harbor/contrib/harbor-cli/README.md
int32bit 19f3ebd353 Add CLI tool for Harbor
This patch provides a command-line tool for managing Harbor resources
like users, projects, images, etc.
2017-11-10 14:58:57 +08:00

27 KiB

About This Project

Project Harbor is an enterprise-class registry server that stores and distributes Docker images. Harbor extends the open source Docker Distribution by adding the functionalities usually required by an enterprise, such as security, identity and management. As an enterprise private registry, Harbor offers better performance and security. Having a registry closer to the build and run environment improves the image transfer efficiency. Harbor supports the setup of multiple registries and has images replicated between them. With Harbor, the images are stored within the private registry, keeping the bits and intellectual properties behind the company firewall. In addition, Harbor offers advanced security features, such as user management, access control and activity auditing.

This project provides a great native command-line experience for managing Harbor resources like user, project, etc. It can be used on macOS, Linux, and Docker.

Install Harbor CLI

Harbor CLI can be installed by one of two approaches:

  • Option 1: Build as a Docker image(easy, recommended)
  • Option 2: Native Installation from Source
  • Option 3: Install from pypi

We maintain a Docker prebuilt image with Harbor CLI. Install the CLI using docker run.

docker run -t -i krystism/harborclient harbor help

We strongly suggest you build image from code manually, because our prebuilt image may be not latest version.

docker build -t yourname/harborclient .

Run Harbor CLI as follows:

$ docker run --rm \
 -e HARBOR_USERNAME="admin" \
 -e HARBOR_PASSWORD="Harbor12345" \
 -e HARBOR_PROJECT=1 \
 -e HARBOR_URL="http://localhost" \
 yourname/harborclient harbor info

+------------------------------+---------------------+
| Property                     | Value               |
+------------------------------+---------------------+
| admiral_endpoint             | NA                  |
| auth_mode                    | db_auth             |
| disk_free                    | 4993355776          |
| disk_total                   | 18381979648         |
| harbor_version               | v1.2.2              |
| has_ca_root                  | False               |
| next_scan_all                | 0                   |
| project_creation_restriction | everyone            |
| registry_url                 | localhost           |
| self_registration            | True                |
| with_admiral                 | False               |
| with_clair                   | False               |
| with_notary                  | False               |
+------------------------------+---------------------+

Create an alias:

alias harbor='docker run \
 -e HARBOR_USERNAME="admin" \
 -e HARBOR_PASSWORD="Harbor12345" \
 -e HARBOR_URL="http://localhost" \
 --rm krystism/harborclient harbor'

Then you can run Harbor CLI like:

$ harbor user-list
+---------+----------+----------+----------------------+--------------+-------------+
| user_id | username | is_admin |        email         |   realname   |   comment   |
+---------+----------+----------+----------------------+--------------+-------------+
|    1    |  admin   |    1     |  admin@example.com   | system admin |  admin user |
|    2    | int32bit |    0     | int32bit@example.com |   int32bit   |  int32bit   |
+---------+----------+----------+----------------------+--------------+-------------+

Option 2: Native Installation from Source

The installation steps boil down to the following:

Install requirements

sudo pip install -r requirements.txt

Install Harbor CLI.

sudo python setup.py install

Or

sudo pip install .

Option 3: Install from pypi

sudo pip install python-harborclient

Verify operation

As the admin user, do a info request:

$ harbor --os-baseurl https://localhost --os-username admin --os-project 1 info
password: *****
+------------------------------+---------------------+
| Property                     | Value               |
+------------------------------+---------------------+
| admiral_endpoint             | NA                  |
| auth_mode                    | db_auth             |
| disk_free                    | 4992696320          |
| disk_total                   | 18381979648         |
| harbor_version               | v1.2.2              |
| has_ca_root                  | False               |
| next_scan_all                | 0                   |
| project_creation_restriction | everyone            |
| registry_url                 | localhost           |
| self_registration            | True                |
| with_admiral                 | False               |
| with_clair                   | False               |
| with_notary                  | False               |
+------------------------------+---------------------+

Create harbor client environment scripts

To increase efficiency of client operations, Harbor CLI supports simple client environment scrips also known as harborrc file. These scripts typically contain common options for all client, but also support unique options.

