Earlier, we talked about the construction and simple use of docker distribution, a private image warehouse of docker. Please refer to https://www.cnblogs.com/qiuhom-1874/p/13058338.html From the previous construction and use process, the warehouse built by docker distribution is very simple, and it does not even have a user authentication, let alone multiple users. Today, we will introduce another docker warehouse tool, harbor, which has a lot of functions compared with docker distribution. It supports multi tenant, extensible API and web ui , support image replication across multiple harbor instances, support identity integration, role-based access control and other features; next, let's install and take a look at harbor;
First, we need to go to the official website to download the installer. The latest version is 2.0; download address https://github.com/goharbor/harbor/releases/tag/v2.0.0 The installer of harbor has two versions: online and offline. The online package is usually smaller, which is suitable for better use in the network environment. The offline package is packaged with all the installation files and scripts;
1. Upload the downloaded installer to the server
2. Unzip the installer and enter the unzipped directory
[root@docker_node01 ~]# tar xf harbor-offline-installer-v2.0.0.tgz -C /usr/local/ [root@docker_node01 ~]# ls /usr/local/ bin etc games harbor include lib lib64 libexec sbin share src [root@docker_node01 ~]# cd /usr/local/harbor/ [root@docker_node01 harbor]# ls common.sh harbor.v2.0.0.tar.gz harbor.yml.tmpl install.sh LICENSE prepare [root@docker_node01 harbor]#
3. Edit harbor.yml.tmpl Files, changing necessary configuration
Tip: I only modified the value of hostname above, and I used the default value later. For the description of this configuration file, please refer to the official document description to configure it. Here, you need to pay attention to the fact that you need to manually apply for a certificate by yourself when using https, and Gabor cannot be installed normally without the certificate file;
4. Set harbor.yml.tmpl Rename to harbor.yml
[root@docker_node01 harbor]# ls common.sh harbor.v2.0.0.tar.gz harbor.yml.tmpl install.sh LICENSE prepare [root@docker_node01 harbor]# mv harbor.yml.tmpl harbor.yml [root@docker_node01 harbor]#
5. Operation install.sh
Tip: if running install.sh The script has the above errors. We need to install docker compose first;
6. Install docker compose
[root@docker_node01 harbor]# yum install docker-compose -y Loaded plugins: fastestmirror base | 3.6 kB 00:00:00 docker-ce-stable | 3.5 kB 00:00:00 epel | 4.7 kB 00:00:00 extras | 2.9 kB 00:00:00 updates | 2.9 kB 00:00:00 (1/3): updates/7/x86_64/primary_db | 2.1 MB 00:00:00 (2/3): epel/x86_64/updateinfo | 1.0 MB 00:00:01 (3/3): epel/x86_64/primary_db | 6.8 MB 00:00:03 Loading mirror speeds from cached hostfile * base: mirrors.aliyun.com * extras: mirrors.aliyun.com * updates: mirror.bit.edu.cn Resolving Dependencies --> Running transaction check ---> Package docker-compose.noarch 0:1.18.0-4.el7 will be installed --> Processing Dependency: python36-cached_property >= 1.2.0 for package: docker-compose-1.18.0-4.el7.noarch --> Processing Dependency: python36-docker >= 2.6.1 for package: docker-compose-1.18.0-4.el7.noarch ......Omit parts Installed: docker-compose.noarch 0:1.18.0-4.el7 Dependency Installed: python36-PyYAML.x86_64 0:3.13-1.el7 python36-cached_property.noarch 0:1.5.1-2.el7 python36-chardet.noarch 0:3.0.4-1.el7 python36-docker.noarch 0:2.6.1-3.el7 python36-docker-pycreds.noarch 0:0.2.1-2.el7 python36-dockerpty.noarch 0:0.4.1-18.el7 python36-docopt.noarch 0:0.6.2-8.el7 python36-idna.noarch 0:2.7-2.el7 python36-jsonschema.noarch 0:2.5.1-4.el7 python36-pysocks.noarch 0:1.6.8-7.el7 python36-requests.noarch 0:2.14.2-2.el7 python36-six.noarch 0:1.14.0-2.el7 python36-texttable.noarch 0:1.6.2-1.el7 python36-urllib3.noarch 0:1.25.6-1.el7 python36-websocket-client.noarch 0:0.47.0-2.el7 Complete! [root@docker_node01 harbor]#
Tip: docker compose is a stand-alone orchestration tool for docker container;
7. Re operation install.sh script
