harbor 企业级docker registry

Posted on |
Words count in article: 3.6k | Reading time ≈ 18

关于Harbor

Harbor is an an open source trusted cloud native registry project that stores, signs, and scans content. Harbor extends the open source Docker Distribution by adding the functionalities usually required by users such as security, identity and management. Having a registry closer to the build and run environment can improve the image transfer efficiency. Harbor supports replication of images between registries, and also offers advanced security features such as user management, access control and activity auditing.
Harbor是一个开源的可信云本机registry项目,用于存储,签名和扫描内容。Harbor通过添加用户通常需要的功能(如安全性,身份和管理)来扩展开源Docker Distribution。使注册表更接近构建和运行环境可以提高图像传输效率。Harbor支持在注册表之间复制映像,还提供高级安全功能,如用户管理,访问控制和活动审计。

Features 特性

Cloud native registry: With support for both container images and Helm charts, Harbor serves as registry for cloud native environments like container runtimes and orchestration platforms.

云本机registry:Harbour支持容器镜像和Helm图表,可用作云本机环境(如容器运行时和业务流程平台)的registry。

Role based access control: Users and repositories are organized via ‘projects’ and a user can have different permission for images under a project.

基于角色的访问控制:用户和存储库通过“项目”进行组织,用户可以对项目下的镜像拥有不同的权限。

Policy based image replication: Images can be replicated (synchronized) between multiple registry instances based on policies with multiple filters (repository, tag and label). Harbor will auto-retry to replicate if it encounters any errors. Great for load balancing, high availability, multi-datacenter, hybrid and multi-cloud scenarios.

基于策略的镜像复制:可以基于具有多个过滤器(存储库,标记和标签)的策略在多个registry实例之间复制(同步)镜像。如果遇到任何错误,Harbor将自动重试进行复制。非常适合负载平衡,高可用性,多数据中心,混合和多云场景。

Vulnerability Scanning: Harbor scans images regularly and warns users of vulnerabilities.

漏洞扫描:Harbor定期扫描镜像并警告用户漏洞。

LDAP/AD support: Harbor integrates with existing enterprise LDAP/AD for user authentication and management, and supports importing LDAP groups into Harbor and assigning proper project roles to them.

LDAP / AD支持:Harbor与现有企业LDAP / AD集成以进行用户身份验证和管理,并支持将LDAP组导入Harbor并为其分配适当的项目角色。

Image deletion & garbage collection: Images can be deleted and their space can be recycled.

图像删除和垃圾收集:可以删除镜像,并可以回收它们的空间。

Notary: Image authenticity can be ensured.

公证:可以确保镜像的真实性。

Graphical user portal: User can easily browse, search repositories and manage projects.

用户图形界面:用户可以轻松浏览,搜索存储库和管理项目。

Auditing: All the operations to the repositories are tracked.

审计:跟踪存储库的所有操作。

RESTful API: RESTful APIs for most administrative operations, easy to integrate with external systems.

RESTful API:适用于大多数管理操作的RESTful API,易于与外部系统集成。

Easy deployment: Provide both an online and offline installer.

易于部署:提供在线和离线安装程序。

企业级Registry项目Harbor是由Vmware公司开发的开源项目,其的目标是帮助用户迅速搭建一个企业级的Docker registry 服务。它以Docker公司开源的registry 为基础,提供了管理UI, 基于角色的访问控制(Role Based Access Control),AD/LDAP集成、以及审计日志(Audit logging) 等企业用户需求的功能,同时还原生支持中文。

Harbor的每个组件都是以Docker 容器的形式构建的,因此很自然地,我们使用Docker Compose来对它进行部署。在源代码中(https://github.com/vmware/harbor), 用于部署Harbor的Docker Compose 模板位于 /Deployer/docker-compose.yml. 打开这个模板文件,会发现Harbor由5个容器组成:

  • proxy: 由Nginx 服务器构成的反向代理。
  • registry:由Docker官方的开源registry 镜像构成的容器实例。
  • ui: 即架构中的core services, 构成此容器的代码是Harbor项目的主体。
  • mysql: 由官方MySql镜像构成的数据库容器。
  • log: 运行着rsyslogd的容器,通过log-driver的形式收集其他容器的日志。

这几个容器通过Docker link的形式连接在一起,这样,在容器之间可以通过容器名字互相访问。对终端用户而言,只需要暴露proxy (即Nginx)的服务端口。(摘自 http://dockone.io/article/1179)

