Shulou(Shulou.com)06/03 Report--

Harbor introduction

Harbor is an enterprise-class Registry server image repository for storing and distributing Docker images, extending open source Docker Distribution by adding some essential features such as security, identity, and management. As an enterprise-class private Registry server, Harbor provides better performance and security. Improve the efficiency of users using Registry to build and run the environment to transfer images. Harbor supports replication of image resources installed on multiple Registry nodes, and the images are all stored in a private Registry to ensure that data and intellectual property rights are controlled in the company's internal network. In addition, Harbor also provides advanced security features, such as user management, access control and activity auditing.

Advantages of Harbor role-based control image-based replication strategy supports LDAP/AD image deletion and garbage collection graphics UI audit RESTful APIProxy uniformly accepts requests from browsers and Docker clients through a front-end reverse proxy, and forwards the requests to different back-end services Registry is responsible for storing Docker images and handling the core functions of the docker push/pull command Core servicesHarbor Including UI,webhook,token service Database provides database service for core service Log collector is responsible for collecting log of other components for later analysis of Docker private warehouse architecture topology

Users request to access Core services,UI through Proxy reverse proxy to provide web interface and token token. The server will give you a series of serial numbers after you log in for the first time, and the next time you log in directly, the image information and attributes you need to download will be stored in the following database, and then go to the registry private warehouse to retrieve the image through webhook callback. This series of operations are stored in the log.

-- build a private harbor warehouse--

Harbor is deployed as multiple docker containers, so it can be deployed on any linux distribution that supports docker. We also need docker-compose orchestration tools. The orchestration tool performs operations on multiple docker containers [root@localhost ~] # mount.cifs / / 192.168.100.25/compose / abc/Password for root@//192.168.100.25/compose: [root@localhost ~] # cd / abc/ [root@localhost abc] # lsconsul_0.9.2_linux_amd64.zip consul-template_0.19.3_linux_amd64.zip docker-compose [root@localhost abc] # cp docker-compose / usr/local / bin/ [root@localhost abc] # tar zxvf harbor-offline-installer-v1.2.2.tgz-C / usr/local/ [root@localhost abc] # cd / usr/local/ [root@localhost local] # lsbin etc games harbor include lib lib64 libexec sbin share src [root@localhost local] # cd harbor/ [root@localhost harbor] # lscommon docker-compose.yml harbor.v1.2.2.tar.gz NOTICEdocker-compose.clair.yml harbor_1 _ 1_0_template install.sh preparedocker-compose.notary.yml harbor.cfg LICENSE upgradehostname = 192.168.136.18" Open the private warehouse [root@localhost harbor] # sh / usr/local/harbor/install.sh [root@localhost harbor] # docker-compose ps# if everything is all right You can open the browser to access the management page of http://192.168.136.185. The default user name and password is: admin,Harbor12345. Let's create a project first, and one of our images can be placed in it.

# We upload images locally [root@localhost harbor] # docker login-u admin-p Harbor12345 http://127.0.0.1[root@localhost harbor] # docker pull cirros [root@localhost harbor] # docker tag cirros 127.0.0.1/chen/cirros:v1 [root@localhost harbor] # docker imagesREPOSITORY TAG IMAGE ID CREATED SIZE127.0.0.1/chen/ Cirros v1 bc94bceaae77 12 months ago 10.3MBcirros latest bc94bceaae77 12 months ago 10.3MB [root@localhost harbor] # docker push 127.0.0.1/chen/cirros:v1The push refers to repository [127.0.0.1/chen/cirros] abbd6d6ac643: Pushed 75b99987219d: Pushed 0cc237193a30: Pushed v1: digest: sha256:96137d51e0e46006243fa2403723eb47f67818802d1175b5cde7eaa7f19446bd size: 943 We pass the web boundary Check face to face to see if the image has been uploaded successfully

# remote client uploads image to private repository # remote login will report an error [root@localhost ~] # docker login-u admin-p Harbor12345 http://192.168.136.185WARNING! Using-- password via the CLI is insecure. Use-- password-stdin.Error response from daemon: Get https://192.168.136.185/v2/: dial tcp 192.168.136.185Visual443: connect: connection refused# We want to specify the private warehouse [root@localhost] # vim / usr/lib/systemd/system/docker.service 14 ExecStart=/usr/bin/dockerd-H fd://-- insecure-registry 192.168.136.185-- containerd=/run/contai nerd/containerd.sock [root@localhost ~] # systemctl daemon-reload [root@localhost ~] # systemctl restart docker [root@localhost ~] # docker login-u admin-p Harbor12345 http://192.168.136.185# remotely download the image of the private repository [root@localhost ~] # docker pull 192.168.136.185/chen/cirros:v1# remote upload mirror to the private repository [root@localhost ~] # docker push 192.168.136.185/chen/cirros:v2The push refers to repository [192.168. 136.185/chen/cirros] abbd6d6ac643: Layer already exists 75b99987219d: Layer already exists 0cc237193a30: Layer already exists v2: digest: sha256:96137d51e0e46006243fa2403723eb47f67818802d1175b5cde7eaa7f web page verification

# close harbor private warehouse [root@localhost harbor] # docker-compose down-v [root@localhost harbor] #. / prepare # Open private warehouse [root@localhost harbor] # docker-compose up-d to create users

# We use the user we just created to log in to the private warehouse [root@localhost harbor] # docker login http://192.168.136.185Username: chenPassword: we add a user to the project

If you want to remove the service container while retaining the mirror database / database docker-compose down-v, if you need to redeploy, you need to remove all the data of the harbor service container under the / var/log/Harbor/ directory rm-rf / data/database/ / data/registry/

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.