docker私库Harbor的架构与组件说明
这篇文章来了解一下harbor架构的组成和运行时各个组件的使用方式。
架构
容器信息
[root@liumiao harbor]# docker-compose ps
Name Command State Ports
------------------------------------------------------------------------------------------------------------------------------
harbor-adminserver /harbor/start.sh Up
harbor-db /usr/local/bin/docker-entr ... Up 3306/tcp
harbor-jobservice /harbor/start.sh Up
harbor-log /bin/sh -c /usr/local/bin/ ... Up 127.0.0.1:1514->10514/tcp
harbor-ui /harbor/start.sh Up
nginx nginx -g daemon off; Up 0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp, 0.0.0.0:80->80/tcp
redis docker-entrypoint.sh redis ... Up 6379/tcp
registry /entrypoint.sh serve /etc/ ... Up 5000/tcp [root@liumiao harbor]#
具体说明
proxy
proxy就是使用nginx作为反向代理,而整个的核心则在于nginx的设定文件,通过如下的设定文件可以清楚的看到harbor所解释的将各个其他组件集成在一起的说明内容,而实际的实现也基本上就是靠nginx的设定。
[root@liumiao harbor]# ls
LICENSE common docker-compose.notary.yml ha harbor.v1.5.2.tar.gz open_source_license
NOTICE docker-compose.clair.yml docker-compose.yml harbor.cfg install.sh prepare
[root@liumiao harbor]# cat common/config/nginx/nginx.conf
worker_processes auto;
events {
worker_connections 1024;
use epoll;
multi_accept on;
}
http {
tcp_nodelay on;
# this is necessary for us to be able to disable request buffering in all cases
proxy_http_version 1.1;
upstream registry {
server registry:5000;
}
upstream ui {
server ui:8080;
}
log_format timed_combined '$remote_addr - '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent" '
'$request_time $upstream_response_time $pipe';
access_log /dev/stdout timed_combined;
server {
listen 80;
server_tokens off;
# disable any limits to avoid HTTP 413 for large image uploads
client_max_body_size 0;
location / {
proxy_pass http://ui/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings.
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
proxy_request_buffering off;
}
location /v1/ {
return 404;
}
location /v2/ {
proxy_pass http://ui/registryproxy/v2/;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings.
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
proxy_request_buffering off;
}
location /service/ {
proxy_pass http://ui/service/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings.
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
proxy_request_buffering off;
}
location /service/notifications {
return 404;
}
}
}
[root@liumiao harbor]#
database
可以看到使用的是MariaDB 10.2.14, harbor的数据库名称为registry
[root@liumiao harbor]# docker exec -it harbor-db sh sh-4.3# mysql -uroot -pliumiaopw Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 21 Server version: 10.2.14-MariaDB Source distribution Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> show databases; +--------------------+ | Database | +--------------------+ | information_schema | | mysql | | performance_schema | | registry | +--------------------+ 4 rows in set (0.00 sec) MariaDB [(none)]>
