Harbor 2.7.0 Installation on Centos 7 using docker and docker compose.
Harbor is an open source registry that secures artifacts with policies and role-based access control, ensures images are scanned and free from vulnerabilities, and signs images as trusted. Harbor, a CNCF Graduated project, delivers compliance, performance, and interoperability to help you consistently and securely manage artifacts across cloud native compute platforms like Kubernetes and Docker.
Installation Process
The standard Harbor installation process involves the following stages:
- Make sure that your target host meets the Harbor Installation Prerequisites. Harbor docs | Harbor Installation Prerequisites (goharbor.io)
- Download the Harbor Installer
- Configure HTTPS Access to Harbor
- Configure the Harbor YML File
- Run the Installer Script
Prerequisites:
Docker Engine — Version 17.06.0-ce+ or higher
Docker Compose — docker-compose (v1.18.0+) or docker compose v2 (docker-compose-plugin)
Openssl — Latest is preferred.
CPU Minimun: 2 CPU, Recommended 4 CPU
MEM Minimun: 4 GB, Recommended 8 GB
DISK Minimun: 40 GB, Recommended 160 GB
Step 1: Provision Centos 7 VM
For this tutorial I provision a Centos 7 VM on GCP
Step 2: Install Docker & wget
In you VM
sudo curl https://get.docker.com | sh
sudo yum install wget -y
[root@harbor ~]# docker version
Client: Docker Engine - Community
Version: 20.10.23
API version: 1.41
Go version: go1.18.10
Git commit: 7155243
Built: Thu Jan 19 17:36:21 2023
OS/Arch: linux/amd64
Context: default
Experimental: true
Server: Docker Engine - Community
Engine:
Version: 20.10.23
API version: 1.41 (minimum version 1.12)
Go version: go1.18.10
Git commit: 6051f14
Built: Thu Jan 19 17:34:26 2023
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.6.16
GitCommit: 31aa4358a36870b21a992d3ad2bef29e1d693bec
runc:
Version: 1.1.4
GitCommit: v1.1.4-0-g5fd4c4d
docker-init:
Version: 0.19.0
GitCommit: de40ad0
Step 3: Install Docker Compose
sudo curl -SL https://github.com/docker/compose/releases/download/v2.15.1/docker-compose-linux-x86_64 -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose
[root@harbor ~]# docker compose version
Docker Compose version v2.15.1
Step 4: Install OpenSSL for Certificates
sudo yum install openssl -y
Step 5: Download Harbor installer.
Releases · goharbor/harbor (github.com)
wget https://github.com/goharbor/harbor/releases/download/v2.7.0/harbor-online-installer-v2.7.0.tgz
[root@harbor ~]# ll
total 12
-rw-r--r--. 1 root root 10987 Dec 19 02:43 harbor-online-installer-v2.7.0.tgz
Step 6: Create Certificates using openssl for HTTPS.
For the hostname I’m using my.harbor.com
mkdir -p cert
cd cert
openssl genrsa -out ca.key 4096
openssl req -x509 -new -nodes -sha512 -days 3650 \
-subj "/C=PH/ST=NCR/L=Manila/O=Any/OU=Personal/CN=my.harbor.com" \
-key ca.key \
-out ca.crt
openssl genrsa -out my.harbor.com.key 4096
openssl req -sha512 -new \
-subj "/C=CN/PH=NCR/L=Manila/O=Any/OU=Personal/CN=my.harbor.com" \
-key my.harbor.com.key \
-out my.harbor.com.csr
cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1=my.harbor.com
EOF
openssl x509 -req -sha512 -days 3650 \
-extfile v3.ext \
-CA ca.crt -CAkey ca.key -CAcreateserial \
-in my.harbor.com.csr \
-out my.harbor.com.crt
openssl x509 -inform PEM -in my.harbor.com.crt -out my.harbor.com.cert
[root@harbor ~]# ls cert
ca.crt ca.key ca.srl my.harbor.com.cert my.harbor.com.crt my.harbor.com.csr my.harbor.com.key v3.ext
Copy .crt and .key in folder /data/cert
mkdir -p /data/cert/
cp my.harbor.com.crt /data/cert/
cp my.harbor.com.key /data/cert/
[root@harbor ~]# ls /data/cert/
my.harbor.com.crt my.harbor.com.key
Copy .cert .key ca.crt to docker certs
Note: make sure that the name of the folder is same for your hostname and port.
