harbor properties
1, role-based access control: user and repository through the "Project" organization, the user can have different permissions to multiple mirror warehouse unified namespace.
2, mirror copy: can be copied (synchronous) between the image and a graph having a plurality of instances based Registry. If any errors occur, Harbor will automatically retry replication. Very suitable for load balancing, high availability, multiple data centers, and mixing cloudy scene.
3, LDAP / AD support: Harbor with existing enterprise LDAP / AD integration, for user authentication and management, and support for importing Harbor LDAP groups and assign the appropriate project roles.
Mirror deletion and garbage collection: images can be deleted and its space can be recovered.
4. Internationalization: Support multi-language (already has Chinese, English, German, Japanese and Russian);
5, the graphical user interface: Users can easily browse, search and manage the repository project.
6, Audit Management: Track all operations to the repository.
7, RESTful API: RESTful API for most operations management, easy integration with external systems. Swagger an embedded user interface can be used to explore and test the API.
Simple deployment: online and offline installer. In addition, it is possible to install (OVA way) virtual device vSphere platform.
Harbor Components
1, proxy: Harbor components, such as the registry, and the UI token service, are located behind a reverse proxy. Agent will request from the browser client and Docker forward to a variety of back-end services.
2, Registry: responsible for storing and processing image Docker Docker push / pull command. Because the image needs to be Harbor Access Control, Registry will direct client access token service to obtain a valid token (token) to pull or push each request.
3, Core Service: Harbor's core functionality, mainly to provide the following services:
1) the UI: providing an image of a graphical user interface to help users who manage images and user authorization.
2) webhook: where timely access to the registry state change images arranged on Registry webhook, the state change is transmitted UI module;
. 3) the Token Token Service: The user roles responsible for the project for each docker push / pull command issued token. If there is no token from the request sent by the client in the Docker, the registry will redirect the request to the token service.
4, Datebase: core services in order to provide comfortable database, is responsible for storing user permissions, audit logs, Docker image grouping information and other data.
5, Job Services: responsible for providing remote mirroring function, which can be synchronized to a local mirror of the other harbor instance.
6, Log Collector: To help monitor Harbor operation, is responsible for the other components of the cell phone log for future analysis.
Deployment environment
centos-7.6 192.168.8.130
Docker version 1.19.3
docker-compose version 1.24.2
harbor-offline-installer-v1.8.6.tgzInstallation docker-compose
方式1:
[root@centos130 ~]# curl -L https://github.com/docker/compose/releases/download/1.24.1/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose
[root@centos130 ~]# chmod +x /usr/local/bin/docker-compose
方式2:
[root@centos130 ~]# wget https://bootstrap.pypa.io/get-pip.py
[root@centos130 ~]# python get-pip.py
[root@centos130 ~]# pip install docker-composeInstallation docker
[root@centos130 ~]# yum install -y yum-utils device-mapper-persistent-data lvm2
添加一个稳定的源
[root@centos130 ~]# yum-config-manager --add-repo \
http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
[root@centos130 ~]# yum makecache fast
安装最新稳定版本的docker-ce
[root@centos130 ~]# yum install -y docker-ce docker-ce-cli containerd.io vim
[root@centos130 ~]# mkdir /etc/docker && vim /etc/docker/daemon.json
{
"registry-mirrors": ["https://yxrgrke0.mirror.aliyuncs.com"],
"insecure-registries": ["192.168.8.130:5000"],
"insecure-registries": ["centos130:80"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m",
"max-file": "3"
}
}
启动docker
[root@centos130 ~]# systemctl daemon-reload
[root@centos130 ~]# systemctl enable docker && systemctl start docker
[root@centos130 ~]# systemctl status dockerInstallation harbor
harbor下载地址:
harbor github 地址 https://github.com/goharbor/harbor
http://harbor.orientsoft.cn/
[root@centos130 ~]# wget https://storage.googleapis.com/harbor-releases/release-1.8.6/harbor-offline-installer-v1.8.6.tgz
[root@centos130 ~]# tar -xf harbor-offline-installer-v1.8.6.tgz -C /usr/local/
[root@centos130 ~]# cd /usr/local/harbor/
[root@centos130 ~]# vim harbor.yml
hostname = centos130
#这里只是简单的测试,所以只编辑这一行,其他的默认不做修改Execute the installation script:
[root@centos130 ~]# ./instsll.sh
说明:安装报错 找不到docker-proxy 、 docker-runc
执行
[root@centos130 ~]# ln -s /usr/libexec/docker/docker-runc-current /usr/bin/docker-runc
[root@centos130 ~]# ln -s /usr/libexec/docker/docker-proxy-current /usr/bin/docker-proxy查看启动的镜像文件
[root@centos130 ~]# docker-compose ps
Harbor容器的stop与start:
[root@centos130 ~]# cd /usr/local/harbor/
[root@centos130 ~]# docker-compose stop
[root@centos130 ~]# docker-compose startThis will be the installation is complete, open the browser directly to the landing, and create my project:
The default user password is: admin / Harbor12345
Shell command-line terminal login harbor warehouse
[root@centos130 ~]# harbor上传镜像
[root@centos130 ~]# docker login centos130:80
[root@centos130 ~]# docker login -u admin -p Harbor12345 centos130:80 #账号密码: admin/Harbor12345
Username: admin
Password:
Login SucceededTest image upload
[root@centos130 ~]# docker pull nginx
[root@centos130 ~]# docker tag nginx:latest centos130:80/my/nginx:latest
[root@centos130 ~]# docker images
[root@centos130 ~]# docker push centos130:80/my/nginx:latest
The push refers to repository [centos130:80/my/nginx]
55a77731ed26: Pushed
71f2244bc14d: Pushed
f2cb0ecef392: Pushed
latest: digest: sha256:3936fb3946790d711a68c58be93628e43cbca72439079e16d154b5db216b58da size: 948
说明: 格式为: userip/项目名/image名字:版本号 (项目名需要在webui 提前建好)
[root@centos130 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos130:80/my/nginx:latest latest 5a3221f0137b 5 days ago 126MB
nginx latest 5a3221f0137b 5 days ago 126MB
删除本地nginx镜像,测试下载
[root@centos130 ~]# docker pull centos130:80/my/nginx:latestharbor modify the port number
1, modify docker-compose.yml file mapped to port 1180:
修改配置文件
[root@centos130 ~]# cat /usr/local/harbor/docker-compose.yml
version: '2.3'
services:
log:
image: goharbor/harbor-log:v1.8.6
container_name: harbor-log
restart: always
dns_search: .
