溫馨提示×
您好,登錄后才能下訂單哦!
點擊 登錄注冊 即表示同意《億速云用戶服務條款》
您好,登錄后才能下訂單哦!
今天就跟大家聊聊有關Harbor多實例高可用共享存儲該怎么搭建,可能很多人都不太了解,為了讓大家更加了解,小編給大家總結了以下內容,希望大家根據這篇文章可以有所收獲。
多實例共享存儲架構圖
本文 LB 不使用 Nginx,使用阿里SLB。
1、共享存儲的選取,Harbor的后端存儲目前支持AWS S3、Openstack Swift, Ceph等。本文使用阿里云極速性NAS,磁盤IO性能比單塊磁盤讀寫性能要好。使用 NFS V3 版本掛載。
2、Session 不能在不同的實例上共享,所以Harbor Redis 需要單獨部署,并且多個實例連接相同的Redis。
3、Harbor多實例數據庫問題,必須單獨部署一個數據庫,并且多個實例連接相同的數據庫。
注意:生產環境如果使用阿里云NAS,推薦使用 極速性NAS,不推薦使用 通用型NAS。
阿里云NAS性能參考文檔 https://help.aliyun.com/document_detail/124577.html?spm=a2c4g.11186623.6.552.2eb05ea0HJUgUB
Harbor 選擇在線部署,使用 docker-compose 部署,docker-compose 和 Docker 部署環境本文不在介紹,網上可以搜索到相關文檔。
harbor1 和 harbor2 機器都需要執行掛載 NAS
配置開機自動掛載,打開 /etc/fstab 配置文件,添加掛載命令。
# 創建 NAS 掛載目錄 $ mkdir /data # 提高同時發起的NFS請求數量 $ sudo echo "options sunrpc tcp_slot_table_entries=128" >> /etc/modprobe.d/sunrpc.conf $ sudo echo "options sunrpc tcp_max_slot_table_entries=128" >> /etc/modprobe.d/sunrpc.conf
掛載NFS v4文件系統,添加以下命令:
file-system-id.region.nas.aliyuncs.com:/ /data nfs vers=4,minorversion=0,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,_netdev,noresvport 0 0
如果您要掛載NFS v3文件系統,添加以下命令:
file-system-id.region.nas.aliyuncs.com:/ /data nfs vers=3,nolock,proto=tcp,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,_netdev,noresvport 0 0
# 在 /etc/fstab 配置文件添加好掛載,并執行掛載 $ mount -a # 檢查掛載,如果結果中存在NFS文件系統的掛載地址,則說明掛載成功 $ df -h | grep aliyun
在 harbor1 機器上操作
# 在線部署Harbor $ cd /opt/ $ wget https://github.com/goharbor/harbor/releases/download/v2.2.1/harbor-online-installer-v2.2.1.tgz $ tar xf harbor-online-installer-v2.2.1.tgz $ cd /opt/harbor $ cp harbor.yml.tmpl harbor.yml # 創建harbor數據存儲 $ mkdir /data/harbor # 添加域名證書,已有域名SSL證書 $ mkdir /data/harbor/cert # 把SSL證書公鑰和私鑰上傳到 /data/harbor/cert 目錄中 $ scp harbor.example.pem root@192.168.10.10:/data/harbor/cert/ $ scp harbor.example.key root@192.168.10.10:/data/harbor/cert/ # 配置 harbor.yml 文件,下面是修改后文件與原文件比較結果 $ diff harbor.yml harbor.yml.tmpl 5c5 < hostname: harbor.example.com --- > hostname: reg.mydomain.com 17,18c17,18 < certificate: /data/harbor/cert/harbor.example.pem < private_key: /data/harbor/cert/harbor.example.key --- > certificate: /your/certificate/path > private_key: /your/private/key/path 29c29 < external_url: https://harbor.example.com --- > # external_url: https://reg.mydomain.com:8433 < data_volume: /data/harbor --- > data_volume: /data # 生成配置文件 $ cd /opt/harbor # harbor開啟helm charts 和 鏡像漏洞掃描 $ ./prepare --with-notary --with-trivy --with-chartmuseum # 安裝 $ ./install.sh --with-notary --with-trivy --with-chartmuseum # 查看 $ docker-compose ps
# 創建 postgres 和 redis 存儲目錄
$ mkdir -p /data/harbor-redis /data/harbor-postgresql
# 修改所屬組
$ chown -R 999.999 /data/harbor-redis /data/harbor-postgresql
# 創建 postgres 和 redis docker-compose.yml 文件 $ vim docker-compose.yml version: '2.3' services: redis: image: goharbor/redis-photon:v2.2.1 container_name: harbor-redis restart: always cap_drop: - ALL cap_add: - CHOWN - SETGID - SETUID volumes: - /data/harbor-redis:/var/lib/redis networks: - harbor-db ports: - 6379:6379 postgresql: image: goharbor/harbor-db:v2.2.1 container_name: harbor-postgresql restart: always cap_drop: - ALL cap_add: - CHOWN - DAC_OVERRIDE - SETGID - SETUID environment: POSTGRES_USER: postgres POSTGRES_PASSWORD: test2021 volumes: - /data/harbor-postgresql:/var/lib/postgresql/data:z networks: - harbor-db ports: - 5432:5432 networks: harbor-db: driver: bridge # 部署 postgres 和 redis $ docker-compose up -d
# 進入臨時harbor-db容器導出相關表及數據 $ docker exec -it -u postgres harbor-db bash # 導出數據 $ pg_dump -U postgres registry > /tmp/registry.sql $ pg_dump -U postgres notarysigner > /tmp/notarysigner.sql $ pg_dump -U postgres notaryserver > /tmp/notaryserver.sql # 將數據導入單獨部署的PostgreSQL數據庫 $ psql -h 192.168.10.10 -U postgres registry -W < /tmp/registry.sql $ psql -h 192.168.10.10 -U postgres notarysigner -W < /tmp/notarysigner.sql $ psql -h 192.168.10.10 -U postgres notaryserver -W < /tmp/notaryserver.sql
# 清理harbr數據和配置文件
$ cp -a /data/harbor/cert /tmp/
