Docker官方镜像仓库下载太慢？镜像存放到本地安全又省事

Harbor简介

但无论官方的Docker Hub有多强大，它毕竟是在国外，所以速度是最大的瓶颈，我们很多时候是不可能去考虑使用官方的仓库的，但是上面说的两种自建仓库方式又十分简陋，不便管理，所以后来就出现了一个被 CNCF 组织青睐的项目，其名为Harbor。

Harbor是由VMWare在Docker Registry的基础之上进行了二次封装，加进去了很多额外程序，而且提供了一个非常漂亮的web界面。

Harbor的功能

Feathers：

• Multi-tenant content signing and validation 多租户内容签名和验证
• Security and vulnerability analysis 安全性和脆弱性分析
• Audit logging 审计日志记录
• Identity integration and role-based access control 身份集成和基于角色的访问控制
• Image replication between instances 实例间的镜像复制
• Extensible API and graphical UI 可扩展API和图形化界面
• Internationalization（currently English and Chinese） 国际化(目前为中英文)
• Docker compose

Harbor在物理机上部署是非常难的，而为了简化Harbor的应用，Harbor官方直接把Harbor做成了在容器中运行的应用，而且这个容器在Harbor中依赖类似redis、mysql、pgsql等很多存储系统，所以它需要编排很多容器协同起来工作，因此VMWare Harbor在部署和使用时，需要借助于Docker的单机编排工具(Docker compose)来实现。

Harbor部署

主机名	IP	服务	作用
JLJLregistry.example.com	192.168.23.180	docker harbor	镜像仓库
JLtest.example.com	192.168.23.181	docker	获取镜像,上传镜像

安装docker

centos8（centos8官方源已下线，建议切换centos-vault源）
wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-vault-8.5.2111.repo
或者
curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-vault-8.5.2111.repo

centos6（centos6官方源已下线，建议切换centos-vault源）
wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-vault-6.10.repo
或者
curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-vault-6.10.repo

CentOS 7
wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
或者
curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repoce/linux/centos/docker-ce.repo

[root@JLregistry ~]# yum -y install docker-ce
[root@JLregistry ~]# systemctl enable --now docker
[root@JLregistry ~]# cat > /etc/docker/daemon.json <<EOF
{
  "registry-mirrors": ["https://tnj022g0.mirror.aliyuncs.com"]
}
EOF
[root@JLregistry ~]# systemctl restart docker
[root@JLregistry ~]# systemctl daemon-reload

安装docker compose

[root@JLregistry ~]# curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   664  100   664    0     0    982      0 --:--:-- --:--:-- --:--:--   980
100 12.1M  100 12.1M    0     0   102k      0  0:02:01  0:02:01 --:--:-- 91328
[root@JLregistry ~]# chmod +x /usr/local/bin/docker-compose
[root@JLregistry ~]# docker-compose --version
docker-compose version 1.29.2, build 5becea4c
[root@JLregistry ~]# which docker-compose 
/usr/local/bin/docker-compose

安装harbor

[root@JLregistry ~]# cd /usr/src/
[root@JLregistry src]# wget https://github.com/goharbor/harbor/releases/download/v2.3.5/harbor-offline-installer-v2.3.5.tgz
[root@JLregistry local]# ls
bin  etc  games  harbor  include  lib  lib64  libexec  sbin  share  src
[root@JLregistry local]# cd harbor/
[root@JLregistry harbor]# ls
common.sh             harbor.yml.tmpl  LICENSE
harbor.v2.3.5.tar.gz  install.sh       prepare

生成配置文件

[root@JLregistry harbor]# cp harbor.yml.tmpl harbor.yml
[root@JLregistry harbor]# ls
common.sh             harbor.yml       install.sh  prepare
harbor.v2.3.5.tar.gz  harbor.yml.tmpl  LICENSE

修改配置

[root@JLregistry harbor]# vim harbor.yml
......
hostname: JLregistry.example.com    #设置为Harbor服务器的IP地址或者域名

https:
  port: 443
  certificate: /data/cert/harbor.od.com.crt 
  private_key: /data/cert/harbor.od.com.key
external_url: https://JLregistry.example.com

harbor_admin_password: Harbor12345   #harbor web界面登陆密码

配置域名解析

[root@JLregistry ~]# cat /etc/hosts 
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.23.180 JLregistry.example.com

