1.harbor升级说明
- Harbor 升级过程需要按照官方推荐的升级路径逐步进行,不能直接跨版本升级。
- 此次是从Harbor 2.6.4 升级到 Harbor 2.12.2版本
- 单机版升级,Harbor服务器172.16.4.60
- docker版本19.03.8,
- /etc/docker/daemon.json
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},2.备份当前 Harbor 数据
- 在升级之前,备份harbor数据目录和主目录(配置文件所在目录),数据目录是自定义的,我的数据目录为:/data/20250218/harbor_storage,在harbor.yaml定义和查看
#备份harbor储存目录
cp -arfP /data/20250218/harbor_storage /data/20250218/harbor_storage_20250218_bak
#备份harbor主目录
cp -arfP /data/20250218/harbor /data/20250218/harbor_20250218_bak3.停止当前 Harbor 服务
[root@localhost ~]# cd /data/20250218/harbor
[root@localhost harbor]# ls
common common.sh docker-compose.yml harbor.v2.6.4.tar.gz harbor.yml harbor.yml.tmpl install.sh LICENSE prepare
[root@localhost harbor]# docker-compose down4.下载新版本的 Harbor 安装包
从 Harbor 官方 GitHub Release 页面 下载对应版本的离线安装包:
#github地址
https://github.com/goharbor/harbor/releases/
#下载版本
2.8.0 版本:harbor-offline-installer-v2.8.0.tgz
2.10.0 版本:harbor-offline-installer-v2.10.0.tgz
2.12.2 版本:harbor-offline-installer-v2.12.2.tgz5. 逐步升级 Harbor
5.1 升级到 2.8.0
- 解压安装包
tar zxf harbor-offline-installer-v2.8.0.tgz- 加载镜像
cd harbor
docker image load -i harbor.v2.8.0.tar.gz- 使用 prepare 工具升级配置文件 【/data/20250218/harbor/harbor.yml 是旧版本2.6.4的配置文件,这一步是要将旧版本2.6.4的harbor.yaml更新到2.8.0版本,后边会作为2.8.0版本的配置文件】,此步骤会覆盖2.6.4的旧harbor.yaml配置文件,所以要提前备好。
docker run -it --rm -v /:/hostfs goharbor/prepare:v2.8.0 migrate -i /data/20250218/harbor/harbor.yml#执行成功后返回
migrating to version 2.7.0
migrating to version 2.8.0
Written new values to /data/20250218/harbor/harbor.yml- 将旧的2.6.4的harbor目录移动到其他地方或改名,主要是为了目录规范
mv /data/20250218/harbor /data/20250218/harbor_2.6.4- 将解压后的harbor 2.8.0版本目录harbor拷贝到/data/20250218,主要是为了目录规范
mv harbor /data/20250218/- 将升级后的harbor.yaml文件拷贝到新的harbor 2.8.0的同级目录中作为配置文件,上边执行的(docker run -it --rm -v /:/hostfs goharbor/prepare:v2.8.0 migrate -i /data/20250218/harbor/harbor.yml)升级的配置文件
cp -faP /data/20250218/harbor_2.6.4/harbor.yaml /data/20250218/harbor- 运行新的2.8.0版本安装脚本
cd /data/20250218/harbor
./install.sh- 检查服务是否正常启动
--docker ps
[root@localhost harbor]# docker ps | grep goharbor
2f1f110eecb1 goharbor/harbor-jobservice:v2.8.0 "/harbor/entrypoint.…" About an hour ago Up About an hour (healthy) harbor-jobservice
6f84fbee2142 goharbor/nginx-photon:v2.8.0 "nginx -g 'daemon of…" About an hour ago Up About an hour (healthy) 0.0.0.0:8060->8080/tcp nginx
0157cf1e4a9b goharbor/harbor-core:v2.8.0 "/harbor/entrypoint.…" About an hour ago Up About an hour (healthy) harbor-core
27a96202ee7e goharbor/registry-photon:v2.8.0 "/home/harbor/entryp…" About an hour ago Up About an hour (healthy) registry
2ad04f25a7cf goharbor/harbor-registryctl:v2.8.0 "/home/harbor/start.…" About an hour ago Up About an hour (healthy) registryctl
d6c9256cd713 goharbor/redis-photon:v2.8.0 "redis-server /etc/r…" About an hour ago Up About an hour (healthy) redis
66d4a37433c3 goharbor/harbor-db:v2.8.0 "/docker-entrypoint.…" About an hour ago Up About an hour (healthy) harbor-db
c3e496780ed6 goharbor/harbor-portal:v2.8.0 "nginx -g 'daemon of…" About an hour ago Up About an hour (healthy) harbor-portal
384f17ee130f goharbor/harbor-log:v2.8.0 "/bin/sh -c /usr/loc…" About an hour ago Up About an hour (healthy) 127.0.0.1:1514->10514/tcp harbor-log
