Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

Detailed explanation of building Docker private image warehouse based on Harbor

2025-01-30 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >

Share

Shulou(Shulou.com)06/02 Report--

What is Harbor?

The first time I used this was when I first came into the company to deal with the first task, and found that Harbor is an enterprise-class Registry server for storing and distributing Docker images.

Find an architecture diagram of Harbor online:

Harbor is an open source enterprise DockerRegistry project of VMware Corporation. The address of the project is https://github.com/vmware/harbor. Its goal is to help users quickly build an enterprise-level Docker registry service. Based on Docker's open source registry, it provides functions such as managing UI, role-based access control (Role Based Access Control), AD/LDAP integration, and audit log (Auditlogging), as well as native support for Chinese. Each component of Harbor is built in the form of a Docker container, which is deployed using Docker Compose.

Environmental preparation

1. The server you bought in Tencent Cloud (CentOS7.3)

2. Docker version: 17.05.0-ce

3 、 Docker-compose:1.17.1

4 、 Harbor:1.1.2

Install Docker

Because the system is CentOS 7.3 and the kernel is already 3.10, you don't have to worry about kernel upgrades, and some operations are also convenient on 7.x.

Yum update / / system version update vim / etc/yum.repos.d/docker.repo / / add the following [dockerrepo] name=Docker Repositorybaseurl= https://yum.dockerproject.org/repo/main/centos/7/enabled=1gpgcheck=1gpgkey=https://yum.dockerproject.org/gpg// install the Docker engine yum install docker-engine-y https://yum.dockerproject.org/repo/main/centos/7/enabled=1gpgcheck=1gpgkey=https://yum.dockerproject.org/gpg// / install the docker engine, this step can also be used to update the docker version: first # systemctl stop docker stop the docker service Then # yum install docker-engine update docker version systemctl enable docker.servicesystemctl start docker / / start the docker daemon docker info / / View docker operation docker- v / / View version information

Modify the Docker configuration file / etc/default/docker as follows:

The copy code is as follows:

DOCKER_OPTS= "- registry-mirror= http://aad0405c.m.daocloud.io" / / replace it with the domestic image acceleration source, otherwise pulling the image is too fast and you don't want to complain any more.

Restart the Docker service using service docker restart.

Or in an official way:

The copy code is as follows: curl-sSL https://get.daocloud.io/daotools/set_mirror.sh | sh-s http://ef017c13.m.daocloud.io[/code]

Install Docker-compose

If you want to directly command the installation, you can do so.

Download the specified version of docker-compose

[code]

Sudo curl-L https://github.com/docker/compose/releases/download/1.17.0/docker-compose-`uname-s`-`uname-m`-o / usr/local/bin/docker-compose

Assign executable permissions to binary files

Chmod + x / usr/local/bin/docker-compose

Test whether docker-compose is installed successfully

Docker-compose-version

Appears as follows

Docker-compose version 1.17.1, build 6d101fb

However, this method is very fast, but fortunately there is another way.

See here: https://docs.docker.com/compose/install/#install-compose

This needs to be installed through Python's pip

Install pip

Wget-- no-check-certificate https://pypi.python.org/packages/source/s/setuptools/setuptools-1.4.2.tar.gztar-vxf setuptools-1.4.2.tar.gzcd setuptools-1.4.2python2.7 setup.py install / / because the server comes with Python 2.7easy_install-2.7 pip

Install docker compose

Pip install docker-composedocker-compose-- version / / Test whether the installation is successful

Install Harbor

Wget https://github.com/vmware/harbor/releases/download/v1.1.2/harbor-offline-installer-v1.1.2.tgz# offline installation package, is also tortoise speed, download this download link with Thunderbolt, but the speed is fast, hey, and then upload to the server, the whole process is much faster! Tar-zxvf harbor-offline-installer-v1.1.2.tgz

After unzipping, you will see the harbor.cfg file in the directory, which is the configuration file for Harbor.

