ubuntu install harbor warehouse

1. Introduction

1. Harbor is an English word that means a harbor. What does the harbor do? It is used to park cargo. The cargo is packed in containers. When it comes to containers, we have to mention Docker containers because of the docker container technology. It is based on the principle of the container. Therefore, Harbor is an enterprise-level Registry service for storing Docker images.
2. Registry is an official private warehouse mirror of Dcoker. Local mirrors can be tagged and marked and then pushed to the private warehouse of the container starting from Registry. Enterprises can use Dokcerfile to generate their own mirror images according to their own needs and push them to private warehouses, which can greatly improve the efficiency of pulling mirror images.

Two, Harbor core component explanation

• Proxy: It is a front-end proxy of nginx, proxy Harbor's registry, UI, token and other services.
• db: Responsible for storing data such as user permissions, audit logs, and Dockerimage grouping information.
• UI: Provides a graphical interface to help users manage mirror images on the registry and authorize users.
• jobsevice: jobsevice is responsible for mirror replication. He communicates with the registry, pulls the image from one registry and pushes it to another registry, and records the job_log.
• Adminserver: It is the configuration management center of the system to check storage usage. When ui and jobserver are started, the configuration of adminserver needs to be loaded.
• Registry: Mirror warehouse, responsible for storing mirror files.
• Log: In order to help monitor the operation of Harbor, it is responsible for collecting logs of other components for future analysis.

Three: Comparison of Harbor and Registry

Harbor and Registry are both Docker mirror repositories, but Harbor is the choice of more companies because it has many advantages compared to Regisrty.

1. Provide layered transmission mechanism to optimize network transmission
   Docker mirroring is hierarchical, and if the full amount of files is used for each transfer (so FTP is not suitable), it is obviously not economical. A mechanism for identifying hierarchical transmission must be provided, and the UUID of the layer is used as the identification to determine the transmission object.
2. Provide WEB interface to optimize user experience
   It is obviously inconvenient to upload and download using only the name of the mirror. A user interface is required to support login and search functions, including distinguishing public and private mirrors.
3. Support horizontal expansion cluster
   When users upload and download images on a certain server, the corresponding access pressure needs to be resolved.
4. Good security mechanism
   The development team in the enterprise has many different positions. For different positions, different permissions are assigned to have better security.
5. Harbor provides a role-based access control mechanism, and uses projects to organize and control access permissions for images. Kubernetes uses namespace to isolate resources. In enterprise-level application scenarios, combining the two can effectively manage and access the mirror resources used by Kubernetes, enhancing the security of mirroring. Especially in the multi-tenant scenario, the management and access control of multi-tenant mirror resources can be realized by combining tenants, namespaces, and projects.

Four: Harbor simple deployment

Official minimum configuration

• 2 Cpu
• 4 g memory
• 40 g Hard disk, because it is a storage image, it is recommended that the hard disk be larger

Configuration before installation

Before the actual installation, we have to install the following components

• docker
• docker-compose
• python
• openssl

Install docker

Update the apt source and add https support

sudo apt-get update && sudo apt-get install apt-transport-https ca-certificates curl software-properties-common -y

Use utc source to add GPG Key

curl -fsSL https://mirrors.ustc.edu.cn/docker-ce/linux/ubuntu/gpg | sudo apt-key add

Add Docker-ce stable version source address

sudo add-apt-repository "deb [arch=amd64] https://mirrors.ustc.edu.cn/docker-ce/linux/ubuntu $(lsb_release -cs) stable"

Install docker-ce

The latest version is 19.03.

sudo apt-get update
sudo apt install -y docker-ce=5:19.03.1~3-0~ubuntu-xenial

Install docker-compose

Refer to the official link: https://docs.docker.com/compose/install/

Run this command to download the current stable version of docker compose:

sudo curl -L "https://github.com/docker/compose/releases/download/1.24.1/docker-compose-$(uname -s)-$(uname -m)"-o /usr/local/bin/docker-compose

