Architecture and component description of docker private library Harbor

Architecture and component description of docker private library Harbor

This article will explain the composition of the Harbor architecture and how to use each component at runtime.

Architecture

Container information

[root@liumiao harbor]# docker-compose ps
    Name Command State Ports                
------------------------------------------------------------------------------------------------------------------------------
harbor-adminserver /harbor/start.sh Up                          
harbor-db /usr/local/bin/docker-entr ... Up 3306/tcp                       
harbor-jobservice /harbor/start.sh Up                          
harbor-log /bin/sh -c /usr/local/bin/ ... Up 127.0.0.1:1514->10514/tcp                    
harbor-ui /harbor/start.sh Up                          
nginx nginx -g daemon off; Up 0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp, 0.0.0.0:80->80/tcp 
redis docker-entrypoint.sh redis ... Up 6379/tcp                       
registry /entrypoint.sh serve /etc/ ... Up 5000/tcp [root@liumiao harbor]#

Specific instructions

proxy

Proxy uses nginx as a reverse proxy, and the core of the whole process lies in the nginx configuration file. Through the following configuration file, you can clearly see the instructions of harbor for integrating various other components together, and the actual implementation basically depends on the nginx settings.

[root@liumiao harbor]# ls
LICENSE common docker-compose.notary.yml ha harbor.v1.5.2.tar.gz open_source_license
NOTICE docker-compose.clair.yml docker-compose.yml harbor.cfg install.sh prepare
[root@liumiao harbor]# cat common/config/nginx/nginx.conf 
worker_processes auto;
events {
 worker_connections 1024;
 use epoll;
 multi_accept on;
}
http {
 tcp_nodelay on;
 # this is necessary for us to be able to disable request buffering in all cases
 proxy_http_version 1.1;
 upstream registry {
  server-registry:5000;
 }
 upstream ui {
  server-ui:8080;
 }
 log_format timed_combined '$remote_addr - '
  '"$request" $status $body_bytes_sent '
  '"$http_referer" "$http_user_agent" '
  '$request_time $upstream_response_time $pipe';
 access_log /dev/stdout timed_combined;
 server {
  listen 80;
  server_tokens off;
  # disable any limits to avoid HTTP 413 for large image uploads
  client_max_body_size 0;
  location / {
   proxy_pass http://ui/;
   proxy_set_header Host $host;
   proxy_set_header X-Real-IP $remote_addr;
   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
   # When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings.
   proxy_set_header X-Forwarded-Proto $scheme;
   proxy_buffering off;
   proxy_request_buffering off;
  }
  location /v1/ {
   return 404;
  }
  location /v2/ {
   proxy_pass http://ui/registryproxy/v2/;
   proxy_set_header Host $http_host;
   proxy_set_header X-Real-IP $remote_addr;
   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
   # When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings.
   proxy_set_header X-Forwarded-Proto $scheme;
   proxy_buffering off;
   proxy_request_buffering off;
  }
  location /service/ {
   proxy_pass http://ui/service/;
   proxy_set_header Host $host;
   proxy_set_header X-Real-IP $remote_addr;
   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
   # When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings.
   proxy_set_header X-Forwarded-Proto $scheme;
   proxy_buffering off;
   proxy_request_buffering off;
  }
  location /service/notifications {
   return 404;
  }
 }
}
[root@liumiao harbor]#

database

You can see that MariaDB 10.2.14 is used, and the database name of harbor is registry

[root@liumiao harbor]# docker exec -it harbor-db sh
sh-4.3#mysql -uroot -pliumiaopw
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 21
Server version: 10.2.14-MariaDB Source distribution
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
|mysql |
| performance_schema |
| registry |
+--------------------+
4 rows in set (0.00 sec)
MariaDB [(none)]>

After confirming the information of the database table, you can see that in the current version of this usage mode, the database has about 20 tables as follows

MariaDB [(none)]> use registry;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
MariaDB [registry]> show tables;
+-------------------------------+
| Tables_in_registry |
+-------------------------------+
| access |
| access_log |
| alembic_version |
|clair_vuln_timestamp|
|harbor_label|
| harbor_resource_label |
| img_scan_job |
| img_scan_overview |
| project |
| project_member |
| project_metadata |
| properties |
| replication_immediate_trigger |
| replication_job |
| replication_policy |
| replication_target |
| repository |
| role |
| user |
| user_group |
+-------------------------------+
20 rows in set (0.00 sec)
MariaDB [registry]>

Log collector

By default, the logs in harbor will be collected and managed in the following directories

