本文共 15055 字，大约阅读时间需要 50 分钟。

Docker的镜像的管理，出于各种考虑，很多企业会搭建自己的私有仓库。而为企业提供私有仓库的搭建，从商业的到开源的Harbor都不是第一个。Docker的V2也能方便的提供类似功能，但是原生态的V2给人感觉更接近于原始态，当然这个只是其将用户引导到收费的dockerhub上的工具，自然可以理解。而Vmware给出的开源的企业级Registry的解决方案，让人觉得使用起来更加方便。并且这似乎是vmware中国团队提供的功能，无形之中又有了更多的亲切感，看到越来越多的中国团队出现在开源的前沿，实在是很开心的一件事情。

Why harbor

以下是harbor自己认为自己做的好的地方。

安装方式

Habor提供了两种安装方式，一种是从源码，一种是下载编译好的二进制包。本着没事不找事，有现成的不亲力亲为的懒人原则，咱们使用后者。

下载二进制包并解压

下载命令：

wget https://github.com/vmware/harbor/releases/download/0.3.0/harbor-0.3.0.tgz

PS: 10M不到，下载很慢，请准备好零食。

解压

[root@host34 tmp]# ll harbor-0.3.0.tgz-rw-r--r--. 1 root root 10231101 Aug 15 04:09 harbor-0.3.0.tgz[root@host34 tmp]#[root@host34 tmp]# tar xvpf harbor-0.3.0.tgz

设定habor.cfg

解压后生成了habor的目录，这个目录中的habor.cfg文件需要进行自定义的设定，harbor0.30的default的habor.cfg是长成这个样子的。

[root@host34 harbor]# cat harbor.cfg## Configuration file of Harbor#The IP address or hostname to access admin UI and registry service.#DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.hostname = reg.mydomain.com#The protocol for accessing the UI and token/notification service, by default it is http.#It can be set to https if ssl is enabled on nginx.ui_url_protocol = http#Email account settings for sending out password resetting emails.email_server = smtp.mydomain.comemail_server_port = 25email_username = sample_admin@mydomain.comemail_password = abcemail_from = admin 
   
    email_ssl = false##The password of Harbor admin, change this before any production use.harbor_admin_password = Harbor12345##By default the auth mode is db_auth, i.e. the credentials are stored in a local database.#Set it to ldap_auth if you want to verify a user's credentials against an LDAP server.auth_mode = db_auth#The url for an ldap endpoint.ldap_url = ldaps://ldap.mydomain.com#The basedn template to look up a user in LDAP and verify the user's password.#For AD server, uses this template:#ldap_basedn = CN=%s,OU=Dept1,DC=mydomain,DC=comldap_basedn = uid=%s,ou=people,dc=mydomain,dc=com#The password for the root user of mysql db, change this before any production use.db_password = root123#Turn on or off the self-registration featureself_registration = on#Determine whether the UI should use compressed js files.#For production, set it to on. For development, set it to off.use_compressed_js = on#Maximum number of job workers in job servicemax_job_workers = 3#Determine whether the job service should verify the ssl cert when it connects to a remote registry.#Set this flag to off when the remote registry uses a self-signed or untrusted certificate.verify_remote_cert = on#Determine whether or not to generate certificate for the registry's token.#If the value is on, the prepare script creates new root cert and private key#for generating token to access the registry. If the value is off, a key/certificate must#be supplied for token generation.customize_crt = on#Information of your organization for certicatecrt_country = CNcrt_state = Statecrt_location = CNcrt_organization = organizationcrt_organizationalunit = organizational unitcrt_commonname = example.comcrt_email = example@example.com#####[root@host34 harbor]#
   

最低限度要设定一下hostname，设定成IP吧。

hostname = 192.168.32.34

prepare

prepare是Harbor提供的一个python脚本，做配置之后启动之前的准备活动。

[root@host34 tmp]# pwd/tmp[root@host34 tmp]# cd harbor[root@host34 harbor]# lltotal 24drwxr-xr-x. 6 root root   59 Jul 15 05:34 configdrwxr-xr-x. 2 root root   69 Jul 15 05:34 db-rw-r--r--. 1 root root 1838 Jul 15 04:21 docker-compose.yml-rw-r--r--. 1 root root 2393 Jul 15 05:34 harbor.cfgdrwxr-xr-x. 2 root root   40 Jul 15 05:34 jobservice-rwxr-xr-x. 1 root root  666 Jul 15 04:21 load_image.shdrwxr-xr-x. 2 root root   96 Jul 15 05:34 log-rwxr-xr-x. 1 root root 6842 Jul 15 05:34 prepare-rwxr-xr-x. 1 root root  942 Jul 15 04:21 save_image.shdrwxr-xr-x. 6 root root   56 Jul 15 05:34 templatesdrwxr-xr-x. 4 root root   93 Jul 15 05:34 ui[root@host34 harbor]# ./prepareGenerated configuration file: ./config/ui/envGenerated configuration file: ./config/ui/app.confGenerated configuration file: ./config/registry/config.ymlGenerated configuration file: ./config/db/envGenerated configuration file: ./config/jobservice/envClearing the configuration file: ./config/ui/private_key.pemClearing the configuration file: ./config/registry/root.crtGenerated configuration file: ./config/ui/private_key.pemGenerated configuration file: ./config/registry/root.crtThe configuration files are ready, please use docker-compose to start the service.[root@host34 harbor]#

