Bowen catalog
Differences between Registry and Harbor
Advantages of Docker Harbor
Docker Harbor Dependent Programs
1. Build Harbor Warehouse
1. Configure Docker Compose
2. Configure Docker Harbor public warehouse
3. Configure Docker Client
4. Configure Docker Harbor Private Warehouse
In the last post, we talked about Registry private warehouse. Today we configure Harbor warehouse. Harbor can be used as either a public warehouse or a private warehouse. Today we will configure how Harbor can implement both public and private warehouses.
Visit the blog post about Registry Open Warehouse: Deploy Docker Private Warehouse Registry
Differences between Registry and Harbor
-
Registry: A private mirror warehouse with poor graphical support and small business use;
- Harbor: Support visual management, private and public warehouses, and mirror management control;
Advantages of Docker Harbor
-
VMWare's open source mirror management solution;
-
Support graphical management;
-
Easy access and configuration;
-
Convenient mirror access control;
-
Supports Mirror Responsibility Policy;
- Audit statistics on user access mirror usage;
Docker Harbor Dependent Programs
-
Python;
-
Install Docker;
- Docker Compose;
Case description:
-
Two CentOS 7.4, one server and one client (for test use);
- Both servers need to have Docker service installed. I have version 19.03.9 of Docker here.
For installation of the Docker container, visit: Install Docker.v19.03.9
1. Configure Docker Compose
Visit the Docker website, find the installation Docker Compose, and copy the command to the Docker server: Dow Cloud
[root@centos01 ~]# curl -L https://get.daocloud.io/docker/compose/releases/download/1.25.5/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose <!--download Docker Compose--> [root@centos01 ~]# Chmod +x/usr/local/bin/docker-compose <!--Docker Compose Add Execution Rights--> [root@centos01 ~]# Docker-compose-v <!--View Docker Compose Version--> docker-compose version 1.25.5, build 8a1c60f6
2. Configure Docker Harbor public warehouse
1) Open the Github website
Open Github's official website to search for harbor, click goharbor/harbor, then click "releases", download the appropriate version and upload it to the server as you want (URL: https://github.com/goharbor/harbor/releases You can also download packages installed online, which I haven't tried, but try on my own):
2) Configure Harbor Warehouse
harbor-online-installer-v1.9.1.tgz <!--upload Harbor Compressed Packet--> [root@centos01 ~]# tar zxvf harbor-online-installer-v1.9.1.tgz -C /usr/local/ <!--decompression harbor reach/usr/local/Catalog--> [root@centos01 ~]# Cd/usr/local/harbor/ <!--Enter the Harbor directory--> [root@centos01 harbor]# CPHarbor.ymlHarbor.yml.bak<!--Back up the Harbor master profile--> [root@centos01 harbor]# VIMHarbor.yml<!--Modify Harbor Master Profile--> 5 hostname: 192.168.100.10 <!--Modify to Docker Server Side IP Address is OK--> <!--hostname You can write domain names, but they need to be changed hosts File or Installation DNS,I'll use it here IP address--> 8 http: <!--Use http Agreement--> 10 port: 80 <!--80 Port number--> 27 harbor_admin_password: Harbor12345 <!--Default password, customizable--> [root@centos01 harbor]# . /Install.sh<!--Install Harbor--> [Step 0]: checking installation environment ... Note: docker version: 19.03.9 Note: docker-compose version: 1.25.5 .................. <!--Omit some content here--> Creating harbor-log ... done Creating registryctl ... done Creating redis ... done Creating harbor-portal ... done Creating registry ... done Creating harbor-db ... done Creating harbor-core ... done Creating nginx ... done Creating harbor-jobservice ... done ✔ ----Harbor has been installed and started successfully.---- Now you should be able to visit the admin portal at http://www.benet.com . For more details, please visit https://github.com/goharbor/harbor . <!--The above code appears after installation to indicate success--> [root@centos01 ~]# Vim/usr/lib/systemd/system/Docker.service<!--Edit this profile--> 14 ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --insecure-registry 192.168.100.10:80 <!--Go to this line and add "--insecure-registr"In order to specify Harbor Of IP And its listening port--> [root@centos01 harbor]# Systemctl daemon-reload <!--daemon mode running docker--> [root@centos01 harbor]# Systemctl restart docker <!--Restart Docker Service--> [root@centos01 harbor]# Docker-compose stop <!--Stop all containers--> [root@centos01 harbor]# Docker-compose start <!--Start all containers--> [root@centos01 harbor]# Netstat-anptu | grep 80 <!--Listen on port 80--> tcp6 0 0 :::80 :::* LISTEN 23473/docker-proxy
