这篇文章来了解一下harbor架构的组成和运行时各个组件的使用方式。

架构

容器信息

[root@liumiao harbor]# docker-compose ps Name Command State Ports ------------------------------------------------------------------------------------------------------------------------------harbor-adminserver /harbor/start.sh Up harbor-db /usr/local/bin/docker-entr ... Up 3306/tcp harbor-jobservice /harbor/start.sh Up harbor-log /bin/sh -c /usr/local/bin/ ... Up 127.0.0.1:1514->10514/tcp harbor-ui /harbor/start.sh Up nginx nginx -g daemon off; Up 0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp, 0.0.0.0:80->80/tcp redis docker-entrypoint.sh redis ... Up 6379/tcp registry /entrypoint.sh serve /etc/ ... Up 5000/tcp [root@liumiao harbor]#

具体说明

proxy

proxy就是使用nginx作为反向代理，而整个的核心则在于nginx的设定文件，通过如下的设定文件可以清楚的看到harbor所解释的将各个其他组件集成在一起的说明内容，而实际的实现也基本上就是靠nginx的设定。

[root@liumiao harbor]# lsLICENSE common docker-compose.notary.yml ha harbor.v1.5.2.tar.gz open_source_licenseNOTICE docker-compose.clair.yml docker-compose.yml harbor.cfg install.sh prepare[root@liumiao harbor]# cat common/config/nginx/nginx.conf worker_processes auto;events { worker_connections 1024; use epoll; multi_accept on;}http { tcp_nodelay on; # this is necessary for us to be able to disable request buffering in all cases proxy_http_version 1.1; upstream registry { server registry:5000; } upstream ui { server ui:8080; } log_format timed_combined '$remote_addr - ' '"$request" $status $body_bytes_sent ' '"$http_referer" "$http_user_agent" ' '$request_time $upstream_response_time $pipe'; access_log /dev/stdout timed_combined; server { listen 80; server_tokens off; # disable any limits to avoid HTTP 413 for large image uploads client_max_body_size 0; location / { proxy_pass http://ui/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings. proxy_set_header X-Forwarded-Proto $scheme; proxy_buffering off; proxy_request_buffering off; } location /v1/ { return 404; } location /v2/ { proxy_pass http://ui/registryproxy/v2/; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings. proxy_set_header X-Forwarded-Proto $scheme; proxy_buffering off; proxy_request_buffering off; } location /service/ { proxy_pass http://ui/service/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings. proxy_set_header X-Forwarded-Proto $scheme; proxy_buffering off; proxy_request_buffering off; } location /service/notifications { return 404; } }}[root@liumiao harbor]#

database

可以看到使用的是MariaDB 10.2.14, harbor的数据库名称为registry

[root@liumiao harbor]# docker exec -it harbor-db shsh-4.3# mysql -uroot -pliumiaopwWelcome to the MariaDB monitor. Commands end with ; or \g.Your MariaDB connection id is 21Server version: 10.2.14-MariaDB Source distributionCopyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.MariaDB [(none)]> show databases;+--------------------+| Database |+--------------------+| information_schema || mysql || performance_schema || registry |+--------------------+4 rows in set (0.00 sec)MariaDB [(none)]>

数据库表的信息进行确认后可以看到，当前版本的这种使用方式下，数据库的表有如下 20张表左右

MariaDB [(none)]> use registry;Reading table information for completion of table and column namesYou can turn off this feature to get a quicker startup with -ADatabase changedMariaDB [registry]> show tables;+-------------------------------+| Tables_in_registry |+-------------------------------+| access || access_log || alembic_version || clair_vuln_timestamp || harbor_label || harbor_resource_label || img_scan_job || img_scan_overview || project || project_member || project_metadata || properties || replication_immediate_trigger || replication_job || replication_policy || replication_target || repository || role || user || user_group |+-------------------------------+20 rows in set (0.00 sec)MariaDB [registry]>

