Using docker compose to install harbor 1.8.6

harbor characteristics

1. Role based access control: users and repositories are organized through projects, and users can have different permissions to multiple image repositories.
2. Mirror copy: images and charts can be copied (synchronized) based on having multiple Registry instances. If there are any errors, Harbor automatically retries the replication. Ideal for load balancing, high availability, multi data center, hybrid and cloud scenarios.
3. LDAP/AD support: Harbor integrates with existing enterprise LDAP/AD for user authentication and management, and supports importing LDAP groups into harbor and assigning them appropriate project roles.
Image deletion and garbage collection: images can be deleted and their space can be recycled.
4. Internationalization: support for multiple languages (with Chinese, English, German, Japanese and Russian);
5. Graphical user interface: users can easily browse, search for repositories, and manage projects.
6. Audit management: tracks all operations to the repository.
7. RESTful API: a RESTful API for most management operations, easy to integrate with external systems. An embedded Swagger user interface can be used to explore and test APIs.
Simple deployment: provides online and offline setup. In addition, you can install (via) virtual devices to the vSphere platform.

Harbor component

1. Proxy: Harbor's components, such as registry, UI, and token service, are behind the reverse proxy. Agents forward requests from browsers and Docker clients to various back-end services.
2. Registry: responsible for storing Docker images and handling Docker push / pull commands. Because Harbor needs access control over the image, registry will guide the client to access the token service to obtain a valid token for each pull or push request.
3. Core Service: the core function of Harbor, which mainly provides the following services:
1) UI: provide graphical user interface to help users manage image and authorize users.
2) Webhook: to get the status changes of images on the registry in time, configure webhook on the registry to transfer the status changes to the UI module;
3) Token token service: responsible for issuing tokens for each docker push/pull command according to the user's role in the project. If there is no token in the request sent from the Docker client, the registry redirects the request to the token service.
4. Datebase: in order to provide core services with a comfortable database, it is responsible for storing user permissions, audit logs, Docker image grouping information and other data.
5. Job Services: provides the remote image responsibility function, which can synchronize the local image to other harbor instances.
6. Log Collector: to help monitor Harbor operation, it is responsible for the log of other components of the mobile phone for future analysis.

Deployment environment

centos-7.6   192.168.8.130
Docker version 1.19.3
docker-compose version 1.24.2
harbor-offline-installer-v1.8.6.tgz

Install docker compose

Mode 1:
[root@centos130 ~]# curl -L https://github.com/docker/compose/releases/download/1.24.1/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose
[root@centos130 ~]# chmod +x /usr/local/bin/docker-compose
//Mode 2:
[root@centos130 ~]# wget https://bootstrap.pypa.io/get-pip.py
[root@centos130 ~]# python get-pip.py
[root@centos130 ~]# pip install docker-compose

Install docker

[root@centos130 ~]# yum install -y yum-utils device-mapper-persistent-data lvm2
//Add a stable source
[root@centos130 ~]# yum-config-manager --add-repo \
    http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
[root@centos130 ~]# yum makecache fast
//Install the latest stable version of docker CE
[root@centos130 ~]# yum install -y docker-ce docker-ce-cli containerd.io vim
[root@centos130 ~]# mkdir /etc/docker && vim /etc/docker/daemon.json
{
  "registry-mirrors": ["https://yxrgrke0.mirror.aliyuncs.com"],
  "insecure-registries": ["192.168.8.130:5000"],
  "insecure-registries": ["centos130:80"],
  "log-driver": "json-file",
  "log-opts": {
    "max-size": "100m",
    "max-file": "3"
    }
}
//Start docker
[root@centos130 ~]# systemctl daemon-reload
[root@centos130 ~]# systemctl enable docker && systemctl start docker
[root@centos130 ~]# systemctl status docker

Install harbor

harbor Download address:
harbor github address https://github.com/goharbor/harbor
http://harbor.orientsoft.cn/
[root@centos130 ~]# wget https://storage.googleapis.com/harbor-releases/release-1.8.6/harbor-offline-installer-v1.8.6.tgz
[root@centos130 ~]# tar -xf harbor-offline-installer-v1.8.6.tgz -C /usr/local/
[root@centos130 ~]# cd /usr/local/harbor/
[root@centos130 ~]# vim harbor.yml
hostname = centos130
#This is just a simple test, so only this line is edited, and other lines are not modified by default

Execute installation script:

