Shulou(Shulou.com)06/02 Report--

Introduction to 1.Harbor

Harbor is an open source container image repository by VMWare. In fact, Harbor has been extended to the enterprise level on Docker Registry, thus getting a wider range of applications. These new enterprise-level features include: management user interface, role-based access control, AD/LDAP integration and audit logs, which are sufficient to meet the basic enterprise needs.

two。 Install docker-ce

1) install dependency packages

[root@harbor opt] # yum install-y yum-utils device-mapper-persistent-data lvm2

2) download docker-ce repository

[root@harbor opt] # yum-config-manager-- add-repo https://download.docker.com/linux/centos/docker-ce.repo

If the official is slow, you can use Aliyun's docker-ce.repo.

Https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

3) update the warehouse

Yum repolist or yum makecache fast

4) install docker-ce

[root@harbor opt] # yum install docker-ce-y

5) configure acceleration and start

[root@harbor opt] # curl-sSL https://get.daocloud.io/daotools/set_mirror.sh | sh-s http://f1361db2.m.daocloud.io

[root@harbor opt] # systemctl start docker

6) confirm the installation is complete

[root@harbor opt] # docker version

3. Install docker-compose

The first way: yum installation

[root@harbor opt] # yum install docker-compose-y

The second way: download the executable file:

[root@harbor opt] # curl-L "https://github.com/docker/compose/releases/download/1.23.1/docker-compose-$(uname-s)-$(uname-m)"-o / usr/local/bin/docker-compose

[root@harbor opt] # chmod + x / usr/local/bin/docker-compose

Confirm that the installation is complete:

4. Install harbor

[root@harbor opt] # cd / opt

[root@harbor opt] # wget https://storage.googleapis.com/harbor-releases/harbor-offline-installer-v1.6.1.tgz

[root@harbor opt] # tar-xf harbor-offline-installer-v1.6.1.tgz

[root@harbor opt] # cd harbor/

[root@harbor opt] # vim harbor.cfg

Hostname = the service address of reg.slito.com\ harbor (ip or domain name)

Ui_url_protocol = http\ Select http mode

Harbor_admin_password = 123456\ password for harbor web access

[root@harbor harbor] #. / prepare\ load configuration

[root@harbor harbor] #. / install.sh\ install harbor

After the installation is complete, prompt to access harbor through "http://reg.slito.com", user name is admin, password is 123456 set before."

5. Upload images to harbor repository

Configure harbor repository http trustworthy locally

Add "" insecure-registries ": [" reg.slito.com "]" to / etc/docker/daemon.json to restart docker

Otherwise, an error will be reported, and the default is to take https.

Log in to the harbor repository on node1 and upload / download images

[root@node1 ~] # docker login reg.slito.com

Username: admin

Password:

WARNING! Your password will be stored unencrypted in / root/.docker/config.json.

Configure a credential helper to remove this warning. See

Https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

[root@node1 ~] # docker tag busybox reg.slito.com/library/busybox:v1

[root@node1 ~] # docker push reg.slito.com/library/busybox:v1

The push refers to repository [reg.slito.com/library/busybox]

8a788232037e: Pushed

V1: digest: sha256:915f390a8912e16d4beb8689720a17348f3f6d1a7b659697df850ab625ea29d5 size: 527

[root@node1 ~] #

View in harbor

6. Download the image in harbor

Delete the original image first

[root@node1 ~] # docker rmi reg.slito.com/library/busybox:v1

Re-learn from harbor pull

[root@node1 ~] # docker pull reg.slito.com/library/busybox:v1

confirm

[root@node1 ~] # docker images | grep busybox

Reg.slito.com/library/busybox v1 59788edf1f3e 8 weeks ago 1.15MB

7. Configure https access

1) install openssl

# yum install openssl-y

2) create the database file index.txt and sequence file serial of the certificate

[root@harbor opt] # touch / etc/pki/CA/index.txt

[root@harbor opt] # echo "01" > / etc/pki/CA/serial

3) create a private key and generate a self-signed certificate (for issuing to individual users)

# (umask 077th OpenSSL genrsa-out / etc/pki/CA/private/cakey.pem)

# openssl req-new-x509-key / etc/pki/CA/private/cakey.pem-out / etc/pki/CA/cacert.pem

4) the client generates a certificate request (.csr)

# cd / opt/harbor

# mkdir ssl

# cd ssl

# (umask 077th OpenSSL genrsa-out reg.slito.com.key)\ generate a private key

# openssl req-new-key reg.slito.com.key-out reg.slito.com.csr\ generate a certificate request

It is consistent with the result written above when cacert.pem is generated.

5) issue the certificate (this machine is the CA and the client that applies for the certificate)

# cd / opt/harbor/ssl

# openssl ca-in reg.slito.com.csr-out reg.slito.com.crt-days 365

6) modify the configuration file and restart harbor

# cd / opt/harbor

# docker-compose down-v

# vim harbor.cfg

Ui_url_protocol = https

Ssl_cert =. / ssl/reg.slito.com.crt

Ssl_cert_key =. / ssl/cert/reg.slito.com.key

Secretkey_path =. / ssl/

#. / prepare

#. / install.sh

Visit "https://reg.slito.com""

7) other hosts access harbor,pull/push image settings

Copy the reg.slito.com.crt to the host that needs to access the harbor repository (/ etc/docker/certs.d/reg.slito.com/), and the target host can access it directly without configuring trust.

# cp / opt/harbor/ssl/reg.slito.com.crt / etc/docker/certs.d/reg.slito.com/

Other: about https access, you can read another blog, https://blog.51cto.com/slitobo/1931603

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.