014.Docker Harbor+Keepalived+LVS+共享存储高可用架构
一 多Harbor高可用介绍
二 正式部署
2.1 前期准备
节点
|
IP地址
|
备注
|
docker01
|
172.24.8.111
|
Docker harbor node01
|
docker02
|
172.24.8.112
|
Docker harbor node02
|
docker03
|
172.24.8.113
|
mysql+redis节点
|
docker04
|
172.24.8.114
|
Docker客户端,用于测试仓库
|
nfsslb
|
172.24.8.71
|
共享nfs存储节点
Keepalived节点
VIP地址:172.24.8.200/32
|
slb02
|
172.24.8.72
|
Keepalived节点
VIP地址:172.24.8.200/32
|
- docker、docker-compose安装(见《009.Docker Compose基础使用》);
- ntp时钟同步(建议项);
- 相关防火墙-SELinux放通或关闭;
- nfsslb和slb02节点添加解析:echo "172.24.8.200 reg.harbor.com" >> /etc/hosts
2.2 创建nfs
[root@nfsslb ~]# yum -y install nfs-utils*
[root@nfsslb ~]# mkdir /myimages #用于共享镜像
[root@nfsslb ~]# mkdir /mydatabase #用于存储数据库数据
[root@nfsslb ~]# echo -e "/dev/vg01/lv01 /myimages ext4 defaults 0 0\n/dev/vg01/lv02 /mydatabase ext4 defaults 0 0">> /etc/fstab
[root@nfsslb ~]# mount -a
[root@nfsslb ~]# vi /etc/exports
/myimages 172.24.8.0/24(rw,no_root_squash)
/mydatabase 172.24.8.0/24(rw,no_root_squash)
[root@nfsslb ~]# systemctl start nfs.service
[root@nfsslb ~]# systemctl enable nfs.service
2.3 挂载nfs
root@docker01:~# apt-get -y install nfs-common
root@docker02:~# apt-get -y install nfs-common
root@docker03:~# apt-get -y install nfs-common root@docker01:~# mkdir /data
root@docker02:~# mkdir /data root@docker01:~# echo "172.24.8.71:/myimages /data nfs defaults,_netdev 0 0">> /etc/fstab
root@docker02:~# echo "172.24.8.71:/myimages /data nfs defaults,_netdev 0 0">> /etc/fstab
root@docker03:~# echo "172.24.8.71:/mydatabase /database nfs defaults,_netdev 0 0">> /etc/fstab root@docker01:~# mount -a
root@docker02:~# mount -a
root@docker03:~# mount -a root@docker03:~# mkdir -p /database/mysql
root@docker03:~# mkdir -p /database/redis
2.4 部署外部mysql-redis
root@docker03:~# mkdir docker_compose/
root@docker03:~# cd docker_compose/
root@docker03:~/docker_compose# vi docker-compose.yml
version: '3'
services:
mysql-server:
hostname: mysql-server
restart: always
container_name: mysql-server
image: mysql:5.7
volumes:
- /database/mysql:/var/lib/mysql
command: --character-set-server=utf8
ports:
- '3306:3306'
environment:
MYSQL_ROOT_PASSWORD: x19901123
# logging:
# driver: "syslog"
# options:
# syslog-address: "tcp://172.24.8.112:1514"
# tag: "mysql"
redis:
hostname: redis-server
container_name: redis-server
restart: always
image: redis:3
volumes:
- /database/redis:/data
ports:
- '6379:6379'
# logging:
# driver: "syslog"
# options:
# syslog-address: "tcp://172.24.8.112:1514"
# tag: "redis"
root@docker03:~/docker_compose# docker-compose up -d
root@docker03:~/docker_compose# docker-compose ps #确认docker是否up
root@docker03:~/docker_compose# netstat -tlunp #确认相关端口是否启动
2.5 下载harbor
root@docker01:~# wget https://storage.googleapis.com/harbor-releases/harbor-offline-installer-v1.5.4.tgz
root@docker01:~# tar xvf harbor-offline-installer-v1.5.4.tgz
2.6 导入registry表
root@docker01:~# apt-get -y install mysql-client
root@docker01:~# cd harbor/ha/
root@docker01:~/harbor/ha# ll
root@docker01:~/harbor/ha# mysql -h172.24.8.113 -uroot -p
mysql> set session sql_mode='STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION'; #必须修改sql_mode
mysql> source ./registry.sql #导入registry数据表至外部数据库。
mysql> exit
2.7 修改harbor相关配置
root@docker01:~/harbor/ha# cd /root/harbor/
root@docker01:~/harbor# vi harbor.cfg #修改harbor配置文件
hostname = 172.24.8.111
db_host = 172.24.8.113
db_password = x19901123
db_port = 3306
db_user = root
redis_url = 172.24.8.113:6379
root@docker01:~/harbor# vi prepare
empty_subj = "/C=/ST=/L=/O=/CN=/"
修改如下:
empty_subj = "/C=US/ST=California/L=Palo Alto/O=VMware, Inc./OU=Harbor/CN=notarysigner"
root@docker01:~/harbor# ./prepare #载入相关配置
root@docker01:~/harbor# cat ./common/config/ui/env #验证
_REDIS_URL=172.24.8.113:6379
root@docker01:~/harbor# cat ./common/config/adminserver/env | grep MYSQL #验证
MYSQL_HOST=172.24.8.113
MYSQL_PORT=3306
MYSQL_USR=root
MYSQL_PWD=x19901123
MYSQL_DATABASE=registry
2.8 docker-compose部署
root@docker01:~/harbor# cp docker-compose.yml docker-compose.yml.bak
root@docker01:~/harbor# cp ha/docker-compose.yml .