[root@liumiao harbor]# ls /var/log/harbor
adminserver.log jobservice.log mysql.log proxy.log redis.log registry.log ui.log
[root@liumiao harbor]#

docker-compose.yml

[root@liumiao harbor]# cat docker-compose.yml 
version: '2'
services:
 log:
  image: vmware/harbor-log:v1.5.2
  container_name: harbor-log 
  restart: always
  volumes:
   - /var/log/harbor/:/var/log/docker/:z
   - ./common/config/log/:/etc/logrotate.d/:z
  ports:
   - 127.0.0.1:1514:10514
  networks:
   -harbor
 registry:
  image: vmware/registry-photon:v2.6.2-v1.5.2
  container_name: registry
  restart: always
  volumes:
   - /data/registry:/storage:z
   - ./common/config/registry/:/etc/registry/:z
  networks:
   -harbor
  environment:
   -GODEBUG=netdns=cgo
  command:
   ["serve", "/etc/registry/config.yml"]
  depends_on:
   -log
  logging:
   driver: "syslog"
   options: 
    syslog-address: "tcp://127.0.0.1:1514"
    tag: "registry"
 mysql:
  image: vmware/harbor-db:v1.5.2
  container_name: harbor-db
  restart: always
  volumes:
   - /data/database:/var/lib/mysql:z
  networks:
   -harbor
  env_file:
   - ./common/config/db/env
  depends_on:
   -log
  logging:
   driver: "syslog"
   options: 
    syslog-address: "tcp://127.0.0.1:1514"
    tag: "mysql"
 adminserver:
  image: vmware/harbor-adminserver:v1.5.2
  container_name: harbor-adminserver
  env_file:
   - ./common/config/adminserver/env
  restart: always
  volumes:
   - /data/config/:/etc/adminserver/config/:z
   - /data/secretkey:/etc/adminserver/key:z
   - /data/:/data/:z
  networks:
   -harbor
  depends_on:
   -log
  logging:
   driver: "syslog"
   options: 
    syslog-address: "tcp://127.0.0.1:1514"
    tag: "adminserver"
 ui:
  image: vmware/harbor-ui:v1.5.2
  container_name: harbor-ui
  env_file:
   - ./common/config/ui/env
  restart: always
  volumes:
   - ./common/config/ui/app.conf:/etc/ui/app.conf:z
   - ./common/config/ui/private_key.pem:/etc/ui/private_key.pem:z
   - ./common/config/ui/certificates/:/etc/ui/certificates/:z
   - /data/secretkey:/etc/ui/key:z
   - /data/ca_download/:/etc/ui/ca/:z
   - /data/psc/:/etc/ui/token/:z
  networks:
   -harbor
  depends_on:
   -log
   -adminserver
   - registry
  logging:
   driver: "syslog"
   options: 
    syslog-address: "tcp://127.0.0.1:1514"
    tag: "ui"
 jobservice:
  image: vmware/harbor-jobservice:v1.5.2
  container_name: harbor-jobservice
  env_file:
   - ./common/config/jobservice/env
  restart: always
  volumes:
   - /data/job_logs:/var/log/jobs:z
   - ./common/config/jobservice/config.yml:/etc/jobservice/config.yml:z
  networks:
   -harbor
  depends_on:
   - redis
   - ui
   -adminserver
  logging:
   driver: "syslog"
   options: 
    syslog-address: "tcp://127.0.0.1:1514"
    tag: "jobservice"
 redis:
  image: vmware/redis-photon:v1.5.2
  container_name: redis
  restart: always
  volumes:
   - /data/redis:/data
  networks:
   -harbor
  depends_on:
   -log
  logging:
   driver: "syslog"
   options: 
    syslog-address: "tcp://127.0.0.1:1514"
    tag: "redis"
 proxy:
  image: vmware/nginx-photon:v1.5.2
  container_name: nginx
  restart: always
  volumes:
   - ./common/config/nginx:/etc/nginx:z
  networks:
   -harbor
  ports:
   - 80:80
   -443:443
   -4443:4443
  depends_on:
   -mysql
   - registry
   - ui
   -log
  logging:
   driver: "syslog"
   options: 
    syslog-address: "tcp://127.0.0.1:1514"
    tag: "proxy"
networks:
 harbor:
  external: false
[root@liumiao harbor]#

Note: Custom port number

In the example of the previous article, we use the default port 80 as the harbor port. If you want to change it (for example, to 8848), follow the steps below to modify it.

Setting content

You can check the detailed information of the harbor setting items by viewing the database properties or api/systeminfo

