harborV1.10.1 基于复制策略同步测试

harborV1.10.1 基于复制策略同步测试

三月 06, 2020

复制原理: harbor的复制案例是基于harbor的registry复制策略进行设置的
双主复制:其实就是复用主从同步实现两个harbor节点之间的双向同步
测试环境:使用docker部署启动,两个节点互为主从进行同步

测试过程:
CA认证

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
[root@VM_0_6_centos ~]# mkdir /data/ssl
[root@VM_0_6_centos ~]# cd /data/ssl/
[root@VM_0_6_centos ssl]# yum install openssl
已加载插件:fastestmirror, langpacks
Loading mirror speeds from cached hostfile
epel | 5.3 kB 00:00:00
extras | 2.9 kB 00:00:00
os | 3.6 kB 00:00:00
updates | 2.9 kB 00:00:00
(1/2): epel/7/x86_64/updateinfo | 1.0 MB 00:00:00
(2/2): epel/7/x86_64/primary_db | 6.7 MB 00:00:00
软件包 1:openssl-1.0.2k-19.el7.x86_64 已安装并且是最新版本
无须任何处理
[root@VM_0_6_centos ssl]# openssl req -newkey rsa:4096 -nodes -sha256 -keyout ca.key -x509 -days 365 -out ca.crt
Generating a 4096 bit RSA private key
.......++
.................................................................................++
writing new private key to 'ca.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:Shenzhen
Locality Name (eg, city) [Default City]:Shenzhen
Organization Name (eg, company) [Default Company Ltd]:lumitest
Organizational Unit Name (eg, section) []:lumitest
Common Name (eg, your name or your server's hostname) []:www.lumitest.com
Email Address []:
[root@VM_0_6_centos ssl]# ls
ca.crt ca.key
[root@VM_0_6_centos ssl]# openssl req -newkey rsa:4096 -nodes -sha256 -keyout www.lumitest.com.key -out www.lumitest.com.csr
Generating a 4096 bit RSA private key
.........++
.....................................................++
writing new private key to 'www.lumitest.com.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:Shenzhen
Locality Name (eg, city) [Default City]:Shenzhen
Organization Name (eg, company) [Default Company Ltd]:lumitest
Organizational Unit Name (eg, section) []:lumitest
Common Name (eg, your name or your server's hostname) []:www.lumitest.com
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@VM_0_6_centos ssl]# ls
ca.crt ca.key www.lumitest.com.csr www.lumitest.com.key
[root@VM_0_6_centos ssl]# openssl x509 -req -days 365 -in www.lumitest.com.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out www.lumitest.com.crt
Signature ok
subject=/C=CN/ST=Shenzhen/L=Shenzhen/O=lumitest/OU=lumitest/CN=www.lumitest.com
Getting CA Private Key
[root@VM_0_6_centos ssl]# ls
ca.crt ca.key ca.srl www.lumitest.com.crt www.lumitest.com.csr www.lumitest.com.key
[root@VM_0_6_centos ssl]# ls /etc/pki/ca-trust/source/anchors/
[root@VM_0_6_centos ssl]# cp www.lumitest.com.crt /etc/pki/ca-trust/source/anchors/
[root@VM_0_6_centos ssl]# update
update-alternatives updatedb update-pciids
update-ca-trust update-mime-database
[root@VM_0_6_centos ssl]# update-ca-trust enable
[root@VM_0_6_centos ssl]# update-ca-trust extract

[root@VM_0_6_centos ssl]# mkdir /etc/ssl/harbor
[root@VM_0_6_centos ssl]# cp www.lumitest.com.crt www.lumitest.com.key /etc/ssl/harbor/
[root@VM_0_6_centos ssl]# ls /etc/ssl/harbor/
www.lumitest.com.crt www.lumitest.com.key

查看环境

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
[root@VM_0_6_centos ssl]# sestatus
SELinux status: disabled
[root@VM_0_6_centos ssl]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
Active: inactive (dead)
Docs: man:firewalld(1)

