A, Harbor Introduction
Develop and run applications Docker containers can not do without reliable image management, although Docker official also provides a common repository mirroring, but in terms of safety and efficiency considerations, deploy Registry within the private environment is also very necessary. Harbor is open from VMware's enterprise-class management of Docker Registry project, which includes rights management (RBAC), LDAP, log auditing, management interface, self-registration, Mirroring and Chinese support functions
Second, prepare the environment
All service components are deployed in Harbor Docker in, so the official installation Docker-compose rapid deployment, so you need to install Docker, Docker-compose. Since Harbor Docker Registry V2 based version, the version requires not less than Docker 1.10.0, Docker-compose version 1.6.0 is not less than
1, install and start docker
Required for installation of the package. Providing yum-utils yum-config-manager utility, and devicemapper-persistent-data storage and lvm2 by the driver need devicemapper
[root@localhost ~]# yum install -y yum-utils device-mapper-persistent-data lvm2
Setting the stability library (choose one)
(Foreign source, slow download)
[root@localhost ~]# yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
(Ali source, fast)
[root@localhost ~]# yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
Installation Docker CE
[root@localhost ~]# yum install -y docker-ce docker-ce-cli containerd.io
Start docker
[root@localhost ~]# systemctl start docker
2, mounting Docker-compose
Download the specified version of docker-compose
[root@localhost ~]# curl -L https://github.com/docker/compose/releases/download/1.13.0/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 617 0 617 0 0 497 0 --:--:-- 0:00:01 --:--:-- 498
100 8079k 100 8079k 0 0 191k 0 0:00:42 0:00:42 --:--:-- 414k
Fu executable binary file permissions
[root@localhost ~]# chmod +x /usr/local/bin/docker-compose
Docker-compose verify whether the installation is successful
[root@localhost ~]# docker-compose --version
docker-compose version 1.13.0, build 1719ceb
Three, Harbor Services to build and launch
1, download the installation files Harbor
https://github.com/goharbor/harbor/releases download the specified version of the installation package from the GitHub
[root@localhost ~]# mkdir -p /harbor
[root@localhost ~]# cd /harbor/
[root@localhost harbor]# yum -y install wget
[root@localhost harbor]# wget https://github.com/vmware/harbor/releases/download/v1.1.2/harbor-online-installer-v1.1.2.tgz
[root@localhost harbor]# ll
-rw-r--r--. 1 root root 100313 Jun 12 2017 harbor-online-installer-v1.1.2.tgz
[root@localhost harbor]# tar -zxvf harbor-online-installer-v1.1.2.tgz
2, the configuration harbor
[root@localhost harbor]# ll
total 100
drwxr-xr-x. 3 root root 203 Jul 19 02:47 harbor
-rw-r--r--. 1 root root 100313 Jun 12 2017 harbor-online-installer-v1.1.2.tgz
[root@localhost harbor]# cd harbor
[root@localhost harbor]# ll
total 392
drwxr-xr-x. 3 root root 23 Jul 19 02:47 common
-rw-r--r--. 1 root root 1988 Jun 12 2017 docker-compose.notary.yml
-rw-r--r--. 1 root root 3155 Jun 12 2017 docker-compose.yml
-rw-r--r--. 1 root root 4304 Jun 12 2017 harbor_1_1_0_template
-rw-r--r--. 1 root root 4085 Jun 12 2017 harbor.cfg
-rwxr-xr-x. 1 root root 5169 Jun 12 2017 install.sh
-rw-r--r--. 1 root root 337600 Jun 12 2017 LICENSE
-rw-r--r--. 1 root root 472 Jun 12 2017 NOTICE
-rwxr-xr-x. 1 root root 16522 Jun 12 2017 prepare
-rwxr-xr-x. 1 root root 4550 Jun 12 2017 upgrade
[root@localhost harbor]# vim harbor.cfg
Detailed profiles harbor.cfg:
# hostname设置访问地址,可以使用ip、域名,不可以设置为127.0.0.1或localhost
hostname = 192.168.14.16
