之前写过一篇文章,编译Harbor 用到的方法比较取巧,需要用Clash梯子,现在重新整理了一个一键编译脚本,以及编译需要的镜像文件,g具体方如下:
一、资源下载
Harbor 源代码地址:https://github.com/goharbor/harbor
目前使用的版本是V2.11.0
镜像地址(由于大小限制,分为上下两部分)
第一部分下载地址:https://download.csdn.net/download/huangxvhui88/89511135
第二部分下载地址:https://download.csdn.net/download/huangxvhui88/89511137
嫌麻烦的--网盘下载地址:
链接:https://pan.baidu.com/s/1l_7VNBNup5uxgrKnuSjcDQ
提取码:H1H2
二、环境搭建
- 安装 Docker (26.1.4 以上版本)
(1)安装需要的软件包:
yum install -y yum-utils device-mapper-persistent-data lvm2
(2)添加Docker的yum源
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
(3)安装新版本Docker
yum install docker-ce docker-ce-cli containerd.io docker-compose-plugin
(4)运行Docker服务
systemctl start docker
2. 安装Docker-compose
yum install docker-compose
3. 安装go
yum install go
4. 安装openssl
yum install openssl
5. 安装git
yum install git
三、修改部分代码
MakeFile:
NPM_REGISTRY=https://registry.npmjs.org 改为 NPM_REGISTRY=https://registry.npm.taobao.org
GOBUILDIMAGE=golang:1.22.3 改为 GOBUILDIMAGE=golang:1.22
make\photon\portal\Dockerfile :
RUN npm install --unsafe-perm 改成 RUN npm install --unsafe-perm --strict-ssl=false
RUN npm install js-yaml@4.1.0 \ 改成 RUN npm install js-yaml@4.1.0 --strict-ssl=false \
RUN cd app-swagger-ui && npm install --unsafe-perm 改成 RUN cd app-swagger-ui && npm install --unsafe-perm --strict-ssl=false
make\photon\prepare\Dockerfile.base
RUN pip3 install pipenv==2022.1.8
改成:
RUN pip3 config set global.index-url https://mirrors.aliyun.com/pypi/simple
RUN pip3 install pipenv==2022.1.8
make\photon\registry\Dockerfile.binary
FROM golang:1.22.3
改成
FROM golang:1.22
注:镜像中的 golang:1.22是基于1.22.3生成的
make\photon\trivy-adapter\Dockerfile.binary:
FROM golang:1.22.3
改成
FROM golang:1.22
注:镜像中的 golang:1.22是基于1.22.3生成的
make\photon\prepare\templates\docker_compose\docker-compose.yml.jinja(按需修改,修改证书对应的地址)
registry:
...
source: {{data_volume}}/secret/registry/root.crt
target: /etc/registry/root.crt
改为:
registry:
...
source: {{data_volume}}/cert/myCertName.crt
target: {{data_volume}}/registry/myCertName.crt
------------------------------------------------------------
core:
...
- type: bind
source: {{data_volume}}/secret/core/private_key.pem
target: /etc/core/private_key.pem
- type: bind
source: {{data_volume}}/secret/keys/secretkey
target: /etc/core/key
改为:
- type: bind
source: {{data_volume}}/cert/myCertName.key
target: /etc/core/myCertName.pem
- type: bind
source: {{data_volume}}/cert/myCertName.crt
target: /etc/core/myCertName.crt
-------------------------------------------------------------
proxy:
...