# # Configuration file of Harbor# hostname sets the access address, you can use ip and domain name, but not 127.0.0.1 or localhosthostname = 115.159.227.249 # here I first configure my server IP address # access protocol, default is http, or you can set https. If you set https, nginx ssl needs to set onui_url_protocol = http# mysql database root user default password root123 Modify db_password = root123#Maximum number of job workers in job servicemax_job_workers = 3#Determine whether or not to generate certificate for the registry's token.#If the value is on, the prepare script creates new root cert and private key#for generating token to access the registry. If the value is off the default key/cert will be used.#This flag also controls the creation of the notary signer's cert.customize_crt = on#The path of cert and key files for nginx, they are applied only the protocol is set to httpsssl_cert = / data/cert/server.crtssl_cert_key = / data/cert/server.key#The path of secretkey storagesecretkey_path = / data#Admiral's url, comment this attribute Or set its value to NA when Harbor is standaloneadmiral_url = NA#NOTES: The properties between BEGIN INITIAL PROPERTIES and END INITIAL PROPERTIES#only take effect in the first boot The subsequent changes of these properties#should be performed on web ui#****BEGIN INITIAL PROPERTIES****#Email account settings for sending out password resetting emails.#Email server uses the given username and password to authenticate on TLS connections to host and act as identity.#Identity left blank to act as username.email_identity = email_server = smtp.mydomain.comemail_server _ port = 25email_username = sample_admin@mydomain.comemail_password = abcemail_from = admin email_ssl = false##The initial password of Harbor admin After only works for the first time when Harbor starts.#It has no effect after the first launch of Harbor.# starts Harbor The password for administrator UI login. The default is Harbor12345harbor_admin_password = Harbor12345# authentication, which supports multiple authentication methods, such as LADP, this storage, and database authentication. Default is db_auth Mysql database authentication auth_mode = db_auth#The url for an ldap endpoint.ldap_url = ldaps://ldap.mydomain.com#A user's DN who has the permission to search the LDAP/AD server.#If your LDAP/AD server does not support anonymous search, you should configure this DN and ldap_search_pwd.#ldap_searchdn = uid=searchuser,ou=people,dc=mydomain,dc=com#the password of the ldap_searchdn#ldap_search_pwd = password#The base DN from which to look up a user in LDAP/ADldap_basedn = ou=people,dc=mydomain Dc=com#Search filter for LDAP/AD, make sure the syntax of the filter is correct.#ldap_filter = (objectClass=person) # The attribute used in a search to match a user, it could be uid, cn, email, sAMAccountName or other attributes depending on your LDAP/AD ldap_uid = uid#the scope to search for users, 1-LDAP_SCOPE_BASE, 2-LDAP_SCOPE_ONELEVEL, 3-LDAP_SCOPE_SUBTREEldap_scope = 3#Timeout (in seconds) when connecting to an LDAP Server. The default value (and most reasonable) is 5 seconds.ldap_timeout = whether to enable self-registration self_registration = on# Token valid time, default is 30 minutes token_expiration = 3 users create project permission control, default is everyone (owner) It can also be set to adminonly (administrator only) project_creation_restriction = everyone#Determine whether the job service should verify the ssl cert when it connects to a remote registry.#Set this flag to off when the remote registry uses a self-signed or untrusted certificate.verify_remote_cert = on#****END INITIAL PROPERTIES****

Start harbor, and after modifying the configuration file, execute the. / install.sh,Harbor service in the current directory and start downloading the dependent images according to the docker-compose.yml in the current directory, detect and start each service in order.

After the startup is completed, we can access the hostname we just set, http://115.159.227.249/, which defaults to port 80. If the port is occupied, we can modify the port mapping of the corresponding service in the docker-compose.yml file.

Log in to Web Harbor, enter the user name admin, and log in to the system with the default password (or password changed).

We can see that the system modules are as follows:

Projects: add / delete projects, view image repositories, add members to projects, view operation logs, copy projects, etc.

Log: create, push, pull and other operation logs of each image in the warehouse

System management

User management: add / delete users, setup administrators, etc. Replication management: add / delete slave database targets, new / delete / start / stop replication rules and other configuration management: authentication mode, replication, mailbox settings, system settings, etc.

Other settin

User settings: modify user name, mailbox, name information, change password: change user password

Note: non-system administrator users log in and can only see items and logs with permissions, and other modules are not visible.

We need to try whether we can transfer the image push in our Docker to the library in Harbor (by default, this library project is public, everyone can read it, and we can pull the image in it without docker login).

Note:

In order to keep the pit, I first add a warehouse to my docker.service: (this is a pit, I suggest you do what I say first, otherwise you may not be able to log in all the time.)

The line in vim / usr/lib/systemd/system/docker.service# is changed to: (actually add-- insecure-registry 115.159.227.249) ExecStart=/usr/bin/dockerd-- insecure-registry 115.159.227.249

Restart docker after adding:

Systemctl daemon-reload & & systemctl enable docker & & systemctl start docker

Start the docker service:

Service docker start

Login: (in order to test whether the login is successful)

Admin login $docker login 115.159.227.249Username: adminPassword:Login Succeeded

Hit tag and push.

Docker tag ubuntu:15.10 115.159.227.249/library/ubuntu:15.10 / / give my image a tagdocker push 115.159.227.249/library/ubuntuThe push refers to a repository [115.159.227.249/library/ubuntu] 98d59071f692: Pushedaf288f00b8a7: Pushed4b955941a4d0: Pushedf121afdbbd5d: Pushed15.10: digest: sha256:ec89c4a90f45f5e103860191890f48d8379e0504a2881ff706aef0768dc0321b size: 1150

After uploading, log in to Web Harbor, select the project library, and you can see the image of my just push.

By the same token, you can also test mirroring from Harbor pull to your Docker, so I won't continue the demonstration here.

The above is the whole content of this article, I hope it will be helpful to your study, and I also hope that you will support it.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Servers

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report