mirror of
https://github.com/goharbor/harbor.git
synced 2024-11-29 05:35:43 +01:00
Update TOC of docs (#2032)
* update change log * update documents * update documents * update AUTHORS * update README * update harbor.cfg * remove unused files * updated TOC of docs * update REAME * update README
This commit is contained in:
parent
c06abe9b8a
commit
d84218d7f0
@ -16,7 +16,7 @@ Project Harbor is an enterprise-class registry server that stores and distribute
|
||||
* **Graphical user portal**: User can easily browse, search repositories and manage projects.
|
||||
* **Auditing**: All the operations to the repositories are tracked.
|
||||
* **RESTful API**: RESTful APIs for most administrative operations, easy to integrate with external systems.
|
||||
* **Easy deployment**: Provide both an online and offline installer. Besides, a virtual appliance for vSphere platform (OVA) is available.
|
||||
* **Easy deployment**: Provide both an online and offline installer.
|
||||
|
||||
### Install & Run
|
||||
|
||||
@ -24,8 +24,6 @@ Project Harbor is an enterprise-class registry server that stores and distribute
|
||||
|
||||
**On a Linux host:** docker 1.10.0+ and docker-compose 1.6.0+ .
|
||||
|
||||
**On vSphere:** vCenter 5.5+ for deployment of Harbor's virtual appliance.
|
||||
|
||||
Download binaries of **[Harbor release ](https://github.com/vmware/harbor/releases)** and follow **[Installation & Configuration Guide](docs/installation_guide.md)** to install Harbor.
|
||||
|
||||
Refer to **[User Guide](docs/user_guide.md)** for more details on how to use Harbor.
|
||||
|
@ -6,9 +6,6 @@
|
||||
Read this first!**
|
||||
Guide for Harbor online installer and offline installer.
|
||||
|
||||
**[Installation and Configuration Guide for Virtual Appliance](installation_guide_ova.md)**
|
||||
Guide for installing Harbor on vSphere, either standalone or as part of vSphere Integrated Containers (VIC).
|
||||
|
||||
**[Harbor User Guide](user_guide.md)**
|
||||
How to use Harbor to manage images, projects, replications and users.
|
||||
|
||||
@ -57,11 +54,18 @@ How to add your local language to Harbor.
|
||||
|
||||
[Working with Harbor Registry REST API via Swagger](http://www.think-foundry.com/working-with-harbor-registry-rest-api-via-swagger/)
|
||||
|
||||
[How to use Harbor with Minio](https://blog.minio.io/how-to-use-vmware-harbor-with-minio-c07a5c4ae31b)
|
||||
|
||||
[Harbor, an enterprise class registry server](https://vorcunus.blog/2017/03/11/harbor-an-enterprise-class-registry-server/)
|
||||
|
||||
[Hybrid Container Management for vCloud Director with Harbor](https://blogs.vmware.com/vcat/2017/03/hybrid-container-management-vcloud-director-vmware-harbor.html)
|
||||
|
||||
[Project Harbor Reached Milestone of 2000 Stars](http://www.think-foundry.com/project-harbor-reaches-milestone-2000-stars-github/)
|
||||
|
||||
[Project Harbor in action](http://cormachogan.com/2016/08/05/project-harbor-action/)
|
||||
|
||||
[Using vSphere docker volume driver to run Project Harbor on VSAN](http://cormachogan.com/2016/07/29/using-vsphere-docker-volume-driver-run-project-harbor-vsan/)
|
||||
|
||||
|
||||
[Overall Architecture of Harbor Registry](http://www.compare-review-information.com/overall-architecture-of-harbor-registry/)
|
||||
|
||||
[Making a Private Secured Docker Registry in 15 Minutes](http://alexanderzeitler.com/articles/deploying-a-private-secured-docker-registry-within-15-minutes/)
|
||||
|
@ -1,102 +0,0 @@
|
||||
# Expand the Hard Disk of Virtual Appliance
|
||||
|
||||
If you install Harbor with OVA, the persistent data(such as images and database) is stored in a hard disk which is mounted on directory "/data", and the default size is 50GB. As more and more images are pushed into it, the capacity may not meet your requirements.
