Installation and configuration of enterprise-level mirror warehouse Harbor
Harbor
Harbor overview
Harbor is an open source container image warehouse management system with rich security and management functions. It can build private warehouses in enterprise environments and provide features such as reliability, multi-tenant support, and customizability.
Official website:https://goharbor.io/
GitHub:https://github.com/goharbor/harbor
Harbor aims to provide enterprise-level image management solutions with the following features and functions:
safety:
Harbor provides a rich set of security features, including user authentication and authorization, image signature verification, access control, vulnerability scanning, etc. This helps you protect your images from malicious attacks and exploits.
Credibility:
Harbor supports digital signing and verification of images to ensure their integrity and trustworthy origin. You can use a custom or third-party certificate to sign and verify the authenticity of your image.
Multi-tenant support:
Harbor supports multiple projects and multiple warehouses, which can be grouped and managed according to different organizations, teams or projects. Each project can have its own user permissions and access control policies.
Customizability:
Harbor provides flexible configuration options and expansion mechanisms that can be customized according to your needs. You can adjust configurations such as storage, networking, and authentication to suit different environments and needs.
high performance:
Harbor uses caching and replication strategies to improve image access speed and availability. It supports multiple mirror storage backends, including local storage, S3 storage, etc.
User-friendly interface:
Harbor provides an intuitive and easy-to-use web interface that can easily manage images, projects, users, access permissions, etc.
Install Harbor
Download the Harbor binary file for installation. Harbor installation and configuration reference:
https://goharbor.io/docs/2.9.0/install-config/
Download offline installation package
wget https://github.com/goharbor/harbor/releases/download/v2.7.3/harbor-offline-installer-v2.7.3.tgz
Unzip the installation package
tar -zxvf harbor-offline-installer-v2.7.3.tgz
[root@master harbor]# ls
common.sh harbor.v2.7.3.tar.gz harbor.yml.tmpl install.sh LICENSE prepare
Enter the Harbor directory
cd harbor
Configure Harbor
cp harbor.yml.tmpl harbor.yml
vim harbor.yml
# 当前节点主机名或IP
hostname: 112.74.96.150
# http端口配置
http:
port: 8080
# 这里不使用https,注释该配置
#https:
# https port for harbor, default is 443
# port: 443
# The path of cert and key files for nginx
# certificate: /your/certificate/path
# private_key: /your/private/key/path
# Harbor UI的初始密码
harbor_admin_password: Harbor12345
# The default data volume
data_volume: /usr/local/program/harbor/data
Run the installer script
After configuring harbor.yml, you can use the install.sh script to install and start Harbor.
./install.sh
If the installation is successful, the following log will be output:
[Step 5]: starting Harbor ...
[+] Running 10/10
✔ Network harbor_harbor Created 0.1s
✔ Container harbor-log Started 0.1s
✔ Container registryctl Started 0.2s
✔ Container harbor-db Started 0.1s
✔ Container redis Started 0.1s
✔ Container registry Started 0.1s
✔ Container harbor-portal Started 0.2s
✔ Container harbor-core Started 0.1s
✔ Container harbor-jobservice Started 0.1s
✔ Container nginx Started 0.1s
✔ ----Harbor has been installed and started successfully.----
View the docker image, and a list of images related to hardor will appear.
[root@master harbor]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
62343618f630 goharbor/nginx-photon:v2.7.3 "nginx -g 'daemon of…" About a minute ago Up About a minute (healthy) 0.0.0.0:8080->8080/tcp nginx
a39ecd6eddf1 goharbor/harbor-jobservice:v2.7.3 "/harbor/entrypoint.…" About a minute ago Up About a minute (healthy) harbor-jobservice
f0c1a4957d04 goharbor/harbor-core:v2.7.3 "/harbor/entrypoint.…" About a minute ago Up About a minute (healthy) harbor-core
f64062148ccf goharbor/harbor-registryctl:v2.7.3 "/home/harbor/start.…" About a minute ago Up About a minute (healthy) registryctl
6fc3d92cc65f goharbor/harbor-db:v2.7.3 "/docker-entrypoint.…" About a minute ago Up About a minute (healthy) harbor-db
fc9917cad78e goharbor/harbor-portal:v2.7.3 "nginx -g 'daemon of…" About a minute ago Up About a minute (healthy) harbor-portal
8622fab2670f goharbor/registry-photon:v2.7.3 "/home/harbor/entryp…" About a minute ago Up About a minute (healthy) registry
27e3ba43f9f8 goharbor/redis-photon:v2.7.3 "redis-server /etc/r…" About a minute ago Up About a minute (healthy) redis
feef079dcbd4 goharbor/harbor-log:v2.7.3 "/bin/sh -c /usr/loc…" About a minute ago Up About a minute (healthy) 127.0.0.1:1514->10514/tcp harbor-log
Log in
Browser access http://IP:8080
Use username: admin, configured password: Harbor12345to log in
Starting and stopping Harbor
Stop Harbor
[root@master harbor]# docker-compose stop
[+] Running 9/9
⠿ Container harbor-jobservice Stopped 0.0s
⠿ Container nginx Stopped 0.0s
⠿ Container registryctl Stopped 10.2s
⠿ Container harbor-portal Stopped 0.3s
⠿ Container harbor-core Stopped 0.0s
⠿ Container harbor-db Stopped 0.4s
⠿ Container registry Stopped 0.2s
⠿ Container redis Stopped 0.5s
⠿ Container harbor-log Stopped 10.2s
Start Harbor
[root@master harbor]# docker-compose start
[+] Running 9/9
⠿ Container harbor-log Started 0.3s
⠿ Container redis Started 0.9s
⠿ Container registryctl Started 0.7s
⠿ Container harbor-portal Started 1.0s
⠿ Container harbor-db Started 0.8s
⠿ Container registry Started 1.0s
⠿ Container harbor-core Started 0.3s
⠿ Container nginx Started 0.5s
⠿ Container harbor-jobservice Started
Log in to Harbor warehouse
To log in to the Harbor private repository, execute the following command to log in to the Harbor repository:
docker login <Harbor仓库地址>
Login exception
[root@master harbor]# docker login 112.74.96.150:8080
Username: admin
Password:
Error response from daemon: Get "https://112.74.96.150:8080/v2/": http: server gave HTTP response to HTTPS client
reason:
By default, it communicates with the Harbor warehouse through the HTTPS protocol, but the Harbor warehouse is only configured with the HTTP service and does not enable the HTTPS service.
