1, Introduction to Harbor
Whether you use docker distribution to build your own warehouse or run the container through the official image, we can find that it is very simple through the previous demonstration. It is not as convenient as directly using the official Docker Hub to manage the image. At least the official Docker Hub can manage the image through the web interface and perform search on the web interface, You can also use Webhooks and Automated Builds to automatically build images based on Dockerfile. Instead of executing docker build locally, users push all build context files to github as a warehouse, so that Docker Hub can pull these files from github to complete automatic construction.
However, no matter how powerful the official Docker Hub is, it is abroad after all, so the speed is the biggest bottleneck. It is impossible for us to consider using the official warehouse many times. However, the two self built warehouse methods mentioned above are very simple and inconvenient to manage, so a project favored by CNCF (cloud native) Organization later appeared, which is called Harbor.
Harbor is secondary encapsulated by VMWare on the basis of Docker Registry, with many additional programs added, and provides a very beautiful web interface.
- Project Harbor is an open source trusted cloud native registry project for storing, signing and scanning contexts.
- Harbor extends the open source Docker distribution by adding features that users typically need, such as security, identity, and management.
- Harbor supports advanced functions such as user management, access control, activity monitoring and inter instance replication.
2, Harbor features
Feathers
- Multi tenant content signing and validation
- Security and vulnerability analysis
- Audit logging
- Identity integration and role-based access control
- Image replication between instances
- Extensible API and graphical user interface
- Internationalization (currently in Chinese and English)
3, Docker compose
It is very difficult to deploy Harbor on physical machines. In order to simplify Harbor applications, Harbor officials directly make Harbor into applications running in containers. Moreover, this container relies on many storage systems such as redis, mysql and pgsql in Harbor, so it needs to arrange many containers to work together. Therefore, when deploying and using VMWare Harbor, It needs to be implemented with the help of Docker compose.
Compose is a tool for defining and running multi container Docker applications. With compose, you can use YAML files to configure the services of your application. Then, use a single command to create and start all services from the configuration.
Docker Compose official document
Docker compose download address
// Configure network source [root@localhost ~]# curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-8.repo // To install docker compose, you need to install docker CE first [root@localhost ~]# cd /etc/yum.repos.d/ // Docker CE source [root@localhost yum.repos.d]# curl -o docker-ce.repo https://mirrors.tuna.tsinghua.edu.cn/docker-ce/linux/centos/docker-ce.repo [root@localhost yum.repos.d]# sed -i 's@https://download.docker.com@https://mirrors.tuna.tsinghua.edu.cn/docker-ce@g' docker-ce.repo [root@localhost yum.repos.d]# yum -y install docker-ce // Start docker [root@localhost yum.repos.d]# yum clean all Failed to set locale, defaulting to C.UTF-8 28 files removed // Start service [root@localhost ~]# systemctl enable --now docker Created symlink /etc/systemd/system/multi-user.target.wants/docker.service → /usr/lib/systemd/system/docker.service. [root@localhost ~]# ls /etc/docker/ key.json // There is no docker compose package in CentOS 8 [root@localhost ~]# yum list all | grep docker Failed to set locale, defaulting to C.UTF-8 podman-docker.noarch 1:3.4.1-3.module_el8.6.0+954+963caf36 @appstream containerd.io.x86_64 1.4.12-3.1.el8 docker-ce-stable docker-ce.x86_64 3:20.10.12-3.el8 docker-ce-stable docker-ce-cli.x86_64 1:20.10.12-3.el8 docker-ce-stable docker-ce-rootless-extras.x86_64 20.10.12-3.el8 docker-ce-stable docker-scan-plugin.x86_64 0.12.0-3.el8 docker-ce-stable pcp-pmda-docker.x86_64 5.3.5-2.el8 appstream // Download docker compose package [root@localhost ~]# curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose [root@localhost bin]# cd /usr/local/bin/ [root@localhost bin]# ls docker-compose // Give permission to view version [root@localhost bin]# chmod +x docker-compose [root@localhost bin]# docker-compose --version docker-compose version 1.29.2, build 5becea4c // Make soft links [root@localhost ~]# ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose
4, Harbor deployment
4.1 turn off firewall and selinux
[root@localhost harbor]# systemctl disable --now firewalld Removed /etc/systemd/system/multi-user.target.wants/firewalld.service. Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service. [root@localhost harbor]# systemctl stop --now firewalld [root@localhost harbor]# cat /etc/selinux/config SELINUX=disabled // Modify this line // Restart after modification [root@localhost harbor]# reboot [root@localhost harbor]# setenforce 0 setenforce: SELinux is disabled