[root@docker_node01 harbor]# ./install.sh [Step 0]: checking if docker is installed ... Note: docker version: 19.03.8 [Step 1]: checking docker-compose is installed ... Note: docker-compose version: 1.18.0 [Step 2]: loading Harbor images ... dbaf2c918102: Loading layer [==================================================>] 34.5MB/34.5MB 1f3458bb7308: Loading layer [==================================================>] 8.435MB/8.435MB 74e91bd5ca15: Loading layer [==================================================>] 6.317MB/6.317MB 82da861dccd3: Loading layer [==================================================>] 14.61MB/14.61MB 8d62f2bfdf94: Loading layer [==================================================>] 28.25MB/28.25MB 40510e398799: Loading layer [==================================================>] 22.02kB/22.02kB 6941a908d292: Loading layer [==================================================>] 49.17MB/49.17MB Loaded image: goharbor/notary-signer-photon:v2.0.0 bd70463b9e5a: Loading layer [==================================================>] 8.441MB/8.441MB d3927e3c53ea: Loading layer [==================================================>] 3.584kB/3.584kB a3b2acbb8f7d: Loading layer [==================================================>] 3.072kB/3.072kB de14f7f144ce: Loading layer [==================================================>] 9.71MB/9.71MB 94c03f31b276: Loading layer [==================================================>] 10.53MB/10.53MB Loaded image: goharbor/clair-adapter-photon:v2.0.0 935e17d700d1: Loading layer [==================================================>] 8.44MB/8.44MB eef8d67e9248: Loading layer [==================================================>] 42.3MB/42.3MB a181769f3c52: Loading layer [==================================================>] 3.072kB/3.072kB 4b801e4d76d7: Loading layer [==================================================>] 3.584kB/3.584kB 7f7c81a33722: Loading layer [==================================================>] 43.12MB/43.12MB Loaded image: goharbor/chartmuseum-photon:v2.0.0 4076b322e7f5: Loading layer [==================================================>] 49.89MB/49.89MB da16bbe3a170: Loading layer [==================================================>] 3.584kB/3.584kB f8967a1d9155: Loading layer [==================================================>] 3.072kB/3.072kB 6b7eaf984fde: Loading layer [==================================================>] 2.56kB/2.56kB 4406aea83cb2: Loading layer [==================================================>] 3.072kB/3.072kB 78566a971bf2: Loading layer [==================================================>] 3.584kB/3.584kB e4e05e2ffdad: Loading layer [==================================================>] 12.29kB/12.29kB f3bcf1de026d: Loading layer [==================================================>] 5.632kB/5.632kB Loaded image: goharbor/harbor-log:v2.0.0 101133a0a2e6: Loading layer [==================================================>] 8.441MB/8.441MB 40eb3ab360dd: Loading layer [==================================================>] 3.584kB/3.584kB 172ace267ace: Loading layer [==================================================>] 20.94MB/20.94MB cb361129c579: Loading layer [==================================================>] 3.072kB/3.072kB f0221c34f9dc: Loading layer [==================================================>] 8.721MB/8.721MB 1880cedc9407: Loading layer [==================================================>] 30.48MB/30.48MB Loaded image: goharbor/harbor-registryctl:v2.0.0 15f399ca8b42: Loading layer [==================================================>] 8.441MB/8.441MB 182251d62618: Loading layer [==================================================>] 3.584kB/3.584kB c72ce5e8bba9: Loading layer [==================================================>] 3.072kB/3.072kB 6cb620513867: Loading layer [==================================================>] 20.94MB/20.94MB 8f68617c13e6: Loading layer [==================================================>] 21.76MB/21.76MB Loaded image: goharbor/registry-photon:v2.0.0 464d98f962d2: Loading layer [==================================================>] 115.2MB/115.2MB 6f577ce93b49: Loading layer [==================================================>] 12.15MB/12.15MB 468b747374fb: Loading layer [==================================================>] 3.072kB/3.072kB c7d4e40274a2: Loading layer [==================================================>] 49.15kB/49.15kB 349c2528bf8f: Loading layer [==================================================>] 3.584kB/3.584kB 