My recent project involved deploying Red Hat Advanced Cluster Management (RHACM) in a disconnected environment. RHACM is used for managing multiple clusters and deploying applications across clusters . It uses GitOps Zero Touch Provisioning (ZTP) to deploy Openshift clusters.In a disconnected environment we built internal registry to build, deploy, and manage container images locally our choice was result opensource Registry called Harbor.
In this blog we will Simplify Container Image Management with Harbor Registry and discuss benefits of using Harbor Registry for container image management and a step-by-step guide on how to install it.
When it comes to managing container images, not every organization can rely on public or cloud-based registries due to compliance, security, or regulatory concerns. This is where Harbor steps in as a game changer. By providing a private registry that maintains the integrity and confidentiality of your data, Its robust features allow you to store and manage Docker images securely while also enabling image signing and vulnerability scanning right out of the box. This guide will walk you through setting up your own instance of Harbor from scratch.
In my setupI have1 Kubernetes Cluster , 1 Openshift cluster, Infra VMS and the offcourse the VM on which we plan to deploy Harbor.
[root@kernel ~]# virsh list --all
Id Name State
---------------------------------------
1 jump(Harbor) running
2 kubernetes-master running
3 kubernetes-worker-01 running
4 kubernetes-worker-02 running
5 kubernetes-worker-03 running
6 kubernetes-worker-04 running
7 nfs running
- bastion shut off
- bootstrap shut off
- dns shut off
- haproxy shut off
- master1 shut off
- master2 shut off
- master3 shut off
- tftp shut off
- worker1 shut off
- worker2 shut off
[root@jump harbor]# ip -4 a
1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: enp1s0: mtu 1500 qdisc fq_codel state UP group default qlen 1000
inet 192.168.0.245/24 brd 192.168.0.255 scope global noprefixroute enp1s0
valid_lft forever preferred_lft forever
3: enp2s0: mtu 1500 qdisc fq_codel state UP group default qlen 1000
inet 10.20.30.245/24 brd 10.20.30.255 scope global noprefixroute enp2s0
valid_lft forever preferred_lft forever
4: virbr0: mtu 1500 qdisc noqueue state DOWN group default qlen 1000
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
5: br-a9e015b58fe3: mtu 1500 qdisc noqueue state UP group default
inet 172.18.0.1/16 brd 172.18.255.255 scope global br-a9e015b58fe3
valid_lft forever preferred_lft forever
6: docker0: mtu 1500 qdisc noqueue state DOWN group default
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
My VM has RHEL OS
[root@jump ~]# cat /etc/redhat-release
Red Hat Enterprise Linux release 8.10 (Ootpa)[root@jump ~]# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sr0 11:0 1 1024M 0 rom
vda 252:0 0 50G 0 disk
├─vda1 252:1 0 1G 0 part /boot
└─vda2 252:2 0 49G 0 part
├─rhel_jump-root 253:0 0 44G 0 lvm /
└─rhel_jump-swap 253:1 0 5G 0 lvm
Preparing the Disk. I have dedicated additional diskfor the deployment. You can use the same partition where your system files resides.
[root@jump ~]# sudo parted -s -a optimal -- /dev/vdb mklabel gpt
[root@jump ~]# sudo parted -s -a optimal -- /dev/vdb mkpart primary 0% 100%
[root@jump ~]# sudo parted -s -- /dev/vdb align-check optimal 1
[root@jump ~]# sudo pvcreate /dev/vdb1
Physical volume "/dev/vdb1" successfully created.
[root@jump ~]# sudo vgcreate vg0 /dev/vdb1
Volume group "vg0" successfully created
[root@jump ~]# sudo lvcreate -n harbor -l +100%FREE vg0
[root@jump harbor]# ip -4 a
1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: enp1s0: mtu 1500 qdisc fq_codel state UP group default qlen 1000
inet 192.168.0.245/24 brd 192.168.0.255 scope global noprefixroute enp1s0
valid_lft forever preferred_lft forever
3: enp2s0: mtu 1500 qdisc fq_codel state UP group default qlen 1000
inet 10.20.30.245/24 brd 10.20.30.255 scope global noprefixroute enp2s0
valid_lft forever preferred_lft forever
4: virbr0: mtu 1500 qdisc noqueue state DOWN group default qlen 1000
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
5: br-a9e015b58fe3: mtu 1500 qdisc noqueue state UP group default
inet 172.18.0.1/16 brd 172.18.255.255 scope global br-a9e015b58fe3
valid_lft forever preferred_lft forever
6: docker0: mtu 1500 qdisc noqueue state DOWN group default
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
[root@jump ~]# sudo mkfs.xfs /dev/vg0/harbor
meta-data=/dev/vg0/harbor isize=512 agcount=4, agsize=3276544 blks
= sectsz=512 attr=2, projid32bit=1
= crc=1 finobt=1, sparse=1, rmapbt=0
= reflink=1 bigtime=0 inobtcount=0
data = bsize=4096 blocks=13106176, imaxpct=25
= sunit=0 swidth=0 blks
naming =version 2 bsize=4096 ascii-ci=0, ftype=1
log =internal log bsize=4096 blocks=6399, version=2
= sectsz=512 sunit=0 blks, lazy-count=1
realtime =none extsz=4096 blocks=0, rtextents=0
Discarding blocks...Done.
