docker私库Harbor的架构与组件说明

这篇文章来了解一下harbor架构的组成和运行时各个组件的使用方式。

架构

容器信息

[root@liumiao harbor]# docker-compose ps
    Name           Command        State                Ports
------------------------------------------------------------------------------------------------------------------------------
harbor-adminserver  /harbor/start.sh         Up
harbor-db      /usr/local/bin/docker-entr ...  Up   3306/tcp
harbor-jobservice  /harbor/start.sh         Up
harbor-log      /bin/sh -c /usr/local/bin/ ...  Up   127.0.0.1:1514->10514/tcp
harbor-ui      /harbor/start.sh         Up
nginx        nginx -g daemon off;       Up   0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp, 0.0.0.0:80->80/tcp
redis        docker-entrypoint.sh redis ...  Up   6379/tcp
registry       /entrypoint.sh serve /etc/ ...  Up   5000/tcp                       [root@liumiao harbor]# 

具体说明

proxy

proxy就是使用nginx作为反向代理,而整个的核心则在于nginx的设定文件,通过如下的设定文件可以清楚的看到harbor所解释的将各个其他组件集成在一起的说明内容,而实际的实现也基本上就是靠nginx的设定。

[root@liumiao harbor]# ls
LICENSE common          docker-compose.notary.yml ha     harbor.v1.5.2.tar.gz open_source_license
NOTICE  docker-compose.clair.yml docker-compose.yml     harbor.cfg install.sh      prepare
[root@liumiao harbor]# cat common/config/nginx/nginx.conf
worker_processes auto;
events {
 worker_connections 1024;
 use epoll;
 multi_accept on;
}
http {
 tcp_nodelay on;
 # this is necessary for us to be able to disable request buffering in all cases
 proxy_http_version 1.1;
 upstream registry {
  server registry:5000;
 }
 upstream ui {
  server ui:8080;
 }
 log_format timed_combined '$remote_addr - '
  '"$request" $status $body_bytes_sent '
  '"$http_referer" "$http_user_agent" '
  '$request_time $upstream_response_time $pipe';
 access_log /dev/stdout timed_combined;
 server {
  listen 80;
  server_tokens off;
  # disable any limits to avoid HTTP 413 for large image uploads
  client_max_body_size 0;
  location / {
   proxy_pass http://ui/;
   proxy_set_header Host $host;
   proxy_set_header X-Real-IP $remote_addr;
   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
   # When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings.
   proxy_set_header X-Forwarded-Proto $scheme;
   proxy_buffering off;
   proxy_request_buffering off;
  }
  location /v1/ {
   return 404;
  }
  location /v2/ {
   proxy_pass http://ui/registryproxy/v2/;
   proxy_set_header Host $http_host;
   proxy_set_header X-Real-IP $remote_addr;
   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
   # When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings.
   proxy_set_header X-Forwarded-Proto $scheme;
   proxy_buffering off;
   proxy_request_buffering off;
  }
  location /service/ {
   proxy_pass http://ui/service/;
   proxy_set_header Host $host;
   proxy_set_header X-Real-IP $remote_addr;
   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
   # When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings.
   proxy_set_header X-Forwarded-Proto $scheme;
   proxy_buffering off;
   proxy_request_buffering off;
  }
  location /service/notifications {
   return 404;
  }
 }
}
[root@liumiao harbor]# 

database

可以看到使用的是MariaDB 10.2.14, harbor的数据库名称为registry

[root@liumiao harbor]# docker exec -it harbor-db sh
sh-4.3# mysql -uroot -pliumiaopw
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 21
Server version: 10.2.14-MariaDB Source distribution
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> show databases;
+--------------------+
| Database      |
+--------------------+
| information_schema |
| mysql       |
| performance_schema |
| registry      |
+--------------------+
4 rows in set (0.00 sec)
MariaDB [(none)]>

数据库表的信息进行确认后可以看到,当前版本的这种使用方式下,数据库的表有如下 20张表左右

MariaDB [(none)]> use registry;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
MariaDB [registry]> show tables;
+-------------------------------+
| Tables_in_registry      |
+-------------------------------+
| access            |
| access_log          |
| alembic_version        |
| clair_vuln_timestamp     |
| harbor_label         |
| harbor_resource_label     |
| img_scan_job         |
| img_scan_overview       |
| project            |
| project_member        |
| project_metadata       |
| properties          |
| replication_immediate_trigger |
| replication_job        |
| replication_policy      |
| replication_target      |
| repository          |
| role             |
| user             |
| user_group          |
+-------------------------------+
20 rows in set (0.00 sec)
MariaDB [registry]>