数据库表的信息进行确认后可以看到,当前版本的这种使用方式下,数据库的表有如下 20张表左右
MariaDB [(none)]> use registry; Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A Database changed MariaDB [registry]> show tables; +-------------------------------+ | Tables_in_registry | +-------------------------------+ | access | | access_log | | alembic_version | | clair_vuln_timestamp | | harbor_label | | harbor_resource_label | | img_scan_job | | img_scan_overview | | project | | project_member | | project_metadata | | properties | | replication_immediate_trigger | | replication_job | | replication_policy | | replication_target | | repository | | role | | user | | user_group | +-------------------------------+ 20 rows in set (0.00 sec) MariaDB [registry]>
Log collector
harbor中的日志缺省会在如下目录下进行汇集和管理
[root@liumiao harbor]# ls /var/log/harbor adminserver.log jobservice.log mysql.log proxy.log redis.log registry.log ui.log [root@liumiao harbor]#
docker-compose.yml
[root@liumiao harbor]# cat docker-compose.yml
version: '2'
services:
log:
image: vmware/harbor-log:v1.5.2
container_name: harbor-log
restart: always
volumes:
- /var/log/harbor/:/var/log/docker/:z
- ./common/config/log/:/etc/logrotate.d/:z
ports:
- 127.0.0.1:1514:10514
networks:
- harbor
registry:
image: vmware/registry-photon:v2.6.2-v1.5.2
container_name: registry
restart: always
volumes:
- /data/registry:/storage:z
- ./common/config/registry/:/etc/registry/:z
networks:
- harbor
environment:
- GODEBUG=netdns=cgo
command:
["serve", "/etc/registry/config.yml"]
depends_on:
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "registry"
mysql:
image: vmware/harbor-db:v1.5.2
container_name: harbor-db
restart: always
volumes:
- /data/database:/var/lib/mysql:z
networks:
- harbor
env_file:
- ./common/config/db/env
depends_on:
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "mysql"
adminserver:
image: vmware/harbor-adminserver:v1.5.2
container_name: harbor-adminserver
env_file:
- ./common/config/adminserver/env
restart: always
volumes:
- /data/config/:/etc/adminserver/config/:z
- /data/secretkey:/etc/adminserver/key:z
- /data/:/data/:z
networks:
- harbor
depends_on:
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "adminserver"
ui:
image: vmware/harbor-ui:v1.5.2
container_name: harbor-ui
env_file:
- ./common/config/ui/env
restart: always
volumes:
- ./common/config/ui/app.conf:/etc/ui/app.conf:z
- ./common/config/ui/private_key.pem:/etc/ui/private_key.pem:z
- ./common/config/ui/certificates/:/etc/ui/certificates/:z
- /data/secretkey:/etc/ui/key:z
- /data/ca_download/:/etc/ui/ca/:z
- /data/psc/:/etc/ui/token/:z
networks:
- harbor
depends_on:
- log
- adminserver
- registry
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "ui"
jobservice:
image: vmware/harbor-jobservice:v1.5.2
container_name: harbor-jobservice
env_file:
- ./common/config/jobservice/env
restart: always
