luceph
请进入后台配置侧边栏菜单 配置

基于http协议部署harbor环境,及高可用搭建

jokerLu 2021-12-8 111 12/8

基于http协议部署harbor环境

一、harbor环境搭建

1.下载harbor

[root@docker102 ~]# wget https://github.com/goharbor/harbor/releases/download/v2.7.4/harbor-offline-installer-v2.7.4.tgz

2.解压软件包

[root@docker102 ~]# tar xf harbor-offline-installer-v2.7.4.tgz -C /oldboyedu/softwares/

3.准备配置文件

[root@docker102 ~]# cp /oldboyedu/softwares/harbor/harbor.yml{.tmpl,""}
[root@docker102 ~]#
[root@docker102 ~]# ll /oldboyedu/softwares/harbor/harbor.yml*
-rw-r--r-- 1 root root 12330 Nov 7 11:00 /oldboyedu/softwares/harbor/harbor.yml
-rw-r--r-- 1 root root 12330 Nov 29 2023 /oldboyedu/softwares/harbor/harbor.yml.tmpl
[root@docker102 ~]#

4.修改harbor的配置文件

[root@docker102 ~]# vim /oldboyedu/softwares/harbor/harbor.yml
...
5 # hostname: reg.mydomain.com
6 hostname: 10.0.0.102
...
14 #https:
15 # # https port for harbor, default is 443
16 # port: 443
17 # # The path of cert and key files for nginx
18 # certificate: /your/certificate/path
19 # private_key: /your/private/key/path

...
35 # harbor_admin_password: Harbor12345
36 harbor_admin_password: 1

...
55 # data_volume: /data
56 data_volume: /oldboyedu/data/harbor

5.安装harbor

[root@docker102 ~]# cd /oldboyedu/softwares/harbor/
[root@docker102 harbor]#
[root@docker102 harbor]# ./install.sh --with-chartmuseum

[Step 0]: checking if docker is installed ...

Note: docker version: 20.10.24

[Step 1]: checking docker-compose is installed ...

Note: docker-compose version: 2.23.0

[Step 2]: loading Harbor images ...

...
[+] Running 12/12
✔ Network harbor_harbor-chartmuseum Created 0.1s
✔ Network harbor_harbor Created 0.1s
✔ Container harbor-log Started 0.0s
✔ Container redis Started 0.0s
✔ Container harbor-db Started 0.0s
✔ Container chartmuseum Started 0.0s
✔ Container harbor-portal Started 0.0s
✔ Container registryctl Started 0.0s
✔ Container registry Started 0.0s
✔ Container harbor-core Started 0.0s
✔ Container nginx Started 0.0s
✔ Container harbor-jobservice Started 0.0s
✔ ----Harbor has been installed and started successfully.----
[root@docker102 harbor]#
[root@docker102 harbor]#
[root@docker102 harbor]# docker-compose ps -a
NAME IMAGE COMMAND SERVICE CREATED STATUS PORTS
chartmuseum goharbor/chartmuseum-photon:v2.7.4 "./docker-entrypoint…" chartmuseum 34 seconds ago Up 31 seconds (healthy)
harbor-core goharbor/harbor-core:v2.7.4 "/harbor/entrypoint.…" core 34 seconds ago Up 30 seconds (healthy)
harbor-db goharbor/harbor-db:v2.7.4 "/docker-entrypoint.…" postgresql 34 seconds ago Up 31 seconds (healthy)
harbor-jobservice goharbor/harbor-jobservice:v2.7.4 "/harbor/entrypoint.…" jobservice 34 seconds ago Up 30 seconds (healthy)
harbor-log goharbor/harbor-log:v2.7.4 "/bin/sh -c /usr/loc…" log 34 seconds ago Up 34 seconds (healthy) 127.0.0.1:1514->10514/tcp
harbor-portal goharbor/harbor-portal:v2.7.4 "nginx -g 'daemon of…" portal 34 seconds ago Up 31 seconds (healthy)
nginx goharbor/nginx-photon:v2.7.4 "nginx -g 'daemon of…" proxy 34 seconds ago Up 30 seconds (healthy) 0.0.0.0:80->8080/tcp, :::80->8080/tcp
redis goharbor/redis-photon:v2.7.4 "redis-server /etc/r…" redis 34 seconds ago Up 31 seconds (healthy)
registry goharbor/registry-photon:v2.7.4 "/home/harbor/entryp…" registry 34 seconds ago Up 31 seconds (healthy)
registryctl goharbor/harbor-registryctl:v2.7.4 "/home/harbor/start.…" registryctl 34 seconds ago Up 31 seconds (healthy)

