Container technology: Docker private image warehouse harbor

Earlier, we talked about the construction and simple use of docker distribution, a private image warehouse of docker. Please refer to From the previous construction and use process, the warehouse built by docker distribution is very simple, and it does not even have a user authentication, let alone multiple users. Today, we will introduce another docker warehouse tool, harbor, which has a lot of functions compared with docker distribution. It supports multi tenant, extensible API and web ui , support image replication across multiple harbor instances, support identity integration, role-based access control and other features; next, let's install and take a look at harbor;

First, we need to go to the official website to download the installer. The latest version is 2.0; download address The installer of harbor has two versions: online and offline. The online package is usually smaller, which is suitable for better use in the network environment. The offline package is packaged with all the installation files and scripts;

1. Upload the downloaded installer to the server

2. Unzip the installer and enter the unzipped directory

[root@docker_node01 ~]# tar xf harbor-offline-installer-v2.0.0.tgz -C /usr/local/
[root@docker_node01 ~]# ls /usr/local/
bin  etc  games  harbor  include  lib  lib64  libexec  sbin  share  src
[root@docker_node01 ~]# cd /usr/local/harbor/
[root@docker_node01 harbor]# ls  harbor.v2.0.0.tar.gz  harbor.yml.tmpl  LICENSE  prepare
[root@docker_node01 harbor]# 

3. Edit harbor.yml.tmpl Files, changing necessary configuration

Tip: I only modified the value of hostname above, and I used the default value later. For the description of this configuration file, please refer to the official document description to configure it. Here, you need to pay attention to the fact that you need to manually apply for a certificate by yourself when using https, and Gabor cannot be installed normally without the certificate file;

4. Set harbor.yml.tmpl Rename to harbor.yml

[root@docker_node01 harbor]# ls  harbor.v2.0.0.tar.gz  harbor.yml.tmpl  LICENSE  prepare
[root@docker_node01 harbor]# mv harbor.yml.tmpl harbor.yml
[root@docker_node01 harbor]#

5. Operation

Tip: if running The script has the above errors. We need to install docker compose first;

6. Install docker compose

[root@docker_node01 harbor]# yum install docker-compose -y
Loaded plugins: fastestmirror
base                                                                                                                                                | 3.6 kB  00:00:00     
docker-ce-stable                                                                                                                                    | 3.5 kB  00:00:00     
epel                                                                                                                                                | 4.7 kB  00:00:00     
extras                                                                                                                                              | 2.9 kB  00:00:00     
updates                                                                                                                                             | 2.9 kB  00:00:00     
(1/3): updates/7/x86_64/primary_db                                                                                                                  | 2.1 MB  00:00:00     
(2/3): epel/x86_64/updateinfo                                                                                                                       | 1.0 MB  00:00:01     
(3/3): epel/x86_64/primary_db                                                                                                                       | 6.8 MB  00:00:03     
Loading mirror speeds from cached hostfile
 * base:
 * extras:
 * updates:
Resolving Dependencies
--> Running transaction check
---> Package docker-compose.noarch 0:1.18.0-4.el7 will be installed
--> Processing Dependency: python36-cached_property >= 1.2.0 for package: docker-compose-1.18.0-4.el7.noarch
--> Processing Dependency: python36-docker >= 2.6.1 for package: docker-compose-1.18.0-4.el7.noarch
......Omit parts
  docker-compose.noarch 0:1.18.0-4.el7                                                                                                                                     

Dependency Installed:
  python36-PyYAML.x86_64 0:3.13-1.el7                 python36-cached_property.noarch 0:1.5.1-2.el7             python36-chardet.noarch 0:3.0.4-1.el7                      
  python36-docker.noarch 0:2.6.1-3.el7                python36-docker-pycreds.noarch 0:0.2.1-2.el7              python36-dockerpty.noarch 0:0.4.1-18.el7                   
  python36-docopt.noarch 0:0.6.2-8.el7                python36-idna.noarch 0:2.7-2.el7                          python36-jsonschema.noarch 0:2.5.1-4.el7                   
  python36-pysocks.noarch 0:1.6.8-7.el7               python36-requests.noarch 0:2.14.2-2.el7                   python36-six.noarch 0:1.14.0-2.el7                         
  python36-texttable.noarch 0:1.6.2-1.el7             python36-urllib3.noarch 0:1.25.6-1.el7                    python36-websocket-client.noarch 0:0.47.0-2.el7            

[root@docker_node01 harbor]# 

Tip: docker compose is a stand-alone orchestration tool for docker container;

7. Re operation script

[root@docker_node01 harbor]# ./ 

[Step 0]: checking if docker is installed ...

