{"id":239,"date":"2017-06-12T14:29:17","date_gmt":"2017-06-12T06:29:17","guid":{"rendered":"https:\/\/blog.jsjs.org\/?p=239"},"modified":"2017-06-12T14:29:17","modified_gmt":"2017-06-12T06:29:17","slug":"vmware-harbor%ef%bc%9a%e5%9f%ba%e4%ba%8e-docker-distribution-%e7%9a%84%e4%bc%81%e4%b8%9a%e7%ba%a7-registry-%e6%9c%8d%e5%8a%a1","status":"publish","type":"post","link":"https:\/\/blog.jsjs.org\/?p=239","title":{"rendered":"VMware Harbor\uff1a\u57fa\u4e8e Docker Distribution \u7684\u4f01\u4e1a\u7ea7 Registry \u670d\u52a1"},"content":{"rendered":"<div class=\"post-topheader custom-\">\n<div class=\"container\">\n<div class=\"block-for-right-border\">\n<div class=\"row\">\n<div class=\"col-md-9 col-sm-8 col-xs-12\">\n<div class=\"post-topheader__info\" data-username=\"RancherLabs\" data-userslug=\"rancher\" data-useravatar=\"https:\/\/sfault-avatar.b0.upaiyun.com\/192\/790\/1927900797-5817ff712ed9b_big64\">\n<h1 id=\"articleTitle\" class=\"h3 post-topheader__info--title\" data-id=\"1190000007705296\"><a href=\"https:\/\/segmentfault.com\/a\/1190000007705296\">VMware Harbor\uff1a\u57fa\u4e8e Docker Distribution \u7684\u4f01\u4e1a\u7ea7 Registry \u670d\u52a1<\/a><\/h1>\n<div class=\"content__tech\">\n<ul class=\"taglist--inline inline-block article__title--tag mr10\">\n<li class=\"tagPopup mb5\"><a class=\"tag\" href=\"https:\/\/segmentfault.com\/t\/docker\/blogs\" data-toggle=\"popover\" data-img=\"https:\/\/sfault-avatar.b0.upaiyun.com\/269\/397\/2693973775-1040000000366352_huge256\" data-placement=\"top\" data-original-title=\"docker\" data-id=\"1040000000366352\">docker<\/a><\/li>\n<\/ul>\n<p><i class=\"fa fa-pencil mr15 edit-tags\" aria-hidden=\"true\"><\/i><\/p>\n<div class=\"article__author\"><a class=\"mr5 \" href=\"https:\/\/segmentfault.com\/u\/rancher\"><strong>RancherLabs<\/strong><\/a> 2016\u5e7412\u670806\u65e5\u53d1\u5e03<\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"col-md-3 col-sm-4 hidden-xs\">\n<ul class=\"post-topheader__side list-unstyled\">\n<li><button id=\"sideLike\" class=\"btn btn-success btn-sm \" type=\"button\" data-id=\"1190000007705296\"><i class=\"fa fa-caret-up fa-lg\" aria-hidden=\"true\"><\/i> \u00a0\u00a0<span class=\"seprator\">|<\/span>\u00a0\u00a0 <span id=\"sideLikeNum\">0<\/span><\/button> <button id=\"sideBookmark\" class=\"btn btn-default btn-sm \" type=\"button\" data-id=\"1190000007705296\" data-type=\"article\"><span id=\"sideBookmarkText\">\u6536\u85cf<\/span>\u00a0\u00a0<span class=\"seprator\">|<\/span>\u00a0\u00a0<span id=\"sideBookmarkNum\">3<\/span><\/button><\/li>\n<li><strong class=\"no-stress\">807<\/strong> \u6b21\u6d4f\u89c8<\/li>\n<\/ul>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"container mt30\">\n<div class=\"row\">\n<div class=\"col-xs-12 col-md-9 main \">\n<div class=\"article fmt article__content\" data-id=\"1190000007705296\" data-license=\"cc\">\n<h2 id=\"articleHeader0\">\u524d\u8a00<\/h2>\n<p>\u5bf9\u4e8e Harbor \u8fd9\u6837\u4e00\u4e2a\u4f18\u79c0\u7684 Docker Registry \u7ba1\u7406\u5f00\u6e90\u9879\u76ee\uff0c\u4ee5\u4e0b\u5185\u5bb9\u57fa\u672c\u4e0a\u6765\u81ea\u524d\u4eba\u5df2\u6709\u7684\u7814\u7a76\uff0c\u6211\u53ea\u662f\u5c06\u5176\u5728\u5b9e\u8df5\u4e2d\u8fdb\u884c\u4e86\u6d4b\u8bd5\uff0c\u5e76\u6574\u7406\u6c47\u96c6\u4e86\u76f8\u5173\u8d44\u6599\u4f9b\u5927\u5bb6\u53c2\u8003\uff0c\u540c\u65f6\u9488\u5bf9 Harbor \u4e0e Rancher\u4ea7\u54c1\u7684\u6574\u5408\u505a\u4e86\u4e00\u4e9b\u5b9e\u9a8c\u6027\u7684\u5de5\u4f5c\uff0c\u4ee5\u66f4\u597d\u66f4\u5168\u9762\u7684\u7406\u89e3 Harbor \u8fd9\u4e2a\u5de5\u5177\uff0c\u4e5f\u66f4\u52a0\u4e86\u89e3 Rancher \u5728\u5feb\u901f\u4e00\u952e\u90e8\u7f72\u3001\u5f39\u6027\u4f38\u7f29\u9ad8\u53ef\u7528\u7b49\u65b9\u9762\u7684\u4f18\u52bf\u3002<\/p>\n<h2 id=\"articleHeader1\">Harbor \u7b80\u4ecb<\/h2>\n<p>Harbor \u662f\u4e00\u4e2a\u4f01\u4e1a\u7ea7 Registry \u670d\u52a1\u3002\u5b83\u5bf9\u5f00\u6e90\u7684 Docker Registry \u670d\u52a1\u8fdb\u884c\u4e86\u6269\u5c55\uff0c\u6dfb\u52a0\u4e86\u66f4\u591a\u4f01\u4e1a\u7528\u6237\u9700\u8981\u7684\u529f\u80fd\u3002Harbor \u88ab\u8bbe\u8ba1\u7528\u4e8e\u90e8\u7f72\u4e00\u5957\u7ec4\u7ec7\u5185\u90e8\u4f7f\u7528\u7684\u79c1\u6709\u73af\u5883\uff0c\u8fd9\u4e2a\u79c1\u6709 Registry \u670d\u52a1\u5bf9\u4e8e\u975e\u5e38\u5173\u5fc3\u5b89\u5168\u7684\u7ec4\u7ec7\u6765\u8bf4\u662f\u5341\u5206\u91cd\u8981\u7684\u3002\u53e6\u5916\uff0c\u79c1\u6709 Registry \u670d\u52a1\u53ef\u4ee5\u901a\u8fc7\u907f\u514d\u4ece\u516c\u57df\u7f51\u4e0b\u8f7d\u955c \u50cf\u800c\u63d0\u9ad8\u4f01\u4e1a\u751f\u4ea7\u529b\u3002\u8fd9\u5bf9\u4e8e\u6ca1\u6709\u826f\u597d\u7684 Internet \u8fde\u63a5\u72b6\u6001\uff0c\u4f7f\u7528 Docker Container \u7684\u7528\u6237\u662f\u4e00\u4e2a\u798f\u97f3\u3002<\/p>\n<ul>\n<li>\u57fa\u4e8e\u89d2\u8272\u7684\u8bbf\u95ee\u63a7\u5236\uff1a\u7528\u6237\u4e0e Docker \u955c\u50cf\u4ed3\u5e93\u901a\u8fc7\u201c\u9879\u76ee\u201d\u8fdb\u884c\u7ec4\u7ec7\u7ba1\u7406\uff0c\u4e00\u4e2a\u7528\u6237\u53ef\u4ee5\u5bf9\u591a\u4e2a\u955c\u50cf\u4ed3\u5e93\u5728\u540c\u4e00\u547d\u540d\u7a7a\u95f4(project)\u91cc\u6709\u4e0d\u540c\u7684\u6743\u9650\u3002<\/li>\n<li>\u56fe\u5f62\u5316\u7528\u6237\u754c\u9762\uff1a\u7528\u6237\u53ef\u4ee5\u901a\u8fc7\u6d4f\u89c8\u5668\u6765\u6d4f\u89c8\uff0c\u68c0\u7d22\u5f53\u524d Docker \u955c\u50cf\u4ed3\u5e93\uff0c\u7ba1\u7406\u9879\u76ee\u548c\u547d\u540d\u7a7a\u95f4\u3002<\/li>\n<li>\u5ba1\u8ba1\u7ba1\u7406\uff1a\u6240\u6709\u9488\u5bf9\u955c\u50cf\u4ed3\u5e93\u7684\u64cd\u4f5c\u90fd\u53ef\u4ee5\u88ab\u8bb0\u5f55\u8ffd\u6eaf\uff0c\u7528\u4e8e\u5ba1\u8ba1\u7ba1\u7406\u3002<\/li>\n<li>\u56fd\u9645\u5316\uff1a\u57fa\u4e8e\u82f1\u6587\u4e0e\u4e2d\u6587\u8bed\u8a00\u8fdb\u884c\u4e86\u672c\u5730\u5316\u3002\u53ef\u4ee5\u589e\u52a0\u66f4\u591a\u7684\u8bed\u8a00\u652f\u6301\u3002<\/li>\n<li>RESTful API &#8211; RESTful API\uff1a\u63d0\u4f9b\u7ed9\u7ba1\u7406\u5458\u5bf9\u4e8e Harbor \u66f4\u591a\u7684\u64cd\u63a7, \u4f7f\u5f97\u4e0e\u5176\u5b83\u7ba1\u7406\u8f6f\u4ef6\u96c6\u6210\u53d8\u5f97\u66f4\u5bb9\u6613\u3002<\/li>\n<\/ul>\n<h2 id=\"articleHeader2\">Harbor \u67b6\u6784\u4ecb\u7ecd<\/h2>\n<h3 id=\"articleHeader3\">(1)\u4e3b\u8981\u7ec4\u4ef6<\/h3>\n<p><span class=\"img-wrap\"><img decoding=\"async\" src=\"https:\/\/segmentfault.com\/img\/bVGuql?w=317&amp;h=364\" data-src=\"\/img\/bVGuql?w=317&amp;h=364\" \/><\/span><\/p>\n<p>Harbor \u5728\u67b6\u6784\u4e0a\u4e3b\u8981\u7531\u4e94\u4e2a\u7ec4\u4ef6\u6784\u6210\uff1a<\/p>\n<ul>\n<li>Proxy\uff1aHarbor \u7684 registry, UI, token \u7b49\u670d\u52a1\uff0c\u901a\u8fc7\u4e00\u4e2a\u524d\u7f6e\u7684\u53cd\u5411\u4ee3\u7406\u7edf\u4e00\u63a5\u6536\u6d4f\u89c8\u5668\u3001Docker \u5ba2\u6237\u7aef\u7684\u8bf7\u6c42\uff0c\u5e76\u5c06\u8bf7\u6c42\u8f6c\u53d1\u7ed9\u540e\u7aef\u4e0d\u540c\u7684\u670d\u52a1\u3002<\/li>\n<li>Registry\uff1a\u8d1f\u8d23\u50a8\u5b58 Docker \u955c\u50cf\uff0c\u5e76\u5904\u7406 docker push\/pull \u547d\u4ee4\u3002\u7531\u4e8e\u6211\u4eec\u8981\u5bf9\u7528\u6237\u8fdb\u884c\u8bbf\u95ee\u63a7\u5236\uff0c\u5373\u4e0d\u540c\u7528\u6237\u5bf9 Docker image \u6709\u4e0d\u540c\u7684\u8bfb\u5199\u6743\u9650\uff0cRegistry \u4f1a\u6307\u5411\u4e00\u4e2a token \u670d\u52a1\uff0c\u5f3a\u5236\u7528\u6237\u7684\u6bcf\u6b21 docker pull\/push \u8bf7\u6c42\u90fd\u8981\u643a\u5e26\u4e00\u4e2a\u5408\u6cd5\u7684 token, Registry \u4f1a\u901a\u8fc7\u516c\u94a5\u5bf9 token \u8fdb\u884c\u89e3\u5bc6\u9a8c\u8bc1\u3002<\/li>\n<li>Core services\uff1a\u8fd9\u662f Harbor \u7684\u6838\u5fc3\u529f\u80fd\uff0c\u4e3b\u8981\u63d0\u4f9b\u4ee5\u4e0b\u670d\u52a1:<\/li>\n<\/ul>\n<p>UI\uff1a\u63d0\u4f9b\u56fe\u5f62\u5316\u754c\u9762\uff0c\u5e2e\u52a9\u7528\u6237\u7ba1\u7406 registry \u4e0a\u7684\u955c\u50cf(image)\uff0c\u5e76\u5bf9\u7528\u6237\u8fdb\u884c\u6388\u6743\uff1b<br \/>\nwebhook\uff1a\u4e3a\u4e86\u53ca\u65f6\u83b7\u53d6 registry \u4e0a image \u72b6\u6001\u53d8\u5316\u7684\u60c5\u51b5\uff0c \u5728 Registry \u4e0a\u914d\u7f6e webhook\uff0c\u628a\u72b6\u6001\u53d8\u5316\u4f20\u9012\u7ed9 UI \u6a21\u5757\uff1b<br \/>\ntoken \u670d\u52a1\uff1a\u8d1f\u8d23\u6839\u636e\u7528\u6237\u6743\u9650\u7ed9\u6bcf\u4e2a docker push\/pull \u547d\u4ee4\u7b7e\u53d1 token\u3002Docker \u5ba2\u6237\u7aef\u5411Registry \u670d\u52a1\u53d1\u8d77\u7684\u8bf7\u6c42\uff0c\u5982\u679c\u4e0d\u5305\u542btoken\uff0c\u4f1a\u88ab\u91cd\u5b9a\u5411\u5230\u8fd9\u91cc\uff0c\u83b7\u5f97 token \u540e\u518d\u91cd\u65b0\u5411 Registry\u8fdb\u884c\u8bf7\u6c42\uff1b<\/p>\n<ul>\n<li>Database\uff1a\u4e3a core services \u63d0\u4f9b\u6570\u636e\u5e93\u670d\u52a1\uff0c\u8d1f\u8d23\u50a8\u5b58\u7528\u6237\u6743\u9650\u3001\u5ba1\u8ba1\u65e5\u5fd7\u3001Docker image \u5206\u7ec4\u4fe1\u606f\u7b49\u6570\u636e\u3002<\/li>\n<li>Log collector\uff1a\u4e3a\u4e86\u5e2e\u52a9\u76d1\u63a7 Harbor \u8fd0\u884c\uff0c\u8d1f\u8d23\u6536\u96c6\u5176\u4ed6\u7ec4\u4ef6\u7684 log\uff0c\u4f9b\u65e5\u540e\u8fdb\u884c\u5206\u6790\u3002\u5404\u4e2a\u7ec4\u4ef6\u4e4b\u95f4\u7684\u5173\u7cfb\u5982\u4e0b\u56fe\u6240\u793a\uff1a<\/li>\n<\/ul>\n<p><span class=\"img-wrap\"><img decoding=\"async\" src=\"https:\/\/segmentfault.com\/img\/bVGuqn?w=640&amp;h=483\" data-src=\"\/img\/bVGuqn?w=640&amp;h=483\" \/><\/span><\/p>\n<h3 id=\"articleHeader4\">(2)\u5b9e\u73b0<\/h3>\n<p>Harbor \u7684\u6bcf\u4e2a\u7ec4\u4ef6\u90fd\u662f\u4ee5 Docker \u5bb9\u5668\u7684\u5f62\u5f0f\u6784\u5efa\u7684\uff0c\u56e0\u6b64\u5f88\u81ea\u7136\u5730\uff0c\u6211\u4eec\u4f7f\u7528 Docker Compose \u6765\u5bf9\u5b83\u8fdb\u884c\u90e8\u7f72\u3002\u5728\u6e90\u4ee3\u7801\u4e2d(<a href=\"https:\/\/github.com\/vmware\/harbor)\" target=\"_blank\" rel=\"noopener\">https:\/\/github.com\/vmware\/har&#8230;<\/a>\uff0c\u7528\u4e8e\u90e8\u7f72 Harbor \u7684 Docker Compose \u6a21\u677f\u4f4d\u4e8e \/Deployer\/docker-compose.yml. \u6253\u5f00\u8fd9\u4e2a\u6a21\u677f\u6587\u4ef6\uff0c\u4f1a\u53d1\u73b0 Harbor \u7531 5 \u4e2a\u5bb9\u5668\u7ec4\u6210\uff1a<\/p>\n<ul>\n<li>proxy\uff1a\u7531 