安装及配置

(参考 https://github.com/goharbor/harbor/blob/master/docs/installation_guide.md

下载harbor软件包:https://storage.googleapis.com/harbor-releases/release-1.7.0/harbor-offline-installer-v1.7.1.tgz
harbor软件包较大,建议科学上网

解压后如下

1
2
3
[root@Web2 harbor]# ls
common                          docker-compose.clair.yml   docker-compose.yml  harbor.v1.7.1.tar.gz  LICENSE              prepare
docker-compose.chartmuseum.yml  docker-compose.notary.yml  harbor.cfg          install.sh            open_source_license
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
[root@Web2 ~]# yum info docker-compose
已加载插件:fastestmirror, langpacks
Loading mirror speeds from cached hostfile
 * base: mirrors.neusoft.edu.cn
 * epel: mirrors.tuna.tsinghua.edu.cn
 * extras: mirrors.nwsuaf.edu.cn
 * updates: mirrors.tuna.tsinghua.edu.cn
已安装的软件包
名称    :docker-compose
架构    :noarch
版本    :1.18.0
发布    :2.el7
大小    :1.1 M
源    :installed
来自源:epel
简介    : Multi-container orchestration for Docker
网址    :https://github.com/docker/compose
协议    : ASL 2.0
描述    : Compose is a tool for defining and running multi-container Docker
         : applications. With Compose, you use a Compose file to configure your
         : application's services. Then, using a single command, you create and
         : start all the services from your configuration.
         : 
         : Compose is great for development, testing, and staging environments,
         : as well as CI workflows.
         : 
         : Using Compose is basically a three-step process.
         : 
         : 1. Define your app's environment with a Dockerfile so it can be
         :    reproduced anywhere.
         : 2. Define the services that make up your app in docker-compose.yml so
         :    they can be run together in an isolated environment:
         : 3. Lastly, run docker-compose up and Compose will start and run your
         :    entire app.

还需要docker-compose 编排工具,该工具在epel源中提供,所以需要先配置epel源;然后再安装即可

1
2
3
yum install epel-release
yum repolist
yum install docker-compose

python和openssl 

1
2
3
4
5
6
7
[root@Web2 ~]# openssl
OpenSSL> version
OpenSSL 1.0.2k-fips  26 Jan 2017
OpenSSL> exit
[root@Web2 ~]# python --version
Python 2.7.5
[root@Web2 ~]#

修改harbor配置文件

1
2
3
[root@Web2 ~]# vim /usr/local/harbor/harbor.cfg 
hostname = 172.18.74.101   //IP地址或域名
max_job_workers = 3   //CPU数减一

Harbor has integrated with Notary and Clair (for vulnerability scanning). However, the default installation does not include Notary or Clair service.
Harbor已与Notary和Clair集成(用于漏洞扫描)。但是,默认安装不包括Notary或Clair服务。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
执行脚本安装harbor
[root@Web2 harbor]# ./install.sh 

[Step 0]: checking installation environment ...

