Harbor私有镜像仓库的主从复制
六,harbor镜像的复制与同步
harbor私有仓库的主从复制,类似于MySQL,属于1对多的复制
![image_1ctv62ci816hr1mg4dkk9sighe8c.png-87.7kB][16]
##6.1 部署Harbor-Slave
请安装一个harbor私有仓库作为harbor的从库,域名为www2.yunjisuan.com
请参考Harbor-Master搭建过程
#主找从所以把证书给主一份
scp www2.yunjisuan.com.crt 192.168.200.138:/etc/pki/ca-trust/source/anchors/
#然后主得立即生效并重启dcoker.然后harbor还得重启启动进程
[root@wbq-harbor-master harbor]# update-ca-trust enable
[root@wbq-harbor-master harbor]# update-ca-trust extract
[root@wbq-harbor-master harbor]# systemctl restart docker
##6.2 搭建LDNS域名解析服务器
![image_1ctva0pg21bnisls1p79cdeatu9.png-86.6kB][19]
[root@localhost ~]# yum -y install bind bind-chroot bind-utils
[root@localhost ~]# cd /etc/
[root@localhost etc]# cp named.conf{,.bak}
#把配置文件修改成如下:
[root@localhost etc]# cat named.conf
options {
listen-on port 53 { 192.168.200.157; };
// listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
forwarders { 192.168.200.2; };
recursion yes;
dnssec-enable no;
dnssec-validation no;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "yunjisuan.com" IN {
type master;
file "yunjisuan.com.zone";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
#检查配置文件是否有错
[root@localhost etc]# named-checkconf /etc/named.conf
#创建正向解析文件
[root@localhost etc]# cd /var/named/
[root@localhost named]# ls
chroot dynamic named.empty named.loopback
data named.ca named.localhost slaves
[root@localhost named]# cp -p named.empty yunjisuan.com.zone
#把yunjisuan.com.zone修改成如下
[root@localhost named]# cat yunjisuan.com.zone
$TTL 1D
@ IN SOA yunjisuan.com. root.ns1.yunjisuan.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS ns1.yunjisuan.com.
ns1 A 192.168.200.157
www A 192.168.200.138
www2 A 192.168.200.156
#测试正向解析文件是否有错
[root@localhost named]# named-checkzone yunjisuan.com yunjisuan.com.zone
zone yunjisuan.com/IN: loaded serial 0
OK
#启动域名解析服务
[root@localhost named]# systemctl start named
[root@localhost named]# ss -antup | grep named
udp UNCONN 0 0 192.168.200.157:53 *:* users:(("named",pid=1837,fd=512))
tcp LISTEN 0 10 192.168.200.157:53 *:* users:(("named",pid=1837,fd=21))
tcp LISTEN 0 128 127.0.0.1:953 *:* users:(("named",pid=1837,fd=22))
tcp LISTEN 0 128 ::1:953 :::* users:(("named",pid=1837,fd=23))
#改一下DNS改成自己本机
[root@localhost named]# cat /etc/resolv.conf
#nameserver 192.168.200.2
nameserver 192.168.200.157
#用nslookup域名解析命令测试一下
[root@localhost named]# nslookup www.yunjisuan.com
Server: 192.168.200.157
Address: 192.168.200.157#53
Name: www.yunjisuan.com
Address: 192.168.200.138
[root@localhost named]# nslookup www2.yunjisuan.com
Server: 192.168.200.157
Address: 192.168.200.157#53
Name: www2.yunjisuan.com
Address: 192.168.200.156
[root@localhost named]# nslookup www.baidu.com
Server: 192.168.200.157
Address: 192.168.200.157#53
Non-authoritative answer:
www.baidu.com canonical name = www.a.shifen.com.
Name: www.a.shifen.com
Address: 61.135.169.125
Name: www.a.shifen.com
Address: 61.135.169.121
##6.3 建立主从复制
然后开始建立主从复制
![image_1ctv926qq9k6g791qp4ee11lsu9j.png-38.6kB][20]
![image_1ctv92ihan4lu61n4cksv197va0.png-41.4kB][21]
![image_1ctvc7nhi1d3go0561o1kjq6c3m.png-40.6kB][22]
#先清空一下日志
[root@wbq-harbor-master harbor]# cd /var/log/harbor/
[root@wbq-harbor-master harbor]# ls
adminserver.log jobservice.log notary-server.log redis.log
clair-db.log mysql.log notary-signer.log registry.log
clair.log notary-db.log proxy.log ui.log
[root@wbq-harbor-master harbor]# > ui.log
#然后在点击一下测试连接之后查看日志
![image_1ctvch1s3c4cvt7148tqsk1mc313.png-80.8kB][23]
因此发现,Harbor的主从复制是不找本地的hosts文件的,映射了也没有用. 它直接找DNS
把主的dns改成LDNS服务器的IP
[root@wbq-harbor-master harbor]# cat /etc/resolv.conf
nameserver 192.168.200.157
然后得重启harbor否则也不行 ,因为它读到缓存去了。
[root@wbq-harbor-master harbor]# docker-compose down
[root@wbq-harbor-master harbor]# ./prepare
[root@wbq-harbor-master harbor]# ./install.sh --with-clair
刷新网页,在测试连接
![image_1ctvddv38f26hsf1qg6135h6jg9.png-32.5kB][24]
##6.4启用主从复制
![image_1ctvdifb31i321re1r3s1hlh1ov5m.png-50kB][25]
![image_1ctvdjd2qruc2aocki1aad8bc13.png-41.1kB][26]
![image_1ctvdnukh1a9h11uv1k6b198816ae1g.png-63.1kB][27]
![image_1ctvdp1uebv71cu1aoirq7qch1t.png-95.5kB][28]
在看从的,就把镜像复制过去了 一开始没有任何镜像的
![image_1ctvds18pn1j1lf6b4v1o9a13lv2a.png-78.7kB][29]
在上传一个镜像 看看效果
[root@wbq-harbor-master harbor]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos latest 75835a67d134 8 weeks ago 200MB
www.yunjisuan.com/library/centos v1 75835a67d134 8 weeks ago 200MB
hello-world latest 4ab4c602aa5e 2 months ago 1.84kB
www.yunjisuan.com/library/hello-world v1 4ab4c602aa5e 2 months ago 1.84kB
#上传
[root@wbq-harbor-master harbor]# docker push www.yunjisuan.com/library/hello-world:v1
The push refers to repository [www.yunjisuan.com/library/hello-world]
428c97da766c: Pushed
v1: digest: sha256:1a6fd470b9ce10849be79e99529a88371dff60c60aab424c077007f6979b4812 size: 524
主的已经是2个镜像了
在看从的也变成2个镜像了
这样主从复制就搭建完成了