Shulou(Shulou.com)06/02 Report--

Harbor

A brief introduction to Harbor

Harbor is vmware's open source enterprise registry, which allows you to quickly build your own private registry,harbor extension docker's registry, so that harbor supports:

Role-based access control of 1pyrrine RBAC

2, policy-based mirror replication

3Perfect LDAPmax AD support

4. Image deletion and garbage cleanup

5Jing Novell image signature

6, user interface

7, audit

8,RESTful api

Second, Harbor module

Harbor mainly has six modules. By default, each harbor component is encapsulated into a docker container, so you can deploy harbor through compose, which is run in 8 containers and can be viewed through docker-compose ps.

Harbor-adminserver:harbor system management interface, which can modify system configuration and obtain system information.

Harbor-db: stores metadata, users, rules, replication policies, and other information about the project

Harbor-jobservice:harbor is mainly used for synchronization of image repositories.

Harbor-log: collect log information for other harbor. Rsyslogd

Harbor-ui: a user interface module for managing registry. Mainly the interface between the front-end page and the back-end CURD

A reverse proxy component of nginx:harbor that proxies services such as registry, ui, token, etc. This agent forwards various requests from harbor web and docker client to the back-end service. It's a nginx. Nginx is responsible for traffic forwarding and security verification. All external traffic is forwarded from nginx. It distributes traffic to ui at the back end and docker registry that is mirrored in docker storage.

Registry: a service that stores docker images and provides pull/push services. Harbor needs to control the access of image. Every time client performs pull or push, registry needs client to go to the token service to obtain an available token.

Redis: storing cache information

III. Installation

1. Environmental preparation.

Operating system: Centos 7.2

IP:192.168.1.22

Docker 17.03.2-ce

Docker-compose installation

Curl-L https://github.com/docker/compose/releases/download/1.23.0-rc3/docker-compose-`uname-s`-`uname-m`-o / usr/local/bin/docker-composechmod + x / usr/local/bin/docker-compose

Harbor-offline-installer-v1.5.1.tgz offline package download

Wget https://storage.googleapis.com/harbor-releases/release-1.5.0/harbor-offline-installer-v1.5.1.tgz

2, extract and modify the configuration file

Cp harbor-offline-installer-v1.5.1.tgz / data/; tar zxvf harbor-offline-installer-v1.5.1.tgz

Vim / data/harbor/harbor.cfg

Hostname = 192.168.1.22#ssl_cert = / data/cert/server.crt#ssl_cert_key = / data/cert/server.keyui_url_protocol = http / / Protocol max_job_workers = 50 / / maximum concurrent request customize_crt = on / / whether to use custom certificate harbor_admin_password = Harbor12345 / / administrator password db_password = root123 / / mysql password If you do not modify it, a mysql container will be started by default and the password is root123.

3, install

/ bin/sh install.sh

View harbor image

Docker images

Docker-compose View

Docker-compose ps

Fourth, log in to harbor & & Image upload and download

Default password: admin/Harbor12345

The password can be changed in the harbor.cfg configuration file

Management interface:

Upload image

Modify docker startup configuration file docker.service

Add-- insecure-registry=192.168.1.22ExecStart=/usr/bin/dockerd-- storage-driver=overlay2-- insecure-registry=192.168.1.22 after ExecStart

An error will be reported if it is not configured:

Restart docker

Systemctl daemon-reload systemctl restart docker.service

Log in to harbor with CLI

Docker login 192.168.1.22

Image tagging

Docker push 192.168.1.22/szs/mysql_db:latest

Background view

download

Environment: 192.168.1.20

System: Centos 7.2

Install docker

Modify the configuration file: docker.service

ExecStart=/usr/bin/dockerd-storage-driver=overlay2-insecure-registry=192.168.1.22

Restart

Systemctl daemon-reload systemctl restart docker.service

Connect to the image repository

Docker login 192.168.1.22

Because there is authentication, otherwise an error will be reported

Docker pull 192.168.1.22/szs/mysql_db

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.