harbor升级(最详细记录)
1.harbor升级说明
- Harbor 升级过程需要按照官方推荐的升级路径逐步进行,不能直接跨版本升级。
- 此次是从Harbor 2.6.4 升级到 Harbor 2.12.2版本
- 单机版升级,Harbor服务器172.16.4.60
- docker版本19.03.8,
- /etc/docker/daemon.json
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
2.备份当前 Harbor 数据
- 在升级之前,备份harbor数据目录和主目录(配置文件所在目录),数据目录是自定义的,我的数据目录为:/data/20250218/harbor_storage,在harbor.yaml定义和查看
#备份harbor储存目录
cp -arfP /data/20250218/harbor_storage /data/20250218/harbor_storage_20250218_bak
#备份harbor主目录
cp -arfP /data/20250218/harbor /data/20250218/harbor_20250218_bak
3.停止当前 Harbor 服务
[root@localhost ~]# cd /data/20250218/harbor
[root@localhost harbor]# ls
common common.sh docker-compose.yml harbor.v2.6.4.tar.gz harbor.yml harbor.yml.tmpl install.sh LICENSE prepare
[root@localhost harbor]# docker-compose down
4.下载新版本的 Harbor 安装包
从 Harbor 官方 GitHub Release 页面 下载对应版本的离线安装包:
#github地址
https://github.com/goharbor/harbor/releases/
#下载版本
2.8.0 版本:harbor-offline-installer-v2.8.0.tgz
2.10.0 版本:harbor-offline-installer-v2.10.0.tgz
2.12.2 版本:harbor-offline-installer-v2.12.2.tgz
5. 逐步升级 Harbor
5.1 升级到 2.8.0
- 解压安装包
tar zxf harbor-offline-installer-v2.8.0.tgz
- 加载镜像
cd harbor
docker image load -i harbor.v2.8.0.tar.gz
- 使用 prepare 工具升级配置文件 【/data/20250218/harbor/harbor.yml 是旧版本2.6.4的配置文件,这一步是要将旧版本2.6.4的harbor.yaml更新到2.8.0版本,后边会作为2.8.0版本的配置文件】,此步骤会覆盖2.6.4的旧harbor.yaml配置文件,所以要提前备好。
docker run -it --rm -v /:/hostfs goharbor/prepare:v2.8.0 migrate -i /data/20250218/harbor/harbor.yml
#执行成功后返回
migrating to version 2.7.0
migrating to version 2.8.0
Written new values to /data/20250218/harbor/harbor.yml
- 将旧的2.6.4的harbor目录移动到其他地方或改名,主要是为了目录规范
mv /data/20250218/harbor /data/20250218/harbor_2.6.4
- 将解压后的harbor 2.8.0版本目录harbor拷贝到/data/20250218,主要是为了目录规范
mv harbor /data/20250218/
- 将升级后的harbor.yaml文件拷贝到新的harbor 2.8.0的同级目录中作为配置文件,上边执行的(docker run -it --rm -v /:/hostfs goharbor/prepare:v2.8.0 migrate -i /data/20250218/harbor/harbor.yml)升级的配置文件
cp -faP /data/20250218/harbor_2.6.4/harbor.yaml /data/20250218/harbor
- 运行新的2.8.0版本安装脚本
cd /data/20250218/harbor
./install.sh
- 检查服务是否正常启动
--docker ps
[root@localhost harbor]# docker ps | grep goharbor
2f1f110eecb1 goharbor/harbor-jobservice:v2.8.0 "/harbor/entrypoint.…" About an hour ago Up About an hour (healthy) harbor-jobservice
6f84fbee2142 goharbor/nginx-photon:v2.8.0 "nginx -g 'daemon of…" About an hour ago Up About an hour (healthy) 0.0.0.0:8060->8080/tcp nginx
0157cf1e4a9b goharbor/harbor-core:v2.8.0 "/harbor/entrypoint.…" About an hour ago Up About an hour (healthy) harbor-core
27a96202ee7e goharbor/registry-photon:v2.8.0 "/home/harbor/entryp…" About an hour ago Up About an hour (healthy) registry
2ad04f25a7cf goharbor/harbor-registryctl:v2.8.0 "/home/harbor/start.…" About an hour ago Up About an hour (healthy) registryctl
d6c9256cd713 goharbor/redis-photon:v2.8.0 "redis-server /etc/r…" About an hour ago Up About an hour (healthy) redis
66d4a37433c3 goharbor/harbor-db:v2.8.0 "/docker-entrypoint.…" About an hour ago Up About an hour (healthy) harbor-db
c3e496780ed6 goharbor/harbor-portal:v2.8.0 "nginx -g 'daemon of…" About an hour ago Up About an hour (healthy) harbor-portal
384f17ee130f goharbor/harbor-log:v2.8.0 "/bin/sh -c /usr/loc…" About an hour ago Up About an hour (healthy) 127.0.0.1:1514->10514/tcp harbor-log