Note: docker version: 19.03.8

[Step 1]: checking docker-compose is installed ...

Note: docker-compose version: 1.18.0

[Step 2]: loading Harbor images ...
dbaf2c918102: Loading layer [==================================================>]   34.5MB/34.5MB
1f3458bb7308: Loading layer [==================================================>]  8.435MB/8.435MB
74e91bd5ca15: Loading layer [==================================================>]  6.317MB/6.317MB
82da861dccd3: Loading layer [==================================================>]  14.61MB/14.61MB
8d62f2bfdf94: Loading layer [==================================================>]  28.25MB/28.25MB
40510e398799: Loading layer [==================================================>]  22.02kB/22.02kB
6941a908d292: Loading layer [==================================================>]  49.17MB/49.17MB
Loaded image: goharbor/notary-signer-photon:v2.0.0
bd70463b9e5a: Loading layer [==================================================>]  8.441MB/8.441MB
d3927e3c53ea: Loading layer [==================================================>]  3.584kB/3.584kB
a3b2acbb8f7d: Loading layer [==================================================>]  3.072kB/3.072kB
de14f7f144ce: Loading layer [==================================================>]   9.71MB/9.71MB
94c03f31b276: Loading layer [==================================================>]  10.53MB/10.53MB
Loaded image: goharbor/clair-adapter-photon:v2.0.0
935e17d700d1: Loading layer [==================================================>]   8.44MB/8.44MB
eef8d67e9248: Loading layer [==================================================>]   42.3MB/42.3MB
a181769f3c52: Loading layer [==================================================>]  3.072kB/3.072kB
4b801e4d76d7: Loading layer [==================================================>]  3.584kB/3.584kB
7f7c81a33722: Loading layer [==================================================>]  43.12MB/43.12MB
Loaded image: goharbor/chartmuseum-photon:v2.0.0
4076b322e7f5: Loading layer [==================================================>]  49.89MB/49.89MB
da16bbe3a170: Loading layer [==================================================>]  3.584kB/3.584kB
f8967a1d9155: Loading layer [==================================================>]  3.072kB/3.072kB
6b7eaf984fde: Loading layer [==================================================>]   2.56kB/2.56kB
4406aea83cb2: Loading layer [==================================================>]  3.072kB/3.072kB
78566a971bf2: Loading layer [==================================================>]  3.584kB/3.584kB
e4e05e2ffdad: Loading layer [==================================================>]  12.29kB/12.29kB
f3bcf1de026d: Loading layer [==================================================>]  5.632kB/5.632kB
Loaded image: goharbor/harbor-log:v2.0.0
101133a0a2e6: Loading layer [==================================================>]  8.441MB/8.441MB
40eb3ab360dd: Loading layer [==================================================>]  3.584kB/3.584kB
172ace267ace: Loading layer [==================================================>]  20.94MB/20.94MB
cb361129c579: Loading layer [==================================================>]  3.072kB/3.072kB
f0221c34f9dc: Loading layer [==================================================>]  8.721MB/8.721MB
1880cedc9407: Loading layer [==================================================>]  30.48MB/30.48MB
Loaded image: goharbor/harbor-registryctl:v2.0.0
15f399ca8b42: Loading layer [==================================================>]  8.441MB/8.441MB
182251d62618: Loading layer [==================================================>]  3.584kB/3.584kB
c72ce5e8bba9: Loading layer [==================================================>]  3.072kB/3.072kB
6cb620513867: Loading layer [==================================================>]  20.94MB/20.94MB
8f68617c13e6: Loading layer [==================================================>]  21.76MB/21.76MB
Loaded image: goharbor/registry-photon:v2.0.0
464d98f962d2: Loading layer [==================================================>]  115.2MB/115.2MB
6f577ce93b49: Loading layer [==================================================>]  12.15MB/12.15MB
468b747374fb: Loading layer [==================================================>]  3.072kB/3.072kB
c7d4e40274a2: Loading layer [==================================================>]  49.15kB/49.15kB
349c2528bf8f: Loading layer [==================================================>]  3.584kB/3.584kB
50765adb1994: Loading layer [==================================================>]  13.03MB/13.03MB
Loaded image: goharbor/clair-photon:v2.0.0
f3ae9281f64f: Loading layer [==================================================>]  16.04MB/16.04MB
79de921bba64: Loading layer [==================================================>]  28.25MB/28.25MB
a4826ccd0680: Loading layer [==================================================>]  22.02kB/22.02kB
527c0492bb8a: Loading layer [==================================================>]   50.6MB/50.6MB
