkdir -p /mnt/quay/storage
cp quay-config.tar.gz /mnt/quay/config/
tar xvf quay-config.tar.gz
config.yaml
docker run --restart=always -p 443:8443 -p 80:8080 \\
--sysctl net.core.somaxconn=4096 \\
--privileged=true \\
-v /mnt/quay/config:/conf/stack:Z \\
-v /mnt/quay/storage:/datastorage:Z \\
-d quay.io/redhat/quay:v3.2.0
然后建立repository,然后push镜像。
如果是非ssl模式push镜像,需要在docker上进行设置
[root@registry ssl]# cat /etc/docker/daemon.json
{
"insecure-registries" : ["registry.redhat.ren"]
}
## SSL配置
生成SSL文件,详细参考
生成rootca
openssl genrsa -out rootCA.key 2048
openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.pem
建立私钥和认证
openssl genrsa -out device.key 2048
openssl req -new -key device.key -out device.csr
#这个应该设置成openshift node的主机名
Common Name (eg, your name or your server's hostname) []:*.redhat.ren
openssl x509 -req -in device.csr -CA rootCA.pem \\
-CAkey rootCA.key -CAcreateserial -out device.crt -days 500 -sha256
将device.crt和device.key重命名为ssl.cert和ssl.key
图形化配置不work,然后找到一句话
将key放到quay的配置目录下
cp ssl* /mnt/quay/config/
ls /mnt/quay/config/
config.yaml ssl.cert ssl.key
修改config.yaml
PREFERRED_URL_SCHEME: https
重新启动quay
docker restart cbe7b0fa39d8
先用浏览器验证一下 https://registry.redhat.ren
然后在需要访问registry的客户端机器上设置
cp rootCA.pem /etc/docker/certs.d/registry.redhat.ren/ca.crt
验证。
[root@registry ssl]# docker login registry.redhat.ren
Username (admin): admin
Password:
Login Succeeded
[root@registry ssl]# docker push registry.redhat.ren/admin/postgres:latest
The push refers to a repository [registry.redhat.ren/admin/postgres]
881e1c269a4d: Layer already exists
7db57ad3e021: Layer already exists
7605e1c60aec: Layer already exists
a1d223e6e6a4: Layer already exists
360cf55e74f6: Layer already exists
fd0cac2972ba: Layer already exists
a9de3f685bb0: Layer already exists
dedb3d1e3b58: Layer already exists
9087d83a2760: Layer already exists
ee106a0920de: Layer already exists
237b8fa99d00: Layer already exists
fd4cba0278cd: Layer already exists
d2c7e196c047: Layer already exists
556c5fb0d91b: Layer already exists
latest: digest: sha256:625225ca4ab31e1f8fc53dcd7dcff96293359c27002b7525522188ca6139cf66 size: 3245
[root@registry ssl]#
如果觉得我的文章对您有用,请点赞。您的支持将鼓励我继续创作!
赞0
添加新评论0 条评论