Note: docker version: 18.09.0

Note: docker-compose version: 1.18.0

[Step 1]: loading Harbor images ...
ae18db924eef: Loading layer [==================================================>]  32.92MB/32.92MB
1c06074dba9c: Loading layer [==================================================>]  8.955MB/8.955MB
7a719a639e34: Loading layer [==================================================>]  3.072kB/3.072kB
49f7bca05da9: Loading layer [==================================================>]   2.56kB/2.56kB
e86d69bef97e: Loading layer [==================================================>]   2.56kB/2.56kB
81e122d773f5: Loading layer [==================================================>]  2.048kB/2.048kB
5fe5adb8cf31: Loading layer [==================================================>]   22.8MB/22.8MB
d760045419e4: Loading layer [==================================================>]   22.8MB/22.8MB
Loaded image: goharbor/registry-photon:v2.6.2-v1.7.1
c0f668a21621: Loading layer [==================================================>]  133.2MB/133.2MB
f8cb0bf39ff2: Loading layer [==================================================>]    684MB/684MB
444ac38a117b: Loading layer [==================================================>]   7.68kB/7.68kB
2e16f24ac8bc: Loading layer [==================================================>]    212kB/212kB
Loaded image: goharbor/harbor-migrator:v1.7.1
fa2dcaba747a: Loading layer [==================================================>]  8.955MB/8.955MB
eeaaf4c760eb: Loading layer [==================================================>]   15.6MB/15.6MB
98ffd6175b61: Loading layer [==================================================>]  18.94kB/18.94kB
fc1db6c4f652: Loading layer [==================================================>]   15.6MB/15.6MB
Loaded image: goharbor/harbor-adminserver:v1.7.1
8d55a6a034d6: Loading layer [==================================================>]  8.955MB/8.955MB
01ef68a17913: Loading layer [==================================================>]  27.24MB/27.24MB
f9258cfa4b48: Loading layer [==================================================>]  5.632kB/5.632kB
dcf5c61ede76: Loading layer [==================================================>]  27.24MB/27.24MB
Loaded image: goharbor/harbor-core:v1.7.1
1f65d10893c9: Loading layer [==================================================>]  50.39MB/50.39MB
358f40be2091: Loading layer [==================================================>]  3.584kB/3.584kB
c7f3ef058d0b: Loading layer [==================================================>]  3.072kB/3.072kB
154caf7c7173: Loading layer [==================================================>]  4.096kB/4.096kB
42c7764aa777: Loading layer [==================================================>]  3.584kB/3.584kB
023f3a96f324: Loading layer [==================================================>]  10.24kB/10.24kB
Loaded image: goharbor/harbor-log:v1.7.1
a1b528067504: Loading layer [==================================================>]  8.955MB/8.955MB
2d3d34f3ba5b: Loading layer [==================================================>]  21.51MB/21.51MB
a5da70777097: Loading layer [==================================================>]  21.51MB/21.51MB
Loaded image: goharbor/harbor-jobservice:v1.7.1
ab31dfc84e9d: Loading layer [==================================================>]  8.954MB/8.954MB
b130423af762: Loading layer [==================================================>]  13.43MB/13.43MB
357c059d0598: Loading layer [==================================================>]   17.3MB/17.3MB
fabc6edfac55: Loading layer [==================================================>]  11.26kB/11.26kB
cfaa3b5d445a: Loading layer [==================================================>]  3.072kB/3.072kB
12c73a4b2c7a: Loading layer [==================================================>]  30.72MB/30.72MB
Loaded image: goharbor/notary-server-photon:v0.6.1-v1.7.1
50a6467bd619: Loading layer [==================================================>]    113MB/113MB
6ae61fc91943: Loading layer [==================================================>]  11.46MB/11.46MB
5c840c272f78: Loading layer [==================================================>]  2.048kB/2.048kB
077d16ebcba8: Loading layer [==================================================>]  48.13kB/48.13kB
b822f5ff7858: Loading layer [==================================================>]  3.072kB/3.072kB
4548140152fd: Loading layer [==================================================>]  11.51MB/11.51MB
Loaded image: goharbor/clair-photon:v2.0.7-v1.7.1
232024be30e3: Loading layer [==================================================>]   3.39MB/3.39MB
a73624ae3fad: Loading layer [==================================================>]  4.721MB/4.721MB
96b8c5c532c3: Loading layer [==================================================>]  3.584kB/3.584kB
Loaded image: goharbor/harbor-portal:v1.7.1
e2fd12afe6e8: Loading layer [==================================================>]  63.31MB/63.31MB
e973513bcb58: Loading layer [==================================================>]  40.74MB/40.74MB
4f45af643b2b: Loading layer [==================================================>]  6.656kB/6.656kB
54a84094f024: Loading layer [==================================================>]  2.048kB/2.048kB
2d78cf8a687b: Loading layer [==================================================>]   7.68kB/7.68kB
e96067b83a72: Loading layer [==================================================>]   2.56kB/2.56kB
38a7d304147f: Loading layer [==================================================>]   2.56kB/2.56kB
a36c0cb6a35a: Loading layer [==================================================>]   2.56kB/2.56kB
Loaded image: goharbor/harbor-db:v1.7.1
b0c31ad64c85: Loading layer [==================================================>]  65.01MB/65.01MB
22fbab41769e: Loading layer [==================================================>]  3.072kB/3.072kB
7f28bf5373b2: Loading layer [==================================================>]   59.9kB/59.9kB
abb9969cff2a: Loading layer [==================================================>]  61.95kB/61.95kB
Loaded image: goharbor/redis-photon:v1.7.1
933cd9a15fc5: Loading layer [==================================================>]   3.39MB/3.39MB
Loaded image: goharbor/nginx-photon:v1.7.1
6ee16a137af2: Loading layer [==================================================>]  8.955MB/8.955MB
954443cb7d20: Loading layer [==================================================>]   22.8MB/22.8MB
302a998137db: Loading layer [==================================================>]  3.072kB/3.072kB
e342723aef9b: Loading layer [==================================================>]  7.465MB/7.465MB
4eeb61ed730b: Loading layer [==================================================>]  30.26MB/30.26MB
Loaded image: goharbor/harbor-registryctl:v1.7.1
5b40d957fafd: Loading layer [==================================================>]  12.11MB/12.11MB
63489681dd6c: Loading layer [==================================================>]   17.3MB/17.3MB
696209dcd336: Loading layer [==================================================>]  11.26kB/11.26kB
8dc53997aa1f: Loading layer [==================================================>]  3.072kB/3.072kB
cb6d560a9958: Loading layer [==================================================>]  29.41MB/29.41MB
Loaded image: goharbor/notary-signer-photon:v0.6.1-v1.7.1
dc1e16790c89: Loading layer [==================================================>]   8.96MB/8.96MB
046c7e7a0100: Loading layer [==================================================>]  35.08MB/35.08MB
8c8428e3d6c6: Loading layer [==================================================>]  2.048kB/2.048kB
ebb477ee35a2: Loading layer [==================================================>]  3.072kB/3.072kB
19636f39e29d: Loading layer [==================================================>]  35.08MB/35.08MB
Loaded image: goharbor/chartmuseum-photon:v0.7.1-v1.7.1