[root@centos130 ~]# ./instsll.sh  
//Note: the installation reports an error. The docker proxy and docker runc cannot be found
//implement
[root@centos130 ~]# ln -s /usr/libexec/docker/docker-runc-current /usr/bin/docker-runc
[root@centos130 ~]# ln -s /usr/libexec/docker/docker-proxy-current /usr/bin/docker-proxy
View started image files
[root@centos130 ~]# docker-compose ps
 stop and start of Harbor container:
[root@centos130 ~]# cd /usr/local/harbor/
[root@centos130 ~]# docker-compose stop
[root@centos130 ~]# docker-compose start

Now that the installation is completed, directly open the browser to log in and create my project:
The default user password is: admin / harbor 12345

Shell command line terminal logging into harbor warehouse

[root@centos130 ~]# harbor upload image
[root@centos130 ~]# docker login centos130:80
[root@centos130 ~]# docker login -u admin -p Harbor12345 centos130:80  #Account password: admin / harbor 12345
Username: admin
Password: 
Login Succeeded

Test image upload

[root@centos130 ~]# docker pull nginx
[root@centos130 ~]# docker tag nginx:latest centos130:80/my/nginx:latest
[root@centos130 ~]# docker images
[root@centos130 ~]# docker push centos130:80/my/nginx:latest
The push refers to repository [centos130:80/my/nginx]
55a77731ed26: Pushed 
71f2244bc14d: Pushed 
f2cb0ecef392: Pushed 
latest: digest: sha256:3936fb3946790d711a68c58be93628e43cbca72439079e16d154b5db216b58da size: 948

//Description: the format is: userip / project name / image name: version number (the project name needs to be built in advance in webui)
[root@centos130 ~]# docker images
REPOSITORY                       TAG                        IMAGE ID            CREATED             SIZE
centos130:80/my/nginx:latest     latest                     5a3221f0137b        5 days ago          126MB
nginx                            latest                     5a3221f0137b        5 days ago          126MB
//Delete local nginx image, test Download
[root@centos130 ~]# docker pull centos130:80/my/nginx:latest

harbor modify port number

1. Modify the docker-compose.yml file to map to port 1180:

Modify profile
[root@centos130 ~]# cat /usr/local/harbor/docker-compose.yml

version: '2.3'
services:
  log:
    image: goharbor/harbor-log:v1.8.6
    container_name: harbor-log
    restart: always
    dns_search: .
    cap_drop:
      - ALL
    cap_add:
      - CHOWN
      - DAC_OVERRIDE
      - SETGID
      - SETUID
    volumes:
      - /var/log/harbor/:/var/log/docker/:z
      - ./common/config/log/:/etc/logrotate.d/:z
    ports:
      - 127.0.0.1:1514:10514
    networks:
      - harbor
  registry:
    image: goharbor/registry-photon:v2.7.1-patch-2819-v1.8.6
    container_name: registry
    restart: always
    cap_drop:
      - ALL
    cap_add:
      - CHOWN
      - SETGID
      - SETUID
    volumes:
      - /data/registry:/storage:z
      - ./common/config/registry/:/etc/registry/:z
      - type: bind
        source: /data/secret/registry/root.crt
        target: /etc/registry/root.crt
    networks:
      - harbor
    dns_search: .
    depends_on:
      - log
    logging:
      driver: "syslog"
      options:  
        syslog-address: "tcp://127.0.0.1:1514"
        tag: "registry"
  registryctl:
    image: goharbor/harbor-registryctl:v1.8.6
    container_name: registryctl
    env_file:
      - ./common/config/registryctl/env
    restart: always
    cap_drop:
      - ALL
    cap_add:
      - CHOWN
      - SETGID
      - SETUID
    volumes:
      - /data/registry:/storage:z
      - ./common/config/registry/:/etc/registry/:z
      - type: bind
        source: ./common/config/registryctl/config.yml
        target: /etc/registryctl/config.yml
    networks:
      - harbor
    dns_search: .
    depends_on:
      - log
    logging:
      driver: "syslog"
      options:  
        syslog-address: "tcp://127.0.0.1:1514"
        tag: "registryctl"
  postgresql:
    image: goharbor/harbor-db:v1.8.6
    container_name: harbor-db
    restart: always
    cap_drop:
      - ALL
    cap_add:
      - CHOWN
      - DAC_OVERRIDE
      - SETGID
      - SETUID
    volumes:
      - /data/database:/var/lib/postgresql/data:z
    networks:
      harbor:
    dns_search: .
    env_file:
      - ./common/config/db/env
    depends_on:
      - log
    logging:
      driver: "syslog"
      options:  
        syslog-address: "tcp://127.0.0.1:1514"
        tag: "postgresql"
  core:
    image: goharbor/harbor-core:v1.8.6
    container_name: harbor-core
    env_file:
      - ./common/config/core/env
    restart: always
    cap_drop:
      - ALL
    cap_add:
      - SETGID
      - SETUID
    volumes:
      - /data/ca_download/:/etc/core/ca/:z
      - /data/psc/:/etc/core/token/:z
      - /data/:/data/:z
      - ./common/config/core/certificates/:/etc/core/certificates/:z
      - type: bind
        source: ./common/config/core/app.conf
        target: /etc/core/app.conf
      - type: bind
        source: /data/secret/core/private_key.pem
        target: /etc/core/private_key.pem
      - type: bind
        source: /data/secret/keys/secretkey
        target: /etc/core/key
    networks:
      harbor:
    dns_search: .
    depends_on:
      - log
      - registry
    logging:
      driver: "syslog"
      options:  
        syslog-address: "tcp://127.0.0.1:1514"
        tag: "core"
  portal:
    image: goharbor/harbor-portal:v1.8.6
    container_name: harbor-portal
    restart: always
    cap_drop:
      - ALL
    cap_add:
      - CHOWN
      - SETGID
      - SETUID
      - NET_BIND_SERVICE
    networks:
      - harbor
    dns_search: .
    depends_on:
      - log
      - core
    logging:
      driver: "syslog"
      options:
        syslog-address: "tcp://127.0.0.1:1514"
        tag: "portal"

