Building enterprise level image warehouse

Building enterprise level image warehouse

harbor is an open-source image warehouse of VMware company. harbor is an enterprise level extension of docker Registry, which has been widely used. These new enterprise level features include: management user interface, role-based access control, AD/LDAP inheritance and audit log functions, which are enough to meet the needs of enterprises
Official address: https://vmware.github.io/barbor/cn/

Install harbor

wget https://www.chenleilei.net/soft/k8s/harbor-offline-installer-v1.9.3.tgz
tar xf harbor-offline-installer-v1.9.3.tgz
cd harbor
vi harbor.yml
   //Change hostname to local IP address
#hostname: reg.mydomain.com
hostname: 10.0.0.64
   //Save after modification

//Prepare harbor warehouse: 
[root@master1 harbor]# ./prepare   

#Note that the installation of harbor depends on two environments: docker and docker compose
docker Installed.Install now docker compose
//At the same time, your direct installation will remind you that you have not installed docke compose:
  Note: docker version: 19.03.7
  ✖ Need to install docker-compose(1.18.0+) by yourself first and run this script again

1. install docker compose:
git clone https://github.com/docker/compose.git or upload compose
https://www.chenleilei.net/soft/docker/docker-compose-Linux-x86_64.tar.gz

//Courseware: in the first stage, it is also available in Docker courseware.zip. Upload Docker compose
[root@master1 harbor]# tar xf docker-compose-Linux-x86_64.tar.gz 
[root@master1 harbor]# mv docker-compose-Linux-x86_64 /usr/bin/docker-compose
[root@master1 harbor]# chmod +x /usr/bin/docker-compose 

2. install harbor
   wget https://www.chenleilei.net/soft/k8s/harbor-offline-installer-v1.9.3.tgz
   tar xf harbor-offline-installer-v1.9.3.tgz
   [root@master1 ~]# tar -xf harbor-offline-installer-v1.9.3.tgz -C /usr/local/
   [root@master1 ~]# mv  /usr/local/
   [root@master1 ~]# cd /usr/local/harbor
   [root@master1 ~]# vi harbor.yml
   //Change hostname to local IP address
    #Host name: reg.mydomain.com, write the following line:
    hostname: 10.0.0.64
    //Save after modification

3. start-up harbor
   [root@master1 harbor]# ./prepare
   [root@master1 harbor]# ./install.sh   #After installation, use: / harbor/start.sh if you want to start

4. Examination and erasing harbor Startup state:
   [root@k8s-master2 harbor]# ps -ef|grep harbor
root     101657 101620  0 16:18 ?        00:00:00 /bin/sh /harbor/start.sh
root     101934 101657  0 16:18 ?        00:00:00 sudo -E -u #10000 /harbor/harbor_registryctl -c /etc/registryctl/config.yml
10000    101939 101934  0 16:18 ?        00:00:00 /harbor/harbor_registryctl -c /etc/registryctl/config.yml
10000    101970 101952  0 16:18 ?        00:00:00 /harbor/harbor_core
10000    102052 102035  0 16:18 ?        00:00:00 /harbor/harbor_jobservice -c /etc/jobservice/config.yml
root     102587  45443  0 16:19 pts/1    00:00:00 grep --color=auto harbor

5. Sign in harbor
   //Default account password:
   admin
   Harbor12345

Daily use of harbor

harbor needs to create users and assign them to O & M or developers

How to push image into harbor?