volumes:
- /data/job_logs:/var/log/jobs:z
- ./common/config/jobservice/config.yml:/etc/jobservice/config.yml:z
networks:
- harbor
depends_on:
- redis
- ui
- adminserver
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "jobservice"
redis:
image: vmware/redis-photon:v1.5.2
container_name: redis
restart: always
volumes:
- /data/redis:/data
networks:
- harbor
depends_on:
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "redis"
proxy:
image: vmware/nginx-photon:v1.5.2
container_name: nginx
restart: always
volumes:
- ./common/config/nginx:/etc/nginx:z
networks:
- harbor
ports:
- 80:80
- 443:443
- 4443:4443
depends_on:
- mysql
- registry
- ui
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "proxy"
networks:
harbor:
external: false
[root@liumiao harbor]#
使用注意事项:自定义端口号
在前一篇文章的例子中我们使用默认的80口作为harbor的端口,如果希望进行更改(比如改为8848),按照如下步骤进行修改即可
设定内容
可以通过查看数据库的properties或者api/systeminfo来确认harbor设定项目的详细信息
properties
[root@liumiao harbor]# docker exec -it harbor-db sh sh-4.3# mysql -uroot -pliumiaopw Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 153 Server version: 10.2.14-MariaDB Source distribution Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> use registry Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A Database changed MariaDB [registry]> select * from properties; +----+--------------------------------+----------------------------------------------+ | id | k | v | +----+--------------------------------+----------------------------------------------+ | 1 | cfg_expiration | 5 | | 2 | project_creation_restriction | everyone | | 3 | uaa_client_secret | <enc-v1>cBvRPcG+p3oNVnJh8VM+SjvlcEsKYg== | | 4 | clair_db_host | postgres | | 5 | token_service_url | http://ui:8080/service/token | | 6 | mysql_password | <enc-v1>HDqd+PbHcG9EWK9DF3RzM43fTtPvCjdvyQ== | | 7 | uaa_endpoint | uaa.mydomain.org | | 8 | max_job_workers | 50 | | 9 | sqlite_file | | | 10 | email_from | admin <sample_admin@mydomain.com> | | 11 | ldap_base_dn | ou=people,dc=mydomain,dc=com | | 12 | clair_db_port | 5432 | | 13 | mysql_port | 3306 | | 14 | ldap_search_dn | | | 15 | clair_db_username | postgres | | 16 | email_insecure | false | | 17 | database_type | mysql | | 18 | ldap_filter | | | 19 | with_notary | false | | 20 | admin_initial_password | <enc-v1>4ZEvd/GfBYSdF9I6PfeI/XIvfGhPITaD3w== | | 21 | notary_url | http://notary-server:4443 | | 22 | auth_mode | db_auth | | 23 | ldap_group_search_scope | 2 | | 24 | ldap_uid | uid | | 25 | email_username | sample_admin@mydomain.com | | 26 | mysql_database | registry | | 27 | reload_key | | | 28 | clair_url | http://clair:6060 | | 29 | ldap_group_search_filter | objectclass=group | | 30 | email_password | <enc-v1>h18ptbUM5oJwtKOzjJ4X5LOiPw== | | 31 | email_ssl | false | | 32 | ldap_timeout | 5 | | 33 | uaa_client_id | id | | 34 | registry_storage_provider_name | filesystem | | 35 | self_registration | true | | 36 | email_port | 25 | | 37 | ui_url | http://ui:8080 | | 38 | token_expiration | 30 | | 39 | email_identity | | | 40 | clair_db | postgres | | 41 | uaa_verify_cert | true | | 42 | ldap_verify_cert | true | | 43 | ldap_group_attribute_name | cn | | 44 | mysql_host | mysql | | 45 | read_only | false | | 46 | ldap_url | ldaps://ldap.mydomain.com | | 47 | ext_endpoint | http://192.168.163.128 | | 48 | ldap_group_base_dn | ou=group,dc=mydomain,dc=com | | 49 | with_clair | false | | 50 | admiral_url | NA | | 51 | ldap_scope | 2 | | 52 | registry_url | http://registry:5000 | | 53 | jobservice_url | http://jobservice:8080 | | 54 | email_host | smtp.mydomain.com | | 55 | ldap_search_password | <enc-v1>F2QZkeEPTQPsJ9KNsBWcXA== | | 56 | mysql_username | root | | 57 | clair_db_password | <enc-v1>IGBg3NxvT7qCYGIB+zizax+GojoM7ao2VQ== | +----+--------------------------------+----------------------------------------------+ 57 rows in set (0.00 sec) MariaDB [registry]>
api/systeminfo
[root@liumiao harbor]# curl http://localhost/api/systeminfo
{
"with_notary": false,
"with_clair": false,
"with_admiral": false,
"admiral_endpoint": "NA",
"auth_mode": "db_auth",
"registry_url": "192.168.163.128",
"project_creation_restriction": "everyone",
"self_registration": true,
"has_ca_root": false,
"harbor_version": "v1.5.2-8e61deae",
"next_scan_all": 0,
"registry_storage_provider_name": "filesystem",
"read_only": false
}[root@liumiao harbor]#
总结
以上就是这篇文章的全部内容了,希望本文的内容对大家的学习或者工作具有一定的参考学习价值,谢谢大家对我们的支持。如果你想了解更多相关内容请查看下面相关链接
相关推荐
-
Docker 搭建私有仓库(registry、harbor)
为什么要弄私有仓库,大多是为了速度,我们再私有仓库中的push和pull的速度是特别快的. 利用registry快速搭建 https://hub.docker.com/_/registry/ Run a local registry: Quick Version $ docker run -d -p 5000:5000 --restart always --name registry registry:2 Now, use it from within Docker: $ docker pull
-
Docker私服仓库Harbor安装的步骤详解
Harbor安装那里还是很简单,就是在Docker Login那里掉坑里去了,搞半天,写博客的时候,又重新安装了一遍 1.准备两台服务器 centos7 harbor 10.19.46.15 client 10.19.44.31 2.harbor需要安装docker和docker-composere,client只需要安装docker Docker安装 yum install -y yum-utils device-mapper-persistent-data lvm2 yum-config-m
-
详解基于Harbor搭建Docker私有镜像仓库
什么是 Harbor? 第一次使用这个的时候是刚进公司处理的第一个任务的时候,发现 Harbor 就是一个用于存储和分发 Docker 镜像的企业级Registry 服务器. 网上找到一个 Harbor 的架构图: Harbor 是 VMware 公司开源的企业级 DockerRegistry 项目,项目地址为 https://github.com/vmware/harbor.其目标是帮助用户迅速搭建一个企业级的 Docker registry 服务.它以 Docker 公司开源的 regist
-
详解CentOS7安装配置vsftp搭建FTP
安装配置vsftpd做FTP服务,我们的Web应用使用git管理进行迭代,公共文件软件存储使用开源网盘Seafile来管理,基本够用.想不到FTP的使用的场景,感觉它好像老去了,虽然现在基本没有用到这个工具,但刚好公司公司刷一个硬件需要使用FTP来下载配置文件,于是研究使用了一下,记录了一下使用过程. 安装 在安装前查看是否已安装vsftpd # 查看是否已安装 方法一 [root@localhost ~]# rpm -q vsftpd vsftpd-3.0.2-21.el7.x86_64 #
-
CentOS7.5安装配置Harbor1.7的全过程
1.下载所需的包 wget -P /usr/local https://storage.googleapis.com/harbor-releases/release-1.7.0/harbor-online-installer-v1.7.1.tgz 2.解压文件 tar zxf /usr/local/harbor-online-installer-v1.7.1.tgz -C /usr/local/ 3.修改Harbor配置 hostname:配置主机名称,不可以设置127.0.0.1,localh
