Shulou(Shulou.com)06/02 Report--

This article takes a look at the composition of the harbor architecture and how the various components of the runtime are used.

Architecture

Container information

[root@liumiao harbor] # docker-compose ps Name Command State Ports -harbor-adminserver / harbor/start.sh Up harbor-db / usr/local/bin/docker-entr... Up 3306/tcp harbor-jobservice / harbor/start.sh Up harbor-log / bin/sh-c / usr/local/bin/. Up 127.0.0.1 Up 1514-> 10514/tcp harbor-ui / harbor/start.sh Up nginx nginx-g daemon off; Up 0.0.0.0 g daemon off; Up 443-> 443/tcp, 0.0.0.0 g daemon off; Up 4443-> 4443/tcp, 0.0.0.0 harbor/start.sh Up nginx nginx 80-> 80/tcp redis docker-entrypoint.sh redis. Up 6379/tcp registry / entrypoint.sh serve / etc/... Up 5000/tcp [root@liumiao harbor] #

Specific description

Proxy

Proxy uses nginx as a reverse proxy, and the core of the whole lies in the setting file of nginx. Through the following setting file, you can clearly see the instructions explained by harbor to integrate other components together, and the actual implementation basically depends on the setting of nginx.

[root@liumiao harbor] # lsLICENSE common docker-compose.notary.yml ha harbor.v1.5.2.tar.gz open_source_licenseNOTICE docker-compose.clair.yml docker-compose.yml harbor.cfg install.sh prepare [root@liumiao harbor] # cat common/config/nginx/nginx.conf worker_processes auto;events {worker_connections 1024; use epoll; multi_accept on;} http {tcp_nodelay on # this is necessary for us to be able to disable request buffering in all cases proxy_http_version 1.1; upstream registry {server registry:5000;} upstream ui {server ui:8080;} log_format timed_combined'$remote_addr -''"$request" $status $body_bytes_sent''"$http_referer"$http_user_agent"''$request_time $upstream_response_time $pipe'; access_log / dev/stdout timed_combined; server {listen 80; server_tokens off # disable any limits to avoid HTTP 413 for large image uploads client_max_body_size 0; location / {proxy_pass http://ui/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings. Proxy_set_header X-Forwarded-Proto $scheme; proxy_buffering off; proxy_request_buffering off;} location / v1 / {return 404;} location / v2 / {proxy_pass http://ui/registryproxy/v2/; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for # When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings. Proxy_set_header X-Forwarded-Proto $scheme; proxy_buffering off; proxy_request_buffering off;} location / service/ {proxy_pass http://ui/service/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings. Proxy_set_header X-Forwarded-Proto $scheme; proxy_buffering off; proxy_request_buffering off;} location / service/notifications {return 404;} [root@liumiao harbor] #

Database

You can see that MariaDB 10.2.14 is used, and the database name of harbor is registry

[root@liumiao harbor] # docker exec-it harbor-db shsh-4.3# mysql-uroot-pliumiaopwWelcome to the MariaDB monitor Commands end with; or\ g.Your MariaDB connection id is 21Server version: 10.2.14-MariaDB Source distributionCopyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.Type 'help;' or'\ h' for help. Type'\ c' to clear the current input statement.MariaDB [(none)] > show databases;+-+ | Database | +-+ | information_schema | | mysql | | performance_schema | | registry | +-+ 4 rows in set (0.00 sec) MariaDB [(none)] >

After confirming the information of the database tables, we can see that under the current version, there are about 20 tables in the database.

