Harbor private warehouse deployment and management

Others 2020-09-25 13:26:21 views: null

Article Directory

1. Introduction to harbor

Harbor是VMware公司的开源级的企业级DockerRegistry(仓库)项目,项目地址为 https://github.com/vmware/harbor.
Harbor的目标是帮助用户迅速搭建一个企业级的DockerRegistry服务。
Harbor以docker公司开源的registry为基础,提供了管理UI,基于角色的访问控制(Role Based Access Control),AD/LDAP集成,以及审计日志(Auditlogging)等企业用户需求的功能,同时还原生支持中文。
Harbor的每个组件都是以Docker容器的形式构建的,使用docker-compose来对它进行部署。用于部署Harbor的docker-compose模板位于/usr/local/bin/harbor/docker-compose.yml(自定义)
Docker harbor有可视化的web管理界面,可以方便管理Docker镜像,又提供了多个项目的镜像权限管理及控制功能

2. Advantages of harbor

1、基于角色控制:用户与Docker镜像仓库通过"项目"进行组织管理,一个用户可以对多个镜像仓库在统一命名空间(projec)里有不同的权限
2、图形化用户界面:用户可以通过浏览器来浏览,检索当前Docker镜像仓库,管理项目和命名空间
3、审计管理:所有这怒地镜像仓库的错都可以被记录追溯,用于审计管理
4、基于镜像的复制策略:镜像可以在多个Harbor实例之间进行复制。
5、支持LDAP认证:Harbor的用户授权可以使用已经存在的用户。
6、镜像删除和垃圾回收:image可以被删除并且回收image占用的空间。
7、简单的部署功能:harbor提供了online、offline安装,此外还提供了virtualappliance安装
8、harbor和docker registry的关系:harbor实质上是对docker registry做了封装,扩展了自己的业务模板。

Three, simple architecture of harbor

Harbor mainly has 6 major modules. By default, each harbor component is encapsulated into a docker container, so harbor can be deployed through compose, which is divided into 8 containers to run, and view through docker-compose ps

Insert picture description here

●Proxy
  通过以一个前置的反向代理统一接收浏览器、Docker客户端的请求,并将请求转发给后端不同的服务
●Registry
  负载存储Docker镜像,并处理docker push/pull命令
●Core services
  Harbor的核心功能,包括UI、webhook、token服务
●Database
  为core services提供数据库服务
●Log collector
  负责收集其他组件的log,供日后进行分析

Fourth, deploy harbor services

1.确保docker-compose已能使用
[root@localhost ~]# mv docker-compose /usr/local/bin/
[root@localhost ~]# chmod +x /usr/local/bin/docker-compose
[root@localhost ~]# docker-compose -v
docker-compose version 1.21.1, build 5a3f1a3
2.将harbor-offline-installer-v1.2.2.tgz软件包上传到/root目录下,解压到/usr/local/目录下
tar zxvf harbor-offline-installer-v1.2.2.tgz -C /usr/local/
3. 配置 Harbor 参数文件
vim /usr/local/harbor/harbor.cfg
//5 hostname = 14.0.0.20
4.启动 Harbor
[root@localhost ~]# cd /usr/local/harbor/
[root@localhost harbor]# ls
common                     docker-compose.yml     harbor.v1.2.2.tar.gz  NOTICE
docker-compose.clair.yml   harbor_1_1_0_template  install.sh            prepare
docker-compose.notary.yml  harbor.cfg             LICENSE               upgrade
[root@localhost harbor]# sh install.sh  
5. 查看 Harbor 启动镜像
//查看镜像 docker images
//查看容器 docker ps -a
//查看compose编排的容器 docker-compose ps
6.打开浏览器访问 http://14.0.0.20的管理页面
默认的管理员用户名和密码是 admin/Harbor12345

7. Add item and fill in nameAdd item and fill in name
Insert picture description here

New project myimages
Insert picture description here

At this time, you can use the Docker command to log in and push the image locally through 127.0.0.1. By default, the
Register server listens on port 80.

//登录 docker login -u admin -p Harbor12345 http://127.0.0.1
//下载镜像进行测试 下载镜像进行测试 
docker pull nginx
//镜像打标签 
docker tag nginx 127.0.0.1/myimages/nginx:v1
//上传镜像到 上传镜像到 Harbor 
docker push 127.0.0.1/myimages/nginx:v1

The above operations are performed locally on the Harbor server. If other clients upload the image to Harbor, the following error will be reported. The reason for this problem is that Docker Registry uses HTTPS by default for interaction, but the HTTP service is used by default to build private images, so the following error occurs when interacting with private images.