--登陆web界面看功能是否正常,并查看版本信息
--验证升级前的数据是否正常存在
6.升级到 2.10.0
6.1 重复上述步骤
重复上述步骤,将安装包版本替换为 2.10.0。
6.2 执行完最后一步后,docker ps状态,有5个服务器启动失败,分别为harbor-jobservice、harbor-core、registryctl、harbor-db、redis
[root@localhost harbor]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a5a208733981 goharbor/harbor-jobservice:v2.10.0 "/harbor/entrypoint.…" About a minute ago Restarting (2) 47 seconds ago harbor-jobservice
8fadce733e13 goharbor/nginx-photon:v2.10.0 "nginx -g 'daemon of…" About a minute ago Up About a minute (healthy) 0.0.0.0:8060->8080/tcp nginx
9479d9a96ddc goharbor/harbor-core:v2.10.0 "/harbor/entrypoint.…" About a minute ago Restarting (2) 47 seconds ago harbor-core
0dc5957bb816 goharbor/harbor-registryctl:v2.10.0 "/home/harbor/start.…" About a minute ago Restarting (2) 48 seconds ago registryctl
b6fc1e6c3e83 goharbor/harbor-portal:v2.10.0 "nginx -g 'daemon of…" About a minute ago Up About a minute (healthy) harbor-portal
a99c03dfa593 goharbor/registry-photon:v2.10.0 "/home/harbor/entryp…" About a minute ago Up About a minute (healthy) registry
3565aa115440 goharbor/harbor-db:v2.10.0 "/docker-entrypoint.…" About a minute ago Restarting (1) 48 seconds ago harbor-db
133f39c7da63 goharbor/redis-photon:v2.10.0 "redis-server /etc/r…" About a minute ago Restarting (1) 48 seconds ago redis
4bee3555ee0e goharbor/harbor-log:v2.10.0 "/bin/sh -c /usr/loc…" About a minute ago Up About a minute (healthy) 127.0.0.1:1514->10514/tcp harbor-log
6.3 查看日志信息docker logs -f 所有容器,均报错如下
Error response from daemon: configured logging driver does not support reading
6.4 网上资料查询,报错的问题可能有如下:
- docker版本太低,我的版本是19.03.8,官网要求至少20.10.10+,因为还有其他服务,所以先不升级docker版本
- Docker 守护进程配置的日志驱动程序不支持读取日志,我的docker驱动为"log-driver": "json-file",可以通过修改harbor 2.10.0的docker-compose.yaml中日志驱动logging项来解决此问题,并且加上了privileged: true来解决没有权限问题(修改所有服务的logging,示例如下:)
#源配置
logging:
driver: "syslog"
options:
syslog-address: "tcp://localhost:1514"
tag: "redis"
#修改后
logging:
driver: "json-file" # 修改此行为 json-file
options:
max-size: "100m"
tag: "redis"
privileged: true
- 修改后完整的harbor 2.10.0 版本的docker-compose.yaml文件
查看代码
[root@localhost harbor]# cat docker-compose.yml
version: '2.3'
services:
log:
image: goharbor/harbor-log:v2.10.0
container_name: harbor-log
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- DAC_OVERRIDE
- SETGID
- SETUID
volumes:
- /var/log/harbor/:/var/log/docker/:z
- type: bind
source: ./common/config/log/logrotate.conf
target: /etc/logrotate.d/logrotate.conf
- type: bind
source: ./common/config/log/rsyslog_docker.conf
target: /etc/rsyslog.d/rsyslog_docker.conf
ports:
- 127.0.0.1:1514:10514
networks:
- harbor
registry:
image: goharbor/registry-photon:v2.10.0
container_name: registry
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
volumes:
- /data/20250218/harbor_storage/registry:/storage:z
- ./common/config/registry/:/etc/registry/:z
- type: bind
source: /data/20250218/harbor_storage/secret/registry/root.crt
target: /etc/registry/root.crt
- type: bind
source: ./common/config/shared/trust-certificates
target: /harbor_cust_cert
networks:
- harbor
depends_on:
- log
logging:
#driver: "syslog"
#options:
# syslog-address: "tcp://localhost:1514"
# tag: "registry"
driver: "json-file" # 修改此行为 json-file