Log collector

harbor中的日志缺省会在如下目录下进行汇集和管理

[root@liumiao harbor]# ls /var/log/harbor
adminserver.log jobservice.log mysql.log proxy.log redis.log registry.log ui.log
[root@liumiao harbor]# 

docker-compose.yml

[root@liumiao harbor]# cat docker-compose.yml
version: '2'
services:
 log:
  image: vmware/harbor-log:v1.5.2
  container_name: harbor-log
  restart: always
  volumes:
   - /var/log/harbor/:/var/log/docker/:z
   - ./common/config/log/:/etc/logrotate.d/:z
  ports:
   - 127.0.0.1:1514:10514
  networks:
   - harbor
 registry:
  image: vmware/registry-photon:v2.6.2-v1.5.2
  container_name: registry
  restart: always
  volumes:
   - /data/registry:/storage:z
   - ./common/config/registry/:/etc/registry/:z
  networks:
   - harbor
  environment:
   - GODEBUG=netdns=cgo
  command:
   ["serve", "/etc/registry/config.yml"]
  depends_on:
   - log
  logging:
   driver: "syslog"
   options:
    syslog-address: "tcp://127.0.0.1:1514"
    tag: "registry"
 mysql:
  image: vmware/harbor-db:v1.5.2
  container_name: harbor-db
  restart: always
  volumes:
   - /data/database:/var/lib/mysql:z
  networks:
   - harbor
  env_file:
   - ./common/config/db/env
  depends_on:
   - log
  logging:
   driver: "syslog"
   options:
    syslog-address: "tcp://127.0.0.1:1514"
    tag: "mysql"
 adminserver:
  image: vmware/harbor-adminserver:v1.5.2
  container_name: harbor-adminserver
  env_file:
   - ./common/config/adminserver/env
  restart: always
  volumes:
   - /data/config/:/etc/adminserver/config/:z
   - /data/secretkey:/etc/adminserver/key:z
   - /data/:/data/:z
  networks:
   - harbor
  depends_on:
   - log
  logging:
   driver: "syslog"
   options:
    syslog-address: "tcp://127.0.0.1:1514"
    tag: "adminserver"
 ui:
  image: vmware/harbor-ui:v1.5.2
  container_name: harbor-ui
  env_file:
   - ./common/config/ui/env
  restart: always
  volumes:
   - ./common/config/ui/app.conf:/etc/ui/app.conf:z
   - ./common/config/ui/private_key.pem:/etc/ui/private_key.pem:z
   - ./common/config/ui/certificates/:/etc/ui/certificates/:z
   - /data/secretkey:/etc/ui/key:z
   - /data/ca_download/:/etc/ui/ca/:z
   - /data/psc/:/etc/ui/token/:z
  networks:
   - harbor
  depends_on:
   - log
   - adminserver
   - registry
  logging:
   driver: "syslog"
   options:
    syslog-address: "tcp://127.0.0.1:1514"
    tag: "ui"
 jobservice:
  image: vmware/harbor-jobservice:v1.5.2
  container_name: harbor-jobservice
  env_file:
   - ./common/config/jobservice/env
  restart: always
  volumes:
   - /data/job_logs:/var/log/jobs:z
   - ./common/config/jobservice/config.yml:/etc/jobservice/config.yml:z
  networks:
   - harbor
  depends_on:
   - redis
   - ui
   - adminserver
  logging:
   driver: "syslog"
   options:
    syslog-address: "tcp://127.0.0.1:1514"
    tag: "jobservice"
 redis:
  image: vmware/redis-photon:v1.5.2
  container_name: redis
  restart: always
  volumes:
   - /data/redis:/data
  networks:
   - harbor
  depends_on:
   - log
  logging:
   driver: "syslog"
   options:
    syslog-address: "tcp://127.0.0.1:1514"
    tag: "redis"
 proxy:
  image: vmware/nginx-photon:v1.5.2
  container_name: nginx
  restart: always
  volumes:
   - ./common/config/nginx:/etc/nginx:z
  networks:
   - harbor
  ports:
   - 80:80
   - 443:443
   - 4443:4443
  depends_on:
   - mysql
   - registry
   - ui
   - log
  logging:
   driver: "syslog"
   options:
    syslog-address: "tcp://127.0.0.1:1514"
    tag: "proxy"
networks:
 harbor:
  external: false
[root@liumiao harbor]# 

