Bu yazıda Harbor da backup ve restore işlemlerinin nasıl yapıldığını anlatacağım.
Öncelikle backup için bir harbor-backup.sh hazırlanır.
harbor-backup.sh :
create_dir(){
rm -rf harbor
mkdir -p harbor/db
mkdir -p harbor/secret
chmod 777 harbor
chmod 777 harbor/db
chmod 777 harbor/secret
}
launch_db() {
if [ -n "$($DOCKER_CMD ps -q)" ]; then
echo "There is running container, please stop and remove it before backup"
exit 1
fi
$DOCKER_CMD run -d --name harbor-db -v ${PWD}/harbor:/backup/harbor -v ${harbor_db_path}:/var/lib/postgresql/data ${harbor_db_image} "postgres"
}
clean_db() {
$DOCKER_CMD stop harbor-db
$DOCKER_CMD rm harbor-db
}
wait_for_db_ready() {
set +e
TIMEOUT=12
while [ $TIMEOUT -gt 0 ]; do
$DOCKER_CMD exec harbor-db pg_isready | grep "accepting connections"
if [ $? -eq 0 ]; then
break
fi
TIMEOUT=$((TIMEOUT - 1))
sleep 5
done
if [ $TIMEOUT -eq 0 ]; then
echo "Harbor DB cannot reach within one minute."
clean_db
exit 1
fi
set -e
}
dump_database() {
$DOCKER_CMD exec harbor-db sh -c 'pg_dump -U postgres registry > /backup/harbor/db/registry.back'
$DOCKER_CMD exec harbor-db sh -c 'pg_dump -U postgres postgres > /backup/harbor/db/postgres.back'
$DOCKER_CMD exec harbor-db sh -c 'pg_dump -U postgres notarysigner > /backup/harbor/db/notarysigner.back'
$DOCKER_CMD exec harbor-db sh -c 'pg_dump -U postgres notaryserver > /backup/harbor/db/notaryserver.back'
}
backup_registry() {
cp -rf /data/registry harbor/
}
backup_chart_museum() {
if [ -d /data/chart_storage ]; then
cp -rf /data/chart_storage harbor/
fi
}
backup_redis() {
if [ -d /data/redis ]; then
cp -rf /data/redis harbor/
fi
}
backup_secret() {
# backup all files in secret
if [ -d /data/secret/ ]; then
cp -r /data/secret/* harbor/secret/
fi
# exclude the server.crt and server.key because they should be signed with new ca
if [ -d harbor/secret/cert/ ]; then
rm -rf harbor/secret/cert/
fi
}
create_tarball() {
timestamp=$(date +"%Y-%m-%d-%H-%M-%S")
backup_filename=harbor-$timestamp.tgz
tar zcvf $backup_filename harbor
rm -rf harbor
}
note() { printf "\nNote:%s\n" "$@"
}
usage=$'harbor-backup.sh -- Backup Harbor script
./harbor-backup.sh [options] Backup Harbor with database and registry data
Options
--istile Backup in Harbor tile env
--dbonly Backup Harbor with database data only
'
dbonly=false
istile=false
while [ $# -gt 0 ]; do
case $1 in
--help)
note "$usage"
exit 0;;
--dbonly)
dbonly=true;;
--istile)
istile=true;;
*)
note "$usage"
exit 1;;
esac
shift || true
done
set -ex
if [ $istile = true ]; then
DOCKER_CMD="/var/vcap/packages/docker/bin/docker -H unix:///var/vcap/sys/run/docker/dockerd.sock"
else
DOCKER_CMD=docker
fi
harbor_db_image=$($DOCKER_CMD images goharbor/harbor-db --format "{{.Repository}}:{{.Tag}}" |head -1)
harbor_db_path="/data/database"
create_dir
launch_db
wait_for_db_ready
dump_database
backup_redis
if [ $dbonly = false ]; then
backup_registry
backup_chart_museum
fi
backup_secret
create_tarball
clean_db
echo "All Harbor data are backed up, backup file is $backup_filename."
- sudo nano harbor-backup.sh
- chmod +x harbor-backup.sh
- docker compose down
- ./harbor-backup.sh
Harbor için yedek alındıktan sonra restore işlemine başlanır.
harbor-restore
- docker stop harbor-db
- docker rm harbor-db (çalışan konteynarlar kaldırılır.)
