Shulou(Shulou.com)06/02 Report--

First, prepare a Linux host

I used a VMware virtual machine with the following configuration:

IP:192.168.1.79

Be sure to allocate the maximum space to / data during installation, because Harbor uses this partition by default

Hardware requirements of the official website

1. Turn on SSH

Systemctl enable sshd

2. Close SELINUX

Vi / etc/sysconfig/selinux

Modify the scarlet letter below

# This file controls the state of SELinux on the system.

# SELINUX= can take one of these three values:

# enforcing-SELinux security policy is enforced.

# permissive-SELinux prints warnings instead of enforcing.

# disabled-No SELinux policy is loaded.

SELINUX=disabled

# SELINUXTYPE= can take one of three two values:

# targeted-Targeted processes are protected

# minimum-Modification of targeted policy. Only selected processes are protected.

# mls-Multi Level Security protection.

SELINUXTYPE=targeted

3. Install rz

Yum-y install lrzsz

After uploading the file, be sure to use the-be parameter (where-b is-binary uploads in binary mode,-e is-escape forces all control characters of escape), otherwise the uploaded file is incomplete.

Rz-be

4. Install wget

Yum-y install wget

5. Replace the yum source to speed up yum

(1) back up the yum source

Mv / etc/yum.repos.d/CentOS-Base.repo / etc/yum.repos.d/CentOS-Base.repo.backup

(2) download the new CentOS-Base.repo to / etc/yum.repos.d/

Wget-O / etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo

Clean the cache

Yum clean all

Regenerate the cache

Yum makecache

6. Turn off the firewall

Systemctl stop firewalld

Systemctl disable firewalld

Second, install Harbor

Official website tutorial: https://github.com/goharbor/harbor/blob/master/docs/installation_guide.md

1. Install the necessary components

For the software requirements of the official website, you can actually install the latest version.

Install python

CentOS7 comes with it by default and is installed.

Install docker

Since Docker has been divided into community version and enterprise version, you can only choose community version to install the latest version, so do not install it directly with yum install docker-y, otherwise you will install the old version of Docker

(1) install the required software packages yum-utils, device-mapper-persistent-data and lvm2

Yum remove docker-latest-logrotate docker-logrotate docker-selinux dockdocker-engine

Yum install-y yum-utils device-mapper-persistent-data lvm2

(2) some domestic users may not be able to connect to the source provided on the official website of docker. Aliyun's mirror node is provided here for testing.

Yum-config-manager-- add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

Rpm-- import http://mirrors.aliyun.com/docker-ce/linux/centos/gpg

Yum makecache fast

Yum-y install docker-ce

Start docker and check the running status

Systemctl start docker

Systemctl status docker

Add service to startup item

Systemctl enable docker

View version

Install docker-compose

Compile and install pip

Https://pypi.org/project/setuptools/

Yum install unzip-y

Unzip setuptools-40.4.3.zip

Cd setuptools-40.4.3

Python setup.py install

Https://pypi.org/project/pip/

Tar-xf pip-18.1.tar.gz

Cd pip-18.1

Python setup.py install

Accelerate pip

Cd ~

Mkdir .pip

Ls / .pip

Vi / .pip/pip.conf

Write

[global]

Index-url = http://mirrors.aliyun.com/pypi/simple/

[install]

Trusted-host=mirrors.aliyun.com

Pip install docker-compose

Pip install docker-compose

Pip install-upgrade docker-compose

View version

Docker-compose-v

2. Install Harbor

(1) download https://github.com/goharbor/harbor/releases from here. PS: no × × cannot be downloaded

Be sure to download the offline offline installation package: https://storage.googleapis.com/harbor-releases/harbor-offline-installer-v1.6.1.tgz

(2) decompression

Tar xvf harbor-offline-installer-v1.6.1.tgz

Move the extracted harbor directory to / data/app/, because the / data partition is partitioned.

Mv harbor / data/app/

(3) Editing vi harbor.cfg files

Cd / data/app/harbor

Cp harbor.cfg harbor.cfg.bak

Vi harbor.cfg

Content:

Hostname = 192.168.1.79

Ui_url_protocol = http

Max_job_workers = 10

Customize_crt = off

Ssl_cert = / data/cert/server.crt

Ssl_cert_key = / data/cert/server.key

Secretkey_path = / data

Admiral_url = NA

Log_rotate_count = 50

Log_rotate_size = 200m

Http_proxy =

Https_proxy =

No_proxy = 127.0.0.1 focus localhost dint ui registry

Email_identity =

Email_server = smtp.mydomain.com

Email_server_port = 25

Email_username = sample_admin@mydomain.com

Email_password = abc

Email_from = admin

Email_ssl = false

Email_insecure = false

Harbor_admin_password = *

Auth_mode = ldap_auth

Self_registration = off

Token_expiration = 60

Project_creation_restriction = everyone

Db_host = postgresql

Db_password = root123

Db_port = 5432

Db_user = postgres

Redis_host = redis

Redis_port = 6379

Redis_password =

Redis_db_index = 1, 2, 3

Clair_db_host = postgresql

Clair_db_password = root123

Clair_db_port = 5432

Clair_db_username = postgres

Clair_db = postgres

Clair_updaters_interval = 12

Uaa_endpoint = uaa.mydomain.org

Uaa_clientid = id

Uaa_clientsecret = secret

Uaa_verify_cert = true

Uaa_ca_cert = / path/to/ca.pem

Registry_storage_provider_name = filesystem

Registry_storage_provider_config =

Registry_custom_ca_bundle =

Explanation:

Do not comment out the original uncommented parameters, otherwise the next step will not be passed. Leave it by default.