[Step 2]: preparing environment ...
Generated and saved secret to file: /data/secretkey
Generated configuration file: ./common/config/nginx/nginx.conf
Generated configuration file: ./common/config/adminserver/env
Generated configuration file: ./common/config/core/env
Generated configuration file: ./common/config/registry/config.yml
Generated configuration file: ./common/config/db/env
Generated configuration file: ./common/config/jobservice/env
Generated configuration file: ./common/config/jobservice/config.yml
Generated configuration file: ./common/config/log/logrotate.conf
Generated configuration file: ./common/config/registryctl/env
Generated configuration file: ./common/config/core/app.conf
Creating harbor-log ... done
The configuration files are ready, please use docker-compose to start the service.


[Step 3]: checking existing instance of Harbor ...
Creating registry ... done
Creating harbor-core ... done
[Step 4]: starting Harbor ...
Creating harbor-portal ... done
Creating nginx ... done
Creating harbor-adminserver ... 
Creating harbor-db ... 
Creating redis ... 
Creating registry ... 
Creating registryctl ... 
Creating harbor-core ... 
Creating harbor-jobservice ... 
Creating harbor-portal ... 
Creating nginx ... 

✔ ----Harbor has been installed and started successfully.----

Now you should be able to visit the admin portal at http://172.18.74.101. 
For more details, please visit https://github.com/goharbor/harbor .