[root@VM_0_6_centos harbor]# docker --version
Docker version 1.13.1, build 4ef4b30/1.13.1
[root@VM_0_6_centos harbor]# yum remove docker \
docker-client \
docker-client-latest \
docker-common \
docker-latest \
docker-latest-logrotate \
docker-logrotate \
docker-engine
已加载插件:fastestmirror, langpacks
参数 docker-client-latest 没有匹配
参数 docker-latest 没有匹配
参数 docker-latest-logrotate 没有匹配
参数 docker-logrotate 没有匹配
参数 docker-engine 没有匹配
正在解决依赖关系
--> 正在检查事务
---> 软件包 docker.x86_64.2.1.13.1-108.git4ef4b30.el7.centos 将被 删除
---> 软件包 docker-client.x86_64.2.1.13.1-108.git4ef4b30.el7.centos 将被 删除
---> 软件包 docker-common.x86_64.2.1.13.1-108.git4ef4b30.el7.centos 将被 删除
--> 解决依赖关系完成

依赖关系解决

=================================================================================================
Package 架构 版本 源 大小
=================================================================================================
正在删除:
docker x86_64 2:1.13.1-108.git4ef4b30.el7.centos @extras 65 M
docker-client x86_64 2:1.13.1-108.git4ef4b30.el7.centos @extras 13 M
docker-common x86_64 2:1.13.1-108.git4ef4b30.el7.centos @extras 4.4 k

事务概要
=================================================================================================
移除 3 软件包

安装大小:77 M
是否继续?[y/N]:y
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
正在删除 : 2:docker-1.13.1-108.git4ef4b30.el7.centos.x86_64 1/3
警告:/etc/sysconfig/docker-storage 已另存为 /etc/sysconfig/docker-storage.rpmsave
正在删除 : 2:docker-client-1.13.1-108.git4ef4b30.el7.centos.x86_64 2/3
正在删除 : 2:docker-common-1.13.1-108.git4ef4b30.el7.centos.x86_64 3/3
验证中 : 2:docker-common-1.13.1-108.git4ef4b30.el7.centos.x86_64 1/3
验证中 : 2:docker-1.13.1-108.git4ef4b30.el7.centos.x86_64 2/3
验证中 : 2:docker-client-1.13.1-108.git4ef4b30.el7.centos.x86_64 3/3

删除:
docker.x86_64 2:1.13.1-108.git4ef4b30.el7.centos
docker-client.x86_64 2:1.13.1-108.git4ef4b30.el7.centos
docker-common.x86_64 2:1.13.1-108.git4ef4b30.el7.centos

完毕!
[root@VM_0_6_centos harbor]# yum install -y yum-utils \
device-mapper-persistent-data \
lvm2
已加载插件:fastestmirror, langpacks
Loading mirror speeds from cached hostfile
软件包 yum-utils-1.1.31-52.el7.noarch 已安装并且是最新版本
软件包 device-mapper-persistent-data-0.8.5-1.el7.x86_64 已安装并且是最新版本
软件包 7:lvm2-2.02.185-2.el7_7.2.x86_64 已安装并且是最新版本
无须任何处理
[root@VM_0_6_centos harbor]# yum-config-manager \
--add-repo \
https://download.docker.com/linux/centos/docker-ce.repo
已加载插件:fastestmirror, langpacks
adding repo from: https://download.docker.com/linux/centos/docker-ce.repo
grabbing file https://download.docker.com/linux/centos/docker-ce.repo to /etc/yum.repos.d/docker-ce.repo
repo saved to /etc/yum.repos.d/docker-ce.repo
[root@VM_0_6_centos harbor]# yum install docker-ce docker-ce-cli containerd.io
已加载插件:fastestmirror, langpacks
Loading mirror speeds from cached hostfile
docker-ce-stable | 3.5 kB 00:00:00
(1/2): docker-ce-stable/x86_64/updateinfo | 55 B 00:00:00
(2/2): docker-ce-stable/x86_64/primary_db | 38 kB 00:00:00
正在解决依赖关系
--> 正在检查事务
---> 软件包 containerd.io.x86_64.0.1.2.10-3.2.el7 将被 安装
---> 软件包 docker-ce.x86_64.3.19.03.6-3.el7 将被 安装
---> 软件包 docker-ce-cli.x86_64.1.19.03.6-3.el7 将被 安装
--> 解决依赖关系完成