[root@jump ~]# sudo mkdir /data
[root@jump ~]# echo "/dev/vg0/harbor /data xfs defaults 0 0" | sudo tee -a /etc/fstab
/dev/vg0/harbor /data xfs defaults 0 0
[root@jump ~]# sudo mount -a
mount: (hint) your fstab has been modified, but systemd still uses
the old version; use 'systemctl daemon-reload' to reload.
[root@jump ~]# systemctl daemon-reload
[root@jump ~]# df -hT /data/
Filesystem Type Size Used Avail Use% Mounted on
/dev/mapper/vg0-harbor xfs 50G 390M 50G 1% /data
[root@jump yum.repos.d]# sudo yum install -y yum-utils
Updating Subscription Management repositories.
Installed:
yum-utils-4.0.21-25.el8.noarch
[root@jump yum.repos.d]# sudo yum install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
Updating Subscription Management repositories.
Last metadata expiration check: 0:01:28 ago on Fri 27 Sep 2024 06:00:35 PM IST.
Dependencies resolved.
===============================================================================================================================
Package Arch Version Repository Size
===============================================================================================================================
Installing:
containerd.io x86_64 1.7.22-3.1.el8 docker-ce-stable 45 M
docker-buildx-plugin x86_64 0.17.1-1.el8 docker-ce-stable 14 M
docker-ce x86_64 3:27.3.1-1.el8 docker-ce-stable 28 M
docker-ce-cli x86_64 1:27.3.1-1.el8 docker-ce-stable 8.0 M
docker-compose-plugin x86_64 2.29.7-1.el8 docker-ce-stable 14 M
Installing dependencies:
container-selinux noarch 2:2.229.0-2.module+el8.10.0+22283+6d6d094a rhel-8-for-x86_64-appstream-rpms 71 k
fuse-overlayfs x86_64 1.13-1.module+el8.10.0+22283+6d6d094a rhel-8-for-x86_64-appstream-rpms 70 k
fuse3 x86_64 3.3.0-19.el8 rhel-8-for-x86_64-baseos-rpms 55 k
fuse3-libs x86_64 3.3.0-19.el8 rhel-8-for-x86_64-baseos-rpms 96 k
libcgroup x86_64 0.41-19.el8 rhel-8-for-x86_64-baseos-rpms 70 k
libslirp x86_64 4.4.0-2.module+el8.10.0+22283+6d6d094a rhel-8-for-x86_64-appstream-rpms 71 k
slirp4netns x86_64 1.2.3-1.module+el8.10.0+22283+6d6d094a rhel-8-for-x86_64-appstream-rpms 56 k
Installing weak dependencies:
docker-ce-rootless-extras x86_64 27.3.1-1.el8 docker-ce-stable 5.1 M
Installed products updated.
Installed:
container-selinux-2:2.229.0-2.module+el8.10.0+22283+6d6d094a.noarch
containerd.io-1.7.22-3.1.el8.x86_64
docker-buildx-plugin-0.17.1-1.el8.x86_64
docker-ce-3:27.3.1-1.el8.x86_64
docker-ce-cli-1:27.3.1-1.el8.x86_64
docker-ce-rootless-extras-27.3.1-1.el8.x86_64
docker-compose-plugin-2.29.7-1.el8.x86_64
fuse-overlayfs-1.13-1.module+el8.10.0+22283+6d6d094a.x86_64
fuse3-3.3.0-19.el8.x86_64
fuse3-libs-3.3.0-19.el8.x86_64
libcgroup-0.41-19.el8.x86_64
libslirp-4.4.0-2.module+el8.10.0+22283+6d6d094a.x86_64
slirp4netns-1.2.3-1.module+el8.10.0+22283+6d6d094a.x86_64
[root@jump yum.repos.d]# sudo yum-config-manager --add-repo https://download.docker.com/linux/rhel/docker-ce.repo
Updating Subscription Management repositories.
Adding repo from: https://download.docker.com/linux/rhel/docker-ce.repo
[root@jump yum.repos.d]# sudo yum makecache
Updating Subscription Management repositories.