|
||||
|
||||
You can check the space on Harbor web UI by clicking on the admin's name at the upper left corner and selecting "About" from the drop-down menu if you log in with an admin user:
|
||||
|
||||
![lvm](img/lvm/check_on_ui_01.png)
|
||||
|
||||
If your free space is running out, you can expand the size of the hard disk by the following steps:
|
||||
|
||||
1. Add New Hard Disk to VM
|
||||
|
||||
(1) Log in vSphere web client. Power off Harbor's virtual appliance.
|
||||
(2) Right click on the VM and select "Edit Settings".
|
||||
(3) Select "New Hard Disk", and click "OK".
|
||||
|
||||
![lvm](img/lvm/add_new_hard_disk.png)
|
||||
|
||||
We add a 10GB new hard disk to show the operations.
|
||||
|
||||
(4) Power on the VM.
|
||||
|
||||
2. Expand Hard Disk using LVM
|
||||
|
||||
Login from the console of the virtual appliance and run the following commands:
|
||||
|
||||
(1) Check the current size of "/data":
|
||||
```sh
|
||||
df -h /data
|
||||
```
|
||||
|
||||
![lvm](img/lvm/size_of_data_01.png)
|
||||
|
||||
(2) Find the new hard disk, e.g. "/dev/sdc". Replace all "/dev/sdc" with your disk in the following commands.
|
||||
```sh
|
||||
fdisk -l
|
||||
```
|
||||
|
||||
![lvm](img/lvm/find_the_new_harddisk.png)
|
||||
|
||||
(3) Create new physical volume:
|
||||
```sh
|
||||
pvcreate /dev/sdc
|
||||
```
|
||||
|
||||
(4) Check the volume group:
|
||||
```sh
|
||||
vgdisplay
|
||||
```
|
||||
|
||||
![lvm](img/lvm/vg_01.png)
|
||||
|
||||
(5) Expand the volume group:
|
||||
```sh
|
||||
vgextend data1_vg /dev/sdc
|
||||
```
|
||||
|
||||
(6) Check the volume group again:
|
||||
```sh
|
||||
vgdisplay
|
||||
```
|
||||
|
||||
![lvm](img/lvm/vg_02.png)
|
||||
|
||||
(7) Check the logical volume:
|
||||
```sh
|
||||
lvdisplay
|
||||
```
|
||||
|
||||
![lvm](img/lvm/lv_01.png)
|
||||
|
||||
(8) Resize the logical volume:
|
||||
```sh
|
||||
lvresize -l +100%FREE /dev/data1_vg/data
|
||||
```
|
||||
|
||||
![lvm](img/lvm/resize_lv.png)
|
||||
|
||||
(9) Check the logical volume again, note the change of "LV Size":
|
||||
```sh
|
||||
lvdisplay
|
||||
```
|
||||
|
||||
![lvm](img/lvm/lv_02.png)
|
||||
|
||||
(10) Resize the file system:
|
||||
```sh
|
||||
resize2fs /dev/data1_vg/data
|
||||
```
|
||||
|
||||
(11) Check the size "/data" again:
|
||||
```sh
|
||||
df -h /data
|
||||
```
|
||||
|
||||
![lvm](img/lvm/size_of_data_02.png)
|
||||
|
||||
You can also check the size on Harbor web UI:
|
||||
|
||||
![lvm](img/lvm/check_on_ui.png)
|
||||
|
||||
After that, your disk should be expanded successfully. If you want to add more hard disks, do the steps again.
|
@ -1,199 +0,0 @@
|
||||
# Installing and Configuring Harbor on vSphere as Virtual Appliance
|
||||
|
||||
* [Prerequisites](#prerequisites)
|
||||
* [Planning for installation](#planning-for-installation)
|
||||
* [Installation](#installation)
|
||||
* [Getting Certificate of Harbor's CA](#getting-certificate-of-harbors-ca)
|
||||
* [Reconfiguration](#reconfiguration)
|
||||
* [Troubleshooting](#troubleshooting)
|
||||
|
||||
This guide walks you through the steps about installing and configuring Harbor on vSphere as a virtual appliance. If you are installing Harbor on a Linux host, refer to this **[Installation Guide](installation_guide.md)**.
