生产环境搭建高可用Harbor（包括恢复演练实操）（一）

curl -L "https://github.com/docker/compose/releases/download/1.24.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose
sudo add-apt-repository "deb [arch=amd64] http://mirrors.aliyun.com/docker-ce/linux/ubuntu $(lsb_release -cs) stable"
# 添加国内阿里云
curl -fsSL http://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | sudo apt-key add -
#更新
sudo apt-get update
[[查看docker]]版本
apt-cache madison docker-ce
#安装最新版
sudo apt-get install -y docker-ce
[[安装5]]:19.03.6~3-0~ubuntu-bionic版
sudo apt-get install -y docker-ce=5:19.03.6~3-0~ubuntu-bionic
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.

sudo tee /etc/docker/daemon.json <<-'EOF'
{
  "registry-mirrors": ["https://8sab4djv.mirror.aliyuncs.com"],
    "registry-mirrors": ["https://registry.docker-cn.com"],
  "insecure-registries": ["https://harbor.unixsre.com"]
}
EOF
sudo systemctl daemon-reload
sudo systemctl restart docker
1.
2.
3.
4.
5.
6.
7.
8.
9.

# 下载Harbor
wget -P /usr/local wget https://github.com/goharbor/harbor/releases/download/v2.3.2/harbor-online-installer-v2.3.2.tgz

tar zxf /usr/local/harbor-online-installer-v2.3.2.tgz -C /data/harbor

# 修改配置文件，根据自己的需求进行修改
cd /data/harbor
cp harbor.yml.tmpl harbor.yml
# harbor.yml中按需修改或添加如下内容
# Configuration file of Harbor

# The IP address or hostname to access admin UI and registry service.
# DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
hostname: harbor.unixsre.com

# http related config
http:
  # port for http, default is 80. If https enabled, this port will redirect to https port
  port: 80

# https related config
https:
  # https port for harbor, default is 443
  port: 443
  # The path of cert and key files for nginx
  certificate: /data/harbor/ssl/unixsre.com.cer
  private_key: /data/harbor/ssl/unixsre.com.key

# # Uncomment following will enable tls communication between all harbor components
# internal_tls:
#   # set enabled to true means internal tls is enabled
#   enabled: true
#   # put your cert and key files on dir
#   dir: /etc/harbor/tls/internal

# Uncomment external_url if you want to enable external proxy
# And when it enabled the hostname will no longer used
# external_url: https://reg.mydomain.com:8433

# The initial password of Harbor admin
# It only works in first time to install harbor
# Remember Change the admin password from UI after launching Harbor.
# 初始密码，可以修改成自己需要的，然后后续在WEBUI上自行修改。
harbor_admin_password: 1234567
## 添加禁止用户自注册
self_registration: off
## 设置只有管理员可以创建项目
project_creation_restriction: adminonly
# The default data volume
data_volume: /data/harbor
# 执行安装命令
bash /data/harbor/install.sh
# 如果对配置文件harbor.yml，需要使用./prepare脚本重新生成
./prepare
# 重启
docker-compose restart
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
40.
41.
42.
43.
44.
45.
46.
47.
48.
49.
50.
51.
52.
53.
54.
55.
56.

# 登录
docker login https://harbor.unixsre.com
# 拉取
docker pull busybox
# 打包
docker build -t busybox:v1 . 
docker build -t busybox:v1 -f Dockerfile .
# 打TAG
docker tag busybox:latest harbor.unixsre.com/ops/busybox:latest
# 上传
docker push harbor.unixsre.com/library/busybox:latest
# k3s pull
k3s crictl pull harbor.unixsre.com/library/busybox
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.

# 进入容器备份
docker container exec -it harbor-db /bin/bash
# 执行pg备份
pg_dump -U postgres registry > /tmp/registry.sql 
pg_dump -U postgres notarysigner > /tmp/notarysigner.sql  
pg_dump -U postgres notaryserver > /tmp/notaryserver.sql
# 复制到本地宿主机
docker container cp harbor-db:/tmp/registry.sql /data/harbor/backup_sql/
docker container cp harbor-db:/tmp/notarysigner.sql /data/harbor/backup_sql/
docker container cp harbor-db:/tmp/notaryserver.sql /data/harbor/backup_sql/
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.