# 访问协议,默认是http,也可以设置https,如果设置https,则nginx ssl需要设置on
ui_url_protocol = http
# mysql数据库root用户默认密码root123,实际使用时修改下
db_password = 123456
max_job_workers = 3
customize_crt = on
ssl_cert = /data/cert/server.crt
ssl_cert_key = /data/cert/server.key
secretkey_path = /data
admiral_url = NA
# 邮件设置,发送重置密码邮件时使用
email_identity =
email_server = smtp.mydomain.com
email_server_port = 25
email_username = [email protected]
email_password = abc
email_from = admin <[email protected]>
email_ssl = false
# 启动Harbor后,管理员UI登录的密码,默认是Harbor12345
harbor_admin_password = 123456
# 认证方式,这里支持多种认证方式,如LADP、本次存储、数据库认证。默认是db_auth,mysql数据库认证
auth_mode = db_auth
# LDAP认证时配置项
ldap_url = ldaps://ldap.mydomain.com
#ldap_searchdn = uid=searchuser,ou=people,dc=mydomain,dc=com
#ldap_search_pwd = password
ldap_basedn = ou=people,dc=mydomain,dc=com
#ldap_filter = (objectClass=person)
ldap_uid = uid
ldap_scope = 3
ldap_timeout = 5
# 是否开启自注册
self_registration = on
# token有效时间,默认30分钟
token_expiration = 30
# 用户创建项目权限控制,默认是everyone(所有人),也可以设置为adminonly(只能管理员)
project_creation_restriction = everyone
verify_remote_cert = on
3, start Harbor
After changing the configuration file in the current directory service will start downloading performed ./install.sh,Harbor dependent mirror according docker-compose.yml directory in the current period, and the detection order to start up individual services. If it fails to perform once again
[root@localhost harbor]# pwd
/harbor/harbor
[root@localhost harbor]# ./install.sh
Harbor dependent mirror and start the service as follows:
[root@localhost harbor]# docker-compose ps
Name Command State Ports
------------------------------------------------------------------------------------------------------------------------------
harbor-adminserver /harbor/harbor_adminserver Up
harbor-db docker-entrypoint.sh mysqld Up 3306/tcp
harbor-jobservice /harbor/harbor_jobservice Up
harbor-log /bin/sh -c crond && rm -f ... Up 127.0.0.1:1514->514/tcp
harbor-ui /harbor/harbor_ui Up
nginx nginx -g daemon off; Up 0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp, 0.0.0.0:80->80/tcp
registry /entrypoint.sh serve /etc/ ... Up 5000/tcp
After startup, hostname to access just set, the default is 80 port, if the port is occupied, can modify docker-compose.yml file, the corresponding port mapping services
Four, Harbor warehouse
1, log Harbor web
Use harbor.cfg admin user login, password is the password
2, Harbor warehouse to upload image
We create a new name for the harbor project, set to private. When the project is public, anyone who has read access to mirror this project. Docker login user does not need the command line will be pulled under the item image.
After the new project, using local admin user submits nginx mirrored Harbor warehouse
3, docker login harbor
[root@localhost ~]# docker login 192.168.14.16
Username: admin
Password:
Error response from daemon: Get https://192.168.14.16/v2/: dial tcp 192.168.14.16:443: connect: connection refused
Solution:
Find docker. Where the position serevice
[root@localhost ~]# find / -name docker.service -type f
/usr/lib/systemd/system/docker.service
Modify the configuration file,
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
Review of: ExecStart = / usr / bin / dockerd --insecure-registry = http: //192.168.14.16
4, restart the docker services:
[root@localhost ~]# systemctl daemon-reload
[root@localhost ~]# systemctl restart docker
Restart after the discovery of docker-compse has stopped, we need to re-execute ./install sh
[root@localhost ~]# docker-compose ps
ERROR:
Can't find a suitable configuration file in this directory or any
parent. Are you in the right directory?