50765adb1994: Loading layer [==================================================>] 13.03MB/13.03MB Loaded image: goharbor/clair-photon:v2.0.0 f3ae9281f64f: Loading layer [==================================================>] 16.04MB/16.04MB 79de921bba64: Loading layer [==================================================>] 28.25MB/28.25MB a4826ccd0680: Loading layer [==================================================>] 22.02kB/22.02kB 527c0492bb8a: Loading layer [==================================================>] 50.6MB/50.6MB Loaded image: goharbor/notary-server-photon:v2.0.0 da380ff7675f: Loading layer [==================================================>] 39.44MB/39.44MB 3e72063a3c12: Loading layer [==================================================>] 3.072kB/3.072kB 87063a362784: Loading layer [==================================================>] 59.9kB/59.9kB 12042912d563: Loading layer [==================================================>] 61.95kB/61.95kB Loaded image: goharbor/redis-photon:v2.0.0 497d39fd8ed4: Loading layer [==================================================>] 10.28MB/10.28MB Loaded image: goharbor/nginx-photon:v2.0.0 db89bcd4a7aa: Loading layer [==================================================>] 12.22MB/12.22MB a3c69d8e6487: Loading layer [==================================================>] 3.072kB/3.072kB 22888c961e12: Loading layer [==================================================>] 2.56kB/2.56kB 15c04c0d67b3: Loading layer [==================================================>] 46.5MB/46.5MB 5e59e5738914: Loading layer [==================================================>] 5.632kB/5.632kB 2fb21742e876: Loading layer [==================================================>] 51.2kB/51.2kB ebe005c22385: Loading layer [==================================================>] 47.32MB/47.32MB e91a77a1cc5d: Loading layer [==================================================>] 2.56kB/2.56kB Loaded image: goharbor/harbor-core:v2.0.0 c9ad3414e408: Loading layer [==================================================>] 63.57MB/63.57MB 0aea7ae12d77: Loading layer [==================================================>] 60.58MB/60.58MB c3be2cda3349: Loading layer [==================================================>] 5.632kB/5.632kB 970c1e4372ae: Loading layer [==================================================>] 2.048kB/2.048kB 51e00ddbcdac: Loading layer [==================================================>] 2.56kB/2.56kB 27d44e884cd0: Loading layer [==================================================>] 2.56kB/2.56kB 3086c2ee0489: Loading layer [==================================================>] 2.56kB/2.56kB efd18d9ef79c: Loading layer [==================================================>] 10.24kB/10.24kB Loaded image: goharbor/harbor-db:v2.0.0 ad0a4ed99dd0: Loading layer [==================================================>] 12.22MB/12.22MB 50121125e459: Loading layer [==================================================>] 3.072kB/3.072kB 6d05b39a8c44: Loading layer [==================================================>] 2.56kB/2.56kB 5380ddc5210f: Loading layer [==================================================>] 35.68MB/35.68MB e8053e60aee7: Loading layer [==================================================>] 36.5MB/36.5MB Loaded image: goharbor/harbor-jobservice:v2.0.0 9fefe33a31db: Loading layer [==================================================>] 9.741MB/9.741MB a52a9b417697: Loading layer [==================================================>] 3.584kB/3.584kB 9b6c54642038: Loading layer [==================================================>] 3.072kB/3.072kB 6a32c528face: Loading layer [==================================================>] 20.34MB/20.34MB 526552ecb5a3: Loading layer [==================================================>] 9.317MB/9.317MB bc3e72205f25: Loading layer [==================================================>] 30.48MB/30.48MB Loaded image: goharbor/trivy-adapter-photon:v2.0.0 51193d3ba093: Loading layer [==================================================>] 77.29MB/77.29MB 398b7c3413c0: Loading layer [==================================================>] 48.31MB/48.31MB cb902b44bae6: Loading layer [==================================================>] 2.56kB/2.56kB 11d3bf655c22: Loading layer [==================================================>] 