Shulou(Shulou.com)06/01 Report--

Docker Registry--harbor installation and simple use of szyd, I believe that many inexperienced people do not know what to do, so this article summarizes the causes of the problem and solutions, through this article I hope you can solve this problem.

1. What is harbor?

To put it simply, Harbor is an enterprise-level Docker Registry that can implement images's private storage and log statistical permission control, and supports the creation of multiple projects (the concept put forward by Harbor), based on the official Registry V2 implementation.

2.1.Install Docker

Execute the following command to install Docker

Curl-fsSL https://get.docker.io | bash2.2, install docker-compose

The default official documentation installation command is as follows:

Curl-L https://github.com/docker/compose/releases/download/1.6.2/docker-compose-`uname-s`-`uname-m` > / usr/local/bin/docker-compose has been tested by myself, its files are hosted on Amazon, and the great firewall successfully prevents downloads.

Capable children's shoes can use ladders, I have downloaded a click to download; after download directly cp to / usr/local/bin and give executable permission.

3. Build Harbor3.1, clone source code git clone https://github.com/vmware/harbor3.2, modify configuration cd harbor/Deploy/vim harbor.cfg

The sample configuration is as follows:

# # Configuration file of Harbor#The IP address or hostname to access admin UI and registry service.#DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.# specifies hostname, usually IP, or domain name, which is used to log in to Web UI interface hostname = 10.211.55.17#The protocol for accessing the UI and token/notification service, by default it is http.#It can be set to https if ssl is enabled on nginx.# URL access method SSL needs to configure nginxui_url_protocol = http#Email account settings for sending out password resetting emails.# email-related information configuration, such as forgetting the password to send email email_server = smtp.xxxxxx.comemail_server_port = reg@mritd.meemail_password = xxxxxxemail_from = docker email_ssl = true##The password of Harbor admin, change this before any production use.# default Harbor administrator password The administrator user name defaults to adminharbor_admin_password = Harbor12345##By default the auth mode is db_auth, i.e. The credentials are stored in a local database.#Set it to ldap_auth if you want to verify a user's credentials against an LDAP server.# specifies the permission verification method of Harbor. Harbor supports local mysql data storage password, and also supports LDAPauth_mode = db_auth#The url for an ldap endpoint.# if LDAP is used. Fill in the LDAP address here ldap_url = ldaps://ldap.mydomain.com#The basedn template to look up a user in LDAP and verify the user's password.# LADP way to verify the password (I've never used such an advanced thing) ldap_basedn = uid=%s,ou=people,dc=mydomain,dc=com#The password for the root user of mysql db Change this before any production use.# mysql database root account password db_password = root123#Turn on or off the self-registration feature# allow open registration self_registration = on#Turn on or off the customize your certicate# allow self-signed certificate customize_crt = on#fill in your certicate message# self-signed certificate information crt_country = CNcrt_state = CNcrt_organization = mritdcrt_organizationalunit = mritdcrt_commonname = mritd.mecrt_email = reg.mritd.me#3.3, Generate related configuration cd harbor/Deploy/./prepare

Compile image and start cd harbor/Deploy/docker-compose up-d

3.5.After booting, the relevant containers will have 5 Contianer when they are started successfully:

Proxy: reverse proxy made up of Nginx servers

Registry: a container instance composed of Docker's official open source registry image

UI: the core services in the architecture, and the code that makes up this container is the main body of the Harbor project

Mysql: a database container made up of official MySql images

Log: a container that runs rsyslogd and collects logs from other containers in the form of log-driver

These Contianer are connected together in the form of Docker link, and access each other through container names between containers. For end users, only the service port of proxy (that is, Nginx) needs to be exposed

4. Visit Web UI and test 4.1. the default access address of the home page is the hostname address in harbor.cfg. You can access it directly, as follows

If the self_registration property in harbor.cfg is set to off, ordinary users will not be able to register themselves, users can only be created by the administrator, and the registration button in the upper right corner of the home page will disappear. Login to Harbor default administrator user is admin, password is set in harbor.cfg, default is Harbor12345, you can log in directly

Creating a private project Harbor has a concept of a project. The project name can be understood as the user name of Docker Hub, under which many images,Harbor projects must be logged in before push. The difference between public projects and private projects is whether they are visible to other users.

4.4.4.The push image 4.4.1, set the address of http repository

Since the default http mode is used to connect, and Docker thinks it is insecure, before push, you need to adjust the docker configuration, modify the / lib/systemd/system/docker.service file, add-- insecure-registry 172.16.80.182, restart docker daemon and service

(commands: systemctl daemon-reload and systemctl restart docker.service).

ExecStart=/usr/bin/docker daemon-H fd://-- insecure-registry 172.16.81.99

The IP address should point to the hostname in harbor.cfg, then execute docker-compose stop to stop all Contianer, then execute service docker restart to restart the Dokcer service, and finally execute docker-compose start.

Note: after the Docker service is restarted, there is a certain chance that the following error will occur when executing docker-compose start (or the directory already exists, etc.). At this time, you can docker-compose stop and then start. It is really impossible to restart the Dokcer service again. Do not delete files cheaply (don't ask me how I know about it).

4.4.2. Harbor projects and permissions (roles) projects owned by users can be directly push after login. Projects created by other users depend on whether the corresponding users and permissions are added to the project, that is, whether users can push a project, depending on the permissions (roles) settings. As shown below, members and their permissions can be set in the project.

For permissions (roles), Project Admin and Developer can have push permissions, while Guest can only view and pull4.4.3, push images

First, log in with a user with push permission to the target project. The target of the following push is the mritd project, and the test1 user is defined as Developer in the project, so you can log in and push.

Then tag an image, the name must be standard (registryAddress [: Port] / project / imageName [: tag]), and finally push it.

(if you have a local image, you won't look it up in the Registry library! (the search order is to find the local first, and then the Registry library. The default library is docker hub)

Setting the preferred Registry library can be specified through the-- insecure-registry parameter.

The format of image is $registry_url/name:tag $registry_url is the link address of the Registry library, and pull push is determined by this address.

The following port number can be solved by adding a proxy!

)

Finally, you can check the image of just push in Web UI.

After reading the above, have you mastered the method of installing Docker Registry--harbor and using szyd simply? If you want to learn more skills or want to know more about it, you are welcome to follow the industry information channel, thank you for reading!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.