使用注意事项:自定义端口号

在前一篇文章的例子中我们使用默认的80口作为harbor的端口,如果希望进行更改(比如改为8848),按照如下步骤进行修改即可

设定内容

可以通过查看数据库的properties或者api/systeminfo来确认harbor设定项目的详细信息

properties

[root@liumiao harbor]# docker exec -it harbor-db sh
sh-4.3# mysql -uroot -pliumiaopw
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 153
Server version: 10.2.14-MariaDB Source distribution
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> use registry
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
MariaDB [registry]> select * from properties;
+----+--------------------------------+----------------------------------------------+
| id | k               | v                      |
+----+--------------------------------+----------------------------------------------+
| 1 | cfg_expiration         | 5                      |
| 2 | project_creation_restriction  | everyone                   |
| 3 | uaa_client_secret       | <enc-v1>cBvRPcG+p3oNVnJh8VM+SjvlcEsKYg==   |
| 4 | clair_db_host         | postgres                   |
| 5 | token_service_url       | http://ui:8080/service/token         |
| 6 | mysql_password         | <enc-v1>HDqd+PbHcG9EWK9DF3RzM43fTtPvCjdvyQ== |
| 7 | uaa_endpoint          | uaa.mydomain.org               |
| 8 | max_job_workers        | 50                      |
| 9 | sqlite_file          |                       |
| 10 | email_from           | admin <sample_admin@mydomain.com>      |
| 11 | ldap_base_dn          | ou=people,dc=mydomain,dc=com         |
| 12 | clair_db_port         | 5432                     |
| 13 | mysql_port           | 3306                     |
| 14 | ldap_search_dn         |                       |
| 15 | clair_db_username       | postgres                   |
| 16 | email_insecure         | false                    |
| 17 | database_type         | mysql                    |
| 18 | ldap_filter          |                       |
| 19 | with_notary          | false                    |
| 20 | admin_initial_password     | <enc-v1>4ZEvd/GfBYSdF9I6PfeI/XIvfGhPITaD3w== |
| 21 | notary_url           | http://notary-server:4443          |
| 22 | auth_mode           | db_auth                   |
| 23 | ldap_group_search_scope    | 2                      |
| 24 | ldap_uid            | uid                     |
| 25 | email_username         | sample_admin@mydomain.com          |
| 26 | mysql_database         | registry                   |
| 27 | reload_key           |                       |
| 28 | clair_url           | http://clair:6060              |
| 29 | ldap_group_search_filter    | objectclass=group              |
| 30 | email_password         | <enc-v1>h18ptbUM5oJwtKOzjJ4X5LOiPw==     |
| 31 | email_ssl           | false                    |
| 32 | ldap_timeout          | 5                      |
| 33 | uaa_client_id         | id                      |
| 34 | registry_storage_provider_name | filesystem                  |
| 35 | self_registration       | true                     |
| 36 | email_port           | 25                      |
| 37 | ui_url             | http://ui:8080                |
| 38 | token_expiration        | 30                      |
| 39 | email_identity         |                       |
| 40 | clair_db            | postgres                   |
| 41 | uaa_verify_cert        | true                     |
| 42 | ldap_verify_cert        | true                     |
| 43 | ldap_group_attribute_name   | cn                      |
| 44 | mysql_host           | mysql                    |
| 45 | read_only           | false                    |
| 46 | ldap_url            | ldaps://ldap.mydomain.com          |
| 47 | ext_endpoint          | http://192.168.163.128            |
| 48 | ldap_group_base_dn       | ou=group,dc=mydomain,dc=com         |
| 49 | with_clair           | false                    |
| 50 | admiral_url          | NA                      |
| 51 | ldap_scope           | 2                      |
| 52 | registry_url          | http://registry:5000             |
| 53 | jobservice_url         | http://jobservice:8080            |
| 54 | email_host           | smtp.mydomain.com              |
| 55 | ldap_search_password      | <enc-v1>F2QZkeEPTQPsJ9KNsBWcXA==       |
| 56 | mysql_username         | root                     |
| 57 | clair_db_password       | <enc-v1>IGBg3NxvT7qCYGIB+zizax+GojoM7ao2VQ== |
+----+--------------------------------+----------------------------------------------+
57 rows in set (0.00 sec)
MariaDB [registry]> 

api/systeminfo

[root@liumiao harbor]# curl http://localhost/api/systeminfo
{
 "with_notary": false,
 "with_clair": false,
 "with_admiral": false,
 "admiral_endpoint": "NA",
 "auth_mode": "db_auth",
 "registry_url": "192.168.163.128",
 "project_creation_restriction": "everyone",
 "self_registration": true,
 "has_ca_root": false,
 "harbor_version": "v1.5.2-8e61deae",
 "next_scan_all": 0,
 "registry_storage_provider_name": "filesystem",
 "read_only": false
}[root@liumiao harbor]#

