Harbor 镜像仓库(生产级别) 基于共享存储的方式

最新推荐文章于 2024-08-04 20:37:55 发布

尼古拉斯-邓

最新推荐文章于 2024-08-04 20:37:55 发布

阅读量3.2k

点赞数

文章标签： linux docker

本文链接：https://blog.csdn.net/weixin_47919821/article/details/123915948

版权

#>>> 机器配置情况
LB: nginx																> 负载均衡,流量分发
harbor: 2台 centos7.9 2core 2G					  > harbor服务, web - docker的方式去部署
postgresql: 1台 centos7.9 2core 2G				> 存储harbor相关的配置以及用户信息和用户权限信息
redis: 1台 centos7.9 2core 2G						> 存储harbor用户登录的session或cookie等基本信息
nfs: 1台 centos7.9 2core 2G							> nfs向harbor服务提供存储镜像的能力

#> 部署 postgresql、redis、nfs
[root@db ~]# yum -y install epel-release

#>>> redis
[root@db ~]# yum -y install redis
[root@db ~]# systemctl enable --now redis
[root@db ~]# vi /etc/redis.conf
modify: bind 172.16.37.14
[root@db ~]# systemctl restart redis

#>>> nfs
[root@db ~]# yum -y install nfs-utils
[root@db ~]# mkdir -p /data/harbor
[root@db ~]# vi /etc/exports
/data/harbor	172.16.37.0/24(rw,sync,no_root_squash)
[root@db ~]# systemctl enable --now nfs

>>>测试:【两台harbor机器都要操作】
[root@harbor-b ~]# vi /etc/fstab
172.16.37.14:/data/harbor	/data/harbor	nfs	defaults	0 0

[root@harbor-b ~]# mount -a
mount.nfs: mount point /data/harbor does not exist
[root@harbor-b ~]# mkdir -p /data/harbor
[root@harbor-b ~]# mount -a
[root@harbor-b ~]# df -Th
文件系统                  类型      容量  已用  可用 已用% 挂载点
devtmpfs                  devtmpfs  979M     0  979M    0% /dev
tmpfs                     tmpfs     991M     0  991M    0% /dev/shm
tmpfs                     tmpfs     991M  9.6M  981M    1% /run
tmpfs                     tmpfs     991M     0  991M    0% /sys/fs/cgroup
/dev/mapper/centos-root   xfs        17G  1.4G   16G    8% /
/dev/sda1                 xfs      1014M  138M  877M   14% /boot
tmpfs                     tmpfs     199M     0  199M    0% /run/user/0
172.16.37.14:/data/harbor nfs4       17G  1.4G   16G    9% /data/harbor

#>>> postgresql
# Install the repository RPM:
$ yum install -y https://download.postgresql.org/pub/repos/yum/reporpms/EL-7-x86_64/pgdg-redhat-repo-latest.noarch.rpm

# Install PostgreSQL:
$ yum install -y postgresql13-server

# Optionally initialize the database and enable automatic start:
$ /usr/pgsql-13/bin/postgresql-13-setup initdb
$ systemctl enable --now postgresql-13

[root@db ~]# vi /var/lib/pgsql/13/data/postgresql.conf
modify: listen_addresses = '*'

[root@db ~]# vi /var/lib/pgsql/13/data/pg_hba.conf
host    all             all             172.16.37.0/24          md5

[root@db ~]# systemctl restart postgresql-13

#>>> 安装负载均衡 nginx
[root@loadbalance ~]# vi /etc/yum.repos.d/nginx.repo
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true

[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/
gpgcheck=1
enabled=0
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true

[root@loadbalance ~]# yum -y install nginx
[root@loadbalance ~]# cd /etc/nginx/conf.d
[root@loadbalance conf.d]# vi default.conf
upstream harbor-service {
    server 172.16.37.12:80;
    server 172.16.37.13:80;
}

server {
    listen       80;
    server_name  harbor.classic2102.com;
    access_log  /var/log/nginx/harbor-loadbalance.access.log  main;

    location / {
        proxy_pass http://harbor-service;
    }
}
[root@loadbalance conf.d]# systemctl restart nginx



也可以源码安装nginx

#>>> 安装harbor
#>>> 含义: 对企业内的镜像进行统一的管理,并且harbor还带有 用户管理功能, 并且还具备LDAP用户管理域接入功能;

#>>> 1.事先在两台harbor机其中安装好docker, 并配置好加速器
#>>> 2.安装docker-compose
$ curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
$ chmod a+x /usr/local/bin/docker-compose


[root@harbor-a ~]# tar xf harbor-offline-installer-v2.3.1.tgz -C /usr/local/
[root@harbor-a ~]# cd /usr/local/harbor
[root@harbor-a harbor]# cp harbor.yml.tmpl harbor.yml
[root@harbor-a harbor]# vi harbor.yml
# Uncomment external_database if using external database.
external_database:
  harbor:
    host: 172.16.37.14
    port: 5432
    db_name: harbor
    username: harbor
    password: Hlions120..
    ssl_mode: disable
    max_idle_conns: 2
    max_open_conns: 0
  notary_signer:
    host: 172.16.37.14
    port: 5432
    db_name: notary_signer
    username: notary_signer
    password: Hlions120..
    ssl_mode: disable
  notary_server:
    host: 172.16.37.14
    port: 5432
    db_name: notary_server
    username: notary_server
    password: Hlions120..
    ssl_mode: disable

# Uncomment external_redis if using external Redis server
external_redis:
  # support redis, redis+sentinel
  # host for redis: <host_redis>:<port_redis>
  # host for redis+sentinel:
  #  <host_sentinel1>:<port_sentinel1>,<host_sentinel2>:<port_sentinel2>,<host_sentinel3>:<port_sentinel3>
  host: 172.16.37.14:6379
  #password:
  # sentinel_master_set must be set to support redis+sentinel
  #sentinel_master_set:
  # db_index 0 is for core, it's unchangeable
  registry_db_index: 1
  jobservice_db_index: 2
  chartmuseum_db_index: 3
  trivy_db_index: 5
  idle_timeout_seconds: 30


#>>> 以下操作在posetgresql中进行
postgres=# CREATE DATABASE harbor;
CREATE DATABASE
postgres=# CREATE DATABASE notary_signer;
CREATE DATABASE
postgres=# CREATE DATABASE notary_server;
CREATE DATABASE

postgres=# CREATE USER harbor WITH PASSWORD 'Hlions120..';
CREATE ROLE
postgres=# CREATE USER notary_signer WITH PASSWORD 'Hlions120..';
CREATE ROLE
postgres=# CREATE USER notary_server WITH PASSWORD 'Hlions120..';
CREATE ROLE

postgres=# GRANT ALL PRIVILEGES ON DATABASE harbor TO harbor;
GRANT
postgres=# GRANT ALL PRIVILEGES ON DATABASE notary_signer TO notary_signer;
GRANT
postgres=# GRANT ALL PRIVILEGES ON DATABASE notary_server TO notary_server;


#>>> harbor安装步骤
#>>> 下载所需的镜像
[root@harbor-a harbor]# ./prepare
#>>> 直接安装
[root@harbor-a harbor]# ./install.sh