[root@localhost ~]# docker login -u admin -p Harbor12345 http://14.0.0.20
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
Error response from daemon: Get https://14.0.0.20/v2/: dial tcp 14.0.0.20:443: connect: connection refused

How to solve:

[root@client ~]# vim /usr/lib/systemd/system/docker.service
ExecStart=/usr/bin/dockerd -H fd:// -- insecure-registry 14.0.0.30 -- containerd=/run/containerd/containerd.sock
[root@client ~]# systemctl daemon-reload 
[root@client ~]# systemctl restart docker
[root@client ~]# docker login -u admin -p Harbor12345 http://14.0.0.20

[root@localhost ~]# docker images
REPOSITORY                 TAG                 IMAGE ID            CREATED             SIZE
14.0.0.20/myimages/nginx   v1                  7e4d58f0e5f3        13 days ago         133MB
[root@localhost ~]# docker tag 14.0.0.20/myimages/nginx:v1 14.0.0.20/myimages/nginx:v2
[root@localhost ~]# docker push 14.0.0.20/myimages/nginx:v2

Insert picture description here

Five, maintenance management harbor

You can use docker-compose to manage Harbor. Some useful commands are shown below and must be run in the
same directory as docker-compose.yml.
Modify the Harbor.cfg configuration file
To change the configuration file of Harbor, first stop the existing Harbor instance and update Harbor.cfg; then
run the prepare script to fill the configuration; finally, recreate and start the Harbor instance.

1.停止现有的 Harbor 实例
docker-compose down -v
[root@localhost harbor]# pwd
/usr/local/harbor
[root@localhost harbor]# ls
common                     docker-compose.yml     harbor.v1.2.2.tar.gz  NOTICE
docker-compose.clair.yml   harbor_1_1_0_template  install.sh            prepare
docker-compose.notary.yml  harbor.cfg             LICENSE               upgrade
2.更新 Harbor.cfg
[root@localhost harbor]# vim Harbor.cfg
3.运行 prepare 脚本来填充配置
[root@localhost harbor]# ./prepare
4.重新创建并启动 Harbor 的实例
如果出现如下报错: docker-compose up -d
Creating network "harbor_harbor" with the default driver
ERROR: Failed to Setup IP tables: Unable to enable SKIP DNAT rule: (iptables failed: iptables -- wait -t nat -I DOCKER -i br-25094fc09b3c -j RETURN: iptables: No chain/target/match by that name.
(exit status 1))
解决方法:关闭防火墙后, 解决:关闭防火墙后, docker需要重启 
systemctl restart docker 
docker-compose up -d

//Create user chen and create it as a developer of the myimages project
Insert picture description here
Insert picture description here

#Operation on the client: log in with the newly created developer user

[root@localhost ~]# docker logout 14.0.0.20
Removing login credentials for 14.0.0.20
[root@localhost ~]# docker login 14.0.0.20
Username: chen      #使用新创建的开发人员用户
Password:
[root@localhost ~]# docker pull 14.0.0.20/myimages/nginx:v1
v1: Pulling from myimages/nginx
Digest: sha256:794275d96b4ab96eeb954728a7bf11156570e8372ecd5ed0cbc7280313a27d19
Status: Image is up to date for 14.0.0.20/myimages/nginx:v1
14.0.0.20/myimages/nginx:v1
[root@localhost ~]# docker images
REPOSITORY                 TAG                 IMAGE ID            CREATED             SIZE
14.0.0.20/myimages/nginx   v1                  7e4d58f0e5f3        13 days ago         133MB
14.0.0.20/myimages/nginx   v2                  7e4d58f0e5f3        13 days ago         133MB

#Remove Harbor service container while keeping mirror data/database

//在 Harbor服务器上操作 docker-compose down -v
Stopping nginx ... done
Stopping harbor-jobservice ... done
Stopping harbor-ui ... done
Stopping registry ... done
Stopping harbor-db ... done
...省略内容

If you need to redeploy, you need to remove all data in the Harbor service container.
Persistent data, such as mirrors, databases, etc., are in the /data/ directory of the host, and logs are in the /var/log/Harbor/ directory of the host.

rm -rf /data/database/
rm -rf /data/registry/

Guess you like

Origin blog.csdn.net/chengu04/article/details/108770872
Recommended
微软回应中国区AI团队“打包赴美”传闻
Ranking
How to use ChatGPT to write 100,000+ hot articles for public accounts (includes prompt words)
sudo echo command execution Permission denied
ADO: Using Transactions to Operate Oracle Database
[Java] [Class and Object] equals, hashCode, clone methods
Linux virtual host function
Порт управления rabbitmq открыт
on,where
jQuery WeUI
How can there be a weed pilot in Hangzhou?
tcp / ip model four
Daily
More
2024-05-15(5)
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)

Code World

© 2018 codetd.com