Docker自建倉庫之Harbor高可用部署實戰篇
作者:尹正傑
版權聲明:原創作品,謝絕轉載!否則將追究法律責任。
一.部署單機的Harbor
1>.部署單機版的Harbor
博主推薦閱讀: https://www.cnblogs.com/yinzhengjie/p/12233594.html
2>.修改Harbor客戶端docker的啟動腳本可以上傳鏡像(我們在上一篇博客說修改"/etc/docker/daemon.json"文件,其實也可以修改docker的啟動腳本"/lib/systemd/system/docker.service",二者選其一即可,如果在同一個節點同時修改了這兩個配置文件重啟docker時可能回報錯喲~)
[root@docker103.yinzhengjie.org.cn ~]# grep ExecStart /lib/systemd/system/docker.service ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock [root@docker103.yinzhengjie.org.cn ~]# [root@docker103.yinzhengjie.org.cn ~]# vim /lib/systemd/system/docker.service [root@docker103.yinzhengjie.org.cn ~]# [root@docker103.yinzhengjie.org.cn ~]# vim /lib/systemd/system/docker.service [root@docker103.yinzhengjie.org.cn ~]# [root@docker103.yinzhengjie.org.cn ~]# grep ExecStart /lib/systemd/system/docker.service ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --insecure-registry docker103.yinzhengjie.org.cn --insecure-registry docker104.yinzhengjie.org.cn [root@docker103.yinzhengjie.org.cn ~]# [root@docker103.yinzhengjie.org.cn ~]# systemctl daemon-reload [root@docker103.yinzhengjie.org.cn ~]# [root@docker103.yinzhengjie.org.cn ~]# systemctl restart docker [root@docker103.yinzhengjie.org.cn ~]#
[root@docker101.yinzhengjie.org.cn ~]# cat /etc/docker/daemon.json { "registry-mirrors": ["https://tuv7rqqq.mirror.aliyuncs.com"], "insecure-registries":["docker103.yinzhengjie.org.cn","docker104.yinzhengjie.org.cn"] } [root@docker101.yinzhengjie.org.cn ~]# [root@docker101.yinzhengjie.org.cn ~]# systemctl daemon-reload [root@docker101.yinzhengjie.org.cn ~]# [root@docker101.yinzhengjie.org.cn ~]# systemctl restart docker [root@docker101.yinzhengjie.org.cn ~]# [root@docker101.yinzhengjie.org.cn ~]#
3>.啟動Harbor服務
[root@docker104.yinzhengjie.org.cn ~]# ss -ntl State Recv-Q Send-Q Local Address:Port LISTEN 0 20480 127.0.0.1:1514 LISTEN 0 128 *:22 LISTEN 0 128 :::22 [root@docker104.yinzhengjie.org.cn ~]# [root@docker104.yinzhengjie.org.cn ~]# [root@docker104.yinzhengjie.org.cn ~]# [root@docker104.yinzhengjie.org.cn ~]# cd /usr/local/src/harbor/ [root@docker104.yinzhengjie.org.cn /usr/local/src/harbor]# [root@docker104.yinzhengjie.org.cn /usr/local/src/harbor]# docker-compose up -d harbor-log is up-to-date Starting redis ... Starting registryctl ... Starting harbor-adminserver ... harbor-db is up-to-date Starting registryctl ... done harbor-core is up-to-date Starting harbor-jobservice ... Starting harbor-portal ... done Starting nginx ... done [root@docker104.yinzhengjie.org.cn /usr/local/src/harbor]# [root@docker104.yinzhengjie.org.cn /usr/local/src/harbor]# [root@docker104.yinzhengjie.org.cn /usr/local/src/harbor]# ss -ntl State Recv-Q Send-Q Local Address:Port LISTEN 0 20480 127.0.0.1:1514 LISTEN 0 128 *:22 LISTEN 0 20480 :::80 LISTEN 0 128 :::22 LISTEN 0 20480 :::443 LISTEN 0 20480 :::4443 [root@docker104.yinzhengjie.org.cn /usr/local/src/harbor]# [root@docker104.yinzhengjie.org.cn /usr/local/src/harbor]# ll total 572840 drwxr-xr-x 4 root root 37 Jan 28 07:07 common -rw-r--r-- 1 root root 939 Apr 1 2019 docker-compose.chartmuseum.yml -rw-r--r-- 1 root root 975 Apr 1 2019 docker-compose.clair.yml -rw-r--r-- 1 root root 1434 Apr 1 2019 docker-compose.notary.yml -rw-r--r-- 1 root root 5608 Apr 1 2019 docker-compose.yml -rw-r--r-- 1 root root 8045 Jan 28 07:07 harbor.cfg -rw-r--r-- 1 root root 585234819 Apr 1 2019 harbor.v1.7.5.tar.gz -rwxr-xr-x 1 root root 5739 Apr 1 2019 install.sh -rw-r--r-- 1 root root 11347 Apr 1 2019 LICENSE -rw-r--r-- 1 root root 1263409 Apr 1 2019 open_source_license -rwxr-xr-x 1 root root 36337 Apr 1 2019 prepare [root@docker104.yinzhengjie.org.cn /usr/local/src/harbor]# [root@docker104.yinzhengjie.org.cn /usr/local/src/harbor]#
二.兩個Harbor服務器創建相同的鏡像倉庫名稱
1>.docker103.yinzhengjie.org.cn已經存在"base_images"倉庫
2>.docker103.yinzhengjie.org.cn的"base_images"倉庫已經存在咱們之前上傳的鏡像文件
3>.docker104.yinzhengjie.org.cn剛剛安裝完並沒有任何的倉庫
4>.docker104.yinzhengjie.org.cn節點創建"base_images"倉庫
5>.docker104.yinzhengjie.org.cn節點創建"base_images"倉庫
6>.新建鏡像倉庫目標
7>.新建目標
如果上面步驟你點擊"測試連接"時返回失敗的話,請參考日志信息,不瞞你說,我最開始執行這步驟操作就報錯了,查看日志(默認日志存放路徑在"/var/log/harbor/")如下圖所示,所示ping不通目標主機,但是主機信息我已經在本地"/etc/hosts"文件做了相應的解析,手動測試ping命令也是好使的,最終無奈之下我只有將harbor.cfg文件中的hostname屬性改為IP地址並重新執行安裝命令問題得到解決。
8>.目標新建成功
9>.點擊"復制管理",再點擊"新建規則"
10>.根據實際情況自定義規則,並點擊保存按鈕
11>.規則創建成功
12>.規則創建成功后並不會立即進行復制,而是需要在172.200.3.103節點上創建相同的規則,將目標指向172.200.3.104
13>.在"172.200.3.103"節點上新建目標
14>.在"172.200.3.103"節點上目標新建成功
15>.在"172.200.3.103"節點上新建規則
16>.在"172.200.3.103"節點上規則新建成功
17>.再次觀察"172.200.3.104"節點,發現鏡像數據同步成功啦
三.上傳鏡像到172.200.3.104節點上
1>.為鏡像打tag
[root@docker101.yinzhengjie.org.cn ~]# docker image ls REPOSITORY TAG IMAGE ID CREATED SIZE centos-haproxy v1.8.20 1858fe05d96f 4 days ago 606MB registry latest 708bc6af7e5e 4 days ago 25.8MB tomcat-app01 v0.1 bf45c22f2d5b 5 days ago 983MB tomcat-base 8.5.50 9ff79f369094 6 days ago 968MB jdk-base 1.8.0_231 0f63a97ddc85 6 days ago 953MB centos-base 7.6.1810 b4931fd9ace2 6 days ago 551MB docker103.yinzhengjie.org.cn/base_images/centos-base v7.6.1810 b4931fd9ace2 6 days ago 551MB centos centos7.6.1810 f1cb7c7d58b7 10 months ago 202MB [root@docker101.yinzhengjie.org.cn ~]# [root@docker101.yinzhengjie.org.cn ~]# docker image tag tomcat-base:8.5.50 172.200.3.104/base_images/tomcat-base:v8.5.50 [root@docker101.yinzhengjie.org.cn ~]# [root@docker101.yinzhengjie.org.cn ~]# docker image ls REPOSITORY TAG IMAGE ID CREATED SIZE centos-haproxy v1.8.20 1858fe05d96f 4 days ago 606MB registry latest 708bc6af7e5e 4 days ago 25.8MB tomcat-app01 v0.1 bf45c22f2d5b 5 days ago 983MB 172.200.3.104/base_images/tomcat-base v8.5.50 9ff79f369094 6 days ago 968MB tomcat-base 8.5.50 9ff79f369094 6 days ago 968MB jdk-base 1.8.0_231 0f63a97ddc85 6 days ago 953MB centos-base 7.6.1810 b4931fd9ace2 6 days ago 551MB docker103.yinzhengjie.org.cn/base_images/centos-base v7.6.1810 b4931fd9ace2 6 days ago 551MB centos centos7.6.1810 f1cb7c7d58b7 10 months ago 202MB [root@docker101.yinzhengjie.org.cn ~]#
