014.Docker Harbor+Keepalived+LVS+共享儲存高可用架構
阿新 • • 發佈:2018-12-24
一 多Harbor高可用介紹
共享後端儲存是一種比較標準的方案,將多個Harbor例項共享同一個後端儲存,任何一個例項持久化到儲存的映象,都可被其他例項中讀取。通過前置LB元件,如Keepalived,可以分流到不同的例項中去處理,從而實現負載均衡,也避免了單點故障,其架構圖如下:
方案說明:
共享儲存:Harbor的後端儲存目前支援AWS S3、Openstack Swift, Ceph等,本實驗環境採用NFS;
共享Session:harbor預設session會存放在redis中,可將redis獨立出來,從而實現在不同例項上的session共享,獨立出來的redis也可採用redis sentinel或者redis cluster等方式來保證redis的高可用性,本實驗環境採用單臺redis;二 正式部署
2.1 前期準備
前置配置:
- docker、docker-compose安裝(見《009.Docker Compose基礎使用》);
- ntp時鐘同步(建議項);
- 相關防火牆-SELinux放通或關閉;
- nfsslb和slb02節點新增解析:echo "172.24.8.200 reg.harbor.com" >> /etc/hosts
2.2 建立nfs
1 [[email protected] ~]# yum -y install nfs-utils* 2 [[email protected] ~]# mkdir /myimages #用於共享映象 3 [[email protected] ~]# mkdir /mydatabase #用於儲存資料庫資料 4 [[email protected] ~]# echo -e "/dev/vg01/lv01 /myimages ext4 defaults 0 0\n/dev/vg01/lv02 /mydatabase ext4 defaults 0 0">> /etc/fstab 5 [[email protected] ~]# mount -a 6 [[email protected] ~]# vi /etc/exports 7 /myimages 172.24.8.0/24(rw,no_root_squash) 8 /mydatabase 172.24.8.0/24(rw,no_root_squash) 9 [[email protected] ~]# systemctl start nfs.service 10 [[email protected] ~]# systemctl enable nfs.service注意:nfsserver節點採用獨立LVM磁碟作為nfs掛載目錄,並配置相應共享目錄,更多nfs配置見——NFS《004.NFS配置例項》。
2.3 掛載nfs
1 [email protected]:~# apt-get -y install nfs-common 2 [email protected]:~# apt-get -y install nfs-common 3 [email protected]:~# apt-get -y install nfs-common 4 5 [email protected]:~# mkdir /data 6 [email protected]:~# mkdir /data 7 8 [email protected]:~# echo "172.24.8.71:/myimages /data nfs defaults,_netdev 0 0">> /etc/fstab 9 [email protected]:~# echo "172.24.8.71:/myimages /data nfs defaults,_netdev 0 0">> /etc/fstab 10 [email protected]:~# echo "172.24.8.71:/mydatabase /database nfs defaults,_netdev 0 0">> /etc/fstab 11 12 [email protected]:~# mount -a 13 [email protected]:~# mount -a 14 [email protected]:~# mount -a 15 16 [email protected]:~# mkdir -p /database/mysql 17 [email protected]:~# mkdir -p /database/redis
2.4 部署外部mysql-redis
1 [email protected]:~# mkdir docker_compose/ 2 [email protected]:~# cd docker_compose/ 3 [email protected]:~/docker_compose# vi docker-compose.yml 4 version: '3' 5 services: 6 mysql-server: 7 hostname: mysql-server 8 restart: always 9 container_name: mysql-server 10 image: mysql:5.7 11 volumes: 12 - /database/mysql:/var/lib/mysql 13 command: --character-set-server=utf8 14 ports: 15 - '3306:3306' 16 environment: 17 MYSQL_ROOT_PASSWORD: x19901123 18 # logging: 19 # driver: "syslog" 20 # options: 21 # syslog-address: "tcp://172.24.8.112:1514" 22 # tag: "mysql" 23 redis: 24 hostname: redis-server 25 container_name: redis-server 26 restart: always 27 image: redis:3 28 volumes: 29 - /database/redis:/data 30 ports: 31 - '6379:6379' 32 # logging: 33 # driver: "syslog" 34 # options: 35 # syslog-address: "tcp://172.24.8.112:1514" 36 # tag: "redis"提示:因為log容器為harbor中服務,當harbor暫未部署時,需要註釋相關配置,harbor部署完畢後取消註釋,然後重新up一次即可。
