Rocky Linux release 9.5 搭建harbor集群

1、主机清

主机名 IP 主备
harbor01 172.21.118.201/24 master
harbor02 172.21.118.202/24 backup

一、安装harbor(两主harbor主机同时操作)

  1)关闭防火墙  

systemctl stop firewalld && systemctl disable firewalld

   2)关闭seliunx  

sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config

setenforce 0

  3)安装ntp

配置时间同步
[root@harbor01 ~]#yum install -y ntp ntpdate
[root@harbor01 ~]# ntpdate cn.pool.ntp.org 
#编写计划任务
[root@ harbor01 ~]# crontab -e 
* * * * * /usr/sbin/ntpdate   cn.pool.ntp.org
重启crond服务使配置生效:
[root@harbor0 ~]#systemctl restart crond
    
 配置hosts文件
[root@harbor01]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
172.21.118.201 harbor01
172.21.118.202 harbor02

[root@harbor01 ~]# systemctl restart chronyd

[root@harbot01 ~]#date  #查看当前时间

写个计划任务,定时同步时间:

[root@harbot01~]# crontab -e

* * * * * /usr/bin/systemctl restart chronyd

[root@harbot01 ~]# systemctl restart crond

 4)安装基础软件包

yum install -y  wget net-tools nfs-utils lrzsz gcc gcc-c++ make cmake libxml2-devel openssl-devel curl curl-devel unzip sudo ntp libaio-devel wget vim ncurses-devel autoconf automake zlib-devel  python-devel epel-release openssh-server socat  ipvsadm conntrack

5)安装docker-ce

配置docker-ce国内yum源(阿里云)
[root@harbor01 ~]# yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
安装docker-ce
[root@harbor01 ~]# yum install docker-ce -y
#启动docker服务
[root@harbor01 ~]# systemctl start docker && systemctl enable docker
[root@harbor01 ~]# systemctl status docker
#查看Docker 版本信息
[root@harborxianchao.cn ~]# docker version

 6)开启转发功能和修改内核参数

[root@harbor01 ~]# modprobe br_netfilter
[root@harbor01 ~]# cat > /etc/sysctl.d/docker.conf <<EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
EOF
[root@harbor01 ~]# sysctl -p /etc/sysctl.d/docker.conf

[root@harbor01 ~]#systemctl restart docker

7)安装harbor

创建安装目录
[root@ harbor01 ssl]# mkdir /data/install -p
[root@ harbor01 ssl]# cd /data/install/
#把harbor的离线包harbor-offline-installer-v2.12.4.tgz上传到这个目录,离线包在此链接下载
https://download.csdn.net/download/weixin_40343238/91878218或者到https://github.com/goharbor/harbor/releases/tag/下载

 

解压:
[root@ harbor01 install]# tar zxvf harbor-offline-installer-v2.3.0-rc3.tgz
[root@ harbor01 install]# cd harbor
[root@ harbor01 harbor]# cp harbor.yml.tmpl harbor.yml 
[root@ harbor01 harbor]# vim harbor.yml

修改配置文件:

hostname:  harbor01

#修改hostname,跟上面签发的证书域名保持一致

#协议用https

certificate: /data/ssl/harbor.pem

private_key: /data/ssl/harbor.key

邮件和ldap不需要配置,在harbor的web界面可以配置

其他配置采用默认即可

修改之后保存退出

注:harbor默认的账号密码:admin/Harbor12345

 

 8)安装docker-compose

https://download.csdn.net/download/weixin_40343238/91878345下载
上传附件中的docker-compose-Linux-x86_64文件到harbor机器

[root@ harbor01 harbor]# mv docker-compose-Linux-x86_64.64 /bin/docker-compose
[root@ harbor01 harbor]# chmod +x /bin/docker-compose
[root@ harbor01 harbor]# docker-compose version

[root@ harbor01 install]# cd /data/install/harbor

[root@ harbor01 harbor]# ./install.sh

看到下面内容,说明安装成功:

[Step 5]: starting Harbor ...