Nginx \u670d\u52a1\u5668\u6784\u6210\u7684\u53cd\u5411\u4ee3\u7406\u3002<\/li>\n<li>registry\uff1a\u7531 Docker \u5b98\u65b9\u7684\u5f00\u6e90 registry \u955c\u50cf\u6784\u6210\u7684\u5bb9\u5668\u5b9e\u4f8b\u3002<\/li>\n<li>ui\uff1a\u5373\u67b6\u6784\u4e2d\u7684 core services, \u6784\u6210\u6b64\u5bb9\u5668\u7684\u4ee3\u7801\u662f Harbor \u9879\u76ee\u7684\u4e3b\u4f53\u3002<\/li>\n<li>mysql\uff1a\u7531\u5b98\u65b9 MySql \u955c\u50cf\u6784\u6210\u7684\u6570\u636e\u5e93\u5bb9\u5668\u3002<\/li>\n<li>log: \u8fd0\u884c\u7740 rsyslogd \u7684\u5bb9\u5668\uff0c\u901a\u8fc7 log-driver \u7684\u5f62\u5f0f\u6536\u96c6\u5176\u4ed6\u5bb9\u5668\u7684\u65e5\u5fd7\u3002<\/li>\n<\/ul>\n<p>\u8fd9\u51e0\u4e2a\u5bb9\u5668\u901a\u8fc7 Docker link \u7684\u5f62\u5f0f\u8fde\u63a5\u5728\u4e00\u8d77\uff0c\u8fd9\u6837\uff0c\u5728\u5bb9\u5668\u4e4b\u95f4\u53ef\u4ee5\u901a\u8fc7\u5bb9\u5668\u540d\u5b57\u4e92\u76f8\u8bbf\u95ee\u3002\u5bf9\u7ec8\u7aef\u7528\u6237\u800c\u8a00\uff0c\u53ea\u9700\u8981\u66b4\u9732 proxy (\u5373 Nginx)\u7684\u670d\u52a1\u7aef\u53e3\u3002<\/p>\n<h3 id=\"articleHeader5\">(3)\u5de5\u4f5c\u539f\u7406<\/h3>\n<p>\u4e0b\u9762\u4ee5\u4e24\u4e2a Docker \u547d\u4ee4\u4e3a\u4f8b\uff0c\u8bb2\u89e3\u4e3b\u8981\u7ec4\u4ef6\u4e4b\u95f4\u5982\u4f55\u534f\u540c\u5de5\u4f5c\u3002<\/p>\n<p><strong>1) docker login<\/strong><\/p>\n<p>\u5047\u8bbe\u6211\u4eec\u5c06 Harbor \u90e8\u7f72\u5728\u4e3b\u673a\u540d\u4e3a registry.yourdomainname.com \u7684\u865a\u673a\u4e0a\u3002\u7528\u6237\u901a\u8fc7 docker login \u547d\u4ee4\u5411\u8fd9\u4e2a Harbor \u670d\u52a1\u53d1\u8d77\u767b\u5f55\u8bf7\u6c42:docker login registry.yourdomainname.com\u5f53\u7528\u6237\u8f93\u5165\u6240\u9700\u4fe1\u606f\u5e76\u70b9\u51fb\u56de\u8f66\u540e\uff0cDocker \u5ba2\u6237\u7aef\u4f1a\u5411\u5730\u5740\u201cregistry.yourdomainname.com\/v2\/\u201d \u53d1\u51fa HTTP GET \u8bf7\u6c42\u3002 Harbor \u7684\u5404\u4e2a\u5bb9\u5668\u4f1a\u901a\u8fc7\u4ee5\u4e0b\u6b65\u9aa4\u5904\u7406\uff1a<\/p>\n<p>(a) \u9996\u5148\uff0c\u8fd9\u4e2a\u8bf7\u6c42\u4f1a\u7531\u76d1\u542c 80 \u7aef\u53e3\u7684 proxy \u5bb9\u5668\u63a5\u6536\u5230\u3002\u6839\u636e\u9884\u5148\u8bbe\u7f6e\u7684\u5339\u914d\u89c4\u5219\uff0c\u5bb9\u5668\u4e2d\u7684 Nginx\u4f1a\u5c06\u8bf7\u6c42\u8f6c\u53d1\u7ed9\u540e\u7aef\u7684 registry \u5bb9\u5668\uff1b<\/p>\n<p>(b) \u5728 registry \u5bb9\u5668\u4e00\u65b9\uff0c\u7531\u4e8e\u914d\u7f6e\u4e86\u57fa\u4e8e token \u7684\u8ba4\u8bc1\uff0cregistry \u4f1a\u8fd4\u56de\u9519\u8bef\u4ee3\u7801 401\uff0c\u63d0\u793a Docker\u5ba2\u6237\u7aef\u8bbf\u95ee token \u670d\u52a1\u7ed1\u5b9a\u7684 URL\u3002\u5728 Harbor \u4e2d\uff0c\u8fd9\u4e2a URL \u6307\u5411 Core Services\uff1b<\/p>\n<p>(c) Docker \u5ba2\u6237\u7aef\u5728\u63a5\u5230\u8fd9\u4e2a\u9519\u8bef\u4ee3\u7801\u540e\uff0c\u4f1a\u5411token\u670d\u52a1\u7684URL\u53d1\u51fa\u8bf7\u6c42\uff0c\u5e76\u6839\u636eHTTP\u534f\u8bae\u7684BasicAuthentication \u89c4\u8303\uff0c\u5c06\u7528\u6237\u540d\u5bc6\u7801\u7ec4\u5408\u5e76\u7f16\u7801\uff0c\u653e\u5728\u8bf7\u6c42\u5934\u90e8(header)\uff1b<\/p>\n<p>(d)\u7c7b\u4f3c\u5730\uff0c\u8fd9\u4e2a\u8bf7\u6c42\u901a\u8fc7 80 \u7aef\u53e3\u53d1\u5230 proxy \u5bb9\u5668\u540e\uff0cNginx \u4f1a\u6839\u636e\u89c4\u5219\u628a\u8bf7\u6c42\u8f6c\u53d1\u7ed9 ui \u5bb9\u5668\uff0cui \u5bb9\u5668\u76d1\u542c token \u670d\u52a1\u7f51\u5740\u7684\u5904\u7406\u7a0b\u5e8f\u63a5\u6536\u5230\u8bf7\u6c42\u540e\uff0c\u4f1a\u5c06\u8bf7\u6c42\u5934\u89e3\u7801\uff0c\u5f97\u5230\u7528\u6237\u540d\u3001\u5bc6\u7801\uff1b<\/p>\n<p>(e) \u5728\u5f97\u5230\u7528\u6237\u540d\u3001\u5bc6\u7801\u540e\uff0cui \u5bb9\u5668\u4e2d\u7684\u4ee3\u7801\u4f1a\u67e5\u8be2\u6570\u636e\u5e93\uff0c\u5c06\u7528\u6237\u540d\u3001\u5bc6\u7801\u4e0e mysql \u5bb9\u5668\u4e2d\u7684\u6570\u636e\u8fdb\u884c\u6bd4\u5bf9(\u6ce8:ui \u5bb9\u5668\u8fd8\u652f\u6301 LDAP \u7684\u8ba4\u8bc1\u65b9\u5f0f\uff0c\u5728\u90a3\u79cd\u60c5\u51b5\u4e0b ui \u4f1a\u8bd5\u56fe\u548c\u5916\u90e8 LDAP \u670d\u52a1\u8fdb\u884c\u901a\u4fe1\u5e76\u6821\u9a8c\u7528\u6237\u540d\/\u5bc6\u7801)\u3002\u6bd4\u5bf9\u6210\u529f\uff0cui \u5bb9\u5668\u4f1a\u8fd4\u56de\u8868\u793a\u6210\u529f\u7684\u72b6\u6001\u7801\uff0c \u5e76\u7528\u5bc6\u94a5\u751f\u6210 token\uff0c\u653e\u5728\u54cd\u5e94\u4f53\u4e2d\u8fd4\u56de\u7ed9 Docker \u5ba2\u6237\u7aef\u3002\u8fd9\u4e2a\u8fc7\u7a0b\u4e2d\u7ec4\u4ef6\u95f4\u7684\u4ea4\u4e92\u8fc7\u7a0b\u5982\u4e0b\u56fe\u6240\u793a\uff1a<\/p>\n<p><span class=\"img-wrap\"><img decoding=\"async\" src=\"https:\/\/segmentfault.com\/img\/bVGuqp?w=640&amp;h=211\" data-src=\"\/img\/bVGuqp?w=640&amp;h=211\" \/><\/span><\/p>\n<p>\u81f3\u6b64\uff0c\u4e00\u6b21 docker login \u6210\u529f\u5730\u5b8c\u6210\u4e86\uff0cDocker \u5ba2\u6237\u7aef\u4f1a\u628a\u6b65\u9aa4(c)\u4e2d\u7f16\u7801\u540e\u7684\u7528\u6237\u540d\u5bc6\u7801\u4fdd\u5b58\u5728\u672c\u5730\u7684\u9690\u85cf\u6587\u4ef6\u4e2d\u3002<\/p>\n<p><strong>2) docker