Architecture and component description of docker private library Harbor

Architecture and component description of docker private library Harbor

This article will explain the composition of the Harbor architecture and how to use each component at runtime.

Architecture

Container information

[root@liumiao harbor]# docker-compose ps
    Name Command State Ports                
------------------------------------------------------------------------------------------------------------------------------
harbor-adminserver /harbor/start.sh Up                          
harbor-db /usr/local/bin/docker-entr ... Up 3306/tcp                       
harbor-jobservice /harbor/start.sh Up                          
harbor-log /bin/sh -c /usr/local/bin/ ... Up 127.0.0.1:1514->10514/tcp                    
harbor-ui /harbor/start.sh Up                          
nginx nginx -g daemon off; Up 0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp, 0.0.0.0:80->80/tcp 
redis docker-entrypoint.sh redis ... Up 6379/tcp                       
registry /entrypoint.sh serve /etc/ ... Up 5000/tcp [root@liumiao harbor]#

Specific instructions

proxy

Proxy uses nginx as a reverse proxy, and the core of the whole process lies in the nginx configuration file. Through the following configuration file, you can clearly see the instructions of harbor for integrating various other components together, and the actual implementation basically depends on the nginx settings.

[root@liumiao harbor]# ls
LICENSE common docker-compose.notary.yml ha harbor.v1.5.2.tar.gz open_source_license
NOTICE docker-compose.clair.yml docker-compose.yml harbor.cfg install.sh prepare
[root@liumiao harbor]# cat common/config/nginx/nginx.conf 
worker_processes auto;
events {
 worker_connections 1024;
 use epoll;
 multi_accept on;
}
http {
 tcp_nodelay on;
 # this is necessary for us to be able to disable request buffering in all cases
 proxy_http_version 1.1;
 upstream registry {
  server-registry:5000;
 }
 upstream ui {
  server-ui:8080;
 }
 log_format timed_combined '$remote_addr - '
  '"$request" $status $body_bytes_sent '
  '"$http_referer" "$http_user_agent" '
  '$request_time $upstream_response_time $pipe';
 access_log /dev/stdout timed_combined;
 server {
  listen 80;
  server_tokens off;
  # disable any limits to avoid HTTP 413 for large image uploads
  client_max_body_size 0;
  location / {
   proxy_pass http://ui/;
   proxy_set_header Host $host;
   proxy_set_header X-Real-IP $remote_addr;
   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
   # When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings.
   proxy_set_header X-Forwarded-Proto $scheme;
   proxy_buffering off;
   proxy_request_buffering off;
  }
  location /v1/ {
   return 404;
  }
  location /v2/ {
   proxy_pass http://ui/registryproxy/v2/;
   proxy_set_header Host $http_host;
   proxy_set_header X-Real-IP $remote_addr;
   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
   # When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings.
   proxy_set_header X-Forwarded-Proto $scheme;
   proxy_buffering off;
   proxy_request_buffering off;
  }
  location /service/ {
   proxy_pass http://ui/service/;
   proxy_set_header Host $host;
   proxy_set_header X-Real-IP $remote_addr;
   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
   # When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings.
   proxy_set_header X-Forwarded-Proto $scheme;
   proxy_buffering off;
   proxy_request_buffering off;
  }
  location /service/notifications {
   return 404;
  }
 }
}
[root@liumiao harbor]#

database

You can see that MariaDB 10.2.14 is used, and the database name of harbor is registry

[root@liumiao harbor]# docker exec -it harbor-db sh
sh-4.3#mysql -uroot -pliumiaopw
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 21
Server version: 10.2.14-MariaDB Source distribution
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
|mysql |
| performance_schema |
| registry |
+--------------------+
4 rows in set (0.00 sec)
MariaDB [(none)]>

After confirming the information of the database table, you can see that in the current version of this usage mode, the database has about 20 tables as follows

MariaDB [(none)]> use registry;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
MariaDB [registry]> show tables;
+-------------------------------+
| Tables_in_registry |
+-------------------------------+
| access |
| access_log |
| alembic_version |
|clair_vuln_timestamp|
|harbor_label|
| harbor_resource_label |
| img_scan_job |
| img_scan_overview |
| project |
| project_member |
| project_metadata |
| properties |
| replication_immediate_trigger |
| replication_job |
| replication_policy |
| replication_target |
| repository |
| role |
| user |
| user_group |
+-------------------------------+
20 rows in set (0.00 sec)
MariaDB [registry]>

Log collector

By default, the logs in harbor will be collected and managed in the following directories

