Deployment and management of Docker Harbor private warehouse

1, Introduction to Harbor

1. What is Harbor?

Harbor is an open source enterprise Docker Registry project of VMware. Its goal is to help users quickly build an enterprise Docker Registry service.

Based on Docker's open source Registry, Harbor provides graphical management UI, role-based access control and AD/LDAP
Integrate functions required by enterprise users such as, and audit logging, and restore students to support Chinese.

Each component of Harbor is built in the form of Docker container, and Docker compose is used to deploy it. The docker-compose template for deploying Harbor is located in Harbor / docker-compose yml

2. What are the features of harbor

Role based controlUsers and warehouses are organized based on projects, and users can have different permissions in projects. (such as setting the user to be readable or writable)
Mirror based replication policyMirroring can be replicated (synchronized) between multiple Harbor instances.
Support LDAP/ADHarbor can integrate the existing AD/LDAP (a table similar to the database) in the enterprise for authentication and management of existing users.
Image deletion and garbage collectionThe image can be deleted or the space occupied by the image can be reclaimed.
Graphical user interfaceUsers can browse, search the image warehouse and manage the project through the browser.
Audit managementAll operations on the mirror warehouse can be recorded and traced for audit management.
Support RESTful APIRESTful API provides administrators with more control over Harbor, making it easier to integrate with other management software.
Relationship between Harbor and docker registryHarbor essentially encapsulates the docker registry and extends its own business template.

3 Harbor components

In terms of architecture, Harbor mainly includes six components: Proxy, Registry, Core services, database (Harbor dB), log collector (Harbor log) and Job services.

Each component of Harbor is built in the form of Docker container. Therefore, Docker Compose is used to deploy it.
It is divided into 7 containers to run through docker - compose Execute the docker compose PS command in the directory where YML is located to view. The names are nginx, harbor jobservice, harbor UI, harbor dB, harbor adminserver, registry and harbor log.
Among them, harbor admin server is mainly used as a back-end configuration data management, and does not have many other functions. All data to be operated by harbor UI is completed through a data configuration management center such as harbor adminserver.

2, Harbor deployment

Environmental preparation

Server typeSystem and IP addressComponents to be installed
Harbor serverCentOS7.4(64 bit) 192.168 eighty point two zero zerodocker-ce,docker-compose,harbor-offline-v1.2.2
client serverCentOS7.4(64 bit) 192.168 eighty point one zerodocker-ce

Turn off firewall and SElinux for all servers

1. Deploy docker compose service

1. Download or upload docker compose and Harbor. Download them directly here

2. Give permission to view the version after moving

chmod +x docker-compose
mv docker-compose /usr/local/bin/
docker-compose -v

2. Deploy Harbor services

1 unzip the Harbor installer

tar zxvf harbor-offline-installer-v1.2.2.tgz -C /usr/local/

2. Modify the configuration file of harbor installation

vim /usr/local/harbor/harbor.cfg
###The fifth line###
hostname =

###Line 59 default user name/Password is: admin/horbor12345###
harbor_admin_password = Harbor12345

```![Insert picture description here](,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl81NTYwOTgzNw==,size_16,color_FFFFFF,t_70)

![Insert picture description here](
### 3. Start harbor

cd /usr/local/harbor/

4. View Harbor boot image

5. Create a new project to test

1. Visit the homepage of Harbor warehouse and enter the default account and password

2. Log in to the system

3 try to create a new project

6. Use the Docker command to pass 127.0.0 locally 0.1 to log in and push images. By default, the Registry server listens on port 80

1 log in to Harbor

2. Download a tomcat image for testing

3. Modify the label of tomcat image and push it to Harbor warehouse

View the tomcat image we pushed in Harbor in the browser

7. Upload images on other clients

The above operations are performed locally on the Harbor server. If other clients log in to Harbor, the following error will be reported. The reason for this problem is that HTTPS is used by default for Docker Registry interaction, but HTTP service is used by default for building private images
Therefore, the following error occurs when interacting with the private image

1. Modify the configuration on Docker client
//The solution is: when the Docker server is started, add the startup parameters and use HTTP access by default.

[root@we ~] # vim /usr/lib/systemd/system/docker.service 

  1 [Unit]
  2 Description=Docker Application Container Engine
  3 Documentation=
  4 firewalld.service containerd.service
  6 Requires=docker.socket containerd.service
  8 [Service]
  9 Type=notify
 10 # the default is not to use systemd for cgroups because the delegate issues still
 11 # exists and systemd currently does not support the cgroup feature set required
 12 # for containers run by docker
 13 ExecStart=/usr/bin/dockerd -H fd:// --insecure-registry --containerd=/run/containerd/containerd.sock

8. Reload Docker and log in to Harbor again

[root@we ~] # systemctl daemon-reload 
[root@we ~] # systemctl restart docker
[root@we ~] # docker login
Username: admin
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See

Login Succeeded

9. Download the tomcat image in Harbor warehouse

10. Download the nginx image from the public network and upload it to our Harbor warehouse

11. View in Harbor warehouse in browser

You can also view related logs

3, Maintenance management Harbir

1. Create a project through Harbor Web

In the Harbor warehouse, any image must have its own project before being push ed to the regsitry.
Click "+ project" and fill in the project name. If the project level is set to "private", it will not be checked. If it is set as a public warehouse, the owner has read permission to the image under this project. The image can be downloaded without executing "Docker login" on the command line. The image operation is the same as that of Docker Hub.

2. Create Harbor user

Keywords: Docker

Added by june82 on Thu, 30 Dec 2021 07:04:18 +0200