root@docker01:~/harbor# vi docker-compose.yml
log
ports:
- 1514:10514 #log需要对外部redis和mysql提供服务,因此只需要修改此处即可
root@docker01:~/harbor# ./install.sh
2.9 重新构建外部redis和mysql
root@docker03:~/docker_compose# docker-compose up -d
root@docker03:~/docker_compose# docker-compose ps #确认docker是否up
root@docker03:~/docker_compose# netstat -tlunp #确认相关端口是否启动
2.10 Keepalived安装
[root@nfsslb ~]# yum -y install gcc gcc-c++ make kernel-devel kernel-tools kernel-tools-libs kernel libnl libnl-devel libnfnetlink-devel openssl-devel
[root@nfsslb ~]# cd /tmp/
[root@nfsslb ~]# tar -zxvf keepalived-2.0.8.tar.gz
[root@nfsslb tmp]# cd keepalived-2.0.8/
[root@nfsslb keepalived-2.0.8]# ./configure --sysconf=/etc --prefix=/usr/local/keepalived
[root@nfsslb keepalived-2.0.8]# make && make install
2.11 Keepalived配置
[root@nfsslb ~]# cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak
root@docker01:~# scp harbor/ha/sample/active_active/keepalived_active_active.conf root@172.24.8.71:/etc/keepalived/keepalived.conf
root@docker01:~# scp harbor/ha/sample/active_active/check.sh root@172.24.8.71:/usr/local/bin/check.sh
root@docker01:~# scp harbor/ha/sample/active_active/check.sh root@172.24.8.72:/usr/local/bin/check.sh
[root@nfsslb ~]# chmod u+x /usr/local/bin/check.sh
[root@slb02 ~]# chmod u+x /usr/local/bin/check.sh
[root@nfsslb ~]# vi /etc/keepalived/keepalived.conf
global_defs {
router_id haborlb
}
vrrp_sync_groups VG1 {
group {
VI_1
}
}
vrrp_instance VI_1 {
interface eth0 track_interface {
eth0
} state MASTER
virtual_router_id 51
priority 10 virtual_ipaddress {
172.24.8.200
}
advert_int 1
authentication {
auth_type PASS
auth_pass d0cker
} }
virtual_server 172.24.8.200 80 {
delay_loop 15
lb_algo rr
lb_kind DR
protocol TCP
nat_mask 255.255.255.0
persistence_timeout 10 real_server 172.24.8.111 80 {
weight 10
MISC_CHECK {
misc_path "/usr/local/bin/check.sh 172.24.8.111"
misc_timeout 5
}
} real_server 172.24.8.112 80 {
weight 10
MISC_CHECK {
misc_path "/usr/local/bin/check.sh 172.24.8.112"
misc_timeout 5
}
}
}
[root@nfsslb ~]# scp /etc/keepalived/keepalived.conf root@172.24.8.72:/etc/keepalived/keepalived.conf #Keepalived配置复制至slb02节点
[root@nfsslb ~]# vi /etc/keepalived/keepalived.conf
state BACKUP
priority 8
2.12 slb节点配置LVS
[root@nfsslb ~]# yum -y install ipvsadm
[root@nfsslb ~]# vi ipvsadm.sh
#!/bin/sh
#****************************************************************#
# ScriptName: ipvsadm.sh
# Author: xhy
# Create Date: 2018-10-28 02:40
# Modify Author: xhy
# Modify Date: 2018-10-28 02:40
# Version:
#***************************************************************#
sudo ifconfig eth0:0 172.24.8.200 broadcast 172.24.8.200 netmask 255.255.255.255 up
