Shulou(Shulou.com)05/31 Report--

This article mainly introduces the enterprise Docker Registry open source tool Harbor how to use, the article is very detailed, has a certain reference value, interested friends must read it!

You will learn how to use Harbor to accomplish the following tasks:

Manage your project

Manage members of a project

Synchronize the registry in a project to the remote registry

Retrieve items and mirror sources

If you are a system administrator, you can learn how to manage your Harbor system:

Manage user

Manage target images

Manage synchronization policies (mirror synchronization between multiple registry)

Use the docker client program to upload and download image files (docker pull/push images)

Delete repository and image files

# # role-based access control RBAC (Role Based Access Control) is supported in Harbor, and currently supports four roles with different permissions:

Tourist: the tourist role has read-only access to only one specified project.

Developers: developers have read and write access to a project

Project administrator: when you create a new project, the user is automatically assigned the role of project administrator to manage the entire project. In addition to read-write privileges, project administrators also have other administrative privileges, such as adding and removing project members.

System administrator: the system administrator has the maximum authority, that is, the default admin user of the system. In addition to the permissions mentioned above, the system administrator also has all project permissions and can promote an ordinary user to an administrator and delete the user at the same time. The system default public project library also belongs to the system administrator.

Anonymous user: when a user is not logged in, the user is considered anonymous. No anonymous user can access private projects and has read-only access to all public projects.

# # user account as a user, you can register an account through the self-registration program. The user name and email address must be unique in the Harbor. The password must contain at least 7 characters, one uppercase, one lowercase, and one numeric character.

If the administrator has configured LDAP/AD as the user authentication source, the registration step can be ignored. The user id of LDAP/AD can be used to log in to Harbor directly.

If you forget your password, you can reset it by following these steps:

Click on the login page to forget your password

Enter the email address you filled in at the time of registration, and the mailbox will receive an email to change the password.

After receiving the email, click the link in the email to jump to the password reset page

Enter the new password and click submit.

# # Management Project A project in Harbor contains all the repositories of an application. RBAC (role-based access Control) is applied in a project. There are two types of projects in Harbor: public and private:

Public: all users have read access to public projects, which is very convenient when you want to share some repositories with others.

Private: private projects can only be accessed by people with specific user privileges. This approach is also convenient for internal teams to share.

You can create a project after you log in to Harbor. Clicking the "Public" check box will make the project public.

After the project is created, users can browse the repository, users, and logs using navigation tabs.

All operation logs will be listed by clicking on the log, and you can search the relevant operation log by user name, action and date in the advanced search:

# # manage project members # add members you can use different roles to add members to existing projects.

# Update and remove project members you can update and remove members by clicking the Edit and Delete buttons.

# # Image replication if you are a system administrator, you can synchronize the image files in the repository to the remote registry (that is, your target Harbor). Currently, only Harbor instances can be used as a target repository. Therefore, in order to use the mirror replication feature, the Harbor must be redeployed remotely

Note: this image replication feature is not compatible before and after Harbor 0.3.5.

Click copy on the project home page, and click add Policy to add an image replication policy. The target URL is the mirror center of the remote end

After the test connection is successful, you can click OK to copy the image:

You can see that the replication task is in progress and display information about the current replication. The bottom shows the entire replication progress of the project, as well as the replicated information for each warehouse.

Click the log on the right to view the details of image synchronization in each warehouse.

After the copy is complete, you can see the projects and mirror files that have been synchronized in the remote Harbor.

# # retrieve Project and Image Warehouse enter a keyword in the top search box and query will list all matching project and image repository information. The search results include all private and public images that you have access to.

# # Admin options # Admin users administrators can add administrator roles to ordinary users to enhance privileges, or delete a user.

# Administrative target (remote Harbor) users can list, add and delete replication policies, and modify the target Harbor under the destination button under the administrator option. Only those destination Harbor that are not referenced by any policy can be modified and edited.

# manage replication users can list, edit and enable or disable policies under the replication button under administrator options. You need to make sure that the policy is disabled before editing the policy.

# # use Docker client commands to perform pull and push images (download and upload images)

Note: Harbor only supports API for Registry V2, so your docker client version must be above 1.6.0.

Harbor supports HTTP by default, but the Docker client uses HTTPS to connect to the image repository by default, so the following error occurs when you pull or push images:

FATA [0002] Error: Invalid registry endpoint https://localhost.com:5000/v1/: Get https://localhost.com:5000/v1/_ping: EOF. If this private registry supports only HTTP or HTTPS with an unknown CA certificate, please add `--insecure-registry localhost.com: 5000` to the daemon's arguments. In the case of HTTPS, if you have access to the registry's CA certificate, no need for the flag; simply place the CA certificate at / etc/docker/certs.d/localhost.com:5000/ca.crt

You only need to add the following parameters to the startup configuration of Docker daemon to use it. -- insecure-registry ip:port (address of regirsty) the default configuration file in the Ubuntu series is / etc/default/docker. In the Centos series, the default configuration file is / etc/sysconfig/docker configuration example:

In the case of HTTPS, you need a CA certificate that can access registry. There is no need to configure additional parameters. The general certificate address will be placed in the following location. / etc/docker/certs.d/myregistrydomain.com:5000/ca.crt

# download image file (docker pull images) if the image file in the project is private, log in first and then download:

$docker login 172.25.47.67$ docker pull 172.25.47.67/pandora/pandora-redis:latest

Note: when operating, users only need to replace the above ip address with the hostname (domain name or ip) configured in harbor.cfg.

# before uploading an image (docker push images), you must create a corresponding project on the web interface of Harbor, because the image is uploaded and stored in the corresponding project.

First of all, log in using docker client: the username password is the user / password set above Harbor, and the corresponding permissions and projects are one-to-one, and your users can only upload images of your own projects.

$docker login 172.25.47.67

Tag the image:

$docker tag ubuntu:14.04 172.25.47.67/pandora/ubuntu:14.04

Upload image:

$docker push 172.25.47.67/pandora/ubuntu:14.04

Note: when operating, users only need to replace the above ip address with the hostname (domain name or ip) configured in harbor.cfg.

# # deleting Image Warehouse

To delete an image repository, you need to perform two steps:

First, delete an image repository on Harbor's web interface. This is a soft deletion. Harbor will no longer manage this repository, but all images in the repository will still be stored in registry (in Harbor storage).

Note: if both tagA and tagB point to the same image, the tagB will also be deleted after the tagA is deleted.

Next, use registry's garbage collection mechanism (garbage collection (GC)) to delete files. Before operating GC, you need to make sure that no one is uploading the image or that Harbor is not running. If someone is mirroring GC while push is running, there is a risk of erroneous deletion of the mirror layer (images layers). Therefore, it is recommended to stop Harbor before running GC.

Run the following command on the host where Harbor is deployed to preview the affected files or images.

$docker-compose stop$ docker run-it-name gc-rm-volumes-from deploy_registry_1 registry:2.5.0 garbage-collect-dry-run / etc/registry/config.yml

Note: the above parameter "--dry-run" will print the progress of the deletion and after verifying the deletion test, you can use the following command to recycle GC and restart Harbor.

$docker run-it-- name gc-- rm-- volumes-from deploy_registry_1 registry:2.5.0 garbage-collect / etc/registry/config.yml$ docker-compose start are all the contents of this article entitled "how to use Harbor, an enterprise-level open source tool for Docker Registry". Thank you for reading! Hope to share the content to help you, more related knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.