|
||||
|
||||
## Prerequisites
|
||||
* vCenter 5.5+ and at least an ESX host.
|
||||
* 2 vCPUs, 4GB memory and 80GB free disk space in datastore.
|
||||
* A network with DHCP capability, or a static IP address for the virtual appliance.
|
||||
|
||||
## Planning for installation
|
||||
|
||||
### User management
|
||||
By default, Harbor stores user information in an internal database. Harbor can also be configured to authenticate against an external LDAP or AD server. For LDAP/AD authentication, the **Authentication Mode** property must be set to *ldap_auth* at the deployment time.
|
||||
|
||||
**NOTE:** This mode cannot be changed after the first boot of Harbor.
|
||||
|
||||
### Security
|
||||
|
||||
Harbor uses HTTPS for secure communication by default. A self-signed certificate is generated at first boot based on its FQDN (Fully Qualified Domain Name) or IP address. A Docker client or a VCH (Virtual Container Host) needs to trust the certificate of Harbor's CA (Certificate Authority) in order to interact with Harbor.
|
||||
|
||||
Harbor always tries to generate a self-signed certificate based on its FQDN. Therefore, its IP address must have a FQDN associated with it in the DNS server. If Harbor cannot resolve its IP address to a FQDN, it generates the self-signed certificate using its IP address. In this case, Harbor can only be accessed by IP address. When Harbor's IP address or FQDN is changed, the self-signed certificate will be re-generated after a reboot.
|
||||
|
||||
Harbor's self-generated certificate can be replaced by supplying a certificate signed by other CAs in OVA's settings.
|
||||
|
||||
Harbor can be configured to use plain HTTP for some environments such as testing and continuous integration (CI). However, it is **NOT** recommended to use HTTP for production because the communication is never secure.
|
||||
|
||||
### Networking
|
||||
|
||||
Harbor can obtain IP address by DHCP. This is convenient for testing purpose. For a production system, it is recommended that static IP address and FQDN be used.
|
||||
|
||||
For the purpose of generating a self-signed certificate, it is recommended that a DNS record be added to associate Harbor's IP address with a FQDN. This is necessary for both static IP address and dynamic IP address acquired from DHCP. If a DNS record is missing for Harbor's IP address, Harbor can only be accessed by its IP address.
|
||||
|
||||
|
||||
## Installation
|
||||
1. Download the OVA file to your local disk from the **[official release page](https://github.com/vmware/harbor/releases)**.
|
||||
|
||||
2. Log in vSphere web client. Right click on the datacenter, cluster or host which Harbor will be deployed on. Select "Deploy OVF Template" and open the import wizard.
|
||||
|
||||
![ova](img/ova/ova01.png)
|
||||
|
||||
3. Select the OVA file from your local disk and click "Next".
|
||||
|
||||
![ova](img/ova/ova02.png)
|
||||
|
||||
4. Review the OVF template details and click "Next".
|
||||
|
||||
![ova](img/ova/ova03.png)
|
||||
|
||||
5. Accept the end user license agreements and click "Next".
|
||||
|
||||
![ova](img/ova/ova04.png)
|
||||
|
||||
6. Specify a name and a location for the virtual appliance.
|
||||
|
||||
![ova](img/ova/ova05.png)
|
||||
|
||||
7. Select the datastore and virtual disk format, click "Next".
|
||||
|
||||
![ova](img/ova/ova06.png)
|
||||
|
||||
8. Configure the network(s) that the virtual appliance should be connected to.
|
||||
|
||||
![ova](img/ova/ova07.png)
|
||||
|
||||
9. Customize the properties of Harbor. The properties are described below. Note that at the very least, you just need to set four properties: **Root Password**, **Harbor Admin Password**, **Database Password** and **Authentication Mode**.
|
||||
|
||||
![ova](img/ova/ova08.png)
|
||||
|
||||
* System
|
||||
* **Root Password**: The initial password of the root user. Subsequent changes of password should be performed in operating system. (8-128 characters)
|
||||
* **Harbor Admin Password**: The initial password of Harbor admin. It only works for the first time when Harbor starts. It has no effect after the first launch of Harbor. Change the admin password from UI after launching Harbor. (8-20 characters)
|
||||
* **Database Password**: The initial password of the root user of MySQL database. Subsequent changes of password should be performed in operating system. (8-128 characters)
|
||||
* **Permit Root Login**: Specifies whether root user can log in using SSH.
|
||||
* **Garbage Collection**: When setting this to true, Harbor performs garbage collection everytime it boots up. The first time setting this flag to true needs to power off the VM and power it on again.
|
||||
|
||||
* Authentication
|
||||
|
||||
The **Authentication Mode** must be set before the first boot of Harbor. Subsequent changes to **Authentication Mode** do not have any effect. When **ldap_auth** mode is enabled, properties related to LDAP/AD must be set.
|
||||
|
||||
* **Authentication Mode**: The default authentication mode is **db_auth**. Set it to **ldap_auth** when users' credentials are stored in an LDAP or AD server. Note: this option can only be set once.
|
||||
* **Self Registration**: Determine whether the self-registration is allowed or not. Set this to off to disable a user's self-registration in Harbor. This flag has no effect when users are stored in LDAP or AD.
|
||||
* **LDAP URL**: The URL of an LDAP/AD server.
|
||||
* **LDAP Search DN**: A user's DN who has the permission to search the LDAP/AD server. Leave blank if your LDAP/AD server supports anonymous search, otherwise you should configure this DN and **LDAP Search Password**.
|
||||
* **LDAP Search Password**: The password of the user for LDAP search. Leave blank if your LDAP/AD server supports anonymous search.
|
||||
* **LDAP Base DN**: The base DN of a node from which to look up a user for authentication. The search scope includes subtree of the node.
|
||||
* **LDAP UID**: The attribute used in a search to match a user, it could be uid, cn, email, sAMAccountName or other attributes depending on your LDAP/AD server.
|
||||
|
||||
* Security
|
||||
|
||||
If HTTPS is enabled, a self-signed certificate is generated by default. To supply your own certificate, fill in two properties: **SSL Cert** and **SSL Cert Key**. Do not use HTTP in any production system. **Notes:** If you want to enable HTTPS with your own self-signed certificate, refer to the "Getting a certificate" section of this **[guide](https://github.com/vmware/harbor/blob/master/docs/configure_https.md#getting-a-certificate)** for more details.
|
||||
|
||||
* **Protocol**: The protocol for accessing Harbor. Warning: setting it to http makes the communication insecure.
|
||||
* **SSL Cert**: Paste in the content of a certificate file. Leave blank for a generated self-signed certificate.
|
||||
* **SSL Cert Key**: Paste in the content of a certificate key file. Leave blank for a generated key.
|
||||
* **Verify Remote Cert**: Determine whether the image replication should verify the certificate of a remote Harbor registry. Set this flag to off when the remote registry uses a self-signed or untrusted certificate.
|
||||
|
||||
* Email Settings
|
||||
|
||||
To allow a user to reset his/her own password through email, configure the below email settings:
|
||||
|
||||
* **Email Server**: The mail server to send out emails to reset password.
|
||||
* **Email Server Port**: The port of mail server.
|
||||
* **Email Username**: The user from whom the password reset email is sent. Usually this is a system email address.
|
||||
* **Email Password**: The password of the user from whom the password reset email is sent.
|
||||
* **Email From**: The name of the email sender.
|
||||
* **Email SSL**: Whether to enable secure mail transmission.
|
||||
|
||||
* Networking properties
|
||||
* **Default Gateway**: The default gateway address for this VM. Leave blank if DHCP is desired.
|
||||
* **Domain Name**: The domain name of this VM. Run command `man resolv.conf` for more explanation. Leave blank if DHCP is desired or the domain name is not needed for static IP.
|
||||
* **Domain Search Path**: The domain search path(comma or space separated domain names) for this VM. Leave blank if DHCP is desired.
|
||||
* **Domain Name Servers**: The domain name server IP Address for this VM(comma separated). Leave blank if DHCP is desired.
|
||||
* **Network 1 IP Address**: The IP address of this interface. Leave blank if DHCP is desired.
|
||||
* **Network 1 Netmask**: The netmask or prefix for this interface. Leave blank if DHCP is desired.
