高可用策略主流的策略有几种:1.Harbor做双主复制2.Harbor集群挂载分布式cephfs存储3.在k8s集群上部署harbor1。二一三是多节点,然后挂载分布式存储,然后使用单独的mysql数据库,保证数据的统一性。这样mysql数据和镜像仓库数据存在单点存储,故障难以恢复。安装运行复杂的问题2、双主复制不存在这些问题。数据多点存储,扩容和更改高可用模式的操作简单,可以换成master-master-slave模式。二。安装docker-compose#cat-a/etc/sysctl.conf<<-EOFnet.bridge.bridge-nf-call-ip6tables=1net.bridge.bridge-nf-call-iptables=1EOF然后重新加载sysctl.conf#sysctl-p最好在ifcnf-eth0配置dns参数,hosts一定不要配置域名和ip。安装docker-compose方法一curl-Lhttps://github.com/docker/compose/releases/download/1.18.0/docker-compose-`uname-s`-`uname-m`-o/usr/local/bin/docker-composechmod+x/usr/local/bin/docker-compose*查看版本docker-compose版本方法二CentOS:yuminstallepel-release-yyuminstallpython-pip-yUbuntu:apt-getinstallpython-pip-y#通用命令pip--versionpipinstall--upgradepippipinstall-U-ihttps://pypi.tuna.tsinghua.edu.cn/simpledocker-composedocker-composeversion这里使用方法二。安装Harbor的Harbor私有仓库中两个节点的安装步骤相同?下载Harbor安装文件从githubharbor官网的发布页面下载指定版本的安装包。1.在线安装包(不一定好用,自己找源)$wgethttps://github.com/vmware/harbor/releases/download/v1.1.2/harbor-online-installer-v1.1.2.tgz$tarxvfharbor-online-installer-v1.1.2.tgz2,离线安装包$wgethttps://github.com/vmware/harbor/releases/download/v1.1.2/harbor-offline-installer-v1.1.2。tgz$tarxvfharbor-offline-installer-v1.1.2.tgz这个离线安装。推荐使用第二种,因为第一种可能会因为官网源的网络波动导致在线安装失败。?配置Harbor解压后会在目录下生成一个harbor.conf文件,即Harbor的配置文件。#catharbor.cfg_version=1.5.0hostname=repository.skong.comui_url_protocol=httpsmax_job_workers=50customize_crt=onssl_cert=/data/harbor-data/cert/repository.crtssl_cert_key=/data/harbor-data/cert/repository.keysecretkey_path=/data/harbor-data/admiral_url=NAlog_rotate_count=50100k,size100Mandsize100Glog_rotate_size=200Mhttp_proxy=https_proxy=no_proxy=127.0.0.1,localhost,uiemail_identity=email_server=smtp.mydomain.comemail_server_port=25email_username=sample_mail_admin@mypasswordabcemail_from=adminemail_ssl=falsemail_insecure=falseharbor_admin_password=Harbor123456auth_mode=db_authldap_url=ldaps://ldap.mydomain.comldap_basedn=ou=people,dc=mydomain,dc=comldap_uid=uidldap_cert=2ldap_timeout=5=ldap_verifytrueldap_group_basedn=ou=group,dc=mydomain,dc=comldap_group_filter=objectclass=groupldap_group_gid=cnldap_group_scope=2token_expiration=30project_creation_restriction=everyonedb_host=mysqldb_password=root123db_port=3306db_user=rootredis_url=redis:6379clair_db_host=postgresclair_db_password=passwordclair_db_port=5432clair_db_username=postgresclair_db=postgresuaa_endpoint=uaa.mydomain.orguaa_clientid=iduaa_clientsecret=secretuaa_verify_cert=trueuaa_ca_cert=/path/to/ca.pemregistry_storage_provider_name=filesystemregistry_storage_provider_config=##############################################################创建harbor数据目录:#mkdir-pv/data/harbor-data/cert#catdocker-compose.ymlversion:'2'services:log:image:vmware/harbor-log:v1.5.0container_name:harbor-logrestart:alwaysvolumes:-/data/harbor-data/log/harbor/:/var/log/docker/:z-./common/config/log/:/etc/logrotate.d/:z端口:-127.0.0.1:1514:10514网络:-港口注册表:图像:vmware/registry-photon:v2.6.2-v1.5.0续ainer_name:registryrestart:alwaysvolumes:-/data/harbor-data/registry:/storage:z-./common/config/registry/:/etc/registry/:znetworks:-harbor环境:-GODEBUG=netdns=cgo命令:["serve","/etc/registry/config.yml"]depends_on:-loglogging:driver:"syslog"options:syslog-address:"tcp://127.0.0.1:1514"tag:"registry"mysql:image:vmware/harbor-db:v1.5.0container_name:harbor-dbrestart:alwaysvolumes:-/data/harbor-data/database:/var/lib/mysql:znetworks:-harborenv_file:-./common/config/db/envdepends_on:-loglogging:driver:"syslog"options:syslog-address:"tcp://127.0.0.1:1514"tag:"mysql"