Create client environment scripts for admin user:

cat >admin-harborrc <<EOF
export HARBOR_USERNAME=admin
export HARBOR_PASSWORD=Harbor12345
export HARBOR_URL=http://localhost
export HARBOR_PROJECT=1
EOF

Replace HARBOR_PASSWORD with your password.

To run clients as a specific project and user, you can simply load the associated client environment script prior to running them.

source admin-harborrc

List images:

$ harbor list
+-----------------------+------------+-----------+------------+------------+------------+----------------------+
|          name         | project_id |    size   | tags_count | star_count | pull_count |     update_time      |
+-----------------------+------------+-----------+------------+------------+------------+----------------------+
|    int32bit/busybox   |     2      |   715181  |     1      |     0      |     0      | 2017-11-01T07:06:36Z |
| int32bit/golang:1.7.3 |     2      | 257883053 |     2      |     0      |     0      | 2017-11-01T12:59:05Z |
|  int32bit/hello-world |     2      |    974    |     1      |     0      |     0      | 2017-11-01T13:22:46Z |
+-----------------------+------------+-----------+------------+------------+------------+----------------------+

Setup bash completion

$ complete -W $(harbor bash-completion) harbor
$ harbor us<tab><tab>
usage user-create user-delete user-list user-show  user-update

User Guide

This guide walks you through the fundamentals of using Harbor CLI. You'll learn how to use Harbor CLI to:

  • Manage your projects.
  • Manage members of a project.
  • Search projects and repositories.
  • Manage users.
  • Manage replication policies.
  • Manage configuration.
  • Delete repositories and images.
  • Show logs.
  • Get statistics data.
  • ...

Once you install Harbor CLI, you can run harbor help to get usage:

$ harbor help
usage: harbor [--debug] [--timings] [--version] [--os-username <username>]
              [--os-password <password>] [--os-project <project>]
              [--timeout <timeout>] [--os-baseurl <baseurl>] [--insecure]
              [--os-cacert <ca-certificate>] [--os-api-version <api-version>]
              <subcommand> ...

Run "harbor help COMMAND" for help on a specific command.

$ harbor help user-create
usage: harbor user-create --username <username> --password <password> --email
                          <email> [--realname <realname>]
                          [--comment <comment>]

Create a new User.

Optional arguments:
  --username <username>  Unique name of the new user.
  --password <password>  Password of the new user.
  --email <email>        Email of the new user.
  --realname <realname>  Realname of the new user.
  --comment <comment>    Comment of the new user.

Show details about API requests using --debug option:

$ harbor  --debug --insecure project-list
DEBUG (connectionpool:824) Starting new HTTPS connection (1): devstack
DEBUG (connectionpool:396) https://devstack:443 "POST /login HTTP/1.1" 200 0
DEBUG (client:274) Successfully login, session id: 2642a18db2cb0fb207bd721899da9f8b
REQ: curl -g -i --insecure 'https://devstack/api/projects' -X GET -H "Accept: application/json" -H "Harbor-API-Version: v2" -H "User-Agent: python-harborclient" -b "beegosessionID: 2642a18db2cb0fb207bd721899da9f8b"
DEBUG (connectionpool:824) Starting new HTTPS connection (1): devstack
DEBUG (connectionpool:396) https://devstack:443 "GET /api/projects HTTP/1.1" 200 316
RESP: [200] {'Content-Length': '316', 'Content-Encoding': 'gzip', 'X-Total-Count': '2', 'Server': 'nginx/1.11.13', 'Connection': 'keep-alive', 'Date': 'Mon, 06 Nov 2017 12:24:53 GMT', 'Content-Type': 'application/json; charset=utf-8'}
RESP BODY: [{"creation_time_str": "", "enable_content_trust": false, "Togglable": true, "owner_name": "", "name": "int32bit", "deleted": 0, "repo_count": 3, "creation_time": "2017-11-01T06:56:07Z", "update_time": "2017-11-01T06:56:07Z", "prevent_vulnerable_images_from_running": false, "current_user_role_id": 1, "project_id": 2, "automatically_scan_images_on_push": false, "public": 1, "prevent_vulnerable_images_from_running_severity": "", "owner_id": 1}, {"creation_time_str": "", "enable_content_trust": false, "Togglable": true, "owner_name": "", "name": "library", "deleted": 0, "repo_count": 0, "creation_time": "2017-11-01T06:08:43Z", "update_time": "2017-11-01T06:08:43Z", "prevent_vulnerable_images_from_running": false, "current_user_role_id": 1, "project_id": 1, "automatically_scan_images_on_push": false, "public": 1, "prevent_vulnerable_images_from_running_severity": "", "owner_id": 1}]

