#>>> 机器配置情况
LB: nginx > 负载均衡,流量分发
harbor: 2台 centos7.9 2core 2G > harbor服务, web - docker的方式去部署
postgresql: 1台 centos7.9 2core 2G > 存储harbor相关的配置以及用户信息和用户权限信息
redis: 1台 centos7.9 2core 2G > 存储harbor用户登录的session或cookie等基本信息
nfs: 1台 centos7.9 2core 2G > nfs向harbor服务提供存储镜像的能力
#> 部署 postgresql、redis、nfs
[root@db ~]# yum -y install epel-release
#>>> redis
[root@db ~]# yum -y install redis
[root@db ~]# systemctl enable --now redis
[root@db ~]# vi /etc/redis.conf
modify: bind 172.16.37.14
[root@db ~]# systemctl restart redis
#>>> nfs
[root@db ~]# yum -y install nfs-utils
[root@db ~]# mkdir -p /data/harbor
[root@db ~]# vi /etc/exports
/data/harbor 172.16.37.0/24(rw,sync,no_root_squash)
[root@db ~]# systemctl enable --now nfs
>>>测试:【两台harbor机器都要操作】
[root@harbor-b ~]# vi /etc/fstab
172.16.37.14:/data/harbor /data/harbor nfs defaults 0 0
[root@harbor-b ~]# mount -a
mount.nfs: mount point /data/harbor does not exist
[root@harbor-b ~]# mkdir -p /data/harbor
[root@harbor-b ~]# mount -a
[root@harbor-b ~]# df -Th
文件系统 类型 容量 已用 可用 已用% 挂载点
devtmpfs devtmpfs 979M 0 979M 0% /dev
tmpfs tmpfs 991M 0 991M 0% /dev/shm
tmpfs tmpfs 991M 9.6M 981M 1% /run
tmpfs tmpfs 991M 0 991M 0% /sys/fs/cgroup
/dev/mapper/centos-root xfs 17G 1.4G 16G 8% /
/dev/sda1 xfs 1014M 138M 877M 14% /boot
tmpfs tmpfs 199M 0 199M 0% /run/user/0
172.16.37.14:/data/harbor nfs4 17G 1.4G 16G 9% /data/harbor
#>>> postgresql
# Install the repository RPM:
$ yum install -y https://download.postgresql.org/pub/repos/yum/reporpms/EL-7-x86_64/pgdg-redhat-repo-latest.noarch.rpm
# Install PostgreSQL:
$ yum install -y postgresql13-server
# Optionally initialize the database and enable automatic start:
$ /usr/pgsql-13/bin/postgresql-13-setup initdb
$ systemctl enable --now postgresql-13
[root@db ~]# vi /var/lib/pgsql/13/data/postgresql.conf
modify: listen_addresses = '*'
[root@db ~]# vi /var/lib/pgsql/13/data/pg_hba.conf
host all all 172.16.37.0/24 md5
[root@db ~]# systemctl restart postgresql-13
#>>> 安装负载均衡 nginx
[root@loadbalance ~]# vi /etc/yum.repos.d/nginx.repo
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/
gpgcheck=1
enabled=0
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
[root@loadbalance ~]# yum -y install nginx
[root@loadbalance ~]# cd /etc/nginx/conf.d
[root@loadbalance conf.d]# vi default.conf
upstream harbor-service {
server 172.16.37.12:80;
server 172.16.37.13:80;
}
server {
listen 80;
server_name harbor.classic2102.com;
access_log /var/log/nginx/harbor-loadbalance.access.log main;
location / {
proxy_pass http://harbor-service;
}
}
[root@loadbalance conf.d]# systemctl restart nginx
也可以源码安装nginx
#>>> 安装harbor
#>>> 含义: 对企业内的镜像进行统一的管理,并且harbor还带有 用户管理功能, 并且还具备LDAP用户管理域接入功能;
#>>> 1.事先在两台harbor机其中安装好docker, 并配置好加速器
#>>> 2.安装docker-compose
$ curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
$ chmod a+x /usr/local/bin/docker-compose
[root@harbor-a ~]# tar xf harbor-offline-installer-v2.3.1.tgz -C /usr/local/
[root@harbor-a ~]# cd /usr/local/harbor
[root@harbor-a harbor]# cp harbor.yml.tmpl harbor.yml
[root@harbor-a harbor]# vi harbor.yml
# Uncomment external_database if using external database.
external_database:
harbor:
host: 172.16.37.14
port: 5432
db_name: harbor
username: harbor
password: Hlions120..
ssl_mode: disable
max_idle_conns: 2
max_open_conns: 0
notary_signer:
host: 172.16.37.14
port: 5432
db_name: notary_signer
username: notary_signer
password: Hlions120..
ssl_mode: disable
notary_server:
host: 172.16.37.14
port: 5432
db_name: notary_server
username: notary_server
password: Hlions120..
ssl_mode: disable
# Uncomment external_redis if using external Redis server
external_redis:
# support redis, redis+sentinel
# host for redis: <host_redis>:<port_redis>
# host for redis+sentinel:
# <host_sentinel1>:<port_sentinel1>,<host_sentinel2>:<port_sentinel2>,<host_sentinel3>:<port_sentinel3>
host: 172.16.37.14:6379
#password:
# sentinel_master_set must be set to support redis+sentinel
#sentinel_master_set:
# db_index 0 is for core, it's unchangeable
registry_db_index: 1
jobservice_db_index: 2
chartmuseum_db_index: 3
trivy_db_index: 5
idle_timeout_seconds: 30
#>>> 以下操作在posetgresql中进行
postgres=# CREATE DATABASE harbor;
CREATE DATABASE
postgres=# CREATE DATABASE notary_signer;
CREATE DATABASE
postgres=# CREATE DATABASE notary_server;
CREATE DATABASE
postgres=# CREATE USER harbor WITH PASSWORD 'Hlions120..';
CREATE ROLE
postgres=# CREATE USER notary_signer WITH PASSWORD 'Hlions120..';
CREATE ROLE
postgres=# CREATE USER notary_server WITH PASSWORD 'Hlions120..';
CREATE ROLE
postgres=# GRANT ALL PRIVILEGES ON DATABASE harbor TO harbor;
GRANT
postgres=# GRANT ALL PRIVILEGES ON DATABASE notary_signer TO notary_signer;
GRANT
postgres=# GRANT ALL PRIVILEGES ON DATABASE notary_server TO notary_server;
#>>> harbor安装步骤
#>>> 下载所需的镜像
[root@harbor-a harbor]# ./prepare
#>>> 直接安装
[root@harbor-a harbor]# ./install.sh