【容器应用系列教程】基于Harbor构建企业级镜像仓库

一、仓库类型

  • 公有仓库
    • DockerHub
      • https://hub.docker.com/
  • 私有仓库
    • registry
    • harbor

二、Dockerhub的使用

需要自行去官网注册账号:https://hub.docker.com

1.登录Docker

[root@localhost ~]# docker login
Login with your Docker ID to push and pull images from Docker Hub. If you don't have a Docker ID, head over to https://hub.docker.com to create one.
Username: wangshengjj
Password: 
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

2.上传镜像到Dockerhub

每次push镜像之前,都需要打标签,仓库地址这取决于您在Dockerhub上注册的用户名

# docker tag 镜像名:tag  仓库地址/镜像名:tag
# docker push 仓库地址/镜像名:tag
[root@localhost ~]# docker tag nginx:1.14 wangshengjj/nginx:1.14
[root@localhost ~]# docker push wangshengjj/nginx:1.14 

3.登出

每次上传完镜像,记得退出登录

[root@localhost ~]# docker logout

三、关于Harbor

Harbor是一个Vmware开源的,用于存储和分发Docker镜像的企业级Registry服务器,通过添加一些企业必需的功能特性,例如安全、标识和管理等。
Harbor官网:https://goharbor.io/

1.Harbor的特性

  • 基于角色的访问控制
  • 镜像复制
  • 图形化用户界面
  • AD/LDAP支持
  • 审计管理
  • 国际化
  • RESTful API
  • 部署简单

2.Harbor部署的方式

  • on-line在线部署
  • off-line离线部署

四、单机部署Harbor

本教程采用离线部署方式,截止教程编写日志,使用最新版本v2.8.2

关闭防火墙和SElinux、配置时间同步

过程省略

1.添加主机名解析

[root@harbor ~]# vim /etc/hosts
192.168.140.10 harbor.linux.com harbor

2.安装Docker-ce

安装过程省略
请查看Docker安装教程:https://www.wsjj.top/archives/132

3.安装Docker-compose

如果没有wget命令,请安装yum install -y wget

[root@harbor ~]# wget -O /usr/local/bin/docker-compose https://github.com/docker/compose/releases/download/v2.18.0/docker-compose-linux-x86_64
[root@harbor ~]# chmod a+x /usr/local/bin/docker-compose
[root@harbor ~]# docker-compose -v
Docker Compose version v2.18.0

4.安装Harbor

A.下载Harbor

[root@harbor ~]# wget https://github.com/goharbor/harbor/releases/download/v2.8.2/harbor-offline-installer-v2.8.2.tgz
[root@harbor ~]# tar xf harbor-offline-installer-v2.8.2.tgz -C /usr/local/
[root@harbor ~]# cp /usr/local/harbor/harbor.yml.tmpl /usr/local/harbor/harbor.yml

B.为Harbor配置SSL证书

注意:Harbor需要V3SSL证书

配置私有ca
[root@harbor ~]# mkdir -p /opt/ssl
[root@harbor ~]# cd /opt/ssl
[root@harbor ssl]# openssl genrsa -out /opt/ssl/ca.key 4096
[root@harbor ssl]# openssl req -x509 -new -nodes -sha512 -days 3650  -subj "/CN=harbor.linux.com"  -key /opt/ssl/ca.key  -out /opt/ssl/ca.crt
Harbor颁发证书
[root@harbor ssl]# openssl genrsa -out /opt/ssl/server.key 4096
[root@harbor ssl]# openssl req  -new -sha512  -subj "/CN=harbor.linux.com"  -key /opt/ssl/server.key  -out /opt/ssl/server.csr
准备v3.ext文件(重要)
[root@harbor ssl]# vim /opt/ssl/v3.ext
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth  
subjectAltName = @alt_names
[alt_names]
DNS.1=harbor.linux.com
颁发自签证书
[root@harbor ssl]# openssl x509 -req -sha512 -days 3650 -extfile /opt/ssl/v3.ext A /opt/ssl/ca.crt -CAkey /opt/ssl/ca.key -CAcreateserial -in /opt/ssl/server.csr ut /opt/ssl/server.crt

C.编辑Harbor配置文件

[root@harbor ~]# vim /usr/local/harbor/harbor.yml
hostname: harbor.linux.com	#指定域名,和刚才自签的域名保持一致
http:
  # port for http, default is 80. If https enabled, this port will redirect to https port
  port: 80