依赖关系解决

=================================================================================================
Package 架构 版本 源 大小
=================================================================================================
正在安装:
containerd.io x86_64 1.2.10-3.2.el7 docker-ce-stable 23 M
docker-ce x86_64 3:19.03.6-3.el7 docker-ce-stable 24 M
docker-ce-cli x86_64 1:19.03.6-3.el7 docker-ce-stable 40 M

事务概要
=================================================================================================
安装 3 软件包

总下载量:87 M
安装大小:363 M
Is this ok [y/d/N]: y
Downloading packages:
警告:/var/cache/yum/x86_64/7/docker-ce-stable/packages/containerd.io-1.2.10-3.2.el7.x86_64.rpm: 头V4 RSA/SHA512 Signature, 密钥 ID 621e9f35: NOKEY
containerd.io-1.2.10-3.2.el7.x86_64.rpm 的公钥尚未安装
(1/3): containerd.io-1.2.10-3.2.el7.x86_64.rpm | 23 MB 00:00:33
(2/3): docker-ce-cli-19.03.6-3.el7.x86_64.rpm | 40 MB 00:01:08
docker-ce-19.03.6-3.el7.x86_64 FAILED MB 418:34:55 ETA
https://download.docker.com/linux/centos/7/x86_64/stable/Packages/docker-ce-19.03.6-3.el7.x86_64.rpm: [Errno 12] Timeout on https://download.docker.com/linux/centos/7/x86_64/stable/Packages/docker-ce-19.03.6-3.el7.x86_64.rpm: (28, 'Operation too slow. Less than 1000 bytes/sec transferred the last 30 seconds')
正在尝试其它镜像。
docker-ce-19.03.6-3.el7.x86_64 FAILED MB 2053:51:03 ETA
https://download.docker.com/linux/centos/7/x86_64/stable/Packages/docker-ce-19.03.6-3.el7.x86_64.rpm: [Errno 12] Timeout on https://download.docker.com/linux/centos/7/x86_64/stable/Packages/docker-ce-19.03.6-3.el7.x86_64.rpm: (28, 'Operation too slow. Less than 1000 bytes/sec transferred the last 30 seconds')
正在尝试其它镜像。
(3/3): docker-ce-19.03.6-3.el7.x86_64.rpm | 24 MB 00:00:22
-------------------------------------------------------------------------------------------------
总计 358 kB/s | 87 MB 00:04:09
从 https://download.docker.com/linux/centos/gpg 检索密钥
导入 GPG key 0x621E9F35:
用户ID : "Docker Release (CE rpm) <docker@docker.com>"
指纹 : 060a 61c5 1b55 8a7f 742b 77aa c52f eb6b 621e 9f35
来自 : https://download.docker.com/linux/centos/gpg
是否继续?[y/N]:y
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
正在安装 : containerd.io-1.2.10-3.2.el7.x86_64 1/3
正在安装 : 1:docker-ce-cli-19.03.6-3.el7.x86_64 2/3
正在安装 : 3:docker-ce-19.03.6-3.el7.x86_64 3/3
验证中 : 3:docker-ce-19.03.6-3.el7.x86_64 1/3
验证中 : 1:docker-ce-cli-19.03.6-3.el7.x86_64 2/3
验证中 : containerd.io-1.2.10-3.2.el7.x86_64 3/3

已安装:
containerd.io.x86_64 0:1.2.10-3.2.el7 docker-ce.x86_64 3:19.03.6-3.el7
docker-ce-cli.x86_64 1:19.03.6-3.el7

完毕!
[root@VM_0_6_centos harbor]# systemctl start docker
[root@VM_0_6_centos harbor]# docker --version
Docker version 19.03.6, build 369ce74a3c

