Docker镜像仓库Harbor主从镜像同步

一、部署主机角色说明

主机角色 IP地址 操作系统 摘要
主节点(Master) hz01-prod-ops-harbor-01(172.16.8.228) CentOS Linux release 7.3.1611 (Core) x86_64 harbor安装及配置
从节点(Node) hz01-prod-ops-harbor-02(172.16.8.245) CentOS Linux release 7.3.1611 (Core) X86-64 主节点数据复制

二、harbor 部署

  • 开源项目地址:https://github.com/vmware/harbor
  • 官方安装说明:https://github.com/vmware/harbor/blob/master/docs/installation_guide.md
  • 下载安装包并解压:
[root@hz01-prod-ops-harbor-02 /opt]# wget https://storage.googleapis.com/harbor-releases/release-1.4.0/harbor-online-installer-v1.4.0-rc2.tgz
[root@hz01-prod-ops-harbor-02 /opt]# tar xvf harbor-online-installer-v1.4.0-rc2.tgz
  • 安装docker-compose
[root@hz01-prod-ops-harbor-02 /opt/harbor]# yum install python-pip
[root@hz01-prod-ops-harbor-02 /opt/harbor]# yum install docker-compose
  • 修改镜像源
[root@hz01-prod-ops-harbor-01 /opt/harbor]# vim /etc/sysconfig/docker
{
 "registry-mirrors": ["http://ef017c13.m.daocloud.io"]
}
  • 修改harbor配置
[root@hz01-prod-ops-harbor-02 /opt/harbor]# vim /opt/harbor/harbor.cfg
# hostname 设置访问地址,支持IP,域名,主机名,禁止设置127.0.0.1
hostname = reg.mydomain.com
# 访问协议,可设置 http,https
ui_url_protocol = http
# harbor WEB UI登陆使用的密码
harbor_admin_password = Harbor12345
# 认证方式,这里支持多种认证方式,默认是 db_auth ,既mysql数据库存储认证。
# 这里还支持 ldap 以及 本地文件存储方式。
auth_mode = db_auth
# mysql root 账户的 密码
db_password = root123
self_registration= on
use_compressed_js= on
max_job_workers= 3
verify_remote_cert= on
customize_crt= on
#这些需要修改的其他的参数可以保持默认
  • 安装harbor
[root@hz01-prod-ops-harbor-02 /opt/harbor]# cd /opt/harbor
[root@hz01-prod-ops-harbor-02 /opt/harbor]# ./install.sh

[root@hz01-prod-ops-harbor-02 /opt/harbor]# docker-compose ps
       Name                     Command               State                                Ports                              
------------------------------------------------------------------------------------------------------------------------------
harbor-adminserver   /harbor/start.sh                 Up                                                                      
harbor-db            /usr/local/bin/docker-entr ...   Up      3306/tcp                                                        
harbor-jobservice    /harbor/start.sh                 Up                                                                      
harbor-log           /bin/sh -c /usr/local/bin/ ...   Up      127.0.0.1:1514->10514/tcp                                       
harbor-ui            /harbor/start.sh                 Up                                                                      
nginx                nginx -g daemon off;             Up      0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp, 0.0.0.0:80->80/tcp
registry             /entrypoint.sh serve /etc/ ...   Up      5000/tcp
  • 通过终端登陆镜像仓库
[root@hz01-prod-ops-harbor-02 /opt/harbor]# docker login hz01-prod-ops-harbor-02.sysadmin.xinguangnet.com
Username: admin
Password: 
Error response from daemon: Get https://hz01-prod-ops-harbor-02/v1/users/: dial tcp 172.16.8.245:443: getsockopt: connection refused

#这里配置的是http,docker login默认走的是https.
#在下述文件中添加"--insecure-registry=hz01-prod-ops-harbor-02.sysadmin.xinguangnet.com"这里的域名可以是ip地址。

[root@hz01-prod-ops-harbor-02 /opt/harbor]# vim /etc/sysconfig/docker
OPTIONS='--selinux-enabled --log-driver=journald --signature-verification=false --insecure-registry=hz01-prod-ops-harbor-02.sysadmin.xinguangnet.com'
if [ -z "${DOCKER_CERT_PATH}" ]; then
    DOCKER_CERT_PATH=/etc/docker
fi

[root@hz01-prod-ops-harbor-02 /opt/harbor]# systemctl daemon-reload
[root@hz01-prod-ops-harbor-02 /opt/harbor]# systemctl restart docker