$ rm -rf /data/harbor/*
$ rm -rf /opt/harbor
$ cp -a /tmp/cert /data/harbor/
# 重新創建配置文件
$ cd /opt/
$ tar xf harbor-online-installer-v2.2.1.tgz
$ cd /opt/harbor
# 修改配置文件,連接單獨部署postgres和redis,注釋harbor自帶的postgres和redis
$ cp harbor.yml.tmpl harbor.yml
$ diff harbor.yml harbor.yml.tmpl
5c5
< hostname: harbor.example.com
---
> hostname: reg.mydomain.com
17,18c17,18
< certificate: /data/harbor/cert/harbor.example.pem
< private_key: /data/harbor/cert/harbor.example.key
---
> certificate: /your/certificate/path
> private_key: /your/private/key/path
29c29
< external_url: https://harbor.example.com
---
> # external_url: https://reg.mydomain.com:8433
37c37
< # database:
---
> database:
39c39
< # password: root123
---
> password: root123
41c41
< # max_idle_conns: 50
---
> max_idle_conns: 50
44c44
< # max_open_conns: 1000
---
> max_open_conns: 1000
47c47
< data_volume: /data/harbor
---
> data_volume: /data
135,158c135,158
< external_database:
< harbor:
< host: 192.168.10.10
< port: 5432
< db_name: registry
< username: postgres
< password: test2021
< ssl_mode: disable
< max_idle_conns: 50
< max_open_conns: 1000
< notary_signer:
< host: 192.168.10.10
< port: 5432
< db_name: notarysigner
< username: postgres
< password: test2021
< ssl_mode: disable
< notary_server:
< host: 192.168.10.10
< port: 5432
< db_name: notaryserver
< username: postgres
< password: test2021
< ssl_mode: disable
---
> # external_database:
> # harbor:
> # host: harbor_db_host
> # port: harbor_db_port
> # db_name: harbor_db_name
> # username: harbor_db_username
> # password: harbor_db_password
> # ssl_mode: disable
> # max_idle_conns: 2
> # max_open_conns: 0
> # notary_signer:
> # host: notary_signer_db_host
> # port: notary_signer_db_port
> # db_name: notary_signer_db_name
> # username: notary_signer_db_username
> # password: notary_signer_db_password
> # ssl_mode: disable
> # notary_server:
> # host: notary_server_db_host
> # port: notary_server_db_port
> # db_name: notary_server_db_name
> # username: notary_server_db_username
> # password: notary_server_db_password
> # ssl_mode: disable
161,175c161,175
< external_redis:
< # support redis, redis+sentinel
< # host for redis: <host_redis>:<port_redis>
< # host for redis+sentinel:
< # <host_sentinel1>:<port_sentinel1>,<host_sentinel2>:<port_sentinel2>,<host_sentinel3>:<port_sentinel3>
< host: 192.168.10.10:6379
< password:
< # sentinel_master_set must be set to support redis+sentinel
< #sentinel_master_set:
< # db_index 0 is for core, it's unchangeable
< registry_db_index: 1
< jobservice_db_index: 2
< chartmuseum_db_index: 3
< trivy_db_index: 5
< idle_timeout_seconds: 30
---
> # external_redis:
> # # support redis, redis+sentinel
> # # host for redis: <host_redis>:<port_redis>
> # # host for redis+sentinel:
> # # <host_sentinel1>:<port_sentinel1>,<host_sentinel2>:<port_sentinel2>,<host_sentinel3>:<port_sentinel3>
> # host: redis:6379
> # password:
> # # sentinel_master_set must be set to support redis+sentinel
> # #sentinel_master_set:
> # # db_index 0 is for core, it's unchangeable
> # registry_db_index: 1
> # jobservice_db_index: 2
> # chartmuseum_db_index: 3
> # trivy_db_index: 5
> # idle_timeout_seconds: 30
# 部署第一個節點 harbor $ cd /opt/harbor # harbor開啟helm charts 和 鏡像漏洞掃描 $ ./prepare --with-notary --with-trivy --with-chartmuseum # 安裝 $ ./install.sh --with-notary --with-trivy --with-chartmuseum # 查看 $ docker-compose ps # 拷貝配置到 harbor2 機器上 $ scp -r /opt/harbor 192.168.10.11:/opt/
在 harbor2 機器上操作
# 部署第二個節點 harbor $ cd /opt/harbor # harbor開啟helm charts 和 鏡像漏洞掃描 $ ./prepare --with-notary --with-trivy --with-chartmuseum # 安裝 $ ./install.sh --with-notary --with-trivy --with-chartmuseum # 查看 $ docker-compose ps
這里不具體介紹SLB配置方法,具體配置方法參考下面阿里云SLB配置文檔,配置 443端口,使用 TCP 協議,后端映射到兩臺 harbor1 和 harbor2 443端口上。
看完上述內容,你們對Harbor多實例高可用共享存儲該怎么搭建有進一步的了解嗎?如果還想了解更多知識或者相關內容,請關注億速云行業資訊頻道,感謝大家的支持。
免責聲明:本站發布的內容(圖片、視頻和文字)以原創、轉載和分享為主,文章觀點不代表本網站立場,如果涉及侵權請聯系站長郵箱:is@yisu.com進行舉報,并提供相關證據,一經查實,將立刻刪除涉嫌侵權內容。
