Harbor Introduction
Harbor Enterprise Registry is a server for storing and distributing Docker mirrored by adding features necessary for some companies, such as security, identity management, and extends the open source Docker Distribution. As a private enterprise server Registry, Harbor provides better performance and security. Registry user build and enhance the efficiency of the runtime environment of the transmission image. Harbor mirror resources to support replication of nodes installed in multiple Registry, mirroring all saved in a private Registry, ensure data and intellectual property in the company's internal network management and control. In addition, Harbor also provides advanced security features, such as user management, access control and audit activities.
China Harbor is responsible for VMware's R & D team to develop open source enterprise Docker Registry, we not only solve the immediate use of Docker Registry of loss of function, but also solve the high availability we face in the production and use of Docker Registry, mirroring warehouse direct replication, mirroring Warehouse Performance operation and maintenance and other pain points.
Harbor properties
(1) Role-based access control : user and Docker mirror warehouse organization and management through the "Project", a user can have multiple mirror warehouse different permissions in the same namespace (project) in.
(2) mirror copy : mirroring replication (synchronized) at the plurality of instances Registry. Particularly suitable for load balancing, high availability, and hybrid cloud cloudy scene.
(3) Graphical User Interface : Users can browse through the browser, retrieves the current mirror Docker warehouse, manage projects and namespaces.
(4) AD / LDAP support : Harbor can be integrated within the enterprise existing AD / LDAP, for authentication and authorization management.
(5) Audit Management : All operations on the mirror repository can be recorded retroactively for audit management.
(6) international : already has localized versions in English, Chinese, German, Japanese and Russian. More languages will be added.
(7) RESTful API : RESTful API provided to the administrator Harbor for more control, and other management software integration makes it easier.
(8) ease of deployment : online and offline tools installed, you can install the vSphere platform (OVA way) virtual device.
Harbor mainly consists of six components in the architecture:
(1) Proxy : Harbor's registry, UI, token and other services through a unified front to receive a reverse proxy browser, Docker client's request and forwards the request to the backend different services.
(2) Registry : Docker mirror is responsible for storing, processing and docker push / pull command. Since we want the user access control, that is, different users have different read and write access to Docker image, Registry will point to a token service, mandatory user per docker pull / push requests must carry a valid token, Registry will pass public key to decrypt the token verification.
(3) Core services: This is the core functionality Harbor, offers the following services:
1) the UI : provide a graphical interface to help users manage the mirror on the registry (image), and user authorization.
2) webhook : where timely access to the registry image state change, disposed on webhook Registry, the state change is transmitted to the UI module.
3) token service : responsible for each docker push / pull Docker command issued token request initiated by the client to Regiøstry service based on user permissions, if you do not include token, will be redirected to here, and then re-obtain the token to the Registry. request.
(4) Database : provides database services to core services, is responsible for storing user permissions, audit logs, Docker image grouping information and other data.
(5) Job Services: Providing remote mirroring replication can be synchronized to the local mirror Harbor other instances.
(6) the Log Collector : To help monitor Harbor operation, is responsible for collecting the other components of the log, for later analysis.
The relationship between the various components as shown below:
Harbor building
Each component is constructed in the form Harbor Docker container, also using official Docker Compose to deploy it. Docker Compose a template for the deployment Harbor is located harbor / docker-compose.yml, open the template file and found Harbor by seven container consisting of;
(1) nginx : nginx responsible for traffic forwarding and security verification, provide both traffic nginx from transit, so open port 443, https traffic will be distributed to the rear end of ui and are mirrored storage docker docker registry.
(2) harbor-JobService : harbor-JobService are harbor the job management module, job in the harbor which is mainly for mirror synchronization previously used warehouse;
(. 3) harbor-UI : harbor-UI is a web management page, mainly front end CURD page and back-end interface;
(4) Registry : Registry is the primary repository docker, responsible for saving images.
(. 5) harbor-AdminServer : harbor-harbor is AdminServer system management interface may be configured to modify the system and obtain system information.
(6) harbor-db : harbor is harbor-db database, which preserves the job and project personnel rights management systems. Since the harbor is also certified by the data, most of the production processes in the enterprise to the ldap;
(7) harbor-log : harbor log-log is a harbor services, unified management of harbor logs. Syslog container can be seen that the uniform log output by inspect.
These containers are connected together in the form of Docker link, so that each can be accessed by the name of the container between the containers. For end users, only it needs to be exposed proxy (ie, Nginx) service port.
Private Enterprise Storage Mirroring warehouse Harbor
Internet Download docker-compose tool.
https://github.com/docker/compose/releases/tag/1.25.1-rc1
[root@docker02 ~]# tar -zxf docker-compose.tar.gz -C /usr/local/bin/
//解压到命令目录
[root@docker02 ~]# chmod +x /usr/local/bin/docker-compose [root@docker02 ~]# yum -y install yum-utils device-mapper-persistent-data lvm2
//安装依赖包[root@docker02 ~]# docker-compose -v
//查看版本信息
docker-compose version 1.24.0, build 0aa59064The Internet to download and install the harbor.
https://github.com/goharbor/harbor/releases
[root@docker02 ~]# tar -zxf harbor-offline-installer-v1.7.4.tgz -C /usr/local/
//导入harbor离线安装包,解压到/usr/Harbor modify the configuration file, and execute the installation script comes
[root@docker02 ~]# cd /usr/local/harbor/
[root@docker02 harbor]#ls
[root@docker02 harbor]# vim harbor.cfg
hostname = 192.168.1.13 #13 改为本机IP地址
harbor_admin_password = Harbor12345 #harbor密码
[root@docker02 harbor]# ./install.sh
//执行一下自带的安装脚本Landing at harbor in the browser
http://192.168.1.13:80 username: admin, password: Harbor12345
Create a project 
to modify the configuration file docker, connect private warehouse
[root@docker02 harbor]# vim /usr/lib/systemd/system/docker.service
ExecStart=/usr/bin/dockerd --insecure-registry 192.168.1.
13 #13行添加
[root@docker02 harbor]# systemctl daemon-reload
[root@docker02 harbor]# systemctl restart docker
//重启docker[root@docker02 harbor]# docker ps
//发现运行的容器少了很多
[root@docker02 harbor]# docker-compose start
//启动harker的文件中的容器
Landing harbor
[root@docker02 harbor]# docker login -u admin -p Harbor12345 192.168.1.13
//登陆harborUpload a mirror to the warehouse
[root@docker02 harbor]# docker tag centos:7 192.168.1.13/xgp/centos:7
//修改标签
[root@docker02 harbor]# docker push 192.168.1.13/xgp/centos:7
//上传镜像
Adding a second warehouse, test download
[root@docker02 harbor]# vim /usr/lib/systemd/system/docker.service
ExecStart=/usr/bin/dockerd --insecure-registry 192.168.1.
13 #13行添加
[root@docker02 harbor]# systemctl daemon-reload
[root@docker02 harbor]# systemctl restart docker
//重启dockerLanding harbor
[root@docker02 harbor]# docker login -u admin -p Harbor12345 192.168.1.13
//登陆harborJust download the uploaded image
[root@docker01 xxx]# docker pull 192.168.1.13/xgp/centos:7[root@docker01 xxx]# docker images
//查看本地镜像
download successful