Harbor客户端工具,命令行对Harbor进行管理

转载自:https://mp.weixin.qq.com/s/BzqbLyKU54vLN6-OdB8KsA

Harbor通过Web界面可以方便地管理用户、租户以及镜像仓库等资源,但是缺乏开发人员更喜爱的命令行管理工具。

一、Harborclient工具简介

项目地址: https://github.com/int32bit/harborclient

Harborclient是Harbor的第三方扩展开源工具,正弥补Harbor不足,它适合开发和运维人员管理镜像仓库、项目等资源,包含的特性如下:

  • harborclient参考了OpenStack命令行工具的优秀架构和设计模式,使用也和OpenStack命令行非常类似。
  • harborclient通过子命令划分不同的功能,并且所有功能是可扩展的,增加功能只需要在client下增加do_xxx方法即可。主模块会自动发现并注册子命令。
  • 相比OpenStack的命令行工具,精简了部分复杂功能,重新设计了大多数接口,暴露的API更直观和易用。
  • 支持DEBUG模式查看Harbor API调用过程,便于调试追踪。
  • 支持timings选项,能够报告API请求响应时间,便于测试Harbor API性能。
  • 支持https。

二、安装Harborclient(docker)

2.1 镜像拉取/制作

harborclient托管在docker hub中,可以直接拉取已经构建的镜像到本地:

$ docker pull krystism/harborclient

docker hub中的镜像不一定是最新的,建议从源码中build镜像,在项目根下运行:

$ git clone https://github.com/int32bit/harborclient
$ docker build -t yourname/harborclient .

2.2 启动容器

$ docker run -itd \
 -e HARBOR_URL="https://192.168.2.19:443" \
 -e HARBOR_USERNAME="admin" \
 -e HARBOR_PASSWORD="Harbor12345" \
 -e HARBOR_PROJECT=1 \
 --rm krystism/harborclient
+---------+----------+----------+----------------------+--------------+---------------+
| user_id | username | is_admin |        email         |   realname   |    comment    |
+---------+----------+----------+----------------------+--------------+---------------+
|    1    |  admin   |    1     |  admin@example.com   | system admin |   admin user  |
|    11   | int32bit |    0     | int32bit@example.com |   int32bit   | for int32bit  |
+---------+----------+----------+----------------------+--------------+---------------+

HARBOR_URL: 指定Harbor地址;
HARBOR_USERNAME: 指定Harbor用户名;
HARBOR_PASSWORD: 指定Harbor用户密码;
HARBOR_PROJECT: 指定项目ID号;

2.3 设置命令自动补全

harborclient支持命令补全,以bash为例,需要首先安装bash-completion,然后执行以下命令配置自动补全:

$ sudo yum install  -y bash-completion
$ complete -W $(harbor bash-completion) harbor

此时可以通过tab键自动补全参数以及子命令了。

三、使用

3.1 子命令集参数说明

  • 子命令
    get-cert:
    get-conf: 查看harbor信息;
    info: 查看harbor信息;
    job-list:
    job-log:

  • 参数

  • --debug: 详细打印调用的harbor API以及参数,并显示response信息;

  • --timings: 参数将打印命令执行时调用的所有API列表并报告响应时间;

  • --timeout: 参数可以设置允许的最长响应时间(单位: 秒),支持浮点数,超过这个时间未响应将导致请求超时异常;

3.2 使用https

harborclient支持https,对应使用https的Harbor可以通过--os-cacert选项指定CA证书,也可以通过--insecure跳过认证校验,相当于curl -k命令。