# https related config
https:
  # https port for harbor, default is 443
  port: 443
  # The path of cert and key files for nginx
  certificate: /opt/ssl/server.crt	#指定SSL证书路径
  private_key: /opt/ssl/server.key	#指定SSL秘钥路径

D.启动Harbor

生成必要的配置文件
[root@harbor ~]# bash /usr/local/harbor/prepare

prepare base dir is set to /usr/local/harbor
Generated configuration file: /config/portal/nginx.conf
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/registryctl/config.yml
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
Generated and saved secret to file: /data/secret/keys/secretkey
Successfully called func: create_root_cert
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir
安装Harbor
[root@harbor ~]# bash /usr/local/harbor/install.sh

[+] Building 0.0s (0/0)                                                          
[+] Running 10/10
 ✔ Network harbor_harbor        Created                                     0.0s 
 ✔ Container harbor-log         Started                                     0.3s 
 ✔ Container registryctl        Started                                     0.7s 
 ✔ Container harbor-db          Started                                     1.0s 
 ✔ Container registry           Started                                     1.0s 
 ✔ Container harbor-portal      Started                                     0.9s 
 ✔ Container redis              Started                                     0.9s 
 ✔ Container harbor-core        Started                                     1.2s 
 ✔ Container harbor-jobservice  Started                                     1.7s 
 ✔ Container nginx              Started                                     1.7s 
✔ ----Harbor has been installed and started successfully.----
[root@harbor ~]# docker images
REPOSITORY                      TAG       IMAGE ID       CREATED      SIZE
goharbor/harbor-exporter        v2.8.2    63341a78f287   4 days ago   98.1MB
goharbor/redis-photon           v2.8.2    6f4498a430ca   4 days ago   121MB
goharbor/trivy-adapter-photon   v2.8.2    06de9f1c733d   4 days ago   460MB
goharbor/notary-server-photon   v2.8.2    ef7c8ea2dc49   4 days ago   114MB
goharbor/notary-signer-photon   v2.8.2    4e5b1746a124   4 days ago   111MB
goharbor/harbor-registryctl     v2.8.2    fa61a236a6d6   4 days ago   142MB
goharbor/registry-photon        v2.8.2    f80e71363231   4 days ago   79.3MB
goharbor/nginx-photon           v2.8.2    3d009028f260   4 days ago   120MB
goharbor/harbor-log             v2.8.2    2914d282d9bf   4 days ago   127MB
goharbor/harbor-jobservice      v2.8.2    40118f1568a8   4 days ago   141MB
goharbor/harbor-core            v2.8.2    0bbbd1f379fc   4 days ago   165MB
goharbor/harbor-portal          v2.8.2    3e74e0758aa4   4 days ago   127MB
goharbor/harbor-db              v2.8.2    5126635ae9f0   4 days ago   174MB
goharbor/prepare                v2.8.2    eb3cf3cdd17a   4 days ago   163MB
[root@harbor ~]# docker ps

CONTAINER ID   IMAGE                                COMMAND                   CREATED              STATUS                        PORTS                                                                            NAMES
1e00e179acd2   goharbor/harbor-jobservice:v2.8.2    "/harbor/entrypoint.…"   About a minute ago   Up 55 seconds (healthy)                                                                                        harbor-jobservice
d5fffbe5823d   goharbor/nginx-photon:v2.8.2         "nginx -g 'daemon of…"   About a minute ago   Up 58 seconds (healthy)       0.0.0.0:80->8080/tcp, :::80->8080/tcp, 0.0.0.0:443->8443/tcp, :::443->8443/tcp   nginx
f1dbfee71407   goharbor/harbor-core:v2.8.2          "/harbor/entrypoint.…"   About a minute ago   Up 59 seconds (healthy)                                                                                        harbor-core
36aff7d14ee1   goharbor/harbor-portal:v2.8.2        "nginx -g 'daemon of…"   About a minute ago   Up 59 seconds (healthy)                                                                                        harbor-portal
87db46acedac   goharbor/registry-photon:v2.8.2      "/home/harbor/entryp…"   About a minute ago   Up 59 seconds (healthy)                                                                                        registry
b42157ee30e2   goharbor/harbor-registryctl:v2.8.2   "/home/harbor/start.…"   About a minute ago   Up 59 seconds (healthy)                                                                                        registryctl
6c57d8b4f315   goharbor/harbor-db:v2.8.2            "/docker-entrypoint.…"   About a minute ago   Up 59 seconds (healthy)                                                                                        harbor-db
aeb76f6a1ecd   goharbor/redis-photon:v2.8.2         "redis-server /etc/r…"   About a minute ago   Up 59 seconds (healthy)                                                                                        redis
7a3d7f5a487d   goharbor/harbor-log:v2.8.2           "/bin/sh -c /usr/loc…"   About a minute ago   Up About a minute (healthy)   127.0.0.1:1514->10514/tcp                                                        harbor-log

