当前位置： 首页 > news >正文

网站开发工程师是干嘛的,html工具软件,小微企业生产管理软件,建设银行交学费网站2018Harbor高可用#xff08;nginx和keepalived#xff09; 文章目录 Harbor高可用#xff08;nginx和keepalived#xff09;1.Harbor高可用集群部署架构1.1 主机初始化1.1.1 设置网卡名和ip地址1.1.2 设置主机名1.1.3 配置镜像源1.1.4 关闭防火墙1.1.5 禁用SELinux1.1.6 设置时…Harbor高可用nginx和keepalived 文章目录 Harbor高可用nginx和keepalived1.Harbor高可用集群部署架构1.1 主机初始化1.1.1 设置网卡名和ip地址1.1.2 设置主机名1.1.3 配置镜像源1.1.4 关闭防火墙1.1.5 禁用SELinux1.1.6 设置时区 1.2 安装 Nginx1.3 安装 Keepalived1.4 安装harbor1.5 创建harbor仓库1.6 在docker客户端验证 1.Harbor高可用集群部署架构 本示例中的Harbor高可用集群部署将基于以下环境进行。 图1-1 Harbor高可用架构 表1-1 高可用Harbor集群规划 角色机器名机器配置ip地址安装软件提供高可用及负载均衡ha01.example.local2C2G172.31.3.104nginx、keepalived提供高可用及负载均衡ha02.example.local2C2G172.31.3.105nginx、keepalived容器镜像仓库1harbor01.example.local2C2G172.31.3.106docker、docker-compose、harbor容器镜像仓库2harbor02.example.local2C2G172.31.3.107docker、docker-compose、harbordocker客户端client.example.local2C2G172.31.0.8dockerVIP在ha01和ha02主机实现172.31.3.188 1.1 主机初始化 1.1.1 设置网卡名和ip地址 Rocky 9和CentOS Stream 9

Rocky 9和CentOS Stream 9默认支持修改网卡名。

[rootrocky9 ~]# grep plugins /etc/NetworkManager/NetworkManager.conf #pluginskeyfile,ifcfg-rh

因为网卡命名方式默认是keyfile默认不支持修改网卡名既然官方已经默认是keyfile那这里就不去更改网卡名了。[rootrocky9 ~]# ETHNAMEip addr | awk -F[ :] /^2/{print \(3}[rootrocky9 ~]# nmcli con delete \){ETHNAME} nmcli connection add type ethernet con-name \({ETHNAME} ifname \){ETHNAME} ipv4.method manual ipv4.address 172.31.0.⁹⁄₂₁ ipv4.gateway 172.31.0.2 ipv4.dns 223.5.5.5,180.76.76.76 autoconnect yes nmcli con reload nmcli con up ${ETHNAME}

172.31.0.9/21中172.31.0.9是ip地址21是子网位数172.31.0.2是网关地址223.5.5.5, 180.76.76.76都是DNS根据自己的需求修改。[rootrocky9 ~]# ip addr

1: lo: LOOPBACK,UP,LOWER_UP mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.¹⁄₈ scope host lovalid_lft forever preferred_lft foreverinet6 ::¹⁄₁₂₈ scope host valid_lft forever preferred_lft forever 2: ens160: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc mq state UP group default qlen 1000link/ether 00:0c:29:37:62:95 brd ff:ff:ff:ff:ff:ffaltname enp3s0inet 172.31.0.⁹⁄₂₁ brd 172.31.7.255 scope global noprefixroute ens160valid_lft forever preferred_lft foreverinet6 fe80::51ca:fd5d:3552:677d/64 scope link noprefixroute valid_lft forever preferred_lft forever

可以看到ip地址已修改。Rocky 8、CentOS Stream 8和CentOS 7

Rocky 8、CentOS Stream 8和CentOS 7支持修改网卡名。

[rootrocky8 ~]# grep plugins /etc/NetworkManager/NetworkManager.conf #pluginsifcfg-rh

因为网卡命名方式默认是ifcfg-rh支持修改网卡名。# 修改网卡名称配置文件

[rootrocky8 ~]# sed -ri.bak /^GRUB_CMDLINE_LINUX/s\( net.ifnames0 biosdevname0 /etc/default/grub [rootrocky8 ~]# grub2-mkconfig -o /boot/grub2/grub.cfg Generating grub configuration file ... done# 修改网卡文件名 [rootrocky8 ~]# ETHNAMEip addr | awk -F[ :] /^2/{print \)3} [rootrocky8 ~]# mv /etc/sysconfig/network-scripts/ifcfg-${ETHNAME} /etc/sysconfig/network-scripts/ifcfg-eth0[rootrocky8 ~]# shutdown -r now[rootrocky8 ~]# nmcli dev DEVICE TYPE STATE CONNECTION
eth0 ethernet connected Wired connection 1 lo loopback unmanaged –

可以看到CONNECTION的名字是Wired connection 1要改名才可以下面设置。[rootrocky8 ~]# ETHNAMEip addr | awk -F[ :] /^2/{print \(3}[rootrocky8 ~]# nmcli connection modify Wired connection 1 con-name \){ETHNAME}

[rootrocky8 ~]# nmcli dev DEVICE TYPE STATE CONNECTION eth0 ethernet connected eth0
lo loopback unmanaged – # 修改ip地址 [rootrocky8 ~]# nmcli con delete \({ETHNAME} nmcli connection add type ethernet con-name \){ETHNAME} ifname ${ETHNAME} ipv4.method manual ipv4.address 172.31.0.⁸⁄₂₁ ipv4.gateway 172.31.0.2 ipv4.dns 223.5.5.5,180.76.76.76 autoconnect yes nmcli con reload nmcli dev up eth0

172.31.0.8/21中172.31.0.8是ip地址21是子网位数172.31.0.2是网关地址223.5.5.5, 180.76.76.76都是DNS根据自己的需求修改。[rootrocky8 ~]# ip addr