|
||||
|
||||
After you complete the properties, click "Next".
|
||||
|
||||
10. Review your settings and click "Finish" to complete the deployment.
|
||||
|
||||
![ova](img/ova/ova09.png)
|
||||
|
||||
11. Power on the virtual appliance. It may take a few minutes for the first bootup. The virtual appliance needs to initialize itself for configuration like network address and password.
|
||||
|
||||
12. When the appliance is ready, check from vSphere Web Client for its IP address. Open a browser and type in the URL `http(s)://harbor_ip_address` or `http(s)://harbor_host_name`. Log in as the admin user and verify Harbor has been successfully installed.
|
||||
|
||||
13. For information on how to use Harbor, please refer to [User Guide of Harbor Virtual Appliance](user_guide_ova.md).
|
||||
|
||||
## Getting Certificate of Harbor's CA
|
||||
|
||||
By default, Harbor uses a self-signed certificate in HTTPS. A Docker client or a VCH needs to trust the self-signed certificate of Harbor's CA in order to interact with Harbor.
|
||||
To download the certificate of Harbor's CA and import into a Docker client, follow the below steps. If a certificate issued by a public known CA is used, the below steps are not needed.
|
||||
|
||||
1. Log in Harbor's UI as an admin user.
|
||||
2. Click on the admin's name at the upper left corner and select **"About"** from the drop-down menu.
|
||||
3. Click on the **Download** link to save the certificate file as `ca.crt`.
|
||||
|
||||
![ova](img/ova/downloadcert.png)
|
||||
|
||||
4. Copy the certificate file `ca.crt` to a Docker host. To access Harbor using its FQDN, run the below commands, replace `<Harbor_FQDN>` with the actual FQDN of the Harbor instance:
|
||||
```
|
||||
mkdir -p /etc/docker/certs.d/<Harbor_FQDN>
|
||||
cp ca.crt /etc/docker/certs.d/<Harbor_FQDN>/
|
||||
```
|
||||
To access Harbor using its IP address, run the below commands, replace `<Harbor_IP>` with the actual IP address of the Harbor instance:
|
||||
```
|
||||
mkdir -p /etc/docker/certs.d/<Harbor_IP>
|
||||
cp ca.crt /etc/docker/certs.d/<Harbor_IP>/
|
||||
```
|
||||
|
||||
**Note:** If you run both of the above two sets of commands, Harbor can be accessed by either FQDN or IP address.
|
||||
|
||||
5. Run `docker login` command to verify that HTTPS is working.
|
||||
|
||||
To import the CA's certificate into VCH, complete Step 1-3 and refer to VCH's document for instructions.
|
||||
|
||||
## Reconfiguration
|
||||
If you want to change the properties of Harbor, follow the below steps:
|
||||
|
||||
1. **Power off** Harbor's virtual appliance.
|
||||
2. Right click on the VM and select "Edit Settings".
|
||||
|
||||
![ova](img/ova/edit_settings.png)
|
||||
|
||||
3. Click the "vApp Options" tab, update the properties and click "OK".
|
||||
|
||||
![ova](img/ova/vapp_options.png)
|
||||
|
||||
4. **Power on** the VM and Harbor will reconfigure itself based on the new settings.
|
||||
|
||||
**Note:**
|
||||
1. The **Authentication Mode** can only be set once before the first boot. Subsequent modification of this option does not have any effect.
|
||||
2. The initial admin password, root password of the virtual appliance, MySQL root password, and all networking properties can not be modified using this method after Harbor's first launch. Modify them by the following approach:
|
||||
* **Harbor Admin Password**: Change it in Harbor admin portal.
|
||||
* **Root Password of Virtual Appliance**: Change it by logging in the virtual appliance and doing it in the Linux operating system.
|
||||
* **MySQL Root Password**: Change it by logging in the virtual appliance and doing it in the Linux operating system.
|
||||
* **Networking Properties**: Visit `https://harbor_ip_address:5480`, log in with root/password of your virtual appliance and modify networking properties. Reboot the system after modification to ensure Harbor's self-signed certificate gets updated.
|
||||
|
||||
## Troubleshooting
|
||||
|
||||
### Log collection
|
||||
For diagnosis purpose, logs can be collected by the following steps:
|
||||
|
||||
1. Log in the operating system of Harbor virtual appliance and run the below command:
|
||||
```sh
|
||||
/harbor/script/collect.sh
|
||||
```
|
||||
A "harbor_logs.tar.gz" file is generated in the current directory.
|
||||
|
||||
2. Copy the log file to other host and send to your administrator, replace the `<USERNAME>` , `<HOST_IP>` and `<DIRECTORY>` with proper values:
|
||||
```sh
|
||||
scp ./harbor_logs.tar.gz <USERNAME>@<HOST_IP>:<DIRECTORY>
|
||||
```
|
@ -1,207 +0,0 @@
|
||||
#User Guide of Harbor Virtual Appliance
|
||||
##Overview
|
||||
This guide walks you through the fundamentals of using Harbor virtual appliance. You'll learn how to use Harbor to:
|
||||
|
||||
* Manage your projects.
|
||||
* Manage members of a project.
|
||||
* Replicate projects to a remote registry.
|
||||
* Search projects and repositories.
|
||||
* Manage Harbor system if you are the system administrator:
|
||||
+ Manage users.
|
||||
+ Manage destinations.
|
||||
+ Manage replication policies.
|
||||
* Pull and push images using Docker client.
|
||||
* Delete repositories and images.
|
||||
|
||||
|
||||
##Role Based Access Control
|
||||
|
||||
![rbac](img/rbac.png)
|
||||
|
||||
In Harbor, images are grouped under projects. To access an image, a user should be added as a member into the project of the image. A member can have one of the three roles:
|
||||
|
||||
* **Guest**: Guest has read-only privilege for a specified project.
|
||||
* **Developer**: Developer has read and write privileges for a project.
|
||||
* **ProjectAdmin**: When creating a new project, you will be assigned the "ProjectAdmin" role to the project. Besides read-write privileges, the "ProjectAdmin" also has some management privileges, such as adding and removing members.
|
||||
|
||||
Besides the above three roles, there are two system-wide roles:
|
||||
|
||||
* **SysAdmin**: "SysAdmin" has the most privileges. In addition to the privileges mentioned above, "SysAdmin" can also list all projects, set an ordinary user as administrator and delete users. The public project "library" is also owned by the administrator.
|
||||
* **Anonymous**: When a user is not logged in, the user is considered as an "anonymous" user. An anonymous user has no access to private projects and has read-only access to public projects.
|
||||
|
||||
##User account
|
||||
Harbor supports two authentication modes:
|
||||
|
||||
* **Database(db_auth)**
|
||||
|
||||
Users are stored in the local database.
|
||||
|
||||
A user can register himself/herself in Harbor in this mode. To disable user self-registration, refer to the **[installation guide](installation_guide_ova.md)**. When self-registration is disabled, the system administrator can add users in Harbor.
|
||||
|
||||
When registering or adding a new user, the username and email must be unique in the Harbor system. The password must contain at least 8 characters, less than 20 characters with 1 lowercase letter, 1 uppercase letter and 1 numeric character.
|
||||
|
||||
When you forgot your password, you can follow the below steps to reset the password:
|
||||
|
||||
1. Click the link "Forgot Password" in the sign in page.
|
||||
2. Input the email address entered when you signed up, an email will be sent out to you for password reset.
|
||||
3. After receiving the email, click on the link in the email which directs you to a password reset web page.
|
||||
4. Input your new password and click "Save".
|
||||
|
||||
* **LDAP/Active Directory (ldap_auth)**
|
||||
|
||||
Under this authentication mode, users whose credentials are stored in an external LDAP or AD server can log in to Harbor directly.
|
||||
|
||||
When an LDAP/AD user logs in by *username* and *password*, Harbor binds to the LDAP/AD server with the **"LDAP Search DN"** and **"LDAP Search Password"** described in [installation guide](installation_guide_ova.md). If it successes, Harbor looks up the user under the LDAP entry **"LDAP Base DN"** including substree. The attribute (such as uid, cn) specified by **"LDAP UID"** is used to match a user with the *username*. If a match is found, the user's *password* is verified by a bind request to the LDAP/AD server.
