Merge pull request #1226 from ywk253100/161208_doc

Update docs
This commit is contained in:
Haining Henry Zhang 2016-12-08 22:16:28 +08:00 committed by GitHub
commit 000a8539fe
5 changed files with 43 additions and 47 deletions

View File

@ -23,7 +23,7 @@ Guide to deploy Harbor on Kubenetes. (maintained by community)
### Developer documents ### Developer documents
[Arthitecture Overview of Harbor](https://github.com/vmware/harbor/wiki/Architecture-Overview-of-Harbor) [Architecture Overview of Harbor](https://github.com/vmware/harbor/wiki/Architecture-Overview-of-Harbor)
Developers read this first. Developers read this first.
[Harbor API Specs by Swagger](configure_swagger.md) [Harbor API Specs by Swagger](configure_swagger.md)
@ -61,7 +61,7 @@ How to add your local language to Harbor.
[Overall Architecture of Harbor Registry](http://www.compare-review-information.com/overall-architecture-of-harbor-registry/) [Overall Architecture of Harbor Registry](http://www.compare-review-information.com/overall-architecture-of-harbor-registry/)
[makeing a Private Secured Docker Registry in 15 Minutes](http://alexanderzeitler.com/articles/deploying-a-private-secured-docker-registry-within-15-minutes/) [Making a Private Secured Docker Registry in 15 Minutes](http://alexanderzeitler.com/articles/deploying-a-private-secured-docker-registry-within-15-minutes/)
[Docker Private Registry Using Harbor](https://blog.imaginea.com/docker-private-registry-using-harbor-2/) [Docker Private Registry Using Harbor](https://blog.imaginea.com/docker-private-registry-using-harbor-2/)

View File

@ -72,19 +72,17 @@ The parameters are described below - note that at the very least, you will need
* **self_registration**: (**on** or **off**. Default is **on**) Enable / Disable the ability for a user to register themselves. When disabled, new users can only be created by the Admin user, only an admin user can create new users in Harbor. _NOTE: When **auth_mode** is set to **ldap_auth**, self-registration feature is **always** disabled, and this flag is ignored._ * **self_registration**: (**on** or **off**. Default is **on**) Enable / Disable the ability for a user to register themselves. When disabled, new users can only be created by the Admin user, only an admin user can create new users in Harbor. _NOTE: When **auth_mode** is set to **ldap_auth**, self-registration feature is **always** disabled, and this flag is ignored._
* **use_compressed_js**: (**on** or **off**. Default is **on**) For production use, turn this flag to **on**. In development mode, set it to **off** so that js files can be modified separately. * **use_compressed_js**: (**on** or **off**. Default is **on**) For production use, turn this flag to **on**. In development mode, set it to **off** so that js files can be modified separately.
* **max_job_workers**: (default value is **3**) The maximum number of replication workers in job service. For each image replication job, a worker synchronizes all tags of a repository to the remote destination. Increasing this number allows more concurrent replication jobs in the system. However, since each worker consumes a certain amount of network/CPU/IO resources, please carefully pick the value of this attribute based on the hardware resource of the host. * **max_job_workers**: (default value is **3**) The maximum number of replication workers in job service. For each image replication job, a worker synchronizes all tags of a repository to the remote destination. Increasing this number allows more concurrent replication jobs in the system. However, since each worker consumes a certain amount of network/CPU/IO resources, please carefully pick the value of this attribute based on the hardware resource of the host.
* **secret_key**: The key to encrypt or decrypt the password of a remote registry in a replication policy, its length has to be 16 characters. Change this key before any production use. *NOTE: After changing this key, previously encrypted password of a policy can not be decrypted.*
* **token_expiration**: The expiration time (in minutes) of a token created by token service, default is 30 minutes. * **token_expiration**: The expiration time (in minutes) of a token created by token service, default is 30 minutes.
* **verify_remote_cert**: (**on** or **off**. Default is **on**) This flag determines whether or not to verify SSL/TLS certificate when Harbor communicates with a remote registry instance. Setting this attribute to **off** bypasses the SSL/TLS verification, which is often used when the remote instance has a self-signed or untrusted certificate. * **verify_remote_cert**: (**on** or **off**. Default is **on**) This flag determines whether or not to verify SSL/TLS certificate when Harbor communicates with a remote registry instance. Setting this attribute to **off** bypasses the SSL/TLS verification, which is often used when the remote instance has a self-signed or untrusted certificate.