push<\/strong><\/p>\n<p>\u7528\u6237\u767b\u5f55\u6210\u529f\u540e\u7528 docker push \u547d\u4ee4\u5411 Harbor \u63a8\u9001\u4e00\u4e2a Docker \u955c\u50cf\uff1adocker push registry.youdomainname.com\/library\/hello-world<\/p>\n<p>(a) \u9996\u5148\uff0cdocker \u5ba2\u6237\u7aef\u4f1a\u91cd\u590d login \u7684\u8fc7\u7a0b\uff0c\u9996\u5148\u53d1\u9001\u8bf7\u6c42\u5230 registry,\u4e4b\u540e\u5f97\u5230 token \u670d\u52a1\u7684\u5730\u5740\uff1b<\/p>\n<p>(b) \u4e4b\u540e\uff0cDocker \u5ba2\u6237\u7aef\u5728\u8bbf\u95eeui\u5bb9\u5668\u4e0a\u7684token\u670d\u52a1\u65f6\u4f1a\u63d0\u4f9b\u989d\u5916\u4fe1\u606f\uff0c\u6307\u660e\u5b83\u8981\u7533\u8bf7\u4e00\u4e2a\u5bf9imagelibrary\/hello-world \u8fdb\u884c push \u64cd\u4f5c\u7684 token\uff1b<\/p>\n<p>(c) token \u670d\u52a1\u5728\u7ecf\u8fc7 Nginx \u8f6c\u53d1\u5f97\u5230\u8fd9\u4e2a\u8bf7\u6c42\u540e\uff0c\u4f1a\u8bbf\u95ee\u6570\u636e\u5e93\u6838\u5b9e\u5f53\u524d\u7528\u6237\u662f\u5426\u6709\u6743\u9650\u5bf9\u8be5 image\u8fdb\u884c push\u3002\u5982\u679c\u6709\u6743\u9650\uff0c\u5b83\u4f1a\u628a image \u7684\u4fe1\u606f\u4ee5\u53ca push \u52a8\u4f5c\u8fdb\u884c\u7f16\u7801\uff0c\u5e76\u7528\u79c1\u94a5\u7b7e\u540d\uff0c\u751f\u6210 token\u8fd4\u56de\u7ed9 Docker \u5ba2\u6237\u7aef\uff1b<\/p>\n<p>(d) \u5f97\u5230 token \u4e4b\u540e Docker \u5ba2\u6237\u7aef\u4f1a\u628a token \u653e\u5728\u8bf7\u6c42\u5934\u90e8\uff0c\u5411 registry \u53d1\u51fa\u8bf7\u6c42\uff0c\u8bd5\u56fe\u5f00\u59cb\u63a8\u9001image\u3002 Registry \u6536\u5230\u8bf7\u6c42\u540e\u4f1a\u7528\u516c\u94a5\u89e3\u7801 token \u5e76\u8fdb\u884c\u6838\u5bf9\uff0c\u4e00\u5207\u6210\u529f\u540e\uff0cimage \u7684\u4f20\u8f93\u5c31\u5f00\u59cb\u4e86\u3002\u6211\u4eec\u7701\u53bb proxy \u8f6c\u53d1\u7684\u6b65\u9aa4\uff0c\u4e0b\u56fe\u63cf\u8ff0\u4e86\u8fd9\u4e2a\u8fc7\u7a0b\u4e2d\u5404\u7ec4\u4ef6\u7684\u901a\u4fe1\u8fc7\u7a0b \uff1a<\/p>\n<p><span class=\"img-wrap\"><img decoding=\"async\" src=\"https:\/\/segmentfault.com\/img\/bVGuqs?w=640&amp;h=272\" data-src=\"\/img\/bVGuqs?w=640&amp;h=272\" \/><\/span><\/p>\n<h2 id=\"articleHeader6\">Harbor \u5355\u673a\u5b89\u88c5\u8c03\u8bd5\u6b65\u9aa4<\/h2>\n<p>\u6b64\u6b21\u793a\u8303\u4ee5 CentOS 7.2.1511 x86_64 \u4e3a\u4f8b\uff1a<\/p>\n<pre class=\"hljs autoit\"><code>    [root<span class=\"hljs-symbol\">@registry<\/span> ~]<span class=\"hljs-meta\"># yum install https:\/\/yum.dockerproject.org\/repo\/main\/centos\/7\/Packages\/docker-engine-selinux-1.11.2-<\/span>\n\n    <span class=\"hljs-number\">1.<\/span>el7.centos.noarch.rpm\n    [root<span class=\"hljs-symbol\">@registry<\/span> ~]<span class=\"hljs-meta\"># yum install https:\/\/yum.dockerproject.org\/repo\/main\/centos\/7\/Packages\/docker-engine-1.11.2-<\/span>\n\n    <span class=\"hljs-number\">1.<\/span>el7.centos.x86_64.rpm\n    [root<span class=\"hljs-symbol\">@registry<\/span> ~]<span class=\"hljs-meta\"># systemctl enable docker<\/span>\n    [root<span class=\"hljs-symbol\">@registry<\/span> ~]<span class=\"hljs-meta\"># systemctl start docker<\/span>\n    [root<span class=\"hljs-symbol\">@registry<\/span> ~]<span class=\"hljs-meta\"># yum install git<\/span>\n    [root<span class=\"hljs-symbol\">@registry<\/span> ~]<span class=\"hljs-meta\"># git clone https:\/\/github.com\/vmware\/harbor<\/span>\n    [root<span class=\"hljs-symbol\">@registry<\/span> ~]<span class=\"hljs-meta\"># cd harbor\/<\/span>\n    [root<span class=\"hljs-symbol\">@registry<\/span> harbor]<span class=\"hljs-meta\"># cd Deploy\/<\/span>\n    [root<span class=\"hljs-symbol\">@registry<\/span> Deploy]<span class=\"hljs-meta\"># vi harbor.cfg<\/span><\/code><\/pre>\n<p>\u4fee\u6539\u7684\u91cd\u70b9\u5185\u5bb9\u5982\u4e0b\uff1a<\/p>\n<pre class=\"hljs nix\"><code>  <span class=\"hljs-attr\">hostname<\/span> = registry.yourdomainname.<span class=\"hljs-attr\">comui_url_protocol<\/span> = https\n\n    <span class=\"hljs-attr\">email_server<\/span> = smtp.yourmailserver.<span class=\"hljs-attr\">comemail_server_port<\/span> = <span class=\"hljs-number\">25<\/span>\n    <span class=\"hljs-attr\">email_username<\/span> = registry_admin@yourdomainname.<span class=\"hljs-attr\">comemail_password<\/span> = yourpassword\n    <span class=\"hljs-attr\">email_from<\/span> = registry_admin@yourdomainname.<span class=\"hljs-attr\">comemail_ssl<\/span> = <span class=\"hljs-literal\">false<\/span>\n\n    <span class=\"hljs-attr\">harbor_admin_password<\/span> = <span class=\"hljs-attr\">myharborpasswordauth_mode<\/span> = db_auth\n    <span class=\"hljs-attr\">db_password<\/span> = <span class=\"hljs-attr\">yoursqlpasswordself_registration<\/span> = off\n    <span class=\"hljs-attr\">customize_crt<\/span> = off<\/code><\/pre>\n<p>\u4fee\u6539\u5b8c\u6210<\/p>\n<p>\u5047\u8bbe\u5df2\u7ecf\u51c6\u5907\u597d\u7ad9\u70b9\u7684\u6570\u5b57\u8bc1\u4e66\u6587\u4ef6 registry.yourdomainname.com.crt \u548cregistry.yourdomainname.com.key\uff0c\u5219\u53ef\u4ee5\u914d\u7f6e https \u7684\u8bbf\u95ee\u6a21\u5f0f\uff1a<\/p>\n<pre class=\"hljs vim\"><code>[root@registry Deploy]# <span class=\"hljs-keyword\">cd<\/span> config\/nginx\/\n[root@registry nginx]# <span class=\"hljs-keyword\">ls<\/span> cert\/\nregistry.yourdomainname.<span class=\"hljs-keyword\">com<\/span>.crt registry.yourdomainname.<span class=\"hljs-keyword\">com<\/span>.key\n[root@registry nginx]# mv nginx.<span class=\"hljs-keyword\">conf<\/span> nginx.<span class=\"hljs-keyword\">conf<\/span>.bak\n[root@registry nginx]# <span class=\"hljs-keyword\">cp<\/span> nginx.https.<span class=\"hljs-keyword\">conf<\/span> nginx.<span class=\"hljs-keyword\">conf<\/span>\n[root@registry nginx]# <span class=\"hljs-keyword\">vi<\/span> nginx.<span class=\"hljs-keyword\">conf<\/span><\/code><\/pre>\n<p>\u4fee\u6539\u5185\u5bb9\u5982\u4e0b:<\/p>\n<p><span class=\"img-wrap\"><img decoding=\"async\" src=\"https:\/\/segmentfault.com\/img\/bVGuqt?w=640&amp;h=199\" data-src=\"\/img\/bVGuqt?w=640&amp;h=199\" \/><\/span><br \/>\n<span class=\"img-wrap\"><img decoding=\"async\" src=\"https:\/\/segmentfault.com\/img\/bVGuqv?w=640&amp;h=110\" data-src=\"\/img\/bVGuqv?w=640&amp;h=110\" \/><\/span><\/p>\n<p>\u4fee\u6539\u5185\u5bb9\u7ed3\u675f<\/p>\n<p>\u5b89\u88c5 docker-compose \u547d\u4ee4:<\/p>\n<p><span class=\"img-wrap\"><img decoding=\"async\" src=\"https:\/\/segmentfault.com\/img\/bVGuqy?w=640&amp;h=70\" data-src=\"\/img\/bVGuqy?w=640&amp;h=70\" \/><\/span><br \/>\n<span class=\"img-wrap\"><img decoding=\"async\" src=\"https:\/\/segmentfault.com\/img\/bVGuqz?w=640&amp;h=271\" data-src=\"\/img\/bVGuqz?w=640&amp;h=271\" \/><\/span><\/p>\n<p>\u6dfb\u52a0 harbor \u7684\u542f\u505c\u811a\u672c:<\/p>\n<p><span class=\"img-wrap\"><img decoding=\"async\" src=\"https:\/\/segmentfault.com\/img\/bVGuqB?w=640&amp;h=404\" data-src=\"\/img\/bVGuqB?w=640&amp;h=404\" \/><\/span><\/p>\n<p>\u6dfb\u52a0 harbor \u4e3a systemd \u670d\u52a1\uff1a<\/p>\n<p><span class=\"img-wrap\"><img decoding=\"async\" src=\"https:\/\/segmentfault.com\/img\/bVGuqD?w=640&amp;h=413\" data-src=\"\/img\/bVGuqD?w=640&amp;h=413\" \/><\/span><\/p>\n<p>\u7ba1\u7406 Harbor \u7684\u751f\u547d\u5468\u671f\uff1a<\/p>\n<p><span class=\"img-wrap\"><img decoding=\"async\" src=\"https:\/\/segmentfault.com\/img\/bVGuqF?w=640&amp;h=769\" data-src=\"\/img\/bVGuqF?w=640&amp;h=769\" \/><\/span><\/p>\n<p>\u5173\u4e8e\u6570\u5b57\u8bc1\u4e66\uff0c\u4e0a\u9762\u7684\u63cf\u8ff0\u9002\u7528\u4e8e\u5411\u7b2c\u4e09\u65b9\u6839\u8bc1\u4e66\u9881\u53d1\u673a\u6784\u7533\u8bf7\u5f97\u5230\u7684\u6570\u5b57\u8bc1\u4e66\u6587\u4ef6\uff0c\u5982\u679c\u662f\u81ea\u7b7e\u540d\u6570\u5b57\u8bc1\u4e66\uff0c\u53ef\u53c2\u8003 Harbor \u5b98\u65b9\u6587\u6863:<a href=\"https:\/\/github.com\/vmware\/harbor\/blob\/master\/docs\/configure_https.md\" target=\"_blank\" rel=\"noopener\">https:\/\/github.com\/vmware\/har&#8230;<\/a><\/p>\n<p>\u8bbf\u95ee Harbor\uff1a<\/p>\n<ol>\n<li>\u7f51\u9875\u8bbf\u95ee\u65b9\u5f0f <a href=\"https:\/\/registry.yourdomainname.com\/\" target=\"_blank\" rel=\"noopener\">https:\/\/registry.yourdomainna&#8230;<\/a><\/li>\n<li>Linux Docker \u5ba2\u6237\u7aef\u5982\u9700\u8981\u8bbf\u95ee\u8fd9\u4e2a\u4ed3\u5e93\u670d\u52a1\u5668\uff0c\u5982\u679c\u6570\u5b57\u8bc1\u4e66\u7684\u6839\u8bc1\u4e66\u9881\u53d1\u673a\u6784\u4e0d\u5728\u7cfb\u7edf\u5217\u8868\u91cc\uff0c\u5219\u9700\u8981\u624b\u52a8\u6dfb\u52a0\u4fe1\u4efb\u5173\u7cfb\uff08\u9700\u8981\u5c06\u8bc1\u4e66\u6587\u4ef6 registry.yourdomainname.com.crt \u62f7\u8d1d\u81f3\u6307\u5b9a\u76ee\u5f55\uff09\uff0c\u7136\u540e\u66f4\u65b0\u8bc1\u4e66\u7f13\u5b58\uff1a<\/li>\n<\/ol>\n<pre class=\"hljs vim\"><code><span class=\"hljs-keyword\">cp<\/span> registry.yourdomainname.<span class=\"hljs-keyword\">com<\/span>.crt \/usr\/local\/share\/<span class=\"hljs-keyword\">ca<\/span>-certificates\/<span class=\"hljs-keyword\">update<\/span>-<span class=\"hljs-keyword\">ca<\/span>-certificates<\/code><\/pre>\n<p>\u4ee5\u4e0a\u4e24\u6761\u547d\u4ee4\u9002\u7528\u4e8e Ubuntu \u7cfb\u5217<\/p>\n<pre class=\"hljs vim\"><code><span class=\"hljs-keyword\">cp<\/span> registry.yourdomainname.<span class=\"hljs-keyword\">com<\/span>.crt\/etc\/pki\/<span class=\"hljs-keyword\">ca<\/span>-trust\/<span class=\"hljs-keyword\">source<\/span>\/anchors\/<span class=\"hljs-keyword\">update<\/span>-<span class=\"hljs-keyword\">ca<\/span>-trust<\/code><\/pre>\n<p>\u4ee5\u4e0a\u4e24\u6761\u547d\u4ee4\u9002\u7528\u4e8e RHEL \u6216 CentOS \u7cfb\u5217<\/p>\n<p>\u767b\u9646\u53ca push image \u8fc7\u7a0b:<\/p>\n<pre class=\"hljs autoit\"><code>[root<span class=\"hljs-symbol\">@RancherHost01<\/span> ~]<span class=\"hljs-meta\"># docker login<\/span>\nregistry.yourdomainname.com\nUsername: admin\nPassword:\nLogin Succeeded\n[root<span class=\"hljs-symbol\">@RancherHost01<\/span> ~]<span class=\"hljs-meta\"># <\/span><\/code><\/pre>\n<p><span class=\"img-wrap\"><img decoding=\"async\" src=\"https:\/\/segmentfault.com\/img\/bVGuqG?w=1652&amp;h=1134\" data-src=\"\/img\/bVGuqG?w=1652&amp;h=1134\" \/><\/span><\/p>\n<p>\u767b\u9646 Web \u7aef\u5373\u53ef\u770b\u89c1\u5df2\u7ecf\u4e0a\u4f20\u7684 image \u4e86:<\/p>\n<p><span class=\"img-wrap\"><img decoding=\"async\" src=\"https:\/\/segmentfault.com\/img\/bVGuqL?w=1660&amp;h=528\" data-src=\"\/img\/bVGuqL?w=1660&amp;h=528\" \/><\/span><\/p>\n<p>\u65b0\u589e\u7528\u6237\u754c\u9762:<\/p>\n<p><span class=\"img-wrap\"><img decoding=\"async\" src=\"https:\/\/segmentfault.com\/img\/bVGuqO?w=542&amp;h=1006\" data-src=\"\/img\/bVGuqO?w=542&amp;h=1006\" \/><\/span><\/p>\n<h2 id=\"articleHeader7\">Harbor \u4f5c\u4e3a Mirror Registry<\/h2>\n<p>Mirror \u662f Docker Registry \u7684\u4e00\u79cd\u7279\u6b8a\u7c7b\u578b\uff0c\u5b83\u8d77\u5230\u4e86\u7c7b\u4f3c\u4ee3\u7406\u670d\u52a1\u5668\u7684\u7f13\u5b58\u89d2\u8272\uff0c\u5728\u7528\u6237\u548cDocker Hub \u4e4b\u95f4\u505a Image \u7684\u7f13\u5b58\u3002<\/p>\n<p>\u5176\u57fa\u672c\u5de5\u4f5c\u539f\u7406\u662f\uff0c\u5f53\u7528\u6237 pull \u4e00\u4e2a\u955c\u50cf\u65f6\uff0c\u82e5\u955c\u50cf\u5728 mirror \u670d\u52a1\u5668\u5b58\u5728\uff0c\u5219\u76f4\u63a5\u4ece mirror \u670d\u52a1\u5668\u62c9\u53d6\uff0c\u5426\u5219\u82e5\u4e0d\u5b58\u5728\u8be5\u955c\u50cf\uff0c\u5219\u7531 mirror server \u81ea\u52a8\u4ee3\u7406\u5f80 dockerhub(\u53ef\u914d\u7f6e)\u4e2d\u62c9\u53d6\u955c\u50cf\uff0c\u5e76\u7f13\u5b58\u5230 mirror \u670d\u52a1\u5668\u4e2d\uff0c\u5f53\u5ba2\u6237\u518d\u6b21\u62c9\u53d6\u8fd9\u4e2a\u955c\u50cf\u65f6\uff0c\u76f4\u63a5\u4ece mirror server \u4e2d\u62c9\u53d6\uff0c\u4e0d\u9700\u8981\u518d\u6b21\u4ecedocker hub \u4e2d\u62c9\u53d6\u3002<\/p>\n<p>Harbor \u76ee\u524d\u4e0d\u652f\u6301 pull cache \u529f\u80fd,\u5df2\u63d0\u4ea4 Github issue #120\u3002 <a href=\"https:\/\/github.com\/vmware\/harbor\/issues\/120\" target=\"_blank\" rel=\"noopener\">https:\/\/github.com\/vmware\/har&#8230;<\/a><\/p>\n<p>\u4e0d\u8fc7\u6211\u4eec\u53ea\u9700\u8981\u624b\u52a8\u4fee\u6539\u4e0b\u914d\u7f6e\u5373\u53ef\u5b8c\u6210\uff0c\u5177\u4f53\u914d\u7f6e\u53ef\u67e5\u770b\u5b98\u65b9 Registry as a pull through cache.<br \/>\n<a href=\"https:\/\/github.com\/vmware\/harbor\/commit\/5e3d3afb1184b91c7aaac8618cc5ca1a5fe85bc7\" target=\"_blank\" rel=\"noopener\">https:\/\/github.com\/vmware\/har&#8230;<\/a><\/p>\n<p>\u6211\u4eec\u5728\u8fd0\u884c.\/prepare \u4e4b\u524d\u4fee\u6539 config\/registry\/config.yml \u6587\u4ef6\uff0c\u8ffd\u52a0\u4ee5\u4e0b\u914d\u7f6e<\/p>\n<pre class=\"hljs asciidoc\"><code><span class=\"hljs-meta\">:proxy:remoteurl:<\/span> https:\/\/registry-1.docker.io<\/code><\/pre>\n<p>\u5982\u679c\u9700\u8981\u8bbf\u95ee\u79c1\u6709\u4ed3\u5e93\uff0c\u9700\u8981\u586b\u5199 Docker Hub \u7684\u7528\u6237\u540d\u548c\u5bc6\u7801<\/p>\n<pre class=\"hljs asciidoc\"><code><span class=\"hljs-meta\">:proxy:<\/span>\nremoteurl: https:\/\/registry-1.docker.io\nusername: [username]\npassword: [password]<\/code><\/pre>\n<p>\u7136\u540e\u91cd\u65b0\u542f\u52a8 Harbor \u670d\u52a1:(\u6ce8\u610f\u4e0d\u8981\u6267\u884c.\/prepare)<\/p>\n<pre class=\"hljs bash\"><code>docker-compose stop\ndocker-compose rm <span class=\"hljs-_\">-f<\/span>\ndocker-compose up <span class=\"hljs-_\">-d<\/span><\/code><\/pre>\n<p>\u9664\u4e86\u8bbe\u7f6e Harbor(\u6216\u8005 registry)\uff0c\u8fd8\u9700\u8981\u914d\u7f6e\u672c\u5730 docker \u670d\u52a1\uff0c\u6307\u5b9a&#8211;registry-mirror \u53c2\u6570\uff0c\u4fee\u6539docker \u914d\u7f6e\u6587\u4ef6<\/p>\n<pre class=\"hljs groovy\"><code><span class=\"hljs-string\">Ubuntu:<\/span><span class=\"hljs-regexp\">\/etc\/<\/span><span class=\"hljs-keyword\">default<\/span>\/docker\n\nDOCKER_OPTS=<span class=\"hljs-string\">\"$DOCKER_OPTS --registry-mirror=https:\/\/registry.yourdomainname.com<\/span><\/code><\/pre>\n<p>\u6216<\/p>\n<pre class=\"hljs ini\"><code><span class=\"hljs-attr\">DOCKER_OPTS<\/span>=<span class=\"hljs-string\">\"$DOCKER_OPTS --registry-mirror=https:\/\/registry.yourdomainname.com --insecure-registry\n\nregistry.yourdomainname.com\"<\/span><\/code><\/pre>\n<p>\u6216\u8005<\/p>\n<pre class=\"hljs crystal\"><code>RHEL\/<span class=\"hljs-symbol\">CentOS:<\/span>\/usr\/<span class=\"hljs-class\"><span class=\"hljs-keyword\">lib<\/span>\/<span class=\"hljs-title\">systemd<\/span>\/<span class=\"hljs-title\">system<\/span>\/<span class=\"hljs-title\">docker<\/span>.