harbor升级(最详细记录)

1.harbor升级说明

  • Harbor 升级过程需要按照官方推荐的升级路径逐步进行,不能直接跨版本升级。
  • 此次是从Harbor 2.6.4 升级到 Harbor 2.12.2版本
  • 单机版升级,Harbor服务器172.16.4.60
  • docker版本19.03.8,
  • /etc/docker/daemon.json
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},

2.备份当前 Harbor 数据

  • 在升级之前,备份harbor数据目录和主目录(配置文件所在目录),数据目录是自定义的,我的数据目录为:/data/20250218/harbor_storage,在harbor.yaml定义和查看
#备份harbor储存目录
cp -arfP /data/20250218/harbor_storage /data/20250218/harbor_storage_20250218_bak
#备份harbor主目录
cp -arfP /data/20250218/harbor /data/20250218/harbor_20250218_bak

 3.停止当前 Harbor 服务

[root@localhost ~]# cd /data/20250218/harbor
[root@localhost harbor]# ls 
common  common.sh  docker-compose.yml  harbor.v2.6.4.tar.gz  harbor.yml  harbor.yml.tmpl  install.sh  LICENSE  prepare
[root@localhost harbor]# docker-compose down

4.下载新版本的 Harbor 安装包

从 Harbor 官方 GitHub Release 页面 下载对应版本的离线安装包:
#github地址
https://github.com/goharbor/harbor/releases/
#下载版本
2.8.0 版本:harbor-offline-installer-v2.8.0.tgz
2.10.0 版本:harbor-offline-installer-v2.10.0.tgz
2.12.2 版本:harbor-offline-installer-v2.12.2.tgz

5. 逐步升级 Harbor

5.1 升级到 2.8.0

  • 解压安装包
tar zxf harbor-offline-installer-v2.8.0.tgz
  • 加载镜像
cd harbor
docker image load -i harbor.v2.8.0.tar.gz
  • 使用 prepare 工具升级配置文件 【/data/20250218/harbor/harbor.yml 是旧版本2.6.4的配置文件,这一步是要将旧版本2.6.4的harbor.yaml更新到2.8.0版本,后边会作为2.8.0版本的配置文件】,此步骤会覆盖2.6.4的旧harbor.yaml配置文件,所以要提前备好。
docker run -it --rm -v /:/hostfs goharbor/prepare:v2.8.0 migrate -i /data/20250218/harbor/harbor.yml
#执行成功后返回
migrating to version 2.7.0
migrating to version 2.8.0
Written new values to /data/20250218/harbor/harbor.yml
  • 将旧的2.6.4的harbor目录移动到其他地方或改名,主要是为了目录规范
mv /data/20250218/harbor /data/20250218/harbor_2.6.4
  • 将解压后的harbor 2.8.0版本目录harbor拷贝到/data/20250218,主要是为了目录规范
mv harbor /data/20250218/
  • 将升级后的harbor.yaml文件拷贝到新的harbor 2.8.0的同级目录中作为配置文件,上边执行的(docker run -it --rm -v /:/hostfs goharbor/prepare:v2.8.0 migrate -i /data/20250218/harbor/harbor.yml)升级的配置文件
cp -faP /data/20250218/harbor_2.6.4/harbor.yaml /data/20250218/harbor
  • 运行新的2.8.0版本安装脚本
cd /data/20250218/harbor
./install.sh
  • 检查服务是否正常启动