$ harbor list   #使用https的harbor会出现该报错
CommandError: Unable to authorize user 'admin': Certificate verify failed, please use '--os-cacert' option to specify a CA bundle file to use in verifying a TLS (https) server certificate or use '--insecure' option to explicitly allow client to perform insecure TLS (https) requests.
$ harbor --insecure list
+-----------------------+------------+-----------+------------+------------+------------+----------------------+
|          name         | project_id |    size   | tags_count | star_count | pull_count |     update_time      |
+-----------------------+------------+-----------+------------+------------+------------+----------------------+
|    int32bit/busybox   |     2      |   715181  |     1      |     0      |     0      | 2017-11-01T07:06:36Z |
|    int32bit/golang    |     2      | 257883053 |     2      |     0      |     0      | 2017-11-01T12:59:05Z |
| int32bit/golang:1.7.3 |     2      | 257883053 |     2      |     0      |     0      | 2017-11-01T12:59:05Z |
|  int32bit/hello-world |     2      |    974    |     1      |     0      |     0      | 2017-11-01T13:22:46Z |
+-----------------------+------------+-----------+------------+------------+------------+----------------------+

3.3 使用案例

(1) 创建用户

$ harbor --insecure user-create \
 --username lidabai \
 --password lidabai666 \
 --email lidabai@example.com \
 --realname newuser \
 --comment "I am a new user"
Create user 'lidabai' successfully.    #提升创建成功
--username: 指定要创建的用户名(必须);
--password: 指定创建用户的用户密码(必须);
--email:指定邮箱;
--comment:描述信息;

(2) 删除用户

$ harbor --insecure user-delete new-user
Delete user 'new-user' sucessfully.
List repositories and images

(3) 查看镜像列表

$ harbor  list
+-----------------------+------------+-----------+------------+------------+------------+----------------------+
|          name         | project_id |    size   | tags_count | star_count | pull_count |     update_time      |
+-----------------------+------------+-----------+------------+------------+------------+----------------------+
|    int32bit/busybox   |     2      |   715181  |     1      |     0      |     0      | 2017-11-01T07:06:36Z |
| int32bit/golang:1.7.3 |     2      | 257883053 |     2      |     0      |     0      | 2017-11-01T12:59:05Z |
|  int32bit/hello-world |     2      |    974    |     1      |     0      |     0      | 2017-11-01T13:22:46Z |
+-----------------------+------------+-----------+------------+------------+------------+----------------------+

(4) 查看镜像详细信息

$ harbor show int32bit/golang:1.7.3
+--------------------+-------------------------------------------------------------------------+
| Property           | Value                                                                   |
+--------------------+-------------------------------------------------------------------------+
| creation_time      | 2017-11-01T12:59:05Z                                                    |
| description        |                                                                         |
| id                 | 2                                                                       |
| name               | int32bit/golang                                                         |
| project_id         | 2                                                                       |
| pull_count         | 0                                                                       |
| star_count         | 0                                                                       |
| tag_architecture   | amd64                                                                   |
| tag_author         |                                                                         |
| tag_created        | 2016-11-08T19:32:39.908048617Z                                          |
| tag_digest         | sha256:37d263ccd240e113a752c46306ad004e36532ce118eb3131d9f76f43cc606d5d |
| tag_docker_version | 1.12.3                                                                  |
| tag_name           | 1.7.3                                                                   |
| tag_os             | linux                                                                   |
| tag_signature      | -                                                                       |
| tags_count         | 2                                                                       |
| update_time        | 2017-11-01T12:59:05Z                                                    |
+--------------------+-------------------------------------------------------------------------+

(5) 查看最热门镜像

$ harbor top
+----------------------+------------+------------+
|         name         | pull_count | star_count |
+----------------------+------------+------------+
|   int32bit/busybox   |     10     |     0      |
|   int32bit/golang    |     8      |     0      |
| int32bit/hello-world |     1      |     0      |
+----------------------+------------+------------+

(6) 查看用户角色

$ harbor member-list
+----------+--------------+---------+---------+
| username |  role_name   | user_id | role_id |
+----------+--------------+---------+---------+
|  admin   | projectAdmin |    1    |    1    |
|   foo    |  developer   |    5    |    2    |
|   test   |    guest     |    6    |    3    |
+----------+--------------+---------+---------+

