Building enterprise level image warehouse

Building enterprise level image warehouse

harbor is an open-source image warehouse of VMware company. harbor is an enterprise level extension of docker Registry, which has been widely used. These new enterprise level features include: management user interface, role-based access control, AD/LDAP inheritance and audit log functions, which are enough to meet the needs of enterprises
Official address:

Install harbor

tar xf harbor-offline-installer-v1.9.3.tgz
cd harbor
vi harbor.yml
   //Change hostname to local IP address
   //Save after modification

//Prepare harbor warehouse: 
[root@master1 harbor]# ./prepare   

#Note that the installation of harbor depends on two environments: docker and docker compose
docker Installed.Install now docker compose
//At the same time, your direct installation will remind you that you have not installed docke compose:
  Note: docker version: 19.03.7
  ✖ Need to install docker-compose(1.18.0+) by yourself first and run this script again

1. install docker compose:
git clone or upload compose

//Courseware: in the first stage, it is also available in Docker Upload Docker compose
[root@master1 harbor]# tar xf docker-compose-Linux-x86_64.tar.gz 
[root@master1 harbor]# mv docker-compose-Linux-x86_64 /usr/bin/docker-compose
[root@master1 harbor]# chmod +x /usr/bin/docker-compose 

2. install harbor
   tar xf harbor-offline-installer-v1.9.3.tgz
   [root@master1 ~]# tar -xf harbor-offline-installer-v1.9.3.tgz -C /usr/local/
   [root@master1 ~]# mv  /usr/local/
   [root@master1 ~]# cd /usr/local/harbor
   [root@master1 ~]# vi harbor.yml
   //Change hostname to local IP address
    #Host name:, write the following line:
    //Save after modification

3. start-up harbor
   [root@master1 harbor]# ./prepare
   [root@master1 harbor]# ./   #After installation, use: / harbor/ if you want to start

4. Examination and erasing harbor Startup state:
   [root@k8s-master2 harbor]# ps -ef|grep harbor
root     101657 101620  0 16:18 ?        00:00:00 /bin/sh /harbor/
root     101934 101657  0 16:18 ?        00:00:00 sudo -E -u #10000 /harbor/harbor_registryctl -c /etc/registryctl/config.yml
10000    101939 101934  0 16:18 ?        00:00:00 /harbor/harbor_registryctl -c /etc/registryctl/config.yml
10000    101970 101952  0 16:18 ?        00:00:00 /harbor/harbor_core
10000    102052 102035  0 16:18 ?        00:00:00 /harbor/harbor_jobservice -c /etc/jobservice/config.yml
root     102587  45443  0 16:19 pts/1    00:00:00 grep --color=auto harbor

5. Sign in harbor
   //Default account password:

Daily use of harbor

harbor needs to create users and assign them to O & M or developers

How to push image into harbor?

Local first dockerfile Make a mirror image:
FROM centos:7
LABEL maintainer
RUN useradd  www -u 1200 -M -s /sbin/nologin
RUN mkdir -p /var/log/nginx
RUN yum install -y cmake pcre pcre-devel openssl openssl-devel gd-devel \
    zlib-devel gcc gcc-c++ net-tools iproute telnet wget curl &&\
    yum clean all && \
    rm -rf /var/cache/yum/*
RUN wget
RUN tar xf nginx-1.16.1.tar.gz
WORKDIR nginx-1.16.1
RUN ./configure --prefix=/usr/local/nginx --with-http_image_filter_module --user=www --group=www \
    --with-http_ssl_module --with-http_v2_module --with-http_stub_status_module \
    --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log \
RUN make -j 4 && make install && \
    rm -rf /usr/local/nginx/html/*  && \
    echo "leilei hello" >/usr/local/nginx/html/index.html  && \
    rm -rf nginx* && \
    ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime &&\
    ln -sf /dev/stdout /var/log/nginx/access.log && \
    ln -sf /dev/stderr /var/log/nginx/error.log
RUN chown -R www.www /var/log/nginx
ENV LOG_DIR /var/log/nginx
ENV PATH $PATH:/usr/local/nginx/sbin
#COPY nginx.conf /usr/local/nginx/conf/nginx.conf
WORKDIR /usr/local/nginx
CMD ["nginx","-g","daemon off;"]

#To run a mirror:
docker run --name ngix-test-001 -d -p 81:80 nginx-test-v001

//Access test:

Push image to harbor

Push mirror:
1. Mirror image tag Label
docker tag nginx:v1 192.168.31

harbor Push failure:
[root@k8s-master2 ~]# docker push
The push refers to repository []
Get dial tcp connect: connection refused
//Reason: harbor is accessed by https by default, and you need to add a trusted IP segment. The trusted IP segment we see through docker info is only the local network segment
Insecure Registries:
//To do this, we need to add trusted IP network segments, so how to add them?

//Failed to resolve harbor push:
1. modify /etc/docker/daemon.json
//Add as follows:
"Insecure-registries" :[""] 

//Here IP is the harbor warehouse address
//Modification result:
[root@k8s-master2 ~]# cat /etc/docker/daemon.json
  "registry-mirrors": [""],
  "insecure-registries": [""]

2. restart docker
systemctl restart docker

3. restart docker-compose
[root@k8s-master2 ~]# cd /usr/local/harbor
[root@k8s-master2 harbor]# docker-compose up -d
harbor-log is up-to-date
Starting redis         ... done
Starting registryctl   ... done
Starting harbor-portal ... done
Starting harbor-db     ... done
Starting registry      ... done
Starting harbor-core   ... done
Starting nginx             ... done
Starting harbor-jobservice ... done

4. Access test:
[root@k8s-master2 harbor]# docker push
The push refers to repository []
16993e70a899: Preparing 
0421a59391fa: Preparing 
f05ef613e381: Preparing 
4ab7410d5afa: Preparing 
b27e978348d3: Preparing 
d22782d861b3: Waiting 
0ce0bd1d9b33: Waiting 
cf2a9408f4c6: Waiting 
77b174a6a187: Waiting 
denied: requested access to the resource is denied    ## Access denied, login required

5. Sign in docker harbor
   //Default account password:

   [root@k8s-master2 harbor]# docker login
   Username: admin
   Password: Harbor12345
   WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
   Configure a credential helper to remove this warning. See

   Login Succeeded    <---- Login successfully

6. Push mirror:
[root@k8s-master2 harbor]# docker push
The push refers to repository []
16993e70a899: Pushed 
0421a59391fa: Pushed 
f05ef613e381: Pushed 
4ab7410d5afa: Pushed 
b27e978348d3: Pushed 
d22782d861b3: Pushed 
0ce0bd1d9b33: Pushed 
cf2a9408f4c6: Pushed 
77b174a6a187: Pushed 
v1: digest: sha256:6483a2324e2e0653d19df3f8fdc2aa46c77f83cd9f2d0ae7f3d5a6be8c42a74f size: 2206

//Check image:

Push image steps:

1. Add to harbor trust
1. Mirror image tag Label  docker tag nginx:v1
2. Log in to warehouse       docker login   Default account admin  Default password Harbor12345
3. Push to specified warehouse.  docker push

1. Add to harbor trust:
[root@k8s-master2 ~]# cat /etc/docker/daemon.json
  "registry-mirrors": [""],
  "insecure-registries": [""]

2. restart docker 
systemctl restart docker.service

3. View existing images:
[root@master1 ~]# docker images
REPOSITORY           TAG             IMAGE ID            CREATED             SIZE
tomcat-test-v001     latest          e4b4d9a3f4c5        29 hours ago        440MB
nginx-test-v001      latest          7bcaac8aad94        47 hours ago        393MB
php-test-v001        latest          c4b98af05f73        2 days ago          1.28GB
php-v001             latest          5171da25ff33        3 days ago          1.25GB

4. Mirror image tag:
docker tag tomcat-test-v001:latest
docker tag nginx-test-v001:latest
docker tag php-test-v001:latest
docker tag php-v001:latest

5. Log in to harbor Warehouse
docker login

6. Push and hit. tag Mirror to harbor Warehouse
docker push
docker push
docker push
docker push

To view the image warehouse:

Other servers download images:

docker pull
//Download Image:
1. Add mirror trust:
[root@k8s-node2 ~]# cat /etc/docker/daemon.json 
  "registry-mirrors": [""],
  "insecure-registries": [""]    #Add the harbor image server address here

2. restart docker
[root@k8s-node2 ~]# systemctl restart docker.service 

3. Download mirroring:
[root@k8s-node2 ~]# docker pull
v1: Pulling from library/nginx-test-v001
ab5ef0e58194: Pull complete 
b509a6ae8ffc: Pull complete 
fefb59570f3b: Pull complete 
fd607da77780: Pull complete 
ed2847488055: Pull complete 
c063aa4d1077: Pull complete 
db6ecc614f20: Pull complete 
07de16398d4c: Pull complete 
e4b6a1a29212: Pull complete 
Digest: sha256:7c74ebe5fdddf71fad1303cb89511d0389128c18f6f773575fb52eca1aa35edf
Status: Downloaded newer image for

4. view list:
[root@k8s-node2 ~]# docker images
REPOSITORY                              TAG          IMAGE ID            CREATED             SIZE       v1           7bcaac8aad94        2 days ago          393MB
nginx                                   latest       6678c7c2e56c        2 weeks ago         127MB  v1.17.0  7d54289267dc    3 months ago    116MB
kubernetesui/dashboard                v2.0.0-beta4    6802d83967b9        6 months ago        84MB
lizhenliang/flannel                   v0.11.0-amd64   ff281650a721        13 months ago       52.6MB    3.1  da86e6ba6ca1        2 years ago         742kB

Tags: Linux Docker Nginx PHP JSON

Posted on Fri, 20 Mar 2020 07:38:10 -0700 by tlawless