docker私库Harbor的架构与组件是什么

这篇文章主要介绍"docker私库Harbor的架构与组件是什么"，在日常操作中，相信很多人在docker私库Harbor的架构与组件是什么问题上存在疑惑，小编查阅了各式资料，整理出简单好用的操作方法，希望对大家解答"docker私库Harbor的架构与组件是什么"的疑惑有所帮助！接下来，请跟着小编一起来学习吧！

架构

容器信息

[root@liumiao harbor]# docker-compose ps    name           command        state                ports                ------------------------------------------------------------------------------------------------------------------------------harbor-adminserver  /harbor/start.sh         up                          harbor-db      /usr/local/bin/docker-entr ...  up   3306/tcp                       harbor-jobservice  /harbor/start.sh         up                          harbor-log      /bin/sh -c /usr/local/bin/ ...  up   127.0.0.1:1514->10514/tcp                    harbor-ui      /harbor/start.sh         up                          nginx        nginx -g daemon off;       up   0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp, 0.0.0.0:80->80/tcp redis        docker-entrypoint.sh redis ...  up   6379/tcp                       registry       /entrypoint.sh serve /etc/ ...  up   5000/tcp                       [root@liumiao harbor]#

具体说明

proxy

proxy就是使用nginx作为反向代理，而整个的核心则在于nginx的设定文件，通过如下的设定文件可以清楚的看到harbor所解释的将各个其他组件集成在一起的说明内容，而实际的实现也基本上就是靠nginx的设定。

[root@liumiao harbor]# lslicense common          docker-compose.notary.yml ha     harbor.v1.5.2.tar.gz open_source_licensenotice  docker-compose.clair.yml docker-compose.yml     harbor.cfg install.sh      prepare[root@liumiao harbor]# cat common/config/nginx/nginx.conf worker_processes auto;events { worker_connections 1024; use epoll; multi_accept on;}http { tcp_nodelay on; # this is necessary for us to be able to disable request buffering in all cases proxy_http_version 1.1; upstream registry {  server registry:5000; } upstream ui {  server ui:8080; } log_format timed_combined '$remote_addr - '  '"$request" $status $body_bytes_sent '  '"$http_referer" "$http_user_agent" '  '$request_time $upstream_response_time $pipe'; access_log /dev/stdout timed_combined; server {  listen 80;  server_tokens off;  # disable any limits to avoid http 413 for large image uploads  client_max_body_size 0;  location / {   proxy_pass http://ui/;   proxy_set_header host $host;   proxy_set_header x-real-ip $remote_addr;   proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for;   # when setting up harbor behind other proxy, such as an nginx instance, remove the below line if the proxy already has similar settings.   proxy_set_header x-forwarded-proto $scheme;   proxy_buffering off;   proxy_request_buffering off;  }  location /v1/ {   return 404;  }  location /v2/ {   proxy_pass http://ui/registryproxy/v2/;   proxy_set_header host $http_host;   proxy_set_header x-real-ip $remote_addr;   proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for;   # when setting up harbor behind other proxy, such as an nginx instance, remove the below line if the proxy already has similar settings.   proxy_set_header x-forwarded-proto $scheme;   proxy_buffering off;   proxy_request_buffering off;  }  location /service/ {   proxy_pass http://ui/service/;   proxy_set_header host $host;   proxy_set_header x-real-ip $remote_addr;   proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for;   # when setting up harbor behind other proxy, such as an nginx instance, remove the below line if the proxy already has similar settings.   proxy_set_header x-forwarded-proto $scheme;   proxy_buffering off;   proxy_request_buffering off;  }  location /service/notifications {   return 404;  } }}[root@liumiao harbor]#

database

可以看到使用的是mariadb 10.2.14, harbor的数据库名称为registry

[root@liumiao harbor]# docker exec -it harbor-db shsh-4.3# mysql -uroot -pliumiaopwwelcome to the mariadb monitor. commands end with ; or \g.your mariadb connection id is 21server version: 10.2.14-mariadb source distributioncopyright (c) 2000, 2018, oracle, mariadb corporation ab and others.type 'help;' or '\h' for help. type '\c' to clear the current input statement.mariadb [(none)]> show databases;+--------------------+| database      |+--------------------+| information_schema || mysql       || performance_schema || registry      |+--------------------+4 rows in set (0.00 sec)mariadb [(none)]>