adminserver:image:vmware/harbor-adminserver:v1.5.0container_name:harbor-adminserverenv_file:-./common/config/adminserver/envrestart:alwaysvolumes:-/data/harbor-data/config/:/etc/adminserver/config/:z-/data/harbor-data/secretkey:/etc/adminserver/key:z-/data/harbor-data/:/data/:z网络:-harbordepends_on:-日志记录:驱动程序:“syslog”选项:syslog-address:“tcp://127.0.0.1:1514”标签:“adminserver”ui:图像:vmware/harbor-ui:v1.5.0container_name:harbor-uienv_file:-./common/config/ui/envrestart:alwaysvolumes:-./common/config/ui/app.conf:/etc/ui/app.conf:z-./common/config/ui/private_key.pem:/etc/ui/private_key.pem:z-./common/config/ui/certificates/:/etc/ui/certificates/:z-/data/harbor-data/secretkey:/etc/ui/key:z-/data/harbor-data/ca_download/:/etc/ui/ca/:z-/data/harbor-data/psc/:/etc/ui/token/:z网络:-harbordepends_on:-log-adminserver-registrylogging:driver:"syslog"options:syslog-a地址:“tcp://127.0.0.1:1514”标签:“ui”作业服务:图像:vmware/harbor-jobservice:v1.5.0container_name:harbor-jobserviceenv_file:-./common/config/jobservice/envrestart:始终卷:-/data/harbor-data/job_logs:/var/log/jobs:z-./common/config/jobservice/config.yml:/etc/jobservice/config.yml:z网络:-harbordepends_on:-redis-ui-adminserver日志记录:驱动程序:“syslog”选项:syslog-address:“tcp://127.0.0.1:1514”标签:“jobservice”redis:图像:vmware/redis-photon:v1.5.0container_name:redis重启:始终卷:-/data/harbor-data/redis:/datanetworks:-harbordepends_on:-loglogging:driver:"syslog"options:syslog-address:"tcp://127.0.0.1:1514"标签:“redis”代理:图像:vmware/nginx-photon:v1.5.0container_name:nginxrestart:alwaysvolumes:-./common/config/nginx:/etc/nginx:znetworks:-harborports:-80:80-443:443-4443:4443depends_on:-mysql-registry-ui-loglogging:driver:"syslog"options:syslog-address:"tcp://127.0.0.1:1514"tag:"proxy"networks:harbor:external:false*启动Harbor修改配置文件后,在Harbor当前目录执行./install.sh该服务会根据当前目录下的docker-compose.yml开始下载依赖镜像,依次检测并启动各个./install.sh。v3_ca中配置https域名证书等X509有一些问题#vim/etc/pki/tls/openssl.cnf[v3_ca]#ExtensionsforatypicalCAsubjectAltName=IP:192.168.0.64#Add因为要配??置https,你需要生成自签名证书#cd/data/harbor-data/cert#opensslreq-nodes-subj"/C=CN/ST=BeiJing/L=ChaoYao/CN=basic-repository.skong.com"-新密钥rsa:2048-keyoutbasic-repository.key-outbasic-repository.csr#opensslx509-req-days3650-inbasic-repository.csr-signkeybasic-repository.key-outbasic-repository.crt#opensslx509-req-inbasic-repository.csr-CAbasic-rerepository.crt-CAkeybasic-repository.key-CAcreateserial-outbasic-repository.crt-days10000*以下目录为nginx容器的cert目录:(不一定自己生成)#mkdir/data/harbor_install/harbor/common/config/nginx/cert/#ls/etc/docker/certs.d/basic-registry.skong.combasic-repository.skong.comredhat.comredhat.ioregistry.access.redhat.comregistry.skong.comrepository.skong.com#scp–abasic-repository.crtdocker-IP:/etc/docker/cert.d/basic-repository.skong.com*证书通过后在docker服务器上执行:#mkdir–pv/etc/docker/cert.d/basic-repository.skong.com#servicedockerrestart#dockerlogin-uadmin-pHarbor123456repository.skong.com1、StopHarbor#docker-composedown-vStoppingnginx...doneStoppingharbor-jobservice...done......Removingharbor-log...doneRemovingnetworkharbor_harbor#docker-composestop2、StartHarbor#docker-composeup-dCreatingnetwork"harbor_harbor"withthedefaultdriver创建港口日志…….....创建nginx创建harbor-jobservice...完成#docker-compose开始#docker-composeup–d3。当需要修改配置文件刷新配置时,需要执行:#./prepareTest:#dockerlogin-uadmin-pHarbor123456repository.skong.com#ls/etc/docker/certs.d/#dockerpullbasic-registry.skong.com/skong/dubbo:latest#dockerimages#dockertagbasic-registry.skong.com/skong/dubbo:latestrepository.skong.com/basic/dubbo:latest#dockerpushrepository.skong复制代码.com/basic/dubbo:最新