Docker CE Stable - x86_64 18 kB/s | 26 kB 00:01
Extra Packages for Enterprise Linux 8 - x86_64 68 kB/s | 9.3 kB 00:00
Extra Packages for Enterprise Linux 8 - x86_64 863 kB/s | 14 MB 00:16
Red Hat Enterprise Linux 8 for x86_64 - AppStream (RPMs) 3.4 kB/s | 4.5 kB 00:01
Red Hat Enterprise Linux 8 for x86_64 - BaseOS (RPMs) 9.3 kB/s | 4.1 kB 00:00
Metadata cache created.
[root@jump yum.repos.d]# sudo yum install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
Updating Subscription Management repositories.
Last metadata expiration check: 0:01:28 ago on Fri 27 Sep 2024 06:00:35 PM IST.
Dependencies resolved.
===============================================================================================================================
Package Arch Version Repository Size
===============================================================================================================================
Installing:
containerd.io x86_64 1.7.22-3.1.el8 docker-ce-stable 45 M
docker-buildx-plugin x86_64 0.17.1-1.el8 docker-ce-stable 14 M
docker-ce x86_64 3:27.3.1-1.el8 docker-ce-stable 28 M
docker-ce-cli x86_64 1:27.3.1-1.el8 docker-ce-stable 8.0 M
docker-compose-plugin x86_64 2.29.7-1.el8 docker-ce-stable 14 M
Installing dependencies:
container-selinux noarch 2:2.229.0-2.module+el8.10.0+22283+6d6d094a rhel-8-for-x86_64-appstream-rpms 71 k
fuse-overlayfs x86_64 1.13-1.module+el8.10.0+22283+6d6d094a rhel-8-for-x86_64-appstream-rpms 70 k
fuse3 x86_64 3.3.0-19.el8 rhel-8-for-x86_64-baseos-rpms 55 k
fuse3-libs x86_64 3.3.0-19.el8 rhel-8-for-x86_64-baseos-rpms 96 k
libcgroup x86_64 0.41-19.el8 rhel-8-for-x86_64-baseos-rpms 70 k
libslirp x86_64 4.4.0-2.module+el8.10.0+22283+6d6d094a rhel-8-for-x86_64-appstream-rpms 71 k
slirp4netns x86_64 1.2.3-1.module+el8.10.0+22283+6d6d094a rhel-8-for-x86_64-appstream-rpms 56 k
Installing weak dependencies:
docker-ce-rootless-extras x86_64 27.3.1-1.el8 docker-ce-stable 5.1 M
Transaction Summary
===============================================================================================================================
Install 13 Packages
Total download size: 114 M
Installed size: 427 M
Is this ok [y/N]: y
Downloading Packages:
(1/13): docker-buildx-plugin-0.17.1-1.el8.x86_64.rpm 13 MB/s | 14 MB 00:01
(2/13): docker-ce-cli-27.3.1-1.el8.x86_64.rpm 9.4 MB/s | 8.0 MB 00:00
(3/13): containerd.io-1.7.22-3.1.el8.x86_64.rpm 17 MB/s | 45 MB 00:02
(4/13): docker-ce-27.3.1-1.el8.x86_64.rpm 9.5 MB/s | 28 MB 00:02
(5/13): docker-compose-plugin-2.29.7-1.el8.x86_64.rpm 24 MB/s | 14 MB 00:00
(6/13): container-selinux-2.229.0-2.module+el8.10.0+22283+6d6d094a.noarch.rpm 35 kB/s | 71 kB 00:01
(7/13): fuse-overlayfs-1.13-1.module+el8.10.0+22283+6d6d094a.x86_64.rpm 28 kB/s | 70 kB 00:02
(8/13): libslirp-4.4.0-2.module+el8.10.0+22283+6d6d094a.x86_64.rpm 74 kB/s | 71 kB 00:00
(9/13): slirp4netns-1.2.3-1.module+el8.10.0+22283+6d6d094a.x86_64.rpm 63 kB/s | 56 kB 00:00
(10/13): docker-ce-rootless-extras-27.3.1-1.el8.x86_64.rpm 1.0 MB/s | 5.1 MB 00:04
(11/13): libcgroup-0.41-19.el8.x86_64.rpm 70 kB/s | 70 kB 00:01
(12/13): fuse3-3.3.0-19.el8.x86_64.rpm 63 kB/s | 55 kB 00:00
(13/13): fuse3-libs-3.3.0-19.el8.x86_64.rpm 45 kB/s | 96 kB 00:02
-------------------------------------------------------------------------------------------------------------------------------
Total 13 MB/s | 114 MB 00:08
Docker CE Stable - x86_64 24 kB/s | 1.6 kB 00:00
[root@jump yum.repos.d]# sudo systemctl start docker
[root@jump yum.repos.d]# systemctl enable docker
Created symlink /etc/systemd/system/multi-user.target.wants/docker.service → /usr/lib/systemd/system/docker.service.