总结

以上就是这篇文章的全部内容了,希望本文的内容对大家的学习或者工作具有一定的参考学习价值,谢谢大家对我们的支持。如果你想了解更多相关内容请查看下面相关链接

(0)

相关推荐

  • 详解CentOS7安装配置vsftp搭建FTP

    安装配置vsftpd做FTP服务,我们的Web应用使用git管理进行迭代,公共文件软件存储使用开源网盘Seafile来管理,基本够用.想不到FTP的使用的场景,感觉它好像老去了,虽然现在基本没有用到这个工具,但刚好公司公司刷一个硬件需要使用FTP来下载配置文件,于是研究使用了一下,记录了一下使用过程. 安装 在安装前查看是否已安装vsftpd # 查看是否已安装 方法一 [root@localhost ~]# rpm -q vsftpd vsftpd-3.0.2-21.el7.x86_64 #

  • 详解基于Harbor搭建Docker私有镜像仓库

    什么是 Harbor? 第一次使用这个的时候是刚进公司处理的第一个任务的时候,发现 Harbor 就是一个用于存储和分发 Docker 镜像的企业级Registry 服务器. 网上找到一个 Harbor 的架构图: Harbor 是 VMware 公司开源的企业级 DockerRegistry 项目,项目地址为 https://github.com/vmware/harbor.其目标是帮助用户迅速搭建一个企业级的 Docker registry 服务.它以 Docker 公司开源的 regist

  • Docker 搭建私有仓库(registry、harbor)

    为什么要弄私有仓库,大多是为了速度,我们再私有仓库中的push和pull的速度是特别快的. 利用registry快速搭建 https://hub.docker.com/_/registry/ Run a local registry: Quick Version $ docker run -d -p 5000:5000 --restart always --name registry registry:2 Now, use it from within Docker: $ docker pull

  • Docker私服仓库Harbor安装的步骤详解

    Harbor安装那里还是很简单,就是在Docker Login那里掉坑里去了,搞半天,写博客的时候,又重新安装了一遍 1.准备两台服务器 centos7 harbor 10.19.46.15 client 10.19.44.31 2.harbor需要安装docker和docker-composere,client只需要安装docker Docker安装 yum install -y yum-utils device-mapper-persistent-data lvm2 yum-config-m

  • centos7系统安装配置openvpn服务端

    一直没研究过vpn,最近找个视频,学了下,搭环境,测试成功,速记录在案: 使用环境: openvpn服务端安装在centos7系统平台上:   openvpn客户端安装在windows平台上: 其中的操作步骤有些很像此前写过的一篇文章CA服务器签署证书的步骤: openvpn就是安全的vpn,通过openssl实现ssl加密解密: openvpn实现的简单原理个人理解是: 通过openvpn客户端和服务器端用虚拟网卡建立逻辑的安全的通信连接,然后再通过物理网卡传输数据: 即首先openvpn服务

  • CentOS7.5安装配置Harbor1.7的全过程

    1.下载所需的包 wget -P /usr/local https://storage.googleapis.com/harbor-releases/release-1.7.0/harbor-online-installer-v1.7.1.tgz 2.解压文件 tar zxf /usr/local/harbor-online-installer-v1.7.1.tgz -C /usr/local/ 3.修改Harbor配置 hostname:配置主机名称,不可以设置127.0.0.1,localh

  • docker私库Harbor的架构与组件说明

    这篇文章来了解一下harbor架构的组成和运行时各个组件的使用方式. 架构 容器信息 [root@liumiao harbor]# docker-compose ps Name Command State Ports ------------------------------------------------------------------------------------------------------------------------------ harbor-adminse