数据库表的信息进行确认后可以看到，当前版本的这种使用方式下，数据库的表有如下 20张表左右

mariadb [(none)]> use registry;reading table information for completion of table and column namesyou can turn off this feature to get a quicker startup with -adatabase changedmariadb [registry]> show tables;+-------------------------------+| tables_in_registry      |+-------------------------------+| access            || access_log          || alembic_version        || clair_vuln_timestamp     || harbor_label         || harbor_resource_label     || img_scan_job         || img_scan_overview       || project            || project_member        || project_metadata       || properties          || replication_immediate_trigger || replication_job        || replication_policy      || replication_target      || repository          || role             || user             || user_group          |+-------------------------------+20 rows in set (0.00 sec)mariadb [registry]>

log collector

harbor中的日志缺省会在如下目录下进行汇集和管理

[root@liumiao harbor]# ls /var/log/harboradminserver.log jobservice.log mysql.log proxy.log redis.log registry.log ui.log[root@liumiao harbor]#

docker-compose.yml

[root@liumiao harbor]# cat docker-compose.yml version: '2'services: log:  image: vmware/harbor-log:v1.5.2  container_name: harbor-log   restart: always  volumes:   - /var/log/harbor/:/var/log/docker/:z   - ./common/config/log/:/etc/logrotate.d/:z  ports:   - 127.0.0.1:1514:10514  networks:   - harbor registry:  image: vmware/registry-photon:v2.6.2-v1.5.2  container_name: registry  restart: always  volumes:   - /data/registry:/storage:z   - ./common/config/registry/:/etc/registry/:z  networks:   - harbor  environment:   - godebug=netdns=cgo  command:   ["serve", "/etc/registry/config.yml"]  depends_on:   - log  logging:   driver: "syslog"   options:     syslog-address: "tcp://127.0.0.1:1514"    tag: "registry" mysql:  image: vmware/harbor-db:v1.5.2  container_name: harbor-db  restart: always  volumes:   - /data/database:/var/lib/mysql:z  networks:   - harbor  env_file:   - ./common/config/db/env  depends_on:   - log  logging:   driver: "syslog"   options:     syslog-address: "tcp://127.0.0.1:1514"    tag: "mysql" adminserver:  image: vmware/harbor-adminserver:v1.5.2  container_name: harbor-adminserver  env_file:   - ./common/config/adminserver/env  restart: always  volumes:   - /data/config/:/etc/adminserver/config/:z   - /data/secretkey:/etc/adminserver/key:z   - /data/:/data/:z  networks:   - harbor  depends_on:   - log  logging:   driver: "syslog"   options:     syslog-address: "tcp://127.0.0.1:1514"    tag: "adminserver" ui:  image: vmware/harbor-ui:v1.5.2  container_name: harbor-ui  env_file:   - ./common/config/ui/env  restart: always  volumes:   - ./common/config/ui/app.conf:/etc/ui/app.conf:z   - ./common/config/ui/private_key.pem:/etc/ui/private_key.pem:z   - ./common/config/ui/certificates/:/etc/ui/certificates/:z   - /data/secretkey:/etc/ui/key:z   - /data/ca_download/:/etc/ui/ca/:z   - /data/psc/:/etc/ui/token/:z  networks:   - harbor  depends_on:   - log   - adminserver   - registry  logging:   driver: "syslog"   options:     syslog-address: "tcp://127.0.0.1:1514"    tag: "ui" jobservice:  image: vmware/harbor-jobservice:v1.5.2  container_name: harbor-jobservice  env_file:   - ./common/config/jobservice/env  restart: always  volumes:   - /data/job_logs:/var/log/jobs:z   - ./common/config/jobservice/config.yml:/etc/jobservice/config.yml:z  networks:   - harbor  depends_on:   - redis   - ui   - adminserver  logging:   driver: "syslog"   options:     syslog-address: "tcp://127.0.0.1:1514"    tag: "jobservice" redis:  image: vmware/redis-photon:v1.5.2  container_name: redis  restart: always  volumes:   - /data/redis:/data  networks:   - harbor  depends_on:   - log  logging:   driver: "syslog"   options:     syslog-address: "tcp://127.0.0.1:1514"    tag: "redis" proxy:  image: vmware/nginx-photon:v1.5.2  container_name: nginx  restart: always  volumes:   - ./common/config/nginx:/etc/nginx:z  networks:   - harbor  ports:   - 80:80   - 443:443   - 4443:4443  depends_on:   - mysql   - registry   - ui   - log  logging:   driver: "syslog"   options:     syslog-address: "tcp://127.0.0.1:1514"    tag: "proxy"networks: harbor:  external: false[root@liumiao harbor]#