1 [email protected]:~/docker_compose# docker-compose up -d 2 [email protected]:~/docker_compose# docker-compose ps #確認docker是否up 3 [email protected]:~/docker_compose# netstat -tlunp #確認相關埠是否啟動
2.5 下載harbor
1 [email protected]:~# wget https://storage.googleapis.com/harbor-releases/harbor-offline-installer-v1.5.4.tgz 2 [email protected]:~# tar xvf harbor-offline-installer-v1.5.4.tgz提示:docker02節點參考如上操作即可。
2.6 匯入registry表
1 [email protected]:~# apt-get -y install mysql-client 2 [email protected]:~# cd harbor/ha/ 3 [email protected]:~/harbor/ha# ll
1 [email protected]:~/harbor/ha# mysql -h172.24.8.113 -uroot -p 2 mysql> set session sql_mode='STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION'; #必須修改sql_mode 3 mysql> source ./registry.sql #匯入registry資料表至外部資料庫。 4 mysql> exit提示:只需要匯入一次即可。
2.7 修改harbor相關配置
1 [email protected]:~/harbor/ha# cd /root/harbor/ 2 [email protected]:~/harbor# vi harbor.cfg #修改harbor配置檔案 3 hostname = 172.24.8.111 4 db_host = 172.24.8.113 5 db_password = x19901123 6 db_port = 3306 7 db_user = root 8 redis_url = 172.24.8.113:6379 9 [email protected]:~/harbor# vi prepare 10 empty_subj = "/C=/ST=/L=/O=/CN=/" 11 修改如下: 12 empty_subj = "/C=US/ST=California/L=Palo Alto/O=VMware, Inc./OU=Harbor/CN=notarysigner" 13 [email protected]:~/harbor# ./prepare #載入相關配置提示:docker02參考如上配置即可; 由於採用外部mysql和redis,根據以下架構圖可知和資料庫相關的元件有UI和jobservices因此需要做相應修改,執行prepare命令,會自動將相應的資料庫引數同步至./common/config/ui/env和./common/config/adminserver/env。
1 [email protected]:~/harbor# cat ./common/config/ui/env #驗證 2 _REDIS_URL=172.24.8.113:6379 3 [email protected]:~/harbor# cat ./common/config/adminserver/env | grep MYSQL #驗證 4 MYSQL_HOST=172.24.8.113 5 MYSQL_PORT=3306 6 MYSQL_USR=root 7 MYSQL_PWD=x19901123 8 MYSQL_DATABASE=registry
2.8 docker-compose部署
1 [email protected]:~/harbor# cp docker-compose.yml docker-compose.yml.bak 2 [email protected]:~/harbor# cp ha/docker-compose.yml . 3 [email protected]:~/harbor# vi docker-compose.yml 4 log 5 ports: 6 - 1514:10514 #log需要對外部redis和mysql提供服務,因此只需要修改此處即可 7 [email protected]:~/harbor# ./install.sh提示:由於redis和mysql採用外部部署,因此需要在docker-compose.yml中刪除或註釋redis和mysql的服務項,同時刪除其他服務對其的依賴,官方自帶的harbor中已經存在修改好的docker-compose檔案,位於ha目錄。 docker02節點參考2.5-2.8部署harbor即可。
2.9 重新構建外部redis和mysql
去掉log有關注釋項。1 [email protected]:~/docker_compose# docker-compose up -d 2 [email protected]:~/docker_compose# docker-compose ps #確認docker是否up 3 [email protected]:~/docker_compose# netstat -tlunp #確認相關埠是否啟動
2.10 Keepalived安裝
1 [[email protected] ~]# yum -y install gcc gcc-c++ make kernel-devel kernel-tools kernel-tools-libs kernel libnl libnl-devel libnfnetlink-devel openssl-devel 2 [[email protected] ~]# cd /tmp/ 3 [[email protected] ~]# tar -zxvf keepalived-2.0.8.tar.gz 4 [[email protected] tmp]# cd keepalived-2.0.8/ 5 [[email protected] keepalived-2.0.8]# ./configure --sysconf=/etc --prefix=/usr/local/keepalived 6 [[email protected] keepalived-2.0.8]# make && make install提示:slb02節點參考如上即可。
2.11 Keepalived配置
