Why do we need a mirror synchronization
Because access to the Mirror is a core concept of the container, in actual use, a mirror image library may be not enough, in situations like we may need to deploy multiple mirror Warehouse:
- Foreign public image download is too slow, need a transit warehouse accelerated
- Container larger scale, a mirror warehouse overwhelmed
- High stability of the system requirements, the need to ensure high availability across multiple warehouses
- Mirroring multiple levels of warehouse planning, warehouse lower dependence superiors warehouse
The scene is more commonly used in enterprise software environment, there will be a different mirror warehouses in different stages of software development,
- Libraries in the development environment, the developer image change frequently, once the code is completed, i.e., to form a stable image needs to be synchronized to the test environment.
- Library in a test environment, test personnel mirroring operation is read, the test is completed, the image synchronized to the pre-wired environment library.
- In the on-line pre-environment libraries, operation and maintenance personnel of the image is read-only operations, once the normal operation, i.e. mirror synchronization library to the production environment.
- In this process, we need synchronization and replication between mirrored image library for each environment.
Features
Functional design, Harbor still a "project" as the center, through the project configuration "Replication Policy", indicate the need to copy the project and the mirror. Administrators replication strategy indicated in the target instance, that copy of "destination", and its address settings and user name and password to use when connecting. When the replication policy is activated, all mirrored in the source program will be copied to the target instance; In addition, when the mirror at the source items are added or deleted (push or delete), as long as the policy is still active, the mirror will change up to the target synchronizing example, as shown below :
Cluster in larger containers, often require a plurality of Registry servers do load balancing master may be adopted from the release mode, only the mirror once released, can be pushed to the plurality of instances Registry. It also supports dual-master replication and the level of multi-stage type, which mirror, as shown below:
Harbor mirroring synchronization mechanism
With more mirrors warehouse, synchronous mirroring soon become a common requirement across multiple warehouses. Mirror synchronization more traditional way, there are two:
- The first embodiment, using Linux RSYNC service provided to define the mirror data synchronization between two warehouses.
- The second embodiment, service usage scenarios IaaS mirrored storage, use IaaS configuration tool to configure synchronous mirroring.
这两种方案都依赖于仓库所在的存储环境,而需要采用不同的工具策略。Harbor则提供了更加灵活的方案来处理镜像的同步,其核心是三个概念:
- 用Harbor自己的API来进行镜像下载和传输,作到与底层存储环境解耦。
- 利用任务调度和监控机制进行复制任务的管理,保障复制任务的健壮性。在同步过程中,如果源镜像已删除,Harbor会自动同步删除远端的镜像。在镜像同步复制的过程中,Harbor会监控整个复制过程,遇到网络等错误,会自动重试。
- 提供复制策略机制保证项目级的复制需求。在Harbor中,可以在项目中创建复制策略,来实现对镜像的同步。与Docker Registry的不同之处在于,Harbor的复制是推(PUSH)的策略,由源端发起,而Docker Registry的复制是拉(PULL)的策略,由目标端发起。
我们准备两台机器,并分别安装好Harbor( 版本:1.4.0 ):
| 主Harbor | harbor.test.com | 192.168.5.150 |
| 备Harbor | harbor-01.test.com | 192.168.5.151 |
| docker client | 192.168.5.107 |
1. 在主Harbor 创建新项目test
2.在主Harbor的仓库管理->新建目标:
3.在Harbor的复制管理->新建规则:
4.在客户端上传image到主Harbor
[root@clinet ~]# docker push harbor.test.com/test/docker-test:latest The push refers to a repository [harbor.test.com/test/docker-test] 146788dad3cb: Layer already exists 2f6c24bddb30: Layer already exists 952a32dca55a: Layer already exists b308dc99c2a4: Layer already exists 4ac76077f2c7: Layer already exists latest: digest: sha256:520230466225bac646e1cd5ff645eb3f6d24b8e62039e5ffb5d355c67e4058e6 size: 1354
5.在主Harbor的复制管理中看到多了一条复制任务在执行:
6.再在备Harbor中已经看到test/docker-test.latest 已经从主Harbor自动复制过来:
参考:https://blog.csdn.net/hxpjava1/article/details/79308890
参考:https://blog.csdn.net/kozazyh/article/details/79829463
参考:https://my.oschina.net/vmwareharbor/blog/728085