  • 利用nexus作为私库进行代理docker,进行上传和下载镜像操作

    一.nexus的配置 1.创建docker proxy 用于从外网仓库中拉取镜像至本地仓库中. 点击"create Repository",选择docker(proxy)进行创建 填写参数 点击"create repository" 创建 2.创建docker hosted 用于将自己的镜像上传至私库 点击"create Repository",选择docker(hosted)进行创建 填写参数: 点击"create repositor

  • Docker私有仓库Harbor介绍和部署方法详解

    Docker容器应用的开发和运行离不开可靠的镜像管理,虽然Docker官方也提供了公共的镜像仓库,但是从安全和效率等方面考虑,部署我们私有环境内的Registry也是非常必要的.这里介绍一款企业级Docker镜像仓库Harbor的部署和使用,在Kubernetes集群中,推荐使用Harbor仓库环境. 一.Harbor仓库介绍 我们在日常Docker容器使用和管理过程中,渐渐发现部署企业私有仓库往往是很有必要的, 它可以帮助你管理企业的一些敏感镜像, 同时由于Docker Hub的下载速度和GF

  • Docker Gitlab+Jenkins+Harbor构建持久化平台操作

    CI/CD概述 CI工作流程设计 Git 代码版本管理系统 只能命令行去管理git Gitlab 基于git做了图形管理页面,企业使用gitlab做私有的代码管理仓库 Github 公共代码管理仓库 搭建gitlab 搭建gitlab先创建工作目录,因为有些数据需要持久化 [root@www ~]# mkdir -p /gitlab [root@www ~]# cd /gitlab/ docker run -d \ --name gitlab \ -p 8443:443 \ -p 9999:80

  • 使用docker compose安装harbor私有仓库的详细教程

    概述 harbor是什么呢?英文单词的意思是:港湾.港湾用来存放集装箱(货物的),而docker的由来正是借鉴了集装箱的原理,所以harbor是用于存放docker的镜像,作为镜像仓库使用.官方的说法是:Harbor是一个用于存储和分发Docker镜像的企业级Registry服务器. harbor镜像仓库是由VMware开源的一款企业级镜像仓库,它包括权限管理(RBAC).LDAP.日志审核.管理界面.自我注册.镜像复制等诸多功能. 一.harbor特性 1.基于角色的访问控制:用户和存储库是通

  • 详解docker使用阿里云Docker镜像库加速(修订版)

    官方镜像下载实在是慢,于是开通了阿里云开发者帐号, 阿里的文档是错误的, 复制代码 代码如下: sudo sed -i "s|ExecStart=/usr/bin/docker daemon|ExecStart=/usr/bin/docker daemon --registry-mirror=https://pee6w651.mirror.aliyuncs.com|g" /etc/systemd/system/docker.service 这一句改为 复制代码 代码如下: sudo s

  • docker私有库的搭建实现

    安装部署一个私有的Docker Registry是引入.学习和使用Docker这门技术的必经之路之一.尤其是当Docker被所在组织接受,更多人.项目和产品开始接触和使用Docker时,存储和分发自制的Docker image便成了刚需.Docker Registry一如既往的继承了"Docker坑多"的特点,为此这里将自己搭建"各类"Registry过程中执行的步骤.遇到的问题记录下来,为己备忘,为他参考. Registry2在镜像存储方面不仅支持本地盘,还支持诸

  • Vue组织架构树图组件vue-org-tree的使用解析

    目录 Vue组织架构树图组件vue-org-tree 说明 快速开始 API Vue组织架构图组件 vue-tree-chart Vue组织架构树图组件vue-org-tree 说明 最近需要作出一个组织架构图来可视化展示一下,最后找到vue-org-tree这个组件,觉得效果还不错~,可选节点颜色.横向/纵向展开.打开/收起,在这记录一下使用方法,效果图如下: 快速开始 安装 npm install --save-dev less less-loader npm install --save-

  • 微信小程序 MinUI组件库系列之badge徽章组件示例

    MinUI是基于微信小程序自定义组件特性开发而成的一套简洁.易用.高效的组件库,适用场景广,覆盖小程序原生框架.各种小程序组件主流框架等,并且提供了高效的命令行工具.MinUI 组件库包含了很多基础的组件,其中 badge 徽章组件是一个很常用的基础元件, MinUI 中 badge 组件的效果图如下: 各式各样的类型都有哦,是不是看起来很方便很快捷的样子(^_^).可以打开微信扫一扫下面的小程序二维码先一睹为快: 下面介绍 badge 组件的使用方式. 1.使用下列命令安装 Min-Cli,如

随机推荐