Supported filenames: docker-compose.yml, docker-compose.yaml
[root@localhost ~]# cd /harbor/
[root@localhost harbor]# cd harbor
[root@localhost harbor]# pwd
/harbor/harbor
[root@localhost harbor]# ./install.sh
5, log in again
[root@localhost ~]# docker login 192.168.14.16
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
6, to an existing image to play tag
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
vmware/harbor-jobservice v1.1.2 4ef0a7a33734 2 years ago 163MB
vmware/harbor-ui v1.1.2 4ee8f190f366 2 years ago 183MB
vmware/harbor-adminserver v1.1.2 cdcf1bed7eb4 2 years ago 142MB
vmware/harbor-db v1.1.2 fcb8aa7a0640 2 years ago 329MB
vmware/registry 2.6.1-photon 0f6c96580032 2 years ago 150MB
vmware/nginx 1.11.5-patched 8ddadb143133 2 years ago 199MB
vmware/harbor-log v1.1.2 9c46a7b5e517 2 years ago 192MB
[root@localhost ~]# docker tag vmware/nginx:1.11.5-patched 192.168.14.16/harbor/nginx:latest
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
vmware/harbor-jobservice v1.1.2 4ef0a7a33734 2 years ago 163MB
vmware/harbor-ui v1.1.2 4ee8f190f366 2 years ago 183MB
vmware/harbor-adminserver v1.1.2 cdcf1bed7eb4 2 years ago 142MB
vmware/harbor-db v1.1.2 fcb8aa7a0640 2 years ago 329MB
vmware/registry 2.6.1-photon 0f6c96580032 2 years ago 150MB
192.168.14.16/harbor/nginx latest 8ddadb143133 2 years ago 199MB
vmware/nginx 1.11.5-patched 8ddadb143133 2 years ago 199MB
vmware/harbor-log v1.1.2 9c46a7b5e517 2 years ago 192MB
7, push to the warehouse
[root@localhost ~]# docker push 192.168.14.16/harbor/nginx:latest
The push refers to repository [192.168.14.16/harbor/nginx]
3569f62067e2: Pushed
3f117c44afbb: Pushed
c4a8b7411af4: Pushed
fe4c16cbf7a4: Pushed
latest: digest: sha256:3dce35afeadd7195877b17bf1514b9e388ed671afe428441fe5e0b02cdc26eeb size: 1160
After a successful upload, log on Web Harbor, select the item harbor, you can view the image just upload the nginx
8, create users and assign permissions
Click User Management System Management, click Create user, enter the relevant information
Add the user just created to harbor project members, click on the item, select the harbor project, click on the member and then click Add members to add a contact Select role
New users will use just upload pull down mirror nginx
Just delete the image first nginx
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
vmware/harbor-jobservice v1.1.2 4ef0a7a33734 2 years ago 163MB
vmware/harbor-ui v1.1.2 4ee8f190f366 2 years ago 183MB
vmware/harbor-adminserver v1.1.2 cdcf1bed7eb4 2 years ago 142MB
vmware/harbor-db v1.1.2 fcb8aa7a0640 2 years ago 329MB
vmware/registry 2.6.1-photon 0f6c96580032 2 years ago 150MB
192.168.14.16/harbor/nginx latest 8ddadb143133 2 years ago 199MB
vmware/nginx 1.11.5-patched 8ddadb143133 2 years ago 199MB
vmware/harbor-log v1.1.2 9c46a7b5e517 2 years ago 192MB
[root@localhost ~]# docker rmi 192.168.14.16/harbor/nginx:latest
Untagged: 192.168.14.16/harbor/nginx:latest
Untagged: 192.168.14.16/harbor/nginx@sha256:3dce35afeadd7195877b17bf1514b9e388ed671afe428441fe5e0b02cdc26eeb
Exit the admin account, the user just created login
[root@localhost ~]# docker logout 192.168.14.16
Removing login credentials for 192.168.14.16
[root@localhost ~]# docker login 192.168.14.16
Username: harbor
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
The harbor pulled in to the local image nginx
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
