這篇文章主要介紹“docker私庫Harbor的架構(gòu)與組件是什么”,在日常操作中,相信很多人在docker私庫Harbor的架構(gòu)與組件是什么問題上存在疑惑,小編查閱了各式資料,整理出簡單好用的操作方法,希望對大家解答”docker私庫Harbor的架構(gòu)與組件是什么”的疑惑有所幫助!接下來,請跟著小編一起來學(xué)習(xí)吧!
目前創(chuàng)新互聯(lián)已為上千余家的企業(yè)提供了網(wǎng)站建設(shè)、域名、虛擬空間、網(wǎng)站運營、企業(yè)網(wǎng)站設(shè)計、城區(qū)網(wǎng)站維護等服務(wù),公司將堅持客戶導(dǎo)向、應(yīng)用為本的策略,正道將秉承"和諧、參與、激情"的文化,與客戶和合作伙伴齊心協(xié)力一起成長,共同發(fā)展。
架構(gòu)
容器信息
[root@liumiao harbor]# docker-compose ps name command state ports ------------------------------------------------------------------------------------------------------------------------------ harbor-adminserver /harbor/start.sh up harbor-db /usr/local/bin/docker-entr ... up 3306/tcp harbor-jobservice /harbor/start.sh up harbor-log /bin/sh -c /usr/local/bin/ ... up 127.0.0.1:1514->10514/tcp harbor-ui /harbor/start.sh up nginx nginx -g daemon off; up 0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp, 0.0.0.0:80->80/tcp redis docker-entrypoint.sh redis ... up 6379/tcp registry /entrypoint.sh serve /etc/ ... up 5000/tcp [root@liumiao harbor]#
具體說明
proxy
proxy就是使用nginx作為反向代理,而整個的核心則在于nginx的設(shè)定文件,通過如下的設(shè)定文件可以清楚的看到harbor所解釋的將各個其他組件集成在一起的說明內(nèi)容,而實際的實現(xiàn)也基本上就是靠nginx的設(shè)定。
[root@liumiao harbor]# ls license common docker-compose.notary.yml ha harbor.v1.5.2.tar.gz open_source_license notice docker-compose.clair.yml docker-compose.yml harbor.cfg install.sh prepare [root@liumiao harbor]# cat common/config/nginx/nginx.conf worker_processes auto; events { worker_connections 1024; use epoll; multi_accept on; } http { tcp_nodelay on; # this is necessary for us to be able to disable request buffering in all cases proxy_http_version 1.1; upstream registry { server registry:5000; } upstream ui { server ui:8080; } log_format timed_combined '$remote_addr - ' '"$request" $status $body_bytes_sent ' '"$http_referer" "$http_user_agent" ' '$request_time $upstream_response_time $pipe'; access_log /dev/stdout timed_combined; server { listen 80; server_tokens off; # disable any limits to avoid http 413 for large image uploads client_max_body_size 0; location / { proxy_pass http://ui/; proxy_set_header host $host; proxy_set_header x-real-ip $remote_addr; proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for; # when setting up harbor behind other proxy, such as an nginx instance, remove the below line if the proxy already has similar settings. proxy_set_header x-forwarded-proto $scheme; proxy_buffering off; proxy_request_buffering off; } location /v1/ { return 404; } location /v2/ { proxy_pass http://ui/registryproxy/v2/; proxy_set_header host $http_host; proxy_set_header x-real-ip $remote_addr; proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for; # when setting up harbor behind other proxy, such as an nginx instance, remove the below line if the proxy already has similar settings. proxy_set_header x-forwarded-proto $scheme; proxy_buffering off; proxy_request_buffering off; } location /service/ { proxy_pass http://ui/service/; proxy_set_header host $host; proxy_set_header x-real-ip $remote_addr; proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for; # when setting up harbor behind other proxy, such as an nginx instance, remove the below line if the proxy already has similar settings. proxy_set_header x-forwarded-proto $scheme; proxy_buffering off; proxy_request_buffering off; } location /service/notifications { return 404; } } } [root@liumiao harbor]#
database
可以看到使用的是mariadb 10.2.14, harbor的數(shù)據(jù)庫名稱為registry
[root@liumiao harbor]# docker exec -it harbor-db sh sh-4.3# MySQL -uroot -pliumiaopw welcome to the mariadb monitor. commands end with ; or \g. your mariadb connection id is 21 server version: 10.2.14-mariadb source distribution copyright (c) 2000, 2018, oracle, mariadb corporation ab and others. type 'help;' or '\h' for help. type '\c' to clear the current input statement. mariadb [(none)]> show databases; +--------------------+ | database | +--------------------+ | information_schema | | mysql | | performance_schema | | registry | +--------------------+ 4 rows in set (0.00 sec) mariadb [(none)]>