Log collector

harbor中的日志缺省会在如下目录下进行汇集和管理

[root@liumiao harbor]# ls /var/log/harboradminserver.log jobservice.log mysql.log proxy.log redis.log registry.log ui.log[root@liumiao harbor]#

docker-compose.yml

[root@liumiao harbor]# cat docker-compose.yml version: '2'services: log: image: vmware/harbor-log:v1.5.2 container_name: harbor-log restart: always volumes: - /var/log/harbor/:/var/log/docker/:z - ./common/config/log/:/etc/logrotate.d/:z ports: - 127.0.0.1:1514:10514 networks: - harbor registry: image: vmware/registry-photon:v2.6.2-v1.5.2 container_name: registry restart: always volumes: - /data/registry:/storage:z - ./common/config/registry/:/etc/registry/:z networks: - harbor environment: - GODEBUG=netdns=cgo command: ["serve", "/etc/registry/config.yml"] depends_on: - log logging: driver: "syslog" options: syslog-address: "tcp://127.0.0.1:1514" tag: "registry" mysql: image: vmware/harbor-db:v1.5.2 container_name: harbor-db restart: always volumes: - /data/database:/var/lib/mysql:z networks: - harbor env_file: - ./common/config/db/env depends_on: - log logging: driver: "syslog" options: syslog-address: "tcp://127.0.0.1:1514" tag: "mysql" adminserver: image: vmware/harbor-adminserver:v1.5.2 container_name: harbor-adminserver env_file: - ./common/config/adminserver/env restart: always volumes: - /data/config/:/etc/adminserver/config/:z - /data/secretkey:/etc/adminserver/key:z - /data/:/data/:z networks: - harbor depends_on: - log logging: driver: "syslog" options: syslog-address: "tcp://127.0.0.1:1514" tag: "adminserver" ui: image: vmware/harbor-ui:v1.5.2 container_name: harbor-ui env_file: - ./common/config/ui/env restart: always volumes: - ./common/config/ui/app.conf:/etc/ui/app.conf:z - ./common/config/ui/private_key.pem:/etc/ui/private_key.pem:z - ./common/config/ui/certificates/:/etc/ui/certificates/:z - /data/secretkey:/etc/ui/key:z - /data/ca_download/:/etc/ui/ca/:z - /data/psc/:/etc/ui/token/:z networks: - harbor depends_on: - log - adminserver - registry logging: driver: "syslog" options: syslog-address: "tcp://127.0.0.1:1514" tag: "ui" jobservice: image: vmware/harbor-jobservice:v1.5.2 container_name: harbor-jobservice env_file: - ./common/config/jobservice/env restart: always volumes: - /data/job_logs:/var/log/jobs:z - ./common/config/jobservice/config.yml:/etc/jobservice/config.yml:z networks: - harbor depends_on: - redis - ui - adminserver logging: driver: "syslog" options: syslog-address: "tcp://127.0.0.1:1514" tag: "jobservice" redis: image: vmware/redis-photon:v1.5.2 container_name: redis restart: always volumes: - /data/redis:/data networks: - harbor depends_on: - log logging: driver: "syslog" options: syslog-address: "tcp://127.0.0.1:1514" tag: "redis" proxy: image: vmware/nginx-photon:v1.5.2 container_name: nginx restart: always volumes: - ./common/config/nginx:/etc/nginx:z networks: - harbor ports: - 80:80 - 443:443 - 4443:4443 depends_on: - mysql - registry - ui - log logging: driver: "syslog" options: syslog-address: "tcp://127.0.0.1:1514" tag: "proxy"networks: harbor: external: false[root@liumiao harbor]#

