Harbor客户端工具,命令行对Harbor进行管理
转载自:https://mp.weixin.qq.com/s/BzqbLyKU54vLN6-OdB8KsA
Harbor通过Web界面可以方便地管理用户、租户以及镜像仓库等资源,但是缺乏开发人员更喜爱的命令行管理工具。
一、Harborclient工具简介
Harborclient是Harbor的第三方扩展开源工具,正弥补Harbor不足,它适合开发和运维人员管理镜像仓库、项目等资源,包含的特性如下:
- harborclient参考了OpenStack命令行工具的优秀架构和设计模式,使用也和OpenStack命令行非常类似。
- harborclient通过子命令划分不同的功能,并且所有功能是可扩展的,增加功能只需要在client下增加do_xxx方法即可。主模块会自动发现并注册子命令。
- 相比OpenStack的命令行工具,精简了部分复杂功能,重新设计了大多数接口,暴露的API更直观和易用。
- 支持DEBUG模式查看Harbor API调用过程,便于调试追踪。
- 支持timings选项,能够报告API请求响应时间,便于测试Harbor API性能。
- 支持https。
二、安装Harborclient(docker)
2.1 镜像拉取/制作
harborclient托管在docker hub中,可以直接拉取已经构建的镜像到本地:
$ docker pull krystism/harborclient
docker hub中的镜像不一定是最新的,建议从源码中build镜像,在项目根下运行:
$ git clone https://github.com/int32bit/harborclient
$ docker build -t yourname/harborclient .
2.2 启动容器
$ docker run -itd \
-e HARBOR_URL="https://192.168.2.19:443" \
-e HARBOR_USERNAME="admin" \
-e HARBOR_PASSWORD="Harbor12345" \
-e HARBOR_PROJECT=1 \
--rm krystism/harborclient
+---------+----------+----------+----------------------+--------------+---------------+
| user_id | username | is_admin | email | realname | comment |
+---------+----------+----------+----------------------+--------------+---------------+
| 1 | admin | 1 | admin@example.com | system admin | admin user |
| 11 | int32bit | 0 | int32bit@example.com | int32bit | for int32bit |
+---------+----------+----------+----------------------+--------------+---------------+
HARBOR_URL: 指定Harbor地址;
HARBOR_USERNAME: 指定Harbor用户名;
HARBOR_PASSWORD: 指定Harbor用户密码;
HARBOR_PROJECT: 指定项目ID号;
2.3 设置命令自动补全
harborclient支持命令补全,以bash为例,需要首先安装bash-completion,然后执行以下命令配置自动补全:
$ sudo yum install -y bash-completion
$ complete -W $(harbor bash-completion) harbor
此时可以通过tab键自动补全参数以及子命令了。
三、使用
3.1 子命令集参数说明
-
子命令
get-cert:
get-conf: 查看harbor信息;
info: 查看harbor信息;
job-list:
job-log: -
参数
-
--debug: 详细打印调用的harbor API以及参数,并显示response信息;
-
--timings: 参数将打印命令执行时调用的所有API列表并报告响应时间;
-
--timeout: 参数可以设置允许的最长响应时间(单位: 秒),支持浮点数,超过这个时间未响应将导致请求超时异常;
3.2 使用https
harborclient支持https,对应使用https的Harbor可以通过--os-cacert
选项指定CA证书,也可以通过--insecure
跳过认证校验,相当于curl -k
命令。
$ harbor list #使用https的harbor会出现该报错
CommandError: Unable to authorize user 'admin': Certificate verify failed, please use '--os-cacert' option to specify a CA bundle file to use in verifying a TLS (https) server certificate or use '--insecure' option to explicitly allow client to perform insecure TLS (https) requests.
$ harbor --insecure list
+-----------------------+------------+-----------+------------+------------+------------+----------------------+
| name | project_id | size | tags_count | star_count | pull_count | update_time |
+-----------------------+------------+-----------+------------+------------+------------+----------------------+
| int32bit/busybox | 2 | 715181 | 1 | 0 | 0 | 2017-11-01T07:06:36Z |
| int32bit/golang | 2 | 257883053 | 2 | 0 | 0 | 2017-11-01T12:59:05Z |
| int32bit/golang:1.7.3 | 2 | 257883053 | 2 | 0 | 0 | 2017-11-01T12:59:05Z |
| int32bit/hello-world | 2 | 974 | 1 | 0 | 0 | 2017-11-01T13:22:46Z |
+-----------------------+------------+-----------+------------+------------+------------+----------------------+
3.3 使用案例
(1) 创建用户
$ harbor --insecure user-create \
--username lidabai \
--password lidabai666 \
--email lidabai@example.com \
--realname newuser \
--comment "I am a new user"
Create user 'lidabai' successfully. #提升创建成功
--username: 指定要创建的用户名(必须);
--password: 指定创建用户的用户密码(必须);
--email:指定邮箱;
--comment:描述信息;
(2) 删除用户
$ harbor --insecure user-delete new-user
Delete user 'new-user' sucessfully.