數(shù)據(jù)庫表的信息進行確認后可以看到,當(dāng)前版本的這種使用方式下,數(shù)據(jù)庫的表有如下 20張表左右
mariadb [(none)]> use registry; reading table information for completion of table and column names you can turn off this feature to get a quicker startup with -a database changed mariadb [registry]> show tables; +-------------------------------+ | tables_in_registry | +-------------------------------+ | access | | access_log | | alembic_version | | clair_vuln_timestamp | | harbor_label | | harbor_resource_label | | img_scan_job | | img_scan_overview | | project | | project_member | | project_metadata | | properties | | replication_immediate_trigger | | replication_job | | replication_policy | | replication_target | | repository | | role | | user | | user_group | +-------------------------------+ 20 rows in set (0.00 sec) mariadb [registry]>
log collector
harbor中的日志缺省會在如下目錄下進行匯集和管理
[root@liumiao harbor]# ls /var/log/harbor adminserver.log jobservice.log mysql.log proxy.log redis.log registry.log ui.log [root@liumiao harbor]#
docker-compose.yml
[root@liumiao harbor]# cat docker-compose.yml version: '2' services: log: image: vmware/harbor-log:v1.5.2 container_name: harbor-log restart: always volumes: - /var/log/harbor/:/var/log/docker/:z - ./common/config/log/:/etc/logrotate.d/:z ports: - 127.0.0.1:1514:10514 networks: - harbor registry: image: vmware/registry-photon:v2.6.2-v1.5.2 container_name: registry restart: always volumes: - /data/registry:/storage:z - ./common/config/registry/:/etc/registry/:z networks: - harbor environment: - godebug=netDNS=cgo command: ["serve", "/etc/registry/config.yml"] depends_on: - log logging: driver: "syslog" options: syslog-address: "tcp://127.0.0.1:1514" tag: "registry" mysql: image: vmware/harbor-db:v1.5.2 container_name: harbor-db restart: always volumes: - /data/database:/var/lib/mysql:z networks: - harbor env_file: - ./common/config/db/env depends_on: - log logging: driver: "syslog" options: syslog-address: "tcp://127.0.0.1:1514" tag: "mysql" adminserver: image: vmware/harbor-adminserver:v1.5.2 container_name: harbor-adminserver env_file: - ./common/config/adminserver/env restart: always volumes: - /data/config/:/etc/adminserver/config/:z - /data/secretkey:/etc/adminserver/key:z - /data/:/data/:z networks: - harbor depends_on: - log logging: driver: "syslog" options: syslog-address: "tcp://127.0.0.1:1514" tag: "adminserver" ui: image: vmware/harbor-ui:v1.5.2 container_name: harbor-ui env_file: - ./common/config/ui/env restart: always volumes: - ./common/config/ui/app.conf:/etc/ui/app.conf:z - ./common/config/ui/private_key.pem:/etc/ui/private_key.pem:z - ./common/config/ui/certificates/:/etc/ui/certificates/:z - /data/secretkey:/etc/ui/key:z - /data/ca_download/:/etc/ui/ca/:z - /data/psc/:/etc/ui/token/:z networks: - harbor depends_on: - log - adminserver - registry logging: driver: "syslog" options: syslog-address: "tcp://127.0.0.1:1514" tag: "ui" jobservice: image: vmware/harbor-jobservice:v1.5.2 container_name: harbor-jobservice env_file: - ./common/config/jobservice/env restart: always volumes: - /data/job_logs:/var/log/jobs:z - ./common/config/jobservice/config.yml:/etc/jobservice/config.yml:z networks: - harbor depends_on: - redis - ui - adminserver logging: driver: "syslog" options: syslog-address: "tcp://127.0.0.1:1514" tag: "jobservice" redis: image: vmware/redis-photon:v1.5.2 container_name: redis restart: always volumes: - /data/redis:/data networks: - harbor depends_on: - log logging: driver: "syslog" options: syslog-address: "tcp://127.0.0.1:1514" tag: "redis" proxy: image: vmware/nginx-photon:v1.5.2 container_name: nginx restart: always volumes: - ./common/config/nginx:/etc/nginx:z networks: - harbor ports: - 80:80 - 443:443 - 4443:4443 depends_on: - mysql - registry - ui - log logging: driver: "syslog" options: syslog-address: "tcp://127.0.0.1:1514" tag: "proxy" networks: harbor: external: false [root@liumiao harbor]#
使用注意事項:自定義端口號