(7) 查看日志

$ harbor logs
+--------+----------------------+----------+------------+-----------+-----------------------------+
| log_id |       op_time        | username | project_id | operation |          repository         |
+--------+----------------------+----------+------------+-----------+-----------------------------+
|   1    | 2017-11-01T06:56:07Z |  admin   |     2      |   create  |          int32bit/          |
|   2    | 2017-11-01T07:06:36Z |  admin   |     2      |    push   |   int32bit/busybox:latest   |
|   3    | 2017-11-01T12:59:05Z |  admin   |     2      |    push   |    int32bit/golang:1.7.3    |
|   4    | 2017-11-01T13:22:46Z |  admin   |     2      |    push   | int32bit/hello-world:latest |
|   5    | 2017-11-01T14:21:49Z |  admin   |     2      |    push   |    int32bit/golang:latest   |
|   6    | 2017-11-03T20:39:04Z |  admin   |     3      |   create  |            test/            |
|   7    | 2017-11-03T20:39:22Z |  admin   |     3      |   delete  |            test/            |
|   8    | 2017-11-03T20:39:38Z |  admin   |     4      |   create  |            test/            |
|   9    | 2017-11-03T20:49:33Z |  admin   |     4      |   delete  |            test/            |
+--------+----------------------+----------+------------+-----------+-----------------------------+

(8) 搜索

$ harbor search int32bit
Find 1 Projects:
+------------+----------+--------+------------+----------------------+
| project_id |   name   | public | repo_count |    creation_time     |
+------------+----------+--------+------------+----------------------+
|     2      | int32bit |   1    |     3      | 2017-11-01T06:56:07Z |
+------------+----------+--------+------------+----------------------+

Find 3 Repositories:
+----------------------+--------------+------------+----------------+
|   repository_name    | project_name | project_id | project_public |
+----------------------+--------------+------------+----------------+
|   int32bit/busybox   |   int32bit   |     2      |       1        |
|   int32bit/golang    |   int32bit   |     2      |       1        |
| int32bit/hello-world |   int32bit   |     2      |       1        |
+----------------------+--------------+------------+----------------+

(9) 查看复制目标

$ harbor target-list
+----+----------------------+-------------------------------------+----------+----------+----------------------+
| id |         name         |               endpoint              | username | password |    creation_time     |
+----+----------------------+-------------------------------------+----------+----------+----------------------+
| 1  |     test-target      |      http://192.168.99.101:8888     |  admin   |    -     | 2017-11-02T01:35:30Z |
| 2  |    test-target-2     |      http://192.168.99.101:9999     |  admin   |    -     | 2017-11-02T13:43:07Z |
| 3  | int32bit-test-target | http://192.168.99.101:8888/int32bit |  admin   |    -     | 2017-11-02T14:28:54Z |
+----+----------------------+-------------------------------------+----------+----------+----------------------+

(10) ping复制目标仓库

检测目标仓库网络是否通畅。

$ harbor target-ping 1
OK

(11) 查看复制任务

$ harbor job-list 1
+----+----------------------+-----------+----------+----------------------+
| id |      repository      | operation |  status  |     update_time      |
+----+----------------------+-----------+----------+----------------------+
| 1  |   int32bit/busybox   |  transfer | finished | 2017-11-02T01:35:31Z |
| 2  |   int32bit/golang    |  transfer | finished | 2017-11-02T01:35:31Z |
| 3  | int32bit/hello-world |  transfer | finished | 2017-11-02T01:35:31Z |
+----+----------------------+-----------+----------+----------------------+