List repositories and images
(3) 查看镜像列表
$ harbor list
+-----------------------+------------+-----------+------------+------------+------------+----------------------+
| name | project_id | size | tags_count | star_count | pull_count | update_time |
+-----------------------+------------+-----------+------------+------------+------------+----------------------+
| int32bit/busybox | 2 | 715181 | 1 | 0 | 0 | 2017-11-01T07:06:36Z |
| int32bit/golang:1.7.3 | 2 | 257883053 | 2 | 0 | 0 | 2017-11-01T12:59:05Z |
| int32bit/hello-world | 2 | 974 | 1 | 0 | 0 | 2017-11-01T13:22:46Z |
+-----------------------+------------+-----------+------------+------------+------------+----------------------+
(4) 查看镜像详细信息
$ harbor show int32bit/golang:1.7.3
+--------------------+-------------------------------------------------------------------------+
| Property | Value |
+--------------------+-------------------------------------------------------------------------+
| creation_time | 2017-11-01T12:59:05Z |
| description | |
| id | 2 |
| name | int32bit/golang |
| project_id | 2 |
| pull_count | 0 |
| star_count | 0 |
| tag_architecture | amd64 |
| tag_author | |
| tag_created | 2016-11-08T19:32:39.908048617Z |
| tag_digest | sha256:37d263ccd240e113a752c46306ad004e36532ce118eb3131d9f76f43cc606d5d |
| tag_docker_version | 1.12.3 |
| tag_name | 1.7.3 |
| tag_os | linux |
| tag_signature | - |
| tags_count | 2 |
| update_time | 2017-11-01T12:59:05Z |
+--------------------+-------------------------------------------------------------------------+
(5) 查看最热门镜像
$ harbor top
+----------------------+------------+------------+
| name | pull_count | star_count |
+----------------------+------------+------------+
| int32bit/busybox | 10 | 0 |
| int32bit/golang | 8 | 0 |
| int32bit/hello-world | 1 | 0 |
+----------------------+------------+------------+
(6) 查看用户角色
$ harbor member-list
+----------+--------------+---------+---------+
| username | role_name | user_id | role_id |
+----------+--------------+---------+---------+
| admin | projectAdmin | 1 | 1 |
| foo | developer | 5 | 2 |
| test | guest | 6 | 3 |
+----------+--------------+---------+---------+
(7) 查看日志
$ harbor logs
+--------+----------------------+----------+------------+-----------+-----------------------------+
| log_id | op_time | username | project_id | operation | repository |
+--------+----------------------+----------+------------+-----------+-----------------------------+
| 1 | 2017-11-01T06:56:07Z | admin | 2 | create | int32bit/ |
| 2 | 2017-11-01T07:06:36Z | admin | 2 | push | int32bit/busybox:latest |
| 3 | 2017-11-01T12:59:05Z | admin | 2 | push | int32bit/golang:1.7.3 |
| 4 | 2017-11-01T13:22:46Z | admin | 2 | push | int32bit/hello-world:latest |
| 5 | 2017-11-01T14:21:49Z | admin | 2 | push | int32bit/golang:latest |
| 6 | 2017-11-03T20:39:04Z | admin | 3 | create | test/ |
| 7 | 2017-11-03T20:39:22Z | admin | 3 | delete | test/ |
| 8 | 2017-11-03T20:39:38Z | admin | 4 | create | test/ |
| 9 | 2017-11-03T20:49:33Z | admin | 4 | delete | test/ |
+--------+----------------------+----------+------------+-----------+-----------------------------+
(8) 搜索
$ harbor search int32bit
Find 1 Projects:
+------------+----------+--------+------------+----------------------+
| project_id | name | public | repo_count | creation_time |
+------------+----------+--------+------------+----------------------+
| 2 | int32bit | 1 | 3 | 2017-11-01T06:56:07Z |
+------------+----------+--------+------------+----------------------+
Find 3 Repositories:
+----------------------+--------------+------------+----------------+
| repository_name | project_name | project_id | project_public |
+----------------------+--------------+------------+----------------+
| int32bit/busybox | int32bit | 2 | 1 |
| int32bit/golang | int32bit | 2 | 1 |
| int32bit/hello-world | int32bit | 2 | 1 |
+----------------------+--------------+------------+----------------+
(9) 查看复制目标
$ harbor target-list
+----+----------------------+-------------------------------------+----------+----------+----------------------+
| id | name | endpoint | username | password | creation_time |
+----+----------------------+-------------------------------------+----------+----------+----------------------+
| 1 | test-target | http://192.168.99.101:8888 | admin | - | 2017-11-02T01:35:30Z |
| 2 | test-target-2 | http://192.168.99.101:9999 | admin | - | 2017-11-02T13:43:07Z |