Loaded image: goharbor/notary-server-photon:v2.0.0
da380ff7675f: Loading layer [==================================================>]  39.44MB/39.44MB
3e72063a3c12: Loading layer [==================================================>]  3.072kB/3.072kB
87063a362784: Loading layer [==================================================>]   59.9kB/59.9kB
12042912d563: Loading layer [==================================================>]  61.95kB/61.95kB
Loaded image: goharbor/redis-photon:v2.0.0
497d39fd8ed4: Loading layer [==================================================>]  10.28MB/10.28MB
Loaded image: goharbor/nginx-photon:v2.0.0
db89bcd4a7aa: Loading layer [==================================================>]  12.22MB/12.22MB
a3c69d8e6487: Loading layer [==================================================>]  3.072kB/3.072kB
22888c961e12: Loading layer [==================================================>]   2.56kB/2.56kB
15c04c0d67b3: Loading layer [==================================================>]   46.5MB/46.5MB
5e59e5738914: Loading layer [==================================================>]  5.632kB/5.632kB
2fb21742e876: Loading layer [==================================================>]   51.2kB/51.2kB
ebe005c22385: Loading layer [==================================================>]  47.32MB/47.32MB
e91a77a1cc5d: Loading layer [==================================================>]   2.56kB/2.56kB
Loaded image: goharbor/harbor-core:v2.0.0
c9ad3414e408: Loading layer [==================================================>]  63.57MB/63.57MB
0aea7ae12d77: Loading layer [==================================================>]  60.58MB/60.58MB
c3be2cda3349: Loading layer [==================================================>]  5.632kB/5.632kB
970c1e4372ae: Loading layer [==================================================>]  2.048kB/2.048kB
51e00ddbcdac: Loading layer [==================================================>]   2.56kB/2.56kB
27d44e884cd0: Loading layer [==================================================>]   2.56kB/2.56kB
3086c2ee0489: Loading layer [==================================================>]   2.56kB/2.56kB
efd18d9ef79c: Loading layer [==================================================>]  10.24kB/10.24kB
Loaded image: goharbor/harbor-db:v2.0.0
ad0a4ed99dd0: Loading layer [==================================================>]  12.22MB/12.22MB
50121125e459: Loading layer [==================================================>]  3.072kB/3.072kB
6d05b39a8c44: Loading layer [==================================================>]   2.56kB/2.56kB
5380ddc5210f: Loading layer [==================================================>]  35.68MB/35.68MB
e8053e60aee7: Loading layer [==================================================>]   36.5MB/36.5MB
Loaded image: goharbor/harbor-jobservice:v2.0.0
9fefe33a31db: Loading layer [==================================================>]  9.741MB/9.741MB
a52a9b417697: Loading layer [==================================================>]  3.584kB/3.584kB
9b6c54642038: Loading layer [==================================================>]  3.072kB/3.072kB
6a32c528face: Loading layer [==================================================>]  20.34MB/20.34MB
526552ecb5a3: Loading layer [==================================================>]  9.317MB/9.317MB
bc3e72205f25: Loading layer [==================================================>]  30.48MB/30.48MB
Loaded image: goharbor/trivy-adapter-photon:v2.0.0
51193d3ba093: Loading layer [==================================================>]  77.29MB/77.29MB
398b7c3413c0: Loading layer [==================================================>]  48.31MB/48.31MB
cb902b44bae6: Loading layer [==================================================>]   2.56kB/2.56kB
11d3bf655c22: Loading layer [==================================================>]  1.536kB/1.536kB
3d373d988076: Loading layer [==================================================>]  18.43kB/18.43kB
755d5115a4fd: Loading layer [==================================================>]  3.751MB/3.751MB
5d456b2e2b47: Loading layer [==================================================>]  249.3kB/249.3kB
Loaded image: goharbor/prepare:v2.0.0
2128feaae029: Loading layer [==================================================>]  10.28MB/10.28MB
c1e2c6faf4a4: Loading layer [==================================================>]  8.487MB/8.487MB
8728e424e45b: Loading layer [==================================================>]  178.7kB/178.7kB
243de4b81324: Loading layer [==================================================>]  157.2kB/157.2kB
1909dd7d54dc: Loading layer [==================================================>]  33.28kB/33.28kB
e91e103cac7d: Loading layer [==================================================>]  17.41kB/17.41kB
ef43ac036ce0: Loading layer [==================================================>]  15.36kB/15.36kB
3205feaa4e7b: Loading layer [==================================================>]  3.584kB/3.584kB
Loaded image: goharbor/harbor-portal:v2.0.0

