背景
Harbor大名就不用介绍了,VMware开源的一套企业级的Dokcer镜像仓库,其支持的功能也很丰富。目前最新的Release版本是2016年12月6日发布的harbor_0.5.0。虽然用上了稳定版,但是仍然有些细节需要完善和优化,比如#1217、#1741 等等,当然Harbor的团队fixed也很快,如果我们不能忍受0.5.0,重新构建harbor的开发版也不失为一个好方法。
依赖
操作系统: Ubuntu16.04
| Software | Required Version |
|---|---|
| docker | 1.10.0 + |
| docker-compose | 1.7.1 + |
| python | 2.7 + |
| git | 1.9.1 + |
| make | 3.81 + |
| golang* | 1.6.0 + |
构建
**1. ** 下载Harbor最新的源码
$ git clone https://github.com/vmware/harbor
**2. ** 解决LDAP编译依赖
$ apt-get update && apt-get install -y libldap2-dev
**3. ** Harbor配置文件
在编译的时候会依赖harbor.conf,我这里的配置
## Configuration file of Harbor
#The IP address or hostname to access admin UI and registry service.
#DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
hostname = index.mycloud.com
#The protocol for accessing the UI and token/notification service, by default it is http.
#It can be set to https if ssl is enabled on nginx.
ui_url_protocol = https
#Email account settings for sending out password resetting emails.
#Email server uses the given username and password to authenticate on TLS connections to host and act as identity.
#Identity left blank to act as username.
email_identity =
email_server = 192.168.16.100
email_server_port = 25
email_username = [email protected]
email_password =
email_from = harbor
email_ssl = false
##The initial password of Harbor admin, only works for the first time when Harbor starts.
#It has no effect after the first launch of Harbor.
#Change the admin password from UI after launching Harbor.
harbor_admin_password = magine1989
##By default the auth mode is db_auth, i.e. the credentials are stored in a local database.
#Set it to ldap_auth if you want to verify a user's credentials against an LDAP server.
auth_mode = ldap_auth
#The url for an ldap endpoint.
ldap_url = ldaps:// 192.168.16.2
#A user's DN who has the permission to search the LDAP/AD server.
#If your LDAP/AD server does not support anonymous search, you should configure this DN and ldap_search_pwd.
ldap_searchdn = cn=,ou=,dc=int,dc=,dc=
#the password of the ldap_searchdn
ldap_search_pwd =
#The base DN from which to look up a user in LDAP/AD
ldap_basedn = ou=,dc=,dc=,dc=
#Search filter for LDAP/AD, make sure the syntax of the filter is correct.
ldap_filter =
# The attribute used in a search to match a user, it could be uid, cn, email, sAMAccountName or other attributes depending on your LDAP/AD
ldap_uid = uid
#the scope to search for users, 1-LDAP_SCOPE_BASE, 2-LDAP_SCOPE_ONELEVEL, 3-LDAP_SCOPE_SUBTREE
ldap_scope = 3
#The password for the root user of mysql db, change this before any production use.
db_password = magine1989
#Turn on or off the self-registration feature
self_registration = on
#Determine whether the UI should use compressed js files.
#For production, set it to on. For development, set it to off.
use_compressed_js = on
#Maximum number of job workers in job service
max_job_workers = 3
#The expiration time (in minute) of token created by token service, default is 30 minutes
token_expiration = 30
#Determine whether the job service should verify the ssl cert when it connects to a remote registry.
#Set this flag to off when the remote registry uses a self-signed or untrusted certificate.
verify_remote_cert = on
#Determine whether or not to generate certificate for the registry's token.
#If the value is on, the prepare script creates new root cert and private key
#for generating token to access the registry. If the value is off, a key/certificate must
#be supplied for token generation.
customize_crt = off
#Information of your organization for certificate
crt_country = CN
crt_state = State
crt_location = CN
crt_organization = organization
crt_organizationalunit = organizational unit
crt_commonname = example.com
crt_email = [email protected]
#The flag to control what users have permission to create projects
#Be default everyone can create a project, set to "adminonly" such that only admin can create project.
project_creation_restriction = adminonly
#The path of cert and key files for nginx, they are applied only the protocol is set to https
ssl_cert = /data/cert/server.crt
ssl_cert_key = /data/cert/server.key
#############
这里如果启用了https就需要吧证书放到你自己配置的路径下。
**4. ** 编译
- 声明GOPATH
GOPATH=/home/magine/go
- 拷贝代码
$ mkdir $GOPATH/src/github.com/vmware/
$ mv harbor $GOPATH/src/github.com/vmware/
- 编译运行harbor
$ cd $GOPATH/src/github.com/vmware/harbor
$ make install
官方提供了一些make的参数,可以参考
| Variable | Variable |
|---|---|
| BASEIMAGE | Container base image, default: photon |
| DEVFLAG | Build model flag, default: dev |
| COMPILETAG | Compile model flag, default: compile_normal (local golang build) |
| REGISTRYSERVER | Remote registry server IP address |
| REGISTRYUSER | Remote registry server user name |
| REGISTRYPASSWORD | Remote registry server user password |
| REGISTRYPROJECTNAME | Project name on remote registry server |
如果顺利,这个时候就已经开始构建Harbor的Docker镜像
root@magine:/home/magine/go/src/github.com/vmware/harbor# make install
Note: golang version: 1.6.2
Note: docker version: 17.03.1
Note: docker-compose version: 1.11.2
compiling binary for ui...
Done.
compiling binary for jobservice...
Done.
buildging db container for photon...
Sending build context to Docker daemon 16.38 kB
Step 1/5 : FROM mysql:5.6
---> 68399df75c59
Step 2/5 : WORKDIR /tmp
---> Using cache
---> 23265b344ba7
Step 3/5 : ADD registry.sql r.sql
.....
编译完成得到如下镜像
$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
vmware/harbor-jobservice dev 12c148059f55 About an hour ago 171 MB
vmware/harbor-ui dev 53d9a3869741 About an hour ago 238 MB
vmware/harbor-log dev e025eb457143 14 hours ago 193 MB
vmware/harbor-db dev dedc7c8d024b 16 hours ago 329 MB
mysql 5.6 68399df75c59 8 days ago 329 MB
nginx 1.11.5 05a60462f8ba 4 months ago 181 MB
registry 2.5.0 c6c14b3960bd 8 months ago 33.3 MB
photon 1.0 e6e4e4a2ba1b 9 months ago 128 MB
可以看到,默认的harbor镜像tag都是dev标签。如果担心稳定问题的话,就只能等待harbot团队的下一次发布release了。
发布
发布Harbor社区提供很多方式,有基于docker-compose,也有基于Kubernetes的,我这里就不再对其详解了,毕竟网上很多资料可以查看。
本文参考:
harbor官方Github:
https://github.com/vmware/harbor/blob/master/docs/compile_guide.md