Harbor私有鏡像倉庫(下)

七,Harbor HA:環境準備

  • 全新安裝兩臺harbor,但不要着急執行./install(若是用舊的要清理下數據)
  • 要作Harbor高可用,咱們須要準備一臺NFS服務器共享2臺harbor的數據存儲目錄,在生產環境中,咱們能夠選則Ceph或者Glusterfs
  • 咱們須要一臺Postgres數據庫給Harbor的clair漏洞掃描組件使用
  • 咱們須要一臺MySQL數據庫給Harbor使用
  • 咱們須要一臺redis數據庫給session使用
主機 IP 用途 VIP
harbor-master 192.168.200.70 Harbor鏡像倉庫-主 192.168.200.244
harbor-slave 192.168.200.109 Harbor鏡像倉庫-備  
dns-nfs 192.168.200.1110 DNS服務器和NFS服務器端(harbor HA文件存儲)  
 

(1)在dns-nfs上搭建nfs服務端 ip4轉發開開

爲了省事兒把nfs服務端裝在DNS服務器上mysql

echo "net.ipv4.ip_forward=1" >> /etc/sysctl.confweb

sysctl -predis

mkdir -p /data/nfssql

yum -y install nfs-utilsdocker

vim /etc/exports數據庫

cat /etc/exportsvim

 
  1. /data/nfs 192.168.200.0/24(rw,no_root_squash)
  2. #默認root用戶存的東西不降權

systemctl start nfscentos

image_1d0r3cm4497e86odnp1fg61811p.png-169.1kB


image_1d0r3feik17en17691hhn19ph1eg31m.png-152.5kB

 

(2)在harbor主和備上建立數據掛載目錄,並安裝nfs節點支持包(主備操做都同樣)

yum -y install nfs-utils瀏覽器

mkdir -p /data/storage服務器

mount 192.168.200.110:/data/nfs /data/storage

df -hT | grep /data/nfs

image_1d0r3h8j61g4ujjj18mm14c9ata23.png-158kB


image_1d0r3hh32r99j881bf51cg42vt2g.png-158.6kB

 

(3)在LDNS-NFS(NFS服務器端)啓動一個redis容器

 

下載一個redis鏡像(apline系統目前docker領域很火,由於它容量很小,比centos小不少)

docker pull redis:alpine

docker images

image_1d0r7ol8p1kogmdrc6pqvd10dk3t.png-46.2kB

 

啓動redis鏡像,映射端口

docker run -dit --name redis_test -p 6379:6379 redis:alpine

docker ps -a

image_1d0r7qb62rltm3712p6138kf704q.png-29.2kB

 

(4) 在LDNS-NFS(NFS服務器端)啓動一個postgreSQL數據庫容器

 

下載postgres

docker pull postgres

docker images

docker run -dit --name postgres_test -p 5432:5432 -e POSTGRES_PASSWORD=123123 postgres

docker ps -a

image_1d0r7tdsfjhv1p674rm1nt4f2057.png-109.4kB

 

(5) 在LDNS-NFS(NFS服務端)啓動一個MySQL數據容器

 

下載MySQL 5.6版鏡像

docker pull mysql:5.6

docker images

docker run -dit --name mysql_test -p 3306:3306 -e MYSQL_ROOT_PASSWORD=123123 mysql:5.6 --character-set-server=utf8

docker ps -a

image_1d0r8i23hq3k1m9tqav1go35l8k.png-111.3kB

 

(6)最後按照用途,咱們分別給數據庫改一下名稱

docker ps -a

docker rename postgres_test clair_db

docker rename mysql_test harbor_db

docker rename redis_test session

docker ps -a

image_1d0r8ki3h1cd414436p92b0jlpa4.png-71.3kB

 

八,Harbor HA:修改配置

 

8.1 Harbor-Master向mysql_db容器裏導入數據表(192.168.200.110)

 

再解壓後的harbor的ha目錄下的registry.sql表導入到咱們以前在NFS服務端上建立的MySQL容器裏

cd /data/install/harbor

ls

tree ha

 
  1. ha
  2. ├── docker-compose.clair.tpl
  3. ├── docker-compose.clair.yml
  4. ├── docker-compose.tpl
  5. ├── docker-compose.yml #須要修改的配置文件
  6. ├── registry.sql #須要導入的mysql表格
  7. └── sample
  8. ├── active_active
  9.    ├── check.sh
  10.    └── keepalived_active_active.conf
  11. └── active_standby
  12. ├── check_harbor.sh
  13. └── keepalived_active_standby.conf
  14. 3 directories, 9 files

image_1d0r8p77d1mt13g91hheaa51k1bah.png-56.8kB

 

