Docker自建仓库之Harbor高可用部署实战篇
作者:尹正杰
版权声明:原创作品,谢绝转载!否则将追究法律责任。
一.部署单机的Harbor
1>.部署单机版的Harbor
博主推荐阅读: https://www.cnblogs.com/yinzhengjie/p/12233594.html
2>.修改Harbor客户端docker的启动脚本可以上传镜像(我们在上一篇博客说修改"/etc/docker/daemon.json"文件,其实也可以修改docker的启动脚本"/lib/systemd/system/docker.service",二者选其一即可,如果在同一个节点同时修改了这两个配置文件重启docker时可能回报错哟~)
[root@docker103.yinzhengjie.org.cn ~]# grep ExecStart /lib/systemd/system/docker.service ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock [root@docker103.yinzhengjie.org.cn ~]# [root@docker103.yinzhengjie.org.cn ~]# vim /lib/systemd/system/docker.service [root@docker103.yinzhengjie.org.cn ~]# [root@docker103.yinzhengjie.org.cn ~]# vim /lib/systemd/system/docker.service [root@docker103.yinzhengjie.org.cn ~]# [root@docker103.yinzhengjie.org.cn ~]# grep ExecStart /lib/systemd/system/docker.service ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --insecure-registry docker103.yinzhengjie.org.cn --insecure-registry docker104.yinzhengjie.org.cn [root@docker103.yinzhengjie.org.cn ~]# [root@docker103.yinzhengjie.org.cn ~]# systemctl daemon-reload [root@docker103.yinzhengjie.org.cn ~]# [root@docker103.yinzhengjie.org.cn ~]# systemctl restart docker [root@docker103.yinzhengjie.org.cn ~]#
[root@docker101.yinzhengjie.org.cn ~]# cat /etc/docker/daemon.json { "registry-mirrors": ["https://tuv7rqqq.mirror.aliyuncs.com"], "insecure-registries":["docker103.yinzhengjie.org.cn","docker104.yinzhengjie.org.cn"] } [root@docker101.yinzhengjie.org.cn ~]# [root@docker101.yinzhengjie.org.cn ~]# systemctl daemon-reload [root@docker101.yinzhengjie.org.cn ~]# [root@docker101.yinzhengjie.org.cn ~]# systemctl restart docker [root@docker101.yinzhengjie.org.cn ~]# [root@docker101.yinzhengjie.org.cn ~]#
3>.启动Harbor服务
[root@docker104.yinzhengjie.org.cn ~]# ss -ntl State Recv-Q Send-Q Local Address:Port LISTEN 0 20480 127.0.0.1:1514 LISTEN 0 128 *:22 LISTEN 0 128 :::22 [root@docker104.yinzhengjie.org.cn ~]# [root@docker104.yinzhengjie.org.cn ~]# [root@docker104.yinzhengjie.org.cn ~]# [root@docker104.yinzhengjie.org.cn ~]# cd /usr/local/src/harbor/ [root@docker104.yinzhengjie.org.cn /usr/local/src/harbor]# [root@docker104.yinzhengjie.org.cn /usr/local/src/harbor]# docker-compose up -d harbor-log is up-to-date Starting redis ... Starting registryctl ... Starting harbor-adminserver ... harbor-db is up-to-date Starting registryctl ... done harbor-core is up-to-date Starting harbor-jobservice ... Starting harbor-portal ... done Starting nginx ... done [root@docker104.yinzhengjie.org.cn /usr/local/src/harbor]# [root@docker104.yinzhengjie.org.cn /usr/local/src/harbor]# [root@docker104.yinzhengjie.org.cn /usr/local/src/harbor]# ss -ntl State Recv-Q Send-Q Local Address:Port LISTEN 0 20480 127.0.0.1:1514 LISTEN 0 128 *:22 LISTEN 0 20480 :::80 LISTEN 0 128 :::22 LISTEN 0 20480 :::443 LISTEN 0 20480 :::4443 [root@docker104.yinzhengjie.org.cn /usr/local/src/harbor]# [root@docker104.yinzhengjie.org.cn /usr/local/src/harbor]# ll total 572840 drwxr-xr-x 4 root root 37 Jan 28 07:07 common -rw-r--r-- 1 root root 939 Apr 1 2019 docker-compose.chartmuseum.yml -rw-r--r-- 1 root root 975 Apr 1 2019 docker-compose.clair.yml -rw-r--r-- 1 root root 1434 Apr 1 2019 docker-compose.notary.yml -rw-r--r-- 1 root root 5608 Apr 1 2019 docker-compose.yml -rw-r--r-- 1 root root 8045 Jan 28 07:07 harbor.cfg -rw-r--r-- 1 root root 585234819 Apr 1 2019 harbor.v1.7.5.tar.gz -rwxr-xr-x 1 root root 5739 Apr 1 2019 install.sh -rw-r--r-- 1 root root 11347 Apr 1 2019 LICENSE -rw-r--r-- 1 root root 1263409 Apr 1 2019 open_source_license -rwxr-xr-x 1 root root 36337 Apr 1 2019 prepare [root@docker104.yinzhengjie.org.cn /usr/local/src/harbor]# [root@docker104.yinzhengjie.org.cn /usr/local/src/harbor]#
二.两个Harbor服务器创建相同的镜像仓库名称
1>.docker103.yinzhengjie.org.cn已经存在"base_images"仓库
2>.docker103.yinzhengjie.org.cn的"base_images"仓库已经存在咱们之前上传的镜像文件
3>.docker104.yinzhengjie.org.cn刚刚安装完并没有任何的仓库
4>.docker104.yinzhengjie.org.cn节点创建"base_images"仓库
5>.docker104.yinzhengjie.org.cn节点创建"base_images"仓库
6>.新建镜像仓库目标
7>.新建目标
如果上面步骤你点击"测试连接"时返回失败的话,请参考日志信息,不瞒你说,我最开始执行这步骤操作就报错了,查看日志(默认日志存放路径在"/var/log/harbor/")如下图所示,所示ping不通目标主机,但是主机信息我已经在本地"/etc/hosts"文件做了相应的解析,手动测试ping命令也是好使的,最终无奈之下我只有将harbor.cfg文件中的hostname属性改为IP地址并重新执行安装命令问题得到解决。
8>.目标新建成功
9>.点击"复制管理",再点击"新建规则"
10>.根据实际情况自定义规则,并点击保存按钮
11>.规则创建成功
12>.规则创建成功后并不会立即进行复制,而是需要在172.200.3.103节点上创建相同的规则,将目标指向172.200.3.104
13>.在"172.200.3.103"节点上新建目标
14>.在"172.200.3.103"节点上目标新建成功
15>.在"172.200.3.103"节点上新建规则
16>.在"172.200.3.103"节点上规则新建成功
17>.再次观察"172.200.3.104"节点,发现镜像数据同步成功啦
三.上传镜像到172.200.3.104节点上
1>.为镜像打tag
[root@docker101.yinzhengjie.org.cn ~]# docker image ls REPOSITORY TAG IMAGE ID CREATED SIZE centos-haproxy v1.8.20 1858fe05d96f 4 days ago 606MB registry latest 708bc6af7e5e 4 days ago 25.8MB tomcat-app01 v0.1 bf45c22f2d5b 5 days ago 983MB tomcat-base 8.5.50 9ff79f369094 6 days ago 968MB jdk-base 1.8.0_231 0f63a97ddc85 6 days ago 953MB centos-base 7.6.1810 b4931fd9ace2 6 days ago 551MB docker103.yinzhengjie.org.cn/base_images/centos-base v7.6.1810 b4931fd9ace2 6 days ago 551MB centos centos7.6.1810 f1cb7c7d58b7 10 months ago 202MB [root@docker101.yinzhengjie.org.cn ~]# [root@docker101.yinzhengjie.org.cn ~]# docker image tag tomcat-base:8.5.50 172.200.3.104/base_images/tomcat-base:v8.5.50 [root@docker101.yinzhengjie.org.cn ~]# [root@docker101.yinzhengjie.org.cn ~]# docker image ls REPOSITORY TAG IMAGE ID CREATED SIZE centos-haproxy v1.8.20 1858fe05d96f 4 days ago 606MB registry latest 708bc6af7e5e 4 days ago 25.8MB tomcat-app01 v0.1 bf45c22f2d5b 5 days ago 983MB 172.200.3.104/base_images/tomcat-base v8.5.50 9ff79f369094 6 days ago 968MB tomcat-base 8.5.50 9ff79f369094 6 days ago 968MB jdk-base 1.8.0_231 0f63a97ddc85 6 days ago 953MB centos-base 7.6.1810 b4931fd9ace2 6 days ago 551MB docker103.yinzhengjie.org.cn/base_images/centos-base v7.6.1810 b4931fd9ace2 6 days ago 551MB centos centos7.6.1810 f1cb7c7d58b7 10 months ago 202MB [root@docker101.yinzhengjie.org.cn ~]#
