[root@node1 opt]# vim /etc/hosts
……
192.168.27.20 repository
……
[root@node1 opt]# ssh-copy-id repository#拷贝密钥给repository虚拟机[root@repository ~]# vim /etc/os-release
……
ID="centos"
……
[root@node1 opt]# docker-machine create -d generic --engine-install-url http://192.168.27.7/docker/get-docker.s
Running pre-create checks...
Creating machine...(repository) No SSH key specified. Assuming an existing key at the default location.
Waiting for machine to be running, this may take a few minutes...
Detecting operating system of created instance...
Waiting for SSH to be available...
Detecting the provisioner...
Provisioning with centos...
Copying certs to the local machine directory...
Copying certs to the remote machine...
Setting Docker configuration on the remote daemon...
Checking connection to Docker...
Docker is up and running!
To see how to connect your Docker Client to the Docker Engine running on this virtual machine, run: docker-mach
[root@node1 opt]# docker-machine ls
NAME ACTIVE DRIVER STATE URL SWARM DOCKER ERRORS
node2 - generic Running tcp://192.168.27.12:2376 v18.09.6
node3 - generic Running tcp://192.168.27.13:2376 v18.09.6
repository - generic Running tcp://192.168.27.20:2376 v18.09.6
#docker环境已安装完成
harbor安装
[root@repository ~]# cd /opt[root@repository opt]# ls
containerd harbor-offline-installer-v1.8.2.tgz
[root@repository opt]# tar zxf harbor-offline-installer-v1.8.2.tgz[root@repository opt]# ls
containerd harbor harbor-offline-installer-v1.8.2.tgz
[root@repository opt]# cd harbor/[root@repository harbor]# ls
harbor.v1.8.2.tar.gz harbor.yml install.sh LICENSE prepare
#
harbor.yml文件内容修改
[root@repository harbor]# vim harbor.yml# Configuration file of Harbor# The IP address or hostname to access admin UI and registry service.# DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
hostname: reg.mydocker.com
#设置仓库# http related config#http:# port for http, default is 80. If https enabled, this port will redirect to https port# port: 80#常规http访问模式# # https port for harbor, default is 443
port: 443
# # The path of cert and key files for nginx
certificate: /etc/docker/certs/reg.mydocker.com.crt
private_key: /etc/docker/certs/reg.mydocker.com.key
#https加密访问,与http只能开启一个模块,另https需要开启认证证书和密钥这两行,证书和密钥还没有生成,但是存放路径先填写好# Uncomment external_url if you want to enable external proxy# And when it enabled the hostname will no longer used# external_url: https://reg.mydomain.com:8433# The initial password of Harbor admin# It only works in first time to install harbor# Remember Change the admin password from UI after launching Harbor.
harbor_admin_password: redhat
# Harbor DB configuration
database:
# The password for the root user of Harbor DB. Change this before any production use.
password: redhat
#harbor使用的数据库容器管理员密码# The default data volume
data_volume: /data#默认数据存放卷
因为仓库选择使用了https认证,需要生成相应密钥和证书
[root@repository certs]# pwd/etc/docker/certs
[root@repository certs]# openssl req -newkey rsa:4096 -nodes -sha256 -keyout reg.mydocker.com.key -x509 -days 365 -out reg.mydocker.com.crt
……
省略了过程,7项信息填写(国家、省、城市、机构、部门、服务器名称、邮箱)
注意此项服务器名称:Common Name (eg, your name or your server's hostname)[]:reg.mydocker.com
……
[root@repository certs]# ls
reg.mydocker.com.crt reg.mydocker.com.key
[root@repository harbor]# ./install.sh[Step 0]: checking installation environment ...
Note: docker version: 18.09.6
✖ Need to install docker-compose(1.18.0+) by yourself first and run this script again.#额,需要安装docker-compose,很明显因为使用harbor是多容器,yml文件安装,所以需要编排软件
[root@node1 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest e548f1a579cf 24 months ago 109MB
dockersamples/visualizer latest 17e55a9b2354 2 years ago 148MB
game2048 latest 19299002fdbe 3 years ago 55.5MB
haproxy latest fbd1f55f79b3 3 years ago 139MB
[root@node1 ~]# docker tag nginx:latest reg.mydocker.com/library/ngnix:latest#修改公开上传标签[root@node1 ~]# docker tag nginx:latest reg.mydocker.com/private/ngnix:latest#修改私有上传标签[root@node1 ~]# docker push reg.mydocker.com/library/ngnix
The push refers to repository [reg.mydocker.com/library/ngnix]
e89b70d28795: Preparing
832a3ae4ac84: Preparing
014cf8bfcb2d: Preparing
denied: requested access to the resource is denied
#共有仓库访问拒绝了[root@node1 ~]# docker push reg.mydocker.com/private/ngnix
The push refers to repository [reg.mydocker.com/private/ngnix]
e89b70d28795: Preparing
832a3ae4ac84: Preparing
014cf8bfcb2d: Preparing
denied: requested access to the resource is denied
#私有仓库也拒绝了
node1节点上使用admin用户登录仓库
[root@node1 ~]# docker login reg.mydocker.com
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
#登录成功[root@node1 ~]# cat .docker/config.json{"auths": {"reg.mydocker.com": {"auth": "YWRtaW46YWRtaW4="}},"HttpHeaders": {"User-Agent": "Docker-Client/18.09.6 (linux)"}}#登录信息保存地址
再次测试上传,login后都成功了
[root@node1 ~]#docker push reg.mydocker.com/library/ngnix
The push refers to repository [reg.mydocker.com/library/ngnix]
e89b70d28795: Pushed
832a3ae4ac84: Pushed
014cf8bfcb2d: Pushed
latest: digest: sha256:600bff7fb36d7992512f8c07abd50aac08db8f17c94e3c83e47d53435a1a6f7c size: 948
[root@node1 ~]# docker push reg.mydocker.com/private/ngnix
The push refers to repository [reg.mydocker.com/private/ngnix]
e89b70d28795: Mounted from library/ngnix
832a3ae4ac84: Mounted from library/ngnix
014cf8bfcb2d: Mounted from library/ngnix
latest: digest: sha256:600bff7fb36d7992512f8c07abd50aac08db8f17c94e3c83e47d53435a1a6f7c size: 948
[root@node1 ~]##都成功了