     --docker ps

[root@localhost harbor]# docker ps | grep goharbor
2f1f110eecb1        goharbor/harbor-jobservice:v2.8.0                    "/harbor/entrypoint.…"   About an hour ago   Up About an hour (healthy)                               harbor-jobservice
6f84fbee2142        goharbor/nginx-photon:v2.8.0                         "nginx -g 'daemon of…"   About an hour ago   Up About an hour (healthy)   0.0.0.0:8060->8080/tcp      nginx
0157cf1e4a9b        goharbor/harbor-core:v2.8.0                          "/harbor/entrypoint.…"   About an hour ago   Up About an hour (healthy)                               harbor-core
27a96202ee7e        goharbor/registry-photon:v2.8.0                      "/home/harbor/entryp…"   About an hour ago   Up About an hour (healthy)                               registry
2ad04f25a7cf        goharbor/harbor-registryctl:v2.8.0                   "/home/harbor/start.…"   About an hour ago   Up About an hour (healthy)                               registryctl
d6c9256cd713        goharbor/redis-photon:v2.8.0                         "redis-server /etc/r…"   About an hour ago   Up About an hour (healthy)                               redis
66d4a37433c3        goharbor/harbor-db:v2.8.0                            "/docker-entrypoint.…"   About an hour ago   Up About an hour (healthy)                               harbor-db
c3e496780ed6        goharbor/harbor-portal:v2.8.0                        "nginx -g 'daemon of…"   About an hour ago   Up About an hour (healthy)                               harbor-portal
384f17ee130f        goharbor/harbor-log:v2.8.0                           "/bin/sh -c /usr/loc…"   About an hour ago   Up About an hour (healthy)   127.0.0.1:1514->10514/tcp   harbor-log

 

    --登陆web界面看功能是否正常,并查看版本信息

    --验证升级前的数据是否正常存在

6.升级到 2.10.0

6.1 重复上述步骤

重复上述步骤,将安装包版本替换为 2.10.0。

6.2 执行完最后一步后,docker ps状态,有5个服务器启动失败,分别为harbor-jobservice、harbor-core、registryctl、harbor-db、redis

[root@localhost harbor]# docker ps 
CONTAINER ID        IMAGE                                                COMMAND                  CREATED              STATUS                          PORTS                       NAMES
a5a208733981        goharbor/harbor-jobservice:v2.10.0                   "/harbor/entrypoint.…"   About a minute ago   Restarting (2) 47 seconds ago                               harbor-jobservice
8fadce733e13        goharbor/nginx-photon:v2.10.0                        "nginx -g 'daemon of…"   About a minute ago   Up About a minute (healthy)     0.0.0.0:8060->8080/tcp      nginx
9479d9a96ddc        goharbor/harbor-core:v2.10.0                         "/harbor/entrypoint.…"   About a minute ago   Restarting (2) 47 seconds ago                               harbor-core
0dc5957bb816        goharbor/harbor-registryctl:v2.10.0                  "/home/harbor/start.…"   About a minute ago   Restarting (2) 48 seconds ago                               registryctl
b6fc1e6c3e83        goharbor/harbor-portal:v2.10.0                       "nginx -g 'daemon of…"   About a minute ago   Up About a minute (healthy)                                 harbor-portal
a99c03dfa593        goharbor/registry-photon:v2.10.0                     "/home/harbor/entryp…"   About a minute ago   Up About a minute (healthy)                                 registry
3565aa115440        goharbor/harbor-db:v2.10.0                           "/docker-entrypoint.…"   About a minute ago   Restarting (1) 48 seconds ago                               harbor-db
133f39c7da63        goharbor/redis-photon:v2.10.0                        "redis-server /etc/r…"   About a minute ago   Restarting (1) 48 seconds ago                               redis
4bee3555ee0e        goharbor/harbor-log:v2.10.0                          "/bin/sh -c /usr/loc…"   About a minute ago   Up About a minute (healthy)     127.0.0.1:1514->10514/tcp   harbor-log

6.3 查看日志信息docker logs -f 所有容器,均报错如下

Error response from daemon: configured logging driver does not support reading

 6.4 网上资料查询,报错的问题可能有如下:

  • docker版本太低,我的版本是19.03.8,官网要求至少20.10.10+,因为还有其他服务,所以先不升级docker版本
  • Docker 守护进程配置的日志驱动程序不支持读取日志,我的docker驱动为"log-driver": "json-file",可以通过修改harbor 2.10.0的docker-compose.yaml中日志驱动logging项来解决此问题,并且加上了privileged: true来解决没有权限问题(修改所有服务的logging,示例如下:)
#源配置
logging:
      driver: "syslog"
      options:
        syslog-address: "tcp://localhost:1514"
        tag: "redis"
#修改后
logging:
      driver: "json-file"  # 修改此行为 json-file
      options:
        max-size: "100m"
        tag: "redis"
    privileged: true
  • 修改后完整的harbor 2.10.0 版本的docker-compose.yaml文件
查看代码
[root@localhost harbor]# cat docker-compose.yml 
version: '2.3'
services:
  log:
    image: goharbor/harbor-log:v2.10.0
    container_name: harbor-log
    restart: always
    cap_drop:
      - ALL
    cap_add:
      - CHOWN
      - DAC_OVERRIDE
      - SETGID
      - SETUID
    volumes:
      - /var/log/harbor/:/var/log/docker/:z
      - type: bind
        source: ./common/config/log/logrotate.conf
        target: /etc/logrotate.d/logrotate.conf
      - type: bind
        source: ./common/config/log/rsyslog_docker.conf
        target: /etc/rsyslog.d/rsyslog_docker.conf
    ports:
      - 127.0.0.1:1514:10514
    networks:
      - harbor
  registry:
    image: goharbor/registry-photon:v2.10.0
    container_name: registry
    restart: always
    cap_drop:
      - ALL
    cap_add:
      - CHOWN
      - SETGID
      - SETUID
    volumes:
      - /data/20250218/harbor_storage/registry:/storage:z
      - ./common/config/registry/:/etc/registry/:z
      - type: bind
        source: /data/20250218/harbor_storage/secret/registry/root.crt
        target: /etc/registry/root.crt
      - type: bind
        source: ./common/config/shared/trust-certificates
        target: /harbor_cust_cert
    networks:
      - harbor
    depends_on:
      - log
    logging:
      #driver: "syslog"
      #options:
      #  syslog-address: "tcp://localhost:1514"
      #  tag: "registry"
      driver: "json-file"  # 修改此行为 json-file
      options:
        max-size: "100m"
        tag: "registry"
    privileged: true

  registryctl:
    image: goharbor/harbor-registryctl:v2.10.0
    container_name: registryctl
    env_file:
      - ./common/config/registryctl/env
    restart: always
    cap_drop:
      - ALL
    cap_add:
      - CHOWN
      - SETGID
      - SETUID
    volumes:
      - /data/20250218/harbor_storage/registry:/storage:z
      - ./common/config/registry/:/etc/registry/:z
      - type: bind
        source: ./common/config/registryctl/config.yml
        target: /etc/registryctl/config.yml
      - type: bind
        source: ./common/config/shared/trust-certificates
        target: /harbor_cust_cert
    networks:
      - harbor
    depends_on:
      - log
    logging:
      #driver: "syslog"
      #options:
      #  syslog-address: "tcp://localhost:1514"
      #  tag: "registryctl"
      driver: "json-file"  # 修改此行为 json-file
      options:
        max-size: "100m"
        tag: "registryctl"
    privileged: true

