背景

Harbor大名就不用介绍了，VMware开源的一套企业级的Dokcer镜像仓库，其支持的功能也很丰富。目前最新的Release版本是2016年12月6日发布的harbor_0.5.0。虽然用上了稳定版，但是仍然有些细节需要完善和优化，比如#1217、#1741 等等，当然Harbor的团队fixed也很快，如果我们不能忍受0.5.0，重新构建harbor的开发版也不失为一个好方法。

依赖

操作系统: Ubuntu16.04

构建

**1. ** 下载Harbor最新的源码

$ git clone https://github.com/vmware/harbor

**2. ** 解决LDAP编译依赖

$ apt-get update && apt-get install -y libldap2-dev

**3. ** Harbor配置文件

在编译的时候会依赖harbor.conf，我这里的配置

## Configuration file of Harbor

#The IP address or hostname to access admin UI and registry service.
#DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
hostname = index.mycloud.com

#The protocol for accessing the UI and token/notification service, by default it is http.
#It can be set to https if ssl is enabled on nginx.
ui_url_protocol = https

#Email account settings for sending out password resetting emails.

#Email server uses the given username and password to authenticate on TLS connections to host and act as identity.
#Identity left blank to act as username.
email_identity = 
email_server = 192.168.16.100
email_server_port = 25
email_username = harbor@mycloud.com
email_password = 
email_from = harbor <harbor@mycloud.com>
email_ssl = false

##The initial password of Harbor admin, only works for the first time when Harbor starts. 
#It has no effect after the first launch of Harbor.
#Change the admin password from UI after launching Harbor.
harbor_admin_password = magine1989

##By default the auth mode is db_auth, i.e. the credentials are stored in a local database.
#Set it to ldap_auth if you want to verify a user's credentials against an LDAP server.
auth_mode = ldap_auth

#The url for an ldap endpoint.
ldap_url = ldaps:// 192.168.16.2

#A user's DN who has the permission to search the LDAP/AD server. 
#If your LDAP/AD server does not support anonymous search, you should configure this DN and ldap_search_pwd.
ldap_searchdn = cn=,ou=,dc=int,dc=,dc=

#the password of the ldap_searchdn
ldap_search_pwd = 

#The base DN from which to look up a user in LDAP/AD
ldap_basedn = ou=,dc=,dc=,dc=

#Search filter for LDAP/AD, make sure the syntax of the filter is correct.
ldap_filter = 

# The attribute used in a search to match a user, it could be uid, cn, email, sAMAccountName or other attributes depending on your LDAP/AD  
ldap_uid = uid 

#the scope to search for users, 1-LDAP_SCOPE_BASE, 2-LDAP_SCOPE_ONELEVEL, 3-LDAP_SCOPE_SUBTREE
ldap_scope = 3 

#The password for the root user of mysql db, change this before any production use.
db_password = magine1989

#Turn on or off the self-registration feature
self_registration = on

#Determine whether the UI should use compressed js files. 
#For production, set it to on. For development, set it to off.
use_compressed_js = on

#Maximum number of job workers in job service  
max_job_workers = 3 

#The expiration time (in minute) of token created by token service, default is 30 minutes
token_expiration = 30

#Determine whether the job service should verify the ssl cert when it connects to a remote registry.
#Set this flag to off when the remote registry uses a self-signed or untrusted certificate.
verify_remote_cert = on

#Determine whether or not to generate certificate for the registry's token.
#If the value is on, the prepare script creates new root cert and private key 
#for generating token to access the registry. If the value is off, a key/certificate must 
#be supplied for token generation.
customize_crt = off

#Information of your organization for certificate
crt_country = CN
crt_state = State
crt_location = CN
crt_organization = organization
crt_organizationalunit = organizational unit
crt_commonname = example.com
crt_email = example@example.com

#The flag to control what users have permission to create projects
#Be default everyone can create a project, set to "adminonly" such that only admin can create project.
project_creation_restriction = adminonly

#The path of cert and key files for nginx, they are applied only the protocol is set to https
ssl_cert = /data/cert/server.crt
ssl_cert_key = /data/cert/server.key
#############

这里如果启用了https就需要吧证书放到你自己配置的路径下。

**4. ** 编译

• 声明GOPATH

GOPATH=/home/magine/go

• 拷贝代码

 $ mkdir $GOPATH/src/github.com/vmware/
 $ mv harbor $GOPATH/src/github.com/vmware/

• 编译运行harbor

$ cd $GOPATH/src/github.com/vmware/harbor
$ make install

官方提供了一些make的参数，可以参考

如果顺利，这个时候就已经开始构建Harbor的Docker镜像

root@magine:/home/magine/go/src/github.com/vmware/harbor# make install

Note: golang version: 1.6.2

Note: docker version: 17.03.1

Note: docker-compose version: 1.11.2
compiling binary for ui...
Done.
compiling binary for jobservice...
Done.
buildging db container for photon...
Sending build context to Docker daemon 16.38 kB
Step 1/5 : FROM mysql:5.6
 ---> 68399df75c59
Step 2/5 : WORKDIR /tmp
 ---> Using cache
 ---> 23265b344ba7
Step 3/5 : ADD registry.sql r.sql
.....

编译完成得到如下镜像

$ docker images
REPOSITORY                              TAG                 IMAGE ID            CREATED             SIZE
vmware/harbor-jobservice                dev                 12c148059f55        About an hour ago   171 MB
vmware/harbor-ui                        dev                 53d9a3869741        About an hour ago   238 MB
vmware/harbor-log                       dev                 e025eb457143        14 hours ago        193 MB
vmware/harbor-db                        dev                 dedc7c8d024b        16 hours ago        329 MB
mysql                                   5.6                 68399df75c59        8 days ago          329 MB
nginx                                   1.11.5              05a60462f8ba        4 months ago        181 MB
registry                                2.5.0               c6c14b3960bd        8 months ago        33.3 MB
photon                                  1.0                 e6e4e4a2ba1b        9 months ago        128 MB

可以看到，默认的harbor镜像tag都是dev标签。如果担心稳定问题的话，就只能等待harbot团队的下一次发布release了。

发布

发布Harbor社区提供很多方式，有基于docker-compose，也有基于Kubernetes的，我这里就不再对其详解了，毕竟网上很多资料可以查看。

本文参考：

harbor官方Github：
https://github.com/vmware/harbor/blob/master/docs/compile_guide.md