这篇文章来了解一下harbor架构的组成和运行时各个组件的使用方式。
架构
容器信息
1
2
3
4
5
6
7
8
9
10
11
|
[root@liumiao harbor]# docker-compose ps name command state ports ------------------------------------------------------------------------------------------------------------------------------ harbor-adminserver /harbor/start.sh up harbor-db /usr/ local /bin/docker-entr ... up 3306/tcp harbor-jobservice /harbor/start.sh up harbor-log /bin/sh -c /usr/ local /bin/ ... up 127.0.0.1:1514->10514/tcp harbor-ui /harbor/start.sh up nginx nginx -g daemon off ; up 0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp, 0.0.0.0:80->80/tcp redis docker-entrypoint.sh redis ... up 6379/tcp registry /entrypoint.sh serve /etc/ ... up 5000/tcp [root@liumiao harbor]# |
具体说明
proxy
proxy就是使用nginx作为反向代理,而整个的核心则在于nginx的设定文件,通过如下的设定文件可以清楚的看到harbor所解释的将各个其他组件集成在一起的说明内容,而实际的实现也基本上就是靠nginx的设定。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
|
[root@liumiao harbor]# ls license common docker-compose.notary.yml ha harbor.v1.5.2.tar.gz open_source_license notice docker-compose.clair.yml docker-compose.yml harbor.cfg install.sh prepare [root@liumiao harbor]# cat common/config/nginx/nginx.conf worker_processes auto; events { worker_connections 1024; use epoll; multi_accept on; } http { tcp_nodelay on; # this is necessary for us to be able to disable request buffering in all cases proxy_http_version 1.1; upstream registry { server registry:5000; } upstream ui { server ui:8080; } log_format timed_combined '$remote_addr - ' '"$request" $status $body_bytes_sent ' '"$http_referer" "$http_user_agent" ' '$request_time $upstream_response_time $pipe' ; access_log /dev/stdout timed_combined; server { listen 80; server_tokens off; # disable any limits to avoid http 413 for large image uploads client_max_body_size 0; location / { proxy_pass http: //ui/; proxy_set_header host $host; proxy_set_header x-real-ip $remote_addr; proxy_set_header x-forwarded- for $proxy_add_x_forwarded_for; # when setting up harbor behind other proxy, such as an nginx instance, remove the below line if the proxy already has similar settings. proxy_set_header x-forwarded-proto $scheme; proxy_buffering off; proxy_request_buffering off; } location /v1/ { return 404; } location /v2/ { proxy_pass http: //ui/registryproxy/v2/; proxy_set_header host $http_host; proxy_set_header x-real-ip $remote_addr; proxy_set_header x-forwarded- for $proxy_add_x_forwarded_for; # when setting up harbor behind other proxy, such as an nginx instance, remove the below line if the proxy already has similar settings. proxy_set_header x-forwarded-proto $scheme; proxy_buffering off; proxy_request_buffering off; } location /service/ { proxy_pass http: //ui/service/; proxy_set_header host $host; proxy_set_header x-real-ip $remote_addr; proxy_set_header x-forwarded- for $proxy_add_x_forwarded_for; # when setting up harbor behind other proxy, such as an nginx instance, remove the below line if the proxy already has similar settings. proxy_set_header x-forwarded-proto $scheme; proxy_buffering off; proxy_request_buffering off; } location /service/notifications { return 404; } } } [root@liumiao harbor]# |
database
可以看到使用的是mariadb 10.2.14, harbor的数据库名称为registry
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
|
[root@liumiao harbor]# docker exec -it harbor-db sh sh-4.3# mysql -uroot -pliumiaopw welcome to the mariadb monitor. commands end with ; or \g. your mariadb connection id is 21 server version: 10.2.14-mariadb source distribution copyright (c) 2000, 2018, oracle, mariadb corporation ab and others. type 'help;' or '\h' for help. type '\c' to clear the current input statement. mariadb [(none)]> show databases; + --------------------+ | database | + --------------------+ | information_schema | | mysql | | performance_schema | | registry | + --------------------+ 4 rows in set (0.00 sec) mariadb [(none)]> |
数据库表的信息进行确认后可以看到,当前版本的这种使用方式下,数据库的表有如下 20张表左右
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
|
mariadb [(none)]> use registry; reading table information for completion of table and column names you can turn off this feature to get a quicker startup with -a database changed mariadb [registry]> show tables; + -------------------------------+ | tables_in_registry | + -------------------------------+ | access | | access_log | | alembic_version | | clair_vuln_timestamp | | harbor_label | | harbor_resource_label | | img_scan_job | | img_scan_overview | | project | | project_member | | project_metadata | | properties | | replication_immediate_trigger | | replication_job | | replication_policy | | replication_target | | repository | | role | | user | | user_group | + -------------------------------+ 20 rows in set (0.00 sec) mariadb [registry]> |
log collector
harbor中的日志缺省会在如下目录下进行汇集和管理
1
2
3
|
[root@liumiao harbor]# ls /var/ log /harbor adminserver. log jobservice. log mysql. log proxy. log redis. log registry. log ui. log [root@liumiao harbor]# |
docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
|
[root@liumiao harbor]# cat docker-compose.yml version: '2' services: log: image: vmware/harbor-log:v1.5.2 container_name: harbor-log restart: always volumes: - /var/log/harbor/:/var/log/docker/:z - ./common/config/log/:/etc/logrotate.d/:z ports: - 127.0.0.1:1514:10514 networks: - harbor registry: image: vmware/registry-photon:v2.6.2-v1.5.2 container_name: registry restart: always volumes: - /data/registry:/storage:z - ./common/config/registry/:/etc/registry/:z networks: - harbor environment: - godebug=netdns=cgo command: ["serve", "/etc/registry/config.yml"] depends_on: - log logging: driver: "syslog" options: syslog-address: "tcp://127.0.0.1:1514" tag: "registry" mysql: image: vmware/harbor-db:v1.5.2 container_name: harbor-db restart: always volumes: - /data/database:/var/lib/mysql:z networks: - harbor env_file: - ./common/config/db/env depends_on: - log logging: driver: "syslog" options: syslog-address: "tcp://127.0.0.1:1514" tag: "mysql" adminserver: image: vmware/harbor-adminserver:v1.5.2 container_name: harbor-adminserver env_file: - ./common/config/adminserver/env restart: always volumes: - /data/config/:/etc/adminserver/config/:z - /data/secretkey:/etc/adminserver/key:z - /data/:/data/:z networks: - harbor depends_on: - log logging: driver: "syslog" options: syslog-address: "tcp://127.0.0.1:1514" tag: "adminserver" ui: image: vmware/harbor-ui:v1.5.2 container_name: harbor-ui env_file: - ./common/config/ui/env restart: always volumes: - ./common/config/ui/app.conf:/etc/ui/app.conf:z - ./common/config/ui/private_key.pem:/etc/ui/private_key.pem:z - ./common/config/ui/certificates/:/etc/ui/certificates/:z - /data/secretkey:/etc/ui/key:z - /data/ca_download/:/etc/ui/ca/:z - /data/psc/:/etc/ui/token/:z networks: - harbor depends_on: - log - adminserver - registry logging: driver: "syslog" options: syslog-address: "tcp://127.0.0.1:1514" tag: "ui" jobservice: image: vmware/harbor-jobservice:v1.5.2 container_name: harbor-jobservice env_file: - ./common/config/jobservice/env restart: always volumes: - /data/job_logs:/var/log/jobs:z - ./common/config/jobservice/config.yml:/etc/jobservice/config.yml:z networks: - harbor depends_on: - redis - ui - adminserver logging: driver: "syslog" options: syslog-address: "tcp://127.0.0.1:1514" tag: "jobservice" redis: image: vmware/redis-photon:v1.5.2 container_name: redis restart: always volumes: - /data/redis:/data networks: - harbor depends_on: - log logging: driver: "syslog" options: syslog-address: "tcp://127.0.0.1:1514" tag: "redis" proxy: image: vmware/nginx-photon:v1.5.2 container_name: nginx restart: always volumes: - ./common/config/nginx:/etc/nginx:z networks: - harbor ports: - 80:80 - 443:443 - 4443:4443 depends_on: - mysql - registry - ui - log logging: driver: "syslog" options: syslog-address: "tcp://127.0.0.1:1514" tag: "proxy" networks: harbor: external: false [root@liumiao harbor]# |
使用注意事项:自定义端口号
在前一篇文章的例子中我们使用默认的80口作为harbor的端口,如果希望进行更改(比如改为8848),按照如下步骤进行修改即可
设定内容
