Architecture and component description of docker private library Harbor
|
This article will explain the composition of the Harbor architecture and how to use each component at runtime. Architecture
Container information
[root@liumiao harbor]# docker-compose ps
Name Command State Ports
------------------------------------------------------------------------------------------------------------------------------
harbor-adminserver /harbor/start.sh Up
harbor-db /usr/local/bin/docker-entr ... Up 3306/tcp
harbor-jobservice /harbor/start.sh Up
harbor-log /bin/sh -c /usr/local/bin/ ... Up 127.0.0.1:1514->10514/tcp
harbor-ui /harbor/start.sh Up
nginx nginx -g daemon off; Up 0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp, 0.0.0.0:80->80/tcp
redis docker-entrypoint.sh redis ... Up 6379/tcp
registry /entrypoint.sh serve /etc/ ... Up 5000/tcp [root@liumiao harbor]#Specific instructions
proxy Proxy uses nginx as a reverse proxy, and the core of the whole process lies in the nginx configuration file. Through the following configuration file, you can clearly see the instructions of harbor for integrating various other components together, and the actual implementation basically depends on the nginx settings.
[root@liumiao harbor]# ls
LICENSE common docker-compose.notary.yml ha harbor.v1.5.2.tar.gz open_source_license
NOTICE docker-compose.clair.yml docker-compose.yml harbor.cfg install.sh prepare
[root@liumiao harbor]# cat common/config/nginx/nginx.conf
worker_processes auto;
events {
worker_connections 1024;
use epoll;
multi_accept on;
}
http {
tcp_nodelay on;
# this is necessary for us to be able to disable request buffering in all cases
proxy_http_version 1.1;
upstream registry {
server-registry:5000;
}
upstream ui {
server-ui:8080;
}
log_format timed_combined '$remote_addr - '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent" '
'$request_time $upstream_response_time $pipe';
access_log /dev/stdout timed_combined;
server {
listen 80;
server_tokens off;
# disable any limits to avoid HTTP 413 for large image uploads
client_max_body_size 0;
location / {
proxy_pass http://ui/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings.
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
proxy_request_buffering off;
}
location /v1/ {
return 404;
}
location /v2/ {
proxy_pass http://ui/registryproxy/v2/;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings.
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
proxy_request_buffering off;
}
location /service/ {
proxy_pass http://ui/service/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings.
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
proxy_request_buffering off;
}
location /service/notifications {
return 404;
}
}
}
[root@liumiao harbor]#database You can see that MariaDB 10.2.14 is used, and the database name of harbor is registry [root@liumiao harbor]# docker exec -it harbor-db sh sh-4.3#mysql -uroot -pliumiaopw Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 21 Server version: 10.2.14-MariaDB Source distribution Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> show databases; +--------------------+ | Database | +--------------------+ | information_schema | |mysql | | performance_schema | | registry | +--------------------+ 4 rows in set (0.00 sec) MariaDB [(none)]> After confirming the information of the database table, you can see that in the current version of this usage mode, the database has about 20 tables as follows MariaDB [(none)]> use registry; Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A Database changed MariaDB [registry]> show tables; +-------------------------------+ | Tables_in_registry | +-------------------------------+ | access | | access_log | | alembic_version | |clair_vuln_timestamp| |harbor_label| | harbor_resource_label | | img_scan_job | | img_scan_overview | | project | | project_member | | project_metadata | | properties | | replication_immediate_trigger | | replication_job | | replication_policy | | replication_target | | repository | | role | | user | | user_group | +-------------------------------+ 20 rows in set (0.00 sec) MariaDB [registry]> Log collector By default, the logs in harbor will be collected and managed in the following directories [root@liumiao harbor]# ls /var/log/harbor adminserver.log jobservice.log mysql.log proxy.log redis.log registry.log ui.log [root@liumiao harbor]# docker-compose.yml