* **customize_crt**: (**on** or **off**. Default is **on**) When this attribute is **on**, the prepare script creates private key and root certificate for the generation/verification of the registry's token. * **customize_crt**: (**on** or **off**. Default is **on**) When this attribute is **on**, the prepare script creates private key and root certificate for the generation/verification of the registry's token. The following attributes:**crt_country**, **crt_state**, **crt_location**, **crt_organization**, **crt_organizationalunit**, **crt_commonname**, **crt_email** are used as parameters for generating the keys. Set this attribute to **off** when the key and root certificate are supplied by external sources. Refer to [Customize Key and Certificate of Harbor Token Service](customize_token_service.md) for more info.
* The following attributes:**crt_country**, **crt_state**, **crt_location**, **crt_organization**, **crt_organizationalunit**, **crt_commonname**, **crt_email** are used as parameters for generating the keys. Set this attribute to **off** when the key and root certificate are supplied by external sources. Refer to [Customize Key and Certificate of Harbor Token Service](customize_token_service.md) for more info.
#### Configuring storage backend (optional) #### Configuring storage backend (optional)
By default, Harbor stores images on your local filesystem. In a production environment, you may consider By default, Harbor stores images on your local filesystem. In a production environment, you may consider
using other storage backend instead of the local filesystem, like S3, Openstack Swift, Ceph, etc. using other storage backend instead of the local filesystem, like S3, Openstack Swift, Ceph, etc.
What you need to update is the section of `storage` in the file `templates/registry/config.yml`. What you need to update is the section of `storage` in the file `common/templates/registry/config.yml`.
For example, if you use Openstack Swift as your storage backend, the section may look like this: For example, if you use Openstack Swift as your storage backend, the section may look like this:
``` ```
@ -103,7 +101,7 @@ _NOTE: For detailed information on storage backend of a registry, refer to [Regi
#### Finishing installation and starting Harbor #### Finishing installation and starting Harbor
Once **harbord.cfg** and storage backend (optional) are configured, install and start Harbor using the ```install.sh``` script. Note that it may take some time for the online installer to download Harbor images from Docker hub. Once **harbor.cfg** and storage backend (optional) are configured, install and start Harbor using the ```install.sh``` script. Note that it may take some time for the online installer to download Harbor images from Docker hub.
```sh ```sh
$ sudo ./install.sh $ sudo ./install.sh
@ -159,15 +157,7 @@ $ sudo install.sh
Removing Harbor's containers while keeping the image data and Harbor's database files on the file system: Removing Harbor's containers while keeping the image data and Harbor's database files on the file system:
``` ```
$ sudo docker-compose rm $ sudo docker-compose down
Going to remove nginx, harbor-jobservice, registry, harbor-ui, harbor-db, harbor-log
Are you sure? [yN] y
Removing nginx ... done
Removing harbor-jobservice ... done
Removing registry ... done
Removing harbor-ui ... done
Removing harbor-db ... done
Removing harbor-log ... done
``` ```
Removing Harbor's database and image data (for a clean re-installation): Removing Harbor's database and image data (for a clean re-installation):
@ -286,10 +276,16 @@ $ sudo install.sh
nginx nginx -g daemon off; Up 0.0.0.0:443->443/tcp, 0.0.0.0:80->80/tcp nginx nginx -g daemon off; Up 0.0.0.0:443->443/tcp, 0.0.0.0:80->80/tcp
registry /entrypoint.sh serve /etc/ ... Up 5000/tcp registry /entrypoint.sh serve /etc/ ... Up 5000/tcp
``` ```
If a container is not in **UP** state, check the log file of that container in directory ```/var/log/harbor```. For example, if the container ```harbor_ui_1``` is not running, you should look at the log file ```docker_ui.log```. If a container is not in **UP** state, check the log file of that container in directory ```/var/log/harbor```. For example, if the container ```harbor-ui``` is not running, you should look at the log file ```ui.log```.
2.When setting up Harbor behind an nginx proxy or elastic load balancing, look for the line below, in `make/config/nginx/nginx.conf` and remove it from the sections if the proxy already has similar settings: `location /`, `location /v2/` and `location /service/`. 2.When setting up Harbor behind an nginx proxy or elastic load balancing, look for the line below, in `common/templates/nginx/nginx.http.conf` and remove it from the sections if the proxy already has similar settings: `location /`, `location /v2/` and `location /service/`.
``` ```
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $scheme;
``` ```
And run the following commands to restart Harbor:
```sh
$ sudo docker-compose down
$ sudo ./prepare
$ sudo docker-compose up -d
```

View File

@ -7,7 +7,7 @@
* [Reconfiguration](#reconfiguration) * [Reconfiguration](#reconfiguration)
* [Troubleshooting](#troubleshooting) * [Troubleshooting](#troubleshooting)
This guide walks you through the steps about installing and configuring Harbor on vSphere as an virtual appliance. If you are installing Harbor on a Linux host, refer to this **[Installation Guide](installation_guide.md)**. This guide walks you through the steps about installing and configuring Harbor on vSphere as a virtual appliance. If you are installing Harbor on a Linux host, refer to this **[Installation Guide](installation_guide.md)**.
