一、部署主机角色说明
主机角色 | IP地址 | 操作系统 | 摘要 |
---|---|---|---|
主节点(Master) | hz01-prod-ops-harbor-01(172.16.8.228) | CentOS Linux release 7.3.1611 (Core) x86_64 | harbor安装及配置 |
从节点(Node) | hz01-prod-ops-harbor-02(172.16.8.245) | CentOS Linux release 7.3.1611 (Core) X86-64 | 主节点数据复制 |
二、harbor 部署
- 开源项目地址:https://github.com/vmware/harbor
- 官方安装说明:https://github.com/vmware/harbor/blob/master/docs/installation_guide.md
- 下载安装包并解压:
[root@hz01-prod-ops-harbor-02 /opt]# wget https://storage.googleapis.com/harbor-releases/release-1.4.0/harbor-online-installer-v1.4.0-rc2.tgz
[root@hz01-prod-ops-harbor-02 /opt]# tar xvf harbor-online-installer-v1.4.0-rc2.tgz
- 安装docker-compose
[root@hz01-prod-ops-harbor-02 /opt/harbor]# yum install python-pip
[root@hz01-prod-ops-harbor-02 /opt/harbor]# yum install docker-compose
- 修改镜像源
[root@hz01-prod-ops-harbor-01 /opt/harbor]# vim /etc/sysconfig/docker
{
"registry-mirrors": ["http://ef017c13.m.daocloud.io"]
}
- 修改harbor配置
[root@hz01-prod-ops-harbor-02 /opt/harbor]# vim /opt/harbor/harbor.cfg
# hostname 设置访问地址,支持IP,域名,主机名,禁止设置127.0.0.1
hostname = reg.mydomain.com
# 访问协议,可设置 http,https
ui_url_protocol = http
# harbor WEB UI登陆使用的密码
harbor_admin_password = Harbor12345
# 认证方式,这里支持多种认证方式,默认是 db_auth ,既mysql数据库存储认证。
# 这里还支持 ldap 以及 本地文件存储方式。
auth_mode = db_auth
# mysql root 账户的 密码
db_password = root123
self_registration= on
use_compressed_js= on
max_job_workers= 3
verify_remote_cert= on
customize_crt= on
#这些需要修改的其他的参数可以保持默认
- 安装harbor
[root@hz01-prod-ops-harbor-02 /opt/harbor]# cd /opt/harbor
[root@hz01-prod-ops-harbor-02 /opt/harbor]# ./install.sh
[root@hz01-prod-ops-harbor-02 /opt/harbor]# docker-compose ps
Name Command State Ports
------------------------------------------------------------------------------------------------------------------------------
harbor-adminserver /harbor/start.sh Up
harbor-db /usr/local/bin/docker-entr ... Up 3306/tcp
harbor-jobservice /harbor/start.sh Up
harbor-log /bin/sh -c /usr/local/bin/ ... Up 127.0.0.1:1514->10514/tcp
harbor-ui /harbor/start.sh Up
nginx nginx -g daemon off; Up 0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp, 0.0.0.0:80->80/tcp
registry /entrypoint.sh serve /etc/ ... Up 5000/tcp
- 通过终端登陆镜像仓库
[root@hz01-prod-ops-harbor-02 /opt/harbor]# docker login hz01-prod-ops-harbor-02.sysadmin.xinguangnet.com
Username: admin
Password:
Error response from daemon: Get https://hz01-prod-ops-harbor-02/v1/users/: dial tcp 172.16.8.245:443: getsockopt: connection refused
#这里配置的是http,docker login默认走的是https.