Creating network "harbor_harbor" with the default driver

Creating harbor-log ... done

Creating registryctl   ... done

Creating harbor-db     ... done

Creating redis         ... done

Creating registry      ... done

Creating harbor-portal ... done

Creating harbor-core   ... done

Creating harbor-jobservice ... done

Creating nginx             ... done

✔ ----Harbor has been installed and started successfully.----

  9) 设置开机自动启动

vim /etc/systemd/system/harbor.service

[Unit]
Description=Harbor
After=docker.service network-online.target
Requires=docker.service

[Service]
Type=oneshot
RemainAfterExit=yes
WorkingDirectory=/data/install/harbor/
ExecStart=/usr/bin/docker-compose -f  /data/install/harbor/docker-compose.yml up -d
ExecStop=/usr/bin/docker-compose -f /data/install/harbor/docker-compose.yml stop
TimeoutStartSec=0

[Install]
WantedBy=multi-user.target

二、设置可高用复制功能(两台主机都要操作)

    1)创建一个base_images项目

image

 2)仓库管理中创建一个base_images目标

image

image

 3)复制管理中创建新规则,定时每十分钟进行复制一次

image

image

 三、配置LDAP,前提必须没有创建本地帐号,否则不生效

image

 

image

 三、安装keepalived(两台主机都安装)

yum -y install keepalived

harbor01配置

global_defs {
    router_id LVS_MASTER  # 唯一标识,建议不同节点不同名称
    script_user root   # 明确指定执行脚本的用户(如 root)
    log_file /var/log/keepalived.log  # 直接指定日志文件(需 Keepalived v2.0.0+)
    log_level INFO          # 日志级别:INFO、NOTICE、WARNING、ERR
 
}
 

 
vrrp_instance VI_1 {
    state MASTER          # 主节点为 MASTER,备节点为 BACKUP
    interface ens192        # 网卡名称(需根据实际修改)
    virtual_router_id 51  # 虚拟路由 ID,主备必须一致(范围 0-255)
    priority 100          # 优先级(主节点 > 备节点)
    advert_int 1          # 心跳间隔(秒)
 
    authentication {
        auth_type PASS    # 认证方式
        auth_pass 123456   # 认证密码(主备一致)
    }
 
    virtual_ipaddress {
        17221.118.10./24  # 虚拟 IP(VIP)
    }
 

}

harbor02主机配置

global_defs {
    router_id LVS_BACKUP
    script_user root   # 明确指定执行脚本的用户(如 root)
    log_file /var/log/keepalived.log  # 直接指定日志文件(需 Keepalived v2.0.0+)
    log_level INFO          # 日志级别:INFO、NOTICE、WARNING、ERR
}
 

vrrp_instance VI_1 {
    state BACKUP
    interface ens192
    virtual_router_id 51
    priority 90           # 优先级低于主节点
    advert_int 1
 
    authentication {
        auth_type PASS
        auth_pass 123456
    }
 
    virtual_ipaddress {
        172.21.118.10/24
    }
 
 
}

 四、nginx配置文件

server {
    listen 443 ssl;
    server_name harbor.founderpcb.com;
    # SSL配置
    ssl_certificate /etc/nginx/cert/_.founderpcb.com.cer;
    ssl_certificate_key /etc/nginx/cert/_.founderpcb.com.key;


    # SSL优化配置
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;
    ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;

    # 允许最大10G文件上传
    client_max_body_size 10G;
    client_body_buffer_size 1024m;

    # 反向代理配置
    location / {
        proxy_pass https://harborvip.founderpcb.com;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;

        # 代理超时设置(针对大文件上传)
        proxy_connect_timeout 300s;
        proxy_send_timeout 300s;
        proxy_read_timeout 300s;

        # 支持WebSocket(如果Harbor需要)
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }

    # 日志配置
    access_log /var/log/nginx/harbor_access.log;
    error_log /var/log/nginx/harbor_error.log;
}

 

  

 

posted @ 2025-09-03 10:33  聆听城市喧哗  阅读(48)  评论(0)    收藏  举报