+------------+----------+----------+----------------------+------------+----------------------+--------+
| project_id |   name   | owner_id | current_user_role_id | repo_count |    creation_time     | public |
+------------+----------+----------+----------------------+------------+----------------------+--------+
|     1      | library  |    1     |          1           |     0      | 2017-11-01T06:08:43Z |   1    |
|     2      | int32bit |    1     |          1           |     3      | 2017-11-01T06:56:07Z |   1    |
+------------+----------+----------+----------------------+------------+----------------------+--------+

Print call timing info with --timings option:

$ harbor  --insecure --timings user-list
+---------+----------+----------+----------------------+--------------+-------------+
| user_id | username | is_admin |        email         |   realname   |   comment   |
+---------+----------+----------+----------------------+--------------+-------------+
|    1    |  admin   |    1     |  admin@example.com   | system admin |  admin user |
|    3    | int32bit |    0     | int32bit@example.com |   int32bit   |     test    |
+---------+----------+----------+----------------------+--------------+-------------+
+--------------+-----------------+
| url          | seconds         |
+--------------+-----------------+
| GET /users   | 0.0146510601044 |
| GET /users/1 | 0.0146780014038 |
| Total        | 0.0293290615082 |
+--------------+-----------------+
Total: 0.0293290615082 seconds

All SSL connections are attempted to be made secure by using the CA certificate bundle installed by default. This makes all connections considered "insecure" fail unless --insecure is used.

$ harbor info
Traceback (most recent call last):
  File "/usr/local/bin/harbor", line 10, in <module>
    sys.exit(main())
  File "/usr/local/lib/python2.7/dist-packages/harborclient/shell.py", line 404, in main
    HarborShell().main(argv)
  File "/usr/local/lib/python2.7/dist-packages/harborclient/shell.py", line 330, in main
    self.cs.authenticate()
  File "/usr/local/lib/python2.7/dist-packages/harborclient/v2/client.py", line 83, in authenticate
    self.client.authenticate()
  File "/usr/local/lib/python2.7/dist-packages/harborclient/client.py", line 270, in authenticate
    verify=self.verify_cert)
  File "/usr/local/lib/python2.7/dist-packages/requests/api.py", line 112, in post
    return request('post', url, data=data, json=json, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/requests/api.py", line 58, in request
    return session.request(method=method, url=url, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/requests/sessions.py", line 508, in request
    resp = self.send(prep, **send_kwargs)
  File "/usr/local/lib/python2.7/dist-packages/requests/sessions.py", line 618, in send
    r = adapter.send(request, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/requests/adapters.py", line 506, in send
    raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='devstack', port=443): Max retries exceeded with url: /login (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')],)",),))
$ harbor --insecure info
+------------------------------+---------------------+
| Property                     | Value               |
+------------------------------+---------------------+
| admiral_endpoint             | NA                  |
| auth_mode                    | db_auth             |
| disk_free                    | 4991021056          |
| disk_total                   | 18381979648         |
| harbor_version               | v1.2.2              |
| has_ca_root                  | False               |
| next_scan_all                | 0                   |
| project_creation_restriction | everyone            |
| registry_url                 | 192.168.99.101:8888 |
| self_registration            | True                |
| with_admiral                 | False               |
| with_clair                   | False               |
| with_notary                  | False               |
+------------------------------+---------------------+