6.访问harbor的WebUI

http://10.0.0.102/harbor/projects

用户名: admin
密 码: 1

二、harbor的基本使用

1.客户端配置

[root@docker101 ~]# cat /etc/docker/daemon.json
{
"insecure-registries": ["10.0.0.102:5000","10.0.0.102"]
}
[root@docker101 ~]#
[root@docker101 ~]# systemctl restart docker.service

2.给镜像打tag

[root@docker101 ~]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
10.0.0.102:5000/oldboyedu-linux94/consul 1.15.4 3295d4f4567b 11 months ago 155MB
consul 1.15.4 3295d4f4567b 11 months ago 155MB
[root@docker101 ~]#
[root@docker101 ~]# docker tag consul:1.15.4 10.0.0.102/oldboyedu-linux/consul:1.15.4
[root@docker101 ~]#
[root@docker101 ~]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
10.0.0.102/oldboyedu-linux/consul 1.15.4 3295d4f4567b 11 months ago 155MB
10.0.0.102:5000/oldboyedu-linux94/consul 1.15.4 3295d4f4567b 11 months ago 155MB
consul 1.15.4 3295d4f4567b 11 months ago 155MB
[root@docker101 ~]#

3.登录harbor仓库

3.1 交互式登录【推荐】

[root@docker101 ~]# docker login 10.0.0.102
Username: admin # 输入用户名
Password: # 输入密码,输入密码时看不见输入字符!
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded
[root@docker101 ~]#
[root@docker101 ~]# more /root/.docker/config.json
{
"auths": {
"10.0.0.102": {
"auth": "YWRtaW46MQ=="
}
}
}
[root@docker101 ~]#

3.2 非交互式登录【不推荐】

[root@docker101 ~]# docker login -u admin -p 1 10.0.0.102
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded
[root@docker101 ~]#
[root@docker101 ~]# more /root/.docker/config.json
{
"auths": {
"10.0.0.102": {
"auth": "YWRtaW46MQ=="
}
}
}
[root@docker101 ~]#
[root@docker101 ~]#
[root@docker101 ~]# echo YWRtaW46MQ== | base64 -d | more # 不难发现,你的密码被泄露了~
admin:1
[root@docker101 ~]#

三、基于keepalived实现harbor高可用

1、docker102节点也搭建harbor服务

搭建步骤参考docker101节点搭建harbor服务步骤

2、配置定时推送镜像到101节点或102节点

2.1. 登录101节点harbor,配置主从复制

基于http协议部署harbor环境,及高可用搭建

2.2. 登录102节点harbor,配置主从复制

基于http协议部署harbor环境,及高可用搭建

3.配置keepalived

3.1 安装keeplived

[root@docker101 ~]# apt -y install keepalived
[root@docker102 ~]# apt -y install keepalived

3.2 修改keepliaved的配置文件

[root@docker101 ~]# cat > /etc/keepalived/keepalived.conf <<EOF
! Configuration File for keepalived
global_defs {
router_id 10.0.0.101
}
vrrp_script chk_nginx {
script "/etc/keepalived/check_port.sh 80"
interval 2
weight -20
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 100
priority 100
advert_int 1
mcast_src_ip 10.0.0.101
nopreempt
authentication {
auth_type PASS
auth_pass 11111111
}
track_script {
chk_nginx
}
virtual_ipaddress {
10.0.0.99
}
}
EOF

 

[root@docker102 ~]# cat > /etc/keepalived/keepalived.conf <<EOF
! Configuration File for keepalived
global_defs {
router_id 10.0.0.102
}
vrrp_script chk_nginx {
script "/etc/keepalived/check_port.sh 80"
interval 2
weight -20
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 100
priority 100
advert_int 1
mcast_src_ip 10.0.0.102
nopreempt
authentication {
auth_type PASS
auth_pass 11111111
}
track_script {
chk_nginx
}
virtual_ipaddress {
10.0.0.99
}
}
EOF

