harbor默认安装会使用官方打包的PostgreSQL docker镜像goharbor/harbor-db,harbor启动之后的数据均存放在改数据库上,后续管理可能存在不便,故使用harbor配置外部数据库。
一、搭建PostgreSQL数据库 harbor从1.6版本之后仅支持PostgreSQL数据库作为外部数据库,故需要搭建PostgreSQL数据库使用。这里目前作为测试,故仅安装了单节点,未配置主从,搭建步骤如下:
1. 安装 1 2 3 4 5 6 7 8 9 10 11 12 - 系统版本:CentOS7 yum install -y cmake gcc gcc-c++ perl readline readline-devel openssl openssl-devel zlib zlib-devel ncurses-devel readline readline-devel zlib zlib-devel [postgres@xxxx dba]$ wget https://ftp.postgresql.org/pub/source /v12.2/postgresql-12.2.tar.gz [postgres@xxxx dba]$ tar zxf postgresql-12.2.tar.gz [postgres@xxxx dba]$ cd postgresql-12.2 [postgres@xxxx postgresql-12.2]$ ./configure --prefix=/usr/local /postgresql [postgres@xxxx postgresql-12.2]$ make && make install
2. 配置 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 [postgres@xxxx data]$ mkdir -p /work/harbor-db/data [postgres@xxxx data]$ mkdir -p /work/harbor-db/log [postgres@xxxx data]$ mkdir -p /work/harbor-db/tmp [postgres@xxxx data]$ chown -R postgres.postgres /work/harbor-db/ [postgres@xxxx data]$ initdb --username=postgres -D /work/harbor-db/data/ [postgres@xxxx data]$ vim /work/harbor-db/data/postgresql.conf data_directory = '/work/harbor-db/data' listen_addresses = '*' port = 7002 max_connections = 100 unix_socket_directories = '/work/harbor-db/tmp' unix_socket_group = '' unix_socket_permissions = 0777 shared_buffers = 128MB timezone = 'Asia/Shanghai' logging_collector = on log_directory = '/work/harbor-db/log' log_rotation_size = 1GB log_timezone = 'Asia/Shanghai' log_min_duration_statement = 100 [postgres@xxxx data]$ vim pg_hba.conf host all harbor x.x.x.x/x trust
3. 启动 1 2 3 4 5 [postgres@xxxx data]$ su - postgres [postgres@xxxx data]$ pg_ctl -D /work/harbor-db/data/ -l /work/harbor-db/log /start.log start 或使用 postgres -D /work/harbor-db/data > /work/harbor-db/log /start.log 2>&1 & 命令启动
4. 登陆测试 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 [postgres@xxxx data]$ psql -h 127.0.0.1 -p 7002 -U postgres psql (12.2) Type "help" for help . postgres= Enter new password: Enter it again: postgres= CREATE ROLE postgres= CREATE DATABASE postgres= CREATE DATABASE postgres= CREATE DATABASE postgres= CREATE DATABASE postgres= GRANT postgres= GRANT postgres= GRANT postgres= GRANT [root@remote harbor] Password: psql (12.2) Type "help" for help . harbor=>
至此,PostgreSQL数据库及基础配置设置完毕。
二、Harbor配置 1. 配置文件修改 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 [root@remote harbor]# vim harbor.yml external_database: harbor: host: x.x.x.x port: 7002 db_name: harbor username: harbor password: xxxxxxxx ssl_mode: disable max_idle_conns: 50 max_open_conns: 100 clair: host: x.x.x.x port: 7002 db_name: harbor_clair username: harbor password: xxxxxxxx ssl_mode: disable notary_signer: host: x.x.x.x port: 7002 db_name: harbor_notary_signer username: harbor password: xxxxxxxx ssl_mode: disable notary_server: host: x.x.x.x port: 7002 db_name: harbor_notary_server username: harbor password: xxxxxxxx
2. docker-compose文件修改 设置了外部数据库之后,便不再需要harbor本身的harbor-db镜像来支持,由安装重启文件install.sh可看出最终的安装等操作都由docker-compose.yml文件来完成,故需要在docker-compose文件中删除或注释掉harbor-db相关,修改完成后执行sh install.sh文件重启harbor服务即可。
三、测试验证 1. 数据库验证 当harbor服务重启完成后,进入外部数据库中会发现刚才配置的库里面有了harbor的一些相关表。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 [root@remote harbor] Password: psql (12.2) Type "help" for help . harbor=> \l List of databases Name | Owner | Encoding | Collate | Ctype | Access privileges ----------------------+----------+----------+-------------+-------------+----------------------- harbor | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 | =Tc/postgres + | | | | | postgres=CTc/postgres+ | | | | | harbor=CTc/postgres harbor_clair | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 | =Tc/postgres + | | | | | postgres=CTc/postgres+ | | | | | harbor=CTc/postgres