-
centos7系统安装配置openvpn服务端
一直没研究过vpn,最近找个视频,学了下,搭环境,测试成功,速记录在案: 使用环境: openvpn服务端安装在centos7系统平台上: openvpn客户端安装在windows平台上: 其中的操作步骤有些很像此前写过的一篇文章CA服务器签署证书的步骤: openvpn就是安全的vpn,通过openssl实现ssl加密解密: openvpn实现的简单原理个人理解是: 通过openvpn客户端和服务器端用虚拟网卡建立逻辑的安全的通信连接,然后再通过物理网卡传输数据: 即首先openvpn服务
-
docker私库Harbor的架构与组件说明
这篇文章来了解一下harbor架构的组成和运行时各个组件的使用方式. 架构 容器信息 [root@liumiao harbor]# docker-compose ps Name Command State Ports ------------------------------------------------------------------------------------------------------------------------------ harbor-adminse
-
利用nexus作为私库进行代理docker,进行上传和下载镜像操作
一.nexus的配置 1.创建docker proxy 用于从外网仓库中拉取镜像至本地仓库中. 点击"create Repository",选择docker(proxy)进行创建 填写参数 点击"create repository" 创建 2.创建docker hosted 用于将自己的镜像上传至私库 点击"create Repository",选择docker(hosted)进行创建 填写参数: 点击"create repositor
-
Docker私有仓库Harbor介绍和部署方法详解
Docker容器应用的开发和运行离不开可靠的镜像管理,虽然Docker官方也提供了公共的镜像仓库,但是从安全和效率等方面考虑,部署我们私有环境内的Registry也是非常必要的.这里介绍一款企业级Docker镜像仓库Harbor的部署和使用,在Kubernetes集群中,推荐使用Harbor仓库环境. 一.Harbor仓库介绍 我们在日常Docker容器使用和管理过程中,渐渐发现部署企业私有仓库往往是很有必要的, 它可以帮助你管理企业的一些敏感镜像, 同时由于Docker Hub的下载速度和GF
-
Docker Gitlab+Jenkins+Harbor构建持久化平台操作
CI/CD概述 CI工作流程设计 Git 代码版本管理系统 只能命令行去管理git Gitlab 基于git做了图形管理页面,企业使用gitlab做私有的代码管理仓库 Github 公共代码管理仓库 搭建gitlab 搭建gitlab先创建工作目录,因为有些数据需要持久化 [root@www ~]# mkdir -p /gitlab [root@www ~]# cd /gitlab/ docker run -d \ --name gitlab \ -p 8443:443 \ -p 9999:80
-
使用docker compose安装harbor私有仓库的详细教程
概述 harbor是什么呢?英文单词的意思是:港湾.港湾用来存放集装箱(货物的),而docker的由来正是借鉴了集装箱的原理,所以harbor是用于存放docker的镜像,作为镜像仓库使用.官方的说法是:Harbor是一个用于存储和分发Docker镜像的企业级Registry服务器. harbor镜像仓库是由VMware开源的一款企业级镜像仓库,它包括权限管理(RBAC).LDAP.日志审核.管理界面.自我注册.镜像复制等诸多功能. 一.harbor特性 1.基于角色的访问控制:用户和存储库是通
-
详解docker使用阿里云Docker镜像库加速(修订版)
官方镜像下载实在是慢,于是开通了阿里云开发者帐号, 阿里的文档是错误的, 复制代码 代码如下: sudo sed -i "s|ExecStart=/usr/bin/docker daemon|ExecStart=/usr/bin/docker daemon --registry-mirror=https://pee6w651.mirror.aliyuncs.com|g" /etc/systemd/system/docker.service 这一句改为 复制代码 代码如下: sudo s
-
docker私有库的搭建实现
安装部署一个私有的Docker Registry是引入.学习和使用Docker这门技术的必经之路之一.尤其是当Docker被所在组织接受,更多人.项目和产品开始接触和使用Docker时,存储和分发自制的Docker image便成了刚需.Docker Registry一如既往的继承了"Docker坑多"的特点,为此这里将自己搭建"各类"Registry过程中执行的步骤.遇到的问题记录下来,为己备忘,为他参考. Registry2在镜像存储方面不仅支持本地盘,还支持诸
-
Vue组织架构树图组件vue-org-tree的使用解析
目录 Vue组织架构树图组件vue-org-tree 说明 快速开始 API Vue组织架构图组件 vue-tree-chart Vue组织架构树图组件vue-org-tree 说明 最近需要作出一个组织架构图来可视化展示一下,最后找到vue-org-tree这个组件,觉得效果还不错~,可选节点颜色.横向/纵向展开.打开/收起,在这记录一下使用方法,效果图如下: 快速开始 安装 npm install --save-dev less less-loader npm install --save-
-
微信小程序 MinUI组件库系列之badge徽章组件示例
MinUI是基于微信小程序自定义组件特性开发而成的一套简洁.易用.高效的组件库,适用场景广,覆盖小程序原生框架.各种小程序组件主流框架等,并且提供了高效的命令行工具.MinUI 组件库包含了很多基础的组件,其中 badge 徽章组件是一个很常用的基础元件, MinUI 中 badge 组件的效果图如下: 各式各样的类型都有哦,是不是看起来很方便很快捷的样子(^_^).可以打开微信扫一扫下面的小程序二维码先一睹为快: 下面介绍 badge 组件的使用方式. 1.使用下列命令安装 Min-Cli,如