配置harbor:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
[root@VM_0_6_centos harbor]# cat harbor.yml
# Configuration file of Harbor

# The IP address or hostname to access admin UI and registry service.
# DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
hostname: www.lumitest.com

# http related config
http:
# port for http, default is 80. If https enabled, this port will redirect to https port
port: 80

# https related config
https:
# https port for harbor, default is 443
port: 443
# The path of cert and key files for nginx
certificate: /etc/ssl/harbor/www.lumitest.com.crt
private_key: /etc/ssl/harbor/www.lumitest.com.key

# Uncomment external_url if you want to enable external proxy
# And when it enabled the hostname will no longer used
# external_url: https://reg.mydomain.com:8433

# The initial password of Harbor admin
# It only works in first time to install harbor
# Remember Change the admin password from UI after launching Harbor.
harbor_admin_password: your_passwd

# Harbor DB configuration
database:
# The password for the root user of Harbor DB. Change this before any production use.
password: your_passwd
# The maximum number of connections in the idle connection pool. If it <=0, no idle connections are retained.
max_idle_conns: 50
# The maximum number of open connections to the database. If it <= 0, then there is no limit on the number of open connections.
# Note: the default number of connections is 100 for postgres.
max_open_conns: 100

# The default data volume
data_volume: /data/registry/

# Harbor Storage settings by default is using /data dir on local filesystem
# Uncomment storage_service setting If you want to using external storage
# storage_service:
# # ca_bundle is the path to the custom root ca certificate, which will be injected into the truststore
# # of registry's and chart repository's containers. This is usually needed when the user hosts a internal storage with self signed certificate.
# ca_bundle:

# # storage backend, default is filesystem, options include filesystem, azure, gcs, s3, swift and oss
# # for more info about this configuration please refer https://docs.docker.com/registry/configuration/
# filesystem:
# maxthreads: 100
# # set disable to true when you want to disable registry redirect
# redirect:
# disabled: false

# Clair configuration
clair:
# The interval of clair updaters, the unit is hour, set to 0 to disable the updaters.
updaters_interval: 12

jobservice:
# Maximum number of job workers in job service
max_job_workers: 10

notification:
# Maximum retry count for webhook job
webhook_job_max_retry: 10

chart:
# Change the value of absolute_url to enabled can enable absolute url in chart
absolute_url: disabled

# Log configurations
log:
# options are debug, info, warning, error, fatal
level: info
# configs for logs in local storage
local:
# Log files are rotated log_rotate_count times before being removed. If count is 0, old versions are removed rather than rotated.
rotate_count: 50
# Log files are rotated only if they grow bigger than log_rotate_size bytes. If size is followed by k, the size is assumed to be in kilobytes.
# If the M is used, the size is in megabytes, and if G is used, the size is in gigabytes. So size 100, size 100k, size 100M and size 100G
# are all valid.
rotate_size: 200M
# The directory on your host that store log
location: /var/log/harbor

# Uncomment following lines to enable external syslog endpoint.
# external_endpoint:
# # protocol used to transmit log to external endpoint, options is tcp or udp
# protocol: tcp
# # The host of external endpoint
# host: localhost
# # Port of external endpoint
# port: 5140

#This attribute is for migrator to detect the version of the .cfg file, DO NOT MODIFY!
_version: 1.10.0

# Uncomment external_database if using external database.
# external_database:
# harbor:
# host: harbor_db_host
# port: harbor_db_port
# db_name: harbor_db_name
# username: harbor_db_username
# password: harbor_db_password
# ssl_mode: disable
# max_idle_conns: 2
# max_open_conns: 0
# clair:
# host: clair_db_host
# port: clair_db_port
# db_name: clair_db_name
# username: clair_db_username
# password: clair_db_password
# ssl_mode: disable
# notary_signer:
# host: notary_signer_db_host
# port: notary_signer_db_port
# db_name: notary_signer_db_name
# username: notary_signer_db_username
# password: notary_signer_db_password
# ssl_mode: disable
# notary_server:
# host: notary_server_db_host
# port: notary_server_db_port
# db_name: notary_server_db_name
# username: notary_server_db_username
# password: notary_server_db_password
# ssl_mode: disable

# Uncomment external_redis if using external Redis server
# external_redis:
# host: redis
# port: 6379
# password:
# # db_index 0 is for core, it's unchangeable
# registry_db_index: 1
# jobservice_db_index: 2
# chartmuseum_db_index: 3
# clair_db_index: 4

# Uncomment uaa for trusting the certificate of uaa instance that is hosted via self-signed cert.
# uaa:
# ca_file: /path/to/ca

# Global proxy
# Config http proxy for components, e.g. http://my.proxy.com:3128
# Components doesn't need to connect to each others via http proxy.
# Remove component from `components` array if want disable proxy
# for it. If you want use proxy for replication, MUST enable proxy
# for core and jobservice, and set `http_proxy` and `https_proxy`.
# Add domain to the `no_proxy` field, when you want disable proxy
# for some special registry.
proxy:
http_proxy:
https_proxy:
# no_proxy endpoints will appended to 127.0.0.1,localhost,.local,.internal,log,db,redis,nginx,core,portal,postgresql,jobservice,registry,registryctl,clair,chartmuseum,notary-server
no_proxy:
components:
- core
- jobservice
- clair

启动:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
[root@VM_0_6_centos harbor]# ./install.sh --with-notary --with-clair

[Step 0]: checking if docker is installed ...

Note: docker version: 19.03.6

[Step 1]: checking docker-compose is installed ...