Harbor-master本地安裝mysql客戶端鏈接程序

yum -y install mysql

which mysql

image_1d0r8uevb16jlqk41pm1uk1cence.png-122.5kB

 

遠程鏈接到192.168.200.110(NFS服務器端)的3306端口 導入表registry.sql

mysql -uroot -p123123 -h192.168.200.110 -P3306

show databases;

source ha/registry.sql

show databases;

image_1d0r948b4lk3h2nfpf4nv1t7jfp.png-82.1kB


image_1d0r94mia12ii3eg1tbd138fg35g6.png-84.9kB

 

特別提示:若是導入表格出現以下錯誤

Specified key was too long; max key length is 767 bytes

這是由於導入的表格創建的索引超過mysql默認上線767bytes >=254 所以咱們須要修改導入的表

cat -n ha/registry.sql | sed -n '220p;291p'

 
  1. 220 repository varchar(256) NOT NULL, #將256改爲254
  2. 291 resource_name varchar(256), #將256改爲254
  3. #改完以後在進行表格導入就不會報錯了

vim ha/registry.sql

cat -n ha/registry.sql | sed -n '220p;291p'

image_1d0r9ejuj1b3q1ttetl5n891lnfn2.png-30.2kB

 

再次導入表registry.sql

mysql -uroot -p123123 -h192.168.200.110 -P3306

show databases;

source ha/registry.sql

show databases;

image_1d0r9i3vveuc1fl71r53t3sv6gnf.png-79.6kB


image_1d0r9igrn1iggli49ps18fh1j66ns.png-61.3kB

 

8.2 修改配置文件

 

修改/data/install/ha/docker-compose.yml配置文件(備庫也要改!!)

cat -n ha/docker-compose.yml | sed -n '19p'

 
  1. 19 /data/registry:/storage:z

vim ha/docker-compose.yml

cat -n ha/docker-compose.yml | sed -n '19p'

 
  1. 19 /data/storage:/storage:z #修改爲咱們的nfs共享目錄

image_1d0r9lik6f91eco15i4n27eepp9.png-22.7kB


image_1d0r9p42r1c5d124nsfamkd1n2qr9.png-23.6kB

 

修改/data/install/harharbor.cfg文件

cat -n harbor.cfg | sed -n '7p;11p;23p;24p;68p;130p;133p;136p;139p;145p;150p;154p;157p;160p;163p'

 
  1. 7 hostname = reg.mydomain.com #harbor的訪問域名
  2. 11 ui_url_protocol = http #web訪問鏈接方式
  3. 23 ssl_cert = /data/cert/server.crt #ca證書路徑
  4. 24 ssl_cert_key = /data/cert/server.key #ca密鑰路徑
  5. 68 harbor_admin_password = Harbor12345 #harbor默認初始密碼
  6. 130 db_host = mysql #harbor鏈接的mysql_db的IP
  7. 133 db_password = root123 #MySQL鏈接密碼
  8. 136 db_port = 3306 #MySQL鏈接端口
  9. 139 db_user = root #MySQL鏈接用戶
  10. 145 redis_url = redis:6379 #session鏈接的redis數據庫路徑
  11. 150 clair_db_host = postgres #clair漏洞檢測組件鏈接的數據庫IP
  12. 154 clair_db_password = password #postgres數據庫鏈接密碼
  13. 157 clair_db_port = 5432 #postgres數據庫鏈接端口
  14. 160 clair_db_username = postgres #默認的鏈接用戶名
  15. 163 clair_db = postgres #默認的庫名
 

修改爲以下所示(主備都同樣)

vim harbor.cfg

scp harbor.cfg 192.168.200.109:/data/install/harbor/

cat -n harbor.cfg | sed -n '7p;11p;23p;24p;68p;130p;133p;136p;139p;145p;150p;154p;157p;160p;163p'

 
  1. 7 hostname = www.yunjisuan.com
  2. 11 ui_url_protocol = https
  3. 23 ssl_cert = /etc/ssl/harbor/www.yunjisuan.com.crt
  4. 24 ssl_cert_key = /etc/ssl/harbor/www.yunjisuan.com.key
  5. 68 harbor_admin_password = Harbor12345
  6. 130 db_host = 192.168.200.110
  7. 133 db_password = 123123
  8. 136 db_port = 3306
  9. 139 db_user = root
  10. 145 redis_url = 192.168.200.110:6379
  11. 150 clair_db_host = 192.168.200.110
  12. 154 clair_db_password = 123123
  13. 157 clair_db_port = 5432
  14. 160 clair_db_username = postgres
  15. 163 clair_db = postgres

image_1d0rbfa0ntk1lhctffp6l1cfn19.png-76.2kB


image_1d0rbfirq1lp715a74117a05fg1m.png-54.6kB

 