harbor_notary_server | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 | =Tc/postgres + | | | | | postgres=CTc/postgres+ | | | | | harbor=CTc/postgres harbor_notary_signer | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 | =Tc/postgres + | | | | | postgres=CTc/postgres+ | | | | | harbor=CTc/postgres postgres | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 | template0 | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 | =c/postgres + | | | | | postgres=CTc/postgres template1 | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 | =c/postgres + | | | | | postgres=CTc/postgres (7 rows) harbor=> \c harbor Password for user harbor: You are now connected to database "harbor" as user "harbor" . harbor=> \dt List of relations Schema | Name | Type | Owner --------+--------------------------+-------+-------- public | access | table | harbor public | access_log | table | harbor public | admin_job | table | harbor public | alembic_version | table | harbor public | artifact | table | harbor public | artifact_blob | table | harbor public | blob | table | harbor public | cve_whitelist | table | harbor public | harbor_label | table | harbor public | harbor_resource_label | table | harbor public | harbor_user | table | harbor public | immutable_tag_rule | table | harbor public | job_log | table | harbor public | notification_job | table | harbor public | notification_policy | table | harbor public | oidc_user | table | harbor public | project | table | harbor public | project_blob | table | harbor public | project_member | table | harbor public | project_metadata | table | harbor public | properties | table | harbor public | quota | table | harbor public | quota_usage | table | harbor public | registry | table | harbor public | replication_execution | table | harbor public | replication_policy | table | harbor public | replication_schedule_job | table | harbor public | replication_task | table | harbor public | repository | table | harbor public | retention_execution | table | harbor public | retention_policy | table | harbor public | retention_task | table | harbor public | robot | table | harbor public | role | table | harbor public | scan_report | table | harbor public | scanner_registration | table | harbor public | schedule | table | harbor public | schema_migrations | table | harbor public | user_group | table | harbor (39 rows)
2. Web页面测试 根据之前的harbor搭建 中最后的web页面创建镜像仓库的演示,可新创建一个镜像仓库,并上传一个镜像,完成后,在数据库中可看到记录
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 harbor_notary_signer=> \c harbor Password for user harbor: You are now connected to database "harbor" as user "harbor" . harbor=> select * from access_log; log_id | username | project_id | repo_name | repo_tag | guid | operation | op_time --------+----------+------------+--------------+----------+------+-----------+---------------------------- 1 | admin | 2 | pingcap/ | N/A | | create | 2020-04-08 18:02:50.369493 2 | admin | 2 | pingcap/tikv | v3.0.12 | | push | 2020-04-08 18:03:48.824079 (2 rows) harbor=> select * from project; project_id | owner_id | name | creation_time | update_time | deleted ------------+----------+---------+----------------------------+----------------------------+--------- 1 | 1 | library | 2020-04-08 17:48:10.024358 | 2020-04-08 17:48:10.024358 | f 2 | 1 | pingcap | 2020-04-08 18:02:50 | 2020-04-08 18:02:50 | f (2 rows) harbor=> select * from repository; repository_id | name | project_id | description | pull_count | star_count | creation_time | update_t ime ---------------+--------------+------------+-------------+------------+------------+----------------------------+---------------- ------------ 1 | pingcap/tikv | 2 | | 0 | 0 | 2020-04-08 18:03:48.824717 | 2020-04-08 18:0 3:48.824717 (1 row)
可以看到,所有的结果均符合预期,harbor配置外部数据库及测试完成。^_^