MariaDB [(none)] > use registry;Reading table information for completion of table and column namesYou can turn off this feature to get a quicker startup with-ADatabase changedMariaDB [registry] > show tables +-- + | Tables_in_registry | +-+ | access | | access_log | | alembic_version | | clair_vuln_timestamp | | harbor_label | | harbor_resource_label | | img _ scan_job | | img_scan_overview | | project | | project_member | | project_metadata | | properties | | replication_immediate_trigger | | replication_job | | replication_policy | | replication_target | | repository | | role | | user | | user_group | +- -+ 20 rows in set (0.00 sec) MariaDB [registry] >

Log collector

Logs in harbor are collected and managed by default in the following directory

[root@liumiao harbor] # ls / var/log/harboradminserver.log jobservice.log mysql.log proxy.log redis.log registry.log ui.log [root@liumiao harbor] #

Docker-compose.yml

[root@liumiao harbor] # cat docker-compose.yml version: '2'services: log: image: vmware/harbor-log:v1.5.2 container_name: harbor-log restart: always volumes:-/ var/log/harbor/:/var/log/docker/:z -. / common/config/log/:/etc/logrotate.d/:z ports:-127.0.0.1 networks:-harbor registry: image: vmware / registry-photon:v2.6.2-v1.5.2 container_name: registry restart: always volumes:-/ data/registry:/storage:z -. / common/config/registry/:/etc/registry/:z networks:-harbor environment:-GODEBUG=netdns=cgo command: ["serve" "/ etc/registry/config.yml" depends_on:-log logging: driver: "syslog" options: syslog-address: "tcp://127.0.0.1:1514" tag: "registry" mysql: image: vmware/harbor-db:v1.5.2 container_name: harbor-db restart: always volumes:-/ data/database:/var/lib/mysql:z networks:-harbor env_file: -. / common/config/db/env depends_on:-log logging: driver: "syslog" options: syslog-address: "tcp://127.0.0.1:1514" tag: "mysql" adminserver: image: vmware/harbor-adminserver:v1.5.2 container_name: harbor-adminserver env_file: -. / common/config/adminserver/env restart: always volumes:-/ data/config/:/etc/adminserver / config/:z-/ data/secretkey:/etc/adminserver/key:z-/ data/:/data/:z networks:-harbor depends_on:-log logging: driver: "syslog" options: syslog-address: "tcp://127.0.0.1:1514" tag: "adminserver" ui: image: vmware/harbor-ui:v1.5.2 container_name: harbor-ui env_file:- . / common/config/ui/env restart: always volumes: -. / common/config/ui/app.conf:/etc/ui/app.conf:z -. / common/config/ui/private_key.pem:/etc/ui/private_key.pem:z -. / common/config/ui/certificates/:/etc/ui/certificates/:z-/ data/secretkey:/etc/ui/key:z-/ data/ca_download/:/ Etc/ui/ca/:z-/ data/psc/:/etc/ui/token/:z networks:-harbor depends_on:-log- adminserver-registry logging: driver: "syslog" options: syslog-address: "tcp://127.0.0.1:1514" tag: "ui" jobservice: image: vmware/harbor-jobservice:v1.5.2 container_name: harbor-jobservice env_file:- / common/config/jobservice/env restart: always volumes:-/ data/job_logs:/var/log/jobs:z -. / common/config/jobservice/config.yml:/etc/jobservice/config.yml:z networks:-harbor depends_on:-redis-ui-adminserver logging: driver: "syslog" options: syslog-address: "tcp://127.0.0.1:1514" tag: "jobservice" redis : image: vmware/redis-photon:v1.5.2 container_name: redis restart: always volumes:-/ data/redis:/data networks:-harbor depends_on:-log logging: driver: "syslog" options: syslog-address: "tcp://127.0.0.1:1514" tag: "redis" proxy: image: vmware/nginx-photon:v1.5.2 container_name: nginx restart: always volumes: -. / common/config/nginx:/etc/nginx:z networks:-harbor ports:-80:80-443 mysql-registry-ui-log logging: driver: "syslog" options: syslog-address: "tcp://127.0.0.1:1514" tag: "proxy" networks: harbor: external: false [root@liumiao harbor] #

Usage considerations: custom port number

In the example of the previous article, we used the default port of 80 as the port of harbor. If you want to change it (for example, change it to 8848), follow these steps to modify it.