Note: docker-compose version: 1.25.4

[Step 2]: loading Harbor images ...
47a4bb1cfbc7: Loading layer 34.26MB/34.26MB
c2d9cf7a4eaf: Loading layer 9.056MB/9.056MB
32b7eca4f03e: Loading layer 9.71MB/9.71MB
5d104292391f: Loading layer 9.71MB/9.71MB
Loaded image: goharbor/clair-adapter-photon:v1.0.1-v1.10.1
0039915754c6: Loading layer 12.83MB/12.83MB
0a4ba5bc8bc2: Loading layer 49.37MB/49.37MB
Loaded image: goharbor/harbor-jobservice:v1.10.1
db95a8bece9e: Loading layer 78.32MB/78.32MB
f9aa9f9a3393: Loading layer 3.072kB/3.072kB
f0baa86a6ccd: Loading layer 59.9kB/59.9kB
2b8f0a44b78f: Loading layer 61.95kB/61.95kB
Loaded image: goharbor/redis-photon:v1.10.1
a9f6374f6301: Loading layer 9.05MB/9.05MB
b3c39a738965: Loading layer 6.239MB/6.239MB
dce1aa68054e: Loading layer 16.04MB/16.04MB
612aac9b538e: Loading layer 28.24MB/28.24MB
8612386fb841: Loading layer 22.02kB/22.02kB
53883649d694: Loading layer 50.52MB/50.52MB
Loaded image: goharbor/notary-server-photon:v0.6.1-v1.10.1
f3967aa0de5f: Loading layer 115.8MB/115.8MB
42fd590be962: Loading layer 12.14MB/12.14MB
096b03f3e32b: Loading layer 3.072kB/3.072kB
aa66bf3b8224: Loading layer 49.15kB/49.15kB
8e76391190c9: Loading layer 3.584kB/3.584kB
131573c722d5: Loading layer 13.02MB/13.02MB
Loaded image: goharbor/clair-photon:v2.1.1-v1.10.1
69e43242ff64: Loading layer 50.39MB/50.39MB
5a3a8e835993: Loading layer 3.584kB/3.584kB
4dff480c159c: Loading layer 3.072kB/3.072kB
2be454a39481: Loading layer 2.56kB/2.56kB
d6b4877d5c4e: Loading layer 3.072kB/3.072kB
609537197cce: Loading layer 3.584kB/3.584kB
b52d06cad304: Loading layer 12.29kB/12.29kB
Loaded image: goharbor/harbor-log:v1.10.1
badcf9296df7: Loading layer 9.056MB/9.056MB
8b17ed0102b2: Loading layer 3.584kB/3.584kB
4d1cd50b8d4f: Loading layer 3.072kB/3.072kB
491c41e50d6a: Loading layer 21.76MB/21.76MB
0101dc4148c7: Loading layer 22.59MB/22.59MB
Loaded image: goharbor/registry-photon:v2.7.1-patch-2819-2553-v1.10.1
77965b8f534b: Loading layer 14.61MB/14.61MB
940bf05c9601: Loading layer 28.24MB/28.24MB
7ca206eb72e3: Loading layer 22.02kB/22.02kB
9898774a5bad: Loading layer 49.09MB/49.09MB
Loaded image: goharbor/notary-signer-photon:v0.6.1-v1.10.1
86340c56281e: Loading layer 9.055MB/9.055MB
8ac45c34690f: Loading layer 42.31MB/42.31MB
4aa70453f992: Loading layer 3.072kB/3.072kB
6cbc6ab111b2: Loading layer 3.584kB/3.584kB
d6d7b70c18b5: Loading layer 43.14MB/43.14MB
Loaded image: goharbor/chartmuseum-photon:v0.9.0-v1.10.1
07efa003923d: Loading layer 9.056MB/9.056MB
96dd65c291de: Loading layer 3.584kB/3.584kB
802a1397679e: Loading layer 21.76MB/21.76MB
92c283f6895a: Loading layer 3.072kB/3.072kB
8b61b91240a6: Loading layer 8.662MB/8.662MB
1fd753477b6f: Loading layer 31.24MB/31.24MB
Loaded image: goharbor/harbor-registryctl:v1.10.1
48cda078e98d: Loading layer 10.89MB/10.89MB
Loaded image: goharbor/nginx-photon:v1.10.1
2c00d9af2c3f: Loading layer 34.31MB/34.31MB
0e4ae15c3d4e: Loading layer 339.9MB/339.9MB
27810c9ff1a9: Loading layer 135.2kB/135.2kB
Loaded image: goharbor/harbor-migrator:v1.10.1
93e0577272a9: Loading layer 34.24MB/34.24MB
fb3507ff707e: Loading layer 117.4MB/117.4MB
f59c6315bf8a: Loading layer 42.32MB/42.32MB
5c5501748347: Loading layer 2.56kB/2.56kB
3710d94e58dd: Loading layer 1.536kB/1.536kB
06e0f1585c01: Loading layer 166.4kB/166.4kB
bf5ac9b9c61c: Loading layer 3.01MB/3.01MB
Loaded image: goharbor/prepare:v1.10.1
9ea2dad46741: Loading layer 10.89MB/10.89MB
b280b9e7ca3b: Loading layer 7.696MB/7.696MB
a1ce7c1130ee: Loading layer 223.2kB/223.2kB
3b0492a7358b: Loading layer 195.1kB/195.1kB
c64d6e6c80dd: Loading layer 15.36kB/15.36kB
ace4e9064f06: Loading layer 3.584kB/3.584kB
Loaded image: goharbor/harbor-portal:v1.10.1
b74d8257d4e7: Loading layer 12.83MB/12.83MB
92f141040819: Loading layer 42.5MB/42.5MB
33c99383fac5: Loading layer 5.632kB/5.632kB
2bacc160d10f: Loading layer 40.45kB/40.45kB
f51bed904fbe: Loading layer 42.5MB/42.5MB
Loaded image: goharbor/harbor-core:v1.10.1
a2ffdaaa3434: Loading layer 63.56MB/63.56MB
5745ac9e0297: Loading layer 54.44MB/54.44MB
dc1d24cbb1d5: Loading layer 5.632kB/5.632kB
4280f2f98340: Loading layer 2.048kB/2.048kB
0f9279b20eec: Loading layer 2.56kB/2.56kB
8b9162d25131: Loading layer 2.56kB/2.56kB
50ad7481e5af: Loading layer 2.56kB/2.56kB
54b809bfb5ec: Loading layer 10.24kB/10.24kB
Loaded image: goharbor/harbor-db:v1.10.1


[Step 3]: preparing environment ...