5.Windows配置hosts域名解析

修改文件:C:\Windows\System32\drivers\etc\hosts

harbor01

6.登录测试

harbor02

harbor03

harbor04

7.创建测试项目

harbor05

8.创建用户,并授权项目

harbor06

harbor07

9.上传镜像

由于我们启用了https访问,并且是未经互联网认证的私有CA,需要手动拷贝证书给docker

这一步一定要做,否则Docker登录失败

[root@harbor ~]# mkdir -p /etc/docker/certs.d/harbor.linux.com
[root@harbor ~]# cp /opt/ssl/server.crt /etc/docker/certs.d/harbor.linux.com/

登录私有仓库

[root@harbor ~]# docker login harbor.linux.com
Username: wsjj
Password: 
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

上传测试镜像

[root@harbor ~]# docker tag centos:7 harbor.linux.com/project/centos:v1
[root@harbor ~]# docker push harbor.linux.com/project/centos:v1
The push refers to repository [harbor.linux.com/project/centos]
174f56854903: Pushed 
v1: digest: sha256:dead07b4d8ed7e29e98de0f4504d87e8880d4347859d839686a31da35a3b532f size: 529

查看web端项目仓库

harbor08

harbor09

上传完镜像别忘了退出登录

[root@harbor ~]# docker logout harbor.linux.com
Removing login credentials for harbor.linux.com

10.Harbor组件

harbor10

  • redis
    • 负责存储会话信息
  • harbor-db
    • 负责存储仓库数据(项目名称、镜像名称)
  • registry
    • 镜像的上传、下载
  • Log collector
    • 记录日志
  • harbor-core
    • 提供web UI界面
    • 颁发令牌token
    • webhook
      • 负责搜集镜像变化的信息,通知给UI进行展示
  • proxy
    • 提供反向代理
  • Job service
    • 提供镜像复制功能

五、Harbor高可用集群部署

1.Harbor高可用进群介绍

  • 利用Harbor自带的复制功能
    • 两个harbor节点在进行镜像复制时,如果其中一个节点故障, 此时有新镜像的话,并不会复制到故障节点,而且故障的harbor修复后也不会自动复制数据,会导致数据不一致问题
  • 基于共享存储的方式实现
    • 将数据库(postgreSQL)、redis独立出来
      • harbor 1.6版本后,数据库仅支持postgreSQL
    • 利用共享存储nfsipsanglusterfs存储镜像

2.部署Harbor集群

A.环境准备

主机名 IP地址 软件
node1.linux.com 192.168.140.10 Docker、Harbor、NFS、keepalived
node2.linux.com 192.168.140.11 Docker、Harbor、NFS、keepalived
node3.linux.com 192.168.140.12 NFS、postgreSQL、Redis

B.所有主机关闭防火墙和SElinux、配置时间同步

过程省略

C.配置NFS服务器

[root@node3 ~]# mkdir /data
[root@node3 ~]# chmod a+w /data
[root@node3 ~]# yum install -y nfs-utils rpcbind
[root@node3 ~]# vim /etc/exports
/data   192.168.140.10(rw,no_root_squash)       192.168.140.11(rw,no_root_squash)

[root@node3 ~]# systemctl enable --now nfs-server
[root@node3 ~]# showmount -e localhost
Export list for localhost:
/data 192.168.140.11,192.168.140.10
node1node2挂载NFS
[root@node1 ~]# yum install -y nfs-utils
[root@node2 ~]# yum install -y nfs-utils
[root@node1 ~]# mkdir /data
[root@node2 ~]# mkdir /data
[root@node1 ~]# vim /etc/fstab
192.168.140.12:/data	/data	nfs	defaults	0 0
[root@node2 ~]# vim /etc/fstab
192.168.140.12:/data	/data	nfs	defaults	0 0
[root@node1 ~]# mount -a
[root@node2 ~]# mount -a