<span class=\"hljs-title\">service<\/span>):<\/span>\n[Service]\nExecStart=\nExecStart=<span class=\"hljs-regexp\">\/usr\/bin<\/span><span class=\"hljs-regexp\">\/docker daemon -H fd:\/<\/span><span class=\"hljs-regexp\">\/ --registry-mirror=https:\/<\/span><span class=\"hljs-regexp\">\/registry.yourdomainname.com<\/span><\/code><\/pre>\n<blockquote><p>\u6ce8\u610f\uff1a\u4fee\u6539\u4e86 docker \u914d\u7f6e\u6587\u4ef6\uff0c\u5fc5\u987b\u91cd\u542f docker \u670d\u52a1\u624d\u80fd\u751f\u6548\u3002<\/p><\/blockquote>\n<p>Harbor \u7531\u4e8e\u5f15\u8fdb\u4e86\u8ba4\u8bc1\u529f\u80fd\uff0c\u56e0\u6b64 push \u64cd\u4f5c\u65f6\uff0c\u5fc5\u987b\u4fdd\u8bc1 project \u5b58\u5728\uff0c\u6bd4\u5982 push krystism\/ffmpeg\uff0c\u5fc5\u987b\u4fdd\u8bc1 Harbor \u521b\u5efa\u4e86 krystism project\uff0c\u5426\u5219\u4f1a\u5931\u8d25\u3002\u4e3a\u4e86\u80fd\u591f\u6b63\u5e38 push\/pulldockerhub \u7684\u5b98\u65b9\u955c\u50cf\uff0c\u52a1\u5fc5\u521b\u5efa library project\uff0c\u5982\u56fe\uff1a<\/p>\n<p><span class=\"img-wrap\"><img decoding=\"async\" src=\"https:\/\/segmentfault.com\/img\/bVGuqR?w=1214&amp;h=440\" data-src=\"\/img\/bVGuqR?w=1214&amp;h=440\" \/><\/span><\/p>\n<h3 id=\"articleHeader8\">\uff081\uff09\u5047\u8bbe\u672c\u5730\u4e0d\u5b58\u5728 python \u955c\u50cf\uff1a<\/h3>\n<p>\u6211\u4eec\u7b2c\u4e00\u6b21 pull python \u540e\uff0cHarbor \u53d1\u73b0\u4e0d\u5b58\u5728\u8be5\u955c\u50cf\uff0c\u4e8e\u662f\u81ea\u5df1\u4f5c\u4e3a\u4ee3\u7406\u5f80 Docker Hub \u91cc\u62c9\u53d6\uff0c\u62c9\u53d6\u540e\u4fdd\u5b58\u5230\u672c\u5730,\u53ef\u4ee5\u901a\u8fc7 Web UI \u67e5\u770b\u3002\u5ba2\u6237\u7aef\u518d\u6b21\u62c9\u53d6 python \u955c\u50cf\u65f6\uff0c\u7531\u4e8e Harbor \u5df2\u7ecf\u5b58\u5728\u8be5\u955c\u50cf\uff0c\u56e0\u6b64\u4e0d\u9700\u8981\u518d\u5f80 Docker Hub \u62c9\u53d6\uff0c\u901f\u5ea6\u5927\u5e45\u5ea6\u63d0\u9ad8\uff01<\/p>\n<p>\u6ce8\u610f\uff0c\u5bf9\u4e8e Mirror Registry \u6a21\u5f0f\uff0c\u867d\u7136\u53ef\u4ee5 pull cache \u4e86\uff0c\u4f46\u662f push \u529f\u80fd\u5374\u4e0d\u88ab\u652f\u6301\u4e86:<a href=\"https:\/\/github.com\/vmware\/harbor\/issues\/220\" target=\"_blank\" rel=\"noopener\">https:\/\/github.com\/vmware\/har&#8230;<\/a><\/p>\n<h3 id=\"articleHeader9\">\uff082\uff09\u4e0e Rancher \u7684\u6574\u5408\uff1a<\/h3>\n<p><strong>1\uff09Add Harbor deploy stack and 5 services in Rancher\uff1a<\/strong>\uff08\u5728 Rancher \u7cfb\u7edf\u91cc\u6dfb\u52a0\u5305\u542b 5 \u4e2a services \u7684stack\uff09<\/p>\n<p><span class=\"img-wrap\"><img decoding=\"async\" src=\"https:\/\/segmentfault.com\/img\/bVGuqU?w=760&amp;h=1118\" data-src=\"\/img\/bVGuqU?w=760&amp;h=1118\" \/><\/span><\/p>\n<p><strong>2\uff09Add Registry server in Rancher\uff1a<\/strong>\uff08\u5728 Rancher \u7cfb\u7edf\u91cc\u6dfb\u52a0 Registry \u670d\u52a1\u5668\uff0c\u4f9b Rancher Agent Hosts\u8c03\u7528\uff09<\/p>\n<p><span class=\"img-wrap\"><img decoding=\"async\" src=\"https:\/\/segmentfault.com\/img\/bVGuqZ?w=1536&amp;h=844\" data-src=\"\/img\/bVGuqZ?w=1536&amp;h=844\" \/><\/span><\/p>\n<p><strong>3\uff09Build a Catalog entry in Rancher\uff1a<\/strong>\uff08\u4e3a Harbor \u521b\u5efa\u4e00\u4e2a Rancher \u4e13\u6709\u7684\u5e94\u7528\u6a21\u677f\u9879\uff0c\u5b9e\u73b0\u4e00\u952e\u90e8\u7f72\uff0c\u4f7f\u5b89\u88c5\u8c03\u8bd5\u590d\u6742\u7684 Harbor \u4ea7\u54c1\u7b80\u5355\u5316\u3001\u5e76\u5b9e\u73b0\u5f39\u6027\u4f38\u7f29\u53ca\u9ad8\u53ef\u7528\u7b49\u7279\u6027\uff09<\/p>\n<p><span class=\"img-wrap\"><img decoding=\"async\" src=\"https:\/\/segmentfault.com\/img\/bVGuq2?w=1538&amp;h=838\" data-src=\"\/img\/bVGuq2?w=1538&amp;h=838\" \/><\/span><\/p>\n<h3 id=\"articleHeader10\">\uff083\uff09\u5bf9\u63a5 LDAP \u8ba4\u8bc1\uff1a<\/h3>\n<p>Harbor \u652f\u6301\u4e24\u79cd\u8ba4\u8bc1\u65b9\u5f0f\uff0c\u9ed8\u8ba4\u4e3a\u672c\u5730\u5b58\u50a8\uff0c\u5373\u8d26\u53f7\u4fe1\u606f\u5b58\u50a8\u5728 mysql \u4e0b\uff0c\u4e0a\u6587\u5df2\u7ecf\u5177\u4f53\u4ecb\u7ecd\u3002\u63a5\u4e0b\u6765\u4ecb\u7ecd\u53e6\u5916\u4e00\u79cd\u8ba4\u8bc1\u65b9\u5f0f LDAP\uff0c\u53ea\u9700\u8981\u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u5373\u53ef\u3002\u9700\u8981\u63d0\u4f9b ldap url \u4ee5\u53ca ldap basedn \u53c2\u6570\uff0c\u5e76\u4e14\u8bbe\u7f6e auth_mode \u4e3a ldap_auth\u3002<\/p>\n<p>\u5feb\u901f\u90e8\u7f72 LDAP \u670d\u52a1\uff1a<\/p>\n<p>\u4e3a\u4e86\u6d4b\u8bd5\u65b9\u4fbf\uff0c\u6211\u4eec\u4f7f\u7528 Docker \u542f\u52a8\u4e00\u4e2a LDAP \u670d\u52a1\u5668\uff0c\u542f\u52a8\u811a\u672c\u5982\u4e0b:<\/p>\n<pre class=\"hljs awk\"><code>!<span class=\"hljs-regexp\">\/bin\/<\/span>bash\nNAME=ldap_server\ndocker rm -f <span class=\"hljs-variable\">$NAME<\/span> <span class=\"hljs-number\">2<\/span>&gt;<span class=\"hljs-regexp\">\/dev\/<\/span>null\ndocker run --env LDAP_ORGANISATION=<span class=\"hljs-string\">\"Unitedstack Inc.\"<\/span> \\--env LDAP_DOMAIN=<span class=\"hljs-string\">\"ustack.com\"<\/span> \\\n--env LDAP_ADMIN_PASSWORD=<span class=\"hljs-string\">\"admin_password\"<\/span> \\\n-v pwd<span class=\"hljs-regexp\">\/containers\/<\/span>openldap<span class=\"hljs-regexp\">\/data:\/<\/span>var<span class=\"hljs-regexp\">\/lib\/<\/span>ldap \\\n-v pwd<span class=\"hljs-regexp\">\/containers\/<\/span>openldap<span class=\"hljs-regexp\">\/slapd.d:\/<\/span>etc<span class=\"hljs-regexp\">\/ldap\/<\/span>slapd.d \\--detach --name <span class=\"hljs-variable\">$NAME<\/span> osixia<span class=\"hljs-regexp\">\/openldap:1.1.2<\/span><\/code><\/pre>\n<p>\u521b\u5efa\u65b0\u7528\u6237\uff0c\u9996\u5148\u9700\u8981\u5b9a\u4e49 ldif \u6587\u4ef6\uff0c<\/p>\n<pre class=\"hljs groovy\"><code>new_user.