3) Installation complete browser access to Harbor repository
4) Create a public warehouse
5) Ensure that the image public repository has been created successfully
6) Docker server-side login to Harbor repository
[root@centos01 ~]# Docker login-uadmin-pHarbor12345 192.168.100.10:80 <!--Login to Harbor warehouse--> WARNING! Using --password via the CLI is insecure. Use --password-stdin. WARNING! Your password will be stored unencrypted in /root/.docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store Login Succeeded <!--This prompt indicates successful login--> [root@centos01 ~]# docker tag tomcat:latest 192.168.100.10:80/image/nginx:nginx <!--Modify Mirror Label--> [root@centos01 ~]# docker push 192.168.100.10:80/image/nginx:nginx <!--Upload mirror to Harbor Warehouse--> [root@centos01 ~]# Docker logout 192.168.100.10:80 <!--Docker server exits Harbor--> Removing login credentials for 192.168.100.10:80
7) Harbor checks to see if the image was uploaded successfully
3. Configure Docker Client
<!--Docker Client Installation Docker service--> 1)Modify profile loading Docker Harbor The server [root@centos02 ~]# Vim/usr/lib/systemd/system/Docker.service<!--Edit this profile--> ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --insecure-registry 192.168.100.10:80 <!--Go to this line and add "--insecure-registr"In order to specify Harbor Of IP And its listening port--> [root@centos02 ~]# Systemctl daemon-reload <!--Daemon runs docker--> [root@centos02 ~]# Systemctl restart docker <!--Restart docker service--> [root@centos02 ~]# docker login -uadmin -pHarbor12345 192.168.100.10:80 <!--docker Client login Harbor--> WARNING! Using --password via the CLI is insecure. Use --password-stdin. WARNING! Your password will be stored unencrypted in /root/.docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store Login Succeeded <!--Login Successful--> [root@centos02 ~]# docker pull 192.168.100.10:80/image/nginx:nginx <!--docker Client Download Harbor Open Mirror in Warehouse--> [root@centos02 ~]# Docker images <!--View Docker client mirror--> REPOSITORY TAG IMAGE ID CREATED SIZE 192.168.100.10:80/image/nginx nginx 1b6b1fe7261e 7 days ago 647MB
4. Create a Harbor private warehouse
1) Create a private warehouse
2) Create a user
3) Add the newly created private user to the private repository
4) Upload mirror to Harbor private warehouse
[root@centos01 ~]# docker tag tomcat:latest 192.168.100.10:80/private/tomcat:tomcat <!--Docker Server Modify Mirror Label--> [root@centos01 ~]# docker login -uprivate -pHarbor12345 192.168.100.10:80 <!--Sign in Harbor Private warehouse--> WARNING! Using --password via the CLI is insecure. Use --password-stdin. WARNING! Your password will be stored unencrypted in /root/.docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store Login Succeeded <!--Login Successful--> [root@centos01 ~]# docker push 192.168.100.10:80/private/tomcat:tomcat <!--Upload mirror to private Private warehouse-->
5) Harbor checks to see if the image was uploaded successfully
6) Docker clients download mirrors in private warehouses
[root@centos02 ~]# docker login -uprivate -pHarbor12345 192.168.100.10:80 <!--Docker Client login Harbor Private warehouse--> WARNING! Using --password via the CLI is insecure. Use --password-stdin. WARNING! Your password will be stored unencrypted in /root/.docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store Login Succeeded <!--Login Successful--> [root@centos02 ~]# docker pull 192.168.100.10:80/private/tomcat:tomcat <!--Docker Client Download Harbor Mirror in Private Warehouse--> [root@centos02 ~]# Docker images <!--Docker client to see if the image downloaded successfully--> REPOSITORY TAG IMAGE ID CREATED SIZE 192.168.100.10:80/image/nginx nginx 1b6b1fe7261e 7 days ago 647MB 192.168.100.10:80/private/tomcat tomcat 1b6b1fe7261e 7 days ago 647MB
7) Harbor supports log statistics
_________