Local first dockerfile Make a mirror image:
FROM centos:7
LABEL maintainer www.chenleilei.net
RUN useradd  www -u 1200 -M -s /sbin/nologin
RUN mkdir -p /var/log/nginx
RUN yum install -y cmake pcre pcre-devel openssl openssl-devel gd-devel \
    zlib-devel gcc gcc-c++ net-tools iproute telnet wget curl &&\
    yum clean all && \
    rm -rf /var/cache/yum/*
RUN wget https://www.chenleilei.net/soft/nginx-1.16.1.tar.gz
RUN tar xf nginx-1.16.1.tar.gz
WORKDIR nginx-1.16.1
RUN ./configure --prefix=/usr/local/nginx --with-http_image_filter_module --user=www --group=www \
    --with-http_ssl_module --with-http_v2_module --with-http_stub_status_module \
    --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log \
    --pid-path=/var/run/nginx/nginx.pid
RUN make -j 4 && make install && \
    rm -rf /usr/local/nginx/html/*  && \
    echo "leilei hello" >/usr/local/nginx/html/index.html  && \
    rm -rf nginx* && \
    ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime &&\
    ln -sf /dev/stdout /var/log/nginx/access.log && \
    ln -sf /dev/stderr /var/log/nginx/error.log
RUN chown -R www.www /var/log/nginx
ENV LOG_DIR /var/log/nginx
ENV PATH $PATH:/usr/local/nginx/sbin
#COPY nginx.conf /usr/local/nginx/conf/nginx.conf
EXPOSE 80
WORKDIR /usr/local/nginx
CMD ["nginx","-g","daemon off;"]

#To run a mirror:
docker run --name ngix-test-001 -d -p 81:80 nginx-test-v001

//Access test:

Push image to harbor

Push mirror:
1. Mirror image tag Label
docker tag nginx:v1 192.168.31

harbor Push failure:
[root@k8s-master2 ~]# docker push 10.0.0.64/library/nginx-test-v001:v1
The push refers to repository [10.0.0.64/library/nginx-test-v001]
Get https://10.0.0.64/v2/: dial tcp 10.0.0.64:443: connect: connection refused
//Reason: harbor is accessed by https by default, and you need to add a trusted IP segment. The trusted IP segment we see through docker info is only the local 127.0.0.0 network segment
Insecure Registries:
 127.0.0.0/8
//To do this, we need to add trusted IP network segments, so how to add them?

//Failed to resolve harbor push:
1. modify /etc/docker/daemon.json
//Add as follows:
"Insecure-registries" :["10.0.0.64"] 

//Here IP is the harbor warehouse address
//Modification result:
[root@k8s-master2 ~]# cat /etc/docker/daemon.json
{
  "registry-mirrors": ["https://ajvcw8qn.mirror.aliyuncs.com"],
  "insecure-registries": ["10.0.0.64"]
}

2. restart docker
systemctl restart docker

3. restart docker-compose
[root@k8s-master2 ~]# cd /usr/local/harbor
[root@k8s-master2 harbor]# docker-compose up -d
harbor-log is up-to-date
Starting redis         ... done
Starting registryctl   ... done
Starting harbor-portal ... done
Starting harbor-db     ... done
Starting registry      ... done
Starting harbor-core   ... done
Starting nginx             ... done
Starting harbor-jobservice ... done

4. Access test:
[root@k8s-master2 harbor]# docker push 10.0.0.64/library/nginx-test-v001:v1
The push refers to repository [10.0.0.64/library/nginx-test-v001]
16993e70a899: Preparing 
0421a59391fa: Preparing 
f05ef613e381: Preparing 
4ab7410d5afa: Preparing 
b27e978348d3: Preparing 
d22782d861b3: Waiting 
0ce0bd1d9b33: Waiting 
cf2a9408f4c6: Waiting 
77b174a6a187: Waiting 
denied: requested access to the resource is denied    ## Access denied, login required

5. Sign in docker harbor
   //Default account password:
   admin
   Harbor12345

   [root@k8s-master2 harbor]# docker login 10.0.0.64
   Username: admin
   Password: Harbor12345
   WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
   Configure a credential helper to remove this warning. See
   https://docs.docker.com/engine/reference/commandline/login/#credentials-store

   Login Succeeded    <---- Login successfully

6. Push mirror:
[root@k8s-master2 harbor]# docker push 10.0.0.64/library/nginx-test-v001:v1
The push refers to repository [10.0.0.64/library/nginx-test-v001]
16993e70a899: Pushed 
0421a59391fa: Pushed 
f05ef613e381: Pushed 
4ab7410d5afa: Pushed 
b27e978348d3: Pushed 
d22782d861b3: Pushed 
0ce0bd1d9b33: Pushed 
cf2a9408f4c6: Pushed 
77b174a6a187: Pushed 
v1: digest: sha256:6483a2324e2e0653d19df3f8fdc2aa46c77f83cd9f2d0ae7f3d5a6be8c42a74f size: 2206