<span class=\"hljs-string\">ldif:<\/span><span class=\"hljs-string\">dn:<\/span> uid=test,dc=ustack,dc=com\n<span class=\"hljs-string\">uid:<\/span> test\n<span class=\"hljs-string\">cn:<\/span> test\n<span class=\"hljs-string\">sn:<\/span> <span class=\"hljs-number\">3<\/span>\n<span class=\"hljs-string\">objectClass:<\/span> <span class=\"hljs-string\">topobjectClass:<\/span> <span class=\"hljs-string\">posixAccountobjectClass:<\/span> <span class=\"hljs-string\">inetOrgPersonloginShell:<\/span> <span class=\"hljs-regexp\">\/bin\/<\/span><span class=\"hljs-string\">bashhomeDirectory:<\/span>\n\n<span class=\"hljs-regexp\">\/home\/<\/span><span class=\"hljs-string\">testuidNumber:<\/span> <span class=\"hljs-number\">1001<\/span><span class=\"hljs-string\">gidNumber:<\/span> <span class=\"hljs-number\">1001<\/span><span class=\"hljs-string\">userPassword:<\/span> <span class=\"hljs-number\">1<\/span><span class=\"hljs-string\">q2w3e4rmail:<\/span> test<span class=\"hljs-meta\">@example<\/span>.<span class=\"hljs-string\">comgecos:<\/span> test<\/code><\/pre>\n<p>\u901a\u8fc7\u4ee5\u4e0b\u811a\u672c\u521b\u5efa\u65b0\u7528\u6237\uff0c\u5176\u4e2d ldap_server \u4e3a LDAP \u670d\u52a1\u5bb9\u5668\u540d\u79f0\u3002<\/p>\n<pre class=\"hljs haxe\"><code>docker cp <span class=\"hljs-keyword\">new<\/span><span class=\"hljs-type\">_user<\/span>.ldif ldap_server:\/\ndocker exec ldap_server ldapadd -x \\\n-D <span class=\"hljs-string\">\"cn=admin,dc=ustack,dc=com\"<\/span> \\\n-w admin_password \\-f \/<span class=\"hljs-keyword\">new<\/span><span class=\"hljs-type\">_user<\/span>.ldif -ZZ<\/code><\/pre>\n<p>\u67e5\u770b\u7528\u6237\u662f\u5426\u521b\u5efa\u6210\u529f:<\/p>\n<pre class=\"hljs haml\"><code>docker exec ldap_server ldapsearch -x -h localhost \\\n-<span class=\"ruby\">b dc=ustack,dc=com -D <span class=\"hljs-string\">\"cn=admin,dc=ustack,dc=com\"<\/span> \\\n<\/span>-<span class=\"ruby\">w admin_password<\/span><\/code><\/pre>\n<p>\u68c0\u67e5 test \u7528\u6237\u662f\u5426\u5b58\u5728\uff0c\u82e5\u5b58\u5728\uff0c\u5219\u8bf4\u660e\u521b\u5efa\u6210\u529f\uff0c\u5426\u5219\u9700\u8981\u4f7f\u7528 docker logs \u67e5\u770b\u65e5\u5fd7\u3002<\/p>\n<p>\u914d\u7f6e Harbor \u4f7f\u7528 LDAP \u8ba4\u8bc1\u4fee\u6539 harbor.cfg \u6587\u4ef6\u5173\u4e8e LDAP \u914d\u7f6e\u9879\uff0c\u5982\u4e0b<\/p>\n<pre class=\"hljs nix\"><code>:<span class=\"hljs-attr\">auth_mode<\/span> = ldap_auth\n<span class=\"hljs-attr\">ldap_url<\/span> = ldap:\/\/<span class=\"hljs-number\">42.62<\/span>.x.x\n<span class=\"hljs-attr\">ldap_basedn<\/span> = <span class=\"hljs-attr\">uid=%s,dc=ustack,dc=com<\/span><\/code><\/pre>\n<p>\u7136\u540e\u91cd\u65b0\u90e8\u7f72 Harbor\uff1a<\/p>\n<pre class=\"hljs arduino\"><code>.\/<span class=\"hljs-built_in\">prepare<\/span>\ndocker-compose <span class=\"hljs-built_in\">stop<\/span>\ndocker-compose rm -f\ndocker-compose up -d<\/code><\/pre>\n<p>\u6d4b\u8bd5\u662f\u5426\u80fd\u591f\u4f7f\u7528 test \u7528\u6237\u767b\u5f55\uff1a<\/p>\n<pre class=\"hljs stylus\"><code>docker login -u test -<span class=\"hljs-selector-tag\">p<\/span> <span class=\"hljs-number\">1<\/span>q2w3e4r \\\n-e test@example<span class=\"hljs-selector-class\">.com<\/span> <span class=\"hljs-number\">42.62<\/span><span class=\"hljs-selector-class\">.x<\/span><span class=\"hljs-selector-class\">.x<\/span> <\/code><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>VMware Harbor\uff1a\u57fa\u4e8e Docker Distribution \u7684\u4f01\u4e1a\u7ea7 Registry \u670d\u52a1 docker RancherLabs 2016\u5e7412\u670806\u65e5\u53d1\u5e03 \u00a0\u00a0|\u00a0\u00a0 0 \u6536\u85cf\u00a0\u00a0|\u00a0\u00a03 807 \u6b21\u6d4f\u89c8 \u524d\u8a00 \u5bf9\u4e8e Harbor \u8fd9\u6837\u4e00\u4e2a\u4f18\u79c0\u7684 Docker [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[1],"tags":[],"class_list":["post-239","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/blog.jsjs.org\/index.php?rest_route=\/wp\/v2\/posts\/239","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.jsjs.org\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.jsjs.org\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.jsjs.org\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.jsjs.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=239"}],"version-history":[{"count":0,"href":"https:\/\/blog.jsjs.org\/index.php?rest_route=\/wp\/v2\/posts\/239\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.jsjs.org\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=239"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.jsjs.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=239"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.jsjs.org\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=239"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}