在前一篇文章的例子中我們使用默認的80口作為harbor的端口,如果希望進行更改(比如改為8848),按照如下步驟進行修改即可
設(shè)定內(nèi)容
可以通過查看數(shù)據(jù)庫的properties或者api/systeminfo來確認harbor設(shè)定項目的詳細信息
properties
[root@liumiao harbor]# docker exec -it harbor-db sh sh-4.3# mysql -uroot -pliumiaopw welcome to the mariadb monitor. commands end with ; or \g. your mariadb connection id is 153 server version: 10.2.14-mariadb source distribution copyright (c) 2000, 2018, oracle, mariadb corporation ab and others. type 'help;' or '\h' for help. type '\c' to clear the current input statement. mariadb [(none)]> use registry reading table information for completion of table and column names you can turn off this feature to get a quicker startup with -a database changed mariadb [registry]> select * from properties; +----+--------------------------------+----------------------------------------------+ | id | k | v | +----+--------------------------------+----------------------------------------------+ | 1 | cfg_expiration | 5 | | 2 | project_creation_restriction | everyone | | 3 | uaa_client_secret |cbvrpcg+p3onvnjh8vm+sjvlceskyg== | | 4 | clair_db_host | postgres | | 5 | token_service_url | http://ui:8080/service/token | | 6 | mysql_password | hdqd+pbhcg9ewk9df3rzm43fttpvcjdvyq== | | 7 | uaa_endpoint | uaa.mydomain.org | | 8 | max_job_workers | 50 | | 9 | sqlite_file | | | 10 | email_from | admin | | 11 | ldap_base_dn | ou=people,dc=mydomain,dc=com | | 12 | clair_db_port | 5432 | | 13 | mysql_port | 3306 | | 14 | ldap_search_dn | | | 15 | clair_db_username | postgres | | 16 | email_insecure | false | | 17 | database_type | mysql | | 18 | ldap_filter | | | 19 | with_notary | false | | 20 | admin_initial_password | 4zevd/gfbysdf9i6pfei/xivfghpitad3w== | | 21 | notary_url | http://notary-server:4443 | | 22 | auth_mode | db_auth | | 23 | ldap_group_search_scope | 2 | | 24 | ldap_uid | uid | | 25 | email_username | sample_admin@mydomain.com | | 26 | mysql_database | registry | | 27 | reload_key | | | 28 | clair_url | http://clair:6060 | | 29 | ldap_group_search_filter | objectclass=group | | 30 | email_password | h18ptbum5ojwtkozjj4x5loipw== | | 31 | email_ssl | false | | 32 | ldap_timeout | 5 | | 33 | uaa_client_id | id | | 34 | registry_storage_provider_name | filesystem | | 35 | self_registration | true | | 36 | email_port | 25 | | 37 | ui_url | http://ui:8080 | | 38 | token_expiration | 30 | | 39 | email_identity | | | 40 | clair_db | postgres | | 41 | uaa_verify_cert | true | | 42 | ldap_verify_cert | true | | 43 | ldap_group_attribute_name | cn | | 44 | mysql_host | mysql | | 45 | read_only | false | | 46 | ldap_url | ldaps://ldap.mydomain.com | | 47 | ext_endpoint | http://192.168.163.128 | | 48 | ldap_group_base_dn | ou=group,dc=mydomain,dc=com | | 49 | with_clair | false | | 50 | admiral_url | na | | 51 | ldap_scope | 2 | | 52 | registry_url | http://registry:5000 | | 53 | jobservice_url | http://jobservice:8080 | | 54 | email_host | smtp.mydomain.com | | 55 | ldap_search_password | f2qzkeeptqpsj9knsbwcxa== | | 56 | mysql_username | root | | 57 | clair_db_password | igbg3nxvt7qcygib+zizax+gojom7ao2vq== | +----+--------------------------------+----------------------------------------------+ 57 rows in set (0.00 sec) mariadb [registry]>
api/systeminfo
[root@liumiao harbor]# curl http://localhost/api/systeminfo { "with_notary": false, "with_clair": false, "with_admiral": false, "admiral_endpoint": "na", "auth_mode": "db_auth", "registry_url": "192.168.163.128", "project_creation_restriction": "everyone", "self_registration": true, "has_ca_root": false, "harbor_version": "v1.5.2-8e61deae", "next_scan_all": 0, "registry_storage_provider_name": "filesystem", "read_only": false }[root@liumiao harbor]#
到此,關(guān)于“docker私庫Harbor的架構(gòu)與組件是什么”的學(xué)習(xí)就結(jié)束了,希望能夠解決大家的疑惑。理論與實踐的搭配能更好的幫助大家學(xué)習(xí),快去試試吧!若想繼續(xù)學(xué)習(xí)更多相關(guān)知識,請繼續(xù)關(guān)注創(chuàng)新互聯(lián)網(wǎng)站,小編會繼續(xù)努力為大家?guī)砀鄬嵱玫奈恼拢?/p>
當(dāng)前題目:docker私庫Harbor的架構(gòu)與組件是什么
URL地址:http://weahome.cn/article/pipshd.html