Before installing the harbor, you need to install the python,docker,dockercompose. Python requires more than 2.7 versions, Docker requires more than 1.10 versions, and Docker Compose requires 1.6.0 or more versions.
One: Install Docker Compose
The various installation methods described in https://docs.docker.com/compose/install/can only be successfully installed using the PIP method.
Install with Pip because the Docker-compose dependency package may conflict with the system package of the original Python environment, so virtualenv is recommended in the documentation.
First install the virtualenv:
Pip Install Virtualenv
Then create the virtual environment for installation Docker-compose:
Mkdir-p/opt/testvenv
Cd/opt/testvenv
Virtualenv venv
To activate the virtual environment, install Docker-compose:
SOURCE Venv/bin/activate
Pip Install Docker-compose
Installed Docker-compose under directory/opt/testvenv/venv/bin, create a soft link:
Ln-s/opt/testvenv/venv/bin/docker-compose/usr/local/bin/docker-compose
This installs the Docker-compose.
Two: Install Harbor
1: Use the source code to install, download the source code through GIT:
Mkdir-p/opt/harbor/git
Cd/opt/harbor/git
git clone Https://github.com/vmware/harbor
2: Configure Harbor
Before installing harbor, you need to modify the configuration parameters in the/opt/harbor/git/harbor/deploy/harbor.cfg, then execute the prepare script to generate the configuration files for all containers Harbor, and finally run Docker Compose start Harbor.
In file harbor.cfg, you need to configure the following parameters:
Hostname: Host name of the private warehouse. Can be an IP address, or it can be a domain name. This is configured as 192.168.1.104;
Ui_url_protocol: The protocol used by the user when accessing the private position, the default HTTP, which is configured as HTTPS;
Harbor_admin_password:harbor Administrator account password, the default password is Harbor12345, username is admin;
Other configuration parameters can be consulted:
Https://github.com/vmware/harbor/blob/master/docs/installation_guide.md
3: Configure HTTPS Access
The default protocol for user access to harbor is HTTP, but registry currently supports HTTPS access by default, and if you use HTTP, you need to modify the Docker configuration file on the host that accesses the private store, adding the--insecure-registry option.
To configure HTTPS access, first generate the certificate:
Mkdir-p/opt/harbor/cert/
OpenSSL req-x509-days 3650-nodes-newkey rsa:2048-keyout \
/opt/harbor/cert/domain.key-out/opt/harbor/cert/domain.crt
...
Country Name (2 letter code) [XX]:
State or province name (full name) []:
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default company LTD]:
Organizational Unit Name (eg, section) []:
Common name (eg, your name or your server ' s hostname) []:192.168.1.104
Email Address []:
The resulting certificate is then copied to the specific directory of the Nginx container:
cp/opt/harbor/cert/domain.crt/opt/harbor/git/harbor/deploy/config/nginx/cert/
cp/opt/harbor/cert/domain.key/opt/harbor/git/harbor/deploy/config/nginx/cert/
Then modify the configuration file under the/opt/harbor/git/harbor/deploy/config/nginx directory:
MV Nginx.conf Nginx.conf.bak
CP nginx.https.conf nginx.conf
Modify the contents of the nginx.conf file:
server {
Listen 443 SSL;
server_name 192.168.1.104;
# SSL
SSL_CERTIFICATE/ETC/NGINX/CERT/DOMAIN.CRT;
Ssl_certificate_key/etc/nginx/cert/domain.key;
...
}
server {
Listen 80;
server_name 192.168.1.104;
...
}
4: Generate a configuration file that modifies the harbor container:
Cd/opt/harbor/git/harbor/deploy
./prepare
After running prepare, you need to modify the data volume directory of the container in the/opt/harbor/git/harbor/deploy/docker-compose.yml file, first create the data volume directory:
[CPP] View plain copy on code to see a snippet derived from my Code slice
Mkdir-p/opt/harbor/data
Mkdir-p/opt/harbor/data/registry
Mkdir-p/opt/harbor/data/log
Mkdir-p/opt/harbor/data/database
Then modify the contents of the Docker-compose.yml file:
Version: ' 2 '
Services
Log
Build:./log/
Volumes
-/opt/harbor/data/log/:/var/log/docker/
Ports
-1514:514
Registry
image:library/registry:2.4.0
Volumes
-/opt/harbor/data/registry:/storage
-./config/registry/:/etc/registry/
Environment:
-Godebug=netdns=cgo
Ports
-5,001:5,001
Command
["Serve", "/etc/registry/config.yml"]
DEPENDS_ON:
-Log
Logging
Driver: "Syslog"
Options
Syslog-address: "tcp://127.0.0.1:1514"
Syslog-tag: "Registry"
Mysql:
Build:./db/
Volumes