1.536kB/1.536kB 3d373d988076: Loading layer [==================================================>] 18.43kB/18.43kB 755d5115a4fd: Loading layer [==================================================>] 3.751MB/3.751MB 5d456b2e2b47: Loading layer [==================================================>] 249.3kB/249.3kB Loaded image: goharbor/prepare:v2.0.0 2128feaae029: Loading layer [==================================================>] 10.28MB/10.28MB c1e2c6faf4a4: Loading layer [==================================================>] 8.487MB/8.487MB 8728e424e45b: Loading layer [==================================================>] 178.7kB/178.7kB 243de4b81324: Loading layer [==================================================>] 157.2kB/157.2kB 1909dd7d54dc: Loading layer [==================================================>] 33.28kB/33.28kB e91e103cac7d: Loading layer [==================================================>] 17.41kB/17.41kB ef43ac036ce0: Loading layer [==================================================>] 15.36kB/15.36kB 3205feaa4e7b: Loading layer [==================================================>] 3.584kB/3.584kB Loaded image: goharbor/harbor-portal:v2.0.0 [Step 3]: preparing environment ... [Step 4]: preparing harbor configs ... prepare base dir is set to /usr/local/harbor WARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. Please make sure to upgrade to https Clearing the configuration file: /config/log/logrotate.conf Clearing the configuration file: /config/log/rsyslog_docker.conf Clearing the configuration file: /config/nginx/nginx.conf Clearing the configuration file: /config/core/env Clearing the configuration file: /config/core/app.conf Clearing the configuration file: /config/registry/passwd Clearing the configuration file: /config/registry/config.yml Clearing the configuration file: /config/registry/root.crt Clearing the configuration file: /config/registryctl/env Clearing the configuration file: /config/registryctl/config.yml Clearing the configuration file: /config/db/env Clearing the configuration file: /config/jobservice/env Clearing the configuration file: /config/jobservice/config.yml Generated configuration file: /config/log/logrotate.conf Generated configuration file: /config/log/rsyslog_docker.conf Generated configuration file: /config/nginx/nginx.conf Generated configuration file: /config/core/env Generated configuration file: /config/core/app.conf Generated configuration file: /config/registry/config.yml Generated configuration file: /config/registryctl/env Generated configuration file: /config/registryctl/config.yml Generated configuration file: /config/db/env Generated configuration file: /config/jobservice/env Creating harbor-log ... done loaded secret from file: /data/secret/keys/secretkey Generated configuration file: /compose_location/docker-compose.yml Clean up the input dir Creating harbor-db ... done Creating harbor-core ... done [Step 5]: starting Harbor ... Creating nginx ... done Creating registry ... Creating harbor-db ... Creating redis ... Creating harbor-portal ... Creating registryctl ... Creating harbor-core ... Creating harbor-jobservice ... Creating nginx ... ✔ ----Harbor has been installed and started successfully.---- [root@docker_node01 harbor]#
Tip: from the above information, we can see that harbor has imported many images, and then provides configuration files based on the relationship between each image, and then launches them as containers according to certain dependency order; we can use docker images to see which images it has imported
[root@docker_node01 harbor]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE goharbor/chartmuseum-photon v2.0.0 4db8d6aa63e9 3 weeks ago 127MB goharbor/redis-photon v2.0.0 c89ea2e53cc0 3 weeks ago 72.2MB goharbor/trivy-adapter-photon v2.0.0 6122c52b7e48 3 weeks ago 103MB goharbor/clair-adapter-photon v2.0.0 dd2210cb7f53 3 weeks ago 62MB goharbor/clair-photon v2.0.0 f7c7fcc52278 3 weeks ago 171MB goharbor/notary-server-photon v2.0.0 983ac10ed8be 3 weeks ago 143MB goharbor/notary-signer-photon v2.0.0 bee1b6d75e0d 3 weeks ago 140MB goharbor/harbor-registryctl v2.0.0 c53c32d58d04 3 weeks ago 102MB goharbor/registry-photon v2.0.0 afdc1b7ada36 3 weeks ago 84.5MB goharbor/nginx-photon v2.0.0 17892f03e56c 3 weeks ago 43.6MB goharbor/harbor-log v2.0.0 5f8ff08e795c 3 weeks ago 82MB goharbor/harbor-jobservice v2.0.0 c68a2495bf55 3 weeks ago 116MB goharbor/harbor-core v2.0.0 3aa3af64baf8 3 weeks ago 138MB goharbor/harbor-portal v2.0.0 e0b1d3c894c4 3 weeks ago 52.4MB goharbor/harbor-db v2.0.0 5c76f0296cec 3 weeks ago 154MB goharbor/prepare v2.0.0 7266d49995ed 3 weeks ago 158MB [root@docker_node01 harbor]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 909486114bab goharbor/nginx-photon:v2.0.0 "nginx -g 'daemon of..." 2 minutes ago Up 2 minutes (healthy) 0.0.0.0:80->8080/tcp nginx 201af4781190 goharbor/harbor-jobservice:v2.0.0 "/harbor/entrypoint...." 