1 [[email protected] ~]# cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak 2 [email protected]:~# scp harbor/ha/sample/active_active/keepalived_active_active.conf [email protected]:/etc/keepalived/keepalived.conf 3 [email protected]:~# scp harbor/ha/sample/active_active/check.sh [email protected]:/usr/local/bin/check.sh 4 [email protected]:~# scp harbor/ha/sample/active_active/check.sh [email protected]:/usr/local/bin/check.sh 5 [[email protected] ~]# chmod u+x /usr/local/bin/check.sh 6 [[email protected] ~]# chmod u+x /usr/local/bin/check.sh 7 [[email protected] ~]# vi /etc/keepalived/keepalived.conf 8 global_defs { 9 router_id haborlb 10 } 11 vrrp_sync_groups VG1 { 12 group { 13 VI_1 14 } 15 } 16 vrrp_instance VI_1 { 17 interface eth0 18 19 track_interface { 20 eth0 21 } 22 23 state MASTER 24 virtual_router_id 51 25 priority 10 26 27 virtual_ipaddress { 28 172.24.8.200 29 } 30 advert_int 1 31 authentication { 32 auth_type PASS 33 auth_pass d0cker 34 } 35 36 } 37 virtual_server 172.24.8.200 80 { 38 delay_loop 15 39 lb_algo rr 40 lb_kind DR 41 protocol TCP 42 nat_mask 255.255.255.0 43 persistence_timeout 10 44 45 real_server 172.24.8.111 80 { 46 weight 10 47 MISC_CHECK { 48 misc_path "/usr/local/bin/check.sh 172.24.8.111" 49 misc_timeout 5 50 } 51 } 52 53 real_server 172.24.8.112 80 { 54 weight 10 55 MISC_CHECK { 56 misc_path "/usr/local/bin/check.sh 172.24.8.112" 57 misc_timeout 5 58 } 59 } 60 } 61 [[email protected] ~]# scp /etc/keepalived/keepalived.conf [email protected]:/etc/keepalived/keepalived.conf #Keepalived配置複製至slb02節點 62 [[email protected] ~]# vi /etc/keepalived/keepalived.conf 63 state BACKUP 64 priority 8提示:harbor官方已提示Keepalived配置檔案及檢測指令碼,直接使用即可; lsb02節點設定為BACKUP,優先順序低於MASTER,其他預設即可。
2.12 slb節點配置LVS
1 [[email protected] ~]# yum -y install ipvsadm 2 [[email protected] ~]# vi ipvsadm.sh 3 #!/bin/sh 4 #****************************************************************# 5 # ScriptName: ipvsadm.sh 6 # Author: xhy 7 # Create Date: 2018-10-28 02:40 8 # Modify Author: xhy 9 # Modify Date: 2018-10-28 02:40 10 # Version: 11 #***************************************************************# 12 sudo ifconfig eth0:0 172.24.8.200 broadcast 172.24.8.200 netmask 255.255.255.255 up 13 sudo route add -host 172.24.8.200 dev eth0:0 14 sudo echo "1" > /proc/sys/net/ipv4/ip_forward 15 sudo ipvsadm -C 16 sudo ipvsadm -A -t 172.24.8.200:80 -s rr 17 sudo ipvsadm -a -t 172.24.8.200:80 -r 172.24.8.111:80 -g 18 sudo ipvsadm -a -t 172.24.8.200:80 -r 172.24.8.112:80 -g 19 sudo ipvsadm 20 sudo sysctl -p 21 [[email protected] ~]# chmod u+x ipvsadm.sh 22 [[email protected] ~]# echo "source /root/ipvsadm.sh" >> /etc/rc.local #開機執行 23 [[email protected] ~]# ./ipvsadm.sh示例解釋: ipvsadm -A -t 172.24.8.200:80 -s rr -p 600 表示在核心的虛擬伺服器列表中新增一條IP為192.168.10.200的虛擬伺服器,並且指定此虛擬伺服器的服務埠為80,其排程策略為輪詢模式,並且每個Real Server上的持續時間為600秒。 ipvsadm -a -t 172.24.8.200:80 -r 192.168.10.100:80 -g 表示在IP地位為192.168.10.10的虛擬伺服器上新增一條新的Real Server記錄,且虛擬伺服器的工作模式為直接路由模式。 提示:slb02節點參考以上配置即可,更多LVS可參考https://www.cnblogs.com/itzgr/category/1367969.html。