[root@liumiao harbor]# cat docker-compose.yml
version: '2'
services:
log:
image: vmware/harbor-log:v1.5.2
container_name: harbor-log
restart: always
volumes:
- /var/log/harbor/:/var/log/docker/:z
- ./common/config/log/:/etc/logrotate.d/:z
ports:
- 127.0.0.1:1514:10514
networks:
-harbor
registry:
image: vmware/registry-photon:v2.6.2-v1.5.2
container_name: registry
restart: always
volumes:
- /data/registry:/storage:z
- ./common/config/registry/:/etc/registry/:z
networks:
-harbor
environment:
-GODEBUG=netdns=cgo
command:
["serve", "/etc/registry/config.yml"]
depends_on:
-log
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "registry"
mysql:
image: vmware/harbor-db:v1.5.2
container_name: harbor-db
restart: always
volumes:
- /data/database:/var/lib/mysql:z
networks:
-harbor
env_file:
- ./common/config/db/env
depends_on:
-log
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "mysql"
adminserver:
image: vmware/harbor-adminserver:v1.5.2
container_name: harbor-adminserver
env_file:
- ./common/config/adminserver/env
restart: always
volumes:
- /data/config/:/etc/adminserver/config/:z
- /data/secretkey:/etc/adminserver/key:z
- /data/:/data/:z
networks:
-harbor
depends_on:
-log
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "adminserver"
ui:
image: vmware/harbor-ui:v1.5.2
container_name: harbor-ui
env_file:
- ./common/config/ui/env
restart: always
volumes:
- ./common/config/ui/app.conf:/etc/ui/app.conf:z
- ./common/config/ui/private_key.pem:/etc/ui/private_key.pem:z
- ./common/config/ui/certificates/:/etc/ui/certificates/:z
- /data/secretkey:/etc/ui/key:z
- /data/ca_download/:/etc/ui/ca/:z
- /data/psc/:/etc/ui/token/:z
networks:
-harbor
depends_on:
-log
-adminserver
- registry
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "ui"
jobservice:
image: vmware/harbor-jobservice:v1.5.2
container_name: harbor-jobservice
env_file:
- ./common/config/jobservice/env
restart: always
volumes:
- /data/job_logs:/var/log/jobs:z
- ./common/config/jobservice/config.yml:/etc/jobservice/config.yml:z
networks:
-harbor
depends_on:
- redis
- ui
-adminserver
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "jobservice"
redis:
image: vmware/redis-photon:v1.5.2
container_name: redis
restart: always
volumes:
- /data/redis:/data
networks:
-harbor
depends_on:
-log
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "redis"
proxy:
image: vmware/nginx-photon:v1.5.2
container_name: nginx
restart: always
volumes:
- ./common/config/nginx:/etc/nginx:z
networks:
-harbor
ports:
- 80:80
-443:443
-4443:4443
depends_on:
-mysql
- registry
- ui
-log
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "proxy"
networks:
harbor:
external: false
[root@liumiao harbor]#Note: Custom port number In the example of the previous article, we use the default port 80 as the harbor port. If you want to change it (for example, to 8848), follow the steps below to modify it.
Setting content You can check the detailed information of the harbor setting items by viewing the database properties or api/systeminfo properties [root@liumiao harbor]# docker exec -it harbor-db sh sh-4.3#mysql -uroot -pliumiaopw Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 153 Server version: 10.2.14-MariaDB Source distribution Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> use registry Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A Database changed MariaDB [registry]> select * from properties; +----+--------------------------------+----------------------------------------------+ | id | k | v | +----+--------------------------------+----------------------------------------------+ | 1 | cfg_expiration | 5 | | 2 | project_creation_restriction | everyone | | 3 | uaa_client_secret | <enc-v1>cBvRPcG+p3oNVnJh8VM+SjvlcEsKYg== | | 4 | clair_db_host | postgres | | 5 | token_service_url | http://ui:8080/service/token | | 6 | mysql_password | <enc-v1>HDqd+PbHcG9EWK9DF3RzM43fTtPvCjdvyQ== | | 7 | uaa_endpoint | uaa.mydomain.org | | 8 | max_job_workers | 50 | | 9 | sqlite_file | | | 10 | email_from | admin <[email protected]> | | 11 | ldap_base_dn | ou=people,dc=mydomain,dc=com | | 12 | clair_db_port | 5432 | | 13 | mysql_port | 3306 | | 14 | ldap_search_dn | | | 15 | clair_db_username | postgres | | 16 | email_insecure | false | | 17 | database_type | mysql | | 18 | ldap_filter | | | 19 | with_notary | false | | 20 | admin_initial_password | <enc-v1>4ZEvd/GfBYSdF9I6PfeI/XIvfGhPITaD3w== | | 21 | notary_url | http://notary-server:4443 | | 22 | auth_mode | db_auth | | 23 | ldap_group_search_scope | 2 | | 24 | ldap_uid | uid | | 25 | email_username | [email protected] | | 26 | mysql_database | registry | | 27 | reload_key | | | 28 | clair_url | http://clair:6060 | | 29 | ldap_group_search_filter | objectclass=group | | 30 | email_password | <enc-v1>h18ptbUM5oJwtKOzjJ4X5LOiPw== | | 31 | email_ssl | false | | 32 | ldap_timeout | 5 | | 33 | uaa_client_id | id | | 34 | registry_storage_provider_name | filesystem | | 35 | self_registration | true | | 36 | email_port | 25 | | 37 | ui_url | http://ui:8080 | | 38 | token_expiration | 30 | | 39 | email_identity | | | 40 | clair_db | postgres | | 41 | uaa_verify_cert | true | | 42 | ldap_verify_cert | true | | 43 | ldap_group_attribute_name | cn | | 44 | mysql_host | mysql | | 45 | read_only | false | | 46 | ldap_url | ldaps://ldap.mydomain.com | | 47 | ext_endpoint | http://192.168.163.128 | | 48 | ldap_group_base_dn | ou=group,dc=mydomain,dc=com | | 49 | with_clair | false | | 50 | admiral_url | NA | | 51 | ldap_scope | 2 | | 52 | registry_url | http://registry:5000 | | 53 | jobservice_url | http://jobservice:8080 | | 54 | email_host | smtp.mydomain.com | | 55 | ldap_search_password | <enc-v1>F2QZkeEPTQPsJ9KNsBWcXA== | | 56 | mysql_username | root | | 57 | clair_db_password | <enc-v1>IGBg3NxvT7qCYGIB+zizax+GojoM7ao2VQ== | +----+--------------------------------+----------------------------------------------+ 57 rows in set (0.00 sec) MariaDB [registry]> api/systeminfo
[root@liumiao harbor]# curl http://localhost/api/systeminfo
{
"with_notary": false,
"with_clair": false,
"with_admiral": false,
"admiral_endpoint": "NA",
"auth_mode": "db_auth",
"registry_url": "192.168.163.128",
"project_creation_restriction": "everyone",
"self_registration": true,
"has_ca_root": false,
"harbor_version": "v1.5.2-8e61deae",
"next_scan_all": 0,
"registry_storage_provider_name": "filesystem",
"read_only": false
}[root@liumiao harbor]#Summarize The above is the full content of this article. I hope that the content of this article will have certain reference learning value for your study or work. Thank you for your support of 123WORDPRESS.COM. If you want to learn more about this, please check out the following links You may also be interested in:
|
<<: Solution to MySQL being unable to start due to excessive memory configuration
>>: Sample code for implementing menu permission control in Vue
Recommend
Analysis of MySQL cumulative aggregation principle and usage examples
This article uses examples to illustrate the prin...
js to implement collision detection
This article example shares the specific code of ...
How to change the root password in a container using Docker
1. Use the following command to set the ssh passw...
Introduction to local components in Vue
In Vue, we can define (register) local components...
A brief discussion on what situations in MySQL will cause index failure
Here are some tips from training institutions and...
Detailed graphic explanation of MySql5.7.18 character set configuration
Background: A long time ago (2017.6.5, the articl...
Summary of commonly used tool functions in Vue projects
Table of contents Preface 1. Custom focus command...
A brief discussion on the differences between the three major databases: Mysql, SqlServer, and Oracle
MySQL advantage: Small size, fast speed, low tota...
Linux centOS installation JDK and Tomcat tutorial
First download JDK. Here we use jdk-8u181-linux-x...
CSS3 realizes the childhood paper airplane
Today we are going to make origami airplanes (the...
CSS style writing order and naming conventions and precautions
The significance of writing order Reduce browser ...
Two ways to clear table data in MySQL and their differences
There are two ways to delete data in MySQL: Trunc...
You may need a large-screen digital scrolling effect like this
The large-screen digital scrolling effect comes f...
Create a movable stack widget function using flutter
This post focuses on a super secret Flutter proje...
Example of using the href attribute and onclick event of a tag
The a tag is mainly used to implement page jump, ...