[root@jump yum.repos.d]# wget https://github.com/cormachogan/harbor-certs
--2024-09-27 18:10:25-- https://github.com/cormachogan/harbor-certs
Resolving github.com (github.com)... 20.207.73.82
Connecting to github.com (github.com)|20.207.73.82|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]
Saving to: ‘harbor-certs’
harbor-certs [ <=> ] 266.08K 1.54MB/s in 0.2s
2024-09-27 18:10:27 (1.54 MB/s) - ‘harbor-certs’ saved [272466]
[root@jump yum.repos.d]# ls
docker-ce.repo epel-modular.repo epel.repo epel-testing-modular.repo epel-testing.repo harbor-certs redhat.repo
[root@jump yum.repos.d]# mv harbor-certs /root/
[root@jump yum.repos.d]# cd
[root@jump ~]# ls
anaconda-ks.cfg ck.yaml common-orignal.sh common-rhel.sh common.sh config harbor-certs kubectl
[root@jump ~]# vi harbor-certs
[root@jump ~]# ./ gen-harbor-certs.sh
-bash: ./: Is a directory
[root@jump ~]# ./gen-harbor-certs.sh
-bash: ./gen-harbor-certs.sh: No such file or directory
[root@jump ~]# ls
anaconda-ks.cfg ck.yaml common-orignal.sh common-rhel.sh common.sh config harbor-certs kubectl
[root@jump ~]# ls -ltr harbor-certs
-rw-r--r--. 1 root root 272466 Sep 27 18:10 harbor-certs
[root@jump ~]# docker version
Client: Docker Engine - Community
Version: 27.3.1
API version: 1.47
Go version: go1.22.7
Git commit: ce12230
Built: Fri Sep 20 11:42:37 2024
OS/Arch: linux/amd64
Context: default
Download and Install Harbor
[root@jump ~]# curl -s https://api.github.com/repos/goharbor/harbor/releases/latest | grep browser_download_url | cut -d '"' -f
4 | grep '\.tgz$' | wget -i -
--2024-09-27 18:16:29-- https://github.com/goharbor/harbor/releases/download/v2.11.1/harbor-offline-installer-v2.11.1.tgz
Resolving github.com (github.com)... 20.207.73.82
Connecting to github.com (github.com)|20.207.73.82|:443... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/50613991/a4959d05-a9c8-49c0-8f85-1b9e05b
73547?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20240927%2Fus-east-1%2Fs3%2Faws4_request&X-Amz
-Date=20240927T124629Z&X-Amz-Expires=300&X-Amz-Signature=d13fb35611dd0f2503d539ca05f18cc33309fa48678abfa7cf489877f5b8f890&X-Amz
-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Dharbor-offline-installer-v2.11.1.tgz&response-conte
nt-type=application%2Foctet-stream [following]
--2024-09-27 18:16:29-- https://objects.githubusercontent.com/github-production-release-asset-2e65be/50613991/a4959d05-a9c8-49
c0-8f85-1b9e05b73547?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20240927%2Fus-east-1%2Fs3%2Faws
4_request&X-Amz-Date=20240927T124629Z&X-Amz-Expires=300&X-Amz-Signature=d13fb35611dd0f2503d539ca05f18cc33309fa48678abfa7cf48987
7f5b8f890&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Dharbor-offline-installer-v2.11.1.tgz
&response-content-type=application%2Foctet-stream
Resolving objects.githubusercontent.com (objects.githubusercontent.com)... 185.199.111.133, 185.199.109.133, 185.199.108.133, .
..