vmware/harbor-jobservice v1.1.2 4ef0a7a33734 2 years ago 163MB
vmware/harbor-ui v1.1.2 4ee8f190f366 2 years ago 183MB
vmware/harbor-adminserver v1.1.2 cdcf1bed7eb4 2 years ago 142MB
vmware/harbor-db v1.1.2 fcb8aa7a0640 2 years ago 329MB
vmware/registry 2.6.1-photon 0f6c96580032 2 years ago 150MB
vmware/nginx 1.11.5-patched 8ddadb143133 2 years ago 199MB
vmware/harbor-log v1.1.2 9c46a7b5e517 2 years ago 192MB
[root@localhost ~]# docker pull 192.168.14.16/harbor/nginx:latest
latest: Pulling from harbor/nginx
Digest: sha256:3dce35afeadd7195877b17bf1514b9e388ed671afe428441fe5e0b02cdc26eeb
Status: Downloaded newer image for 192.168.14.16/harbor/nginx:latest
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
vmware/harbor-jobservice v1.1.2 4ef0a7a33734 2 years ago 163MB
vmware/harbor-ui v1.1.2 4ee8f190f366 2 years ago 183MB
vmware/harbor-adminserver v1.1.2 cdcf1bed7eb4 2 years ago 142MB
vmware/harbor-db v1.1.2 fcb8aa7a0640 2 years ago 329MB
vmware/registry 2.6.1-photon 0f6c96580032 2 years ago 150MB
192.168.14.16/harbor/nginx latest 8ddadb143133 2 years ago 199MB
vmware/nginx 1.11.5-patched 8ddadb143133 2 years ago 199MB
vmware/harbor-log v1.1.2 9c46a7b5e517 2 years ago 192MB
Fifth, the client push or pull the mirror
1, with reference to the above step, the client installation docker, then start docker
[root@node1 ~]# systemctl start docker
2, any download a nginx
[root@node1 ~]# docker pull nginx
Using default tag: latest
latest: Pulling from library/nginx
0a4690c5d889: Pull complete
9719afee3eb7: Pull complete
44446b456159: Pull complete
Digest: sha256:b4b9b3eee194703fc2fa8afa5b7510c77ae70cfba567af1376a573a967c03dbb
Status: Downloaded newer image for nginx:latest
3, log on to the harbor server
[root@node1 ~]# docker login 192.168.14.16
Username: harbor
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
4、给镜像打tag,注意格式是:仓库IP/harbor仓库名字/镜像名字
[root@node1 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest 98ebf73aba75 34 hours ago 109MB
[root@node1 ~]# docker tag nginx:latest 192.168.14.16/harbor/nginx:new
[root@node1 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.14.16/harbor/nginx new 98ebf73aba75 34 hours ago 109MB
nginx latest 98ebf73aba75 34 hours ago 109MB
[root@node1 ~]# docker push 192.168.14.16/harbor/nginx:new
The push refers to repository [192.168.14.16/harbor/nginx]
589561a3ffb4: Pushed
ef7dbb0cfc81: Pushed
d56055da3352: Pushed
new: digest: sha256:f83b2ffd963ac911f9e638184c8d580cc1f3139d5c8c33c87c3fb90aebdebf76 size: 948
5、这里查看客户端本地镜像>删除镜像>拉取镜像>查看镜像
[root@node1 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.14.16/harbor/nginx new 98ebf73aba75 34 hours ago 109MB
nginx latest 98ebf73aba75 34 hours ago 109MB
[root@node1 ~]# docker rmi 192.168.14.16/harbor/nginx:new
Untagged: 192.168.14.16/harbor/nginx:new
Untagged: 192.168.14.16/harbor/nginx@sha256:f83b2ffd963ac911f9e638184c8d580cc1f3139d5c8c33c87c3fb90aebdebf76
[root@node1 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest 98ebf73aba75 34 hours ago 109MB
[root@node1 ~]# docker pull 192.168.14.16/harbor/nginx:new
new: Pulling from harbor/nginx
Digest: sha256:f83b2ffd963ac911f9e638184c8d580cc1f3139d5c8c33c87c3fb90aebdebf76
Status: Downloaded newer image for 192.168.14.16/harbor/nginx:new
[root@node1 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.14.16/harbor/nginx new 98ebf73aba75 34 hours ago 109MB
nginx latest 98ebf73aba75 34 hours ago 109MB
6、至此,本地和客户端都能正常上传和拉取镜像