sudo route add -host 172.24.8.200 dev eth0:0
sudo echo "1" > /proc/sys/net/ipv4/ip_forward
sudo ipvsadm -C
sudo ipvsadm -A -t 172.24.8.200:80 -s rr
sudo ipvsadm -a -t 172.24.8.200:80 -r 172.24.8.111:80 -g
sudo ipvsadm -a -t 172.24.8.200:80 -r 172.24.8.112:80 -g
sudo ipvsadm
sudo sysctl -p
[root@nfsslb ~]# chmod u+x ipvsadm.sh
[root@nfsslb ~]# echo "source /root/ipvsadm.sh" >> /etc/rc.local #开机运行
[root@nfsslb ~]# ./ipvsadm.sh
2.13 harbor节点配置VIP
root@docker01:~# vi /etc/init.d/lvsrs
#!/bin/bash
# description:Script to start LVS DR real server.
#
. /etc/rc.d/init.d/functions
VIP=172.24.8.200
#修改相应的VIP
case "$1" in
start)
#启动 LVS-DR 模式,real server on this machine. 关闭ARP冲突检测。
echo "Start LVS of Real Server!"
/sbin/ifconfig lo down
/sbin/ifconfig lo up
echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
/sbin/ifconfig lo:0 $VIP broadcast $VIP netmask 255.255.255.255 up
/sbin/route add -host $VIP dev lo:0
sudo sysctl -p
;;
stop)
#停止LVS-DR real server loopback device(s).
echo "Close LVS Director Server!"
/sbin/ifconfig lo:0 down
echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce
echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce
sudo sysctl -p
;;
status)
# Status of LVS-DR real server.
islothere=`/sbin/ifconfig lo:0 | grep $VIP`
isrothere=`netstat -rn | grep "lo:0" | grep $VIP`
if [ ! "$islothere" -o ! "isrothere" ];then
# Either the route or the lo:0 device
# not found.
echo "LVS-DR real server Stopped!"
else
echo "LVS-DR real server Running..."
fi
;;
*)
# Invalid entry.
echo "$0: Usage: $0 {start|status|stop}"
exit 1
;;
esac
root@docker01:~# chmod u+x /etc/init.d/lvsrs
root@docker02:~# chmod u+x /etc/init.d/lvsrs
2.14 启动相关服务
root@docker01:~# service lvsrs start
root@docker02:~# service lvsrs start
[root@nfsslb ~]# systemctl start keepalived.service
[root@nfsslb ~]# systemctl enable keepalived.service
[root@slb02 ~]# systemctl start keepalived.service
[root@slb02 ~]# systemctl enable keepalived.service
2.15 确认验证
root@docker01:~# ip addr #验证docker01/02/slb是否成功启用vip
三 测试验证
root@docker04:~# vi /etc/hosts
172.24.8.200 reg.harbor.com
root@docker04:~# vi /etc/docker/daemon.json
{
"insecure-registries": ["http://reg.harbor.com"]
}
root@docker04:~# systemctl restart docker.service
若是信任CA机构颁发的证书,相应关闭daemon.json中的配置。
root@docker04:~# docker login reg.harbor.com #登录registry
Username: admin
Password: Harbor12345
root@docker04:~# docker pull hello-world
root@docker04:~# docker tag hello-world:latest reg.harbor.com/library/hello-world:xhy
root@docker04:~# docker push reg.harbor.com/library/hello-world:xhy
014.Docker Harbor+Keepalived+LVS+共享存储高可用架构的更多相关文章
- Keepalived+LVS DR模式高可用架构实践
Keepalived最初是为LVS设计,专门监控各服务器节点的状态(LVS不带健康检查功能,所以使用keepalived进行健康检查),后来加入了VRRP(虚拟路由热备协议(Virtual Route ...
- 【葵花宝典】lvs+keepalived部署kubernetes(k8s)高可用集群
一.部署环境 1.1 主机列表 主机名 Centos版本 ip docker version flannel version Keepalived version 主机配置 备注 lvs-keepal ...