|
||||
|
||||
Self-registration, changing password and resetting password are not supported anymore under LDAP/AD authentication mode because the users are managed by LDAP or AD.
|
||||
|
||||
##Managing projects
|
||||
A project in Harbor contains all repositories of an application. No images can be pushed to Harbor before the project is created. RBAC is applied to a project. There are two types of projects in Harbor:
|
||||
|
||||
* **Public**: All users have the read privilege to a public project, it's convenient for you to share some repositories with others in this way.
|
||||
* **Private**: A private project can only be accessed by users with proper privileges.
|
||||
|
||||
You can create a project after you signed in. Enabling the "Public" checkbox makes the project public.
|
||||
|
||||
![create project](img/new_create_project.png)
|
||||
|
||||
After the project is created, you can browse repositories, users and logs using the navigation tab.
|
||||
|
||||
![browse project](img/new_browse_project.png)
|
||||
|
||||
All logs can be listed by clicking "Logs". You can apply a filter by username, or operations and dates under "Advanced Search".
|
||||
|
||||
![browse project](img/new_project_log.png)
|
||||
|
||||
##Managing members of a project
|
||||
###Adding members
|
||||
You can add members with different roles to an existing project.
|
||||
|
||||
![browse project](img/new_add_member.png)
|
||||
|
||||
###Updating and removing members
|
||||
You can update or remove a member by clicking the icon on the right.
|
||||
|
||||
![browse project](img/new_remove_update_member.png)
|
||||
|
||||
##Replicating images
|
||||
Images can be replicated between Harbor instances. It can be used to transfer images from one data center to another, or from an on-prem registry to an instance in the cloud.
|
||||
|
||||
A replication policy needs to be set up on the source instance to govern the replication process.
|
||||
One key fact about the replication is that only images are replicated between Harbor instances.
|
||||
Users, roles and other information are not replicated. As such, always keep in mind that the user, roles and policy information is individually managed by each Harbor instance.
|
||||
|
||||
The replication is project-based. When a system administrator sets a policy to a project, all repositories under the project will be replicated to the remote registry. A replication job will be scheduled for each repository.
|
||||
If the project does not exist on the remote registry, a new project is created automatically.
|
||||
If the project already exists and the replication user configured in the policy has no write privilege to it,
|
||||
the process will fail.
|
||||
|
||||
When the policy is first enabled, all images of the project are replicated to the remote registry. Images subsequently pushed to the project on the source registry
|
||||
will be incrementally replicated to the remote instance. When an image is deleted from the source registry, the policy ensures that the remote registry deletes the same image as well.
|
||||
Please note, the user and member information will not be replicated.
|
||||
|
||||
Depending on the size of the images and the network condition, the replication requires some time to complete. On the remote registry, an image is not available until
|
||||
all its layers have been synchronized from the source. If a replication job fails due to some network issue, the job will be scheduled for a retry after a few minutes.
|
||||
Always checks the log to see if there is any error of the replication. When a policy is disabled (stopped), Harbor tries to stop all existing jobs. It may take a while
|
||||
before all jobs finish. A policy can be restarted by disabling and then enabling it again.
|
||||
|
||||
To enable image replication, a policy must first be created. Click "Add New Policy" on the "Replication" tab, fill the necessary fields, if there is no destination in the list, you need to create one, and then click "OK", a policy for this project will be created. If "Enable" is chosen, the project will be replicated to the remote immediately.
|
||||
|
||||
**Note:** Set **"Verify Remote Cert"** to off according to the [installation guide](installation_guide_ova.md) if the destination uses a self-signed or untrusted certificate.
|
||||
|
||||
![browse project](img/new_create_policy.png)
|
||||
|
||||
You can enable, disable or delete a policy in the policy list view. Only policies which are disabled can be edited. Only policies which are disabled and have no running jobs can be deleted. If a policy is disabled, the running jobs under it will be stopped.
|
||||
|
||||
Click on a policy, jobs belonging to this policy will be listed. A job represents the progress of replicating a repository to the remote instance.
|
||||
|
||||
![browse project](img/new_policy_list.png)
|
||||
|
||||
##Searching projects and repositories
|
||||
Entering a keyword in the search field at the top lists all matching projects and repositories. The search result includes both public and private repositories you have access privilege to.