mkdir -p /etc/docker/certs.d/my.harbor.com:8443/
cp my.harbor.com.cert /etc/docker/certs.d/my.harbor.com:8443/
cp my.harbor.com.key /etc/docker/certs.d/my.harbor.com:8443/
cp ca.crt /etc/docker/certs.d/my.harbor.com:8443/
[root@harbor ~]# ls /etc/docker/certs.d/my.harbor.com:8443/
ca.crt my.harbor.com.cert my.harbor.com.key
Step 7: Install Harbor
tar -xvf harbor-online-installer-v2.7.0.tgz
cd harbor
Edit harbor.yml template and rename it to harbor.yml
You can choose the port for the http and https.
hostname: my.harbor.com
# https related config
https:
# https port for harbor, default is 443
port: 8443
# The path of cert and key files for nginx
certificate: /data/cert/my.harbor.com.crt
private_key: /data/cert/my.harbor.com.key
harbor_admin_password: admin
inside the harbor folder
./prepare
docker compose up -d
then check if containers are up
[root@harbor ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
19755a629759 goharbor/harbor-jobservice:v2.7.0 "/harbor/entrypoint.…" 10 minutes ago Up 10 minutes (healthy) harbor-jobservice
d5999a3d4a20 goharbor/nginx-photon:v2.7.0 "nginx -g 'daemon of…" 10 minutes ago Up 10 minutes (healthy) 0.0.0.0:8443->8443/tcp, :::8443->8443/tcp, 0.0.0.0:8081->8080/tcp, :::8081->8080/tcp nginx
f2b8d084368f goharbor/harbor-core:v2.7.0 "/harbor/entrypoint.…" 10 minutes ago Up 10 minutes (healthy) harbor-core
355020aa5c04 goharbor/redis-photon:v2.7.0 "redis-server /etc/r…" 10 minutes ago Up 10 minutes (healthy) redis
97eec786f2dd goharbor/harbor-registryctl:v2.7.0 "/home/harbor/start.…" 10 minutes ago Up 10 minutes (healthy) registryctl
a365effeed86 goharbor/harbor-db:v2.7.0 "/docker-entrypoint.…" 10 minutes ago Up 10 minutes (healthy) harbor-db
c14d58a8b0b9 goharbor/registry-photon:v2.7.0 "/home/harbor/entryp…" 10 minutes ago Up 10 minutes (healthy) registry
1742ab1d2cc6 goharbor/harbor-portal:v2.7.0 "nginx -g 'daemon of…" 10 minutes ago Up 10 minutes (healthy) harbor-portal
7830bc74811c goharbor/harbor-log:v2.7.0 "/bin/sh -c /usr/loc…" 10 minutes ago Up 10 minutes (healthy) 127.0.0.1:1514->10514/tcp harbor-log
In your browser.
You can download the certificate you generated to enable https.
login using the credentials you provided in the harbor.yml file
Conclusion
In this tutorial, we’ve installed harbor centos 7 using docker and docker compose and configure HTTPS access.
=====================================================
mkdir -p cert
cd cert
openssl genrsa -out ca.key 4096
openssl req -x509 -new -nodes -sha512 -days 3650 \
-subj "/C=PH/ST=NCR/L=Manila/O=Any/OU=Personal/CN=harbor.yogya.com" \
-key ca.key \
-out ca.crt
openssl genrsa -out harbor.yogya.com.key 4096
openssl req -sha512 -new \
-subj "/C=CN/PH=NCR/L=Manila/O=Any/OU=Personal/CN=harbor.yogya.com" \
-key harbor.yogya.com.key \
-out harbor.yogya.com.csr
cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1=harbor.yogya.com
EOF
openssl x509 -req -sha512 -days 3650 \
-extfile v3.ext \
-CA ca.crt -CAkey ca.key -CAcreateserial \
-in harbor.yogya.com.csr \
-out harbor.yogya.com.crt
openssl x509 -inform PEM -in harbor.yogya.com.crt -out harbor.yogya.com.cert