--登陆web界面看功能是否正常,并查看版本信息
--验证升级前的数据是否正常存在
6.升级到 2.10.0
6.1 重复上述步骤
重复上述步骤,将安装包版本替换为 2.10.0。6.2 执行完最后一步后,docker ps状态,有5个服务器启动失败,分别为harbor-jobservice、harbor-core、registryctl、harbor-db、redis
[root@localhost harbor]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a5a208733981 goharbor/harbor-jobservice:v2.10.0 "/harbor/entrypoint.…" About a minute ago Restarting (2) 47 seconds ago harbor-jobservice
8fadce733e13 goharbor/nginx-photon:v2.10.0 "nginx -g 'daemon of…" About a minute ago Up About a minute (healthy) 0.0.0.0:8060->8080/tcp nginx
9479d9a96ddc goharbor/harbor-core:v2.10.0 "/harbor/entrypoint.…" About a minute ago Restarting (2) 47 seconds ago harbor-core
0dc5957bb816 goharbor/harbor-registryctl:v2.10.0 "/home/harbor/start.…" About a minute ago Restarting (2) 48 seconds ago registryctl
b6fc1e6c3e83 goharbor/harbor-portal:v2.10.0 "nginx -g 'daemon of…" About a minute ago Up About a minute (healthy) harbor-portal
a99c03dfa593 goharbor/registry-photon:v2.10.0 "/home/harbor/entryp…" About a minute ago Up About a minute (healthy) registry
3565aa115440 goharbor/harbor-db:v2.10.0 "/docker-entrypoint.…" About a minute ago Restarting (1) 48 seconds ago harbor-db
133f39c7da63 goharbor/redis-photon:v2.10.0 "redis-server /etc/r…" About a minute ago Restarting (1) 48 seconds ago redis
4bee3555ee0e goharbor/harbor-log:v2.10.0 "/bin/sh -c /usr/loc…" About a minute ago Up About a minute (healthy) 127.0.0.1:1514->10514/tcp harbor-log6.3 查看日志信息docker logs -f 所有容器,均报错如下
Error response from daemon: configured logging driver does not support reading6.4 网上资料查询,报错的问题可能有如下:
- docker版本太低,我的版本是19.03.8,官网要求至少20.10.10+,因为还有其他服务,所以先不升级docker版本
- Docker 守护进程配置的日志驱动程序不支持读取日志,我的docker驱动为"log-driver": "json-file",可以通过修改harbor 2.10.0的docker-compose.yaml中日志驱动logging项来解决此问题,并且加上了privileged: true来解决没有权限问题(修改所有服务的logging,示例如下:)
#源配置
logging:driver: "syslog"options:syslog-address: "tcp://localhost:1514"tag: "redis"
#修改后
logging:driver: "json-file" # 修改此行为 json-fileoptions:max-size: "100m"tag: "redis"privileged: true- 修改后完整的harbor 2.10.0 版本的docker-compose.yaml文件
查看代码
[root@localhost harbor]# cat docker-compose.yml
version: '2.3'
services:log:image: goharbor/harbor-log:v2.10.0container_name: harbor-logrestart: alwayscap_drop:- ALLcap_add:- CHOWN- DAC_OVERRIDE- SETGID- SETUIDvolumes:- /var/log/harbor/:/var/log/docker/:z- type: bindsource: ./common/config/log/logrotate.conftarget: /etc/logrotate.d/logrotate.conf- type: bindsource: ./common/config/log/rsyslog_docker.conftarget: /etc/rsyslog.d/rsyslog_docker.confports:- 127.0.0.1:1514:10514networks:- harborregistry:image: goharbor/registry-photon:v2.10.0container_name: registryrestart: alwayscap_drop:- ALLcap_add:- CHOWN- SETGID- SETUIDvolumes:- /data/20250218/harbor_storage/registry:/storage:z- ./common/config/registry/:/etc/registry/:z- type: bindsource: /data/20250218/harbor_storage/secret/registry/root.crttarget: /etc/registry/root.crt- type: bindsource: ./common/config/shared/trust-certificatestarget: /harbor_cust_certnetworks:- harbordepends_on:- loglogging:#driver: "syslog"#options:# syslog-address: "tcp://localhost:1514"# tag: "registry"driver: "json-file" # 修改此行为 json-fileoptions:max-size: "100m"tag: "registry"privileged: trueregistryctl:image: goharbor/harbor-registryctl:v2.10.0container_name: registryctlenv_file:- ./common/config/registryctl/envrestart: alwayscap_drop:- ALLcap_add:- CHOWN- SETGID- SETUIDvolumes:- /data/20250218/harbor_storage/registry:/storage:z- ./common/config/registry/:/etc/registry/:z- type: bindsource: ./common/config/registryctl/config.ymltarget: /etc/registryctl/config.yml- type: bindsource: ./common/config/shared/trust-certificatestarget: /harbor_cust_certnetworks:- harbordepends_on:- loglogging:#driver: "syslog"#options:# syslog-address: "tcp://localhost:1514"# tag: "registryctl"driver: "json-file" # 修改此行为 json-fileoptions:max-size: "100m"tag: "registryctl"privileged: truepostgresql:image: goharbor/harbor-db:v2.10.0container_name: harbor-dbrestart: alwayscap_drop:- ALLcap_add:- CHOWN- DAC_OVERRIDE- SETGID- SETUIDvolumes:- /data/20250218/harbor_storage/database:/var/lib/postgresql/data:znetworks:harbor:env_file:- ./common/config/db/envdepends_on:- loglogging:#driver: "syslog"#options:# syslog-address: "tcp://localhost:1514"# tag: "postgresql"driver: "json-file" # 修改此行为 json-fileoptions:max-size: "100m"tag: "postgresql"privileged: trueshm_size: '1gb'core:image: goharbor/harbor-core:v2.10.0container_name: harbor-coreenv_file:- ./common/config/core/envrestart: alwayscap_drop:- ALLcap_add:- SETGID- SETUIDvolumes:- /data/20250218/harbor_storage/ca_download/:/etc/core/ca/:z- /data/20250218/harbor_storage/:/data/:z- ./common/config/core/certificates/:/etc/core/certificates/:z- type: bindsource: ./common/config/core/app.conftarget: /etc/core/app.conf- type: bindsource: /data/20250218/harbor_storage/secret/core/private_key.pemtarget: /etc/core/private_key.pem- type: bindsource: /data/20250218/harbor_storage/secret/keys/secretkeytarget: /etc/core/key- type: bindsource: ./common/config/shared/trust-certificatestarget: /harbor_cust_certnetworks:harbor:depends_on:- log- registry- redis- postgresqllogging:#driver: "syslog"#options:# syslog-address: "tcp://localhost:1514"# tag: "core"driver: "json-file" # 修改此行为 json-fileoptions:max-size: "100m"tag: "core"privileged: trueportal:image: goharbor/harbor-portal:v2.10.0container_name: harbor-portalrestart: alwayscap_drop:- ALLcap_add:- CHOWN- SETGID- SETUID- NET_BIND_SERVICEvolumes:- type: bindsource: ./common/config/portal/nginx.conftarget: /etc/nginx/nginx.confnetworks:- harbordepends_on:- loglogging:#driver: "syslog"#options:# syslog-address: "tcp://localhost:1514"# tag: "portal"driver: "json-file" # 修改此行为 json-fileoptions:max-size: "100m"tag: "portal"privileged: truejobservice:image: goharbor/harbor-jobservice:v2.10.0container_name: harbor-jobserviceenv_file:- ./common/config/jobservice/envrestart: alwayscap_drop:- ALLcap_add:- CHOWN- SETGID- SETUIDvolumes:- /data/20250218/harbor_storage/job_logs:/var/log/jobs:z- type: bindsource: ./common/config/jobservice/config.ymltarget: /etc/jobservice/config.yml- type: bindsource: ./common/config/shared/trust-certificatestarget: /harbor_cust_certnetworks:- harbordepends_on:- corelogging:#driver: "syslog"#options:# syslog-address: "tcp://localhost:1514"# tag: "jobservice"driver: "json-file" # 修改此行为 json-fileoptions:max-size: "100m"tag: "jobservice"privileged: trueredis:image: goharbor/redis-photon:v2.10.0container_name: redisrestart: alwayscap_drop:- ALLcap_add:- CHOWN- SETGID- SETUIDvolumes:- /data/20250218/harbor_storage/redis:/var/lib/redisnetworks:harbor:depends_on:- loglogging:#driver: "syslog"#options:# syslog-address: "tcp://localhost:1514"# tag: "redis"driver: "json-file" # 修改此行为 json-fileoptions:max-size: "100m"tag: "redis"privileged: trueproxy:image: goharbor/nginx-photon:v2.10.0container_name: nginxrestart: alwayscap_drop:- ALLcap_add:- CHOWN- SETGID- SETUID- NET_BIND_SERVICEvolumes:- ./common/config/nginx:/etc/nginx:z- type: bindsource: ./common/config/shared/trust-certificatestarget: /harbor_cust_certnetworks:- harborports:- 8060:8080depends_on:- registry- core- portal- loglogging:#driver: "syslog"#options:# syslog-address: "tcp://localhost:1514"# tag: "proxy"driver: "json-file" # 修改此行为 json-fileoptions:max-size: "100m"tag: "proxy"privileged: true
networks:harbor:external: false6.5 删除harbor 2.10.0所有容器,重新运行
cd /data/20250218/harbor
#删除容器
docker-compose down
#重启docker daemon
systemctl daemon-reload
systemctl restart docker
#重新运行
docker-compose up -d6.6 查看状态,已经全部正常
[root@localhost harbor]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
0d75b4eef798 goharbor/harbor-jobservice:v2.10.0 "/harbor/entrypoint.…" 25 minutes ago Up 25 minutes (healthy) harbor-jobservice
c0b2fba1cac9 goharbor/nginx-photon:v2.10.0 "nginx -g 'daemon of…" 25 minutes ago Up 25 minutes (healthy) 0.0.0.0:8060->8080/tcp nginx
d03de903df50 goharbor/harbor-core:v2.10.0 "/harbor/entrypoint.…" 25 minutes ago Up 25 minutes (healthy) harbor-core
a68699cd31d4 goharbor/harbor-registryctl:v2.10.0 "/home/harbor/start.…" 25 minutes ago Up 25 minutes (healthy) registryctl
7c04354770b6 goharbor/registry-photon:v2.10.0 "/home/harbor/entryp…" 25 minutes ago Up 25 minutes (healthy) registry
110c0e036989 goharbor/harbor-portal:v2.10.0 "nginx -g 'daemon of…" 25 minutes ago Up 25 minutes (healthy) harbor-portal
ebd1a378ac56 goharbor/harbor-db:v2.10.0 "/docker-entrypoint.…" 25 minutes ago Up 25 minutes (healthy) harbor-db
9ba8e4aecf41 goharbor/redis-photon:v2.10.0 "redis-server /etc/r…" 25 minutes ago Up 25 minutes (healthy) redis
667216c30cd7 goharbor/harbor-log:v2.10.0 "/bin/sh -c /usr/loc…" 25 minutes ago Up 25 minutes (healthy) 127.0.0.1:1514->10514/tcp harbor-log6.7 验证版本是否正确
6.8 验证原数据是否正常
[root@node3 ~]# docker pull 172.16.4.60:8060/public/zer0tonin/mikochi:1.7.0
1.7.0: Pulling from public/zer0tonin/mikochi
54609b48ebc1: Pull complete
c6aa2b138745: Pull complete
7684a37b5b9c: Pull complete
60f723bf6d1a: Pull complete
Digest: sha256:2abb031525f58c8d88627afd30c18827125a795d1d92e35f83654f8e16e952bd
Status: Downloaded newer image for 172.16.4.60:8060/public/zer0tonin/mikochi:1.7.0
172.16.4.60:8060/public/zer0tonin/mikochi:1.7.0可以正常拉取到,说明原数据正常,到此harbor就从2.8.0升级到2.10.0 !!!
7. 升级到 2.12.2
重复上述步骤,将安装包版本替换为 2.12.2。从2.10.0升级到2.12.2版本按照2.8.0-2.10.0的方法即可
8.注意事项
每次升级后,建议检查日志文件(如 /var/log/harbor)以确保没有错误。
如果升级失败,可以使用备份文件回滚到之前的版本。
通过以上步骤,可以将 Harbor 从 2.6.4 逐步升级到 2.12.2。