使用注意事项：自定义端口号

在前一篇文章的例子中我们使用默认的80口作为harbor的端口，如果希望进行更改（比如改为8848），按照如下步骤进行修改即可

设定内容

可以通过查看数据库的properties或者api/systeminfo来确认harbor设定项目的详细信息

properties

[root@liumiao harbor]# docker exec -it harbor-db shsh-4.3# mysql -uroot -pliumiaopwWelcome to the MariaDB monitor. Commands end with ; or \g.Your MariaDB connection id is 153Server version: 10.2.14-MariaDB Source distributionCopyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.MariaDB [(none)]> use registryReading table information for completion of table and column namesYou can turn off this feature to get a quicker startup with -ADatabase changedMariaDB [registry]> select * from properties;+----+--------------------------------+----------------------------------------------+| id | k | v |+----+--------------------------------+----------------------------------------------+| 1 | cfg_expiration | 5 || 2 | project_creation_restriction | everyone || 3 | uaa_client_secret | <enc-v1>cBvRPcG+p3oNVnJh8VM+SjvlcEsKYg== || 4 | clair_db_host | postgres || 5 | token_service_url | http://ui:8080/service/token || 6 | mysql_password | <enc-v1>HDqd+PbHcG9EWK9DF3RzM43fTtPvCjdvyQ== || 7 | uaa_endpoint | uaa.mydomain.org || 8 | max_job_workers | 50 || 9 | sqlite_file | || 10 | email_from | admin <sample_admin@mydomain.com> || 11 | ldap_base_dn | ou=people,dc=mydomain,dc=com || 12 | clair_db_port | 5432 || 13 | mysql_port | 3306 || 14 | ldap_search_dn | || 15 | clair_db_username | postgres || 16 | email_insecure | false || 17 | database_type | mysql || 18 | ldap_filter | || 19 | with_notary | false || 20 | admin_initial_password | <enc-v1>4ZEvd/GfBYSdF9I6PfeI/XIvfGhPITaD3w== || 21 | notary_url | http://notary-server:4443 || 22 | auth_mode | db_auth || 23 | ldap_group_search_scope | 2 || 24 | ldap_uid | uid || 25 | email_username | sample_admin@mydomain.com || 26 | mysql_database | registry || 27 | reload_key | || 28 | clair_url | http://clair:6060 || 29 | ldap_group_search_filter | objectclass=group || 30 | email_password | <enc-v1>h18ptbUM5oJwtKOzjJ4X5LOiPw== || 31 | email_ssl | false || 32 | ldap_timeout | 5 || 33 | uaa_client_id | id || 34 | registry_storage_provider_name | filesystem || 35 | self_registration | true || 36 | email_port | 25 || 37 | ui_url | http://ui:8080 || 38 | token_expiration | 30 || 39 | email_identity | || 40 | clair_db | postgres || 41 | uaa_verify_cert | true || 42 | ldap_verify_cert | true || 43 | ldap_group_attribute_name | cn || 44 | mysql_host | mysql || 45 | read_only | false || 46 | ldap_url | ldaps://ldap.mydomain.com || 47 | ext_endpoint | http://192.168.163.128 || 48 | ldap_group_base_dn | ou=group,dc=mydomain,dc=com || 49 | with_clair | false || 50 | admiral_url | NA || 51 | ldap_scope | 2 || 52 | registry_url | http://registry:5000 || 53 | jobservice_url | http://jobservice:8080 || 54 | email_host | smtp.mydomain.com || 55 | ldap_search_password | <enc-v1>F2QZkeEPTQPsJ9KNsBWcXA== || 56 | mysql_username | root || 57 | clair_db_password | <enc-v1>IGBg3NxvT7qCYGIB+zizax+GojoM7ao2VQ== |+----+--------------------------------+----------------------------------------------+57 rows in set (0.00 sec)MariaDB [registry]>

api/systeminfo

[root@liumiao harbor]# curl http://localhost/api/systeminfo { "with_notary": false, "with_clair": false, "with_admiral": false, "admiral_endpoint": "NA", "auth_mode": "db_auth", "registry_url": "192.168.163.128", "project_creation_restriction": "everyone", "self_registration": true, "has_ca_root": false, "harbor_version": "v1.5.2-8e61deae", "next_scan_all": 0, "registry_storage_provider_name": "filesystem", "read_only": false}[root@liumiao harbor]#

总结

以上就是这篇文章的全部内容了，希望本文的内容对大家的学习或者工作具有一定的参考学习价值，谢谢大家对的支持。如果你想了解更多相关内容请查看下面相关链接