关于load_image.sh，看了一下，就是一个无比简单的脚本，使用docker load -i将offline下载下来的包load进去，考虑到直接上不了网或者各种proxy设定的情况，很贴心。

代理设定

代理的设定只有在内网的时候，需要通过代理访问外网才需要执行此步

设定环境变量

# export http_proxy=http://proxyserver.com:8080/# export https_proxy=http://proxyserver.com:8080/# export no_proxy=localhost,127.0.0.1

修正docker-compose.yml的ui和jobservice的build段：加上proxy环境变量

ui:    build:      context: ./ui/      args:        - http_proxy        - https_proxy        - no_proxy

jobservice:    build:      context: ./jobservice/      args:        - http_proxy        - https_proxy        - no_proxy

syslog-tag标签

修正docker-compose.yml的logging段的syslog-tag标签，因为我用的docker是1.12版，已经提示不认识了，所以不得不修改如下。

如果是旧的版本的话应该不用修改。

[root@host34 harbor]# grep tag: docker-compose.yml        tag: "registry"        tag: "mysql"        tag: "ui"        tag: "jobservice"        tag: "proxy"[root@host34 harbor]#

启动Habor

docker-compose up的时候，会自动下载其用到的镜像。第一次执行时会自动进行build，打出类似如下的build信息。

Building logStep 1 : FROM library/ubuntu:14.0414.04: Pulling from library/ubuntu064f9af02539: Pull complete390957b2f4f0: Pull completecee0974db2b8: Pull completec8144262002c: Pull completeDigest: sha256:ef500a237fb51cea075b270d811601c7226097f61b34a8ed4b4aa4e350a2c66dStatus: Downloaded newer image for ubuntu:14.04 ---> ff6011336327Step 2 : RUN mv /etc/cron.daily/logrotate /etc/cron.hourly/     && rm /etc/rsyslog.d/*         && rm /etc/rsyslog.conf ---> Running in c6f66b4a119b ---> 7ad3979ac880Removing intermediate container c6f66b4a119bStep 3 : ADD rsyslog.conf /etc/rsyslog.conf ---> 3d4233511243Removing intermediate container 9e4c53d9959fStep 4 : ADD logrotate_docker.conf /etc/logrotate.d/ ---> d5cad8b33084Removing intermediate container d2328387f34bStep 5 : ADD rsyslog_docker.conf /etc/rsyslog.d/ ---> 935de114769dRemoving intermediate container 63e35fcb9fb7Step 6 : VOLUME /var/log/docker/ ---> Running in 4a3a6a4b2002 ---> 60b5221e00ebRemoving intermediate container 4a3a6a4b2002Step 7 : EXPOSE 514 ---> Running in 65d3b24e9362 ---> 7ea455bb99c7Removing intermediate container 65d3b24e9362Step 8 : CMD cron && rsyslogd -n ---> Running in e44c81ecae56 ---> 826257404781Removing intermediate container e44c81ecae56Successfully built 826257404781WARNING: Image for service log was built because it did not already exist. To rebuild this image you must use `docker-compose build` or `docker-compose up --build`.Building uiStep 1 : FROM golang:1.6.21.6.2: Pulling from library/golang5c90d4a2d1a8: Already existsab30c63719b1: Already existsc6072700a242: Already exists0ffc1204e0ab: Pull completed8a921df8ce9: Pull completed34bc98c2770: Pull completeb0850b14d0d1: Pull completeDigest: sha256:95875692658d8938644205d5911d655a134b621dd83b94569bd395fb59b08fa9Status: Downloaded newer image for golang:1.6.2 ---> 8ecba0e9bd48Step 2 : ENV MYSQL_USR root ---> Running in 75421c3fb9d9 ---> 671a9449bba1Removing intermediate container 75421c3fb9d9Step 3 : ENV MYSQL_PWD root ---> Running in 201fe5e747eb ---> 7f44c3c47a90Removing intermediate container 201fe5e747ebStep 4 : ENV MYSQL_PORT_3306_TCP_ADDR localhost ---> Running in 8f340cdd2a4b ---> c0296084029eRemoving intermediate container 8f340cdd2a4bStep 5 : ENV MYSQL_PORT_3306_TCP_PORT 3306 ---> Running in ae5e08e07a42 ---> ddb109746d8bRemoving intermediate container ae5e08e07a42Step 6 : ENV REGISTRY_URL localhost:5000 ---> Running in 6d53f6ed644b ---> 5dc6dec3b7b6Removing intermediate container 6d53f6ed644bStep 7 : RUN apt-get update -qqy && apt-get install -qqy libldap2-dev ---> Running in 55b3c73e85f2debconf: delaying package configuration, since apt-utils is not installedSelecting previously unselected package libldap2-dev:amd64.