Examples

Create a new user

$ harbor --insecure user-create \
 --username new-user \
 --password 1q2w3e4r \
 --email new_user@example.com \
 --realname newuser \
 --comment "I am a new user"
Create user 'new-user' successfully.

Delete a user

$ harbor --insecure user-delete new-user
Delete user 'new-user' sucessfully.

List repositories and images

$ harbor  list
+-----------------------+------------+-----------+------------+------------+------------+----------------------+
|          name         | project_id |    size   | tags_count | star_count | pull_count |     update_time      |
+-----------------------+------------+-----------+------------+------------+------------+----------------------+
|    int32bit/busybox   |     2      |   715181  |     1      |     0      |     0      | 2017-11-01T07:06:36Z |
| int32bit/golang:1.7.3 |     2      | 257883053 |     2      |     0      |     0      | 2017-11-01T12:59:05Z |
|  int32bit/hello-world |     2      |    974    |     1      |     0      |     0      | 2017-11-01T13:22:46Z |
+-----------------------+------------+-----------+------------+------------+------------+----------------------+

Show details about image

$ harbor  show int32bit/golang:1.7.3
+--------------------+-------------------------------------------------------------------------+
| Property           | Value                                                                   |
+--------------------+-------------------------------------------------------------------------+
| creation_time      | 2017-11-01T12:59:05Z                                                    |
| description        |                                                                         |
| id                 | 2                                                                       |
| name               | int32bit/golang                                                         |
| project_id         | 2                                                                       |
| pull_count         | 0                                                                       |
| star_count         | 0                                                                       |
| tag_architecture   | amd64                                                                   |
| tag_author         |                                                                         |
| tag_created        | 2016-11-08T19:32:39.908048617Z                                          |
| tag_digest         | sha256:37d263ccd240e113a752c46306ad004e36532ce118eb3131d9f76f43cc606d5d |
| tag_docker_version | 1.12.3                                                                  |
| tag_name           | 1.7.3                                                                   |
| tag_os             | linux                                                                   |
| tag_signature      | -                                                                       |
| tags_count         | 2                                                                       |
| update_time        | 2017-11-01T12:59:05Z                                                    |
+--------------------+-------------------------------------------------------------------------+

Get top accessed repositories

$ harbor top
+----------------------+------------+------------+
|         name         | pull_count | star_count |
+----------------------+------------+------------+
|   int32bit/busybox   |     10     |     0      |
|   int32bit/golang    |     8      |     0      |
| int32bit/hello-world |     1      |     0      |
+----------------------+------------+------------+

Lists members of a project.

$ harbor member-list
+----------+--------------+---------+---------+
| username |  role_name   | user_id | role_id |
+----------+--------------+---------+---------+
|  admin   | projectAdmin |    1    |    1    |
|   foo    |  developer   |    5    |    2    |
|   test   |    guest     |    6    |    3    |
+----------+--------------+---------+---------+