2.13 harbor節點配置VIP
1 [email protected]:~# vi /etc/init.d/lvsrs 2 #!/bin/bash 3 # description:Script to start LVS DR real server. 4 # 5 . /etc/rc.d/init.d/functions 6 VIP=172.24.8.200 7 #修改相應的VIP 8 case "$1" in 9 start) 10 #啟動 LVS-DR 模式,real server on this machine. 關閉ARP衝突檢測。 11 echo "Start LVS of Real Server!" 12 /sbin/ifconfig lo down 13 /sbin/ifconfig lo up 14 echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore 15 echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce 16 echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore 17 echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce 18 /sbin/ifconfig lo:0 $VIP broadcast $VIP netmask 255.255.255.255 up 19 /sbin/route add -host $VIP dev lo:0 20 sudo sysctl -p 21 ;; 22 stop) 23 #停止LVS-DR real server loopback device(s). 24 echo "Close LVS Director Server!" 25 /sbin/ifconfig lo:0 down 26 echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore 27 echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce 28 echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore 29 echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce 30 sudo sysctl -p 31 ;; 32 status) 33 # Status of LVS-DR real server. 34 islothere=`/sbin/ifconfig lo:0 | grep $VIP` 35 isrothere=`netstat -rn | grep "lo:0" | grep $VIP` 36 if [ ! "$islothere" -o ! "isrothere" ];then 37 # Either the route or the lo:0 device 38 # not found. 39 echo "LVS-DR real server Stopped!" 40 else 41 echo "LVS-DR real server Running..." 42 fi 43 ;; 44 *) 45 # Invalid entry. 46 echo "$0: Usage: $0 {start|status|stop}" 47 exit 1 48 ;; 49 esac 50 [email protected]:~# chmod u+x /etc/init.d/lvsrs 51 [email protected]:~# chmod u+x /etc/init.d/lvsrs
2.14 啟動相關服務
1 [email protected]:~# service lvsrs start 2 [email protected]:~# service lvsrs start 3 [[email protected] ~]# systemctl start keepalived.service 4 [[email protected] ~]# systemctl enable keepalived.service 5 [[email protected] ~]# systemctl start keepalived.service 6 [[email protected] ~]# systemctl enable keepalived.service
2.15 確認驗證
1 [email protected]:~# ip addr #驗證docker01/02/slb是否成功啟用vip
三 測試驗證
1 [email protected]:~# vi /etc/hosts 2 172.24.8.200 reg.harbor.com 3 [email protected]:~# vi /etc/docker/daemon.json 4 { 5 "insecure-registries": ["http://reg.harbor.com"] 6 } 7 [email protected]:~# systemctl restart docker.service 8 若是信任CA機構頒發的證書,相應關閉daemon.json中的配置。 9 [email protected]:~# docker login reg.harbor.com #登入registry 10 Username: admin 11 Password: Harbor12345提示:公開的registry可pull,但push也必須登入,私有的registry必須登入才可pull和push。
1 [email protected]:~# docker pull hello-world 2 [email protected]:~# docker tag hello-world:latest reg.harbor.com/library/hello-world:xhy 3 [email protected]:~# docker push reg.harbor.com/library/hello-world:xhy
提示:修改tag必須為已經存在的專案,並且具備相應的授權。
瀏覽器訪問:https://reg.harbor.com,並使用預設使用者名稱admin/Harbor12345
參考連結:https://www.cnblogs.com/breezey/p/9444231.html