(12) 查看复制任务日志

$ harbor job-log  1
2017-11-02T01:35:30Z [INFO] initializing: repository: int32bit/busybox, tags: [], source URL: http://registry:5000, destination URL: http://192.168.99.101:8888, insecure: false, destination user: admin
2017-11-02T01:35:30Z [INFO] initialization completed: project: int32bit, repository: int32bit/busybox, tags: [latest], source URL: http://registry:5000, destination URL: http://192.168.99.101:8888, insecure: false, destination user: admin
2017-11-02T01:35:30Z [WARNING] the status code is 409 when creating project int32bit on http://192.168.99.101:8888 with user admin, try to do next step
2017-11-02T01:35:30Z [INFO] manifest of int32bit/busybox:latest pulled successfully from http://registry:5000: sha256:030fcb92e1487b18c974784dcc110a93147c9fc402188370fbfd17efabffc6af
2017-11-02T01:35:30Z [INFO] all blobs of int32bit/busybox:latest from http://registry:5000: [sha256:54511612f1c4d97e93430fc3d5dc2f05dfbe8fb7e6259b7351deeca95eaf2971 sha256:03b1be98f3f9b05cb57782a3a71a44aaf6ec695de5f4f8e6c1058cd42f04953e]
2017-11-02T01:35:31Z [INFO] blob sha256:54511612f1c4d97e93430fc3d5dc2f05dfbe8fb7e6259b7351deeca95eaf2971 of int32bit/busybox:latest already exists in http://192.168.99.101:8888
2017-11-02T01:35:31Z [INFO] blob sha256:03b1be98f3f9b05cb57782a3a71a44aaf6ec695de5f4f8e6c1058cd42f04953e of int32bit/busybox:latest already exists in http://192.168.99.101:8888
2017-11-02T01:35:31Z [INFO] blobs of int32bit/busybox:latest need to be transferred to http://192.168.99.101:8888: []
2017-11-02T01:35:31Z [INFO] manifest of int32bit/busybox:latest exists on source registry http://registry:5000, continue manifest pushing
2017-11-02T01:35:31Z [INFO] manifest of int32bit/busybox:latest exists on destination registry http://192.168.99.101:8888, skip manifest pushing
2017-11-02T01:35:31Z [INFO] no tag needs to be replicated, next state is "finished"

(13) 查看资源统计

$ harbor usage
+-----------------------+-------+
| Property              | Value |
+-----------------------+-------+
| private_project_count | 0     |
| private_repo_count    | 0     |
| public_project_count  | 2     |
| public_repo_count     | 3     |
| total_project_count   | 2     |
| total_repo_count      | 3     |
+-----------------------+-------+

(14) 修改用户密码

$ harbor change-password lidabai
Old password: *****    #输入旧密码
New Password: *****    #输入新密码
Retype new Password: *****    #再次输出新密码
Update password successfully.

(15) 设置用户为管理员

$ harbor promote int32bit
Promote user 'int32bit' as administrator successfully.

3.4 增加自定义子命令

以增加一个echo子命令为例,首先在harborclient/v2目录下新创建一个模块文件tests.py,实现echo方法,如下:

from harborclient import base
class TestManager(base.Manager):
    def echo(self, message):
        return message

在harborclient/v2/client中注册TestManager:

... # 省略其它import
from harborclient.v2 import tests
class Client(object):
    def __init__(self,
                 username=None,
                 password=None,
                 project=None,
                 baseurl=None,
                 insecure=False,
                 cacert=None,
                 api_version=None,
                 *argv,
                 **kwargs):
        ... # 省略其它Manager
        self.tests = tests.TestManager(self)

最后在harborclient/v2/shell.py中注册新的子命令,注意在shell.py中所有的do_xx方法都会对应一条子命令,转化规则为:

do_a_b_c => a-b-c
比如:
do_user_list => user-list
do_project_show => project-show

方法的doc文档将转化为echo子命令的帮助信息。因此新增echo子命令,只需要在shell.py中新增do_echo方法:

@utils.arg(
    '--message',
    metavar='<message>',
    dest='message',
    required=True,
    help='The message to print.')
def do_echo(cs, args):
    """Print a message."""
    message = cs.tests.echo(args.message)
    print(message)

此时echo子命令就实现了。查看帮助信息:

$ harbor  help echo
usage: harbor echo --message <message>

Print a message.

Optional arguments:
  --message <message>  The message to print.
posted @ 2023-05-04 09:14  哈喽哈喽111111  阅读(628)  评论(0编辑  收藏  举报