1: lo: LOOPBACK,UP,LOWER_UP mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.¹⁄₈ scope host lovalid_lft forever preferred_lft foreverinet6 ::¹⁄₁₂₈ scope host valid_lft forever preferred_lft forever 2: eth0: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc mq state UP group default qlen 1000link/ether 00:0c:29:6f:65:d3 brd ff:ff:ff:ff:ff:ffaltname enp3s0altname ens160inet 172.31.0.⁸⁄₂₁ brd 172.31.7.255 scope global noprefixroute eth0valid_lft forever preferred_lft foreverinet6 fe80::e9c9:aa93:4a58:2cc2/64 scope link noprefixroute valid_lft forever preferred_lft forever

重启系统后可以看到网卡名已经修改成eth0ip地址也已修改。Ubuntu

Ubuntu先启用root用户并设置密码

raymondubuntu2204:\( cat set_root_login.sh #!/bin/bashread -p 请输入密码: PASSWORD echo \){PASSWORD} |sudo -S sed -ri s#(PermitRootLogin )prohibit-password\1yes /etc/ssh/sshd_config sudo systemctl restart sshd sudo -S passwd root -EOF \({PASSWORD} \){PASSWORD} EOFraymondubuntu2204:\( bash set_root_login.sh 请输入密码: 123456 [sudo] password for raymond: New password: Retype new password: passwd: password updated successfullyraymondubuntu2204:~\) rm -rf set_root_login.sh# 使用root登陆修改网卡名 rootubuntu2204:# sed -ri.bak /^GRUB_CMDLINE_LINUX/s$net.ifnames0 biosdevname0 /etc/default/grub rootubuntu2204:# grub-mkconfig -o /boot/grub/grub.cfg Sourcing file /etc/default/grub Sourcing file /etc/default/grub.d/init-select.cfg Generating grub configuration file … Found linux image: /boot/vmlinuz-5.15.0-88-generic Found initrd image: /boot/initrd.img-5.15.0-88-generic Warning: os-prober will not be executed to detect other bootable partitions. Systems on them will not be added to the GRUB boot configuration. Check GRUB_DISABLE_OS_PROBER documentation entry. done# Ubuntu 20.04设置ip地址 rootubuntu2004:~# cat /etc/netplan/00-installer-config.yaml -EOF network:version: 2renderer: networkdethernets:eth0:dhcp4: nodhcp6: noaddresses: [172.31.0.²⁰⁄₂₁] gateway4: 172.31.0.2nameservers:addresses: [223.5.5.5, 180.76.76.76] EOF

说明Ubuntu20.04网卡配置文件是00-installer-config.yaml172.31.0.20/21中172.31.0.20是ip地址21是子网位数172.31.0.2是网关地址223.5.5.5, 180.76.76.76都是DNS根据自己的需求修改。# Ubuntu 18.04设置ip地址

rootubuntu1804:~# cat /etc/netplan/01-netcfg.yaml -EOF network:version: 2renderer: networkdethernets:eth0:dhcp4: nodhcp6: noaddresses: [172.31.0.¹⁸⁄₂₁] gateway4: 172.31.0.2nameservers:addresses: [223.5.5.5, 180.76.76.76] EOF

说明Ubuntu18.04网卡配置文件是01-netcfg.yaml172.31.0.18/21中172.31.0.18是ip地址21是子网位数172.31.0.2是网关地址223.5.5.5, 180.76.76.76都是DNS根据自己的需求修改。rootubuntu2004:# shutdown -r nowrootubuntu2004:# ip addr

1: lo: LOOPBACK,UP,LOWER_UP mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.¹⁄₈ scope host lovalid_lft forever preferred_lft foreverinet6 ::¹⁄₁₂₈ scope host valid_lft forever preferred_lft forever 2: eth0: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc fq_codel state UP group default qlen 1000link/ether 00:0c:29:e5:98:6f brd ff:ff:ff:ff:ff:ffinet 172.31.0.²⁰⁄₂₁ brd 172.31.7.255 scope global eth0valid_lft forever preferred_lft foreverinet6 fe80::20c:29ff:fee5:986f/64 scope link valid_lft forever preferred_lft forever

重启系统后可以看到网卡名已经修改成eth0ip地址也已修改。# Ubuntu 22.04设置ip地址

rootubuntu2204:~# cat /etc/netplan/00-installer-config.yaml -EOF network:version: 2renderer: networkdethernets:eth0:dhcp4: nodhcp6: noaddresses: [172.31.0.²²⁄₂₁]routes:- to: defaultvia: 172.31.0.2nameservers:addresses: [223.5.5.5, 180.76.76.76] EOF

说明Ubuntu 22.04网卡配置文件是00-installer-config.yaml172.31.0.22/21中172.31.0.22是ip地址21是子网位数172.31.0.2是网关地址Ubuntu 22.04设置网关地址的方法发生了改变参考上面的方法223.5.5.5, 180.76.76.76都是DNS根据自己的需求修改。rootubuntu2204:~# shutdown -r now# 重启后使用新设置的ip登陆

rootubuntu2204:~# ip addr 1: lo: LOOPBACK,UP,LOWER_UP mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.¹⁄₈ scope host lovalid_lft forever preferred_lft foreverinet6 ::¹⁄₁₂₈ scope host valid_lft forever preferred_lft forever 2: eth0: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc fq_codel state UP group default qlen 1000link/ether 00:0c:29:a7:be:f2 brd ff:ff:ff:ff:ff:ffaltname enp2s1altname ens33inet 172.31.0.²²⁄₂₁ brd 172.31.7.255 scope global eth0valid_lft forever preferred_lft foreverinet6 fe80::20c:29ff:fea7:bef2/64 scope link valid_lft forever preferred_lft forever