(Reading database ... 14719 files and directories currently installed.)Preparing to unpack .../libldap2-dev_2.4.40+dfsg-1+deb8u2_amd64.deb ...Unpacking libldap2-dev:amd64 (2.4.40+dfsg-1+deb8u2) ...Setting up libldap2-dev:amd64 (2.4.40+dfsg-1+deb8u2) ... ---> d7025c8b962bRemoving intermediate container 55b3c73e85f2Step 8 : ADD ui /go/bin/harbor_ui ---> f6574df26e8dRemoving intermediate container e1f16e0be353Step 9 : ADD views /go/bin/views ---> f6889bf5956aRemoving intermediate container 4f690fa9cbe2Step 10 : ADD static /go/bin/static ---> a791108c3961Removing intermediate container 44f2f09bca0aStep 11 : COPY favicon.ico /go/bin/favicon.ico ---> c1f22764e9c5Removing intermediate container 283f26b66643Step 12 : COPY jsminify.sh /tmp/jsminify.sh ---> 4e16d1f00fa1Removing intermediate container f7d884efa187Step 13 : RUN chmod u+x /go/bin/harbor_ui ---> Running in 57c2dc7d956f ---> 4e723e897f3aRemoving intermediate container 57c2dc7d956fStep 14 : RUN sed -i 's/TLS_CACERT/#TLS_CAERT/g' /etc/ldap/ldap.conf ---> Running in 6a0be08d0e27 ---> cf5bed44ab07Removing intermediate container 6a0be08d0e27Step 15 : RUN sed -i '$a\TLS_REQCERT allow' /etc/ldap/ldap.conf ---> Running in 2e63fbf2f811 ---> da2a396807b5Removing intermediate container 2e63fbf2f811Step 16 : RUN /tmp/jsminify.sh /go/bin/views/sections/script-include.htm /go/bin/static/resources/js/harbor.app.min.js ---> Running in 6ff19a059d32This shell will minify the Javascript in Harbor project.Usage: #jsminify [src] [dest]Concat js files...Remove space..Remove '//'and '/*'  annotation...Remove CR  ...Done. ---> c6ddf043a213Removing intermediate container 6ff19a059d32Step 17 : WORKDIR /go/bin/ ---> Running in 9d4301d17a28 ---> 2cca0c38dc14Removing intermediate container 9d4301d17a28Step 18 : ENTRYPOINT /go/bin/harbor_ui ---> Running in 9724a3ea66b2 ---> f66405331a0aRemoving intermediate container 9724a3ea66b2Step 19 : EXPOSE 80 ---> Running in 3571d2c88e2c ---> 04c5fb1c334dRemoving intermediate container 3571d2c88e2cSuccessfully built 04c5fb1c334dWARNING: Image for service ui was built because it did not already exist. To rebuild this image you must use `docker-compose build` or `docker-compose up --build`.Building mysqlStep 1 : FROM mysql:5.65.6: Pulling from library/mysql357ea8c3d80b: Already exists256a92f57ae8: Pull completed5ee0325fe91: Pull completea15deb03758b: Pull complete7b8a8ccc8d50: Pull complete1a40eeae36e9: Pull complete4a09128b6a34: Pull complete587b9302fad1: Pull completec0c47ca2042a: Pull completefa370478ab1f: Pull complete952d92d0e00a: Pull completeDigest: sha256:dcb7adfd0452994933b64cd9a91f70acc89ac8d3f78261827bd8162bc20a737eStatus: Downloaded newer image for mysql:5.6 ---> 5e0f1b09e25eStep 2 : WORKDIR /tmp ---> Running in eacd8724dc0f ---> 5fc66f8cc86bRemoving intermediate container eacd8724dc0fStep 3 : ADD registry.sql r.sql ---> fc4c1afe1400Removing intermediate container 9aaed626a349Step 4 : ADD docker-entrypoint.sh /entrypoint.sh ---> 8e0e76ce7967Removing intermediate container 031ccc51d5d4Step 5 : RUN chmod u+x /entrypoint.sh ---> Running in 0c15f566942b ---> 3f1a78b0bf43Removing intermediate container 0c15f566942bSuccessfully built 3f1a78b0bf43WARNING: Image for service mysql was built because it did not already exist. To rebuild this image you must use `docker-compose build` or `docker-compose up --build`.Building jobserviceStep 1 : FROM