[root@hz01-prod-ops-harbor-02 /opt/harbor]# docker login hz01-prod-ops-harbor-02.sysadmin.xinguangnet.com
Username: admin
Password: 
Login Succeeded
  • 验证,推送镜像到harbor

登陆harbor,创建一个test测试的项目:


#公网上随便拉个镜像
[root@hz01-prod-ops-harbor-02 /opt/harbor]# docker pull mongo
[root@hz01-prod-ops-harbor-02 /opt/harbor]# docker images
REPOSITORY                            TAG                 IMAGE ID            CREATED             SIZE
docker.io/mongo                       latest              5b1317f8158f        7 days ago          365.9 MB
[root@hz01-prod-ops-harbor-02 /opt/harbor]# docker tag mongo hz01-prod-ops-harbor-02.sysadmin.xinguangnet.com/test/mongodb:1.0

[root@hz01-prod-ops-harbor-02 /opt/harbor]# docker images
REPOSITORY                                                      TAG                 IMAGE ID            CREATED             SIZE
docker.io/mongo                                                 latest              5b1317f8158f        7 days ago          365.9 MB
hz01-prod-ops-harbor-02.sysadmin.xinguangnet.com/test/mongodb   1.0                 5b1317f8158f        7 days ago          365.9 MB

[root@hz01-prod-ops-harbor-02 /opt/harbor]# docker push hz01-prod-ops-harbor-02.sysadmin.xinguangnet.com/test/mongodb:1.0
The push refers to a repository [hz01-prod-ops-harbor-02.sysadmin.xinguangnet.com/test/mongodb]
99099bc0f52d: Pushed 
5388bfbc2c01: Pushed 
d6ac487f7716: Pushed 
2ecbdcef31f1: Pushed 
4786aaf122f1: Pushed 
b597eb624250: Pushed 
d1a481118c6e: Pushed 
217a81d3bde9: Pushed 
54e8db6ab32d: Pushed 
43efe85a991c: Pushed 
1.0: digest: sha256:82fb1f2483179a7c26ac603d5ad0f9cf6992a27f272c82e277371a96657b799b size: 2407


三、配置docker镜像复制

  • 登陆master节点的web ui

根据上文创建一个openshift的项目,这里不做演示了。

  • 选择仓库管理,创建从节点的信息

  • 填写node节点的信息,并测试连接

  • 连接成功后,仓库管理会生成一条信息

  • 点击复制管理,添加一条复制策略

  • 新建复制规则,主要是复制源项目,目标节点,触发模式,之后选择保存

  • 复制管理会生成一条oepnshift复制的规则

  • 测试镜像复制策略是否生效
#推送一个镜像到openshift项目
[root@hz01-prod-ops-harbor-01 /root]# docker tag docker.io/mongo 172.16.8.228/openshift/mongodb:1.0

[root@hz01-prod-ops-harbor-01 /root]# docker push 172.16.8.228/openshift/mongodb:1.0
The push refers to a repository [172.16.8.228/openshift/mongodb]
99099bc0f52d: Pushed 
5388bfbc2c01: Pushed 
d6ac487f7716: Pushed 
2ecbdcef31f1: Pushed 
4786aaf122f1: Pushed 
b597eb624250: Pushed 
d1a481118c6e: Pushed 
217a81d3bde9: Pushed 
54e8db6ab32d: Pushed 
43efe85a991c: Pushed 
1.0: digest: sha256:82fb1f2483179a7c26ac603d5ad0f9cf6992a27f272c82e277371a96657b799b size: 2407
  • 在主节点web ui查看,生成了一条复制任务!

  • 在从节点web ui查看,已经从主节点把镜像复制过来了


四、数据库备份

#根据文件定义数据文件放在/data/database/目录下
[root@hz01-prod-ops-harbor-01 /opt/harbor]# vim docker-compose.yml
mysql:
    image: vmware/harbor-db:v1.4.0
    container_name: harbor-db
    restart: always
    volumes:
      - /data/database:/var/lib/mysql:z

[root@hz01-prod-ops-harbor-01 /data/database]# ls /data/database/
aria_log.00000001  aria_log_control  created_in_mariadb.flag  ib_buffer_pool  ibdata1  ib_logfile0  ib_logfile1  ibtmp1  multi-master.info  mysql  performance_schema  registry  tc.log


喜欢的话支付宝扫个赏金,,谢谢各位老板

Docker镜像仓库Harbor主从镜像同步_第1张图片


你可能感兴趣的:(docker)