重启系统后可以看到网卡名已经修改成eth0ip地址也已修改。1.1.2 设置主机名

hostnamectl set-hostname ha01.example.local hostnamectl set-hostname ha02.example.local hostnamectl set-hostname harbor01.example.local hostnamectl set-hostname harbor02.example.local hostnamectl set-hostname client.example.local1.1.3 配置镜像源 Rocky 8和9 MIRRORmirrors.sjtug.sjtu.edu.cn sed -i.bak -e s|^mirrorlist|#mirrorlist|g -e s|^#baseurlhttp://dl.rockylinux.org/\(contentdir|baseurlhttps://\){MIRROR}/rocky|g /etc/yum.repos.d/[Rr]ocky.repodnf clean all dnf makecacheCentOS Stream 9 cat update_mirror.pl #!/usr/bin/perluse strict; use warnings; use autodie;# 要修改镜像源请去修改url变量 my \(url mirrors.aliyun.com; my \)mirrors https://\(url/centos-stream;if (ARGV 1) {die Usage: \)0 filename1 filename2 …\n; }while (my \(filename shift ARGV) {my \)backup_filename \(filename . .bak;rename \)filename, \(backup_filename;open my \)input, , \(backup_filename;open my \)output, , \(filename;while (\)input) {s/^metalink/# metalink/;if (m/^name/) {my (undef, \(repo, \)arch) split /-/;\(repo ~ s/^\s|\s\)//g;(\(arch defined \)arch ? lc(\(arch) : ) ~ s/^\s|\s\)//g;if (\(repo ~ /^Extras/) {\)_ . baseurl\({mirrors}/SIGs/\\)releasever-stream/extras . (\(arch eq source ? /\){arch}/ : /$basearch/) . extras-common\n;} else {\(_ . baseurl\){mirrors}/$releasever-stream/\(repo . (\)arch eq source ? / : /$basearch/) . (\(arch ne ? \){arch}/tree/ : os) . \n;}}print \(output \)_;} }rpm -q perl /dev/null || { echo -e \033[01;31m 安装perl工具,请稍等…\033[0m;yum -y install perl ; }perl ./update_mirror.pl /etc/yum.repos.d/centos.repodnf clean all dnf makecacheCentOS Stream 8 MIRRORmirrors.aliyun.com sed -i.bak -e s|^mirrorlist|#mirrorlist|g -e s|^#baseurlhttp://mirror.centos.org/\(contentdir|baseurlhttps://\){MIRROR}/centos|g /etc/yum.repos.d/CentOS-.repodnf clean all dnf makecacheCentOS 7 MIRRORmirrors.aliyun.com sed -i.bak -e s|^mirrorlist|#mirrorlist|g -e s|^#baseurlhttp://mirror.centos.org|baseurlhttps://${MIRROR}|g /etc/yum.repos.d/CentOS-.repoyum clean all yum makecacheUbuntu 22.04和20.04 MIRRORmirrors.aliyun.com OLD_MIRRORsed -rn s^deb http(.)://(.)/ubuntu/? \((lsb_release -cs) main.*\2p /etc/apt/sources.listsed -i.bak s/\){OLD_MIRROR}/\({MIRROR}/g /etc/apt/sources.listapt updateUbuntu 18.04 MIRRORmirrors.aliyun.com OLD_MIRRORsed -rn s^deb http(.*)://(.*)/ubuntu/? \)(lsb_release -cs) main.\2p /etc/apt/sources.listsed -i.bak s/\({OLD_MIRROR}/\){MIRROR}/g /etc/apt/sources.listSECURITY_MIRRORsed -rn s^deb http(.)://(.)/ubuntu $(lsb_release -cs)-security main.\2p /etc/apt/sources.listsed -i.bak s/\({SECURITY_MIRROR}/\){MIRROR}/g /etc/apt/sources.listapt update1.1.4 关闭防火墙

