Shulou(Shulou.com)06/01 Report--

This article introduces the knowledge of "deploying private Mirror services with Docker image warehouse Harbor". In the operation of actual cases, many people will encounter such a dilemma. Next, let the editor lead you to learn how to deal with these situations. I hope you can read it carefully and be able to achieve something!

Harbor is VMware's recent open source enterprise Docker Registry project (https://github.com/vmware/harbor)). Its goal is to help users quickly build an enterprise-level Docker registry service. It provides the management of UI, role-based access control (Role Based Access Control), AD/LDAP integration, and audit log (Audit logging) and other functions of enterprise users, while also native support for Chinese. Each component of Harbor is built in the form of a Docker container, which is deployed using Docker Compose.

Rapid deployment method

Harbor is deployed using Docker-compose, and all subsequent configurations and deployments are in the

$HARBOR_HOME/Deploy/

Directory, so unless otherwise specified, the working directory is all under that directory.

First, you need to make a simple configuration. The configuration file is harbor.cfg, and the configuration items are as follows:

Hostname:hostname is an externally accessible address, namely bind addr, which is usually set to local public IP. If DNS is used internally, the hostname can be set.

Auth_mode:Harbor supports two authentication methods. The default is local storage, that is, account information is stored under mysql. This article first uses local storage. Another authentication method, LDAP, will be described separately in the following chapters.

After setting up, the configuration file is:

Run the. / prepare script to update the configuration. Once the configuration is complete, you can quickly deploy Harbor using docker-compose:

Docker-compose up-d

After the installation is complete, access Web UI, address: http://bind_addr, that is, the configured hostname address, port 80. As shown in the figure:

Next, we upload an image. Take the ubuntu image as an example, first pull the ubuntu image from docker hub:

Docker pull ubuntu:14.04

Then label the image with a new tag in the format of Harbor address / project name / image name: image label, such as:

Docker tag ubuntu:14.04\

42.62.x.x/library/ubuntu:14.04

Push our image to the Harbor repository:

Docker push ubuntu:14.04\

42.62.x.x/library/ubuntu:14.04

Assume that no python image exists locally:

After our first pull python, Harbor found that the image did not exist, so he pulled it in Docker Hub as a proxy, and saved it locally, which can be viewed through Web UI. When the client pulls the python image again, the speed is greatly improved because the image already exists in Harbor, so there is no need to pull it to Docker Hub.

Docking LDAP authentication

Harbor supports two authentication methods. The default is local storage, that is, account information is stored under mysql, as described above. Next, another authentication method, LDAP, is introduced, which only needs to modify the configuration file. You need to provide the ldap url and ldap basedn parameters, and set auth_mode to ldap_auth.

Rapid deployment of LDAP services

For testing convenience, we use Docker to start a LDAP server with the following startup script:

! / bin/bash

NAME=ldap_server

Docker rm-f $NAME 2 > / dev/null

Docker run-- env LDAP_ORGANISATION= "Unitedstack Inc." >

-env LDAP_DOMAIN= "ustack.com"\

-env LDAP_ADMIN_PASSWORD= "admin_password"\

-v pwd/containers/openldap/data:/var/lib/ldap\

-v pwd/containers/openldap/slapd.d:/etc/ldap/slapd.d\

-detach-name $NAME osixia/openldap:1.1.2

To create a new user, you first need to define the ldif file, new_user.ldif:

Dn: uid=test,dc=ustack,dc=com

Uid: test

Cn: test

Sn: 3

ObjectClass: top

ObjectClass: posixAccount

ObjectClass: inetOrgPerson

LoginShell: / bin/bash

HomeDirectory: / home/test

UidNumber: 1001

GidNumber: 1001

UserPassword: 1q2w3e4r

Mail: test@example.com

Gecos: test

Create a new user with the following script, where ldap_server is the name of the LDAP service container.

Docker cp new_user.ldif ldap_server:/

Docker exec ldap_server ldapadd-x\

-D "cn=admin,dc=ustack,dc=com"\

-w admin_password\

-f / new_user.ldif-ZZ

Check to see if the user created successfully:

Docker exec ldap_server ldapsearch-x-h localhost\

-b dc=ustack,dc=com-D "cn=admin,dc=ustack,dc=com"\

-w admin_password

Check whether the test user exists. If so, the creation is successful. Otherwise, you need to use docker logs to view the log.

Configure Harbor to use LDAP authentication

Modify the LDAP configuration item in the harbor.cfg file as follows:

Auth_mode = ldap_auth

Ldap_url = ldap://42.62.x.x

Ldap_basedn = uid=%s,dc=ustack,dc=com

Then redeploy Harbor:

. / prepare

Docker-compose stop

Docker-compose rm-f

Docker-compose up-d

Test whether you can log in using the test user:

Docker login-u test-p 1q2w3e4r\

-e test@example.com 42.62.x.x

This is the end of "deploying Private Mirror Services with Docker Image Warehouse Harbor". Thank you for reading. If you want to know more about the industry, you can follow the website, the editor will output more high-quality practical articles for you!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.