Set content

You can confirm the details of the harbor settings project by looking at the properties or api/systeminfo of the database

Properties

[root@liumiao harbor] # docker exec-it harbor-db shsh-4.3# mysql-uroot-pliumiaopwWelcome to the MariaDB monitor Commands end with; or\ g.Your MariaDB connection id is 153Server version: 10.2.14-MariaDB Source distributionCopyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.Type 'help;' or'\ h' for help. Type'\ c' to clear the current input statement.MariaDB [(none)] > use registryReading table information for completion of table and column namesYou can turn off this feature to get a quicker startup with-ADatabase changedMariaDB [registry] > select * from properties +-+-- +-+ | id | k | v | + -- +-+ | 1 | cfg_expiration | 5 | | 2 | project_creation_restriction | everyone | | 3 | uaa_client _ secret | cBvRPcG+p3oNVnJh8VM+SjvlcEsKYg== | 4 | clair_db_host | postgres | | 5 | token_service_url | http://ui:8080/service/token | | 6 | mysql_password | HDqd+PbHcG9EWK9DF3RzM43fTtPvCjdvyQ== | | 7 | uaa_endpoint | uaa.mydomain.org | | 8 | max_job_workers | 50 | 9 | sqlite _ file | 10 | email_from | admin | | 11 | ldap_base_dn | ou=people Dc=mydomain Dc=com | | 12 | clair_db_port | 5432 | | 13 | mysql_port | 3306 | | 14 | ldap_search_dn | 15 | clair_db_username | postgres | | 16 | email_insecure | false | 17 | database_type | mysql | | 18 | ldap_filter | | 19 | with_notary | false | | 20 | admin_initial_password | 4ZEvdqGfBYSdF9I6PfeIOnXIvfGhPITaD3wband = | 21 | notary_url | http://notary-server:4443 | | 22 | auth_mode | db_auth | | | 23 | ldap_group_search_scope | 2 | | 24 | ldap_uid | uid | | 25 | email_username | sample_admin@mydomain.com | | 26 | mysql_database | registry | | 27 | reload_key | | | 28 | clair_url | http://clair:6060 | | 29 | ldap_group_search_filter | objectclass=group | | 30 | email_password | h28ptbUM5oJwtKOzjJ4X5LOiPwages = | 31 | email_ssl | false | 32 | ldap_timeout | 5 | 33 | uaa_client_id | id | | | 34 | registry_storage_provider_name | filesystem | | 35 | self_registration | true | | 36 | email_port | 25 | | 37 | ui_url | http://ui:8080 | | 38 | token_expiration | 30 | 39 | | | email_identity | | 40 | clair_db | postgres | | 41 | uaa_verify_cert | true | | 42 | ldap_verify_cert | true | 43 | ldap_group_attribute_name | cn | | 44 | mysql_host | | | mysql | | 45 | read_only | false | | 46 | ldap_url | ldaps://ldap.mydomain.com | | 47 | ext_endpoint | http://192.168.163.128 | | 48 | ldap_group_base_dn | ou=group | Dc=mydomain Dc=com | | 49 | with_clair | false | | 50 | admiral_url | NA | | 51 | ldap_scope | 2 | | 52 | registry_url | http://registry:5000 | | 53 | jobservice_url | http://jobservice:8080 | 54 | email_host | smtp.mydomain.com | | 55 | ldap_search_password | F2QZkeEPTQPsJ9KNsBWcXA = | 56 | mysql_username | root | | 57 | clair_db_password | IGBg3NxvT7qCYGIB+zizax+GojoM7ao2VQ== | + -- + 57 rows in set (0.00 sec) MariaDB [registry] >

Api/systeminfo

[root@liumiao harbor] # curl http://localhost/api/systeminfo {"with_notary": false, "with_clair": false, "with_admiral": false, "admiral_endpoint": "NA", "auth_mode": "db_auth", "registry_url": "192.168.163.128", "project_creation_restriction": "everyone", "self_registration": true, "has_ca_root": false "harbor_version": "v1.5.2-8e61deae", "next_scan_all": 0, "registry_storage_provider_name": "filesystem", "read_only": false} [root@liumiao harbor] #

Summary

The above is the whole content of this article. I hope the content of this article has a certain reference and learning value for everyone's study or work. Thank you for your support. If you want to know more about it, please see the relevant links below.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.