master 192.168.53.10
backup 192.168.53.11
harbor安装及主从复制配置略,本文主要配置keepalived
两台首先都安装keepalived
# yum -y install keepalived
配置文件
1 ! Configuration File for keepalived 2 3 global_defs { 4 notification_email { 5 acassen@firewall.loc 6 failover@firewall.loc 7 sysadmin@firewall.loc 8 } 9 notification_email_from Alexandre.Cassen@firewall.loc 10 smtp_server 192.168.200.1 11 smtp_connect_timeout 30 12 router_id LVS_DEVEL 13 vrrp_skip_check_adv_addr 14 # vrrp_strict #不注释掉vip是ping不通得 15 vrrp_garp_interval 0 16 vrrp_gna_interval 0 17 } 18 19 vrrp_instance VI_1 { 20 state MASTER # 指定 keepalived 的角色,MASTER 表示此主机是主服务器,BACKUP 表示此主机是备用服务器 21 interface ens33 22 virtual_router_id 51 # 虚拟路由标识,这个标识是一个数字,同一个vrrp实例使用唯一的标识,同一vrrp_instance下,MASTER和BACKUP必须是一致的 23 priority 100 # 定义优先级,数字越大,优先级越高(0-255) 24 advert_int 1 25 authentication { # 设置验证类型和密码 26 auth_type PASS 27 auth_pass 1111 28 } 29 virtual_ipaddress { #设置虚拟IP地址,可以设置多个虚拟IP地址,每行一个 30 192.168.53.100/24 31 } 32 } 33 34 virtual_server 192.168.53.100 80 { 35 delay_loop 6 36 lb_algo rr 37 lb_kind NAT 38 persistence_timeout 50 39 protocol TCP 40 41 real_server 192.168.53.10 80 { 42 weight 1 43 TCP_CHECK { 44 connect_timeout 3 45 nb_get_retry 3 46 delay_before_retry 3 47 connect_port 80 48 } 49 } 50 }
从服务器只需要修改角色及优先级
启动keepalived
# systemctl start keepalived.service
查看是否绑定
# ip addr
停掉master测试是否飘移
keepalived验证完毕,可以使用脚本进行检测,待优化
使用脚本进行检测,实现故障时候自动切换
检测脚本参考:
#!/bin/bash harbor_port=`netstat -anpt |grep :80|wc -l` [ $harbor_port -eq 0 ] && systemctl stop keepalived
keepalived master配置文件
! Configuration File for keepalived global_defs { notification_email { acassen@firewall.loc failover@firewall.loc sysadmin@firewall.loc } notification_email_from Alexandre.Cassen@firewall.loc smtp_server 192.168.200.1 smtp_connect_timeout 30 router_id LVS_DEVEL vrrp_skip_check_adv_addr # vrrp_strict vrrp_garp_interval 0 vrrp_gna_interval 0 } vrrp_script check_harbor { script "/etc/keepalived/harbor_check.sh" interval 2 weight -2 } vrrp_instance VI_1 { state MASTER interface ens33 virtual_router_id 51 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1111 } track_script { check_harbor } virtual_ipaddress { 192.168.53.100/24 } } virtual_server 192.168.53.100 80 { delay_loop 6 lb_algo rr lb_kind NAT persistence_timeout 50 protocol TCP real_server 192.168.53.10 80 { weight 1 # TCP_CHECK { # connect_timeout 3 # nb_get_retry 3 # delay_before_retry 3 # connect_port 80 # } } }
keepalived backup配置文件
! Configuration File for keepalived global_defs { notification_email { acassen@firewall.loc failover@firewall.loc sysadmin@firewall.loc } notification_email_from Alexandre.Cassen@firewall.loc smtp_server 192.168.200.1 smtp_connect_timeout 30 router_id LVS_DEVEL vrrp_skip_check_adv_addr # vrrp_strict vrrp_garp_interval 0 vrrp_gna_interval 0 } vrrp_script check_harbor { script "/etc/keepalived/harbor_check.sh" interval 2 weight -2 } vrrp_instance VI_1 { state BACKUP interface ens33 virtual_router_id 51 priority 99 advert_int 1 authentication { auth_type PASS auth_pass 1111 } track_script { check_harbor } virtual_ipaddress { 192.168.53.100/24 } } virtual_server 192.168.53.100 80 { delay_loop 6 lb_algo rr lb_kind NAT persistence_timeout 50 protocol TCP real_server 192.168.53.11 80 { weight 1 # TCP_CHECK { # connect_timeout 3 # nb_get_retry 3 # delay_before_retry 3 # connect_port 80 # } } }
我们先把镜像主从同步停掉,上传一个镜像至53.10中,以便在页面更好区分节点使用vip进行访问
登录服务器查看VIP
将主节点harbor服务停掉测试
登录服务器确认VIP
测试完毕,配置完成
PS##
1)如果需要配置通过域名访问,保证不暴露后端真实IP,需要将harbor.yml中得hostname进行修改
这样在复制拉取命令时候就不会将自己真实后端IP暴露出去
2)可以看到2.0版本后拉取镜像没有版本号,进行以下配置