在安装 脚本执行过程过程中看到下拉了很多镜像,Harbor的每个组件都是以Docker 容器的形式构建的。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
[root@Web2 ~]# docker images
REPOSITORY                      TAG                 IMAGE ID            CREATED             SIZE
goharbor/chartmuseum-photon     v0.7.1-v1.7.1       f61c186d5b1b        6 days ago          111MB
goharbor/harbor-migrator        v1.7.1              9ec6467899b6        6 days ago          799MB
goharbor/redis-photon           v1.7.1              c7aa92fb1c26        6 days ago          96.3MB
goharbor/clair-photon           v2.0.7-v1.7.1       832461eef7dd        6 days ago          165MB
goharbor/notary-server-photon   v0.6.1-v1.7.1       382cd390eaff        6 days ago          102MB
goharbor/notary-signer-photon   v0.6.1-v1.7.1       76486e1aa1a2        6 days ago          99.6MB
goharbor/harbor-registryctl     v1.7.1              aefea98e6f92        6 days ago          101MB
goharbor/registry-photon        v2.6.2-v1.7.1       13b348ffd0c9        6 days ago          86.4MB
goharbor/nginx-photon           v1.7.1              9b9520572494        6 days ago          35.5MB
goharbor/harbor-log             v1.7.1              0744800d7a4c        6 days ago          81MB
goharbor/harbor-jobservice      v1.7.1              db96ce6ed531        6 days ago          83.8MB
goharbor/harbor-core            v1.7.1              8f253c0f9d50        6 days ago          95.2MB
goharbor/harbor-portal          v1.7.1              b50162ab177a        6 days ago          40.2MB
goharbor/harbor-adminserver     v1.7.1              22d66cccedba        6 days ago          72MB
goharbor/harbor-db              v1.7.1              c2a95254c0bf        6 days ago          133MB
[root@Web2 ~]# docker ps
CONTAINER ID        IMAGE                                    COMMAND                  CREATED              STATUS                        PORTS                                                              NAMES
f007d1aae3fa        goharbor/nginx-photon:v1.7.1             "nginx -g 'daemon of…"   About a minute ago   Up About a minute (healthy)   0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp   nginx
bf48e808d152        goharbor/harbor-portal:v1.7.1            "nginx -g 'daemon of…"   About a minute ago   Up About a minute (healthy)   80/tcp                                                             harbor-portal
0d78ea5ff51f        goharbor/harbor-jobservice:v1.7.1        "/harbor/start.sh"       About a minute ago   Up About a minute                                                                                harbor-jobservice
c07ca8d7cf72        goharbor/harbor-core:v1.7.1              "/harbor/start.sh"       About a minute ago   Up About a minute (healthy)                                                                      harbor-core
d6ce992225e9        goharbor/harbor-adminserver:v1.7.1       "/harbor/start.sh"       About a minute ago   Up About a minute (healthy)                                                                      harbor-adminserver
86200773e6fc        goharbor/harbor-registryctl:v1.7.1       "/harbor/start.sh"       About a minute ago   Up About a minute (healthy)                                                                      registryctl
a496f40a1d95        goharbor/harbor-db:v1.7.1                "/entrypoint.sh post…"   About a minute ago   Up About a minute (healthy)   5432/tcp                                                           harbor-db
becbead56360        goharbor/redis-photon:v1.7.1             "docker-entrypoint.s…"   About a minute ago   Up About a minute             6379/tcp                                                           redis
b66044203146        goharbor/registry-photon:v2.6.2-v1.7.1   "/entrypoint.sh /etc…"   About a minute ago   Up About a minute (healthy)   5000/tcp                                                           registry
d6f266aa5a49        goharbor/harbor-log:v1.7.1               "/bin/sh -c /usr/loc…"   About a minute ago   Up About a minute (healthy)   127.0.0.1:1514->10514/tcp                                          harbor-log

以admin/Harbor12345 默认登录名密码进行登录

将镜像推送至registry

Harbor的默认安装使用HTTP协议,需要将 –insecure-registry 参数添加进客户端的daemon.json 。

1
2
3
4
5
root@ubuntu16:~# vim /etc/docker/daemon.json
{
 "insecure-registries":["172.18.74.101"]
}
root@ubuntu16:~# systemctl restart docker

然后以admin身份登录

1
2
3
4
root@ubuntu16:~# docker login 172.18.74.101
Username: admin
Password: 
Login Succeeded

对镜像进行打标 ,使用docker tag 命令

1
2
3
4
5
root@ubuntu16:~# docker tag alpine 172.18.74.101/library/alpine:latest
root@ubuntu16:~# docker image ls
REPOSITORY                     TAG                 IMAGE ID            CREATED             SIZE
alpine                         latest              196d12cf6ab1        4 months ago        4.41MB
172.18.74.101/library/alpine   latest              196d12cf6ab1        4 months ago        4.41MB

推送镜像

1
2
3
4
root@ubuntu16:~# docker push 172.18.74.101/library/alpine
The push refers to a repository [172.18.74.101/library/alpine]
df64d3292fd6: Pushed 
latest: digest: sha256:76ebd8b93b384fe8121d87be22c2089843f663fb342f1e6345a0a0bd6424c5c2 size: 528

推送后在Harbor中即可看到alpine镜像

Harbor管理

使用docker-compose命令可以用来管理Harbor,但是必须与docker-compose.yml在同一目录中运行,否则报错如下。

1
2
3
4
5
ERROR: 
        Can't find a suitable configuration file in this directory or any
        parent. Are you in the right directory?