4.2 download harbor package
// Upload and download a good harbor package [root@localhost ~]# ls amu anaconda-ks.cfg harbor-offline-installer-v2.3.5.tgz // Check whether the md5sum value is the same as that in the md5sum file on the official website [root@localhost ~]# md5sum harbor-offline-installer-v2.3.5.tgz f1e01bbb4b62bf4a31a103d8c7c5a215 harbor-offline-installer-v2.3.5.tgz
4.3 configuring accelerators
[root@localhost ~]# vim /etc/docker/daemon.json
{
"registry-mirrors": ["https://kgdsiwq8.mirror.aliyuncs.com"]
}
// Reload docker service
[root@localhost ~]# systemctl daemon-reload
[root@localhost ~]# systemctl restart docker
// View accelerator configuration
[root@localhost ~]# docker info
......Omitted above
Experimental: false
Insecure Registries:
127.0.0.0/8
Registry Mirrors:
https://kgdsiwq8.mirror.aliyuncs.com/ // Accelerator configuration succeeded
Live Restore Enabled: false
4.4 installing harbor
// Unzip the harbor package to / usr/local / [root@localhost ~]# tar xf harbor-offline-installer-v2.3.5.tgz -C /usr/local/ [root@localhost ~]# cd /usr/local/ [root@localhost local]# ls bin games include lib64 sbin src etc harbor lib libexec share [root@localhost local]# cd harbor/ [root@localhost harbor]# ls LICENSE harbor.v2.3.5.tar.gz install.sh common.sh harbor.yml.tmpl prepare // Set host name [root@localhost harbor]# hostnamectl set-hostname node1.example.com [root@localhost harbor]# bash [root@node1 harbor]# hostname node1.example.com [root@node1 harbor]# cp harbor.yml.tmpl harbor.yml [root@node1 harbor]# vim harbor.yml # DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients. hostname: node1.example.com // Add host name # https related config #https: // Comment out the certificate. If you don't use the certificate, you need to comment # https port for harbor, default is 443 # port: 443 // notes # The path of cert and key files for nginx # certificate: /your/certificate/path // notes # private_key: /your/private/key/path // notes harbor_admin_password: Harbor12345 // Default login password // The above needs to be modified, and the rest remains the default // Add host mapping [root@localhost harbor]# vim /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.91.137 node1.example.com // Test whether node1 can be ping ed example. Com host [root@localhost harbor]# ping node1.example.com PING node1.example.com (192.168.91.137) 56(84) bytes of data. 64 bytes from node1.example.com (192.168.91.137): icmp_seq=1 ttl=64 time=0.044 ms 64 bytes from node1.example.com (192.168.91.137): icmp_seq=2 ttl=64 time=0.033 ms // Launch script for installation [root@localhost harbor]# ./install.sh [Step 0]: checking if docker is installed ... Note: docker version: 20.10.12 [Step 1]: checking docker-compose is installed ... Note: docker-compose version: 1.29.2 [Step 2]: loading Harbor images ... ......The installation process is omitted ✔ ----Harbor has been installed and started successfully.---- // Many containers will start automatically after installation [root@node1 harbor]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 3daa18aedde3 goharbor/harbor-jobservice:v2.3.5 "/harbor/entrypoint...." 5 seconds ago Up 4 seconds (health: starting) harbor-jobservice 67cda2a01e08 goharbor/nginx-photon:v2.3.5 "nginx -g 'daemon of..." 5 seconds ago Up 4 seconds (health: starting) 0.0.0.0:80->8080/tcp, :::80->8080/tcp nginx 388f512bcfe1 goharbor/harbor-core:v2.3.5 "/harbor/entrypoint...." 6 seconds ago Up 4 seconds (health: starting) harbor-core b4e7fefa599e goharbor/harbor-db:v2.3.5 "/docker-entrypoint...." 7 seconds ago Up 5 seconds (health: starting) harbor-db 9201662bba92 goharbor/redis-photon:v2.3.5 "redis-server /etc/r..." 7 seconds ago Up 5 seconds (health: starting) redis 42368cf0e78b goharbor/registry-photon:v2.3.5 "/home/harbor/entryp..." 7 seconds ago Up 5 seconds (health: starting) registry ed564a1e593b goharbor/harbor-registryctl:v2.3.5 "/home/harbor/start...." 7 seconds ago Up 5 seconds (health: starting) registryctl daa189f31bc3 goharbor/harbor-portal:v2.3.5 "nginx -g 'daemon of..." 7 seconds ago Up 5 seconds (health: starting) harbor-portal 8ac96968e301 goharbor/harbor-log:v2.3.5 "/bin/sh -c /usr/loc..." 7 seconds ago Up 6 seconds (health: starting) 127.0.0.1:1514->10514/tcp harbor-log // After installation, there will be two more files, one common and one docker compose yml [root@localhost harbor]# ls /usr/local/harbor/ LICENSE docker-compose.yml harbor.yml.tmpl common harbor.v2.3.5.tar.gz install.sh common.sh harbor.yml prepare [root@node1 harbor]# ss -antl State Recv-Q Send-Q Local Address:Port Peer Address:Port Process LISTEN 0 128 0.0.0.0:22 0.0.0.0:* LISTEN 0 128 127.0.0.1:1514 0.0.0.0:* LISTEN 0 128 0.0.0.0:80 0.0.0.0:* LISTEN 0 128 [::]:22 [::]:* LISTEN 0 128 [::]:80 [::]:*
4.5 page access
