Deployment and use of enterprise-class Docker private warehouse harbor on Ubuntu14.04

First, Harbor Introduction:

To put it simply, Harbor is an enterprise-class Docker Registry that implements functions such as images's private storage and log statistics permissions control, and supports the creation of multiple projects (Harbor concepts), based on the official Registry V2.

Second, the deployment method:

Operating system: Ubuntu14.04

1. Installing Docker:

#安装插件sudo apt-get Install Apt-transport-https ca-certificates# add gpg keysudo apt-key adv--keyserver hkp:// p80.pool.sks-keyservers.net:80--recv-keys 58118e89f3a912897c070adbf76221572c52609dsudo vim/etc/apt/ sources.list.d/docker.list# Add the following, save exit Deb Https://apt.dockerproject.org/repo ubuntu-trusty main# with new, clear old Reposudo Apt-get updatesudo apt-get purge lxc-docker# installation docker-enginesudo apt-get install Docker-engine

2. Install docker-com:

sudo curl-l https://github.com/docker/compose/releases/download/1.8.0/docker-compose-' uname-s '-' uname-m ' >/ Home/cimer/docker-composesudo MV Docker-compose/usr/local/bin/sudo chmod +x/usr/local/bin/docker-compose

3. Install Harbor:

3.1. Clone source code:

git clone Https://github.com/vmware/harbor

3.2, modify the configuration:

CD Harbor/deploy/vim Harbor.cfg

As follows:

## configuration file of harbor#the ip address or hostname to  access admin ui and registry service. #DO  NOT use localhost  Or 127.0.0.1, because harbor needs to be accessed by external  clients.#  specify  hostname, typically IP, or domain name for login  Web UI  interface hostname =  172.16.4.253#the protocol for accessing the ui and token/notification  Service, by default it is http. #It  can be set to https  if ssl is enabled on nginx.# url  access mode,ssl  requires configuration  nginxui_url_ protocol = http#email account settings for sending out password  resetting emails.#  Mail related information configuration, such as forgot password send mail email_server = smtp.xxxxxx.comemail_server_port  = 465email_username =  [email protected]email_password = xxxxxxemail_from = docker <[email  protected]>email_ssl = true# #The  password of Harbor admin, change  this before any production use.#  default  Harbor  admin password, Admin user name default   adminharbor_admin_password = harbor12345# #By  default the auth mode is  Db_auth, i.e. the credentials are stored in a local database. #Set  it to ldap_auth if you want to verify a user ' s  credentials against an ldap server.#  Specifies the permissions authentication method for  Harbor ,harbor  supports local  mysql  data store password, also support &NBSP;LDAPAUTH_MODE&NBSP;=&NBSP;DB_AUTH#THE&NBSP;URL&NBSP;FOR&NBSP;AN&NBSP;LDAP  endpoint.#  if  ldap is used, fill in  LDAP  address here ldap_url = ldaps://ldap.mydomain.com#the  basedn template to&nBsp;look up a user in ldap and verify the user ' s password.#  LADP  How to verify passwords ldap_basedn = uid=%s,ou=people,dc=mydomain,dc=com#the password for  the root user of mysql db, change this before any  production use.# mysql  database  root  account password Db_password = root123#turn on  or off the self-registration feature#  whether to allow open registration self_registration = on# turn on or off the customize your certicate#  allow self-signed certificates CUSTOMIZE_CRT  = on#fill in your certicate message#  Self-signed certificate information Crt_country = cncrt_ State = statecrt_location = cncrt_organization = mritdcrt_organizationalunit  = mritdcrt_commonname = mritd.mecrt_email = reg.mritd.me#####

3.3. Generate the relevant configuration file:

CD Harbor/deploy/./prepare

650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M01/88/A0/wKioL1f93aWDFCO2AAA8zz4akFE778.png "title=" 111. PNG "alt=" Wkiol1f93awdfco2aaa8zz4akfe778.png "/>

3.4. Compile the image and start:

CD Harbor/deploy/docker-compose up-d

650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M00/88/A3/wKiom1f93d6AIfQdAAAY30J4uZs261.png "title=" 111. PNG "alt=" Wkiom1f93d6aifqdaaay30j4uzs261.png "/>

3.5, check the relevant containers after startup:

Proxy: Reverse proxy consisting of Nginx server

Registry: container instance consisting of Docker's official open source Registry image

UI: The core services in the architecture, the code that makes up this container is the body of the harbor project

MySQL: Database container consisting of an official MySQL image

LOG: A container running RSYSLOGD that collects logs from other containers in the form of Log-driver

650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M02/88/A0/wKioL1f93obBgkABAABLpPcVT2o803.png "title=" 111. PNG "alt=" Wkiol1f93obbgkabaablppcvt2o803.png "/>

4. Accessing the Web Ui:

Access: http://172.16.4.253, the account password is configured in Harbor.cfg

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M00/88/A3/wKiom1f936OBlfuJAAEsM54O9Zg339.png "title=" 111. PNG "alt=" Wkiom1f936oblfujaaesm54o9zg339.png "/> If the self_registration in Harbor.cfg is set to OFF, then the normal user cannot implement the registration, only the user can be created by the administrator The registration button in the upper-right corner disappears.