Apply executable permissions to binary files

sudo chmod +x /usr/local/bin/docker-compose

Since ubuntu 16.04, python3 is already available by default, and openssl is already installed.

root@ubuntu:~# dpkg -l |grep openssl
ii  libgnutls-openssl27:amd64           3.4.10-4ubuntu1.4                          amd64        GNU TLS library - OpenSSL wrapper
ii  openssl                             1.0.2g-1ubuntu4.10                         amd64        Secure Sockets Layer toolkit - cryptographic utility

Download Harbor offline package

https://github.com/vmware/harbor/releases
There are two ways to install, one is off-line, the other is on-line, that is, offline and online installation, offline installation requires a larger installation package, and online installation downloads a small installation package. The subject is based on your own situation. Choose, I chose version 1.8.1

Download online installation package

wget https://storage.googleapis.com/harbor-releases/release-1.8.0/harbor-online-installer-v1.8.1.tgz

If I can’t access google, I’ve uploaded it to Baidu’s network disk and can download it myself

Link: https://pan.baidu.com/s/1mRtaFNfYViz5xywYB9GnXw
Extraction code: xsc0

Install Harbor

Unzip the installation package

tar zxvf harbor-online-installer-v1.8.1.tgz -C /usr/src/
cd /usr/src/harbor

Edit configuration file

vim harbor.yml

Modify hostname to be the ip address of the machine

hostname:192.168.10.122

Other parameters can be modified according to the actual situation to remove redundant comments and blank lines. The configuration file is as follows:

root@ubuntu:/usr/src/harbor# cat harbor.yml |grep -v "^#"|grep -v "  #"|grep -v "^$"
hostname:192.168.10.122
http:
 port:80
harbor_admin_password: Harbor12345
database:
 password: root123
data_volume:/data
clair: 
 updaters_interval:12
 http_proxy:
 https_proxy:
 no_proxy:127.0.0.1,localhost,core,registry
jobservice:
 max_job_workers:10
chart:
 absolute_url: disabled
log:
 level: info
 rotate_count:50
 rotate_size: 200M
 location:/var/log/harbor
_ version:1.8.0

Execute directly afterwards

. /install.sh

The following prompt appears, indicating successful installation

✔ ----Harbor has been installed and started successfully.----Now you should be able to visit the admin portal at http://192.168.10.122. For more details, please visit https://github.com/goharbor/harbor .

Later, if you want to modify a certain configuration, for example, if you want to modify the domain name, I did this first modify the above harbor.cfg file, and then re-execute the install.sh file.

Visit page

http://192.168.10.122

Use the default account: admin, password: Harbor12345 login verification

After successful login, the effect is as follows:

Five, test push mirror

Log in to another server and make sure docker has been installed.

Local configuration warehouse address

Due to the default harbor, a public project libary has been created.

vim /etc/docker/daemon.json

The content is as follows:

{" insecure-registries":["192.168.10.122"]}

Then restart the service

systemctl restart docker

Push mirror

Log in to the warehouse, the admin password is still Harbor12345

root@k8s-node1:~# docker login 192.168.10.122
Username: admin
Password: 
WARNING! Your password will be stored unencrypted in/root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

Now download a mirror alpine

docker pull alpine

Tag the image

docker tag alpine:latest 192.168.10.122/library/alpine

Push mirror

root@k8s-node1:~# docker push 192.168.10.122/library/alpine
The push refers to repository [192.168.10.122/library/alpine]
1 bfeebd65323: Pushed 
latest: digest: sha256:57334c50959f26ce1ee025d08f136c2292c128f84e7b229d1b0da5dac89e9866 size:528

Pull once the mirrored pulls on the warehouse will be added once, which can be viewed on the web interface

Increase boot

vi /etc/rc.local

Add in the last line

# harbor start
cd /usr/src/harbor && docker-compose up -d

Precautions

**For public projects, docker must log in when pushing images. **

**There is no need to log in when downloading the image. **

**Non-public projects, download and push, must be logged in by docker. **

Reference link for this article:

https://blog.51cto.com/11093860/2117805

https://yq.aliyun.com/articles/637155