Rocky和CentOS

systemctl disable –now firewalld# CentOS 7 systemctl disable –now NetworkManager# Ubuntu systemctl disable –now ufw1.1.5 禁用SELinux #CentOS setenforce 0 sed -i s#SELINUXenforcing#SELINUXdisabled#g /etc/selinux/config#Ubuntu Ubuntu没有安装SELinux不用设置1.1.6 设置时区 ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime echo Asia/Shanghai /etc/timezone#Ubuntu还要设置下面内容 cat /etc/default/locale -EOF LC_TIMEen_DK.UTF-8 EOF1.2 安装 Nginx 这里使用一键编译安装nginx脚本安装nginxnginx的具体安装方法请参考博客“https://raymond.blog.csdn.net/article/details/135960659”。 [rootha01 ~]# cat install_nginx.sh #!/bin/bash # #************************************************************************************************************ #Author: Raymond #QQ: 88563128 #Date: 2024-01-31 #FileName: install_nginx.sh #URL: raymond.blog.csdn.net #Description: install_haproxy for CentOS 7 CentOS Stream ⁸⁄₉ Ubuntu 18.04/20.04/22.04 Rocky ⁸⁄₉ #Copyright ©: 2024 All rights reserved #************************************************************************************************************ SRC_DIR/usr/local/src COLORecho -e \033[01;31m END\033[0mNGINX_URLhttps://nginx.org/download/ NGINX_FILEnginx-1.24.0.tar.gz NGINX_INSTALL_DIR/apps/nginx CPUSlscpu |awk /^CPU(s)/{print \(2} HARBOR01172.31.3.106 HARBOR02172.31.3.107os(){OS_IDsed -rn /^NAME/s.*([[:alpha:]]).*\)\1p /etc/os-release }check_file (){cd \({SRC_DIR}if [ \){OS_ID} CentOS -o \({OS_ID} Rocky ] /dev/null;thenrpm -q wget /dev/null || { \){COLOR}安装wget工具请稍等…\({END};yum -y install wget /dev/null; }fiif [ ! -e \){NGINX_FILE} ];then\({COLOR}缺少\){NGINX_FILE}文件\({END}\){COLOR}开始下载Nginx源码包\({END}wget \){NGINX_URL}\({NGINX_FILE} || { \){COLOR}Nginx源码包下载失败\({END}; exit; }else\){COLOR}\({NGINX_FILE}文件已准备好\){END} fi } install_nginx(){[ -d \({NGINX_INSTALL_DIR} ] { \){COLOR}Nginx已存在安装失败\({END};exit; }\){COLOR}开始安装Nginx\({END}\){COLOR}开始安装Nginx依赖包请稍等…\({END}if [ \){OS_ID} CentOS -o \({OS_ID} Rocky ] /dev/null;thenyum -y install make gcc pcre-devel openssl-devel zlib-devel /dev/nullelseapt update /dev/null;apt -y install make gcc libpcre3 libpcre3-dev openssl libssl-dev zlib1g-dev /dev/nullfiid nginx /dev/null || { useradd -s /sbin/nologin -r nginx; \){COLOR}创建Nginx用户\({END}; }tar xf \){NGINX_FILE}NGINX_DIRecho \({NGINX_FILE}| sed -nr s/^(.*[0-9]).*/\1/pcd \){NGINX_DIR}./configure –prefix\({NGINX_INSTALL_DIR} --usernginx --groupnginx --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_stub_status_module --with-http_gzip_static_module --with-pcre --with-stream --with-stream_ssl_module --with-stream_realip_module make -j \){CPUS} make install [ \(? -eq 0 ] \){COLOR}Nginx编译安装成功\({END} || { \){COLOR}Nginx编译安装失败,退出!\({END};exit; }chown -R nginx.nginx /apps/nginxecho PATH\){NGINX_INSTALL_DIR}/sbin:\({PATH} /etc/profile.d/nginx.shcat \){NGINX_INSTALL_DIR}/conf/nginx.conf EOF user nginx; worker_processes 1; error_log logs/error.log; pid logs/nginx.pid; events {worker_connections 1024; } stream {log_format main \(remote_addr \)upstream_addr - [\(time_local] \)status \(upstream_bytes_sent;access_log logs/access.log main;upstream harbor_server {hash \\)remote_addr consistent;server \({HARBOR01}:80 max_fails3 fail_timeout30s;server \){HARBOR02}:80 max_fails3 fail_timeout30s;}server {listen 80;proxy_connect_timeout 1s;proxy_timeout 3s;proxy_pass harbor_server;} } EOFcat /lib/systemd/system/nginx.service EOF [Unit] Descriptionnginx - high performance web server Documentationhttp://nginx.org/en/docs/ Afternetwork-online.target remote-fs.target nss-lookup.target Wantsnetwork-online.target[Service] Typeforking PIDFile\({NGINX_INSTALL_DIR}/logs/nginx.pid ExecStart\){NGINX_INSTALL_DIR}/sbin/nginx -c \({NGINX_INSTALL_DIR}/conf/nginx.conf ExecReload/bin/kill -s HUP \\)MAINPID ExecStop/bin/kill -s TERM $MAINPID LimitNOFILE100000[Install] WantedBymulti-user.target EOFsystemctl daemon-reloadsystemctl enable –now nginx /dev/null systemctl is-active nginx /dev/null || { \({COLOR}Nginx 启动失败,退出!\){END} ; exit; }\({COLOR}Nginx安装完成\){END} }main(){oscheck_fileinstall_nginx }main# 分别在ha01和ha02执行安装 [rootha01 ~]# bash install_nginx.sh[rootha02 ~]# bash install_nginx.shnginx.conf文件详解 [rootha01 ~]# user nginx; # 指定Nginx进程的运行用户 worker_processes 1; # 表示启动一个worker进程用于处理流量 error_log logs/error.log; # 错误日志路径 pid logs/nginx.pid; # pid路径 events {worker_connections 1024; # 表示每个worker进程可以同时处理最多1024个连接。 }# 四层负载均衡为两台harbor提供负载均衡 stream {log_format main \(remote_addr \)upstream_addr - [\(time_local] \)status \(upstream_bytes_sent; # 日志格式access_log logs/access.log main; # 访问日志路径upstream harbor_server { # 在stream块里面定义了一个名为harbor_server的upstream用于负载均衡和故障转移。hash \)remote_addr consistent;server 172.31.3.106:80 max_fails3 fail_timeout30s; # server指令用于定义后端的服务器每个服务器都有一个IP地址和端口号以及一些可选的参数max_fails3表示当一个服务器连续失败3次时将其标记为不可用fail_timeout30s表示如果一个服务器被标记为不可用nginx将在30秒后重新尝试。server 172.31.3.107:80 max_fails3 fail_timeout30s;}server {listen 80; # 在server块内部定义了一个监听地址为80的服务器proxy_connect_timeout 1s; # 表示与后端服务器建立连接的超时时间为1秒。proxy_timeout 3s; # 表示与后端服务器建立连接的转发超时时间为2秒proxy_pass harbor_server; # 表示将流量代理到名为harbor_server的上游服务器组} }1.3 安装 Keepalived 这里使用一键编译安装keepalived脚本安装keepalivedkeepalived的具体安装方法请参考博客“https://raymond.blog.csdn.net/article/details/135876134”。