  jobservice:
    image: goharbor/harbor-jobservice:v1.8.6
    container_name: harbor-jobservice
    env_file:
      - ./common/config/jobservice/env
    restart: always
    cap_drop:
      - ALL
    cap_add:
      - CHOWN
      - SETGID
      - SETUID
    volumes:
      - /data/job_logs:/var/log/jobs:z
      - type: bind
        source: ./common/config/jobservice/config.yml
        target: /etc/jobservice/config.yml
    networks:
      - harbor
    dns_search: .
    depends_on:
      - redis
      - core
    logging:
      driver: "syslog"
      options:
        syslog-address: "tcp://127.0.0.1:1514"
        tag: "jobservice"
  redis:
    image: goharbor/redis-photon:v1.8.6
    container_name: redis
    restart: always
    cap_drop:
      - ALL
    cap_add:
      - CHOWN
      - SETGID
      - SETUID
    volumes:
      - /data/redis:/var/lib/redis
    networks:
      harbor:
    dns_search: .
    depends_on:
      - log
    logging:
      driver: "syslog"
      options:
        syslog-address: "tcp://127.0.0.1:1514"
        tag: "redis"
  proxy:
    image: goharbor/nginx-photon:v1.8.6
    container_name: nginx
    restart: always
    cap_drop:
      - ALL
    cap_add:
      - CHOWN
      - SETGID
      - SETUID
      - NET_BIND_SERVICE
    volumes:
      - ./common/config/nginx:/etc/nginx:z
    networks:
      - harbor
    dns_search: .
    ports:
      - 1180:80
      - 443:443
      - 4443:4443
    depends_on:
      - postgresql
      - registry
      - core
      - portal
      - log
    logging:
      driver: "syslog"
      options:  
        syslog-address: "tcp://127.0.0.1:1514"
        tag: "proxy"
networks:
  harbor:
    external: false

2. Modify the file / etc/docker/daemon.json to change 80 to port 1180:

modify daemon To configure
[root@centos130 ~]# cat /etc/docker/daemon.json 

{
  "registry-mirrors": ["https://yxrgrke0.mirror.aliyuncs.com"],
  "insecure-registries": ["192.168.8.130:5000"],
  "insecure-registries": ["centos130:1180"],
  "log-driver": "json-file",
  "log-opts": {
    "max-size": "100m",
    "max-file": "3"
    }
}

3. Modify the hostname of the / usr / locate / Harbor / harbor.yml file

modify hostname To configure
cat /usr/locat/harbor/harbor.yml
hostname: centos130:1180

3. Stop harbor, restart and generate configuration file:

Reinitialize
[root@centos130 ~]# cd /usr/locat/harbor/
[root@centos130 ~]# docker-compose stop
[root@centos130 ~]# ./install.sh

4. Restart docker:

[root@centos130 ~]# systemctl daemon-reload
[root@centos130 ~]# systemctl restart docker.service
  1. Finally, test verification:
    [root@centos130 ~]# docker login centos130:1180
    Username: admin
    Password: Harbor12345
    Login Succeeded

Tags: Linux Docker Nginx Redis yum

Posted on Wed, 11 Mar 2020 03:58:50 -0700 by SEVIZ