Habor Installation Deployment + SSL

Habor is an open source container mirror warehouse of VMWare. In fact, Habor is an enterprise-level extension on Docker Registry, which has gained wider application. These new enterprise-level features include: management user interface, role-based access control, AD/LDAP integration and audit log, etc., which can meet the basic enterprise needs.

Official address: https://vmware.github.io

Github: https://github.com/goharbor/harbor


Harbor's main functions

Role based access control (RBAC)
In an enterprise, there are usually different development teams responsible for different projects. Mirror code is the same, and each person's roles have different needs. Therefore, access control is needed and the corresponding rights are allocated according to the roles. 
For example, developers need to build projects, which uses push/pull, testers only need pull, operation and maintenance of general management mirror warehouse, with the ability to allocate rights, project managers have all rights. 
** Mirror Reproduction**
Mirrors in the repository can be synchronized to remote Harbor, similar to MySQL master-slave synchronization.

**LDAP**
Harbor supports LDAP authentication and can easily access existing LDAP.
** Mirror deletion and space recycling**
Harbor supports removing images on the Web, recycling useless images, and freeing disk space.
** Graphic Page Management**
Users search for mirrors and project management in many ways.
* * audit * *
All operations of the warehouse are recorded.
**REST API**
Complete API for easy integration with the outside world.

Harbor component

Component function
harbor-adminserver Configuration Management Center
Harbor-db Mysql database
Harbor-job service is responsible for mirror replication
harbor-log Recording Operational Log
Harbor-ui Web Management Pages and API s
nginx front-end agent, responsible for front-end pages and mirror upload/download forwarding
redis session
Regisry Mirror Storage

There are three ways to install Harbor:

Online Installation: Download Harbor-related images from Docker Hub, so the installation package is very small

Off-line Installation: Installation packages contain relevant images of deployment, so installation packages are larger

OVA Installer: When a user has a vCenter environment, use this installer to start Harbor after deploying OVA

We use offline installation. First, download the offline installation package: https://github.com/goharbor/harbor/releases.

1.Add to docker Of yum Source, from Ali or Tencent and other source addresses
2.yum install -y docker-ce && systemctl enable docker && docker start docker
3.echo 1 >> /proc/sys/net/ipv4/ip_forward && source /proc/sys/net/ip4/ip_forward
4.curl -L https://github.com/docker/compose/releases/download/1.24.1/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose && chmod +x /usr/local/bin/docker-compose
5. wget https://storage.googleapis.com/harbor-releases/release-1.9.0/harbor-online-installer-v1.9.0.tgz
[root@git_harbor ~]# tar -zxvf harbor-offline-installer-v1.9.0.tgz -C /usr/local/
[root@git_harbor ~]# mkdir /usr/local/harbor/ssl
[root@git_harbor ssl]# openssl genrsa -out ca.key 2048
Generating RSA private key, 2048 bit long modulus
..............................................................................................................................................................................+++
......................+++
e is 65537 (0x10001)
[root@git_harbor ssl]# openssl req -new -key ca.key -out ca.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:
State or Province Name (full name) []:
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:local.harbor.com
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@git_harbor ssl]# 
[root@git_harbor ssl]# openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt
Signature ok
subject=/C=XX/L=Default City/O=Default Company Ltd/CN=local.harbor.com
Getting Private key
[root@git_harbor ssl]# vim ../harbor.yml
hostname: local.harbor.com
https:
   certificate: /usr/local/harbor/ssl/ca.crt
   private_key: /usr/local/harbor/ssl/ca.key
[root@git_harbor harbor]# ./prepare
[root@git_harbor harbor]# ./install.sh

6. Modify server hosts and native hosts
7. Visit Harbor
8. Log on to harbor
docker login https://login.harbor.com/ -uadmin

Keywords: Linux Docker SSL github OpenSSL

Added by jikishlove on Fri, 20 Sep 2019 11:20:51 +0300

Popular Keywords

©2024 Programming VIP