check_nginx.sh文件是nginx健康检查文件。

[rootha01 ~]# cat check_nginx.sh #!/bin/bash # #********************************************************************************************** #Author: Raymond #QQ: 88563128 #Date: 2022-01-09 #FileName: check_nginx.sh #URL: raymond.blog.csdn.net #Description: The test script #Copyright ©: 2022 All rights reserved #********************************************************************************************* err0 for k in \((seq 1 3);docheck_code\)(pgrep nginx)if [[ \(check_code ]]; thenerr\)(expr \(err 1)sleep 1continueelseerr0breakfi doneif [[ \)err ! 0 ]]; thenecho systemctl stop keepalived/usr/bin/systemctl stop keepalivedexit 1 elseexit 0 fi[rootha01 ~]# cat install_keepalived_v2.sh #!/bin/bash # #************************************************************************************************************ #Author: Raymond #QQ: 88563128 #Date: 2024-01-26 #FileName: install_keepalived_v2.sh #URL: raymond.blog.csdn.net #Description: install_keepalived for CentOS 7 CentOS Stream ⁸⁄₉ Ubuntu 18.04/20.04/22.04 Rocky ⁸⁄₉ #Copyright ©: 2024 All rights reserved #************************************************************************************************************ SRC_DIR/usr/local/src COLORecho -e \033[01;31m END\033[0m KEEPALIVED_URLhttps://keepalived.org/software/ KEEPALIVED_FILEkeepalived-2.2.8.tar.gz KEEPALIVED_INSTALL_DIR/apps/keepalived CPUSlscpu |awk /^CPU(s)/{print \(2} NET_NAMEip a |awk -F[: ] /^2/{print \)3} VIP172.31.3.188os(){OS_IDsed -rn /^NAME/s.([[:alpha:]]).\(\1p /etc/os-releaseOS_RELEASE_VERSIONsed -rn /^VERSION_ID/s.*?([0-9])\.?.*?\1p /etc/os-release }check_file (){cd \){SRC_DIR}if [ \({OS_ID} CentOS -o \){OS_ID} Rocky ] /dev/null;thenrpm -q wget /dev/null || { \({COLOR}安装wget工具请稍等...\){END};yum -y install wget /dev/null; }fiif [ ! -e \({KEEPALIVED_FILE} ];then\){COLOR}缺少\({KEEPALIVED_FILE}文件,如果是离线包,请放到\){SRC_DIR}目录下\({END}\){COLOR}开始下载Keepalived源码包\({END}wget \){KEEPALIVED_URL}\({KEEPALIVED_FILE} || { \){COLOR}Keepalived源码包下载失败\({END}; exit; }elif [ ! -e check_nginx.sh ];then\){COLOR}缺少check_nginx.sh文件,请把文件放到\({SRC_DIR}目录下\){END}exitelse\({COLOR}相关文件已准备好\){END}fi }install_keepalived(){\({COLOR}开始安装Keepalived请稍等...\){END}\({COLOR}开始安装Keepalived依赖包请稍等...\){END}if [ \({OS_ID} Rocky -a \){OS_RELEASE_VERSION} 8 ];thenMIRRORmirrors.sjtug.sjtu.edu.cnif [ grep -R [powertools] /etc/yum.repos.d/.repo ];thendnf config-manager –set-enabled powertoolselsecat /etc/yum.repos.d/PowerTools.repo -EOF [PowerTools] namePowerTools baseurlhttps://\({MIRROR}/rocky/\\)releasever/PowerTools/$basearch/os/ gpgcheck1 gpgkeyfile:///etc/pki/rpm-gpg/RPM-GPG-KEY-rockyofficial EOFfifiif [ \({OS_ID} CentOS -a \){OS_RELEASE_VERSION} 8 ];thenMIRRORmirrors.aliyun.comif [ grep -R [powertools] /etc/yum.repos.d/.repo ];thendnf config-manager –set-enabled powertoolselsecat /etc/yum.repos.d/PowerTools.repo -EOF [PowerTools] namePowerTools baseurlhttps://\({MIRROR}/centos/\\)stream/PowerTools/$basearch/os/ gpgcheck1 gpgkeyfile:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial EOFfifiif [ \({OS_RELEASE_VERSION} 9 ];thenyum -y install make gcc ipvsadm autoconf automake openssl-devel libnl3-devel iptables-devel ipset file net-snmp-devel glib2-devel pcre2-devel libnftnl libmnl systemd-devel /dev/nullelif [ \){OS_RELEASE_VERSION} 8 ];then yum -y install make gcc ipvsadm autoconf automake openssl-devel libnl3-devel iptables-devel ipset-devel file-devel net-snmp-devel glib2-devel pcre2-devel libnftnl-devel libmnl-devel systemd-devel /dev/nullelif [ \({OS_RELEASE_VERSION} 7 ];thenyum -y install make gcc libnfnetlink-devel libnfnetlink ipvsadm libnl libnl-devel libnl3 libnl3-devel lm_sensors-libs net-snmp-agent-libs net-snmp-libs openssh-server openssh-clients openssl openssl-devel automake iproute /dev/nullelif [ \){OS_RELEASE_VERSION} 20 -o \({OS_RELEASE_VERSION} 22 ];thenapt update /dev/null;apt -y install make gcc ipvsadm build-essential pkg-config automake autoconf libipset-dev libnl-3-dev libnl-genl-3-dev libssl-dev libxtables-dev libip4tc-dev libip6tc-dev libipset-dev libmagic-dev libsnmp-dev libglib2.0-dev libpcre2-dev libnftnl-dev libmnl-dev libsystemd-develseapt update /dev/null;apt -y install make gcc ipvsadm build-essential pkg-config automake autoconf iptables-dev libipset-dev libnl-3-dev libnl-genl-3-dev libssl-dev libxtables-dev libip4tc-dev libip6tc-dev libipset-dev libmagic-dev libsnmp-dev libglib2.0-dev libpcre2-dev libnftnl-dev libmnl-dev libsystemd-dev /dev/nullfitar xf \){KEEPALIVED_FILE}KEEPALIVED_DIRecho \({KEEPALIVED_FILE} | sed -nr s/^(.*[0-9]).*/\1/pcd \){KEEPALIVED_DIR}./configure –prefix\({KEEPALIVED_INSTALL_DIR} --disable-fwmarkmake -j \)CPUS make install[ \(? -eq 0 ] \)COLORKeepalived编译安装成功\(END || { \)COLORKeepalived编译安装失败,退出!