[Step 4]: preparing harbor configs ...
prepare base dir is set to /data/install/harbor
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
Generated and saved secret to file: /secret/keys/secretkey
Generated certificate, key file: /secret/core/private_key.pem, cert file: /secret/registry/root.crt
Generated certificate, key file: /tmp/cert_tmp/notary-signer-ca.key, cert file: /tmp/cert_tmp/notary-signer-ca.crt
Generated certificate, key file: /tmp/cert_tmp/notary-signer.key, cert file: /tmp/cert_tmp/notary-signer.crt
Copying certs for notary signer
Copying nginx configuration file for notary
Generated configuration file: /config/nginx/conf.d/notary.upstream.conf
Generated configuration file: /config/nginx/conf.d/notary.server.conf
Generated configuration file: /config/notary/server-config.postgres.json
Generated configuration file: /config/notary/server_env
Generated and saved secret to file: /secret/keys/defaultalias
Generated configuration file: /config/notary/signer_env
Generated configuration file: /config/notary/signer-config.postgres.json
Generated configuration file: /config/clair/postgres_env
Generated configuration file: /config/clair/config.yaml
Generated configuration file: /config/clair/clair_env
Generated configuration file: /config/clair-adapter/env
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir



[Step 5]: starting Harbor ...
Creating network "harbor_harbor" with the default driver
Creating network "harbor_harbor-clair" with the default driver
Creating network "harbor_harbor-notary" with the default driver
Creating network "harbor_notary-sig" with the default driver
Creating harbor-log ... done
Creating registry ... done
Creating harbor-portal ... done
Creating redis ... done
Creating harbor-db ... done
Creating registryctl ... done
Creating harbor-core ... done
Creating clair ... done
Creating notary-signer ... done
Creating clair-adapter ... done
Creating notary-server ... done
Creating nginx ... done
Creating harbor-jobservice ... done
✔ ----Harbor has been installed and started successfully.----
[root@VM_0_6_centos harbor]# echo $?
0

配置hosts,登录测试:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
[root@VM_0_6_centos harbor]# vim /etc/hosts
[root@VM_0_6_centos harbor]# docker login -uadmin -pyour_passwd www.lumitest.com
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

[root@VM_0_6_centos harbor]# docker tag goharbor/nginx-photon:v1.10.1 www.lumitest.com/library/replicate:v1
[root@VM_0_6_centos harbor]# docker push www.lumitest.com/library/replicate:v1
The push refers to repository [www.lumitest.com/library/replicate]
48cda078e98d: Pushed
47a4bb1cfbc7: Pushed
v1: digest: sha256:8f900484be88c2f72699996ade92cbcbd84366f386396af0ac093430e6c2f7f2 size: 740

证书拷贝到对应主机进行测试:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
[root@VM_0_6_centos harbor]# scp /data/ssl/www.lumitest.com.crt root@172.16.0.8:/etc/pki/ca-trust/source/anchors/
root@172.16.0.8's password:
www.lumitest.com.crt 100% 1931 6.5MB/s 00:00

[root@VM_0_8_centos ~]# update-ca-trust enable
[root@VM_0_8_centos ~]# update-ca-trust extract
[root@VM_0_8_centos ~]# sestatus
SELinux status: disabled
[root@VM_0_8_centos ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
Active: inactive (dead)
Docs: man:firewalld(1)

[root@VM_0_8_centos ~]# docker login -uadmin -pyour_passwd www.lumitest.com
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

解决https认证问题
http://www.voidcn.com/article/p-bsvymoes-bav.html

1
2
1 # cat /etc/pki/ca-trust/source/anchors/www.lumitest3.com.crt  >> /etc/pki/tls/certs/ca-bundle.crt
2 # systemctl restart docker