2>.登录172.200.3.104
[root@docker101.yinzhengjie.org.cn ~]# cat /etc/docker/daemon.json { "registry-mirrors": ["https://tuv7rqqq.mirror.aliyuncs.com"], "insecure-registries":["docker103.yinzhengjie.org.cn","docker104.yinzhengjie.org.cn"] } [root@docker101.yinzhengjie.org.cn ~]# [root@docker101.yinzhengjie.org.cn ~]# docker login docker104.yinzhengjie.org.cn Username: admin Password: WARNING! Your password will be stored unencrypted in /root/.docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store Login Succeeded [root@docker101.yinzhengjie.org.cn ~]# [root@docker101.yinzhengjie.org.cn ~]#
3>.上传镜像到docker104.yinzhengjie.org.cn失败
[root@docker101.yinzhengjie.org.cn ~]# cat /etc/docker/daemon.json { "registry-mirrors": ["https://tuv7rqqq.mirror.aliyuncs.com"], "insecure-registries":["docker104.yinzhengjie.org.cn","docker103.yinzhengjie.org.cn"] } [root@docker101.yinzhengjie.org.cn ~]# [root@docker101.yinzhengjie.org.cn ~]# docker push 172.200.3.104/base_images/tomcat-base:v8.5.50 The push refers to repository [172.200.3.104/base_images/tomcat-base] 84bb4f431a8f: Preparing 22ac492b2c15: Preparing fc1a47f2a301: Preparing 9f0513d2c943: Preparing a9a8bd89bd66: Preparing 0f448859d86e: Waiting 89169d87dbe2: Waiting denied: requested access to the resource is denied [root@docker101.yinzhengjie.org.cn ~]#
4>.上传镜像到172.200.3.104成功,并查看172.200.3.104的web UI
[root@docker101.yinzhengjie.org.cn ~]# vim /etc/docker/daemon.json [root@docker101.yinzhengjie.org.cn ~]# [root@docker101.yinzhengjie.org.cn ~]# cat /etc/docker/daemon.json { "registry-mirrors": ["https://tuv7rqqq.mirror.aliyuncs.com"], "insecure-registries":["172.200.3.104"] } [root@docker101.yinzhengjie.org.cn ~]# [root@docker101.yinzhengjie.org.cn ~]# systemctl daemon-reload [root@docker101.yinzhengjie.org.cn ~]# [root@docker101.yinzhengjie.org.cn ~]# systemctl restart docker [root@docker101.yinzhengjie.org.cn ~]# [root@docker101.yinzhengjie.org.cn ~]# docker login 172.200.3.104 Username: admin Password: WARNING! Your password will be stored unencrypted in /root/.docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store Login Succeeded [root@docker101.yinzhengjie.org.cn ~]# [root@docker101.yinzhengjie.org.cn ~]# docker push 172.200.3.104/base_images/tomcat-base:v8.5.50 The push refers to repository [172.200.3.104/base_images/tomcat-base] 84bb4f431a8f: Pushed 22ac492b2c15: Pushed fc1a47f2a301: Pushed 9f0513d2c943: Pushed a9a8bd89bd66: Pushed 0f448859d86e: Pushed 89169d87dbe2: Pushed v8.5.50: digest: sha256:5a1dd932e4a06e498cd2df876b23dae55da38c2361b345d7741efe4bce9c63ad size: 1789 [root@docker101.yinzhengjie.org.cn ~]#
5>."172.200.3.103"节点回自动复制镜像
6>.查看"172.200.3.103"节点的镜像仓库(自动同步了"172.200.3.104"的镜像仓库)
7>.在"172.200.3.103"节点上查看具体镜像信息