//Check image:

Push image steps:

1. Add to harbor trust
1. Mirror image tag Label  docker tag nginx:v1 10.0.0.64/library/nginx-test-v001:v1
2. Log in to warehouse       docker login 10.0.0.64   Default account admin  Default password Harbor12345
3. Push to specified warehouse.  docker push 10.0.0.64/library/nginx-test-v001:v1

1. Add to harbor trust:
[root@k8s-master2 ~]# cat /etc/docker/daemon.json
{
  "registry-mirrors": ["https://ajvcw8qn.mirror.aliyuncs.com"],
  "insecure-registries": ["10.0.0.64"]
}

2. restart docker 
systemctl restart docker.service

3. View existing images:
[root@master1 ~]# docker images
REPOSITORY           TAG             IMAGE ID            CREATED             SIZE
tomcat-test-v001     latest          e4b4d9a3f4c5        29 hours ago        440MB
nginx-test-v001      latest          7bcaac8aad94        47 hours ago        393MB
php-test-v001        latest          c4b98af05f73        2 days ago          1.28GB
php-v001             latest          5171da25ff33        3 days ago          1.25GB

4. Mirror image tag:
docker tag tomcat-test-v001:latest 10.0.0.64/library/tomcat-test-v001:v1
docker tag nginx-test-v001:latest 10.0.0.64/library/nginx-test-v001:v1
docker tag php-test-v001:latest 10.0.0.64/library/php-test-v001:v1
docker tag php-v001:latest 10.0.0.64/library/php-v001:v1

5. Log in to harbor Warehouse
docker login 10.0.0.64
admin
Harbor12345

6. Push and hit. tag Mirror to harbor Warehouse
docker push 10.0.0.64/library/tomcat-test-v001:v1
docker push 10.0.0.64/library/nginx-test-v001:v1
docker push 10.0.0.64/library/php-test-v001:v1
docker push 10.0.0.64/library/php-v001:v1

To view the image warehouse:

Other servers download images:

docker pull 10.0.0.64/library/nginx-test-v001:v1
//Download Image:
1. Add mirror trust:
[root@k8s-node2 ~]# cat /etc/docker/daemon.json 
{
  "registry-mirrors": ["https://ajvcw8qn.mirror.aliyuncs.com"],
  "insecure-registries": ["10.0.0.64"]    #Add the harbor image server address here
}

2. restart docker
[root@k8s-node2 ~]# systemctl restart docker.service 

3. Download mirroring:
[root@k8s-node2 ~]# docker pull 10.0.0.64/library/nginx-test-v001:v1
v1: Pulling from library/nginx-test-v001
ab5ef0e58194: Pull complete 
b509a6ae8ffc: Pull complete 
fefb59570f3b: Pull complete 
fd607da77780: Pull complete 
ed2847488055: Pull complete 
c063aa4d1077: Pull complete 
db6ecc614f20: Pull complete 
07de16398d4c: Pull complete 
e4b6a1a29212: Pull complete 
Digest: sha256:7c74ebe5fdddf71fad1303cb89511d0389128c18f6f773575fb52eca1aa35edf
Status: Downloaded newer image for 10.0.0.64/library/nginx-test-v001:v1
10.0.0.64/library/nginx-test-v001:v1

4. view list:
[root@k8s-node2 ~]# docker images
REPOSITORY                              TAG          IMAGE ID            CREATED             SIZE
10.0.0.64/library/nginx-test-v001       v1           7bcaac8aad94        2 days ago          393MB
nginx                                   latest       6678c7c2e56c        2 weeks ago         127MB
registry.aliyuncs.com/google_containers/kube-proxy  v1.17.0  7d54289267dc    3 months ago    116MB
kubernetesui/dashboard                v2.0.0-beta4    6802d83967b9        6 months ago        84MB
lizhenliang/flannel                   v0.11.0-amd64   ff281650a721        13 months ago       52.6MB
registry.aliyuncs.com/google_containers/pause    3.1  da86e6ba6ca1        2 years ago         742kB

Tags: Linux Docker Nginx PHP JSON

Posted on Fri, 20 Mar 2020 07:38:10 -0700 by tlawless