D.回到node3部署redis

配置epel
[root@node3 ~]# wget -O /etc/yum.repos.d/epel.repo https://mirrors.aliyun.com/repo/epel-7.repo
安装redis
[root@node3 ~]# yum install -y redis
修改redis配置文件
[root@node3 ~]# vim /etc/redis.conf
bind 192.168.140.12	#指定监听地址
daemonize yes	#开启后台运行
启动redis
[root@node3 ~]# systemctl enable --now redis
[root@node3 ~]# netstat -tunlp | grep redis
tcp        0      0 192.168.140.12:6379     0.0.0.0:*               LISTEN      13102/redis-server

E.安装postgreSQL

下载postgreSQL安装包
[root@node3 ~]# wget --no-check-certificate https://ftp.postgresql.org/pub/source/v12.2/postgresql-12.2.tar.gz
安装必要的依赖
[root@node3 ~]# yum install -y cmake gcc gcc-c++ perl readline readline-devel openssl openssl-devel zlib zlib-devel ncurses-devel readline readline-devel zlib zlib-devel
安装postgreSQL
[root@node3 ~]# tar xf postgresql-12.2.tar.gz
[root@node3 ~]# cd postgresql-12.2/
[root@node3 postgresql-12.2]# ./configure --prefix=/usr/local/postsql
[root@node3 postgresql-12.2]# make && make install
初始化postgreSQL

启动postgreSQL需要普通用户

[root@node3 ~]# useradd postgres
[root@node3 ~]# mkdir -p /work/harbor-db/{data,temp,log}
[root@node3 ~]# chown -R postgres.postgres /work/harbor-db/
[root@node3 ~]# su - postgres
[postgres@node3 ~]$ /usr/local/postsql/bin/initdb --username=postgres -D /work/harbor-db/data/
修改postgreSQL配置文件
[postgres@node3 ~]$ vim /work/harbor-db/data/postgresql.conf
#配置文件并不完整,仅展示修改部分
data_directory = '/work/harbor-db/data'         # use data in another directory
                                        # (change requires restart)
hba_file = '/work/harbor-db/data/pg_hba.conf'   # host-based authentication file
                                        # (change requires restart)
ident_file = '/work/harbor-db/data/pg_ident.conf'
listen_addresses = '*'
port = 5432
unix_socket_directories = '/work/harbor-db/temp'
timezone = 'Asia/Shanghai'
logging_collector = on	#启用日志功能
log_rotation_size = 1GB	#启动日志重写功能,超过1GB,创建新的日志文件
log_timezone = 'Asia/Shanghai'
log_min_duration_statement = 100
设置允许连接的远程客户端
[postgres@node3 ~]$ vim /work/harbor-db/data/pg_hba.conf
#把以下内容加到文件末尾
host    all             harbor          192.168.140.10/24                 trust
host    all             harbor          192.168.140.11/24                 trust
启动postgreSQL数据库
[postgres@node3 ~]$ /usr/local/postsql/bin/pg_ctl -D /work/harbor-db/data/ -l /work/harbor-db/log/start.log start

[postgres@node3 ~]$ netstat -tunlp | grep postgres
(Not all processes could be identified, non-owned process info
 will not be shown, you would have to be root to see it all.)
tcp        0      0 0.0.0.0:5432            0.0.0.0:*               LISTEN      22578/postgres      
tcp6       0      0 :::5432                 :::*                    LISTEN      22578/postgres
创建Harbor用到的用户和库
[postgres@node3 ~]$ /usr/local/postsql/bin/psql -h 127.0.0.1 -p 5432 -U postgres	#登录数据库
psql (12.2)		#postgres用户是数据库的管理员用户

#修改管理员密码
postgres=# \password postgres
Enter new password: WWW.1.com
Enter it again:	WWW.1.com

#创建Harbor用到的用户
postgres=# create user harbor with password 'WWW.1.com';
CREATE ROLE

#创建Harbor用到的库
postgres=# create database harbor;
CREATE DATABASE
postgres=# create database harbor_clair;
CREATE DATABASE
postgres=# create database harbor_notary_server;
CREATE DATABASE
postgres=# create database harbor_notary_signer;
CREATE DATABASE

#授权harbor用户对这些库有操作权限
postgres=# grant all on database harbor to harbor;
GRANT
postgres=# grant all on database harbor_clair to harbor;
GRANT
postgres=# grant all on database harbor_notary_server to harbor;
GRANT
postgres=# grant all on database harbor_notary_signer to harbor;
GRANT