  postgresql:
    image: goharbor/harbor-db:v2.10.0
    container_name: harbor-db
    restart: always
    cap_drop:
      - ALL
    cap_add:
      - CHOWN
      - DAC_OVERRIDE
      - SETGID
      - SETUID
    volumes:
      - /data/20250218/harbor_storage/database:/var/lib/postgresql/data:z
    networks:
      harbor:
    env_file:
      - ./common/config/db/env
    depends_on:
      - log
    logging:
      #driver: "syslog"
      #options:
      #  syslog-address: "tcp://localhost:1514"
      #  tag: "postgresql"
      driver: "json-file"  # 修改此行为 json-file
      options:
        max-size: "100m"
        tag: "postgresql"
    privileged: true
    shm_size: '1gb'
  core:
    image: goharbor/harbor-core:v2.10.0
    container_name: harbor-core
    env_file:
      - ./common/config/core/env
    restart: always
    cap_drop:
      - ALL
    cap_add:
      - SETGID
      - SETUID
    volumes:
      - /data/20250218/harbor_storage/ca_download/:/etc/core/ca/:z
      - /data/20250218/harbor_storage/:/data/:z
      - ./common/config/core/certificates/:/etc/core/certificates/:z
      - type: bind
        source: ./common/config/core/app.conf
        target: /etc/core/app.conf
      - type: bind
        source: /data/20250218/harbor_storage/secret/core/private_key.pem
        target: /etc/core/private_key.pem
      - type: bind
        source: /data/20250218/harbor_storage/secret/keys/secretkey
        target: /etc/core/key
      - type: bind
        source: ./common/config/shared/trust-certificates
        target: /harbor_cust_cert
    networks:
      harbor:
    depends_on:
      - log
      - registry
      - redis
      - postgresql
    logging:
      #driver: "syslog"
      #options:
      #  syslog-address: "tcp://localhost:1514"
      #  tag: "core"
      driver: "json-file"  # 修改此行为 json-file
      options:
        max-size: "100m"
        tag: "core"
    privileged: true

  portal:
    image: goharbor/harbor-portal:v2.10.0
    container_name: harbor-portal
    restart: always
    cap_drop:
      - ALL
    cap_add:
      - CHOWN
      - SETGID
      - SETUID
      - NET_BIND_SERVICE
    volumes:
      - type: bind
        source: ./common/config/portal/nginx.conf
        target: /etc/nginx/nginx.conf
    networks:
      - harbor
    depends_on:
      - log
    logging:
      #driver: "syslog"
      #options:
      #  syslog-address: "tcp://localhost:1514"
      #  tag: "portal"
      driver: "json-file"  # 修改此行为 json-file
      options:
        max-size: "100m"
        tag: "portal"
    privileged: true

  jobservice:
    image: goharbor/harbor-jobservice:v2.10.0
    container_name: harbor-jobservice
    env_file:
      - ./common/config/jobservice/env
    restart: always
    cap_drop:
      - ALL
    cap_add:
      - CHOWN
      - SETGID
      - SETUID
    volumes:
      - /data/20250218/harbor_storage/job_logs:/var/log/jobs:z
      - type: bind
        source: ./common/config/jobservice/config.yml
        target: /etc/jobservice/config.yml
      - type: bind
        source: ./common/config/shared/trust-certificates
        target: /harbor_cust_cert
    networks:
      - harbor
    depends_on:
      - core
    logging:
      #driver: "syslog"
      #options:
      #  syslog-address: "tcp://localhost:1514"
      #  tag: "jobservice"
      driver: "json-file"  # 修改此行为 json-file
      options:
        max-size: "100m"
        tag: "jobservice"
    privileged: true

  redis:
    image: goharbor/redis-photon:v2.10.0
    container_name: redis
    restart: always
    cap_drop:
      - ALL
    cap_add:
      - CHOWN
      - SETGID
      - SETUID
    volumes:
      - /data/20250218/harbor_storage/redis:/var/lib/redis
    networks:
      harbor:
    depends_on:
      - log
    logging:
      #driver: "syslog"
      #options:
      #  syslog-address: "tcp://localhost:1514"
      #  tag: "redis"
      driver: "json-file"  # 修改此行为 json-file
      options:
        max-size: "100m"
        tag: "redis"
    privileged: true

  proxy:
    image: goharbor/nginx-photon:v2.10.0
    container_name: nginx
    restart: always
    cap_drop:
      - ALL
    cap_add:
      - CHOWN
      - SETGID
      - SETUID
      - NET_BIND_SERVICE
    volumes:
      - ./common/config/nginx:/etc/nginx:z
      - type: bind
        source: ./common/config/shared/trust-certificates
        target: /harbor_cust_cert
    networks:
      - harbor
    ports:
      - 8060:8080
    depends_on:
      - registry
      - core
      - portal
      - log
    logging:
      #driver: "syslog"
      #options:
      #  syslog-address: "tcp://localhost:1514"
      #  tag: "proxy"
      driver: "json-file"  # 修改此行为 json-file
      options:
        max-size: "100m"
        tag: "proxy"
    privileged: true
networks:
  harbor:
    external: false

