1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20

#安装外置postgres
yum install -y cmake gcc gcc-c++ perl readline readline-devel openssl openssl-devel zlib zlib-devel ncurses-devel readline readline-devel zlib zlib-devel
[root@harbor-4 harbor]#  wget https://ftp.postgresql.org/pub/source/v12.2/postgresql-12.2.tar.gz
--2022-09-18 23:34:37--  https://ftp.postgresql.org/pub/source/v12.2/postgresql-12.2.tar.gz
Resolving ftp.postgresql.org (ftp.postgresql.org)... 217.196.149.55, 147.75.85.69, 72.32.157.246, ...
Connecting to ftp.postgresql.org (ftp.postgresql.org)|217.196.149.55|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 26669211 (25M) [application/octet-stream]
Saving to: ‘postgresql-12.2.tar.gz’

100%[========================================================================>] 26,669,211  5.59MB/s   in 4.6s

2022-09-18 23:34:43 (5.59 MB/s) - ‘postgresql-12.2.tar.gz
[root@harbor-4 harbor]# tar zxf postgresql-12.2.tar.gz
[root@harbor-4 harbor]# cd postgresql-12.2
[root@harbor-4 postgresql-12.2]#  ./configure --prefix=/usr/local/postgresql
checking build system type... x86_64-pc-linux-gnu
checking host system type... x86_64-pc-linux-gnu
checking which template to use... linux
[root@harbor-4 postgresql-12.2]#make && make install

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88

# 1. 创建数据目录
[postgres@xxxx data]$ mkdir -p /work/harbor-db/data
# 2. 创建日志目录
[postgres@xxxx data]$ mkdir -p /work/harbor-db/log
# 3. 创建socket目录
[postgres@xxxx data]$ mkdir -p /work/harbor-db/tmp
# 4. 授权
[postgres@xxxx data]$ chown -R postgres.postgres /work/harbor-db/
# 5. 初始化pg实例

[root@harbor-4 postgresql-12.2]# initdb --username=postgres -D /work/harbor-db/data/
initdb: error: cannot be run as root
Please log in (using, e.g., "su") as the (unprivileged) user that will
own the server process.
[root@harbor-4 postgresql-12.2]# su - postgres
[postgres@harbor-4 ~]$ initdb --username=postgres -D /work/harbor-db/data/
The files belonging to this database system will be owned by user "postgres".
This user must also own the server process.

The database cluster will be initialized with locale "en_US.UTF-8".
The default database encoding has accordingly been set to "UTF8".
The default text search configuration will be set to "english".

Data page checksums are disabled.

fixing permissions on existing directory /work/harbor-db/data ... ok
creating subdirectories ... ok
selecting dynamic shared memory implementation ... posix
selecting default max_connections ... 100
selecting default shared_buffers ... 128MB
selecting default time zone ... America/New_York
creating configuration files ... ok
running bootstrap script ... ok
performing post-bootstrap initialization ... ok
syncing data to disk ... ok

initdb: warning: enabling "trust" authentication for local connections
You can change this by editing pg_hba.conf or using the option -A, or
--auth-local and --auth-host, the next time you run initdb.

Success. You can now start the database server using:

    pg_ctl -D /work/harbor-db/data/ -l logfile start

[postgres@xxxx data]$ initdb --username=postgres -D /work/harbor-db/data/

## 这里PostgreSQL数据库与harbor并未在同一台主机上，故除了修改配置文件postgresql.conf外还需要修改客户端认证配置pg_hba.conf文件，若在同一台主机上没有网络以及认证需求的话，可以不修改
# 6. 根据需要修改初始化的配置文件，修改位置如下：
[postgres@xxxx data]$ vim /work/harbor-db/data/postgresql.conf
 # 数据目录指定
data_directory = '/work/harbor-db/data'
 # 客户端可连接ip，默认为localhost，若不需要可不修改，*为所有
listen_addresses = '*'
 # 端口设置
port = 7002
 # 允许最大连接数
max_connections = 100
 # socket目录及权限设置
unix_socket_directories = '/work/harbor-db/tmp'
unix_socket_group = ''
unix_socket_permissions = 0777
 # 内存大小
shared_buffers = 128MB
 # 时区修改
timezone = 'Asia/Shanghai'

 # 日志：
 ## 是否开启日志
logging_collector = on
 ## 日志存放目录
log_directory = '/work/harbor-db/log'
 ## 每个日志最大size
log_rotation_size = 1GB
 ## 日志时区
log_timezone = 'Asia/Shanghai'
 ## 记录执行时间大于100ms的sql及执行时间，相当于慢SQL日志
log_min_duration_statement = 100

## 由于这里需要远程可以连接，所以需要添加认证配置pg_hba.conf，根据自己需求配置，若不需要的话可不配置该文件
[postgres@xxxx data]$ vim pg_hba.conf
# 在文件末尾添加，以下配置表示，允许ADDRESS对应的主机，通过harbor用户访问该库的所有数据库
# TYPE  DATABASE        USER            ADDRESS                 METHOD
host    all             harbor             x.x.x.x/x           trust

host    all             all             10.7.4.9/16            trust
host    all             harbor          10.7.4.9/16            trust
host    all             all             0.0.0.0/0              trust
host    all             harbor          0.0.0.0/0              trust

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24

external_database:
   harbor:
     host: 10.7.4.9
     port: 7002
     db_name: harbor
     username: harbor
     password: harbor123
     ssl_mode: disable
     max_idle_conns: 2
     max_open_conns: 0
   notary_signer:
     host: 10.7.4.9
     port: 7002
     db_name: harbor_notary_signer
     username: harbor
     password: harbor123
     ssl_mode: disable
   notary_server:
     host: 10.7.20.51
     port: 5432
     db_name: harbor_notary_server
     username: harbor
     password: harbor123
     ssl_mode: disable

1
2
3
4
5

 a）在A服务器执行如下命令，添加B的harbor解析到harbor的每个容器：
      `for i in `docker ps | grep harbor|awk '{print $1}'`;do docker exec -it $i bash -c 'echo "10.203.121.137 Bharbor的域名" >> /etc/hosts';done`

 b）在B服务器执行如下命令，添加A的harbor解析到harbor的每个容器：
      for i in `docker ps | grep harbor|awk '{print $1}'`;do docker exec -it $i bash -c 'echo "10.203.121.60 Aharbor的域名" >> /etc/hosts';done