\(END;exit; }[ -d /etc/keepalived ] || mkdir -p /etc/keepalived /dev/nullread -p 请输入是主服务断或备用服务端例如MASTER或BACKUP: STATEread -p 请输入优先级例如100或80: PRIORITYcat /etc/keepalived/keepalived.conf EOF ! Configuration File for keepalivedglobal_defs {router_id LVS_DEVELscript_user rootenable_script_security }vrrp_script check_nginx {script /etc/keepalived/check_nginx.shinterval 5weight -5fall 2 rise 1 }vrrp_instance VI_1 {state \){STATE}interface \({NET_NAME}virtual_router_id 51priority \){PRIORITY}advert_int 1authentication {auth_type PASSauth_pass 1111}virtual_ipaddress {\({VIP} dev \){NET_NAME} label \({NET_NAME}:1 }track_script {check_nginx} } EOFcp ./keepalived/keepalived.service /lib/systemd/system/cd \){SRC_DIR}mv check_nginx.sh /etc/keepalived/check_nginx.shchmod x /etc/keepalived/check_nginx.shecho PATH\({KEEPALIVED_INSTALL_DIR}/sbin:\){PATH} /etc/profile.d/keepalived.shsystemctl daemon-reloadsystemctl enable –now keepalived /dev/null systemctl is-active keepalived /dev/null || { \({COLOR}Keepalived 启动失败,退出!\){END} ; exit; }\({COLOR}Keepalived安装完成\){END} }main(){oscheck_fileinstall_keepalived }main# 分别在ha01和ha02执行安装 [rootha01 ~]# bash install_keepalived_v2.sh … 请输入是主服务断或备用服务端例如MASTER或BACKUP: MASTER 请输入优先级例如100或80: 100[rootha02 ~]# bash install_keepalived_v2.sh … 请输入是主服务断或备用服务端例如MASTER或BACKUP: BACKUP 请输入优先级例如100或80: 801.4 安装harbor 这里使用基于docker二进制包一键安装Harbor脚本安装harborharbor的具体安装方法请参考博客“https://raymond.blog.csdn.net/article/details/135882947”。 [rootharbor01 ~]# cat install_harbor_http_v2_2.sh #!/bin/bash # #****************************************************************************************************************** #Author: Raymond #QQ: 88563128 #Date: 2024-01-26 #FileName: install_harbor_http_v2_2.sh #URL: raymond.blog.csdn.net #Description: install_harbor_http for CentOS 7 CentOS Stream ⁸⁄₉ Ubuntu 18.04/20.04/22.04 Rocky ⁸⁄₉ #Copyright ©: 2024 All rights reserved #****************************************************************************************************************** SRC_DIR/usr/local/src COLORecho -e \033[01;31m END\033[0mDOCKER_VERSION24.0.7 DOCKER_MAIN_VERSIONecho \({DOCKER_VERSION} | awk -F. {print \)1} URLmirrors.aliyun.com# Docker Compose下载地址“https://github.com/docker/compose/releases/download/v2.23.3/docker-compose-linux-x86_64”请提前下载。 DOCKER_COMPOSE_FILEdocker-compose-linux-x86_64# Harbor下载地址“https://github.com/goharbor/harbor/releases/download/v2.10.0/harbor-offline-installer-v2.10.0.tgz”请提前下载。 HARBOR_FILEharbor-offline-installer-v HARBOR_VERSION2.10.0 TAR.tgz HARBOR_INSTALL_DIR/apps HARBOR_DOMAINharbor.raymonds.cc NET_NAMEip addr |awk -F[: ] /^2: e./{print \(3} IPip addr show \){NET_NAME}| awk -F |/ /global/{print $3} HARBOR_ADMIN_PASSWORD123456os(){OS_IDsed -rn /^NAME/s.([[:alpha:]]).$\1p /etc/os-releaseOS_RELEASE_VERSIONsed -rn /^VERSION_ID/s.?([0-9]).?.?\1p /etc/os-release }check_file (){cd \({SRC_DIR}if [ ! -e \){DOCKER_COMPOSE_FILE} ];then\({COLOR}缺少\){DOCKER_COMPOSE_FILE}文件,请把文件放到\({SRC_DIR}目录下\){END}exitelif [ ! -e \({HARBOR_FILE}\){HARBOR_VERSION}\({TAR} ];then\){COLOR}缺少\({HARBOR_FILE}\){HARBOR_VERSION}\({TAR}文件,请把文件放到\){SRC_DIR}目录下\({END}exitelse\){COLOR}相关文件已准备好\({END}fi }ubuntu_install_docker(){\){COLOR}开始安装Docker依赖包请稍等…\({END}apt update /dev/nullapt -y install apt-transport-https ca-certificates curl software-properties-common /dev/nullcurl -fsSL https://\){URL}/docker-ce/linux/ubuntu/gpg | sudo apt-key add - /dev/nulladd-apt-repository -y deb [archamd64] https://\({URL}/docker-ce/linux/ubuntu \)(lsb_release -cs) stable /dev/null apt update /dev/null\({COLOR}Docker有以下版本\){END}apt-cache madison docker-ce\({COLOR}10秒后即将安装:Docker-\){DOCKER_VERSION}版本……\({END}\){COLOR}如果想安装其它Docker版本请按Ctrlc键退出修改版本再执行\({END}sleep 10\){COLOR}开始安装Docker请稍等…\({END}if [ \){DOCKER_MAIN_VERSION} 18 -o \({DOCKER_MAIN_VERSION} 19 -o \){DOCKER_MAIN_VERSION} 20 ];thenapt -y install docker-ce5:\({DOCKER_VERSION}~3-0~ubuntu-\)(lsb_release -cs) docker-ce-cli5:\({DOCKER_VERSION}~3-0~ubuntu-\)(lsb_release -cs) /dev/null || { \({COLOR}apt源失败请检查apt配置\){END};exit; }elseapt -y install docker-ce5:\({DOCKER_VERSION}-1~ubuntu.\)(lsb_release -rs)~\((lsb_release -cs) docker-ce-cli5:\){DOCKER_VERSION}-1ubuntu.$(lsb_release -rs)\((lsb_release -cs) /dev/null || { \){COLOR}apt源失败请检查apt配置\({END};exit; }fi }centos_install_docker(){\){COLOR}开始安装Docker依赖包请稍等…\({END}yum -y install yum-utils /dev/nullyum-config-manager --add-repo https://\){URL}/docker-ce/linux/centos/docker-ce.repo /dev/nullyum clean all /dev/nullyum makecache /dev/null\({COLOR}Docker有以下版本\){END}yum list docker-ce.x86_64 –showduplicates\({COLOR}10秒后即将安装:Docker-\){DOCKER_VERSION}版本……\({END}\){COLOR}如果想安装其它Docker版本请按Ctrlc键退出修改版本再执行\({END}sleep 10\){COLOR}开始安装Docker请稍等…\({END}yum -y install docker-ce-\){DOCKER_VERSION} docker-ce-cli-\({DOCKER_VERSION} /dev/null || { \){COLOR}yum源失败请检查yum配置\({END};exit; } }mirror_accelerator(){mkdir -p /etc/dockercat /etc/docker/daemon.json -EOF {registry-mirrors: [https://registry.docker-cn.com,https://hub-mirror.c.163.com,https://docker.mirrors.ustc.edu.cn],insecure-registries: [\){HARBOR_DOMAIN}],data-root: /data/docker,exec-opts: [native.cgroupdriversystemd],max-concurrent-downloads: 10,max-concurrent-uploads: 5,log-opts: {max-size: 300m,max-file: 2 },live-restore: true } EOFsystemctl daemon-reloadsystemctl enable –now dockersystemctl is-active docker /dev/null \({COLOR}Docker 服务启动成功\){END} || { \({COLOR}Docker 启动失败\){END};exit; }docker version \({COLOR}Docker 安装成功\){END} || \({COLOR}Docker 安装失败\){END} }set_alias(){echo alias rmidocker images -qa|xargs docker rmi -f ~/.bashrcecho alias rmcdocker ps -qa|xargs docker rm -f ~/.bashrc }install_docker_compose(){\({COLOR}开始安装Docker Compose请稍等...