九,Harbor HA:啓動Harbor

把證書信任給主,備,DNS-NFS 三臺都得信任 ,信任以後都得重啓docker!

mkdir -p /etc/ssl/harbor --->提早在nfs服務器建立目錄

 

在主上把證書信任,並都發送給備和nfs,信任以後重啓docker

cd /data/ssl/

cp www.yunjisuan.com.crt www.yunjisuan.com.key /etc/ssl/harbor

cp www.yunjisuan.com.crt /etc/pki/ca-trust/source/anchors/

scp www.yunjisuan.com.crt www.yunjisuan.com.key 192.168.200.109:/etc/ssl/harbor

scp www.yunjisuan.com.crt www.yunjisuan.com.key 192.168.200.110:/etc/ssl/harbor

update-ca-trust enable

update-ca-trust extract

systemctl restart docker

image_1d0rco7dj3m1530b0i1t0s2m.png-76kB

 

在備上把證書信任,信任以後重啓docker

cd /etc/ssl/harbor

cp www.yunjisuan.com.crt /etc/pki/ca-trust/source/anchors/

update-ca-trust enable

update-ca-trust extract

systemctl restart docker

image_1d0rcttit1qnb19jv1it01cns22c3p.png-24.8kB

 

在nfs上把證書信任,信任以後重啓docker

cd /etc/ssl/harbor

cp www.yunjisuan.com.crt /etc/pki/ca-trust/source/anchors/

update-ca-trust enable

update-ca-trust extract

systemctl restart docker

image_1d0rcu7bg6nh1eej1m40104c1h646.png-28.1kB

 

DNS-NFS上的docker進程開啓 (重啓以後就關了)

docker ps -a

docker start harbor_db

docker startclair_db

docker start session

docker ps -a

image_1d0rd06rc877p5v138ve897lh4j.png-73kB

 

啓動harbor-master

cd /data/install/harbor

./install.sh --with-clair --ha

由於使用了自定義存儲路徑,安裝途中須要yes確認

主和備兩臺最好一個一個的啓動,省得衝突

image_1d0rd2j1f1e71v11qi412eflui50.png-42.4kB

 

進行Harbor-master的IP瀏覽器進行訪問測試

https://192.168.200.70

image_1d0rda7vr1ojdro4k3h158o1v6u6g.png-92.1kB

 

在DNS-NFS上進行上傳測試

 

修改映射

cat /etc/hosts

 
  1. 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
  2. ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
  3. 192.168.200.70 www.yunjisuan.com

image_1d0rdc0lm1fsg1oje14vnn3c1bca7d.png-21.2kB

image_1cu1d9gtqlvbqu8610er71dn59.png-233.6kB


image_1cu1da7tid1pbff98gmc3kjrm.png-106.6kB

 

上傳一個鏡像進行測試

docker login -uadmin -pHarbor12345 www.yunjisuan.com

docker images

docker tag redis:alpine www.yunjisuan.com/library/redis:v1

docker push www.yunjisuan.com/library/redis:v1

image_1d0rdohel1ure1785odv1ati1kud8q.png-81.6kB


image_1d0rdscepbva1eqfqceokb1f9han.png-91.5kB

 

在主上查看測試結果

ls /data/storage

image_1d0rdsk0evh3f0m1u1718dn1in6b4.png-11.8kB

 

啓動harbor-slave

cd /data/install/harbor

./install.sh --with-clair --ha

由於使用了自定義存儲路徑,安裝途中須要yes確認

image_1d0rdtr2l1d6amftk70nrf1e2vbh.png-42.4kB

 

進行Harbor-slave的IP瀏覽器進行訪問測試

https://192.168.200.109

image_1d0re8ssr1t3vbpidm04rslinde.png-92.7kB

 

安裝keepalived(域名映射在VIP上便可)

image_1cu1dpb2r1oei107q1cc1jd3dfu13.png-239.8kB


image_1cu1dpqk01ieb13nl1q9n1bb36911g.png-133.3kB

相關文章
相關標籤/搜索