- {{data_volume}}/secret/cert:/etc/cert:z
改为:
- {{data_volume}}/cert:/etc/cert:z
四、执行脚本
build.sh: 编译脚本
#!/bin/bash
# Search dir path
SEARCH_DIR="./images"
WORK_DIR="/data"
CERT_DIR="./cert"
HOST_ADDR="192.168.1.95"
CERT_PATH="/etc/docker/certs.d/zorelimit.group/zorelimit.group.cert"
KEY_PATH="/etc/docker/certs.d/zorelimit.group/zorelimit.group.key"
ADMIN_PWD="Harbor123456"
ImportDockerFile(){
cd "$SEARCH_DIR"
find . -type f \( -name "*.tar" -o -name "*.tar.gz" \) -print0 | while IFS= read -r -d '' file
do
echo "find Docker image file name:$file"
gunzip -c "$file" | docker load
done
cd -
}
CreateWorkDir(){
mkdir -p "$WORK_DIR/cert"
mkdir -p "$WORK_DIR/database"
mkdir -p "$WORK_DIR/job_logs"
mkdir -p "$WORK_DIR/redis"
mkdir -p "$WORK_DIR/registry"
mkdir -p "$WORK_DIR/secret"
mkdir -p "$WORK_DIR/ca_download"
cp -f $CERT_DIR/* "$WORK_DIR/cert/"
chmod -R 755 "$WORK_DIR/cert"
chmod -R 750 "$WORK_DIR/database"
chmod -R 755 "$WORK_DIR/job_logs"
chmod -R 755 "$WORK_DIR/redis"
chmod -R 755 "$WORK_DIR/registry"
chmod -R 755 "$WORK_DIR/secret"
chmod -R 755 "$WORK_DIR/ca_download"
chown -R root:root $WORK_DIR
#sed -i 's|data_volume: *|data_volume: $WORK_DIR|g' make/harbor.yml
}
ChmodShell(){
chmod 755 make/*.sh make/prepare make/photon/registry/builder make/photon/registry/*.sh
chmod 755 make/photon/common/*.sh make/photon/exporter/*.sh make/photon/core/*.sh make/photon/core/harbor_core
chmod 755 make/photon/jobservice/*.sh make/photon/jobservice/harbor_jobservice
chmod 755 make/photon/standalone-db-migrator/*.sh make/photon/db/*.sh make/photon/log/*.sh make/photon/log/logrotate
chmod 755 make/photon/registryctl/*.sh make/photon/registryctl/harbor_registryctl make/photon/trivy-adapter/*.sh
}
ModifyHarborFile(){
pwd
sed -i "s|hostname: .*|hostname: $HOST_ADDR|g" make/harbor.yml
sed -i "s|certificate: .*|certificate: $CERT_PATH|g" make/harbor.yml
sed -i "s|private_key: .*|private_key: $KEY_PATH|g" make/harbor.yml
sed -i "s|data_volume: .*|data_volume: $WORK_DIR|g" make/harbor.yml
sed -i "s|harbor_admin_password: .*|harbor_admin_password: $ADMIN_PWD|g" make/harbor.yml
sed -i -e 's/\r$//' make/harbor.yml
}
Createspectral(){
if [ -f ".spectral.yaml" ]; then
echo "file:.spectral.yaml is exist."
else
echo 'extends: [[spectral:oas, all]]
functionsDir: "./tools/spectral/functions"
functions: [requireRequestId]
rules:
no-$ref-siblings: false
oas2-valid-schema-example: false
required-operationId:
description: must have a operationId.
given: $.paths[*][*]
severity: error
then:
field: operationId
function: truthy
camel-case-operationId:
description: should be camelCased.
type: style
given: $.paths[*][*].operationId
then:
function: casing
functionOptions:
type: camel
requestId-required:
description: must have a requestId parameters.
given: $.paths[*][*]
severity: error
then:
field: parameters
function: requireRequestId
' > ".spectral.yaml"
fi
}
echo "===============================Begin build Harbor========================"
echo "===============================Import Docker Images======================"
ImportDockerFile;
echo "===============================Create Work Dir==========================="
CreateWorkDir;
ChmodShell;
ModifyHarborFile;
Createspectral;
echo "===============================Begin compile=============================="
make compile -e PULL_BASE_FROM_DOCKERHUB=false -e BUILD_BASE=true
echo "================================Begin build=============================="
make build -e PULL_BASE_FROM_DOCKERHUB=false -e BUILD_BASE=true
echo "================================Begin prepare ============================"
make prepare
start.sh: 启动脚本
#!/bin/bash
make start
五、编译
修改build.sh 脚本中的变量:
SEARCH_DIR: 镜像目录
WORK_DIR:Harbor 工作目录
CERT_DIR:证书目录
HOST_ADDR:服务器IP
CERT_PATH:绑定证书的地址(必须是全路径)
KEY_PATH:秘钥地址(必须是全路径)
ADMIN_PWD:默认密码
修改后直接运行.build.sh 即可
编译完显示上面所示 即表示编译成功.
六、运行
执行start.sh 或者使用 自带的make start 即可
查看镜像状态:
尝试访问: