https的harbor部署與升級(jí)實(shí)現(xiàn)過(guò)程

更新時(shí)間：2025年09月22日 09:55:15 作者：還行少年

文章簡(jiǎn)要介紹了Harbor的部署與升級(jí)流程：包括安裝Docker、配置HTTPS、部署Harbor及測(cè)試；小版本升級(jí)需備份后替換；大版本升級(jí)則需額外注意兼容性,同樣執(zhí)行備份、替換和測(cè)試操作

一、部署harbor

1、安裝docker

#永久關(guān)閉selinux，需要重啟
sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
setenforce 0

#關(guān)閉防火墻并設(shè)為開機(jī)不自啟，然后顯示狀態(tài)
systemctl stop firewalld.service &> /dev/null
systemctl disable firewalld.service &> /dev/null

#配置yum源安裝需要的組件
yum install -y yum-utils device-mapper-persistent-data  lvm2
sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo

#查看docker版本
yum list docker-ce --showduplicates

#安裝最新的穩(wěn)定版本
yum install 3:docker-ce-20.10.17-3.el7.x86_64 -y

#配置鏡像加速、鏡像倉(cāng)庫(kù)、docker數(shù)據(jù)存儲(chǔ)路徑
sudo mkdir -p /etc/docker
sudo tee /etc/docker/daemon.json <<-'EOF'
{
  "registry-mirrors": ["https://7w5yqlyj.mirror.aliyuncs.com"],
  "insecure-registries": ["http://docker.hanweb.com"],
  "graph": "/data/dockerdata/docker"  
}
EOF

#啟動(dòng)docker
sudo systemctl daemon-reload
sudo systemctl start docker
systemctl enable docker

2、配置對(duì)Harbor的HTTPS訪問(wèn)(可忽略)

#生成CA證書私鑰
openssl genrsa -out ca.key 4096

#生成CA證書
 openssl req -x509 -new -nodes -sha512 -days 3650 -subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=harbor.com" -key ca.key -out ca.crt

#生成服務(wù)器證書私鑰
openssl genrsa -out harbor.com.key 4096

#生成證書簽名請(qǐng)求
openssl req -sha512 -new -subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=harbor.com" -key harbor.com.key -out harbor.com.csr

#生成 x509 v3 擴(kuò)展文件
cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1=harbor.com
DNS.2=harbor
EOF

#使用該v3.ext文件為Harbor主機(jī)生成證書
openssl x509 -req -sha512 -days 3650  -extfile v3.ext  -CA ca.crt -CAkey ca.key -CAcreateserial -in harbor.com.csr -out harbor.com.crt

#將crt文件轉(zhuǎn)成cert文件供docker使用
openssl x509 -inform PEM -in harbor.com.crt -out harbor.com.cert

#將服務(wù)器證書、密鑰和 CA 文件復(fù)制到 Harbor 主機(jī)上的 Docker 證書文件夾中
cp harbor.com.cert harbor.com.key ca.crt /etc/docker/certs.d/harbor.com/

#重啟docker
systemctl restart docker

3、安裝docker-compose

#下載docker-compose
https://github.com/docker/compose/releases/download/v2.10.2/docker-compose-linux-x86_64

#移動(dòng)到/usr/loacl/bin下，并賦權(quán)
mv docker-compose-linux-x86_64 /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose

4、安裝harbor

#下載安裝包
wget https://github.com/goharbor/harbor/releases/download/v1.8.6/harbor-offline-installer-v1.8.6.tgz

#解壓
tar xf harbor-offline-installer-v1.8.6.tgz 

#創(chuàng)建harbor數(shù)據(jù)目錄
mkdir /data/harbor

#修改配置文件
grep -v "#" harbor.yml | sed '/^[  ]*$/d'

hostname: harbor.com
http:
  port: 80
https:
  port: 443
  certificate: /data/cert/harbor.com.crt
  private_key: /data/cert/harbor.com.key
harbor_admin_password: Harbor12345
database:
  password: root123
data_volume: /data/harbor
clair: 
  updaters_interval: 12
  http_proxy:
  https_proxy:
  no_proxy: 127.0.0.1,localhost,core,registry
jobservice:
  max_job_workers: 10
chart:
  absolute_url: disabled
log:
  level: info
  rotate_count: 50
  rotate_size: 200M
  location: /var/log/harbor
_version: 1.8.0

#運(yùn)行安裝腳本
 ./install.sh

5、測(cè)試

[root@harbor harbor]# docker login https://harbor.com
Username: admin
Password: 
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

[root@harbor harbor]# docker pull cirros
Using default tag: latest
latest: Pulling from library/cirros
d0b405be7a32: Pull complete 
bd054094a037: Pull complete 
c6a00de1ec8a: Pull complete 
Digest: sha256:1e695eb2772a2b511ccab70091962d1efb9501fdca804eb1d52d21c0933e7f47
Status: Downloaded newer image for cirros:latest
docker.io/library/cirros:latest

[root@harbor harbor]# docker tag cirros:latest harbor.com/public/cirros:test

[root@harbor harbor]# docker push harbor.com/public/cirros:test 
The push refers to repository [harbor.com/public/cirros]
984ad441ec3d: Pushed 
f0a496d92efa: Pushed 
e52d19c3bee2: Pushed 
test: digest: sha256:483f15ac97d03dc3d4dcf79cf71ded2e099cf76c340f3fdd0b3670a40a198a22 size: 943

二、harbor小版本升級(jí)

1、停止當(dāng)前harbor實(shí)例、并備份

#停止harbor實(shí)例
docker-compose ps

#備份harbor
mkdir back_harbor
mv harbor back_harbor/harbor1.8.6

#備份數(shù)據(jù)庫(kù)
mkdir /data/harbor1.8.6
cp -r /data/harbor/* /data/harbor1.8.6/

2、安裝新版本harbor

#下載新版本安裝包
wget https://github.com/goharbor/harbor/releases/download/v1.10.7/harbor-offline-installer-v1.10.7.tgz

#解壓安裝包
tar xf harbor-offline-installer-v1.10.7.tgz 
cd harbor

#導(dǎo)入新版鏡像
docker load -i harbor.v1.10.7.tar.gz

#升級(jí)harbor.yml文件
cp -a /opt/back_harbor/harbor1.8.6/harbor.yml /data/
docker run -it --rm  -v  /data/harbor.yml:/harbor-migration/harbor-cfg/harbor.yml goharbor/harbor-migrator:v1.10.7  --cfg up

#使用新harbor.yml啟動(dòng)
cp -a /data/harbor.yml /opt/harbor
./install.sh

3、測(cè)試

[root@harbor harbor]# docker rmi harbor.com/public/cirros:test 
Untagged: harbor.com/public/cirros:test
Untagged: harbor.com/public/cirros@sha256:483f15ac97d03dc3d4dcf79cf71ded2e099cf76c340f3fdd0b3670a40a198a22

[root@harbor harbor]# docker pull harbor.com/public/cirros:test
test: Pulling from public/cirros
Digest: sha256:483f15ac97d03dc3d4dcf79cf71ded2e099cf76c340f3fdd0b3670a40a198a22
Status: Downloaded newer image for harbor.com/public/cirros:test
harbor.com/public/cirros:test

[root@harbor harbor]# docker tag harbor.com/public/cirros:test harbor.com/public/cirros:test2
[root@harbor harbor]# docker login harbor.com
Authenticating with existing credentials...
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded
[root@harbor harbor]# docker push harbor.com/public/cirros:test2
The push refers to repository [harbor.com/public/cirros]
984ad441ec3d: Layer already exists 
f0a496d92efa: Layer already exists 
e52d19c3bee2: Layer already exists 
test2: digest: sha256:483f15ac97d03dc3d4dcf79cf71ded2e099cf76c340f3fdd0b3670a40a198a22 size: 943

4、回退

#停止harbor
docker-compose down

#刪除當(dāng)前habror實(shí)例
cd ..
rm -rf harbor

#恢復(fù)舊版本數(shù)據(jù)庫(kù)
rm -rf /data/harbor
mv /data/harbor1.8.6 /data/harbor

#重新安裝harbor
cd harbor
./install.sh

三、大版本升級(jí)

1、停止當(dāng)前harbor實(shí)例、并備份

#停止harbor實(shí)例
docker-compose down

#備份harbor
mkdir back_harbor
mv harbor back_harbor/harbor1.10.7

#備份數(shù)據(jù)庫(kù)
mkdir /data/harbor1.10.7
cp -r /data/harbor/* /data/harbor1.10.7/

2、安裝新版本harbor

#下載新版本安裝包
wget https://github.com/goharbor/harbor/releases/download/v2.6.0/harbor-offline-installer-v2.6.0.tgz

#解壓安裝包
tar xf harbor-offline-installer-v2.6.0.tgz 
cd harbor

#導(dǎo)入新版鏡像
docker load -i harbor.v2.6.0.tar.gz

#升級(jí)harbor.yml文件
docker run -it --rm -v /:/hostfs goharbor/prepare:v2.6.0 migrate -i /opt/back_harbor/harbor1.10.7/harbor.yml -o /data/harbor.yml

#使用新harbor.yml啟動(dòng)
cp -a /data/harbor.yml /opt/harbor
./install.sh

3、測(cè)試

[root@harbor harbor]# docker tag harbor.com/public/cirros:test harbor.com/public/cirros:test3
[root@harbor harbor]# docker login harbor.com
Authenticating with existing credentials...
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded
[root@harbor harbor]# docker push harbor.com/public/cirros
harbor.com/public/cirros        harbor.com/public/cirros:test   harbor.com/public/cirros:test2  harbor.com/public/cirros:test3  
[root@harbor harbor]# docker push harbor.com/public/cirros:test3
The push refers to repository [harbor.com/public/cirros]
984ad441ec3d: Layer already exists 
f0a496d92efa: Layer already exists 
e52d19c3bee2: Layer already exists 
test3: digest: sha256:483f15ac97d03dc3d4dcf79cf71ded2e099cf76c340f3fdd0b3670a40a198a22 size: 943
[root@harbor harbor]# docker rmi harbor.com/public/cirros:test3
Untagged: harbor.com/public/cirros:test3
[root@harbor harbor]# docker pull harbor.com/public/cirros:test3
test3: Pulling from public/cirros
Digest: sha256:483f15ac97d03dc3d4dcf79cf71ded2e099cf76c340f3fdd0b3670a40a198a22
Status: Downloaded newer image for harbor.com/public/cirros:test3
harbor.com/public/cirros:test3

總結(jié)

以上為個(gè)人經(jīng)驗(yàn)，希望能給大家一個(gè)參考，也希望大家多多支持腳本之家。

您可能感興趣的文章:

国产无遮挡裸体免费直播视频,久久精品国产蜜臀av,动漫在线视频一区二区,欧亚日韩一区二区三区,久艹在线免费视频,国产精品美女网站免费,正在播放 97超级视频在线观看,斗破苍穹年番在线观看免费,51最新乱码中文字幕

https的harbor部署與升級(jí)實(shí)現(xiàn)過(guò)程

目錄

一、部署harbor

1、安裝docker

2、配置對(duì)Harbor的HTTPS訪問(wèn)(可忽略)

3、安裝docker-compose

4、安裝harbor

5、測(cè)試

二、harbor小版本升級(jí)

1、停止當(dāng)前harbor實(shí)例、并備份

2、安裝新版本harbor

3、測(cè)試

4、回退

三、大版本升級(jí)

1、停止當(dāng)前harbor實(shí)例、并備份

2、安裝新版本harbor

3、測(cè)試

總結(jié)

相關(guān)文章

最新評(píng)論

大家感興趣的內(nèi)容

最近更新的內(nèi)容

常用在線小工具

国产无遮挡裸体免费直播视频,久久精品国产蜜臀av,动漫在线视频一区二区,欧亚日韩一区二区三区,久艹在线 免费视频,国产精品美女网站免费,正在播放 97超级视频在线观看,斗破苍穹年番在线观看免费,51最新乱码中文字幕

https的harbor部署與升級(jí)實(shí)現(xiàn)過(guò)程

目錄

一、部署harbor

1、安裝docker

2、配置對(duì)Harbor的HTTPS訪問(wèn)(可忽略)

3、安裝docker-compose

4、安裝harbor

5、測(cè)試

二、harbor小版本升級(jí)

1、停止當(dāng)前harbor實(shí)例、并備份

2、安裝新版本harbor

3、測(cè)試

4、回退

三、大版本升級(jí)

1、停止當(dāng)前harbor實(shí)例、并備份

2、安裝新版本harbor

3、測(cè)試

總結(jié)

相關(guān)文章

最新評(píng)論

大家感興趣的內(nèi)容

最近更新的內(nèi)容

常用在線小工具

国产无遮挡裸体免费直播视频,久久精品国产蜜臀av,动漫在线视频一区二区,欧亚日韩一区二区三区,久艹在线免费视频,国产精品美女网站免费,正在播放 97超级视频在线观看,斗破苍穹年番在线观看免费,51最新乱码中文字幕

1、安裝docker

3、安裝docker-compose

4、安裝harbor

5、測(cè)試

二、harbor小版本升級(jí)

1、停止當(dāng)前harbor實(shí)例、并備份

2、安裝新版本harbor

4、回退

三、大版本升級(jí)

1、停止當(dāng)前harbor實(shí)例、并備份

2、安裝新版本harbor

3、測(cè)試