Harbor高可用部署

发表于2018年7月5日midas

系统:centos7
内核:Linux 3.10.0-693.el7.x86_64
环境:ceph01(172.16.10.181),ceph02(172.16.10.182)

拓扑图:

数据库使用外接的mysql redis解决后端数据高可用以及session 问题,ceph部署请参考https://blog.espnlol.com/?p=279

#安装daocker环境

yum install docker docker-compose -y
[root@ceph01 harbor]# docker --version
Docker version 1.13.1, build 94f4240/1.13.1
[root@ceph01 harbor]# docker-compose --version
docker-compose version 1.9.0, build 2585387

#下载并安装harbor-1.5.1

传送门:https://github.com/vmware/harbor/releases
wget https://storage.googleapis.com/harbor-releases/release-1.5.0/harbor-offline-installer-v1.5.1.tgz
tar -xf harbor-offline-installer-v1.5.1.tgz
#默认安装导出数据库
cd harbor
./prepare
./install.sh

#harbor数据导出

docker exec -ti 17e8b6e56df0 bash 
#数据库的默认密码在cat common/config/adminserver/env 中查看
mysqldump -u root -p --databases registry > registry.sql
#退出container,将备份的数据copy 出来
docker cp 2f2df11a189f:/registry.sql /tmp

#导入外部数据库

#数据库安装传送门https://blog.espnlol.com/?p=120
mysql -uharbor -h 172.16.10.6 -p
source /tmp/registry.sql
grant all on registry.* to 'harbor'@'%' IDENTIFIED BY 'harbor';
flush privileges;

#备份配置文件并更改配置文件

cp docker-compose.yml docker-compose.yml.bak
去掉mysql以及redis的镜像安装,以及检测关联
vi docker-compose.yml
'''''''
mysql:
image: vmware/harbor-db:v1.5.1
container_name: harbor-db
restart: always
volumes:
- /data/database:/var/lib/mysql:z
networks:
- harbor
env_file:
- ./common/config/db/env
depends_on:
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "mysql"
'''''''
depends_on:
- redis (仅去除"- redis"这里方便为了查找留下了一小段)
- ui
- adminserver
''''''' 
redis:
image: vmware/redis-photon:v1.5.1
container_name: redis
restart: always
volumes:
- /data/redis:/data
networks:
- harbor
depends_on:
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "redis"
'''''''
depends_on:
- mysql (仅去除"- mysql"这里方便为了查找留下了一小段)
- registry
- ui
- log
'''''''

#修改harbor引入的环境变量
vi common/templates/adminserver/env
MYSQL_HOST=$mysqlip
MYSQL_PORT=3306
MYSQL_USR=harbor
MYSQL_PWD=harbor 
# 这里不需要修改密码,直接在harbor.cfg 中修改db_password 密码,然后传入变量进来 
RESET=true

#修改redis
vim common/templates/ui/env 将默认替换成下面的
_REDIS_URL=reids_ip:port,100,redis_password,0
_REDIS_URL=$redsip:6379,100,$passwd,0

#修改配置harbor.conf
vim harbor.cf
''''''
hostname 172.16.10.181
''''''
#The address of the Harbor database. Only need to change when using external db.
db_host = $mysqlip
#The password for the root user of Harbor DB. Change this before any production use.
db_password = harbor
#The port of Harbor database host
db_port = 3306
#The user name of Harbor database
db_user = harbor
''''''
#The redis server address. Only needed in HA installation.
#address:port[,weight,password,db_index]
redis_url = $redisip:6379,100,$passwd,0
''''''

#安装harbor
./prepare 
./install.sh

#在其他机器上安装harbor

#打包已经编辑好的harbor
tar -zcf harbor.tar.gz harbor
#传到其他设备上
tar -xf harbor.tar.gz
cd harbor
./prepare 
./install.sh

#在LB上添加两台服务器,并设置成ip hash解析,已避免session 认证问题

#开启SSL登陆

#首先申请一个免费的泛域名证书,传送门:https://blog.espnlol.com/?p=143
#修改harbor.cfg

vi harbor.cfg
''''''
#The protocol for accessing the UI and token/notification service, by default it is http.
#It can be set to https if ssl is enabled on nginx.
ui_url_protocol = https
''''''
#The path of cert and key files for nginx, they are applied only the protocol is set to https
ssl_cert = /data/cert/fullchain1.pem
ssl_cert_key = /data/cert/privkey1.pem
''''''''

将证书信息传导/data/cert/下即可

./prepare
./install.sh

错误解决:

ERROR: Service ‘jobservice’ depends on service ‘redis’ which is undefined.

ERROR: Service ‘jobservice’ depends on service ‘mysql’ which is undefined.

发生上述问题,是由于删除了mysql级redis两个镜像之后,还有依赖检测

depends_on:
– mysql (仅去除”- mysql”这里方便为了查找留下了一小段)
– registry
– ui
– log

depends_on:
– redis (仅去除”- redis”这里方便为了查找留下了一小段)
– ui
– adminserver

删除掉mysql和redis的依赖就没问题了

此条目发表在kubernetes分类目录。将固定链接加入收藏夹。

发表回复

您的电子邮箱地址不会被公开。 必填项已用 * 标注