一台服务器安装两个 Harbor,这样的操作在生产中是不推荐的,但是由于各种各样的原因,可能会发生这情况,本文将介绍如何在一台服务器上搭建两个 Harbor。
准备
客户的 Harbor 基本上都是用的开源的 Harbor 文件进行部署的,相关文件点此链接。
将包上传到服务器上,一个按照正常流程启动,可以参考此链接,创建一个 harbor2 的文件夹,再次解压安装包,并修改 harbor.yml 的内容,注意要保证两个 harbor.yml 的以下字段不相同:
http:
port: 80
data_volume: /data
然后执行 ./prepare 命令生成相关配置文件。
修改配置
启动两个 Harbor 主要修改 harbor 目录下的 docker-compose.yaml 文件和 common 文件夹下的配置文件。
修改 docker-compose.yaml 文件
将第二个 Harbor 的 docker-compose.yaml 修改成以下内容:
version: '2.3'
services:
log-slave:
image: goharbor/harbor-log:v2.10.3
container_name: harbor-log-slave
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- DAC_OVERRIDE
- SETGID
- SETUID
volumes:
- /var/log/harbor/:/var/log/docker/:z
- type: bind
source: ./common/config/log/logrotate.conf
target: /etc/logrotate.d/logrotate.conf
- type: bind
source: ./common/config/log/rsyslog_docker.conf
target: /etc/rsyslog.d/rsyslog_docker.conf
ports:
- 127.0.0.1:1514:10514
networks:
- harbor-slave
registry-slave:
image: goharbor/registry-photon:v2.10.3
container_name: registry-slave
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
volumes:
- /data2/registry:/storage:z
- ./common/config/registry/:/etc/registry/:z
- type: bind
source: /data2/secret/registry/root.crt
target: /etc/registry/root.crt
- type: bind
source: ./common/config/shared/trust-certificates
target: /harbor_cust_cert
networks:
- harbor-slave
depends_on:
- log-slave
logging:
driver: "syslog"
options:
syslog-address: "tcp://localhost:1514"
tag: "registry"
registryctl-slave:
image: goharbor/harbor-registryctl:v2.10.3
container_name: registryctl-slave
env_file:
- ./common/config/registryctl/env
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
volumes:
- /data2/registry:/storage:z
- ./common/config/registry/:/etc/registry/:z
- type: bind
source: ./common/config/registryctl/config.yml
target: /etc/registryctl/config.yml
- type: bind
source: ./common/config/shared/trust-certificates
target: /harbor_cust_cert
networks:
- harbor-slave
depends_on:
- log-slave
logging:
driver: "syslog"
options:
syslog-address: "tcp://localhost:1514"
tag: "registryctl"
postgresql-slave:
image: goharbor/harbor-db:v2.10.3
container_name: harbor-db-slave
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- DAC_OVERRIDE
- SETGID
- SETUID
volumes:
- /data2/database:/var/lib/postgresql/data:z
networks:
harbor-slave:
env_file:
- ./common/config/db/env
depends_on:
- log-slave
logging:
driver: "syslog"
options:
syslog-address: "tcp://localhost:1514"
tag: "postgresql"
shm_size: '1gb'
core-slave:
image: goharbor/harbor-core:v2.10.3
container_name: harbor-core-slave
env_file:
- ./common/config/core/env
restart: always
cap_drop:
- ALL
cap_add:
- SETGID
- SETUID
volumes:
- /data2/ca_download/:/etc/core/ca/:z
- /data2/:/data/:z
- ./common/config/core/certificates/:/etc/core/certificates/:z
- type: bind
source: ./common/config/core/app.conf
target: /etc/core/app.conf
- type: bind
source: /data2/secret/core/private_key.pem
target: /etc/core/private_key.pem
- type: bind
source: /data2/secret/keys/secretkey
target: /etc/core/key
- type: bind
source: ./common/config/shared/trust-certificates
target: /harbor_cust_cert
networks:
harbor-slave:
depends_on:
- log-slave
- registry-slave
- redis-slave
- postgresql-slave
logging:
driver: "syslog"
options:
syslog-address: "tcp://localhost:1514"
tag: "core"
portal-slave:
image: goharbor/harbor-portal:v2.10.3
container_name: harbor-portal-slave
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
- NET_BIND_SERVICE
volumes:
- type: bind
source: ./common/config/portal/nginx.conf
target: /etc/nginx/nginx.conf
networks:
- harbor-slave
depends_on:
- log-slave
logging:
driver: "syslog"
options:
syslog-address: "tcp://localhost:1514"
tag: "portal"
jobservice-slave:
image: goharbor/harbor-jobservice:v2.10.3
container_name: harbor-jobservice-slave
env_file:
- ./common/config/jobservice/env
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
volumes:
- /data2/job_logs:/var/log/jobs:z
- type: bind
source: ./common/config/jobservice/config.yml
target: /etc/jobservice/config.yml
- type: bind
source: ./common/config/shared/trust-certificates
target: /harbor_cust_cert
networks:
- harbor-slave
depends_on:
- core-slave
logging:
driver: "syslog"
options:
syslog-address: "tcp://localhost:1514"
tag: "jobservice"
redis-slave:
image: goharbor/redis-photon:v2.10.3
container_name: redis-slave
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
volumes:
- /data2/redis:/var/lib/redis
networks:
harbor-slave:
depends_on:
- log-slave
logging:
driver: "syslog"
options:
syslog-address: "tcp://localhost:1514"
tag: "redis"
proxy-slave:
image: goharbor/nginx-photon:v2.10.3
container_name: nginx-slave
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
- NET_BIND_SERVICE
volumes:
- ./common/config/nginx:/etc/nginx:z
- type: bind
source: ./common/config/shared/trust-certificates
target: /harbor_cust_cert
networks:
- harbor-slave
ports:
- 8081:8080
depends_on:
- registry-slave
- core-slave
- portal-slave
- log-slave
logging:
driver: "syslog"
options:
syslog-address: "tcp://localhost:1514"
tag: "proxy"
networks:
harbor-slave:
external: false
在原有的文件之上添加了 “-slave” 的后缀,如 harbor-slave、core-slave、registry-slave 和 log-slave 等等。这样做的目的:
- 区分两个 docker-compose 的 service
- 区分两个 docker-compose 的容器名称
- 区分两个 docker-compose 的网络
docker-compose 没有类似 k8s namespace 的资源隔离机制,所有的资源集中在一起,通过不同的 service 名称,容器名称和网络进行管理。
修改 common 文件
common 文件下有 core、db、jobservice、log 、nginx、portal、registry 、registryctl 和 shared 几个文件。需要修改 core、jobservice、nginx 和 registry 这几个文件中的配置文件。这几个配置文件中有关域名的部分都需要改成 service 的名称如:redis-slave、log-slave、postgresql-slave 和 jobservice-slave。