        Supported filenames: docker-compose.yml, docker-compose.yaml

使用 docker-compose stop 来关闭Harbor和docker-compose start 关闭后进行重启。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
[root@Web2 harbor]# docker-compose stop
Stopping nginx              ... done
Stopping harbor-portal      ... done
Stopping harbor-jobservice  ... done
Stopping harbor-core        ... done
Stopping harbor-adminserver ... done
Stopping registryctl        ... done
Stopping harbor-db          ... done
Stopping redis              ... done
Stopping registry           ... done
Stopping harbor-log         ... done
[root@Web2 harbor]# docker ps
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
[root@Web2 harbor]# docker-compose start
Starting log         ... done
Starting redis       ... done
Starting adminserver ... done
Starting registryctl ... done
Starting registry    ... done
Starting core        ... done
Starting portal      ... done
Starting jobservice  ... done
Starting postgresql  ... done
Starting proxy       ... done

要更改Harbour的配置,要停止现有的Harbor实例并更新 harbor.cfg。然后运行 prepare 脚本以填充配置。最后重新创建并启动Harbor

1
2
3
4
sudo docker-compose down -v
vim harbor.cfg
sudo prepare
sudo docker-compose up -d

默认情况下,注册表数据保留在主机的/data/目录中。即使Harbor的容器被移除和/或重新创建,此数据仍保持不变。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
[root@Web2 data]# ls
ca_download  config  database  job_logs  psc  redis  registry  secretkey
[root@Web2 data]# cd registry/
[root@Web2 registry]# tree
.
└── docker
    └── registry
        └── v2
            ├── blobs
            │   └── sha256
            │       ├── 19
            │       │   └── 196d12cf6ab19273823e700516e98eb1910b03b17840f9d5509f03858484d321
            │       │       └── data
            │       ├── 76
            │       │   └── 76ebd8b93b384fe8121d87be22c2089843f663fb342f1e6345a0a0bd6424c5c2
            │       │       └── data
            │       └── c4
            │           └── c432c1aab6335df5a9ff6237f8d19627f95ea7dc3f5709c555b2a28cd8df4d0a
            │               └── data
            └── repositories
                └── library
                    └── alpine
                        ├── _layers
                        │   └── sha256
                        │       ├── 196d12cf6ab19273823e700516e98eb1910b03b17840f9d5509f03858484d321
                        │       │   └── link
                        │       └── c432c1aab6335df5a9ff6237f8d19627f95ea7dc3f5709c555b2a28cd8df4d0a
                        │           └── link
                        ├── _manifests
                        │   ├── revisions
                        │   │   └── sha256
                        │   │       └── 76ebd8b93b384fe8121d87be22c2089843f663fb342f1e6345a0a0bd6424c5c2
                        │   │           └── link
                        │   └── tags
                        │       └── latest
                        │           ├── current
                        │           │   └── link
                        │           └── index
                        │               └── sha256
                        │                   └── 76ebd8b93b384fe8121d87be22c2089843f663fb342f1e6345a0a0bd6424c5c2
                        │                       └── link
                        └── _uploads

29 directories, 8 files

此外,Harbor使用 rsyslog 来收集每个容器的日志。默认情况下,这些日志文件存储在/var/log/harbor/目标主机上的目录中以进行故障排除。

1
2
3
[root@Web2 registry]# cd /var/log/harbor/
[root@Web2 harbor]# ls
adminserver.log  core.log  jobservice.log  portal.log  postgresql.log  proxy.log  redis.log  registryctl.log  registry.log

删除Harbor的容器,同时将图像数据和Harbor的数据库文件保存在文件系统上:

1
sudo docker-compose down -v

删除Harbor的数据库和图像数据(用于重新安装):

1
2
rm -r / data / database 
rm -r / data / registry

自定义配置Harbor监听端口

1.修改docker-compose.yml

将默认的80:80 修改为8888:80,访问主机8888端口nginx容器就可以代理至harbor-portal容器的80端口

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
proxy:
    image: goharbor/nginx-photon:v1.6.0
    container_name: nginx
    restart: always
    volumes:
      - ./common/config/nginx:/etc/nginx:z
    ports:
      - 8888:80   //将默认的80:80 修改为8888:80
      - 443:443
    depends_on:
      - postgresql
      - registry
      - core
      - portal
      - log
    logging:
      driver: "syslog"
      options:  
        syslog-address: "tcp://127.0.0.1:1514"
        tag: "proxy"

2. 修改harbor.cfg

1
hostname = 172.18.74.101:8888

3.重新部署Harbor

见上文

------ end ------
0%