Docker Harbor private server construction and use
Article source: Tao Teacher operation notes – wechat official account
1. Introduction
Although Docker officially provides a public mirror warehouse, it is necessary to deploy Registry in our private environment from the perspective of security and efficiency. This article introduces Harbor private server construction and use.
Harbor is an open source enterprise Docker Registry project managed by VMware, including rights management (RBAC), LDAP, log audit, management interface, self-registration, image replication and Chinese support, etc. Official address: github.com/goharbor/ha…
2. Prepare the environment
Docker and Docker-compose are required for Harbor installation.
2.1 Software Environment
software | version | note |
---|---|---|
The operating system | centos7 | – |
docker | Docker version 18.06.1 – ce | – |
docker-compose | Docker – compose version 1.24.1 | – |
2.2 Hardware Environment
slightly
3. The Docker/DockerCompose installation
3.1 installation Docker
# yum package update
$yum update
Uninstall old versions of Docker
$yum remove docker docker-common docker-selinux docker-engine
Install software packages
$yum install -y yum-utils device-mapper-persistent-data lvm2
# add Docker yum source
$yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
# installation Docker
$yum -y install docker-ce
# start Docker
$systemctl start docker
Check the Docker version number
$docker --version
Copy the code
3.2 installation DockerCompose
# install the epel - release
yum install epel-release
# python installed - PIP
yum install -y python-pip
# installation docker - compose
pip install docker-compose
# install git
yum install git
Docker-compose version number
docker-compose -version
Copy the code
4. The Harbor installation
Main steps: 1. Download the Installer. 2. Configuration harbor. Yml; 3. Run install.sh and start Harbor.
4.1 Downloading Software:
Download software: github.com/goharbor/ha…
wget 'https://storage.googleapis.com/harbor-releases/release-1.8.0/harbor-offline-installer-v1.8.4-rc1.tgz' .
# decompressionThe tar - ZXVF harbor - offline installer - v1.8.4 - rc1. TGZCopy the code
4.2 Modifying the Configuration
If you download the file and unzip it, you will find the harbor configuration file.
- Installation and configuration instructions: github.com/goharbor/ha…
- To configure HTTPS: github.com/goharbor/ha…
Modify hostname,harbor_admin_password, and the result is as follows.
#harbor.yml
cat harbor.yml |grep -v The '#' |grep -v '^ $'
hostname: registry.test.myop.com
http:
port: 80
harbor_admin_password: Harbor12345
database:
password: root123
data_volume: /data1/harbor
clair:
updaters_interval: 12
http_proxy:
https_proxy:
no_proxy: 127.0. 01.,localhost,core,registry
jobservice:
max_job_workers: 10
chart:
absolute_url: disabled
log:
level: info
rotate_count: 50
rotate_size: 200M
location: /var/log/harbor
_version: 1.8. 0
Docker-composing. Yml: docker-composing. Yml: docker-composing. Yml: docker-composing.
vim docker-compose.yml,
dns_search:
ports:
- 5000: 5000
Copy the code
The hostname set native registry.test.myop.com here, harbor_admin_password web page code.
4.3 Performing Installation
Execute the installation script.
Execute the installation scriptsh ./install.sh [Step 0]: checking installation environment ... Note: docker version: 18.06.1 Note: Docker-compose version: 1.24.1 [Step 1]: Loading Harbor images... B80136ee24a4: Loading layer [= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >] 34.25 MB / 34.25 MB (Step 2) : preparing environment ... prepare base dir isset to /data1/software/harbor
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
Generated and saved secret to file: /secret/keys/secretkey
Generated certificate, key file: /secret/core/private_key.pem, cert file: /secret/registry/root.crt
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir
[Step 3]: starting Harbor ...
Creating network "harbor_harbor" with the default driver
Creating harbor-log ... done
Creating redis ... done
Creating harbor-db ... done
Creating registry ... done
Creating registryctl ... done
Creating harbor-core ... done
Creating harbor-jobservice ... done
Creating harbor-portal ... done
Creating nginx ... done
Copy the code
4.4 Test Access
The default account is admin, and the default password is Harbor12345 (which is what you set in your office profile, if not changed).
5. Harbor operations
5.1 stop Harbor
If you want to stop it, or if the server is restarted, you need to restart it manually by executing a command in the Harbor installation directory.
#Removing Harbor's containers while keeping the image data and Harbor's database files on the file system
$ sudo docker-compose down -v
$ vim harbor.yml
$ sudo prepare
$ sudo docker-compose up -d
Copy the code
5.2 Reinstallation
You may want to remove Harbor’s database and Image data from a complete reinstall. (Risky!)
$ rm -r /data/database
$ rm -r /data/registry
Copy the code
Modify installation configuration: Installation description: github.com/goharbor/ha…
5.3 Changing a Port
Vim docker-comemage. yml, change port 80 to 8888.