properties

[root@liumiao harbor]# docker exec -it harbor-db sh
sh-4.3#mysql -uroot -pliumiaopw
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 153
Server version: 10.2.14-MariaDB Source distribution
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> use registry
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
MariaDB [registry]> select * from properties;
+----+--------------------------------+----------------------------------------------+
| id | k | v |
+----+--------------------------------+----------------------------------------------+
| 1 | cfg_expiration | 5 |
| 2 | project_creation_restriction | everyone |
| 3 | uaa_client_secret | <enc-v1>cBvRPcG+p3oNVnJh8VM+SjvlcEsKYg== |
| 4 | clair_db_host | postgres |
| 5 | token_service_url | http://ui:8080/service/token |
| 6 | mysql_password | <enc-v1>HDqd+PbHcG9EWK9DF3RzM43fTtPvCjdvyQ== |
| 7 | uaa_endpoint | uaa.mydomain.org |
| 8 | max_job_workers | 50 |
| 9 | sqlite_file | |
| 10 | email_from | admin <[email protected]> |
| 11 | ldap_base_dn | ou=people,dc=mydomain,dc=com |
| 12 | clair_db_port | 5432 |
| 13 | mysql_port | 3306 |
| 14 | ldap_search_dn | |
| 15 | clair_db_username | postgres |
| 16 | email_insecure | false |
| 17 | database_type | mysql |
| 18 | ldap_filter | |
| 19 | with_notary | false |
| 20 | admin_initial_password | <enc-v1>4ZEvd/GfBYSdF9I6PfeI/XIvfGhPITaD3w== |
| 21 | notary_url | http://notary-server:4443 |
| 22 | auth_mode | db_auth |
| 23 | ldap_group_search_scope | 2 |
| 24 | ldap_uid | uid |
| 25 | email_username | [email protected] |
| 26 | mysql_database | registry |
| 27 | reload_key | |
| 28 | clair_url | http://clair:6060 |
| 29 | ldap_group_search_filter | objectclass=group |
| 30 | email_password | <enc-v1>h18ptbUM5oJwtKOzjJ4X5LOiPw== |
| 31 | email_ssl | false |
| 32 | ldap_timeout | 5 |
| 33 | uaa_client_id | id |
| 34 | registry_storage_provider_name | filesystem |
| 35 | self_registration | true |
| 36 | email_port | 25 |
| 37 | ui_url | http://ui:8080 |
| 38 | token_expiration | 30 |
| 39 | email_identity | |
| 40 | clair_db | postgres |
| 41 | uaa_verify_cert | true |
| 42 | ldap_verify_cert | true |
| 43 | ldap_group_attribute_name | cn |
| 44 | mysql_host | mysql |
| 45 | read_only | false |
| 46 | ldap_url | ldaps://ldap.mydomain.com |
| 47 | ext_endpoint | http://192.168.163.128 |
| 48 | ldap_group_base_dn | ou=group,dc=mydomain,dc=com |
| 49 | with_clair | false |
| 50 | admiral_url | NA |
| 51 | ldap_scope | 2 |
| 52 | registry_url | http://registry:5000 |
| 53 | jobservice_url | http://jobservice:8080 |
| 54 | email_host | smtp.mydomain.com |
| 55 | ldap_search_password | <enc-v1>F2QZkeEPTQPsJ9KNsBWcXA== |
| 56 | mysql_username | root |
| 57 | clair_db_password | <enc-v1>IGBg3NxvT7qCYGIB+zizax+GojoM7ao2VQ== |
+----+--------------------------------+----------------------------------------------+
57 rows in set (0.00 sec)
MariaDB [registry]>

api/systeminfo

[root@liumiao harbor]# curl http://localhost/api/systeminfo 
{
 "with_notary": false,
 "with_clair": false,
 "with_admiral": false,
 "admiral_endpoint": "NA",
 "auth_mode": "db_auth",
 "registry_url": "192.168.163.128",
 "project_creation_restriction": "everyone",
 "self_registration": true,
 "has_ca_root": false,
 "harbor_version": "v1.5.2-8e61deae",
 "next_scan_all": 0,
 "registry_storage_provider_name": "filesystem",
 "read_only": false
}[root@liumiao harbor]#

Summarize

The above is the full content of this article. I hope that the content of this article will have certain reference learning value for your study or work. Thank you for your support of 123WORDPRESS.COM. If you want to learn more about this, please check out the following links

You may also be interested in:
  • How to install common components (mysql, redis) in Docker
  • Detailed explanation of the union file system of Docker core components

<<:  Solution to MySQL being unable to start due to excessive memory configuration

>>:  Sample code for implementing menu permission control in Vue

Blog    

Recommend

Detailed explanation of MySQL foreign key constraints

Official documentation: https://dev.mysql.com/doc...

In-depth discussion of memory principles: Are variables stored in the heap or stack in JS?

Table of contents 1. The elephant that can’t fit ...

Using CSS to implement image frame animation and curve motion

The basic principle of all animations is to displ...

Detailed steps to install the specified version of docker (1.12.6) using rpm

1. Reasons If the system is Centos7.3, the Docker...

Linux Samba server super detailed installation and configuration (with problem solving)

Table of contents Introduction to Samba Server Sa...

Using nginx + fastcgi to implement image recognition server

background A specific device is used to perform i...

Detailed explanation of HTML page header code example

Knowledge point 1: Set the base URL of the web pa...

How to limit the value range of object keys in TypeScript

When we use TypeScript, we want to use the type s...

Ubuntu Basic Tutorial: apt-get Command

Preface The apt-get command is a package manageme...

Detailed explanation of triangle drawing and clever application examples in CSS

lead Some common triangles on web pages can be dr...

Alibaba Cloud applies for a free SSL certificate (https) from Cloud Shield

Because the project needs to use https service, I...

Analysis of the project process in idea packaging and uploading to cloud service

one. First of all, you have to package it in idea...

How to view the status of remote server files in Linux

As shown below: The test command determines wheth...

Tutorial on disabling and enabling triggers in MySQL [Recommended]

When using MYSQL, triggers are often used, but so...

HTML markup language - table tag

Click here to return to the 123WORDPRESS.COM HTML ...