options:
max-size: "100m"
tag: "registry"
privileged: true
registryctl:
image: goharbor/harbor-registryctl:v2.10.0
container_name: registryctl
env_file:
- ./common/config/registryctl/env
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
volumes:
- /data/20250218/harbor_storage/registry:/storage:z
- ./common/config/registry/:/etc/registry/:z
- type: bind
source: ./common/config/registryctl/config.yml
target: /etc/registryctl/config.yml
- type: bind
source: ./common/config/shared/trust-certificates
target: /harbor_cust_cert
networks:
- harbor
depends_on:
- log
logging:
#driver: "syslog"
#options:
# syslog-address: "tcp://localhost:1514"
# tag: "registryctl"
driver: "json-file" # 修改此行为 json-file
options:
max-size: "100m"
tag: "registryctl"
privileged: true
postgresql:
image: goharbor/harbor-db:v2.10.0
container_name: harbor-db
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- DAC_OVERRIDE
- SETGID
- SETUID
volumes:
- /data/20250218/harbor_storage/database:/var/lib/postgresql/data:z
networks:
harbor:
env_file:
- ./common/config/db/env
depends_on:
- log
logging:
#driver: "syslog"
#options:
# syslog-address: "tcp://localhost:1514"
# tag: "postgresql"
driver: "json-file" # 修改此行为 json-file
options:
max-size: "100m"
tag: "postgresql"
privileged: true
shm_size: '1gb'
core:
image: goharbor/harbor-core:v2.10.0
container_name: harbor-core
env_file:
- ./common/config/core/env
restart: always
cap_drop:
- ALL
cap_add:
- SETGID
- SETUID
volumes:
- /data/20250218/harbor_storage/ca_download/:/etc/core/ca/:z
- /data/20250218/harbor_storage/:/data/:z
- ./common/config/core/certificates/:/etc/core/certificates/:z
- type: bind
source: ./common/config/core/app.conf
target: /etc/core/app.conf
- type: bind
source: /data/20250218/harbor_storage/secret/core/private_key.pem
target: /etc/core/private_key.pem
- type: bind
source: /data/20250218/harbor_storage/secret/keys/secretkey
target: /etc/core/key
- type: bind
source: ./common/config/shared/trust-certificates
target: /harbor_cust_cert
networks:
harbor:
depends_on:
- log
- registry
- redis
- postgresql
logging:
#driver: "syslog"
#options:
# syslog-address: "tcp://localhost:1514"
# tag: "core"
driver: "json-file" # 修改此行为 json-file
options:
max-size: "100m"
tag: "core"
privileged: true
portal:
image: goharbor/harbor-portal:v2.10.0
container_name: harbor-portal
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
- NET_BIND_SERVICE
volumes:
- type: bind
source: ./common/config/portal/nginx.conf
target: /etc/nginx/nginx.conf
networks:
- harbor
depends_on:
- log
logging:
#driver: "syslog"
#options:
# syslog-address: "tcp://localhost:1514"
# tag: "portal"
driver: "json-file" # 修改此行为 json-file
options:
max-size: "100m"
tag: "portal"
privileged: true
jobservice:
image: goharbor/harbor-jobservice:v2.10.0
container_name: harbor-jobservice
env_file:
- ./common/config/jobservice/env
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
volumes:
- /data/20250218/harbor_storage/job_logs:/var/log/jobs:z
- type: bind
source: ./common/config/jobservice/config.yml
target: /etc/jobservice/config.yml
- type: bind
source: ./common/config/shared/trust-certificates
target: /harbor_cust_cert
networks:
- harbor
depends_on:
- core
logging:
#driver: "syslog"