Connecting to objects.githubusercontent.com (objects.githubusercontent.com)|185.199.111.133|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 658192407 (628M) [application/octet-stream]
Saving to: ‘harbor-offline-installer-v2.11.1.tgz’
harbor-offline-installer-v2.11. 100%[======================================================>] 627.70M 12.3MB/s in 2m 12s
2024-09-27 18:18:42 (4.77 MB/s) - ‘harbor-offline-installer-v2.11.1.tgz’ saved [658192407/658192407]
--2024-09-27 18:18:42-- https://github.com/goharbor/harbor/releases/download/v2.11.1/harbor-online-installer-v2.11.1.tgz
Connecting to github.com (github.com)|20.207.73.82|:443... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/50613991/2fdebada-ed4c-4293-9ab9-60384b4
331be?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20240927%2Fus-east-1%2Fs3%2Faws4_request&X-Amz
-Date=20240927T124842Z&X-Amz-Expires=300&X-Amz-Signature=ff94dc923a68b16d7bb56c29030d32764f1e4bbbf1f1853045adad5a52bf783d&X-Amz
-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Dharbor-online-installer-v2.11.1.tgz&response-conten
t-type=application%2Foctet-stream [following]
--2024-09-27 18:18:43-- https://objects.githubusercontent.com/github-production-release-asset-2e65be/50613991/2fdebada-ed4c-42
93-9ab9-60384b4331be?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20240927%2Fus-east-1%2Fs3%2Faws
4_request&X-Amz-Date=20240927T124842Z&X-Amz-Expires=300&X-Amz-Signature=ff94dc923a68b16d7bb56c29030d32764f1e4bbbf1f1853045adad5
a52bf783d&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Dharbor-online-installer-v2.11.1.tgz&
response-content-type=application%2Foctet-stream
Connecting to objects.githubusercontent.com (objects.githubusercontent.com)|185.199.111.133|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 11577 (11K) [application/octet-stream]
Saving to: ‘harbor-online-installer-v2.11.1.tgz’
harbor-online-installer-v2.11.1 100%[======================================================>] 11.31K --.-KB/s in 0.001s
2024-09-27 18:18:44 (8.03 MB/s) - ‘harbor-online-installer-v2.11.1.tgz’ saved [11577/11577]
FINISHED --2024-09-27 18:18:44--
Total wall clock time: 2m 16s
Downloaded: 2 files, 628M in 2m 12s (4.77 MB/s)
[root@jump ~]# ls -ltr
total 643084
-rw-r--r--. 1 root root 11577 Aug 21 07:57 harbor-online-installer-v2.11.1.tgz
-rw-r--r--. 1 root root 658192407 Aug 21 07:57 harbor-offline-installer-v2.11.1.tgz
-rw-------. 1 root root 1357 Sep 23 22:23 anaconda-ks.cfg
-rwxrwxrwx. 1 root root 5650 Sep 23 22:29 config
-rwxrwxrwx. 1 root root 220 Sep 24 08:08 kubectl
-rw-r--r--. 1 root root 4215 Sep 24 13:59 ck.yaml
-rwxr-xr-x. 1 root root 2803 Sep 24 18:44 common.sh
-rwxrwxrwx. 1 root root 1214 Sep 24 18:50 common-rhel.sh
-rwxr-xr-x. 1 root root 1214 Sep 24 18:53 common-orignal.sh
-rw-r--r--. 1 root root 272466 Sep 27 18:10 harbor-certs
[root@jump ~]# ls -ltr
total 643084
-rw-r--r--. 1 root root 11577 Aug 21 07:57 harbor-online-installer-v2.11.1.tgz
-rw-r--r--. 1 root root 658192407 Aug 21 07:57 harbor-offline-installer-v2.11.1.tgz
-rw-------. 1 root root 1357 Sep 23 22:23 anaconda-ks.cfg
-rwxrwxrwx. 1 root root 5650 Sep 23 22:29 config
-rwxrwxrwx. 1 root root 220 Sep 24 08:08 kubectl
-rw-r--r--. 1 root root 4215 Sep 24 13:59 ck.yaml
-rwxr-xr-x. 1 root root 2803 Sep 24 18:44 common.sh
-rwxrwxrwx. 1 root root 1214 Sep 24 18:50 common-rhel.sh
-rwxr-xr-x. 1 root root 1214 Sep 24 18:53 common-orignal.sh
-rw-r--r--. 1 root root 272466 Sep 27 18:10 harbor-certs
[root@jump ~]# tar xvzf harbor-offline-installer-v2.11.1.tgz
harbor/harbor.v2.11.1.tar.gz
harbor/prepare
harbor/LICENSE
harbor/install.sh
harbor/common.sh
harbor/harbor.yml.tmpl
[root@jump ~]# cd harbor/
[root@jump harbor]# ls
common.sh harbor.v2.11.1.tar.gz harbor.yml.tmpl install.sh LICENSE prepare
[root@jump harbor]# cp harbor.yml.tmpl harbor.yml
[root@jump harbor]# hostname
jump.clearwater.com
[root@jump harbor]# ll
total 646864
-rw-r--r--. 1 root root 3646 Aug 15 15:37 common.sh
-rw-r--r--. 1 root root 662330539 Aug 15 15:37 harbor.v2.11.1.tar.gz
-rw-r--r--. 1 root root 14270 Sep 27 18:19 harbor.yml
-rw-r--r--. 1 root root 14270 Aug 15 15:37 harbor.yml.tmpl
-rwxr-xr-x. 1 root root 1975 Aug 15 15:37 install.sh
-rw-r--r--. 1 root root 11347 Aug 15 15:37 LICENSE
-rwxr-xr-x. 1 root root 1882 Aug 15 15:37 prepare
[root@jump harbor]# vim harbor.yml
[root@jump harbor]# sudo dnf -y install epel-release
Updating Subscription Management repositories.
Last metadata expiration check: 0:23:26 ago on Fri 27 Sep 2024 06:00:35 PM IST.
Package epel-release-8-21.el8.noarch is already installed.