自建证书不被信任,不能创建复制策略需关闭https ssl,改为http方式访问,创建仓库管理及复制管理策略进行同步实验
harbor-ms1.png

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
[root@VM_0_6_centos harbor]# vim /usr/lib/systemd/system/docker.service
[root@VM_0_6_centos harbor]# systemctl daemon-reload
[root@VM_0_6_centos harbor]# systemctl restart docker

[root@VM_0_6_centos harbor]# docker-compose stop
[root@VM_0_6_centos harbor]# ./prepare
[root@VM_0_6_centos harbor]# ./install.sh --with-clair
[root@VM_0_6_centos harbor]# docker login 172.16.0.6
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

分别在06、08上传不同的镜像,测试两边能否同步

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
[root@VM_0_6_centos harbor]# docker tag goharbor/clair-adapter-photon:v1.0.1-v1.10.1 172.16.0.6/library/test:v2
[root@VM_0_6_centos harbor]# docker push 172.16.0.6/library/test:v2
The push refers to repository [172.16.0.6/library/test]
5d104292391f: Pushed
32b7eca4f03e: Pushed
c2d9cf7a4eaf: Pushed
47a4bb1cfbc7: Pushed
v2: digest: sha256:7fddfab9a6568fed533870efda90e190eba9eb898832c4986dc0ce3d4aae6057 size: 1162

[root@VM_0_8_centos ~]# docker tag goharbor/harbor-log:v1.10.1 172.16.0.8/library/test8:v3
[root@VM_0_8_centos ~]# docker push 172.16.0.8/library/test8:v3
The push refers to repository [172.16.0.8/library/test8]
b52d06cad304: Pushed
609537197cce: Pushed
d6b4877d5c4e: Pushed
2be454a39481: Pushed
4dff480c159c: Pushed
5a3a8e835993: Pushed
69e43242ff64: Pushed
47a4bb1cfbc7: Pushed
v3: digest: sha256:bb104098058f359c2cc25ffcb96810ebb69fc8d50e7290331e949e569c868c5d size: 1984

harbor-ms2.png

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
[root@VM_0_6_centos harbor]# docker tag goharbor/harbor-portal:v1.10.1 172.16.0.6/library/test6:v3
[root@VM_0_6_centos harbor]# docker push 172.16.0.6/library/test6:v3
The push refers to repository [172.16.0.6/library/test6]
ace4e9064f06: Pushed
c64d6e6c80dd: Pushed
3b0492a7358b: Pushed
a1ce7c1130ee: Pushed
b280b9e7ca3b: Pushed
9ea2dad46741: Pushed
47a4bb1cfbc7: Mounted from library/test
v3: digest: sha256:5c4481dd645d3c1e52b03e65a7fd4b030e7f8b040ed44a45f66908e24fe3f31a size: 1784

[root@VM_0_8_centos ~]# docker tag goharbor/registry-photon:v2.7.1-patch-2819-2553-v1.10.1 172.16.0.8/library/test08:v4
[root@VM_0_8_centos ~]# docker push 172.16.0.8/library/test08:v4
The push refers to repository [172.16.0.8/library/test08]
0101dc4148c7: Pushed
491c41e50d6a: Pushed
4d1cd50b8d4f: Pushed
8b17ed0102b2: Pushed
badcf9296df7: Pushed
47a4bb1cfbc7: Pushed
v4: digest: sha256:3ee2e7dc7f93d9b922d382b8454fd017288d8eb8fdfdd022ade81e7c9f171723 size: 1576

harbor-ms3.png

参考文档:
https://www.cnblogs.com/breezey/p/9444231.html
https://www.cnblogs.com/wangzhangtao/p/12076816.html
双主复制案例:
https://www.dazhuanlan.com/2019/10/12/5da0faae2f6a5/
https://segmentfault.com/a/1190000020144752
主从复制案例:
http://www.imooc.com/article/270050
https://www.cnblogs.com/cash-su/p/10103885.html