Whether you use docker distribution to build your own warehouse or run the container through the official image, we can find that it is very simple through the previous demonstration. It is not as convenient as directly using the official Docker Hub to manage the image. At least the official Docker Hub can manage the image through the web interface and perform search on the web interface, You can also use Webhooks and Automated Builds to automatically build images based on Dockerfile. Instead of executing docker build locally, users push all build context files to github as a warehouse, so that Docker Hub can pull these files from github to complete automatic construction.
However, no matter how powerful the official Docker Hub is, it is abroad after all, so the speed is the biggest bottleneck. It is impossible for us to consider using the official warehouse many times. However, the two self built warehouse methods mentioned above are very simple and inconvenient to manage, so a project favored by CNCF organization, named Harbor, emerged later.
Introduction to Harbor
Harbor is secondary encapsulated by VMWare on the basis of Docker Registry, with many additional programs added, and provides a very beautiful web interface.
Project Harbor is an open source trusted cloud native registry project for storing, signing and scanning contexts.
Harbor extends the open source Docker distribution by adding features that users typically need, such as security, identity, and management.
Harbor supports advanced functions such as user management, access control, activity monitoring and inter instance replication.
Harbor features
Feather:
- Multi tenant content signing and validation
- Security and vulnerability analysis
- Audit logging
- Identity integration and role-based access control
- Image replication between instances
- Extensible API and graphical user interface
- Internationalization (currently in Chinese and English)
Written by Docker
It is very difficult to deploy Harbor on physical machines. In order to simplify Harbor applications, Harbor officials directly make Harbor into applications running in containers. Moreover, this container relies on many storage systems such as redis, mysql and pgsql in Harbor, so it needs to arrange many containers to work together. Therefore, when deploying and using VMWare Harbor, It needs to be implemented with the help of Docker compose.
Compose is a tool for defining and running multi container Docker applications. With compose, you can use YAML files to configure the services of your application. Then, use a single command to create and start all services from the configuration.
Docker Compose official document
Harbor deployment
Environmental Science:
| host | ip | service |
| master | 192.168.75.128 | docker-ce,docker-compose,harbor |
| docker | 192.168.75.142 | docker-ce |
harbor host
//Turn off firewall [root@master ~]# systemctl stop firewalld [root@master ~]# systemctl disable firewalld Removed /etc/systemd/system/multi-user.target.wants/firewalld.service. Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service. [root@master ~]# vi /etc/selinux/config [root@master ~]# source /etc/selinux/config [root@master ~]# setenforce 0
Install docker
//Download docker warehouse
[root@master ~]# cd /etc/yum.repos.d/
[root@master yum.repos.d]# curl -o docker-ce.repo https://mirrors.tuna.tsinghua.edu.cn/docker-ce/linux/centos/docker-ce.repo
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:--100 1919 100 1919 0 0 4624 0 --:--:-- --:--:-- --:--:-- 4624
[root@master yum.repos.d]# ls
CentOS-Base.repo epel.repo
docker-ce.repo epel-testing-modular.repo
epel-modular.repo epel-testing.repo
epel-playground.repo redhat.repo
[root@master yum.repos.d]# yum makecache
//Installing docker and dependent packages
[root@master ~]# dnf -y install yum-utils device-mapper-persistent-data lvm2 docker-ce --allowerasing
[root@master ~]# which docker
/usr/bin/docker
//Configure docker accelerator
[root@master ~]# mkdir -p /etc/docker
[root@master ~]# vi /etc/docker/daemon.json
[root@master ~]# cat /etc/docker/daemon.json
{
"registry-mirrors": ["https://fcetdvye.mirror.aliyuncs.com"]
}
[root@master ~]# systemctl daemon-reload
[root@master ~]# systemctl enable --now docker
Created symlink /etc/systemd/system/multi-user.target.wants/docker.service → /usr/lib/systemd/system/docker.service.
Download docker compose
[root@master ~]# curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose [root@master ~]# ls /usr/local/bin/ docker-compose [root@master ~]# chmod +x /usr/local/bin/docker-compose [root@master ~]# ll /usr/local/bin/ Total consumption 12440 -rwxr-xr-x 1 root root 12737304 12 June 16-18:30 docker-compose
Deploy har