Show logs

$ harbor logs
+--------+----------------------+----------+------------+-----------+-----------------------------+
| log_id |       op_time        | username | project_id | operation |          repository         |
+--------+----------------------+----------+------------+-----------+-----------------------------+
|   1    | 2017-11-01T06:56:07Z |  admin   |     2      |   create  |          int32bit/          |
|   2    | 2017-11-01T07:06:36Z |  admin   |     2      |    push   |   int32bit/busybox:latest   |
|   3    | 2017-11-01T12:59:05Z |  admin   |     2      |    push   |    int32bit/golang:1.7.3    |
|   4    | 2017-11-01T13:22:46Z |  admin   |     2      |    push   | int32bit/hello-world:latest |
|   5    | 2017-11-01T14:21:49Z |  admin   |     2      |    push   |    int32bit/golang:latest   |
|   6    | 2017-11-03T20:39:04Z |  admin   |     3      |   create  |            test/            |
|   7    | 2017-11-03T20:39:22Z |  admin   |     3      |   delete  |            test/            |
|   8    | 2017-11-03T20:39:38Z |  admin   |     4      |   create  |            test/            |
|   9    | 2017-11-03T20:49:33Z |  admin   |     4      |   delete  |            test/            |
+--------+----------------------+----------+------------+-----------+-----------------------------+

Search projects and repositories.

$ harbor search int32bit
Find 1 Projects:
+------------+----------+--------+------------+----------------------+
| project_id |   name   | public | repo_count |    creation_time     |
+------------+----------+--------+------------+----------------------+
|     2      | int32bit |   1    |     3      | 2017-11-01T06:56:07Z |
+------------+----------+--------+------------+----------------------+

Find 3 Repositories:
+----------------------+--------------+------------+----------------+
|   repository_name    | project_name | project_id | project_public |
+----------------------+--------------+------------+----------------+
|   int32bit/busybox   |   int32bit   |     2      |       1        |
|   int32bit/golang    |   int32bit   |     2      |       1        |
| int32bit/hello-world |   int32bit   |     2      |       1        |
+----------------------+--------------+------------+----------------+

Lists targets

$ harbor target-list
+----+----------------------+-------------------------------------+----------+----------+----------------------+
| id |         name         |               endpoint              | username | password |    creation_time     |
+----+----------------------+-------------------------------------+----------+----------+----------------------+
| 1  |     test-target      |      http://192.168.99.101:8888     |  admin   |    -     | 2017-11-02T01:35:30Z |
| 2  |    test-target-2     |      http://192.168.99.101:9999     |  admin   |    -     | 2017-11-02T13:43:07Z |
| 3  | int32bit-test-target | http://192.168.99.101:8888/int32bit |  admin   |    -     | 2017-11-02T14:28:54Z |
+----+----------------------+-------------------------------------+----------+----------+----------------------+

Ping a target

$ harbor target-ping 1
OK

Lists replication job

$ harbor  job-list 1
+----+----------------------+-----------+----------+----------------------+
| id |      repository      | operation |  status  |     update_time      |
+----+----------------------+-----------+----------+----------------------+
| 1  |   int32bit/busybox   |  transfer | finished | 2017-11-02T01:35:31Z |
| 2  |   int32bit/golang    |  transfer | finished | 2017-11-02T01:35:31Z |
| 3  | int32bit/hello-world |  transfer | finished | 2017-11-02T01:35:31Z |
+----+----------------------+-----------+----------+----------------------+

Show job logs:

$ harbor job-log  1
2017-11-02T01:35:30Z [INFO] initializing: repository: int32bit/busybox, tags: [], source URL: http://registry:5000, destination URL: http://192.168.99.101:8888, insecure: false, destination user: admin
2017-11-02T01:35:30Z [INFO] initialization completed: project: int32bit, repository: int32bit/busybox, tags: [latest], source URL: http://registry:5000, destination URL: http://192.168.99.101:8888, insecure: false, destination user: admin
2017-11-02T01:35:30Z [WARNING] the status code is 409 when creating project int32bit on http://192.168.99.101:8888 with user admin, try to do next step
2017-11-02T01:35:30Z [INFO] manifest of int32bit/busybox:latest pulled successfully from http://registry:5000: sha256:030fcb92e1487b18c974784dcc110a93147c9fc402188370fbfd17efabffc6af
2017-11-02T01:35:30Z [INFO] all blobs of int32bit/busybox:latest from http://registry:5000: [sha256:54511612f1c4d97e93430fc3d5dc2f05dfbe8fb7e6259b7351deeca95eaf2971 sha256:03b1be98f3f9b05cb57782a3a71a44aaf6ec695de5f4f8e6c1058cd42f04953e]
2017-11-02T01:35:31Z [INFO] blob sha256:54511612f1c4d97e93430fc3d5dc2f05dfbe8fb7e6259b7351deeca95eaf2971 of int32bit/busybox:latest already exists in http://192.168.99.101:8888
2017-11-02T01:35:31Z [INFO] blob sha256:03b1be98f3f9b05cb57782a3a71a44aaf6ec695de5f4f8e6c1058cd42f04953e of int32bit/busybox:latest already exists in http://192.168.99.101:8888
2017-11-02T01:35:31Z [INFO] blobs of int32bit/busybox:latest need to be transferred to http://192.168.99.101:8888: []
2017-11-02T01:35:31Z [INFO] manifest of int32bit/busybox:latest exists on source registry http://registry:5000, continue manifest pushing
2017-11-02T01:35:31Z [INFO] manifest of int32bit/busybox:latest exists on destination registry http://192.168.99.101:8888, skip manifest pushing
2017-11-02T01:35:31Z [INFO] no tag needs to be replicated, next state is "finished"

Show usage

$ harbor usage
+-----------------------+-------+
| Property              | Value |
+-----------------------+-------+
| private_project_count | 0     |
| private_repo_count    | 0     |
| public_project_count  | 2     |
| public_repo_count     | 3     |
| total_project_count   | 2     |
| total_repo_count      | 3     |
+-----------------------+-------+

Show Harbor info

$ harbor  info
+------------------------------+---------------------+
| Property                     | Value               |
+------------------------------+---------------------+
| admiral_endpoint             | NA                  |
| auth_mode                    | db_auth             |
| disk_free                    | 4989370368          |
| disk_total                   | 18381979648         |
| harbor_version               | v1.2.2              |
| has_ca_root                  | False               |
| next_scan_all                | 0                   |
| project_creation_restriction | everyone            |
| registry_url                 | 192.168.99.101:8888 |
| self_registration            | True                |
| with_admiral                 | False               |
| with_clair                   | False               |
| with_notary                  | False               |
+------------------------------+---------------------+

Get configrations

$ harbor get-conf
+------------------------------+-------------------------------------------------------+----------+
|             name             |                         value                         | editable |
+------------------------------+-------------------------------------------------------+----------+
|          auth_mode           |                        db_auth                        |  False   |
|          email_from          |           admin <sample_admin@mydomain.com>           |   True   |
|          email_host          |                   smtp.mydomain.com                   |   True   |
|        email_identity        |                           -                           |   True   |
|          email_port          |                           25                          |   True   |
|          email_ssl           |                         False                         |   True   |
|        email_username        |               sample_admin@mydomain.com               |   True   |
|         ldap_base_dn         |              ou=people,dc=mydomain,dc=com             |   True   |
|         ldap_filter          |                           -                           |   True   |
|          ldap_scope          |                           3                           |   True   |
|        ldap_search_dn        |                           -                           |   True   |
|         ldap_timeout         |                           5                           |   True   |
|           ldap_uid           |                          uid                          |   True   |
|           ldap_url           |               ldaps://ldap.mydomain.com               |   True   |
| project_creation_restriction |                        everyone                       |   True   |
|       scan_all_policy        | {u'parameter': {u'daily_time': 0}, u'type': u'daily'} |   True   |
|      self_registration       |                          True                         |   True   |
|       token_expiration       |                           30                          |   True   |
|      verify_remote_cert      |                          True                         |   True   |
+------------------------------+-------------------------------------------------------+----------+

Update user password

$ harbor change-password int32bit
Old password: *****
New Password: *****
Retype new Password: *****
Update password successfully.

Promote a user to administrator

$ harbor promote int32bit
Promote user 'int32bit' as administrator successfully.

Licensing

HarborClient is licensed under the MIT License, Version 2.0. See LICENSE for the full license text.