4.2. Login:

Default account password: admin:harbor12345

650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M00/88/A0/wKioL1f94OfzywXEAACbl52rPSY999.png "title=" 111. PNG "alt=" Wkiol1f94ofzywxeaacbl52rpsy999.png "/>

4.3. Create a private project:

The harbor project is similar to the Docker hub user name, which can store many mirrors

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/88/A0/wKioL1f94bGA5LQKAABeFb5nyN8114.png "title=" 111. PNG "alt=" Wkiol1f94bga5lqkaabefb5nyn8114.png "/>

4.4. Push Image:

650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M02/88/A0/wKioL1f96aaw9Fh8AAAzHj08uJM448.png "title=" 111. PNG "alt=" Wkiol1f96aaw9fh8aaazhj08ujm448.png "/>

Viewing in the Web UI

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M00/88/A4/wKiom1f96g-RHC7DAAB21ueBLyE365.png "title=" 111. PNG "alt=" Wkiom1f96g-rhc7daab21ueblye365.png "/>

If the verification function is not applicable, modify the registry configuration file, comment out the auth section, and reboot

sudo vim harbor/deploy/config/registry/config.ymlsudo docker-compose stopsudo docker-compose up-d

650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M01/88/A4/wKiom1f98vSDNHJGAABEYGIgrKk899.png "title=" 111. PNG "alt=" Wkiom1f98vsdnhjgaabeygigrkk899.png "/>

Third, configure the replication of the Docker image:

The copy feature is an image that replicates between two or more harbor nodes. Schematic diagram is as follows:

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M02/88/A4/wKiom1f97AShkXfdAADTfMBl_Hk178.png "title=" 111. PNG "alt=" Wkiom1f97ashkxfdaadtfmbl_hk178.png "/>

650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M00/88/A4/wKiom1f97EKTJQI7AAL0zLFtDXk048.png "title=" 111. PNG "alt=" Wkiom1f97ektjqi7aal0zlftdxk048.png "/>

1. Configure 2 Harbor instances first, 172.16.4.253 and 172.16.4.252 respectively

2. Upload an image on the 172.16.4.253 as the primary node

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M00/88/A1/wKioL1f97QuiRFSTAABRIdbZn7o729.png "title=" 111. PNG "alt=" Wkiol1f97quirfstaabridbzn7o729.png "/> 3. Enter the project options for the Web UI, select Copy:

650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M01/88/A4/wKiom1f97XaA070qAACxLyKaiK4667.png "title=" 111. PNG "alt=" Wkiom1f97xaa070qaacxlykaik4667.png "/>

4. Click New Policy and set the policy:

650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M01/88/A1/wKioL1f97h-SyOE7AAA0HmlCCrE396.png "title=" 111. PNG "alt=" Wkiol1f97h-syoe7aaa0hmlccre396.png "/>

After the creation, we can see one more policy in the replication strategy, there is more than one task in the replication task, a little while later can be copied to complete. Log in to 172.16.4.252 's Web UI, and you'll see that both the mirror and the log are copied over.

Four, upgrade Harbor:

1. Delete the original container

CD Harbor/deploy/sudo Docker-compose down

2. Backup

MV harbor//tm/harbor

3. Re-download the source code

git clone Https://github.com/vmware/harbor

4. If harbor is migrating to a different server, perform a data backup first

CD harbor/migration/

after modifying the database account password in the Migration.cfg file

sudo docker build-t Migrate-tool.

5. run a staging database container (Note:/data/database the directory where you set up the Mount database/path/to/backup data Backup) This data

sudo docker run-ti--rm-v/data/database:/var/lib/mysql-v/path/to/backup:/harbor-migration/backup migrate-tool Backup

6. Database restore

sudo docker run-ti--rm-v/data/database:/var/lib/mysql migrate-tool up head

7. Compare the configuration file

If you modify the port, you must update the port inside the CD harbor/deploy/config/nginx/nginx.conf

Diff Harbor.cfg/tmp/harbor/deploy/harbor.cfgdiff Docker-compose.yaml/tmp/harbor/deploy/docker-compose.yaml

8. Execute./prepare generate a new configuration file

Cd/harbor/deploy/./prepare

9.build a new image, start the container

Cd/harbor/deploy/docker-compose up--build-d

When you are finished, log on to the Web UI to check if the upgrade was successful.

Reference:

https://my.oschina.net/u/1540325/blog/702260

Http://www.cnblogs.com/jicki/p/5737369.html

http://blog.csdn.net/project_harbor/article/details/51261934

Http://www.tuicool.com/articles/m2uyQri

Http://www.2cto.com/net/201607/531849.html

This article is from the "Black Time" blog, so be sure to keep this source http://blacktime.blog.51cto.com/11722918/1861132

Deployment and use of enterprise-class Docker private warehouse harbor on Ubuntu14.04