Dependencies resolved.
Nothing to do.
Complete!
[root@jump harbor]# sudo dnf -y install certbot
Updating Subscription Management repositories.
Last metadata expiration check: 0:23:49 ago on Fri 27 Sep 2024 06:00:35 PM IST.
Dependencies resolved.
===============================================================================================================================
Package Architecture Version Repository Size
===============================================================================================================================
Installing:
certbot noarch 1.22.0-1.el8 epel 54 k
Installing dependencies:
python3-acme noarch 1.22.0-4.el8 epel 96 k
python3-certbot noarch 1.22.0-1.el8 epel 426 k
python3-cffi x86_64 1.11.5-6.el8 rhel-8-for-x86_64-baseos-rpms 238 k
python3-configargparse noarch 0.14.0-6.el8 epel 36 k
python3-configobj noarch 5.0.6-11.el8 rhel-8-for-x86_64-baseos-rpms 68 k
python3-cryptography x86_64 3.2.1-7.el8_9 rhel-8-for-x86_64-baseos-rpms 559 k
python3-josepy noarch 1.9.0-1.el8 epel 103 k
python3-parsedatetime noarch 2.5-1.el8 epel 79 k
python3-pyOpenSSL noarch 19.0.0-1.el8 rhel-8-for-x86_64-appstream-rpms 103 k
python3-pycparser noarch 2.14-14.el8 rhel-8-for-x86_64-baseos-rpms 109 k
python3-pyrfc3339 noarch 1.1-1.el8 epel 19 k
python3-requests-toolbelt noarch 0.9.1-4.el8 epel 91 k
python3-zope-component noarch 4.3.0-8.el8 epel 313 k
python3-zope-event noarch 4.2.0-12.el8 epel 210 k
python3-zope-interface x86_64 4.6.0-1.el8 epel 158 k
Installing weak dependencies:
python-josepy-doc noarch 1.9.0-1.el8 epel 23 k
Transaction Summary
===============================================================================================================================
I am install Harbor with Self Signed SSL, you can chose other options that suits you like encrypt free SSl or even without SSL.
[root@jump harbor]# sudo mkdir -p /etc/pki/tls/certs
[root@jump harbor]# cd /etc/pki/tls/certs
[root@jump certs]# vim harbor_certs.cnf
[root@jump certs]# cd /etc/pki/tls/certs
[root@jump certs]# sudo vim harbor_certs.cnf
[root@jump certs]# cat harbor_certs.cnf
[ req ]
default_bits = 4096
default_md = sha512
default_keyfile = harbor_registry.key
prompt = no
encrypt_key = no
distinguished_name = req_distinguished_name
# distinguished_name
[ req_distinguished_name ]
countryName = "IN"
localityName = "Singasandra"
stateOrProvinceName = "Karnataka"
organizationName = "clearwater.com"
commonName = "jump.clearwater.com"
emailAddress = "ranjeet.badhe@gmail.com"
[root@jump harbor]# cat harbor.yml
# Configuration file of Harbor
# The IP address or hostname to access admin UI and registry service.
# DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
hostname: jump.clearwater.com
# http related config
http:
# port for http, default is 80. If https enabled, this port will redirect to https port
port: 80
# https related config
https:
# https port for harbor, default is 443
port: 443
# The path of cert and key files for nginx
certificate: /etc/pki/tls/certs/harbor_registry.crt
private_key: /etc/pki/tls/certs/harbor_registry.key
# enable strong ssl ciphers (default: false)
# strong_ssl_ciphers: false
[root@jump certs]# sudo openssl req -out harbor_registry.csr -newkey rsa:4096 --sha512 -nodes -keyout harbor_registry.key -conf
ig harbor_certs.cnf
Generating a RSA private key
........++++
..........++++
writing new private key to 'harbor_registry.key'
-----
[root@jump certs]# sudo openssl x509 -in harbor_registry.csr -out harbor_registry.crt -req -signkey harbor_registry.key -days 3
650
Signature ok
subject=C = IN, L = Singasandra, ST = Karnataka, O = clearwater.com, CN = jump.clearwater.com, emailAddress = ranjeet.badhe@gma
il.com
Getting Private key
[root@jump certs]# openssl x509 -text -noout -in harbor_registry.crt
Certificate:
Data:
Version: 1 (0x0)
Serial Number:
28:cc:18:01:9d:5d:f6:18:0a:bc:80:ab:57:a9:05:ac:9a:27:0b:11
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = IN, L = Singasandra, ST = Karnataka, O = clearwater.com, CN = jump.clearwater.com, emailAddress = ranjeet.b
adhe@gmail.com
Validity
Not Before: Sep 27 13:04:40 2024 GMT
Not After : Sep 25 13:04:40 2034 GMT
Subject: C = IN, L = Singasandra, ST = Karnataka, O = clearwater.com, CN = jump.clearwater.com, emailAddress = ranjeet.