-/opt/harbor/data/database:/var/lib/mysql
Env_file:
-./config/db/env
DEPENDS_ON:
-Log
Logging
Driver: "Syslog"
Options
Syslog-address: "tcp://127.0.0.1:1514"
Syslog-tag: "MySQL"
Ui:
Build
Context:.. /
Dockerfile:Dockerfile.ui
Env_file:
-./config/ui/env
Volumes
-./config/ui/app.conf:/etc/ui/app.conf
-./config/ui/private_key.pem:/etc/ui/private_key.pem
DEPENDS_ON:
-Log
Logging
Driver: "Syslog"
Options
Syslog-address: "tcp://127.0.0.1:1514"
Syslog-tag: "UI"
Proxy
image:library/nginx:1.9
Volumes
-./config/nginx:/etc/nginx
Ports
-80:80
-443:443
DEPENDS_ON:
-MySQL
-Registry
-UI
-Log
Logging
Driver: "Syslog"
Options
Syslog-address: "tcp://127.0.0.1:1514"
Syslog-tag: "Proxy"
Because the HTTP proxy needs to be set for the current host to access the extranet, you also need to set up the proxy when you build the UI container, so you need to modify the/opt/harbor/git/harbor/dockerfile.ui file in the Apt-get and go that require access to the external network Before the Get command, set the proxy address:
From golang:1.6.2
maintainer [email protected]
RUN export https_proxy=http://192.168.1.22:1888 \
&& export http_proxy=http://192.168.1.22:8000 \
&& apt-get update \
&& apt-get install-y libldap2-dev \
&& Rm-r/var/lib/apt/lists/*
COPY. /go/src/github.com/vmware/harbor
#golang. org is blocked in China
COPY./vendor/golang.org/go/src/golang.org
Workdir/go/src/github.com/vmware/harbor/ui
RUN export https_proxy=http://192.168.1.22:1888 \
&& export http_proxy=http://192.168.1.22:8000 \
&& go get-d github.com/docker/distribution \
&& go get-d github.com/docker/libtrust \
&& go get-d github.com/go-sql-driver/mysql \
&& Go build-v-a-o/go/bin/harbor_ui
ENV mysql_usr root \
Mysql_pwd root \
Registry_url localhost:5000
COPY Views/go/bin/views
COPY static/go/bin/static
COPY Favicon.ico/go/bin/favicon.ico
RUN chmod u+x/go/bin/harbor_ui \
&& sed-i ' s/tls_cacert/#TLS_CAERT/g '/etc/ldap/ldap.conf \
&& sed-i ' $a \tls_reqcert allow '/etc/ldap/ldap.conf
workdir/go/bin/
entrypoint ["/GO/BIN/HARBOR_UI"]
EXPOSE 80
5: Start Stop Harbor
Cd/opt/harbor/git/harbor/deploy
Docker-compose up-d
Be careful not to perform./prepare
Docker-compose stop
Docker-compose rm-f
Docker-compose up-d
6. Login
Docker login-u admin-p harbor12345-e [email protected] 10.10.16.194
7. Docking LDAP authentication
Harbor supports two authentication methods, the default is local storage, that is, the account information is stored under MySQL, described above. Next, we introduce another authentication method LDAP, only need to modify the configuration file. You need to provide the LDAP URL and LDAP basedn parameters, and set Auth_mode to Ldap_auth.
Quickly deploy LDAP services
For testing convenience, we use Docker to start an LDAP server with the following startup script:
!/bin/bash
Name=ldap_server
Docker rm-f $NAME 2>/dev/null
Docker run--env ldap_organisation= "Unitedstack Inc." \
--env ldap_domain= "ustack.com" \
--env ldap_admin_password= "Admin_password" \
-V pwd/containers/openldap/data:/var/lib/ldap \
-V pwd/containers/openldap/slapd.d:/etc/ldap/slapd.d \
--detach--name $NAME osixia/openldap:1.1.2
To create a new user, you first need to define the LDIF file, New_user.ldif:
Dn:uid=test,dc=ustack,dc=com
Uid:test
Cn:test
Sn:3
Objectclass:top
Objectclass:posixaccount
Objectclass:inetorgperson
Loginshell:/bin/bash
HomeDirectory:/home/test
uidnumber:1001
gidnumber:1001
userpassword:1q2w3e4r
Mail: [Email protected]
Gecos:test
Create a new user from the following script, where Ldap_server is the LDAP Service container name.
Docker CP New_user.ldif ldap_server:/
Docker exec ldap_server ldapadd-x \
-d "cn=admin,dc=ustack,dc=com" \
-W admin_password \
-f/new_user.ldif-zz
To see if the user created the success:
Docker exec ldap_server ldapsearch-x-h localhost \
-B dc=ustack,dc=com-d "cn=admin,dc=ustack,dc=com" \
-W Admin_password
Check that the test user exists and, if it exists, that the creation was successful, otherwise you would need to use Docker logs to view the logs.
Configuring Harbor with LDAP authentication
Modify the Harbor.cfg file about the LDAP configuration entry as follows:
Auth_mode = Ldap_auth
Ldap_url = ldap://42.62.x.x
Ldap_basedn = uid=%s,dc=ustack,dc=com
Then redeploy the harbor:
./prepare
Docker-compose stop
Docker-compose rm-f
Docker-compose up-d
Test to be able to log on using test User:
Docker login-u test-p 1q2w3e4r \
-e [email protected] 42.62.x.x
This article is from the "My Ops Time" blog, so be sure to keep this source http://aaronsa.blog.51cto.com/5157083/1834599
Using Harbor to configure a private compartment