golang:1.6.2 ---> 8ecba0e9bd48Step 2 : MAINTAINER jiangd@vmware.com ---> Running in 9d2e58613bdf ---> 8402f2cfb451Removing intermediate container 9d2e58613bdfStep 3 : RUN apt-get update     && apt-get install -y libldap2-dev     && rm -r /var/lib/apt/lists/* ---> Running in 198bb3ea5236Get:1 http://security.debian.org jessie/updates InRelease [63.1 kB]Ign http://httpredir.debian.org jessie InReleaseGet:2 http://httpredir.debian.org jessie-updates InRelease [142 kB]Get:3 http://httpredir.debian.org jessie Release.gpg [2373 B]Get:4 http://security.debian.org jessie/updates/main amd64 Packages [385 kB]Get:5 http://httpredir.debian.org jessie Release [148 kB]Get:6 http://httpredir.debian.org jessie-updates/main amd64 Packages [17.6 kB]Get:7 http://httpredir.debian.org jessie/main amd64 Packages [9032 kB]Fetched 9790 kB in 40s (242 kB/s)Reading package lists...Reading package lists...Building dependency tree...Reading state information...The following NEW packages will be installed:  libldap2-dev0 upgraded, 1 newly installed, 0 to remove and 12 not upgraded.Need to get 323 kB of archives.After this operation, 1411 kB of additional disk space will be used.Get:1 http://httpredir.debian.org/debian/ jessie/main libldap2-dev amd64 2.4.40+dfsg-1+deb8u2 [323 kB]debconf: delaying package configuration, since apt-utils is not installedFetched 323 kB in 3s (82.7 kB/s)Selecting previously unselected package libldap2-dev:amd64.(Reading database ... 14719 files and directories currently installed.)Preparing to unpack .../libldap2-dev_2.4.40+dfsg-1+deb8u2_amd64.deb ...Unpacking libldap2-dev:amd64 (2.4.40+dfsg-1+deb8u2) ...Setting up libldap2-dev:amd64 (2.4.40+dfsg-1+deb8u2) ... ---> e2f67c7c3681Removing intermediate container 198bb3ea5236Step 4 : ADD jobservice /go/bin/harbor_jobservice ---> a72e84e1293bRemoving intermediate container d28308d7d390Step 5 : RUN chmod u+x /go/bin/harbor_jobservice ---> Running in 7f09927d26e3 ---> 64bea5147f78Removing intermediate container 7f09927d26e3Step 6 : WORKDIR /go/bin/ ---> Running in 401c44ce58c1 ---> 69bbc8de739aRemoving intermediate container 401c44ce58c1Step 7 : ENTRYPOINT /go/bin/harbor_jobservice ---> Running in f67941a3fed4 ---> 44f9b4f5ffa5Removing intermediate container f67941a3fed4Successfully built 44f9b4f5ffa5WARNING: Image for service jobservice was built because it did not already exist. To rebuild this image you must use `docker-compose build` or `docker-compose up --build`.Pulling registry (library/registry:2.4.0)...2.4.0: Pulling from library/registry8b87079b7a06: Pull completea3ed95caeb02: Pull completeab57f16e019e: Pull complete87821bf06837: Pull complete26c4a2196c76: Pull completeDigest: sha256:6c65924b0d17593f2a05daa5d5403b47dfdb3aba9e3a0a97e4df75fd1bc27238Status: Downloaded newer image for registry:2.4.0Pulling proxy (library/nginx:1.9)...1.9: Pulling from library/nginx51f5c6a04d83: Pull completea3ed95caeb02: Pull complete640c8f3d0eb2: Pull completea4335300aa89: Pull completeDigest: sha256:54313b5c376892d55205f13d620bc3dcccc8e70e596d083953f95e94f071f6dbStatus: Downloaded newer image for nginx:1.9

第一次之后就再也不需要build，启动画面清静很多

[root@host34 harbor]# pwd/tmp/harbor[root@host34 harbor]# docker-compose up -dStarting harbor_log_1Starting harbor_registry_1Starting harbor_mysql_1Starting harbor_ui_1Starting harbor_jobservice_1Starting harbor_proxy_1[root@host34 harbor]#

启动登录画面

注册一个用户

用注册的用户登录

查看项目

转载地址：https://liumiaocn.blog.csdn.net/article/details/52244749 如侵犯您的版权，请留言回复原文章的地址，我们会给您删除此文章，给您带来不便请您谅解！