- Lvs+keepAlived实现负载均衡高可用集群(DR实现)
第1章 LVS 简介 1.1 LVS介绍 LVS是Linux Virtual Server的简写,意为Linux虚拟服务器,是虚拟的服务器集群系统,可在UNIX/LINUX平台下实现负载均衡集群功能. ...
- 基于Keepalived实现LVS双主高可用集群
Reference: https://mp.weixin.qq.com/s?src=3×tamp=1512896424&ver=1&signature=L1C7us ...
- lvs+keepalive构建高可用集群
大纲 一.前言 二.Keepalived 详解 三.环境准备 四.LVS+Keepalived 实现高可用的前端负载均衡器 一.前言 Keepalived使用的vrrp协议方式,虚拟路由 ...
- lvs+keep搭建高可用web服务
title: lvs+keep搭建高可用web服务 date: 2015-11-26 22:11:55 tags: --- 第一部分 概念 负载均衡 生产环境下必不可少的基础手段当前大部分互联网都使用 ...
- Docker Kubernetes 高可用架构设计
Docker Kubernetes 高可用架构设计 官方方案:保证master端不发生单点故障. 官方使用一台Load Balancer负载均衡代理3台master端,终端与etcd与work Nod ...
- [svc]高并发场景 LVS DR +KeepAlive高可用实现及ka的persistence_timeout参数
LVS-DR+keepalived模式是一种非常经典的常用生产组合 高可用场景及LVS架构 一般都用一(负载)拖多(Server Array)方式 使用LVS架设的服务器集群系统有三个部分组成: (1 ...
- 高并发场景 LVS 安装及高可用实现
1.1 负载均衡介绍 1.1.1 负载均衡的妙用 负载均衡(Load Balance)集群提供了一种廉价.有效.透明的方法,来扩展网络设备和服务器的负载.带宽.增加吞吐量.加强网络数据处理能力.提高网 ...
随机推荐
- dbms_metadata.get_ddl的用法(DDL)
dbms_metadata包中的get_ddl函数 --GET_DDL: Return the metadata for a single object as DDL. -- This interfa ...
- 2017/05/03 java 基础 随笔
1.硬盘500G 厂商是按照1000计算的 500g=500*1000*1000/1024/1024=465g 2.jdk1.7可以表示二进制了 0b001(b大小写无所谓) 3.进制转换 4.原码, ...
- Jquery中AJAX参数详细介绍
Jquery中AJAX参数详细列表: 参数名 类型 描述 url String (默认: 当前页地址) 发送请求的地址. type String (默认: "GET") 请求方式 ...
- Pytorch 入门之Siamese网络
首次体验Pytorch,本文参考于:github and PyTorch 中文网人脸相似度对比 本文主要熟悉Pytorch大致流程,修改了读取数据部分.没有采用原作者的ImageFolder方法: ...
- 【转】htop使用详解--史上最强(没有之一)
在管理进程时通常要借助一些工具,比较常用的就是ps和top了:不过CentOS还为我们提供了一个更加强大的工具htop,下面就来了解一下此工具的使用方法.一.安装htop htop工具在epel源中提 ...
- certificate expired
最近在测试802.1x,测试过程中,radius服务器端一直显示如下错误: (5) authenticate {(5) eap: Expiring EAP session with state 0 ...
- zabbix3.0.4安装grapha实现多台主机相同监控项集中展示
zabbix3.0.4安装grapha图形展示系统 操作系统 # cat /etc/redhat-release CentOS Linux release 7.2.1511 (Core) 1.安装g ...
- PYTHON-函数的定义与调用,返回值,和参数
函数基础'''1. 什么是函数 具备某一功能的工具->函数 事先准备工具的过程--->函数的定义 遇到应用场景,拿来就用---->函数的调用 函数分类两大类: 1. 内置函数 2. ...
- Android几种强大的下拉刷新库
BeautifulRefreshLayout 众多优秀的下拉刷新(除了我写的之外T_T) 说起下拉刷新,好像经历一段历史的洗礼... (1)在我刚学android的时候,用的是XListView,在g ...
- STM32F412应用开发笔记之九:移植FreeRTOS到F412ZG平台
在开发实际应用系统时,我们经常需要考虑数据的实时性和多任务,嵌入式实时操作系统的出现为实现这一目的提供了很好的助力.FreeRTOS是近年来比较流行的嵌入式实时操作系统,而且是开源免费的,STM32C ...