badhe@gmail.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:b2:1b:f3:83:77:99:a1:3c:4e:82:6c:73:88:9e:
28:ed:8e:d3:31:83:b7:28:ea:eb:61:9b:f3:78:8c:
2a:3a:ab:fc:c1:c5:b0:16:7d:6e:31:77:ec:24:a5:
75:b0:54:72:7c:1c:1c:e2:c9:ca:5f:5a:c8:27:5a:
b0:7f:6f:97:38:63:77:24:b9:ca:e6:4d:1e:d6:2b:
b7:5a:ca:73:06:30:e1:8c:91:f6:85:a3:44:1f:51:
[root@jump certs]# hostname
jump.clearwater.com
[root@jump certs]# ls -ltr
total 16
lrwxrwxrwx. 1 root root 55 Jul 24 15:24 ca-bundle.trust.crt -> /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
lrwxrwxrwx. 1 root root 49 Jul 24 15:24 ca-bundle.crt -> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
-rw-r--r--. 1 root root 495 Sep 27 18:33 harbor_certs.cnf
-rw-------. 1 root root 3272 Sep 27 18:34 harbor_registry.key
-rw-r--r--. 1 root root 1760 Sep 27 18:34 harbor_registry.csr
-rw-r--r--. 1 root root 2041 Sep 27 18:34 harbor_registry.crt
[root@jump harbor]# cat /etc/pki/tls/certs/harbor_registry.key
-----BEGIN PRIVATE KEY-----
MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQCyG/ODd5mhPE6C
bHOInijtjtMxg7co6uthm/N4jCo6q/zBxbAWfW4xd+wkpXWwVHJ8HBziycpfWsgn
WrB/b5c4Y3ckucrmTR7WK7daynMGMOGMkfaFo0QfUUmXBeWZJnFX2mlkIGb9Nje8
ln7ezvUERanFs7qLgH5XdUz6BMyL72fYg5H5SrqGW9wOSibYDxqcvTMO6bni9TC2
0GA/A+BNLklr5FG2dVRyGbLpU9DEmuuQlltRytEqO7TRmATTZ5jF/AE0DUNOVlJ/
YUKMx/5qkduXsYHLblIWc0XxuZNCIn13X3KJdv6ynNhUO+oZ0vetrSHTbBkW2sdz
XJjXhFDS83dz2qffh6H/6SsifqY8foaaNFRTrlbw4IsClBuqQzAGE0Clhl8NyFQ5
EHEThr8ed1tGoxD5JhMdcPQDPTdgvVagSwPeYjKqWc2bmf+VSP2zGmcrae3MeSsu
IXv9Be1YBiz3AuSwHDzs77Re56gcwHudTEp5vKIDruMaLmLGj55ZFC14wF6vvKRR
0uaQ438PiI98zsI3le3mwpbuR3kFAaRy7IPWGqu55KlzE1wT6df/98mtIJl0ar3l
2Z/H5ErcPOqrCeyweO1v8VFVSGD2vuVM4exl5Jt4fkru/jX4NFvZb8aC09+vugpn
[root@jump harbor]# ls /etc/pki/tls/certs/harbor_registry.crt
/etc/pki/tls/certs/harbor_registry.crt
[root@jump harbor]# vim harbor.yml
Install Harbor Docker image registry
[root@jump harbor]# sudo ./prepare
prepare base dir is set to /root/harbor
Clearing the configuration file: /config/portal/nginx.conf
Clearing the configuration file: /config/log/logrotate.conf
Clearing the configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/portal/nginx.conf
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/registryctl/config.yml
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
Generated and saved secret to file: /data/secret/keys/secretkey
Successfully called func: create_root_cert
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir
[root@jump harbor]# sudo ./install.sh --with-trivy
[Step 0]: checking if docker is installed ...
Note: docker version: 27.3.1
[Step 1]: checking docker-compose is installed ...
Note: Docker Compose version v2.29.7
[Step 2]: loading Harbor images ...
Loaded image: goharbor/prepare:v2.11.1
59cd002b46d2: Loading layer [==================================================>] 21.86MB/21.86MB
2e8f9fa1e5f5: Loading layer [==================================================>] 175MB/175MB
ecd34246c904: Loading layer [==================================================>] 26.04MB/26.04MB
d8b960cafd25: Loading layer [==================================================>] 18.54MB/18.54MB
410dc4347a57: Loading layer [==================================================>] 5.12kB/5.12kB
80921caabb24: Loading layer [==================================================>] 6.144kB/6.144kB
e91542fda4dd: Loading layer [==================================================>] 3.072kB/3.072kB
df3f2e9dd439: Loading layer [==================================================>] 2.048kB/2.048kB
d8facbd2a6c0: Loading layer [==================================================>] 2.56kB/2.56kB
4715dde7127c: Loading layer [==================================================>] 7.68kB/7.68kB
Loaded image: goharbor/harbor-db:v2.11.1
926647c50af4: Loading layer [==================================================>] 17.23MB/17.23MB
99ff9f9dc8ce: Loading layer [==================================================>] 28.75MB/28.75MB
99078c9b3a60: Loading layer [==================================================>] 4.608kB/4.608kB
fe5588cde585: Loading layer [==================================================>] 29.54MB/29.54MB
Loaded image: goharbor/harbor-exporter:v2.11.1
[Step 3]: preparing environment ...