[Step 3]: preparing environment ...

[Step 4]: preparing harbor configs ...
prepare base dir is set to /usr/local/harbor
WARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. Please make sure to upgrade to https
Clearing the configuration file: /config/log/logrotate.conf
Clearing the configuration file: /config/log/rsyslog_docker.conf
Clearing the configuration file: /config/nginx/nginx.conf
Clearing the configuration file: /config/core/env
Clearing the configuration file: /config/core/app.conf
Clearing the configuration file: /config/registry/passwd
Clearing the configuration file: /config/registry/config.yml
Clearing the configuration file: /config/registry/root.crt
Clearing the configuration file: /config/registryctl/env
Clearing the configuration file: /config/registryctl/config.yml
Clearing the configuration file: /config/db/env
Clearing the configuration file: /config/jobservice/env
Clearing the configuration file: /config/jobservice/config.yml
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/registryctl/config.yml
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Creating harbor-log ... done
loaded secret from file: /data/secret/keys/secretkey
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir

Creating harbor-db ... done
Creating harbor-core ... done
[Step 5]: starting Harbor ...
Creating nginx ... done
Creating registry ... 
Creating harbor-db ... 
Creating redis ... 
Creating harbor-portal ... 
Creating registryctl ... 
Creating harbor-core ... 
Creating harbor-jobservice ... 
Creating nginx ... 
✔ ----Harbor has been installed and started successfully.----
[root@docker_node01 harbor]# 

Tip: from the above information, we can see that harbor has imported many images, and then provides configuration files based on the relationship between each image, and then launches them as containers according to certain dependency order; we can use docker images to see which images it has imported