#退出数据库
postgres=# \q
node1node2主机连接数据库测试
[root@node1 ~]# yum install -y postgresql
[root@node2 ~]# yum install -y postgresql
[root@node1 ~]# psql -h 192.168.140.12 -p 5432 -U harbor -W
用户 harbor 的口令:WWW.1.com
harbor=> 
harbor=> \q
[root@node2 ~]# psql -h 192.168.140.12 -p 5432 -U harbor -W
用户 harbor 的口令:WWW.1.com
harbor=> 
harbor=> \q

F.给node1node2安装Harbor

node1node2安装Docker-ce

安装过程省略
关于Docker的安装教程:https://www.wsjj.top/archives/132

安装Docker-compose
[root@node1 ~]# wget -O /usr/local/bin/docker-compose https://github.com/docker/compose/releases/download/v2.18.0/docker-compose-linux-x86_64
[root@node1 ~]# chmod a+x /usr/local/bin/docker-compose
[root@node2 ~]# wget -O /usr/local/bin/docker-compose https://github.com/docker/compose/releases/download/v2.18.0/docker-compose-linux-x86_64
[root@node2 ~]# chmod a+x /usr/local/bin/docker-compose
下载并且安装Harbor
[root@node2 ~]# wget https://github.com/goharbor/harbor/releases/download/v2.8.2/harbor-offline-installer-v2.8.2.tgz
[root@node2 ~]# tar xf harbor-offline-installer-v2.8.2.tgz -C /usr/local/
[root@node2 ~]# cp /usr/local/harbor/harbor.yml.tmpl /usr/local/harbor/harbor.yml
配置SSL证书

过程省略,参考上面的SSL证书申请过程

修改Harbor配置文件
[root@node1 ~]# vim /usr/local/harbor/harbor.yml
#配置文件并不完整,仅展示修改部分
hostname: harbor.linux.com
#把原来自带的本地数据库配置注释掉
# database:
  # password: root123
  # max_idle_conns: 100
  # max_open_conns: 900
  # conn_max_lifetime: 5m
  # conn_max_idle_time: 0

#删除注释并配置harbor连接外部数据库
external_database:
  harbor:
    host: 192.168.140.12
    port: 5432
    db_name: harbor
    username: harbor
    password: WWW.1.com
    ssl_mode: disable
    max_idle_conns: 2
    max_open_conns: 0
  notary_signer:
    host: 192.168.140.12
    port: 5432
    db_name: harbor_notary_signer
    username: harbor
    password: WWW.1.com
    ssl_mode: disable
  notary_server:
    host: 192.168.140.12
    port: 5432
    db_name: harbor_notary_server
    username: harbor
    password: WWW.1.com
    ssl_mode: disable

#删除注释,并配置远程redis
external_redis:
#   # support redis, redis+sentinel
#   # host for redis: <host_redis>:<port_redis>
#   # host for redis+sentinel:
#   #  <host_sentinel1>:<port_sentinel1>,<host_sentinel2>:<port_sentinel2>,<host_sentinel3>:<port_sentinel3>
  host: 192.168.140.12:6379
#   password: 
#   # Redis AUTH command was extended in Redis 6, it is possible to use it in the two-arguments AUTH <username> <password> form.
#   # username:
#   # sentinel_master_set must be set to support redis+sentinel
#   #sentinel_master_set:
#   # db_index 0 is for core, it's unchangeable
  registry_db_index: 1
  jobservice_db_index: 2
  trivy_db_index: 5
  idle_timeout_seconds: 30
拷贝Harbornode2
[root@node1 ~]# scp -r /usr/local/harbor/ [email protected]:/usr/local/
启动Harbor
[root@node1 ~]# hostnamectl set-hostname harbor.linux.com
[root@node2 ~]# hostnamectl set-hostname harbor.linux.com
[root@node1 ~]# vim /etc/hosts
192.168.140.10 harbor.linux.com harbor