[root@liumiao harbor]# ls /var/log/harbor
adminserver.log jobservice.log mysql.log proxy.log redis.log registry.log ui.log
[root@liumiao harbor]#

docker-compose.yml

[root@liumiao harbor]# cat docker-compose.yml 
version: '2'
services:
 log:
  image: vmware/harbor-log:v1.5.2
  container_name: harbor-log 
  restart: always
  volumes:
   - /var/log/harbor/:/var/log/docker/:z
   - ./common/config/log/:/etc/logrotate.d/:z
  ports:
   - 127.0.0.1:1514:10514
  networks:
   -harbor
 registry:
  image: vmware/registry-photon:v2.6.2-v1.5.2
  container_name: registry
  restart: always
  volumes:
   - /data/registry:/storage:z
   - ./common/config/registry/:/etc/registry/:z
  networks:
   -harbor
  environment:
   -GODEBUG=netdns=cgo
  command:
   ["serve", "/etc/registry/config.yml"]
  depends_on:
   -log
  logging:
   driver: "syslog"
   options: 
    syslog-address: "tcp://127.0.0.1:1514"
    tag: "registry"
 mysql:
  image: vmware/harbor-db:v1.5.2
  container_name: harbor-db
  restart: always
  volumes:
   - /data/database:/var/lib/mysql:z
  networks:
   -harbor
  env_file:
   - ./common/config/db/env
  depends_on:
   -log
  logging:
   driver: "syslog"
   options: 
    syslog-address: "tcp://127.0.0.1:1514"
    tag: "mysql"
 adminserver:
  image: vmware/harbor-adminserver:v1.5.2
  container_name: harbor-adminserver
  env_file:
   - ./common/config/adminserver/env
  restart: always
  volumes:
   - /data/config/:/etc/adminserver/config/:z
   - /data/secretkey:/etc/adminserver/key:z
   - /data/:/data/:z
  networks:
   -harbor
  depends_on:
   -log
  logging:
   driver: "syslog"
   options: 
    syslog-address: "tcp://127.0.0.1:1514"
    tag: "adminserver"
 ui:
  image: vmware/harbor-ui:v1.5.2
  container_name: harbor-ui
  env_file:
   - ./common/config/ui/env
  restart: always
  volumes:
   - ./common/config/ui/app.conf:/etc/ui/app.conf:z
   - ./common/config/ui/private_key.pem:/etc/ui/private_key.pem:z
   - ./common/config/ui/certificates/:/etc/ui/certificates/:z
   - /data/secretkey:/etc/ui/key:z
   - /data/ca_download/:/etc/ui/ca/:z
   - /data/psc/:/etc/ui/token/:z
  networks:
   -harbor
  depends_on:
   -log
   -adminserver
   - registry
  logging:
   driver: "syslog"
   options: 
    syslog-address: "tcp://127.0.0.1:1514"
    tag: "ui"
 jobservice:
  image: vmware/harbor-jobservice:v1.5.2
  container_name: harbor-jobservice
  env_file:
   - ./common/config/jobservice/env
  restart: always
  volumes:
   - /data/job_logs:/var/log/jobs:z
   - ./common/config/jobservice/config.yml:/etc/jobservice/config.yml:z
  networks:
   -harbor
  depends_on:
   - redis
   - ui
   -adminserver
  logging:
   driver: "syslog"
   options: 
    syslog-address: "tcp://127.0.0.1:1514"
    tag: "jobservice"
 redis:
  image: vmware/redis-photon:v1.5.2
  container_name: redis
  restart: always
  volumes:
   - /data/redis:/data
  networks:
   -harbor
  depends_on:
   -log
  logging:
   driver: "syslog"
   options: 
    syslog-address: "tcp://127.0.0.1:1514"
    tag: "redis"
 proxy:
  image: vmware/nginx-photon:v1.5.2
  container_name: nginx
  restart: always
  volumes:
   - ./common/config/nginx:/etc/nginx:z
  networks:
   -harbor
  ports:
   - 80:80
   -443:443
   -4443:4443
  depends_on:
   -mysql
   - registry
   - ui
   -log
  logging:
   driver: "syslog"
   options: 
    syslog-address: "tcp://127.0.0.1:1514"
    tag: "proxy"
networks:
 harbor:
  external: false
[root@liumiao harbor]#

Note: Custom port number

In the example of the previous article, we use the default port 80 as the harbor port. If you want to change it (for example, to 8848), follow the steps below to modify it.

Setting content

You can check the detailed information of the harbor setting items by viewing the database properties or api/systeminfo