3.3 启动keepalived

[root@docker101 ~]# systemctl enable --now keepalived

[root@docker102 ~]# systemctl enable --now keepalived

3.4 检查VIP

[root@docker102 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:61:c4:a8 brd ff:ff:ff:ff:ff:ff
altname enp2s1
altname ens33
inet 10.0.0.102/24 brd 10.0.0.255 scope global eth0
valid_lft forever preferred_lft forever
inet 10.0.0.99/32 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe61:c4a8/64 scope link
valid_lft forever preferred_lft forever

[root@docker101 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:8a:5d:db brd ff:ff:ff:ff:ff:ff
altname enp2s1
altname ens33
inet 10.0.0.101/24 brd 10.0.0.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe8a:5ddb/64 scope link
valid_lft forever preferred_lft forever

3.5 使用VIP访问测试

http://10.0.0.99/

3.6 让harbor节点宕机

[root@docker102 ~]# init 0

3.7 观察VIP是否飘逸到101节点

[root@docker101 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:8a:5d:db brd ff:ff:ff:ff:ff:ff
altname enp2s1
altname ens33
inet 10.0.0.101/24 brd 10.0.0.255 scope global eth0
valid_lft forever preferred_lft forever
inet 10.0.0.99/32 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe8a:5ddb/64 scope link
valid_lft forever preferred_lft forever

3.8 访问页面测试

http://10.0.0.99/

基于http协议部署harbor环境,及高可用搭建

- THE END -
Tag:

jokerLu

12月08日20:20

最后修改:2021年12月8日
0

相关推荐

基于http协议部署harbor环境,及高可用搭建

基于http协议部署harbor环境,及高可用搭建

2021-12-8 111℃

共有 0 条评论

emoji表情
😀 😃 😄 😁 😆 😅 😂 🤣 ☺️ 😇 🙂 🙃 😉 😌 😍 😘 😗 😙 😚 😋 😜 😝 😛 🤑 🤓 😎 🤡 🤠 😏 😒 🤗 😞 😔 😟 😕 🙁 ☹️ 😣 😖 😫 😩 😤 😠 😡 😶 😐 😑 😯 😦 😧 😮 😲 😵 😳 😱 😨 😰 😢 😥 🤤 😭 😓 😪 😴 🙄 🤔 🤥 😬 🤐 🤢 🤧 😷 🤒 🤕 😣 😖 😫 😩 😤 😠 😡 😶 😐 😑 😯 😦 😧 😮 😲 😵 😳 😱 😨 😰 😢 😥 🤤 😭 😓 😪 😴 🙄 🤔 🤥 😬 🤐 🤢 🤧 😷 🤒 🤕 😈 👿 👹 👺 💩 👻 💀 ☠️ 👽 👾 🤖 🎃 😺 😸 😹 😻 😼 😽 🙀 😿 😾 👐🏻 🙌🏻 👏🏻 🙏🏻 🤝 👍 👎🏻 👊🏻 ✊🏻 🤛🏻 🤜🏻 🤞🏻 ✌🏻 🤘🏻 👌 👈🏻 👉🏻 👆🏻 👇🏻 ☝🏻 ✋🏻 🤚🏻 🖐🏻 🖖🏻 👋🏻 🤙🏻 💪🏻 🖕🏻 ✍🏻 🤳🏻 💅🏻 💍 💄 💋 👄 👅 👂🏻 👃🏻 👣 👀 👤 👥 👶🏻 👦🏻 👧🏻 👨🏻 👩🏻 👱🏻‍♀️ 👱🏻 👴🏻 👵🏻 👲🏻 👳🏻‍♀️ 👳🏻 👮🏻‍♀️ 👮🏻 👷🏻‍♀️ 👷🏻 💂🏻‍♀️ 💂🏻 🕵🏻‍♀️ 🕵🏻 👩🏻‍⚕️ 👨🏻‍⚕️ 👩🏻‍🌾 👩🏻‍🍳 👨🏻‍🍳 👩🏻‍🎓
粤ICP备2024322270号

在求知识的道路上,持续深耕,努力做好

Copyright © luceph