[Step 4]: preparing harbor configs ...
prepare base dir is set to /root/harbor
Clearing the configuration file: /config/portal/nginx.conf
Clearing the configuration file: /config/log/logrotate.conf
Clearing the configuration file: /config/log/rsyslog_docker.conf
Clearing the configuration file: /config/nginx/nginx.conf
Clearing the configuration file: /config/core/env
Clearing the configuration file: /config/core/app.conf
Clearing the configuration file: /config/registry/passwd
Clearing the configuration file: /config/registry/config.yml
Clearing the configuration file: /config/registryctl/env
Clearing the configuration file: /config/registryctl/config.yml
Clearing the configuration file: /config/db/env
Clearing the configuration file: /config/jobservice/env
Clearing the configuration file: /config/jobservice/config.yml
Generated configuration file: /config/portal/nginx.conf
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/registryctl/config.yml
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
loaded secret from file: /data/secret/keys/secretkey
Generated configuration file: /config/trivy-adapter/env
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir
[Step 5]: starting Harbor ...
WARN[0000] /root/harbor/docker-compose.yml: the attribute `version` is obsolete, it will be ignored, please remove it to avoid potential
confusion
[+] Running 11/11
✔ Network harbor_harbor Created 0.4s
✔ Container harbor-log Started 0.5s
✔ Container registry Started 0.8s
✔ Container redis Started 0.8s
✔ Container registryctl Started 0.8s
✔ Container harbor-portal Started 0.9s
✔ Container harbor-db Started 0.9s
✔ Container trivy-adapter Started 1.0s
✔ Container harbor-core Started 1.1s
✔ Container nginx Started 1.4s
✔ Container harbor-jobservice Started 1.3s
✔ ----Harbor has been installed and started successfully.----
[root@jump harbor]# docker compose ps
WARN[0000] /root/harbor/docker-compose.yml: the attribute `version` is obsolete, it will be ignored, please remove it to avoid potential
confusion
NAME IMAGE COMMAND SERVICE CREATED STATUS
PORTS
harbor-core goharbor/harbor-core:v2.11.1 "/harbor/entrypoint.…" core 30 seconds ago Up 28 seconds (heal
th: starting)
harbor-db goharbor/harbor-db:v2.11.1 "/docker-entrypoint.…" postgresql 30 seconds ago Up 28 seconds (heal
th: starting)
harbor-jobservice goharbor/harbor-jobservice:v2.11.1 "/harbor/entrypoint.…" jobservice 29 seconds ago Up 23 seconds (heal
th: starting)
harbor-log goharbor/harbor-log:v2.11.1 "/bin/sh -c /usr/loc…" log 30 seconds ago Up 29 seconds (heal
th: starting) 127.0.0.1:1514->10514/tcp
harbor-portal goharbor/harbor-portal:v2.11.1 "nginx -g 'daemon of…" portal 30 seconds ago Up 28 seconds (heal
th: starting)
nginx goharbor/nginx-photon:v2.11.1 "nginx -g 'daemon of…" proxy 29 seconds ago Up 27 seconds (heal
th: starting) 0.0.0.0:80->8080/tcp, [::]:80->8080/tcp, 0.0.0.0:443->8443/tcp, [::]:443->8443/tcp
redis goharbor/redis-photon:v2.11.1 "redis-server /etc/r…" redis 30 seconds ago Up 28 seconds (heal
th: starting)
registry goharbor/registry-photon:v2.11.1 "/home/harbor/entryp…" registry 30 seconds ago Up 28 seconds (heal
th: starting)
registryctl goharbor/harbor-registryctl:v2.11.1 "/home/harbor/start.…" registryctl 30 seconds ago Up 28 seconds (heal
th: starting)
trivy-adapter goharbor/trivy-adapter-photon:v2.11.1 "/home/scanner/entry…" trivy-adapter 30 seconds ago Up 28 seconds (heal
th: starting)
[root@jump harbor]# ls -1 /var/log/harbor/
core.log
jobservice.log
portal.log
postgresql.log
proxy.log
redis.log
registryctl.log
registry.log
trivy-adapter.log