properties

[root@liumiao harbor]# docker exec -it harbor-db sh
sh-4.3#mysql -uroot -pliumiaopw
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 153
Server version: 10.2.14-MariaDB Source distribution
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> use registry
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
MariaDB [registry]> select * from properties;
+----+--------------------------------+----------------------------------------------+
| id | k | v |
+----+--------------------------------+----------------------------------------------+
| 1 | cfg_expiration | 5 |
| 2 | project_creation_restriction | everyone |
| 3 | uaa_client_secret | <enc-v1>cBvRPcG+p3oNVnJh8VM+SjvlcEsKYg== |
| 4 | clair_db_host | postgres |
| 5 | token_service_url | http://ui:8080/service/token |
| 6 | mysql_password | <enc-v1>HDqd+PbHcG9EWK9DF3RzM43fTtPvCjdvyQ== |
| 7 | uaa_endpoint | uaa.mydomain.org |
| 8 | max_job_workers | 50 |
| 9 | sqlite_file | |
| 10 | email_from | admin <[email protected]> |
| 11 | ldap_base_dn | ou=people,dc=mydomain,dc=com |
| 12 | clair_db_port | 5432 |
| 13 | mysql_port | 3306 |
| 14 | ldap_search_dn | |
| 15 | clair_db_username | postgres |
| 16 | email_insecure | false |
| 17 | database_type | mysql |
| 18 | ldap_filter | |
| 19 | with_notary | false |
| 20 | admin_initial_password | <enc-v1>4ZEvd/GfBYSdF9I6PfeI/XIvfGhPITaD3w== |
| 21 | notary_url | http://notary-server:4443 |
| 22 | auth_mode | db_auth |
| 23 | ldap_group_search_scope | 2 |
| 24 | ldap_uid | uid |
| 25 | email_username | [email protected] |
| 26 | mysql_database | registry |
| 27 | reload_key | |
| 28 | clair_url | http://clair:6060 |
| 29 | ldap_group_search_filter | objectclass=group |
| 30 | email_password | <enc-v1>h18ptbUM5oJwtKOzjJ4X5LOiPw== |
| 31 | email_ssl | false |
| 32 | ldap_timeout | 5 |
| 33 | uaa_client_id | id |
| 34 | registry_storage_provider_name | filesystem |
| 35 | self_registration | true |
| 36 | email_port | 25 |
| 37 | ui_url | http://ui:8080 |
| 38 | token_expiration | 30 |
| 39 | email_identity | |
| 40 | clair_db | postgres |
| 41 | uaa_verify_cert | true |
| 42 | ldap_verify_cert | true |
| 43 | ldap_group_attribute_name | cn |
| 44 | mysql_host | mysql |
| 45 | read_only | false |
| 46 | ldap_url | ldaps://ldap.mydomain.com |
| 47 | ext_endpoint | http://192.168.163.128 |
| 48 | ldap_group_base_dn | ou=group,dc=mydomain,dc=com |
| 49 | with_clair | false |
| 50 | admiral_url | NA |
| 51 | ldap_scope | 2 |
| 52 | registry_url | http://registry:5000 |
| 53 | jobservice_url | http://jobservice:8080 |
| 54 | email_host | smtp.mydomain.com |
| 55 | ldap_search_password | <enc-v1>F2QZkeEPTQPsJ9KNsBWcXA== |
| 56 | mysql_username | root |
| 57 | clair_db_password | <enc-v1>IGBg3NxvT7qCYGIB+zizax+GojoM7ao2VQ== |
+----+--------------------------------+----------------------------------------------+
57 rows in set (0.00 sec)
MariaDB [registry]>

api/systeminfo

[root@liumiao harbor]# curl http://localhost/api/systeminfo 
{
 "with_notary": false,
 "with_clair": false,
 "with_admiral": false,
 "admiral_endpoint": "NA",
 "auth_mode": "db_auth",
 "registry_url": "192.168.163.128",
 "project_creation_restriction": "everyone",
 "self_registration": true,
 "has_ca_root": false,
 "harbor_version": "v1.5.2-8e61deae",
 "next_scan_all": 0,
 "registry_storage_provider_name": "filesystem",
 "read_only": false
}[root@liumiao harbor]#

Summarize

The above is the full content of this article. I hope that the content of this article will have certain reference learning value for your study or work. Thank you for your support of 123WORDPRESS.COM. If you want to learn more about this, please check out the following links

You may also be interested in:
  • How to install common components (mysql, redis) in Docker
  • Detailed explanation of the union file system of Docker core components

<<:  Solution to MySQL being unable to start due to excessive memory configuration

>>:  Sample code for implementing menu permission control in Vue

Recommend

Share some uncommon but useful JS techniques

Preface Programming languages ​​usually contain v...

Detailed steps to deploy SpringBoot projects using Docker in Idea

Preface Project requirements: Install the Docker ...

A detailed introduction to deploying RabbitMQ environment with docker

Prerequisites: Docker is already installed 1. Fin...

JavaScript basics for loop and array

Table of contents Loop - for Basic use of for loo...

IDEA uses the Docker plug-in (novice tutorial)

Table of contents illustrate 1. Enable Docker rem...

Installation and configuration of MySQL 5.7.17 free installation version

MYSQL version: MySQL Community Server 5.7.17, ins...

Detailed tutorial on installing Docker on CentOS 7.5

Introduction to Docker Docker is an open source c...

Ubuntu16.04 installation mysql5.7.22 graphic tutorial

VMware12.0+Ubuntu16.04+MySQL5.7.22 installation t...

Linux sar command usage and code example analysis

1. CPU utilization sar -p (view all day) sar -u 1...

SQL method for calculating timestamp difference

SQL method for calculating timestamp difference O...

Steps to solve the MySQL 8.0 time zone problem

Software Version Windows: Windows 10 MySQL: mysql...

JS implements the curriculum timetable applet (imitating the super curriculum timetable) and adds a custom background function

Overview: I drew lessons from several timetable s...

Example code for using text-align and margin: 0 auto to center in CSS

Use text-align, margin: 0 auto to center in CSS W...

CSS solution for centering elements with variable width and height

1. Horizontal center Public code: html: <div c...

Detailed explanation of the most reasonable way to partition the hard disk when installing Ubuntu Linux system

No matter you are installing Windows or Linux ope...