可以通过查看数据库的properties或者api/systeminfo来确认harbor设定项目的详细信息
properties
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
|
[root@liumiao harbor]# docker exec -it harbor-db sh sh-4.3# mysql -uroot -pliumiaopw welcome to the mariadb monitor. commands end with ; or \g. your mariadb connection id is 153 server version: 10.2.14-mariadb source distribution copyright (c) 2000, 2018, oracle, mariadb corporation ab and others. type 'help;' or '\h' for help. type '\c' to clear the current input statement. mariadb [(none)]> use registry reading table information for completion of table and column names you can turn off this feature to get a quicker startup with -a database changed mariadb [registry]> select * from properties; + ----+--------------------------------+----------------------------------------------+ | id | k | v | + ----+--------------------------------+----------------------------------------------+ | 1 | cfg_expiration | 5 | | 2 | project_creation_restriction | everyone | | 3 | uaa_client_secret | <enc-v1>cbvrpcg+p3onvnjh8vm+sjvlceskyg== | | 4 | clair_db_host | postgres | | 5 | token_service_url | http://ui:8080/service/token | | 6 | mysql_password | <enc-v1>hdqd+pbhcg9ewk9df3rzm43fttpvcjdvyq== | | 7 | uaa_endpoint | uaa.mydomain.org | | 8 | max_job_workers | 50 | | 9 | sqlite_file | | | 10 | email_from | admin <sample_admin@mydomain.com> | | 11 | ldap_base_dn | ou=people,dc=mydomain,dc=com | | 12 | clair_db_port | 5432 | | 13 | mysql_port | 3306 | | 14 | ldap_search_dn | | | 15 | clair_db_username | postgres | | 16 | email_insecure | false | | 17 | database_type | mysql | | 18 | ldap_filter | | | 19 | with_notary | false | | 20 | admin_initial_password | <enc-v1>4zevd/gfbysdf9i6pfei/xivfghpitad3w== | | 21 | notary_url | http://notary-server:4443 | | 22 | auth_mode | db_auth | | 23 | ldap_group_search_scope | 2 | | 24 | ldap_uid | uid | | 25 | email_username | sample_admin@mydomain.com | | 26 | mysql_database | registry | | 27 | reload_key | | | 28 | clair_url | http://clair:6060 | | 29 | ldap_group_search_filter | objectclass= group | | 30 | email_password | <enc-v1>h18ptbum5ojwtkozjj4x5loipw== | | 31 | email_ssl | false | | 32 | ldap_timeout | 5 | | 33 | uaa_client_id | id | | 34 | registry_storage_provider_name | filesystem | | 35 | self_registration | true | | 36 | email_port | 25 | | 37 | ui_url | http://ui:8080 | | 38 | token_expiration | 30 | | 39 | email_identity | | | 40 | clair_db | postgres | | 41 | uaa_verify_cert | true | | 42 | ldap_verify_cert | true | | 43 | ldap_group_attribute_name | cn | | 44 | mysql_host | mysql | | 45 | read_only | false | | 46 | ldap_url | ldaps://ldap.mydomain.com | | 47 | ext_endpoint | http://192.168.163.128 | | 48 | ldap_group_base_dn | ou= group ,dc=mydomain,dc=com | | 49 | with_clair | false | | 50 | admiral_url | na | | 51 | ldap_scope | 2 | | 52 | registry_url | http://registry:5000 | | 53 | jobservice_url | http://jobservice:8080 | | 54 | email_host | smtp.mydomain.com | | 55 | ldap_search_password | <enc-v1>f2qzkeeptqpsj9knsbwcxa== | | 56 | mysql_username | root | | 57 | clair_db_password | <enc-v1>igbg3nxvt7qcygib+zizax+gojom7ao2vq== | + ----+--------------------------------+----------------------------------------------+ 57 rows in set (0.00 sec) mariadb [registry]> |
api/systeminfo
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
|
[root@liumiao harbor]# curl http: //localhost/api/systeminfo { "with_notary" : false , "with_clair" : false , "with_admiral" : false , "admiral_endpoint" : "na" , "auth_mode" : "db_auth" , "registry_url" : "192.168.163.128" , "project_creation_restriction" : "everyone" , "self_registration" : true , "has_ca_root" : false , "harbor_version" : "v1.5.2-8e61deae" , "next_scan_all" : 0, "registry_storage_provider_name" : "filesystem" , "read_only" : false }[root@liumiao harbor]# |
总结
以上就是这篇文章的全部内容了,希望本文的内容对大家的学习或者工作具有一定的参考学习价值,谢谢大家对服务器之家的支持。如果你想了解更多相关内容请查看下面相关链接
原文链接:https://blog.csdn.net/liumiaocn/article/details/81812876