| 3 | int32bit-test-target | http://192.168.99.101:8888/int32bit | admin | - | 2017-11-02T14:28:54Z |
+----+----------------------+-------------------------------------+----------+----------+----------------------+
(10) ping复制目标仓库
检测目标仓库网络是否通畅。
$ harbor target-ping 1
OK
(11) 查看复制任务
$ harbor job-list 1
+----+----------------------+-----------+----------+----------------------+
| id | repository | operation | status | update_time |
+----+----------------------+-----------+----------+----------------------+
| 1 | int32bit/busybox | transfer | finished | 2017-11-02T01:35:31Z |
| 2 | int32bit/golang | transfer | finished | 2017-11-02T01:35:31Z |
| 3 | int32bit/hello-world | transfer | finished | 2017-11-02T01:35:31Z |
+----+----------------------+-----------+----------+----------------------+
(12) 查看复制任务日志
$ harbor job-log 1
2017-11-02T01:35:30Z [INFO] initializing: repository: int32bit/busybox, tags: [], source URL: http://registry:5000, destination URL: http://192.168.99.101:8888, insecure: false, destination user: admin
2017-11-02T01:35:30Z [INFO] initialization completed: project: int32bit, repository: int32bit/busybox, tags: [latest], source URL: http://registry:5000, destination URL: http://192.168.99.101:8888, insecure: false, destination user: admin
2017-11-02T01:35:30Z [WARNING] the status code is 409 when creating project int32bit on http://192.168.99.101:8888 with user admin, try to do next step
2017-11-02T01:35:30Z [INFO] manifest of int32bit/busybox:latest pulled successfully from http://registry:5000: sha256:030fcb92e1487b18c974784dcc110a93147c9fc402188370fbfd17efabffc6af
2017-11-02T01:35:30Z [INFO] all blobs of int32bit/busybox:latest from http://registry:5000: [sha256:54511612f1c4d97e93430fc3d5dc2f05dfbe8fb7e6259b7351deeca95eaf2971 sha256:03b1be98f3f9b05cb57782a3a71a44aaf6ec695de5f4f8e6c1058cd42f04953e]
2017-11-02T01:35:31Z [INFO] blob sha256:54511612f1c4d97e93430fc3d5dc2f05dfbe8fb7e6259b7351deeca95eaf2971 of int32bit/busybox:latest already exists in http://192.168.99.101:8888
2017-11-02T01:35:31Z [INFO] blob sha256:03b1be98f3f9b05cb57782a3a71a44aaf6ec695de5f4f8e6c1058cd42f04953e of int32bit/busybox:latest already exists in http://192.168.99.101:8888
2017-11-02T01:35:31Z [INFO] blobs of int32bit/busybox:latest need to be transferred to http://192.168.99.101:8888: []
2017-11-02T01:35:31Z [INFO] manifest of int32bit/busybox:latest exists on source registry http://registry:5000, continue manifest pushing
2017-11-02T01:35:31Z [INFO] manifest of int32bit/busybox:latest exists on destination registry http://192.168.99.101:8888, skip manifest pushing
2017-11-02T01:35:31Z [INFO] no tag needs to be replicated, next state is "finished"
(13) 查看资源统计
$ harbor usage
+-----------------------+-------+
| Property | Value |
+-----------------------+-------+
| private_project_count | 0 |
| private_repo_count | 0 |
| public_project_count | 2 |
| public_repo_count | 3 |
| total_project_count | 2 |
| total_repo_count | 3 |
+-----------------------+-------+
(14) 修改用户密码
$ harbor change-password lidabai
Old password: ***** #输入旧密码
New Password: ***** #输入新密码
Retype new Password: ***** #再次输出新密码
Update password successfully.
(15) 设置用户为管理员
$ harbor promote int32bit
Promote user 'int32bit' as administrator successfully.
3.4 增加自定义子命令
以增加一个echo子命令为例,首先在harborclient/v2目录下新创建一个模块文件tests.py,实现echo方法,如下:
from harborclient import base
class TestManager(base.Manager):
def echo(self, message):
return message
在harborclient/v2/client中注册TestManager:
... # 省略其它import
from harborclient.v2 import tests
class Client(object):
def __init__(self,
username=None,
password=None,
project=None,
baseurl=None,
insecure=False,
cacert=None,
api_version=None,
*argv,
**kwargs):
... # 省略其它Manager
self.tests = tests.TestManager(self)
最后在harborclient/v2/shell.py中注册新的子命令,注意在shell.py中所有的do_xx方法都会对应一条子命令,转化规则为:
do_a_b_c => a-b-c
比如:
do_user_list => user-list
do_project_show => project-show
方法的doc文档将转化为echo子命令的帮助信息。因此新增echo子命令,只需要在shell.py中新增do_echo方法:
@utils.arg(
'--message',
metavar='<message>',
dest='message',
required=True,
help='The message to print.')
def do_echo(cs, args):
"""Print a message."""
message = cs.tests.echo(args.message)
print(message)
此时echo子命令就实现了。查看帮助信息:
$ harbor help echo
usage: harbor echo --message <message>
Print a message.
Optional arguments:
--message <message> The message to print.