[root@node2 ~]# vim /etc/hosts
192.168.140.11 harbor.linux.com harbor
[root@harbor1 ~]# bash /usr/local/harbor/prepare
[root@harbor2 ~]# bash /usr/local/harbor/prepare
[root@harbor1 ~]# bash /usr/local/harbor/install.sh
[root@harbor2 ~]# bash /usr/local/harbor/install.sh
[+] Running 8/8
 ✔ Network harbor_harbor        Created                                     0.0s 
 ✔ Container harbor-log         Started                                     0.3s 
 ✔ Container harbor-portal      Started                                     0.9s 
 ✔ Container registry           Started                                     0.8s 
 ✔ Container registryctl        Started                                     0.8s 
 ✔ Container harbor-core        Started                                     1.0s 
 ✔ Container nginx              Started                                     1.5s 
 ✔ Container harbor-jobservice  Started                                     1.5s 
✔ ----Harbor has been installed and started successfully.----
[root@harbor1 ~]# docker ps
CONTAINER ID   IMAGE                                COMMAND                   CREATED          STATUS                             PORTS                                                                            NAMES
4d56ca0cbd90   goharbor/nginx-photon:v2.8.2         "nginx -g 'daemon of…"   24 seconds ago   Up 22 seconds (health: starting)   0.0.0.0:80->8080/tcp, :::80->8080/tcp, 0.0.0.0:443->8443/tcp, :::443->8443/tcp   nginx
786118e99ce2   goharbor/harbor-jobservice:v2.8.2    "/harbor/entrypoint.…"   24 seconds ago   Up 21 seconds (health: starting)                                                                                    harbor-jobservice
7fbd1fe0f1af   goharbor/harbor-core:v2.8.2          "/harbor/entrypoint.…"   24 seconds ago   Up 22 seconds (health: starting)                                                                                    harbor-core
9fb5740c51b9   goharbor/harbor-portal:v2.8.2        "nginx -g 'daemon of…"   24 seconds ago   Up 22 seconds (health: starting)                                                                                    harbor-portal
723e839195bf   goharbor/registry-photon:v2.8.2      "/home/harbor/entryp…"   24 seconds ago   Up 22 seconds (health: starting)                                                                                    registry
bc4287d96147   goharbor/harbor-registryctl:v2.8.2   "/home/harbor/start.…"   24 seconds ago   Up 22 seconds (health: starting)                                                                                    registryctl
5b62a3cbbc47   goharbor/harbor-log:v2.8.2           "/bin/sh -c /usr/loc…"   24 seconds ago   Up 23 seconds (health: starting)   127.0.0.1:1514->10514/tcp                                                        harbor-log

G.测试Harbor

harbor01

harbor03

上传项目测试
[root@harbor1 ~]# docker login harbor.linux.com
Username: admin
Password:
[root@harbor1 ~]# docker tag centos:7 harbor.linux.com/project1/centos:v1
[root@harbor1 ~]# docker push harbor.linux.com/project1/centos:v1

harbor11

修改hosts文件解析地址

harbor12

还是正常访问项目

harbor11

3.配置Harbor高可用

A.编写高可用脚本

[root@harbor1 ~]# vim /opt/harbor.sh
#! /bin/bash

netstat -tunlp | grep 443 &> /dev/null

if [ $? -ne 0 ]; then
    systemctl stop docker
fi
[root@harbor1 ~]# chmod a+x /opt/harbor.sh
[root@harbor1 ~]# scp -r /opt/harbor.sh [email protected]:/opt/
[root@harbor2 ~]# chmod a+x /opt/harbor.sh

B安装keepalived

[root@harbor1 ~]# yum install -y keepalived
[root@harbor2 ~]# yum install -y keepalived

C.修改keepalived配置文件

[root@harbor1 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived

global_defs {
   router_id master_harbor
}

vrrp_script check_harbor {	#引用外部脚本,并且定义名字
    script "/opt/harbor.sh"	#外部脚本路径
    interval 1	#每1秒执行一次脚本
}

vrrp_instance VI_1 {
    state MASTER
    interface ens33
    virtual_router_id 51
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass redhat
    }
    virtual_ipaddress {
        192.168.140.100
    }
    track_script {
        check_harbor		#调用外部脚本,名字是我们上面自己起的
    }
}
[root@harbor2 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived

global_defs {
   router_id slave_harbor
}

vrrp_script check_harbor {	#引用外部脚本,并且定义名字
    script "/opt/harbor.sh"	#外部脚本路径
    interval 1	#每1秒执行一次脚本
}

vrrp_instance VI_1 {
    state MASTER
    interface ens33
    virtual_router_id 51
    priority 50
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass redhat
    }
    virtual_ipaddress {
        192.168.140.100
    }
    track_script {
        check_harbor		#调用外部脚本,名字是我们上面自己起的
    }
}

D.启动keepalived

[root@harbor1 ~]# systemctl enable --now keepalived.service
[root@harbor2 ~]# systemctl enable --now keepalived.service

E.测试访问

修改hosts解析

harbor13

harbor14

F.模拟容器挂掉

[root@harbor1 ~]# docker stop nginx
nginx
网页测试

还是正常访问

harbor14