\){END}mv \({SRC_DIR}/\){DOCKER_COMPOSE_FILE} /usr/bin/docker-composechmod x /usr/bin/docker-composedocker-compose –version \({COLOR}Docker Compose 安装完成\){END} || \({COLOR}Docker compose 安装失败\){END} }install_harbor(){\({COLOR}开始安装Harbor请稍等...\){END}[ -d \({HARBOR_INSTALL_DIR} ] || mkdir \){HARBOR_INSTALL_DIR}tar xf \({SRC_DIR}/\){HARBOR_FILE}\({HARBOR_VERSION}\){TAR} -C \({HARBOR_INSTALL_DIR}/mv \){HARBOR_INSTALL_DIR}/harbor/harbor.yml.tmpl ${HARBOR_INSTALL_DIR}/harbor/harbor.ymlsed -ri.bak -e s/^(hostname:) ./\1 \({IP}/ -e s/^(https:)/#\1/ -e s/ (port: 443)/# \1/ -e s (certificate: .*)# \1 -e s (private_key: .*)# \1 -e s/^(harbor_admin_password:) .*/\1 \){HARBOR_ADMIN_PASSWORD}/ \({HARBOR_INSTALL_DIR}/harbor/harbor.ymlif [ \){OS_ID} CentOS -o \({OS_ID} Rocky ] /dev/null;thenrpm -q python3 /dev/null || { \){COLOR}安装python3请稍等…\({END};yum -y install python3 /dev/null; }elsedpkg -s python3 /dev/null || { \){COLOR}安装python3请稍等…\({END};apt -y install python3 /dev/null; }fi\){HARBOR_INSTALL_DIR}/harbor/install.sh –with-trivy \({COLOR}Harbor 安装完成\){END} || \({COLOR}Harbor 安装失败\){END}cat /lib/systemd/system/harbor.service -EOF [Unit] DescriptionHarbor Afterdocker.service systemd-networkd.service systemd-resolved.service Requiresdocker.service Documentationhttp://github.com/vmware/harbor[Service] Typesimple Restarton-failure RestartSec5 ExecStart/usr/bin/docker-compose -f \({HARBOR_INSTALL_DIR}/harbor/docker-compose.yml up ExecStop/usr/bin/docker-compose -f \){HARBOR_INSTALL_DIR}/harbor/docker-compose.yml down[Install] WantedBymulti-user.target EOFsystemctl daemon-reload systemctl enable harbor /dev/null \({COLOR}Harbor已配置为开机自动启动\){END} }set_swap_limit(){if [ \({OS_RELEASE_VERSION} 18 -o \){OS_RELEASE_VERSION} 20 ];thengrep -q swapaccount1 /etc/default/grub { \({COLOR}WARNING: No swap limit support警告,已设置\){END};exit; }\({COLOR}设置Docker的WARNING: No swap limit support警告\){END}sed -ri /^GRUB_CMDLINE_LINUX/s\( swapaccount1 /etc/default/grubupdate-grub /dev/null\){COLOR}10秒后机器会自动重启\({END}sleep 10rebootfi }main(){oscheck_fileif [ \){OS_ID} CentOS -o \({OS_ID} Rocky ] /dev/null;thenrpm -q docker-ce /dev/null \){COLOR}Docker已安装\({END} || centos_install_dockerelsedpkg -s docker-ce /dev/null \){COLOR}Docker已安装\({END} || ubuntu_install_dockerfi[ -f /etc/docker/daemon.json ] /dev/null \){COLOR}Docker镜像加速器已设置\({END} || mirror_acceleratorgrep -Eqoi (.*rmi|.*rmc) ~/.bashrc \){COLOR}Docker别名已设置\({END} || set_alias[ -f /usr/bin/docker-compose ] \){COLOR}Docker Compose已安装\({END} || install_docker_composesystemctl is-active harbor /dev/null \){COLOR}Harbor已安装${END} || install_harborset_swap_limit }main# 分别在harbor01和harbor02执行安装 [rootharbor01 ~]# bash install_harbor_http_v2_2.sh[rootharbor02 ~]# bash install_harbor_http_v2_2.sh1.5 创建harbor仓库 在harbor01新建项目google_containers。 http://172.31.3.106/ 用户名admin 密码:123456 图1-2 登录harbor01 登录后在“项目”下面选择“新建项目”。 图1-3 在harbor01上新建项目 项目名称设置为“google_containers”访问级别后面勾选“公开”然后选“确认”。 图1-4 在harbor01上创建google_containers项目 在harbor02新建项目google_containers http://172.31.3.107/ 用户名admin 密码:123456 图1-5 登录harbor02 登录后在“项目”下面选择“新建项目”。 图1-6 在harbor02上新建项目 项目名称设置为“google_containers”访问级别后面勾选“公开”然后选“确认”。 图1-7 在harbor01上创建google_containers项目 在harbor02上新建目标 在“系统管理”下面的“仓库管理”里面选择“新建目标”。 图1-8 在harbor02上新建目标 提供者设置为“Harbor”目标名设置为“google_containers”目标URL设置为harbor01的地址“http://172.31.3.106”访问ID设置为harbor01的用户名“admin”访问密码设置为harbor01的密码“123456”然后“测试连接”测试成功后选择“确定”。 图1-9 在harbor02上新建目标 在harbor02上新建规则 在“系统管理”下面的“复制管理”里面选择“新建规则”。 图1-10 在harbor02上新建规则 名称设置为“google_containers”目标仓库选择“google_containers-http://172.31.0.106”触发模式设置为“事件驱动”勾选“删除本地资源时同时也删除远程的资源 ”然后选择“保存”。 图1-11 在harbor02上新建规则 在harbor01上新建目标 在“系统管理”下面的“仓库管理”里面选择“新建目标”。 图1-12 在harbor01上新建目标 提供者设置为“Harbor”目标名设置为“google_containers”目标URL设置为harbor01的地址“http://172.31.3.107”访问ID设置为harbor01的用户名“admin”访问密码设置为harbor01的密码“123456”然后“测试连接”测试成功后选择“确定”。 图1-13 在harbor01上新建目标 在harbor01上新建规则 在“系统管理”下面的“复制管理”里面选择“新建规则”。 图1-14 在harbor01上新建规则 名称设置为“google_containers”目标仓库选择“google_containers-http://172.31.0.107”触发模式设置为“事件驱动”勾选“删除本地资源时同时也删除远程的资源 ”然后选择“保存”。 图1-15 在harbor01上新建规则 1.6 在docker客户端验证 在172.31.0.8的Rocky 8的主机上无需登录即可下载镜像 首先要主机初始化和安装docker [rootclient ~]# cat /etc/hosts -EOF 172.31.3.188 harbor.raymonds.cc EOF[rootclient ~]# docker login harbor.raymonds.cc Username: admin Password: Error response from daemon: Get https://harbor.raymonds.cc/v2/: dial tcp 172.31.3.188:443: connect: connection refuse