Hostname: configure the host name. You cannot set a host name such as 127.0.0.1 localhost. It can be IP or domain name.

Ui_url_protocol: specify whether to use HTTP protocol or HTTPS protocol

Email settings: mailbox settings and option configuration, which only take effect when launched for the first time. You can modify them after logging in to UI.

Harbor_admin_password: set the administrator's initial password and use it only when logging in for the first time

Auth_mode: user authentication mode. The default is db_auth. You can also use ldap_auth authentication.

Db_password: to use db, you need to specify a password to connect to the database

Self_registration: whether to allow self-registered users, the default is on, the new version can be modified in the graphical interface.

Max_job_workers: maximum number of jobs. Default is 10.

Customize_crt: whether to generate a certificate for token. Default is on.

The path to ssl_cert:nginx cert and key files is meaningful only if the https protocol is used.

The path to ssl_cert:nginx cert and key files is meaningful only if the https protocol is used.

Secretkey_path:The path of secretkey storage

Admiral_url:Admiral's url, comment this attribute, or set its value to NA when Harbor is standalone

Clair_db_password: the calir service is not enabled, but the following relevant parameter configurations should be checked in the ". / prepare" file under the decompressed directory and cannot be commented, otherwise the environment preparation check will not pass, report the "ConfigParser.NoOptionError: No option upright clairborne dbpassword` in section: uplifting verification'" related error. Or annotate the relevant checks and definitions in ". / prepare", but it should be noted that there are too many associations in the file, so it is recommended to modify the "harbor.cfg" file.

Ldap_url:ladp related settings, such as ldap authentication is not used, but the following relevant parameter configurations should be checked in the ". / prepare" file under the decompression directory and cannot be commented, otherwise the environment preparation check cannot pass, report the relevant error of "ConfigParser.NoOptionError: No option upright ldapdance timeout' in section: upright organizationation`" Or annotate the relevant checks and definitions in ". / prepare", but it should be noted that there are too many associations in the file, so it is recommended to modify the "harbor.cfg" file.

Ldap_scope:

Self_registration: self-registration is enabled by default, and off is disabled.

Token_expiration:token valid time, default 30minutes

Project_creation_restriction: create project permission control, default is "everyone" (everyone), can be set to "adminonly" (administrator)

Verify_remote_cert: whether to use authentication ssl when communicating with remote registry

Others use default values

(4) after confirmation, use the. / install.sh command to start the installation.

4. Start and stop (commands must be run in the docker-compose.yml directory, such as the / data/app/Harbor directory)

Stop Harbor

Docker-compose stop

Start Harbor

Docker-compose start

5. Login test

Http://192.168.1.79

Initial password: admin/Harbor12345

Page after login

Create a new project after logging in with a normal user

Project name: sonarqube-xywg

Created

6. Upload image

Change the connection method of docker repository to http on the server where the image needs to be uploaded, otherwise the default https cannot be connected. Take the sonarqube image I modified on 192.168.1.155 as an example.

Vi / etc/docker/daemon.json

Join

{

"insecure-registries": ["192.168.1.79"]

}

Restart Docker takes effect

Systemctl restart docker

Remember to stop all containers before restarting Docker. If you forget to stop the container, use the docker restart command to start the container after restarting Docker. Do not docker rm, otherwise all container modifications will be deleted.

Try logging in again

Docker login 192.168.1.79

Start upload operation

Docker commit-m 'xywg' 4da3dcf3c046 sonarqube-xywg

Docker tag sonarqube-xywg 192.168.1.79/operation/sonarqube-xywg

Docker push 192.168.1.79/operation/sonarqube-xywg

Special example: upload the official Python dokcer image to the local repository

Docker tag docker.io/python:3.7.2 192.168.1.79/public/python:3.7.2

Docker push 192.168.1.79/public/python:3.7.2

Explanation:

Docker commit-m image information new image name [: tag tags such as version number]

# generate a new image from an existing container

Docker tag source image name [: version number and other tag tags] Docker warehouse Host/ project name / target image name [: version number and other tag tags]

# change the image tag to mark that the local image is an image that has been included in the Docker repository. You can mark it as an image of the Docker repository directly during docker commi.

Docker push image name [: tag tag such as version number] # upload the local image to the image repository. Note that docker login 192.168.1.79 is required to confirm whether you have logged in to the private warehouse before each push, and docker logout 192.168.1.79 is required to log out of the private warehouse after push. If you must log in to the admin account for push to the public project, the following error will occur if you use a non-admin account to push to the public project: denied: requested access to the resource is denied

When you do not specify a tag tag such as a version number, Docker will automatically fill in the tag of latest. This latest is not the latest meaning in use, but the default value (defalut).

Execution result:

Enter the project in Harbor to view

View uploaded sonarqube images

PS:Harbor has the concept of grading:

(1) at the top is the project (project name): in practice, the project is built according to each different project name, which is maintained by the person in charge of different projects.

(2) next is the image repository (image name) in the project: the image name in the image repository is named according to the project name or jar package war name, but the naming should not be changed at will.

(3) finally, there are images of different versions in the repository (tag version label): the version number must be marked and cannot be empty or lastest (the lastest below is a demonstration).

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.