cap_drop:
- ALL
cap_add:
- CHOWN
- DAC_OVERRIDE
- SETGID
- SETUID
volumes:
- /var/log/harbor/:/var/log/docker/:z
- ./common/config/log/:/etc/logrotate.d/:z
ports:
- 127.0.0.1:1514:10514
networks:
- harbor
registry:
image: goharbor/registry-photon:v2.7.1-patch-2819-v1.8.6
container_name: registry
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
volumes:
- /data/registry:/storage:z
- ./common/config/registry/:/etc/registry/:z
- type: bind
source: /data/secret/registry/root.crt
target: /etc/registry/root.crt
networks:
- harbor
dns_search: .
depends_on:
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "registry"
registryctl:
image: goharbor/harbor-registryctl:v1.8.6
container_name: registryctl
env_file:
- ./common/config/registryctl/env
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
volumes:
- /data/registry:/storage:z
- ./common/config/registry/:/etc/registry/:z
- type: bind
source: ./common/config/registryctl/config.yml
target: /etc/registryctl/config.yml
networks:
- harbor
dns_search: .
depends_on:
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "registryctl"
postgresql:
image: goharbor/harbor-db:v1.8.6
container_name: harbor-db
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- DAC_OVERRIDE
- SETGID
- SETUID
volumes:
- /data/database:/var/lib/postgresql/data:z
networks:
harbor:
dns_search: .
env_file:
- ./common/config/db/env
depends_on:
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "postgresql"
core:
image: goharbor/harbor-core:v1.8.6
container_name: harbor-core
env_file:
- ./common/config/core/env
restart: always
cap_drop:
- ALL
cap_add:
- SETGID
- SETUID
volumes:
- /data/ca_download/:/etc/core/ca/:z
- /data/psc/:/etc/core/token/:z
- /data/:/data/:z
- ./common/config/core/certificates/:/etc/core/certificates/:z
- type: bind
source: ./common/config/core/app.conf
target: /etc/core/app.conf
- type: bind
source: /data/secret/core/private_key.pem
target: /etc/core/private_key.pem
- type: bind
source: /data/secret/keys/secretkey
target: /etc/core/key
networks:
harbor:
dns_search: .
depends_on:
- log
- registry
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "core"
portal:
image: goharbor/harbor-portal:v1.8.6
container_name: harbor-portal
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
- NET_BIND_SERVICE
networks:
- harbor
dns_search: .
depends_on:
- log
- core
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "portal"
jobservice:
image: goharbor/harbor-jobservice:v1.8.6
container_name: harbor-jobservice
env_file:
- ./common/config/jobservice/env
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
volumes:
- /data/job_logs:/var/log/jobs:z
- type: bind
source: ./common/config/jobservice/config.yml
target: /etc/jobservice/config.yml
networks:
- harbor
dns_search: .
depends_on:
- redis
- core
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "jobservice"
redis:
image: goharbor/redis-photon:v1.8.6
container_name: redis
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
volumes:
- /data/redis:/var/lib/redis
networks:
harbor:
dns_search: .
depends_on:
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "redis"
proxy:
image: goharbor/nginx-photon:v1.8.6
container_name: nginx
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
- NET_BIND_SERVICE
volumes:
- ./common/config/nginx:/etc/nginx:z
networks:
- harbor
dns_search: .
ports:
- 1180:80
- 443:443
- 4443:4443
depends_on:
- postgresql
- registry
- core
- portal
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "proxy"
networks:
harbor:
external: false2, modify /etc/docker/daemon.json file will modify the 1180 port 80:
修改daemon配置
[root@centos130 ~]# cat /etc/docker/daemon.json
{
"registry-mirrors": ["https://yxrgrke0.mirror.aliyuncs.com"],
"insecure-registries": ["192.168.8.130:5000"],
"insecure-registries": ["centos130:1180"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m",
"max-file": "3"
}
}3, modify /usr/locat/harbor/harbor.yml file hostname
修改hostname配置
cat /usr/locat/harbor/harbor.yml
hostname: centos130:11803. Stop harbor, reboot and generate a configuration file:
重新初始化
[root@centos130 ~]# cd /usr/locat/harbor/
[root@centos130 ~]# docker-compose stop
[root@centos130 ~]# ./install.sh4, restart docker:
[root@centos130 ~]# systemctl daemon-reload
[root@centos130 ~]# systemctl restart docker.service- Finally, test verification:
[root@centos130 ~]# docker login centos130:1180 Username: admin Password: Harbor12345 Login Succeeded