登录失败[rootclient ~]# cat /etc/docker/daemon.json

{registry-mirrors: [https://registry.docker-cn.com,https://hub-mirror.c.163.com,https://docker.mirrors.ustc.edu.cn],insecure-registries: [harbor.raymonds.cc], # 设置非安全的镜像仓库data-root: /data/docker,exec-opts: [native.cgroupdriversystemd],max-concurrent-downloads: 10,max-concurrent-uploads: 5,log-opts: {max-size: 300m,max-file: 2 },live-restore: true }[rootclient ~]# systemctl daemon-reload systemctl restart docker[rootclient ~]# docker login harbor.raymonds.cc Username: admin Password: WARNING! Your password will be stored unencrypted in /root/.docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-storeLogin Succeeded

现在登录成功了[rootclient ~]# docker pull alpine[rootclient ~]# docker images

REPOSITORY TAG IMAGE ID CREATED SIZE alpine latest 05455a08881e 3 days ago 7.38MB[rootclient ~]# docker tag alpine harbor.raymonds.cc/google_containers/alpine[rootclient ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE alpine latest 05455a08881e 3 days ago 7.38MB harbor.raymonds.cc/google_containers/alpine latest 05455a08881e 3 days ago 7.38MB[rootclient ~]# docker push harbor.raymonds.cc/google_containers/alpine Using default tag: latest The push refers to repository [harbor.raymonds.cc/google_containers/alpine] d4fc045c9e3a: Pushed latest: digest: sha256:6457d53fb065d6f250e1504b9bc42d5b6c65941d57532c072d929dd0628977d0 size: 528在harbor01上查看镜像已经上传。 图1-16 在harbor01上查看镜像上传情况 在harbor02上查看镜像已经上传。 图1-17 在harbor02上查看镜像上传情况 从上面可以看出harbor01和harbor02镜像仓库是高可用的。

删除所有镜像

[rootclient ~]# docker images -qa|xargs docker rmi -f[rootclient ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE# 从harbor仓库拉取镜像 [rootclient ~]# docker pull harbor.raymonds.cc/google_containers/alpine Using default tag: latest latest: Pulling from google_containers/alpine 4abcf2066143: Pull complete Digest: sha256:6457d53fb065d6f250e1504b9bc42d5b6c65941d57532c072d929dd0628977d0 Status: Downloaded newer image for harbor.raymonds.cc/google_containers/alpine:latest harbor.raymonds.cc/google_containers/alpine:latest[rootclient ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE harbor.raymonds.cc/google_containers/alpine latest 05455a08881e 3 days ago 7.38MB

可以看到harbor仓库的镜像也是可以拉取到本地的