- sudo nano ./harbor-restore.sh
- chmod +x ./harbor-restore.sh
#!/bin/bash
# Copyright Project Harbor Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
extract_backup(){
if [ -n "$backupfile" ]; then
tar xvf $backupfile
else
tar xvf harbor.tgz
fi
}
launch_db() {
if [ -n "$($DOCKER_CMD ps -q)" ]; then
echo "There is running container, please stop and remove it before restore"
exit 1
fi
$DOCKER_CMD run -d --name harbor-db -v ${PWD}/harbor:/backup/harbor -v ${harbor_db_path}:/var/lib/postgresql/data ${harbor_db_image} "postgres"
}
clean_db() {
$DOCKER_CMD stop harbor-db
$DOCKER_CMD rm harbor-db
}
wait_for_db_ready() {
set +e
TIMEOUT=12
while [ $TIMEOUT -gt 0 ]; do
$DOCKER_CMD exec harbor-db pg_isready | grep "accepting connections"
if [ $? -eq 0 ]; then
break
fi
TIMEOUT=$((TIMEOUT - 1))
sleep 5
done
if [ $TIMEOUT -eq 0 ]; then
echo "Harbor DB cannot reach within one minute."
clean_db
exit 1
fi
set -e
}
clean_database_data(){
set +e
$DOCKER_CMD exec harbor-db psql -U postgres -d template1 -c "drop database registry;"
$DOCKER_CMD exec harbor-db psql -U postgres -d template1 -c "drop database postgres;"
$DOCKER_CMD exec harbor-db psql -U postgres -d template1 -c "drop database notarysigner; "
$DOCKER_CMD exec harbor-db psql -U postgres -d template1 -c "drop database notaryserver;"
set -e
$DOCKER_CMD exec harbor-db psql -U postgres -d template1 -c "create database registry;"
$DOCKER_CMD exec harbor-db psql -U postgres -d template1 -c "create database postgres;"
$DOCKER_CMD exec harbor-db psql -U postgres -d template1 -c "create database notarysigner;"
$DOCKER_CMD exec harbor-db psql -U postgres -d template1 -c "create database notaryserver;"
}
restore_database() {
$DOCKER_CMD exec harbor-db sh -c 'psql -U postgres registry < /backup/harbor/db/registry.back'
$DOCKER_CMD exec harbor-db sh -c 'psql -U postgres postgres < /backup/harbor/db/postgres.back'
$DOCKER_CMD exec harbor-db sh -c 'psql -U postgres notarysigner < /backup/harbor/db/notarysigner.back'
$DOCKER_CMD exec harbor-db sh -c 'psql -U postgres notaryserver < /backup/harbor/db/notaryserver.back'
}
restore_registry() {
cp -r harbor/registry/ /data/
chown -R 10000 /data/registry
}
restore_redis() {
cp -r harbor/redis/ /data/
chown -R 999 /data/redis
}
restore_chartmuseum() {
if [ -d ./harbor/chart_storage ]; then
cp -r ./harbor/chart_storage/ /data/
chown -R 10000 /data/chart_storage
fi
}
restore_secret() {
if [ -d harbor/secret/ ]; then
cp -r harbor/secret/* /data/secret/
fi
}
note() { printf "\nNote:%s\n" "$@"
}
usage=$'harbor-restore.sh -- Restore Harbor script
./harbor-restore.sh [options] Restore Harbor with database and registry data
Options:
--istile Run restore in Harbor tile env
--dbonly Restore Harbor with database data only
--backupfile <the backup file name>'
dbonly=false
istile=false
while [ $# -gt 0 ]; do
case $1 in
--help)
note "$usage"
exit 0;;
--dbonly)
dbonly=true;;
--istile)
istile=true;;
--backupfile)
backupfile=$2
shift ;;
*)
note "$usage"
exit 1;;
esac
shift || true
done
set -ex
if [ $istile = true ]; then
DOCKER_CMD="/var/vcap/packages/docker/bin/docker -H unix:///var/vcap/sys/run/docker/dockerd.sock"
else
DOCKER_CMD=docker
fi
harbor_db_image=$($DOCKER_CMD images goharbor/harbor-db --format "{{.Repository}}:{{.Tag}}" | head -1)
harbor_db_path="/data/database"
extract_backup
launch_db
wait_for_db_ready
clean_database_data
restore_database
restore_redis
if [ $dbonly = false ]; then
restore_registry
restore_chartmuseum
fi
restore_secret
clean_db
echo "All Harbor data is restored, you can start Harbor now"
- ./harbor-restore.sh
- docker ps
- docker stop harbor-db (çalışan konteynerlar durdurulur.)
- docker rm harbor-db
- docker compose up -d
Top comments (0)