## Prerequisites ## Prerequisites
* vCenter 5.5+ and at least an ESX host. * vCenter 5.5+ and at least an ESX host.
@ -75,7 +75,7 @@ For the purpose of generating a self-signed certificate, it is recommended that
* System * System
* **Root Password**: The initial password of the root user. Subsequent changes of password should be performed in operating system. (8-128 characters) * **Root Password**: The initial password of the root user. Subsequent changes of password should be performed in operating system. (8-128 characters)
* **Harbor Admin Password**: The initial password of Harbor admin. It only works for the first time when Harbor starts. It has no effect after the first launch of Harbor. Change the admin password from UI after launching Harbor. * **Harbor Admin Password**: The initial password of Harbor admin. It only works for the first time when Harbor starts. It has no effect after the first launch of Harbor. Change the admin password from UI after launching Harbor. (8-20 characters)
* **Database Password**: The initial password of the root user of MySQL database. Subsequent changes of password should be performed in operating system. (8-128 characters) * **Database Password**: The initial password of the root user of MySQL database. Subsequent changes of password should be performed in operating system. (8-128 characters)
* **Permit Root Login**: Specifies whether root user can log in using SSH. * **Permit Root Login**: Specifies whether root user can log in using SSH.
* **Garbage Collection**: When setting this to true, Harbor performs garbage collection everytime it boots up. The first time setting this flag to true needs to power off the VM and power it on again. * **Garbage Collection**: When setting this to true, Harbor performs garbage collection everytime it boots up. The first time setting this flag to true needs to power off the VM and power it on again.
@ -87,7 +87,7 @@ For the purpose of generating a self-signed certificate, it is recommended that
* **Authentication Mode**: The default authentication mode is **db_auth**. Set it to **ldap_auth** when users' credentials are stored in an LDAP or AD server. Note: this option can only be set once. * **Authentication Mode**: The default authentication mode is **db_auth**. Set it to **ldap_auth** when users' credentials are stored in an LDAP or AD server. Note: this option can only be set once.
* **Self Registration**: Determine whether the self-registration is allowed or not. Set this to off to disable a user's self-registration in Harbor. This flag has no effect when users are stored in LDAP or AD. * **Self Registration**: Determine whether the self-registration is allowed or not. Set this to off to disable a user's self-registration in Harbor. This flag has no effect when users are stored in LDAP or AD.
* **LDAP URL**: The URL of an LDAP/AD server. * **LDAP URL**: The URL of an LDAP/AD server.
* **LDAP Search DN**: A user's DN who has the permission to search the LDAP/AD server. Leave blank if your LDAP/AD server supports anonymous search, otherwise you should configure this DN and **LDAP Seach Password**. * **LDAP Search DN**: A user's DN who has the permission to search the LDAP/AD server. Leave blank if your LDAP/AD server supports anonymous search, otherwise you should configure this DN and **LDAP Search Password**.
* **LDAP Search Password**: The password of the user for LDAP search. Leave blank if your LDAP/AD server supports anonymous search. * **LDAP Search Password**: The password of the user for LDAP search. Leave blank if your LDAP/AD server supports anonymous search.
* **LDAP Base DN**: The base DN of a node from which to look up a user for authentication. The search scope includes subtree of the node. * **LDAP Base DN**: The base DN of a node from which to look up a user for authentication. The search scope includes subtree of the node.
* **LDAP UID**: The attribute used in a search to match a user, it could be uid, cn, email, sAMAccountName or other attributes depending on your LDAP/AD server. * **LDAP UID**: The attribute used in a search to match a user, it could be uid, cn, email, sAMAccountName or other attributes depending on your LDAP/AD server.
@ -110,7 +110,7 @@ For the purpose of generating a self-signed certificate, it is recommended that
* **Email Username**: The user from whom the password reset email is sent. Usually this is a system email address. * **Email Username**: The user from whom the password reset email is sent. Usually this is a system email address.
* **Email Password**: The password of the user from whom the password reset email is sent. * **Email Password**: The password of the user from whom the password reset email is sent.
* **Email From**: The name of the email sender. * **Email From**: The name of the email sender.
* **Email SSL**: Whether to enabled secure mail transmission. * **Email SSL**: Whether to enable secure mail transmission.
