Shulou(Shulou.com)06/03 Report--

Above left is my personal micro-letter, if you need further communication, please add good friends. On the right is my public account "Openstack Private Cloud." If you are interested, please pay attention.

In actual production, container images need to be placed locally. A container image repository needs to be established locally to store related images, and different image usage permissions can be set according to different accounts. In addition, this repository should also be well managed through the web management interface, such as setting permissions, deleting images, managing image space, etc.

Habor is a container mirror repository open sourced by VMWare. Official address: vmware.github.io/harbor/cn/

Harbor's main functions

1. Role Based Access Control (RBAC)

In an enterprise, there are usually different development teams responsible for different projects. Mirrors are like code. Each person has different roles and different requirements. Therefore, access control is required, and corresponding permissions are assigned according to roles.

For example, developers need to use read and write permissions (push/pull) for project construction, testers only need read permissions (pull), O & M generally manages mirror repositories, has permission assignment capabilities, and project managers have all permissions.

In Harbor, there are three roles:

Guest: Read-only access to specified items

Developer: developer, read and write project permissions

Admin: Project Management, All Rights

Anonymous: When a user is not logged in, the user is considered anonymous. Anonymous users cannot access private projects, only public projects

2. mirror replication

Mirrors in the repository can be synchronized to a remote Harbor, similar to MySQL master-slave synchronization.

3. LDAP

Harbor supports LDAP authentication, making it easy to access existing LDAP.

4. Mirror deletion and space reclamation

Harbor supports removing mirrors on the Web, recycling unwanted mirrors, and freeing disk space.

5. Graphic Page Management

Users are very interested in search mirroring and project management.

6. audit

All operations in the warehouse are documented.

7. REST API

Complete API for easy integration with external

Harbor component component function harbor-admin server configuration management center harbor-dbMysql database harbor-jobservice responsible for mirror copy harbor-log record operation log harbor-uiWeb management page and APInginx front-end agent responsible for front-end page and mirror upload/download forwarding redis session registry mirror storage

Harbor deployment:

Hardware, software and port requirements are as follows. The following pictures are from the network:

I use a 2-core CPU, 4G memory, 40G pve virtual machine, configured as follows:

There are 3 ways to install Harbor:

Online installation: Download Harbor related images from Docker Hub

Offline installation: The installation package contains the relevant images of the deployment

OVA installer: Use this installer when the user has a vCenter environment to launch Harbor after deploying OVA

Offline installation is used here. First download the offline installation package: github.com/vmware/harbor/releases

HTTP deployment

Basic configuration:

# tar xzvf harbor-offline-installer-v1.7.1.tgz # cd harbor# vi harbor.cfghostname = 192.168.1.44 # IP address or domain name access ui_url_protocol = httpharbor_admin_password = 123456 # Web login password preparation profile: # ./ prepare Install and start Harbor: ./ install.sh prompts you to install docker and docker-compose # yum install docker docker-client docker-common where docker-compose requires epel source: # yum install epel-release -y# yum install -y docker-compose Execute install.sh again

After installation:

View operating status:

[root@localhost harbor]# docker-compose ps Name Command State Ports -------------------------------------------------------------------------------------------harbor-adminserver /harbor/start.sh Up harbor-core /harbor/start.sh Up harbor-db /entrypoint.sh postgres Up 5432/tcp harbor-jobservice /harbor/start.sh Up harbor-log /bin/sh -c /usr/local/bin/ ... Up 127.0.0.1:1514->10514/tcp harbor-portal nginx -g daemon off; Up 80/tcp nginx nginx -g daemon off; Up 0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp, 0.0.0.0:80->80/tcp redis docker-entrypoint.sh redis ... Up 6379/tcp registry /entrypoint.sh /etc/regist ... Up 5000/tcp registryctl /harbor/start.sh Up

Login web interface:

admin account, password is set in harbor.cfg configuration file 123456

Next is simple use, you can see, Harbor is convenient for management, generally 3 types of users are enough, a simple test, create a new development user, and bind this development user to the library project, use this user to log in Harbor push and download images.

The specific process of creating a user will not be written in detail. Create a new user ywb, log in,

The system will prompt you to push the command that the mirror needs to run, and it is still very user-friendly.

On the client side:

docker login 192.168.1.44

Error https://www.example.com connection refuse will be reported, because docker defaults to https connection, we use http installation above, need to modify the/etc/docker/daemon.json file, add the following content: 192.168.1.44

{"insecure-registries":["192.168.1.44:80"]}

Alternatively, add an option to the OPTIONS option in the/etc/sysconfig/docker configuration file:

--insecure-registry=192.168.1.44

Then restart docker:

systemctl restart docker

Test process:

1. Download a tomcat image:

docker pull tomcat

2. Mark this image:

docker tag docker.io/tomcat 192.168.1.44/library/tomcat

3. Log in to harbor registry:

docker login 192.168.1.44

Enter the password for the account created above.

4. Upload this image:

docker push 192.168.1.44/library/tomcat

Finally, log in to the web interface using your personal account and you can see that the image has been successfully uploaded:

Summary:

Harbor is easy to install and use. The deployment mode itself is also realized through docker and container docker-compose, which mainly solves the problem of container image management in the local area network.

Here, https is not used for deployment, http is used, and it is necessary to note that the client docker needs to configure support for "non-secure" http, and add support for the--inscure-registry parameter.

Harbor product itself solves the problem of centralized management of container mirrors in the local local area network. If it is a production environment, you can consider adding synchronous replication function to ensure data security. I will not expand it here. I have not used it either. I will talk about it when it is used.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.