6.5 删除harbor 2.10.0所有容器,重新运行

cd /data/20250218/harbor
#删除容器
docker-compose down 
#重启docker daemon
systemctl daemon-reload
systemctl restart docker
#重新运行
docker-compose up -d

6.6 查看状态,已经全部正常

[root@localhost harbor]# docker ps 
CONTAINER ID        IMAGE                                                COMMAND                  CREATED             STATUS                    PORTS                       NAMES
0d75b4eef798        goharbor/harbor-jobservice:v2.10.0                   "/harbor/entrypoint.…"   25 minutes ago      Up 25 minutes (healthy)                               harbor-jobservice
c0b2fba1cac9        goharbor/nginx-photon:v2.10.0                        "nginx -g 'daemon of…"   25 minutes ago      Up 25 minutes (healthy)   0.0.0.0:8060->8080/tcp      nginx
d03de903df50        goharbor/harbor-core:v2.10.0                         "/harbor/entrypoint.…"   25 minutes ago      Up 25 minutes (healthy)                               harbor-core
a68699cd31d4        goharbor/harbor-registryctl:v2.10.0                  "/home/harbor/start.…"   25 minutes ago      Up 25 minutes (healthy)                               registryctl
7c04354770b6        goharbor/registry-photon:v2.10.0                     "/home/harbor/entryp…"   25 minutes ago      Up 25 minutes (healthy)                               registry
110c0e036989        goharbor/harbor-portal:v2.10.0                       "nginx -g 'daemon of…"   25 minutes ago      Up 25 minutes (healthy)                               harbor-portal
ebd1a378ac56        goharbor/harbor-db:v2.10.0                           "/docker-entrypoint.…"   25 minutes ago      Up 25 minutes (healthy)                               harbor-db
9ba8e4aecf41        goharbor/redis-photon:v2.10.0                        "redis-server /etc/r…"   25 minutes ago      Up 25 minutes (healthy)                               redis
667216c30cd7        goharbor/harbor-log:v2.10.0                          "/bin/sh -c /usr/loc…"   25 minutes ago      Up 25 minutes (healthy)   127.0.0.1:1514->10514/tcp   harbor-log

 6.7 验证版本是否正确

6.8 验证原数据是否正常

[root@node3 ~]# docker pull 172.16.4.60:8060/public/zer0tonin/mikochi:1.7.0
1.7.0: Pulling from public/zer0tonin/mikochi
54609b48ebc1: Pull complete 
c6aa2b138745: Pull complete 
7684a37b5b9c: Pull complete 
60f723bf6d1a: Pull complete 
Digest: sha256:2abb031525f58c8d88627afd30c18827125a795d1d92e35f83654f8e16e952bd
Status: Downloaded newer image for 172.16.4.60:8060/public/zer0tonin/mikochi:1.7.0
172.16.4.60:8060/public/zer0tonin/mikochi:1.7.0

可以正常拉取到,说明原数据正常,到此harbor就从2.8.0升级到2.10.0 !!!

7. 升级到 2.12.2

重复上述步骤,将安装包版本替换为 2.12.2。

从2.10.0升级到2.12.2版本按照2.8.0-2.10.0的方法即可

8.注意事项

每次升级后,建议检查日志文件(如 /var/log/harbor)以确保没有错误。

如果升级失败,可以使用备份文件回滚到之前的版本。

通过以上步骤,可以将 Harbor 从 2.6.4 逐步升级到 2.12.2。

 

posted @ 2025-02-19 19:52  Leonardo-li  阅读(964)  评论(0)    收藏  举报