* Networking properties * Networking properties
* **Default Gateway**: The default gateway address for this VM. Leave blank if DHCP is desired. * **Default Gateway**: The default gateway address for this VM. Leave blank if DHCP is desired.
@ -126,7 +126,7 @@ For the purpose of generating a self-signed certificate, it is recommended that
![ova](img/ova/ova09.png) ![ova](img/ova/ova09.png)
11. Power on the virtual appliance. It may take a few minutes for the first bootup. The virtual appliance needs to initialize itself for configuration like netowrk address and password. 11. Power on the virtual appliance. It may take a few minutes for the first bootup. The virtual appliance needs to initialize itself for configuration like network address and password.
12. When the appliance is ready, check from vSphere Web Client for its IP address. Open a browser and type in the URL `http(s)://harbor_ip_address` or `http(s)://harbor_host_name`. Log in as the admin user and verify Harbor has been successfully installed. 12. When the appliance is ready, check from vSphere Web Client for its IP address. Open a browser and type in the URL `http(s)://harbor_ip_address` or `http(s)://harbor_host_name`. Log in as the admin user and verify Harbor has been successfully installed.
@ -175,7 +175,7 @@ If you want to change the properties of Harbor, follow the below steps:
4. **Power on** the VM and Harbor will reconfigure itself based on the new settings. 4. **Power on** the VM and Harbor will reconfigure itself based on the new settings.
**Note:** **Note:**
1. The **Authentication Mode** can only be set once before the firtst boot. Subsequent modification of this option does not have any effect. 1. The **Authentication Mode** can only be set once before the first boot. Subsequent modification of this option does not have any effect.
2. The initial admin password, root password of the virtual appliance, MySQL root password, and all networking properties can not be modified using this method after Harbor's first launch. Modify them by the following approach: 2. The initial admin password, root password of the virtual appliance, MySQL root password, and all networking properties can not be modified using this method after Harbor's first launch. Modify them by the following approach:
* **Harbor Admin Password**: Change it in Harbor admin portal. * **Harbor Admin Password**: Change it in Harbor admin portal.
* **Root Password of Virtual Appliance**: Change it by logging in the virtual appliance and doing it in the Linux operating system. * **Root Password of Virtual Appliance**: Change it by logging in the virtual appliance and doing it in the Linux operating system.

View File

@ -42,10 +42,10 @@ Harbor supports two authentication modes:
When you forgot your password, you can follow the below steps to reset the password: When you forgot your password, you can follow the below steps to reset the password:
1. Click the link "forgot password" in the sign in page. 1. Click the link "Forgot Password" in the sign in page.
2. Input the email address entered when you signed up, an email will be sent out to you for password reset. 2. Input the email address entered when you signed up, an email will be sent out to you for password reset.
3. After receiving the email, click on the link in the email which directs you to a password reset web page. 3. After receiving the email, click on the link in the email which directs you to a password reset web page.
4. Input your new password and click "Submit". 4. Input your new password and click "Save".
* **LDAP/Active Directory (ldap_auth)** * **LDAP/Active Directory (ldap_auth)**

View File

@ -38,14 +38,14 @@ Harbor supports two authentication modes:
A user can register himself/herself in Harbor in this mode. To disable user self-registration, refer to the **[installation guide](installation_guide_ova.md)**. When self-registration is disabled, the system administrator can add users in Harbor. A user can register himself/herself in Harbor in this mode. To disable user self-registration, refer to the **[installation guide](installation_guide_ova.md)**. When self-registration is disabled, the system administrator can add users in Harbor.
When registering or adding a new user, the username and email must be unique in the Harbor system. The password must contain at least 8 characters with 1 lowercase letter, 1 uppercase letter and 1 numeric character. When registering or adding a new user, the username and email must be unique in the Harbor system. The password must contain at least 8 characters, less than 20 characters with 1 lowercase letter, 1 uppercase letter and 1 numeric character.
When you forgot your password, you can follow the below steps to reset the password: When you forgot your password, you can follow the below steps to reset the password:
1. Click the link "forgot password" in the sign in page. 1. Click the link "Forgot Password" in the sign in page.
2. Input the email address entered when you signed up, an email will be sent out to you for password reset. 2. Input the email address entered when you signed up, an email will be sent out to you for password reset.
3. After receiving the email, click on the link in the email which directs you to a password reset web page. 3. After receiving the email, click on the link in the email which directs you to a password reset web page.
4. Input your new password and click "Submit". 4. Input your new password and click "Save".
* **LDAP/Active Directory (ldap_auth)** * **LDAP/Active Directory (ldap_auth)**