solution
Option One:
Find the directory where docker.service is located
[root@master harbor]# find / -name docker.service -type f
/usr/lib/systemd/system/docker.service
edit vim /usr/lib/systemd/system/docker.service
Modify this line of configuration:
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
Use --insecurethe option to skip https certificate verification, change it to the following:
ExecStart=/usr/bin/dockerd --insecure-registry 112.74.96.150:8080 -H fd:// --containerd=/run/containerd/containerd.sock
Option II:
Modify
/etc/docker/daemon.jsonthe file, add configuration, and specify the IP address of the mirror warehouse
{
"insecure-registries": ["112.74.96.150"]
}
Log in
Reload configuration and restart docker
systemctl daemon-reload
systemctl restart docker
Log in again
Note: You may need to restart Harbor
[root@master harbor]# docker login 112.74.96.150:8080
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
quit
Exit the login status of Harbor private warehouse
docker logout <Harbor仓库地址>
[root@master ~]# docker login 112.74.96.150:8080
Authenticating with existing credentials...
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
Push and pull Harbor image
Image naming convention
There are certain naming conventions for Harbor’s image name. The difference is that the project name must be used as part of the image name. For details, please refer to the following example.
Build image
docker build -t <Harbor仓库地址>/<项目名称>/<镜像名称>:<标签> .
Push the image to the Harbor repository
docker push <Harbor仓库地址>/<项目名称>/<镜像名称>:<标签>
Pull Harbor image
docker pull <Harbor仓库地址>/<项目名称>/<镜像名称>:<标签>
Create project
Create a project in the Harbor repository interface or using the Harbor API
Interface creation
Harbor API creation
curl -X POST -u username:password -H "Content-Type: application/json" -d '{
"project_name": "projectname",
"public": 1,
"content_trust": "disabled"
}' https://<Harbor仓库地址>/api/projects
Push image
Pull a test image
[root@master ~]# docker pull testcontainers/helloworld
View this image
[root@master ~]# docker images | grep hello
testcontainers/helloworld latest 6974669be52b 2 years ago 12.7MB
Mark the local image and put it into the Harbor warehouse
Note: One more level is required as the project name
[root@master harbor]# docker tag testcontainers/helloworld:latest 112.74.96.150:8080/projectname/helloworld:v1
View the image again
[root@master harbor]# docker images | grep hello
112.74.96.150:8080/projectname/helloworld v1 6974669be52b 2 years ago 12.7MB
testcontainers/helloworld latest 6974669be52b 2 years ago 12.7MB
Push the local image to the mirror warehouse (you need to log in to the mirror warehouse first)
[root@master harbor]# docker push 112.74.96.150:8080/projectname/helloworld:v1
The push refers to repository [112.74.96.150:8080/projectname/helloworld]
802cca11a560: Pushing [============================================> ] 6.194MB/7.019MB
80b7fe966245: Pushed
50644c29ef5a: Pushing [=============================================> ] 5.068MB/5.575MB
Log in to Harbor and check projectnameunder the new project. One image has been successfully pushed.
Pull image
Delete existing image
[root@master harbor]# docker images | grep hello
112.74.96.150:8080/projectname/helloworld v1 6974669be52b 2 years ago 12.7MB
testcontainers/helloworld latest 6974669be52b 2 years ago 12.7MB
[root@master harbor]# docker rmi 112.74.96.150:8080/projectname/helloworld:v1
Untagged: 112.74.96.150:8080/projectname/helloworld:v1
Untagged: 112.74.96.150:8080/projectname/helloworld@sha256:4ee5a832ef6eee533df7224b80d4cceb9ab219599014f408d0b69690be94c396
[root@master harbor]# docker rmi testcontainers/helloworld:latest
Untagged: testcontainers/helloworld:latest
Untagged: testcontainers/helloworld@sha256:4ee5a832ef6eee533df7224b80d4cceb9ab219599014f408d0b69690be94c396
Pull the image from Harbor
[root@master harbor]# docker pull 112.74.96.150:8080/projectname/helloworld:v1
v1: Pulling from projectname/helloworld
df20fa9351a1: Downloading [==========> ] 614.1kB/2.798MB
7d694ce25b07: Download complete
99f5116afda5: Downloading [================================> ]
2.389MB/3.655MB
View the pulled image
[root@master harbor]# docker images | grep hell
112.74.96.150:8080/projectname/helloworld v1 6974669be52b 2 years ago 12.7MB