- 全新安裝兩臺harbor,但不要着急執行
./install
(若是用舊的要清理下數據)- 要作Harbor高可用,咱們須要準備一臺NFS服務器共享2臺harbor的數據存儲目錄,在生產環境中,咱們能夠選則Ceph或者Glusterfs
- 咱們須要一臺Postgres數據庫給Harbor的clair漏洞掃描組件使用
- 咱們須要一臺MySQL數據庫給Harbor使用
- 咱們須要一臺redis數據庫給session使用
主機 | IP | 用途 | VIP |
---|---|---|---|
harbor-master | 192.168.200.70 | Harbor鏡像倉庫-主 | 192.168.200.244 |
harbor-slave | 192.168.200.109 | Harbor鏡像倉庫-備 | |
dns-nfs | 192.168.200.1110 | DNS服務器和NFS服務器端(harbor HA文件存儲) |
爲了省事兒把nfs服務端裝在DNS服務器上mysql
echo "net.ipv4.ip_forward=1" >> /etc/sysctl.confweb
sysctl -predis
mkdir -p /data/nfssql
yum -y install nfs-utilsdocker
vim /etc/exports數據庫
cat /etc/exportsvim
/data/nfs 192.168.200.0/24(rw,no_root_squash)
#默認root用戶存的東西不降權
systemctl start nfscentos
yum -y install nfs-utils瀏覽器
mkdir -p /data/storage服務器
mount 192.168.200.110:/data/nfs /data/storage
df -hT | grep /data/nfs
docker pull redis:alpine
docker images
docker run -dit --name redis_test -p 6379:6379 redis:alpine
docker ps -a
docker pull postgres
docker images
docker run -dit --name postgres_test -p 5432:5432 -e POSTGRES_PASSWORD=123123 postgres
docker ps -a
docker pull mysql:5.6
docker images
docker run -dit --name mysql_test -p 3306:3306 -e MYSQL_ROOT_PASSWORD=123123 mysql:5.6 --character-set-server=utf8
docker ps -a
docker ps -a
docker rename postgres_test clair_db
docker rename mysql_test harbor_db
docker rename redis_test session
docker ps -a
cd /data/install/harbor
ls
tree ha
ha
├── docker-compose.clair.tpl
├── docker-compose.clair.yml
├── docker-compose.tpl
├── docker-compose.yml #須要修改的配置文件
├── registry.sql #須要導入的mysql表格
└── sample
├── active_active
│ ├── check.sh
│ └── keepalived_active_active.conf
└── active_standby
├── check_harbor.sh
└── keepalived_active_standby.conf
3 directories, 9 files
yum -y install mysql
which mysql
mysql -uroot -p123123 -h192.168.200.110 -P3306
show databases;
source ha/registry.sql
show databases;
Specified key was too long; max key length is 767 bytes
這是由於導入的表格創建的索引超過mysql默認上線767bytes >=254 所以咱們須要修改導入的表
cat -n ha/registry.sql | sed -n '220p;291p'
220 repository varchar(256) NOT NULL, #將256改爲254
291 resource_name varchar(256), #將256改爲254
#改完以後在進行表格導入就不會報錯了
vim ha/registry.sql
cat -n ha/registry.sql | sed -n '220p;291p'
mysql -uroot -p123123 -h192.168.200.110 -P3306
show databases;
source ha/registry.sql
show databases;
cat -n ha/docker-compose.yml | sed -n '19p'
19 /data/registry:/storage:z
vim ha/docker-compose.yml
cat -n ha/docker-compose.yml | sed -n '19p'
19 /data/storage:/storage:z #修改爲咱們的nfs共享目錄
cat -n harbor.cfg | sed -n '7p;11p;23p;24p;68p;130p;133p;136p;139p;145p;150p;154p;157p;160p;163p'
7 hostname = reg.mydomain.com #harbor的訪問域名
11 ui_url_protocol = http #web訪問鏈接方式
23 ssl_cert = /data/cert/server.crt #ca證書路徑
24 ssl_cert_key = /data/cert/server.key #ca密鑰路徑
68 harbor_admin_password = Harbor12345 #harbor默認初始密碼
130 db_host = mysql #harbor鏈接的mysql_db的IP
133 db_password = root123 #MySQL鏈接密碼
136 db_port = 3306 #MySQL鏈接端口
139 db_user = root #MySQL鏈接用戶
145 redis_url = redis:6379 #session鏈接的redis數據庫路徑
150 clair_db_host = postgres #clair漏洞檢測組件鏈接的數據庫IP
154 clair_db_password = password #postgres數據庫鏈接密碼
157 clair_db_port = 5432 #postgres數據庫鏈接端口
160 clair_db_username = postgres #默認的鏈接用戶名
163 clair_db = postgres #默認的庫名
vim harbor.cfg
scp harbor.cfg 192.168.200.109:/data/install/harbor/
cat -n harbor.cfg | sed -n '7p;11p;23p;24p;68p;130p;133p;136p;139p;145p;150p;154p;157p;160p;163p'
7 hostname = www.yunjisuan.com
11 ui_url_protocol = https
23 ssl_cert = /etc/ssl/harbor/www.yunjisuan.com.crt
24 ssl_cert_key = /etc/ssl/harbor/www.yunjisuan.com.key
68 harbor_admin_password = Harbor12345
130 db_host = 192.168.200.110
133 db_password = 123123
136 db_port = 3306
139 db_user = root
145 redis_url = 192.168.200.110:6379
150 clair_db_host = 192.168.200.110
154 clair_db_password = 123123
157 clair_db_port = 5432
160 clair_db_username = postgres
163 clair_db = postgres
把證書信任給主,備,DNS-NFS 三臺都得信任 ,信任以後都得重啓docker!
mkdir -p /etc/ssl/harbor --->提早在nfs服務器建立目錄
cd /data/ssl/
cp www.yunjisuan.com.crt www.yunjisuan.com.key /etc/ssl/harbor
cp www.yunjisuan.com.crt /etc/pki/ca-trust/source/anchors/
scp www.yunjisuan.com.crt www.yunjisuan.com.key 192.168.200.109:/etc/ssl/harbor
scp www.yunjisuan.com.crt www.yunjisuan.com.key 192.168.200.110:/etc/ssl/harbor
update-ca-trust enable
update-ca-trust extract
systemctl restart docker
cd /etc/ssl/harbor
cp www.yunjisuan.com.crt /etc/pki/ca-trust/source/anchors/
update-ca-trust enable
update-ca-trust extract
systemctl restart docker
cd /etc/ssl/harbor
cp www.yunjisuan.com.crt /etc/pki/ca-trust/source/anchors/
update-ca-trust enable
update-ca-trust extract
systemctl restart docker
docker ps -a
docker start harbor_db
docker startclair_db
docker start session
docker ps -a
cd /data/install/harbor
./install.sh --with-clair --ha
由於使用了自定義存儲路徑,安裝途中須要yes確認
主和備兩臺最好一個一個的啓動,省得衝突
cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.200.70 www.yunjisuan.com
docker login -uadmin -pHarbor12345 www.yunjisuan.com
docker images
docker tag redis:alpine www.yunjisuan.com/library/redis:v1
docker push www.yunjisuan.com/library/redis:v1
ls /data/storage
cd /data/install/harbor
./install.sh --with-clair --ha
由於使用了自定義存儲路徑,安裝途中須要yes確認