2 minutes ago Up 2 minutes (healthy) harbor-jobservice d926598a1b4b goharbor/harbor-core:v2.0.0 "/harbor/entrypoint...." 2 minutes ago Up 2 minutes (healthy) harbor-core b655e8bb9da3 goharbor/harbor-portal:v2.0.0 "nginx -g 'daemon of..." 2 minutes ago Up 2 minutes (healthy) 8080/tcp harbor-portal 596d050acf8b goharbor/registry-photon:v2.0.0 "/home/harbor/entryp..." 2 minutes ago Up 2 minutes (healthy) 5000/tcp registry 88a6b3335d25 goharbor/harbor-registryctl:v2.0.0 "/home/harbor/start...." 2 minutes ago Up 2 minutes (healthy) registryctl cf8db1840524 goharbor/harbor-db:v2.0.0 "/docker-entrypoint...." 2 minutes ago Up 2 minutes (healthy) 5432/tcp harbor-db 5d522f8f3c38 goharbor/redis-photon:v2.0.0 "redis-server /etc/r..." 2 minutes ago Up 2 minutes (healthy) 6379/tcp redis 020fbf3571a2 goharbor/harbor-log:v2.0.0 "/bin/sh -c /usr/loc..." 2 minutes ago Up 2 minutes (healthy) 127.0.0.1:1514->10514/tcp harbor-log [root@docker_node01 harbor]#
Tip: you can see that there are many more images in the local warehouse, and many containers have been started at the same time. The container named nginx exposes port 80 to the array machine, and the harbor is installed. Next, we can visit port 80 of the host machine to see if we can access harbor
Tip: the above is the web page of harbor. The default user name is admin and the password is harbor 12345
Log in to harbor web page
Tip: we can manage based on this web page. Next, we create a user and project, and then upload the image to harbor through docker push
Create user
Tip: fill in the above information, click OK to create the user;
Create project
Tip: if the created project is private, cancel the public check after the access level
Upload image to harbor from other docker hosts
Tip: warehouses using non https must be daemon.json Configure the secure registers file to declare the insecure image warehouse address;
Prompt: Here we are prompted that we are not authorized; next, we go to the web management page to authorize qiuhom to be a member of the test project;
Tip: now we set the user qiuhom as the administrator of the test project. Now we are pushing the image to the test project as qiuhom to see if we can successfully push it to harbor?
[root@docker_node02 ~]# docker push node01.docker-registry.io/test/nginx:1.14-alpine The push refers to repository [node01.docker-registry.io/test/nginx] 076c58d2644f: Pushed b2cbae4b8c15: Pushed 5ac9a5170bf2: Pushed a464c54f93a9: Pushed 1.14-alpine: digest: sha256:a3a0c4126587884f8d3090efca87f5af075d7e7ac8308cffc09a5a082d5f4760 size: 1153 [root@docker_node02 ~]#
Tip: there is no error in the push image. Let's go to the web page to see if the image has been pushed to the test project?
Verification: in the harbor web interface, see if there is the image we push?
Downloading images on harbor with other docker hosts
Tip: you can see that the Gabor we built now can download and upload the image normally; we can manage the image through the web page, and I will not demonstrate it here; next, let's start and stop the Gabor with docker compose on the command line
Stop harbor
Tip: to stop harbor with docker compose, you need to enter the harbor directory first, and then execute the command docker compose stop to find the docker-compose.yml File. Stop the container according to the service defined in the file. This is similar to the docker build command. Find the Dockerfile file, and the docker compose command It's docker-compose.yml ; note that the filename must be docker-compose.yml ;
Start harbor
Tip: starting huabor is the same as stopping harbor in docker-compose.yml Execute docker compose start or docker compose up - D in the directory where the file is located;