#在下述文件中添加"--insecure-registry=hz01-prod-ops-harbor-02.sysadmin.xinguangnet.com"这里的域名可以是ip地址。
[root@hz01-prod-ops-harbor-02 /opt/harbor]# vim /etc/sysconfig/docker
OPTIONS='--selinux-enabled --log-driver=journald --signature-verification=false --insecure-registry=hz01-prod-ops-harbor-02.sysadmin.xinguangnet.com'
if [ -z "${DOCKER_CERT_PATH}" ]; then
DOCKER_CERT_PATH=/etc/docker
fi
[root@hz01-prod-ops-harbor-02 /opt/harbor]# systemctl daemon-reload
[root@hz01-prod-ops-harbor-02 /opt/harbor]# systemctl restart docker
[root@hz01-prod-ops-harbor-02 /opt/harbor]# docker login hz01-prod-ops-harbor-02.sysadmin.xinguangnet.com
Username: admin
Password:
Login Succeeded
- 验证,推送镜像到harbor
登陆harbor,创建一个test测试的项目:
#公网上随便拉个镜像
[root@hz01-prod-ops-harbor-02 /opt/harbor]# docker pull mongo
[root@hz01-prod-ops-harbor-02 /opt/harbor]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/mongo latest 5b1317f8158f 7 days ago 365.9 MB
[root@hz01-prod-ops-harbor-02 /opt/harbor]# docker tag mongo hz01-prod-ops-harbor-02.sysadmin.xinguangnet.com/test/mongodb:1.0
[root@hz01-prod-ops-harbor-02 /opt/harbor]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/mongo latest 5b1317f8158f 7 days ago 365.9 MB
hz01-prod-ops-harbor-02.sysadmin.xinguangnet.com/test/mongodb 1.0 5b1317f8158f 7 days ago 365.9 MB
[root@hz01-prod-ops-harbor-02 /opt/harbor]# docker push hz01-prod-ops-harbor-02.sysadmin.xinguangnet.com/test/mongodb:1.0
The push refers to a repository [hz01-prod-ops-harbor-02.sysadmin.xinguangnet.com/test/mongodb]
99099bc0f52d: Pushed
5388bfbc2c01: Pushed
d6ac487f7716: Pushed
2ecbdcef31f1: Pushed
4786aaf122f1: Pushed
b597eb624250: Pushed
d1a481118c6e: Pushed
217a81d3bde9: Pushed
54e8db6ab32d: Pushed
43efe85a991c: Pushed
1.0: digest: sha256:82fb1f2483179a7c26ac603d5ad0f9cf6992a27f272c82e277371a96657b799b size: 2407
三、配置docker镜像复制
- 登陆master节点的web ui
根据上文创建一个openshift的项目,这里不做演示了。
- 选择仓库管理,创建从节点的信息
- 填写node节点的信息,并测试连接
- 连接成功后,仓库管理会生成一条信息
- 点击复制管理,添加一条复制策略
- 新建复制规则,主要是复制源项目,目标节点,触发模式,之后选择保存
- 复制管理会生成一条oepnshift复制的规则
- 测试镜像复制策略是否生效
#推送一个镜像到openshift项目
[root@hz01-prod-ops-harbor-01 /root]# docker tag docker.io/mongo 172.16.8.228/openshift/mongodb:1.0
[root@hz01-prod-ops-harbor-01 /root]# docker push 172.16.8.228/openshift/mongodb:1.0
The push refers to a repository [172.16.8.228/openshift/mongodb]
99099bc0f52d: Pushed
5388bfbc2c01: Pushed
d6ac487f7716: Pushed
2ecbdcef31f1: Pushed
4786aaf122f1: Pushed
b597eb624250: Pushed
d1a481118c6e: Pushed
217a81d3bde9: Pushed
54e8db6ab32d: Pushed
43efe85a991c: Pushed
1.0: digest: sha256:82fb1f2483179a7c26ac603d5ad0f9cf6992a27f272c82e277371a96657b799b size: 2407
- 在主节点web ui查看,生成了一条复制任务!
- 在从节点web ui查看,已经从主节点把镜像复制过来了
四、数据库备份
#根据文件定义数据文件放在/data/database/目录下
[root@hz01-prod-ops-harbor-01 /opt/harbor]# vim docker-compose.yml
mysql:
image: vmware/harbor-db:v1.4.0
container_name: harbor-db
restart: always
volumes:
- /data/database:/var/lib/mysql:z
[root@hz01-prod-ops-harbor-01 /data/database]# ls /data/database/
aria_log.00000001 aria_log_control created_in_mariadb.flag ib_buffer_pool ibdata1 ib_logfile0 ib_logfile1 ibtmp1 multi-master.info mysql performance_schema registry tc.log
喜欢的话支付宝扫个赏金,,谢谢各位老板