//Pull bag [root@master ~]# wget https://github.com/goharbor/harbor/releases/download/v2.3.5/harbor-offline-installer-v2.3.5.tgz [root@master ~]# ls Public documents anaconda-ks.cfg Template download harbor-offline-installer-v2.3.5.tgz Video Music initial-setup-ks.cfg Picture desktop //Decompression installation [root@master ~]# tar xf harbor-offline-installer-v2.3.5.tgz -C /usr/local/ [root@master ~]# cd /usr/local/ [root@master local]# ls bin games include lib64 sbin src etc harbor lib libexec share [root@master local]# cd harbor/ [root@master harbor]# ls common.sh harbor.yml.tmpl LICENSE harbor.v2.3.5.tar.gz install.sh prepare [root@master harbor]# cp harbor.yml.tmpl harbor.yml [root@master harbor]# vi harbor.yml ... # DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients. hostname: master.example.com //Change to host name #https: / / comment this module # https port for harbor, default is 443 # port: 443 # The path of cert and key files for nginx # certificate: /your/certificate/path # private_key: /your/private/key/path harbor_admin_password: Harbor12345 //Password of admin user in web interface [root@master harbor]# vi /etc/hosts [root@master harbor]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.75.128 master.example.com //Add your ip and host name //install [root@master harbor]# ./install.sh ...... [Step 5]: starting Harbor ... Creating network "harbor_harbor" with the default driver Creating harbor-log ... done Creating harbor-db ... done Creating redis ... done Creating harbor-portal ... done Creating registry ... done Creating registryctl ... done Creating harbor-core ... done Creating nginx ... done Creating harbor-jobservice ... done ✔ ----Harbor has been installed and started successfully.---- //Installation succeeded //View port and docker images [root@master ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES c10fd7152b41 goharbor/harbor-jobservice:v2.3.5 "/harbor/entrypoint...." 2 minutes ago Up 2 minutes (healthy) harbor-jobservice 6c42dcf94d80 goharbor/nginx-photon:v2.3.5 "nginx -g 'daemon of..." 2 minutes ago Up 2 minutes (healthy) 0.0.0.0:80->8080/tcp, :::80->8080/tcp nginx 9504c4c40b98 goharbor/harbor-core:v2.3.5 "/harbor/entrypoint...." 2 minutes ago Up 2 minutes (healthy) harbor-core c8fc6b3fb88f goharbor/harbor-registryctl:v2.3.5 "/home/harbor/start...." 2 minutes ago Up 2 minutes (healthy) registryctl 8791f603685d goharbor/registry-photon:v2.3.5 "/home/harbor/entryp..." 2 minutes ago Up 2 minutes (healthy) registry a565b4907bf5 goharbor/redis-photon:v2.3.5 "redis-server /etc/r..." 2 minutes ago Up 2 minutes (healthy) redis d00d3e78c9ac goharbor/harbor-db:v2.3.5 "/docker-entrypoint...." 2 minutes ago Up 2 minutes (healthy) harbor-db b985791f018b goharbor/harbor-portal:v2.3.5 "nginx -g 'daemon of..." 2 minutes ago Up 2 minutes (healthy) harbor-portal d47c3f19383c goharbor/harbor-log:v2.3.5 "/bin/sh -c /usr/loc..." 2 minutes ago Up 2 minutes (healthy) 127.0.0.1:1514->10514/tcp harbor-log [root@master ~]# ss -antl State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 127.0.0.1:1514 0.0.0.0:* LISTEN 0 128 0.0.0.0:111 0.0.0.0:* LISTEN 0 128 0.0.0.0:80 0.0.0.0:* LISTEN 0 32 192.168.122.1:53 0.0.0.0:* LISTEN 0 128 0.0.0.0:22 0.0.0.0:* LISTEN 0 5 127.0.0.1:631 0.0.0.0:* LISTEN 0 128 [::]:111 [::]:* LISTEN 0 128 [::]:80 [::]:* LISTEN 0 128 [::]:22 [::]:* LISTEN 0 5 [::1]:631 [::]:* [root@master ~]#
test
docker host
Turn off the firewall
[root@localhost ~]# systemctl stop firewalld [root@localhost ~]# systemctl disabled firewalld Unknown operation disabled. [root@localhost ~]# systemctl disable firewalld Removed /etc/systemd/system/multi-user.target.wants/firewalld.service. Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service. [root@localhost ~]# vi /etc/selinux/config [root@localhost ~]# source /etc/selinux/config [root@localhost ~]# reboot
//Installing dockers
//Configure yum source for docker
[root@docker ~]# cd /etc/yum.repos.d/
[root@docker yum.repos.d]# curl -o docker-ce.repo https://mirrors.tuna.tsinghua.edu.cn/docker-ce/linux/centos/docker-ce.repo
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- 0 0 0 0 0 0 0 0 --:--:-- 0:00:01100 1919 100 1919 0 0 1561 0 0:00:01 0:00:01 --:--:-- 1561
[root@docker yum.repos.d]# ls
CentOS-Base.repo docker-ce.repo redhat.repo
//Install docker and dependent packages
[root@docker yum.repos.d]# dnf -y install yum-utils device-mapper-persistent-data lvm2 docker-ce
[root@docker yum.repos.d]# docker version
Client: Docker Engine - Community
Version: 20.10.12
API version: 1.41
Go version: go1.16.12
Git commit: e91ed57
Built: Mon Dec 13 11:45:22 2021
OS/Arch: linux/amd64
Context: default
Experimental: true
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
//accelerator
[root@docker ~]# mkdir -p /etc/docker
[root@docker ~]# vi /etc/dockerdaemon.json
[root@docker ~]# cat /etc/dockerdaemon.json
{
"registry-mirrors": ["https://fcetdvye.mirror.aliyuncs.com"]
}
[root@docker ~]# systemctl daemon-reload
[root@docker ~]# systemctl enable --now docker
Created symlink /etc/systemd/system/multi-user.target.wants/docker.service → /usr/lib/systemd/system/docker.service.
//
[root@docker ~]# cat /etc/dockerdaemon.json
{
"registry-mirrors": ["https://fcetdvye.mirror.aliyuncs.com"]
"insecure-registries": ["master.example.com"] //Add this row
}
//Domain name mapping
[root@docker ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.75.128 master.example.com
Upload image
//Change image name [root@docker ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE busybox latest ffe9d497c324 8 days ago 1.24MB [root@docker ~]# docker tag busybox:latest master.example.com/library/busybox:latest [root@docker ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE busybox latest ffe9d497c324 8 days ago 1.24MB master.example.com/library/busybox latest ffe9d497c324 8 days ago 1.24MB //Log in to the warehouse [root@docker ~]# docker login master.example.com Username: admin Password: WARNING! Your password will be stored unencrypted in /root/.docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store Login Succeeded //upload [root@docker ~]# docker push master.example.com/library/busybox Using default tag: latest The push refers to repository [master.example.com/library/busybox] 64cac9eaf0da: Pushed latest: digest: sha256:50e44504ea4f19f141118a8a8868e6c5bb9856efa33f2183f5ccea7ac62aacc9 size: 527
see
