Harbor - 创建本地私有仓库 - LDAP管理用户
Harbor是一款企业级的docker私有仓库管理软件,由VMware创建。支持LDAP/多项目/多租户/镜像异地同步等对企业用户非常友好的功能.
本文主要实现以下方面:
- Docker-compose安装镜像并启动Harbor
- LDAP 管理用户
- ssl 认证
- 邮箱设置
下载
$ wget http://harbor.orientsoft.cn/harbor-1.2.0/harbor-offline-installer-v1.2.0.tgz
$ tar zxf harbor-offline-installer-v1.2.0.tgz
$ cd harbor
配置harbor.cfg
- 访问域名
#The IP address or hostname to access admin UI and registry service.
#DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
hostname = hub.digi-sky.com
- 访问方式 - 默认为http
#The protocol for accessing the UI and token/notification service, by default it is http.
#It can be set to https if ssl is enabled on nginx.
ui_url_protocol = https
- LDAP
#By default the auth mode is db_auth, i.e. the credentials are stored in a local database.
#Set it to ldap_auth if you want to verify a user's credentials against an LDAP server.
#auth_mode = db_auth
auth_mode = ldap_auth
ldap_url = ldap://ipa.digi-sky.com:389
ldap_searchdn = uid=ds_login,cn=users,cn=accounts,dc=digisky,dc=com
ldap_search_pwd = xxxx
ldap_basedn = cn=users,cn=accounts,dc=digisky,dc=com
ldap_uid = uid
ldap_scope = 3
ldap_timeout = 5
- email 设置
email_identity =
email_server = smtp.qiye.163.com
email_server_port = 994
email_username = devops@digisky.com
email_password = xxxx
email_from = dockerhub <hub.digi-sky.com>
email_ssl = true
- ssl证书
#The path of cert and key files for nginx, they are applied only the protocol is set to https
ssl_cert = /data/ssl/archive/hub.digi-sky.com/fullchain1.pem
ssl_cert_key = /data/ssl/archive/hub.digi-sky.com/privkey1.pem
安装并启动
Harbor采用docker-compose的方式管理容器, 依赖docker 1.13+ 及docker-compose 1.16+
Default installation (without Notary/Clair)
$ sudo ./install.sh
Trouble
- 重新配置及管理
如果有配置修改harbor.cfg, 先停止容器,使用prepare脚本重新生成
$ cd harbor
$ docker-compose down
$ vim harbor.cfg
...
$ docker-compose up -d
- 配置文件修改
不支持双引号或单引号转义
1.在给变量赋值的时候,不能带有引号
2.变量值中不要带有#号等特殊字符