[root@docker_node01 harbor]# docker images
REPOSITORY                      TAG                 IMAGE ID            CREATED             SIZE
goharbor/chartmuseum-photon     v2.0.0              4db8d6aa63e9        3 weeks ago         127MB
goharbor/redis-photon           v2.0.0              c89ea2e53cc0        3 weeks ago         72.2MB
goharbor/trivy-adapter-photon   v2.0.0              6122c52b7e48        3 weeks ago         103MB
goharbor/clair-adapter-photon   v2.0.0              dd2210cb7f53        3 weeks ago         62MB
goharbor/clair-photon           v2.0.0              f7c7fcc52278        3 weeks ago         171MB
goharbor/notary-server-photon   v2.0.0              983ac10ed8be        3 weeks ago         143MB
goharbor/notary-signer-photon   v2.0.0              bee1b6d75e0d        3 weeks ago         140MB
goharbor/harbor-registryctl     v2.0.0              c53c32d58d04        3 weeks ago         102MB
goharbor/registry-photon        v2.0.0              afdc1b7ada36        3 weeks ago         84.5MB
goharbor/nginx-photon           v2.0.0              17892f03e56c        3 weeks ago         43.6MB
goharbor/harbor-log             v2.0.0              5f8ff08e795c        3 weeks ago         82MB
goharbor/harbor-jobservice      v2.0.0              c68a2495bf55        3 weeks ago         116MB
goharbor/harbor-core            v2.0.0              3aa3af64baf8        3 weeks ago         138MB
goharbor/harbor-portal          v2.0.0              e0b1d3c894c4        3 weeks ago         52.4MB
goharbor/harbor-db              v2.0.0              5c76f0296cec        3 weeks ago         154MB
goharbor/prepare                v2.0.0              7266d49995ed        3 weeks ago         158MB
[root@docker_node01 harbor]# docker ps -a
CONTAINER ID        IMAGE                                COMMAND                  CREATED             STATUS                   PORTS                       NAMES
909486114bab        goharbor/nginx-photon:v2.0.0         "nginx -g 'daemon of..."   2 minutes ago       Up 2 minutes (healthy)>8080/tcp        nginx
201af4781190        goharbor/harbor-jobservice:v2.0.0    "/harbor/entrypoint...."   2 minutes ago       Up 2 minutes (healthy)                               harbor-jobservice
d926598a1b4b        goharbor/harbor-core:v2.0.0          "/harbor/entrypoint...."   2 minutes ago       Up 2 minutes (healthy)                               harbor-core
b655e8bb9da3        goharbor/harbor-portal:v2.0.0        "nginx -g 'daemon of..."   2 minutes ago       Up 2 minutes (healthy)   8080/tcp                    harbor-portal
596d050acf8b        goharbor/registry-photon:v2.0.0      "/home/harbor/entryp..."   2 minutes ago       Up 2 minutes (healthy)   5000/tcp                    registry
88a6b3335d25        goharbor/harbor-registryctl:v2.0.0   "/home/harbor/start...."   2 minutes ago       Up 2 minutes (healthy)                               registryctl
cf8db1840524        goharbor/harbor-db:v2.0.0            "/docker-entrypoint...."   2 minutes ago       Up 2 minutes (healthy)   5432/tcp                    harbor-db
5d522f8f3c38        goharbor/redis-photon:v2.0.0         "redis-server /etc/r..."   2 minutes ago       Up 2 minutes (healthy)   6379/tcp                    redis
020fbf3571a2        goharbor/harbor-log:v2.0.0           "/bin/sh -c /usr/loc..."   2 minutes ago       Up 2 minutes (healthy)>10514/tcp   harbor-log
[root@docker_node01 harbor]# 

Tip: you can see that there are many more images in the local warehouse, and many containers have been started at the same time. The container named nginx exposes port 80 to the array machine, and the harbor is installed. Next, we can visit port 80 of the host machine to see if we can access harbor

Tip: the above is the web page of harbor. The default user name is admin and the password is harbor 12345

Log in to harbor web page

Tip: we can manage based on this web page. Next, we create a user and project, and then upload the image to harbor through docker push

Create user

Tip: fill in the above information, click OK to create the user;

Create project

Tip: if the created project is private, cancel the public check after the access level

Upload image to harbor from other docker hosts

Tip: warehouses using non https must be daemon.json Configure the secure registers file to declare the insecure image warehouse address;

Prompt: Here we are prompted that we are not authorized; next, we go to the web management page to authorize qiuhom to be a member of the test project;

Tip: now we set the user qiuhom as the administrator of the test project. Now we are pushing the image to the test project as qiuhom to see if we can successfully push it to harbor?

[root@docker_node02 ~]# docker push
The push refers to repository []
076c58d2644f: Pushed 
b2cbae4b8c15: Pushed 
5ac9a5170bf2: Pushed 
a464c54f93a9: Pushed 
1.14-alpine: digest: sha256:a3a0c4126587884f8d3090efca87f5af075d7e7ac8308cffc09a5a082d5f4760 size: 1153
[root@docker_node02 ~]# 

Tip: there is no error in the push image. Let's go to the web page to see if the image has been pushed to the test project?

Verification: in the harbor web interface, see if there is the image we push?

Downloading images on harbor with other docker hosts

Tip: you can see that the Gabor we built now can download and upload the image normally; we can manage the image through the web page, and I will not demonstrate it here; next, let's start and stop the Gabor with docker compose on the command line

Stop harbor

Tip: to stop harbor with docker compose, you need to enter the harbor directory first, and then execute the command docker compose stop to find the docker-compose.yml File. Stop the container according to the service defined in the file. This is similar to the docker build command. Find the Dockerfile file, and the docker compose command It's docker-compose.yml ; note that the filename must be docker-compose.yml ;

Start harbor

Tip: starting huabor is the same as stopping harbor in docker-compose.yml Execute docker compose start or docker compose up - D in the directory where the file is located;

Tags: Linux Docker Nginx Redis EPEL

Posted on Sun, 07 Jun 2020 23:55:19 -0400 by laurton