2>.登錄172.200.3.104
[root@docker101.yinzhengjie.org.cn ~]# cat /etc/docker/daemon.json { "registry-mirrors": ["https://tuv7rqqq.mirror.aliyuncs.com"], "insecure-registries":["docker103.yinzhengjie.org.cn","docker104.yinzhengjie.org.cn"] } [root@docker101.yinzhengjie.org.cn ~]# [root@docker101.yinzhengjie.org.cn ~]# docker login docker104.yinzhengjie.org.cn Username: admin Password: WARNING! Your password will be stored unencrypted in /root/.docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store Login Succeeded [root@docker101.yinzhengjie.org.cn ~]# [root@docker101.yinzhengjie.org.cn ~]#
3>.上傳鏡像到docker104.yinzhengjie.org.cn失敗
[root@docker101.yinzhengjie.org.cn ~]# cat /etc/docker/daemon.json { "registry-mirrors": ["https://tuv7rqqq.mirror.aliyuncs.com"], "insecure-registries":["docker104.yinzhengjie.org.cn","docker103.yinzhengjie.org.cn"] } [root@docker101.yinzhengjie.org.cn ~]# [root@docker101.yinzhengjie.org.cn ~]# docker push 172.200.3.104/base_images/tomcat-base:v8.5.50 The push refers to repository [172.200.3.104/base_images/tomcat-base] 84bb4f431a8f: Preparing 22ac492b2c15: Preparing fc1a47f2a301: Preparing 9f0513d2c943: Preparing a9a8bd89bd66: Preparing 0f448859d86e: Waiting 89169d87dbe2: Waiting denied: requested access to the resource is denied [root@docker101.yinzhengjie.org.cn ~]#
4>.上傳鏡像到172.200.3.104成功,並查看172.200.3.104的web UI
[root@docker101.yinzhengjie.org.cn ~]# vim /etc/docker/daemon.json [root@docker101.yinzhengjie.org.cn ~]# [root@docker101.yinzhengjie.org.cn ~]# cat /etc/docker/daemon.json { "registry-mirrors": ["https://tuv7rqqq.mirror.aliyuncs.com"], "insecure-registries":["172.200.3.104"] } [root@docker101.yinzhengjie.org.cn ~]# [root@docker101.yinzhengjie.org.cn ~]# systemctl daemon-reload [root@docker101.yinzhengjie.org.cn ~]# [root@docker101.yinzhengjie.org.cn ~]# systemctl restart docker [root@docker101.yinzhengjie.org.cn ~]# [root@docker101.yinzhengjie.org.cn ~]# docker login 172.200.3.104 Username: admin Password: WARNING! Your password will be stored unencrypted in /root/.docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store Login Succeeded [root@docker101.yinzhengjie.org.cn ~]# [root@docker101.yinzhengjie.org.cn ~]# docker push 172.200.3.104/base_images/tomcat-base:v8.5.50 The push refers to repository [172.200.3.104/base_images/tomcat-base] 84bb4f431a8f: Pushed 22ac492b2c15: Pushed fc1a47f2a301: Pushed 9f0513d2c943: Pushed a9a8bd89bd66: Pushed 0f448859d86e: Pushed 89169d87dbe2: Pushed v8.5.50: digest: sha256:5a1dd932e4a06e498cd2df876b23dae55da38c2361b345d7741efe4bce9c63ad size: 1789 [root@docker101.yinzhengjie.org.cn ~]#
5>."172.200.3.103"節點回自動復制鏡像
6>.查看"172.200.3.103"節點的鏡像倉庫(自動同步了"172.200.3.104"的鏡像倉庫)
7>.在"172.200.3.103"節點上查看具體鏡像信息