#vim docker-compose.ymlProxy: image: goharbor/nginx -Photon :v1.7.5 container_name: nginx restart: always cap_drop: -all cap_add: - CHOWN - SETGID - SETUID - NET_BIND_SERVICE volumes: - ./common/config/nginx:/etc/nginx:z networks: - harbor dns_search: . ports: - 8888:80 - 443:443 depends_on: - postgresql - registry - core - portal -log
Copy the code
5.4 Troubleshooting
Docker-compose ps, then you can log into the Docker container to check the problem.
cd /data1/harbor Harbor installation directory
$docker-compose stop
$docker-compose start
$docker-compose ps Name Command State Ports --------------------------------------------------------------------------------------------- harbor-core /harbor/start.sh Up (healthy) harbor-db /entrypoint.sh postgres Up (healthy) 5432/tcp harbor-jobservice /harbor/start.sh Up harbor-log /bin/sh -c /usr/local/bin/ ... Up (healthy) 127.0.0.1:1514->10514/ TCP harbor-portal nginx -g daemon off; Up (healthy) 80/tcp nginx nginx -g daemon off; Up (healthy) 0.0.0.0:80->80/ TCP redis docker-entrypoint.sh redis... Up 6379/tcp registry /entrypoint.sh /etc/regist ... Up (healthy) 5000/tcp registryctl /harbor/start.sh Up (healthy)Copy the code
5.5 the Https configuration
Harbor Https configuration: CentOS7 Harbor Https configuration github.com/goharbor/ha…
Harbor has been built. There may be some problems when we upload the project. There will be errors when we log in Harbor on another server (client).
$docker login registry.test.myop.com
Error response from daemon: Get https://registry.test.myop.com/v2/: dial tcp registry.test.myop.com:443: connect: connection refused
Copy the code
This is because the default docker Registry uses HTTPS from docker1.3.2. We set Harbor to use HTTP by default. Therefore, when executing docker login, pull, push and other commands to operate non-HTTPS Docker regsitry, an error will be reported.
Solutions:
- Edit docker configuration files for Harbor and client machines
- If the system is Centos7, you can change it in /etc/docker-daemon. json.
- If the system is MacOS, you can click “Preference” in “Advanced” to add harbor_ip in “Insecure Registry” and restart the Docker client.
vim /etc/docker/daemon.json
{
"insecure-registries": [
"harbor_ip or harbor_domain"]}Copy the code
- On the Harbor server, in the Harbor installation directory
Docker-comemage. yml: docker-comemage. yml: docker-comemage. yml: docker-comemage. yml
vim docker-compose.yml
dns_search:
ports:
- 5000:5000
Copy the code
3. Restart or reinstall harbor
$docker-compose stop
$docker ps -a |grep harbor |awk '{print $1}'|xargs -I {} docker rm {}
Removing Harbor's database and image data
$ rm -r /data1/database
$ rm -r /data1/registry
Docker-compose start
docker-compose start
#reload docker
systemctl daemon-reload
#docker ps |grep -v CONTAINER |awk '{print $1}'>docker_online.txt
#cat docker_online.txt |while read line; do echo "$line"; docker start $line; done;
#systemctl start Docker # service will stop. Use reload.
systemctl reload docker
systemctl status docker.service -l
Copy the code
4. Log in to the warehouse
- Harbor machine test login
docker login registry.test.myop.com
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
Copy the code
- If you log in to a remote machine, the same error occurs.
vim /etc/docker/daemon.json
{
"insecure-registries": [
"harbor_ip or harbor_domain"]}$systemctl daemon-reload
$docker ps
$systemctl reload docker
$systemctl status docker.service -l
Copy the code
Note: Some articles say HTTPS login error, need to modify docker.service as follows. Docker. Service does not need to be modified under Docker Version 18.06.1 or Harbor-1.8.4.
#vim /lib/systemd/system/docker.service
Add the following configuration. This is not required in this environment docker 18.06.1
#ExecStart=/usr/bin/dockerd --insecure-registry=harbor_ip
Copy the code
6. Use Harbor
6.1 web interface
Go to https://harbor_ip to set up projects, users, etc.
6.2 mirror pull/push
Json {“insecure-registries”:[“registry.test.myop.com”]} systemctl restart docker 2, tagging docker tag centos: 6 registry.test.myop.com/library/centos:6 3, upload docker push Registry.test.myop.com/library/centos:6 4, download the docker pull registry.test.myop.com/library/centos:6
Example:
# Login to Harbor before pushingDocker login Docker login registry.test.myop.com admin Harbor12345 Docker images to upload the image to Harbor, run the following command# Mirror tagDocker tag Image name: private server address/repository project name/image name: tag# Push to private serverDocker push private server address/warehouse project name/image name: tag# pull image from private serverDocker Pull private server address/repository project name/image name: tagCopy the code
7. Harbor authority
Harbor authority management: blog.csdn.net/liumiaocn/a…
Harbor master/slave replication
- Blog.csdn.net/kozazyh/art…
- Blog.csdn.net/weixin_4348…
Reference:
- Github.com/goharbor/ha…
- Github.com/goharbor/ha…
- Docker Harbor private server build and use blog.csdn.net/weixin_4208…
- Docker mirror warehouse Harbor blog.51cto.com/jacksoner/2…
- Blog.csdn.net/jycjyc/arti…