#options:
# syslog-address: "tcp://localhost:1514"
# tag: "jobservice"
driver: "json-file" # 修改此行为 json-file
options:
max-size: "100m"
tag: "jobservice"
privileged: true
redis:
image: goharbor/redis-photon:v2.10.0
container_name: redis
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
volumes:
- /data/20250218/harbor_storage/redis:/var/lib/redis
networks:
harbor:
depends_on:
- log
logging:
#driver: "syslog"
#options:
# syslog-address: "tcp://localhost:1514"
# tag: "redis"
driver: "json-file" # 修改此行为 json-file
options:
max-size: "100m"
tag: "redis"
privileged: true
proxy:
image: goharbor/nginx-photon:v2.10.0
container_name: nginx
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
- NET_BIND_SERVICE
volumes:
- ./common/config/nginx:/etc/nginx:z
- type: bind
source: ./common/config/shared/trust-certificates
target: /harbor_cust_cert
networks:
- harbor
ports:
- 8060:8080
depends_on:
- registry
- core
- portal
- log
logging:
#driver: "syslog"
#options:
# syslog-address: "tcp://localhost:1514"
# tag: "proxy"
driver: "json-file" # 修改此行为 json-file
options:
max-size: "100m"
tag: "proxy"
privileged: true
networks:
harbor:
external: false
6.5 删除harbor 2.10.0所有容器,重新运行
cd /data/20250218/harbor
#删除容器
docker-compose down
#重启docker daemon
systemctl daemon-reload
systemctl restart docker
#重新运行
docker-compose up -d
6.6 查看状态,已经全部正常
[root@localhost harbor]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
0d75b4eef798 goharbor/harbor-jobservice:v2.10.0 "/harbor/entrypoint.…" 25 minutes ago Up 25 minutes (healthy) harbor-jobservice
c0b2fba1cac9 goharbor/nginx-photon:v2.10.0 "nginx -g 'daemon of…" 25 minutes ago Up 25 minutes (healthy) 0.0.0.0:8060->8080/tcp nginx
d03de903df50 goharbor/harbor-core:v2.10.0 "/harbor/entrypoint.…" 25 minutes ago Up 25 minutes (healthy) harbor-core
a68699cd31d4 goharbor/harbor-registryctl:v2.10.0 "/home/harbor/start.…" 25 minutes ago Up 25 minutes (healthy) registryctl
7c04354770b6 goharbor/registry-photon:v2.10.0 "/home/harbor/entryp…" 25 minutes ago Up 25 minutes (healthy) registry
110c0e036989 goharbor/harbor-portal:v2.10.0 "nginx -g 'daemon of…" 25 minutes ago Up 25 minutes (healthy) harbor-portal
ebd1a378ac56 goharbor/harbor-db:v2.10.0 "/docker-entrypoint.…" 25 minutes ago Up 25 minutes (healthy) harbor-db
9ba8e4aecf41 goharbor/redis-photon:v2.10.0 "redis-server /etc/r…" 25 minutes ago Up 25 minutes (healthy) redis
667216c30cd7 goharbor/harbor-log:v2.10.0 "/bin/sh -c /usr/loc…" 25 minutes ago Up 25 minutes (healthy) 127.0.0.1:1514->10514/tcp harbor-log
6.7 验证版本是否正确
6.8 验证原数据是否正常
[root@node3 ~]# docker pull 172.16.4.60:8060/public/zer0tonin/mikochi:1.7.0
1.7.0: Pulling from public/zer0tonin/mikochi
54609b48ebc1: Pull complete
c6aa2b138745: Pull complete
7684a37b5b9c: Pull complete
60f723bf6d1a: Pull complete
Digest: sha256:2abb031525f58c8d88627afd30c18827125a795d1d92e35f83654f8e16e952bd
Status: Downloaded newer image for 172.16.4.60:8060/public/zer0tonin/mikochi:1.7.0
172.16.4.60:8060/public/zer0tonin/mikochi:1.7.0
可以正常拉取到,说明原数据正常,到此harbor就从2.8.0升级到2.10.0 !!!
7. 升级到 2.12.2
重复上述步骤,将安装包版本替换为 2.12.2。
从2.10.0升级到2.12.2版本按照2.8.0-2.10.0的方法即可
8.注意事项
每次升级后,建议检查日志文件(如 /var/log/harbor)以确保没有错误。
如果升级失败,可以使用备份文件回滚到之前的版本。
通过以上步骤,可以将 Harbor 从 2.6.4 逐步升级到 2.12.2。