头部背景图片
Number Man Life |
Number Man Life |

Harbor

2018-06-20
#Harbor

環境要求

Ubuntu 16.04 LTS

Python 2.7+

Docker 1.10+

Docker-compose 1.6.0+

環境前置安裝

# Check Version

1
2
3
ubuntu@ubuntu-xenial:~$ uname -a

ubuntu@ubuntu-xenial:~$ cat /etc/lsb-release

# Install Python2.x

1
2
3
ubuntu@ubuntu-xenial:~$ sudo apt-get update

ubuntu@ubuntu-xenial:~$ sudo apt-get install -y python

# Check Python Version

1
ubuntu@ubuntu-xenial:~$ python --version

# Install Docker

1
ubuntu@ubuntu-xenial:~$ sudo apt-get install -y docker.io

# Check Docker Version

1
ubuntu@ubuntu-xenial:~$ sudo docker version

# Install Docker Compose

1
ubuntu@ubuntu-xenial:~$ sudo curl -L   "https://github.com/docker/compose/releases/download/1.11.2/docker-compose-$(uname -s)-$(uname -m)"   -o /usr/local/bin/docker-compose

# 設定權限

1
ubuntu@ubuntu-xenial:~$ sudo chmod +x /usr/local/bin/docker-compose

# Check Docker Compose Version

1
ubuntu@ubuntu-xenial:~$ docker-compose --version

# /etc/ssl/openssl.cnf內的[v3_ca]加入倉庫IP

1
2
3
ubuntu@ubuntu-xenial:~$ sudo vim /etc/ssl/openssl.cnf  
[ v3_ca ]  
subjectAltName=IP:xx.xx.xx.xx

安裝 Harbor

# 下載版本v1.1.1

1
ubuntu@ubuntu-xenial:~$ wget https://github.com/vmware/harbor/releases/download/v1.1.1/harbor-online-installer-v1.1.1.tgz

# 解壓縮

1
ubuntu@ubuntu-xenial:~$ tar zxvf harbor-online-installer-v1.1.1.tgz

# Create Directory for Certificate and Change Directory

1
2
3
ubuntu@ubuntu-xenial:~$ mkdir cert

ubuntu@ubuntu-xenial:~$ cd cert

# Create Certificate

# Input Common Name only at this time

1
ubuntu@ubuntu-xenial:~/cert$ openssl req -sha256 -x509 -days 365 -nodes -newkey rsa:4096 -keyout registry.kenny.info.key -out registry.kenny.info.crt

1
2
3
4
5
6
7
8
9
10
11
12
13
Country Name (2 letter code) [AU]:

State or Province Name (full name) [Some-State]:

Locality Name (eg, city) []:

Organization Name (eg, company) [Internet Widgits Pty Ltd]:

Organizational Unit Name (eg, section) []:

Common Name (e.g. server FQDN or YOUR name) []:IP

Email Address []:

# Change Directory and Modify harbor.cfg

1
2
3
ubuntu@ubuntu-xenial:~$ cd harbor

ubuntu@ubuntu-xenial:~/harbor$ vim harbor.cfg

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
< hostname = reg.mydomain.com

> hostname = registry.kenny.info

  

< ui_url_protocol = http

> ui_url_protocol = https

  

< ssl_cert = /data/cert/server.crt

> ssl_cert = /home/ubuntu/cert/registry.kenny.info.crt

  

< ssl_cert_key = /data/cert/server.key

> ssl_cert_key = /home/ubuntu/cert/registry.kenny.info.key

# Harbor has been installed

1
ubuntu@ubuntu-xenial:~/harbor$ sudo ./install.sh

# Check Containers for Harbor

1
ubuntu@ubuntu-xenial:~/harbor$ sudo docker-compose top

#WebUI(https://IP)

帳號:admin

密碼:xxxxx

安裝 Certificate

# 修改憑證,需用公司憑證取代

1
2
3
ubuntu@ubuntu-xenial:~/harbor$ vim /home/ubuntu/cert/registry.kenny.info.crt
  
ubuntu@ubuntu-xenial:~/harbor$ vim /home/ubuntu/cert/registry.kenny.info.key

# 修改Docker login需要之憑證

1
2
3
4
5
6
7
ubuntu@ubuntu-xenial:~/harbor$ mkdir -p /etc/docker/certs.d/registry.kenny.info/
  
ubuntu@ubuntu-xenial:~/harbor$ vim /etc/docker/certs.d/registry.kenny.info/ca.crt
  
ubuntu@ubuntu-xenial:~/harbor$ vim /etc/docker/certs.d/registry.kenny.info/client.cert

ubuntu@ubuntu-xenial:~/harbor$ vim /etc/docker/certs.d/registry.kenny.info/client.key

# 測試登入

1
ubuntu@ubuntu-xenial:~/harbor$ docker login registry.kenny.info

帳號:admin

密碼:xxxxxx

LDAP設定

# 修改設定檔

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
ubuntu@ubuntu-xenial:~/harbor$ vim harbor.cfg

  
  

< auth_mode = db_auth

> auth_mode = ldap_auth

  

< ldap_url = ldaps://ldap.mydomain.com

> ldap_url = ldap://xxx.xxx.xxx:xxx

  

< #ldap_searchdn = uid=searchuser,ou=people,dc=mydomain,dc=com

> ldap_searchdn = CN=xxxxxxxx,OU=PublicID,OU=Account,DC=xxx,DC=xxx

  

< #ldap_search_pwd = password

> ldap_search_pwd = xxxxxxxx

  

< ldap_basedn = ou=people,dc=mydomain,dc=com

> ldap_basedn = dc=xxx,dc=xxx

  

< ldap_uid = uid

> ldap_uid = sAMAccountName

# 重啟服務並強制清除data目錄下資料

1
2
3
4
5
6
7
ubuntu@ubuntu-xenial:~/harbor$ docker-compose down -v

ubuntu@ubuntu-xenial:~/harbor$ rm -rf /data

ubuntu@ubuntu-xenial:~/harbor$ ./prepare

ubuntu@ubuntu-xenial:~/harbor$ docker-compose up -d

# 先使用管理者帳號登入

1
ubuntu@ubuntu-xenial:~/harbor$ docker login registry.kenny.info

帳號:admin

密碼:xxxxxx

# 登入Web-UI調整設定

Configuration > Authentication

測試連線成功後,即可使用AD帳號登入

Push、Pull

# 登入

1
ubuntu@ubuntu-xenial:~/harbor$ docker login registry.kenny.info

# 幫需上傳的image加上tag

1
ubuntu@ubuntu-xenial:~/harbor$ docker tag redis:latest registry.kenny.info/redis:latest

# 上傳

1
ubuntu@ubuntu-xenial:~/harbor$ docker push registry.kenny.info/library/redis:latest

# 下載

1
ubuntu@ubuntu-xenial:~/harbor$ docker pull registry.kenny.info/library/redis:latest