[root@harbor harbor]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 365a19c83071 goharbor/nginx-photon:v2.1.0 "nginx -g 'daemon of…" 3 days ago Up 19 minutes (healthy) 0.0.0.0:80->8080/tcp nginx ce931dcc3d3a goharbor/harbor-jobservice:v2.1.0 "/harbor/entrypoint.…" 3 days ago Up 19 minutes (healthy) harbor-jobservice 18a585196b55 goharbor/harbor-core:v2.1.0 "/harbor/entrypoint.…" 3 days ago Up 19 minutes (healthy) harbor-core 84cd91ad2d2d goharbor/harbor-portal:v2.1.0 "nginx -g 'daemon of…" 3 days ago Up 19 minutes (healthy) harbor-portal 039f375ff277 goharbor/registry-photon:v2.1.0 "/home/harbor/entryp…" 3 days ago Up 19 minutes (healthy) registry d329617fe932 goharbor/harbor-registryctl:v2.1.0 "/home/harbor/start.…" 3 days ago Up 19 minutes (healthy) registryctl b9a3b01fdf4e goharbor/harbor-db:v2.1.0 "/docker-entrypoint.…" 3 days ago Up 19 minutes (healthy) harbor-db 34f04df78acf goharbor/redis-photon:v2.1.0 "redis-server /etc/r…" 3 days ago Up 19 minutes (healthy) redis e6fa18c6f576 goharbor/harbor-log:v2.1.0 "/bin/sh -c /usr/loc…" 3 days ago Up 19 minutes (healthy) 127.0.0.1:1514->10514/tcp harbor-log
进入harbor-portal 得容器中
[root@harbor harbor]# docker exec -it 84cd91ad2d2d /bin/bash nginx [ / ]$ cd /usr/share/nginx/html/ nginx [ /usr/share/nginx/html ]$ ls -l total 8612 -rw-r--r-- 1 root root 149395 2020-09-16 02:45 3rdpartylicenses.txt -rw-r--r-- 1 root root 11347 2020-09-16 02:28 LICENSE -rw-r--r-- 1 root root 375069 2020-09-16 02:45 dark-theme.css -rw-r--r-- 1 root root 7455 2020-09-16 02:45 favicon.ico drwxr-xr-x 3 root root 18 2020-09-16 02:45 i18n drwxr-xr-x 2 root root 220 2020-09-16 02:45 images -rw-r--r-- 1 root root 856 2020-09-16 02:45 index.html -rw-r--r-- 1 root root 389660 2020-09-16 02:45 light-theme.css -rw-r--r-- 1 root root 5982703 2020-09-16 02:45 main.50faa391a4ae8743ad63.js -rw-r--r-- 1 root root 71509 2020-09-16 02:45 polyfills-es5.c04cfdffe6ecc730c69c.js -rw-r--r-- 1 root root 1440 2020-09-16 02:45 runtime.9ad22a88fcc70a015907.js -rw-r--r-- 1 root root 860407 2020-09-16 02:45 scripts.f4c015c4300c31a9a23c.js -rw-r--r-- 1 root root 203 2020-09-16 02:45 setting.json -rw-r--r-- 1 root root 532512 2020-09-16 02:45 styles.fd4a2ff060f99b077bef.css -rw-r--r-- 1 root root 148840 2020-09-16 02:35 swagger.json -rw-r--r-- 1 root root 169645 2020-09-16 02:28 swagger.yaml -rw-r--r-- 1 root root 63039 2020-09-16 02:35 swagger2.json -rw-r--r-- 1 root root 13548 2020-09-16 02:35 swagger3.json nginx [ /usr/share/nginx/html ]$
复制一下main.50faa391a4ae8743ad63.js 退出容器
[root@harbor harbor]# find / -name main.50faa391a4ae8743ad63.js /var/lib/docker/overlay2/8041b6cd2fb0b67619f9ae569d4b7012232c23306727124519e85883f76ec486/diff/usr/share/nginx/html/main.50faa391a4ae8743ad63.js /var/lib/docker/overlay2/322168b51d2b67ea2bc5226cfe6e61781646a8296045e76c2cd54f2db16bc482/merged/usr/share/nginx/html/main.50faa391a4ae8743ad63.js [root@harbor harbor]#
在merged目录下的这个,首先进行备份
[root@harbor harbor]# cp /var/lib/docker/overlay2/322168b51d2b67ea2bc5226cfe6e61781646a8296045e76c2cd54f2db16bc482/merged/usr/share/nginx/html/main.50faa391a4ae8743ad63.js{,.bak} [root@harbor harbor]# vim /var/lib/docker/overlay2/322168b51d2b67ea2bc5226cfe6e61781646a8296045e76c2cd54f2db16bc482/merged/usr/share/nginx/html/main.50faa391a4ae8743ad63.js
搜索字符
artifactPullCommand
将下面内容:
t.type===e.type&&(e.pullCommand=t.pullCommand+" "+n.registryUrl+"/"+n.projectName+"/"+n.repoName+"@"+e.digest)
更改为:
t.type===e.type&&(e.pullCommand=t.pullCommand+" "+n.registryUrl+"/"+n.projectName+"/"+n.repoName+":"+e.tags[0].name)
保存退出,无需重启容器,最好清一下浏览器缓存