使用注意事项：自定义端口号

在前一篇文章的例子中我们使用默认的80口作为harbor的端口，如果希望进行更改（比如改为8848），按照如下步骤进行修改即可

设定内容

可以通过查看数据库的properties或者api/systeminfo来确认harbor设定项目的详细信息

properties

[root@liumiao harbor]# docker exec -it harbor-db shsh-4.3# mysql -uroot -pliumiaopwwelcome to the mariadb monitor. commands end with ; or \g.your mariadb connection id is 153server version: 10.2.14-mariadb source distributioncopyright (c) 2000, 2018, oracle, mariadb corporation ab and others.type 'help;' or '\h' for help. type '\c' to clear the current input statement.mariadb [(none)]> use registryreading table information for completion of table and column namesyou can turn off this feature to get a quicker startup with -adatabase changedmariadb [registry]> select * from properties;+----+--------------------------------+----------------------------------------------+| id | k               | v                      |+----+--------------------------------+----------------------------------------------+| 1 | cfg_expiration         | 5                      || 2 | project_creation_restriction  | everyone                   || 3 | uaa_client_secret       | cbvrpcg+p3onvnjh8vm+sjvlceskyg==   || 4 | clair_db_host         | postgres                   || 5 | token_service_url       | http://ui:8080/service/token         || 6 | mysql_password         | hdqd+pbhcg9ewk9df3rzm43fttpvcjdvyq== || 7 | uaa_endpoint          | uaa.mydomain.org               || 8 | max_job_workers        | 50                      || 9 | sqlite_file          |                       || 10 | email_from           | admin       || 11 | ldap_base_dn          | ou=people,dc=mydomain,dc=com         || 12 | clair_db_port         | 5432                     || 13 | mysql_port           | 3306                     || 14 | ldap_search_dn         |                       || 15 | clair_db_username       | postgres                   || 16 | email_insecure         | false                    || 17 | database_type         | mysql                    || 18 | ldap_filter          |                       || 19 | with_notary          | false                    || 20 | admin_initial_password     | 4zevd/gfbysdf9i6pfei/xivfghpitad3w== || 21 | notary_url           | http://notary-server:4443          || 22 | auth_mode           | db_auth                   || 23 | ldap_group_search_scope    | 2                      || 24 | ldap_uid            | uid                     || 25 | email_username         | sample_admin@mydomain.com          || 26 | mysql_database         | registry                   || 27 | reload_key           |                       || 28 | clair_url           | http://clair:6060              || 29 | ldap_group_search_filter    | objectclass=group              || 30 | email_password         | h18ptbum5ojwtkozjj4x5loipw==     || 31 | email_ssl           | false                    || 32 | ldap_timeout          | 5                      || 33 | uaa_client_id         | id                      || 34 | registry_storage_provider_name | filesystem                  || 35 | self_registration       | true                     || 36 | email_port           | 25                      || 37 | ui_url             | http://ui:8080                || 38 | token_expiration        | 30                      || 39 | email_identity         |                       || 40 | clair_db            | postgres                   || 41 | uaa_verify_cert        | true                     || 42 | ldap_verify_cert        | true                     || 43 | ldap_group_attribute_name   | cn                      || 44 | mysql_host           | mysql                    || 45 | read_only           | false                    || 46 | ldap_url            | ldaps://ldap.mydomain.com          || 47 | ext_endpoint          | http://192.168.163.128            || 48 | ldap_group_base_dn       | ou=group,dc=mydomain,dc=com         || 49 | with_clair           | false                    || 50 | admiral_url          | na                      || 51 | ldap_scope           | 2                      || 52 | registry_url          | http://registry:5000             || 53 | jobservice_url         | http://jobservice:8080            || 54 | email_host           | smtp.mydomain.com              || 55 | ldap_search_password      | f2qzkeeptqpsj9knsbwcxa==       || 56 | mysql_username         | root                     || 57 | clair_db_password       | igbg3nxvt7qcygib+zizax+gojom7ao2vq== |+----+--------------------------------+----------------------------------------------+57 rows in set (0.00 sec)mariadb [registry]>

api/systeminfo

[root@liumiao harbor]# curl http://localhost/api/systeminfo { "with_notary": false, "with_clair": false, "with_admiral": false, "admiral_endpoint": "na", "auth_mode": "db_auth", "registry_url": "192.168.163.128", "project_creation_restriction": "everyone", "self_registration": true, "has_ca_root": false, "harbor_version": "v1.5.2-8e61deae", "next_scan_all": 0, "registry_storage_provider_name": "filesystem", "read_only": false}[root@liumiao harbor]#

到此，关于"docker私库Harbor的架构与组件是什么"的学习就结束了，希望能够解决大家的疑惑。理论与实践的搭配能更好的帮助大家学习，快去试试吧！若想继续学习更多相关知识，请继续关注网站，小编会继续努力为大家带来更多实用的文章！