|
||||
|
||||
![browse project](img/new_search.png)
|
||||
|
||||
##Administrator options
|
||||
###Managing user
|
||||
Administrator can add "administrator" role to an ordinary user by toggling the switch under "Administrator". To delete a user, click on the recycle bin icon.
|
||||
|
||||
![browse project](img/new_set_admin_remove_user.png)
|
||||
|
||||
###Managing destination
|
||||
You can list, add, edit and delete destinations in the "Destination" tab. Only destinations which are not referenced by any policies can be edited.
|
||||
|
||||
![browse project](img/new_manage_destination.png)
|
||||
|
||||
###Managing replication
|
||||
You can list, edit, enable and disable policies in the "Replication" tab. Make sure the policy is disabled before you edit it.
|
||||
|
||||
![browse project](img/new_manage_replication.png)
|
||||
|
||||
##Pulling and pushing images using Docker client
|
||||
|
||||
**NOTE: Harbor only supports Registry V2 API. You need to use Docker client 1.6.0 or higher.**
|
||||
|
||||
Harbor uses HTTPS for secure communication by default. A self-signed certificate is generated at first boot based on its FQDN (Fully Qualified Domain Name) or IP address. If you use Docker client to interact with it, there are two options you can choose:
|
||||
|
||||
1. Trust the certificate of Harbor's CA
|
||||
Refer to the "Getting Certificate of Harbor's CA" part of [installation guide](installation_guide_ova.md).
|
||||
2. Set "--insecure-registry" option
|
||||
Add "--insecure-registry" option to /etc/default/docker (ubuntu) or /etc/sysconfig/docker (centos) and restart Docker service.
|
||||
|
||||
If Harbor is configured as using HTTP, just set the "--insecure-registry" option.
|
||||
|
||||
If the certificate used by Harbor is signed by a trusted authority, Docker should work without any additional configuration.
|
||||
|
||||
###Pulling images
|
||||
If the project that the image belongs to is private, you should sign in first:
|
||||
|
||||
```sh
|
||||
$ docker login 10.117.169.182
|
||||
```
|
||||
|
||||
You can now pull the image:
|
||||
|
||||
```sh
|
||||
$ docker pull 10.117.169.182/library/ubuntu:14.04
|
||||
```
|
||||
|
||||
**Note: Replace "10.117.169.182" with the IP address or domain name of your Harbor node.**
|
||||
|
||||
###Pushing images
|
||||
Before pushing an image, you must create a corresponding project on Harbor web UI.
|
||||
|
||||
First, log in from Docker client:
|
||||
|
||||
```sh
|
||||
$ docker login 10.117.169.182
|
||||
```
|
||||
|
||||
Tag the image:
|
||||
|
||||
```sh
|
||||
$ docker tag ubuntu:14.04 10.117.169.182/demo/ubuntu:14.04
|
||||
```
|
||||
|
||||
Push the image:
|
||||
|
||||
```sh
|
||||
$ docker push 10.117.169.182/demo/ubuntu:14.04
|
||||
```
|
||||
|
||||
**Note: Replace "10.117.169.182" with the IP address or domain name of your Harbor node.**
|
||||
|
||||
##Deleting repositories
|
||||
|
||||
Repository deletion runs in two steps.
|
||||
|
||||
First, delete a repository in Harbor's UI. This is soft deletion. You can delete the entire repository or just a tag of it. After the soft deletion,
|
||||
the repository is no longer managed in Harbor, however, the files of the repository still remain in Harbor's storage.
|
||||
|
||||
![browse project](img/new_delete_repository.png)
|
||||
|
||||
**CAUTION: If both tag A and tag B refer to the same image, after deleting tag A, B will also get deleted.**
|
||||
|
||||
Next, set **"Garbage Collection"** to true according to the [installation guide](installation_guide_ova.md)(skip this step if this flag has already been set) and reboot the VM, Harbor will perform garbage collection when it boots up.
|
||||
|
||||
For more information about garbage collection, please see Docker's document on [GC](https://github.com/docker/docker.github.io/blob/master/registry/garbage-collection.md).
|
Loading…
Reference in New Issue
Block a user