执行安装harbor脚本

[root@JLregistry ~]# cd /usr/local/harbor/
[root@JLregistry harbor]# ./install.sh 
✔ ----Harbor has been installed and started successfully.----

启动harbor

[root@JLregistry harbor]# docker-compose start
Starting log         ... done
Starting registry    ... done
Starting registryctl ... done
Starting postgresql  ... done
Starting portal      ... done
Starting redis       ... done
Starting core        ... done
Starting jobservice  ... done
Starting proxy       ... done

[root@JLregistry harbor]# ss -antl
State   Recv-Q  Send-Q   Local Address:Port    Peer Address:Port  Process  
LISTEN  0       128          127.0.0.1:1514         0.0.0.0:*              
LISTEN  0       128            0.0.0.0:80           0.0.0.0:*              
LISTEN  0       128            0.0.0.0:22           0.0.0.0:*              
LISTEN  0       128               [::]:80              [::]:*              
LISTEN  0       128               [::]:22              [::]:*          

编写启动脚本

[root@JLregistry ~]# touch  /start.sh
[root@JLregistry ~]# chmod +x /start.sh 
[root@JLregistry ~]# cat > /start.sh <<EOF
#!/bin/bash

cd /usr/local/harbor/
docker-compose start
EOF
[root@JLregistry ~]# vim /etc/rc.local 
#!/bin/bash
# THIS FILE IS ADDED FOR COMPATIBILITY PURPOSES
#
# It is highly advisable to create own systemd services or udev rules
# to run scripts during boot instead of using this file.
#
# In contrast to previous versions due to parallel execution during boot
# this script will NOT be run after all other services.
#
# Please note that you must run 'chmod +x /etc/rc.d/rc.local' to ensure
# that this script will be executed during boot.

touch /var/lock/subsys/local
/bin/bash -c  /start.sh

[root@JLregistry ~]# chmod +x /etc/rc.local

运行prepare脚本以启用HTTPS
Harbor将nginx实例用作所有服务的反向代理。您可以使用prepare脚本来配置nginx为使用HTTPS

./prepare

如果Harbor正在运行，请停止并删除现有实例
您的图像数据保留在文件系统中，因此不会丢失任何数据

docker-compose down -v

重启docker

docker-compose up -d

JLtest端测试

配置主机解析

[root@JLregistry ~]# vim /etc/hosts 
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.23.180  JLregistry.example.com
// 镜像获取地址
[root@JLregistry ~]# cat > /etc/docker/daemon.json <<EOF
{
  "registry-mirrors": ["https://in3617d8.mirror.aliyuncs.com"],
  "insecure-registries": ["JLregistry.example.com"]
}
EOF
[root@JLregistry ~]# systemctl restart docker
[root@JLregistry ~]# systemctl daemon-reload

获取官网上的busybox镜像

[root@JLtest ~]# docker pull busybox
Using default tag: latest
latest: Pulling from library/busybox
3cb635b06aa2: Pull complete 
Digest: sha256:b5cfd4befc119a590ca1a81d6bb0fa1fb19f1fbebd0397f25fae164abe1e8a6a
Status: Downloaded newer image for busybox:latest
docker.io/library/busybox:latest
[root@JLtest ~]# docker images 
REPOSITORY   TAG       IMAGE ID       CREATED      SIZE
busybox      latest    ffe9d497c324   8 days ago   1.24MB

登录仓库

[root@JLtest ~]# docker login JLregistry.example.com
Username: admin
Password: 
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

上传busybox镜像到私有仓库上

[root@JLregistry ~]# docker tag busybox JLregistry.example.com/library/busybox
[root@JLtest ~]# docker images 
REPOSITORY                            TAG       IMAGE ID       CREATED      SIZE
JLregistry.example.com/library/busybox   latest    ffe9d497c324   8 days ago   1.24MB
busybox                               latest    ffe9d497c324   8 days ago   1.24MB
[root@JLtest ~]# docker push JLregistry.example.com/library/busybox
Using default tag: latest
The push refers to repository [JLregistry.example.com/library/busybox]
64cac9eaf0da: Pushed 
latest: digest: sha256:50e44504ea4f19f141118a8a8868e6c5bb9856efa33f2183f5ccea7ac62aacc9 size: 527

登录仓库查看