Kamis, 14 November 2024

HARBOR-centos7 OK

 

Harbor 2.7.0 Installation on Centos 7 using docker and docker compose.

https://medium.com/@perezmark.tomcat/harbor-2-7-0-installation-on-centos-7-using-docker-and-docker-compose-a912067563dd
Mark Perez

4 min read

Harbor is an open source registry that secures artifacts with policies and role-based access control, ensures images are scanned and free from vulnerabilities, and signs images as trusted. Harbor, a CNCF Graduated project, delivers compliance, performance, and interoperability to help you consistently and securely manage artifacts across cloud native compute platforms like Kubernetes and Docker.

Installation Process

The standard Harbor installation process involves the following stages:

  1. Make sure that your target host meets the Harbor Installation PrerequisitesHarbor docs | Harbor Installation Prerequisites (goharbor.io)
  2. Download the Harbor Installer
  3. Configure HTTPS Access to Harbor
  4. Configure the Harbor YML File
  5. Run the Installer Script

Prerequisites:

Docker Engine — Version 17.06.0-ce+ or higher

Docker Compose — docker-compose (v1.18.0+) or docker compose v2 (docker-compose-plugin)

Openssl — Latest is preferred.

CPU Minimun: 2 CPU, Recommended 4 CPU

MEM Minimun: 4 GB, Recommended 8 GB

DISK Minimun: 40 GB, Recommended 160 GB

Step 1: Provision Centos 7 VM

For this tutorial I provision a Centos 7 VM on GCP

Step 2: Install Docker & wget

In you VM

sudo curl https://get.docker.com | sh
sudo yum install wget -y

[root@harbor ~]# docker version
Client: Docker Engine - Community
Version: 20.10.23
API version: 1.41
Go version: go1.18.10
Git commit: 7155243
Built: Thu Jan 19 17:36:21 2023
OS/Arch: linux/amd64
Context: default
Experimental: true

Server: Docker Engine - Community
Engine:
Version: 20.10.23
API version: 1.41 (minimum version 1.12)
Go version: go1.18.10
Git commit: 6051f14
Built: Thu Jan 19 17:34:26 2023
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.6.16
GitCommit: 31aa4358a36870b21a992d3ad2bef29e1d693bec
runc:
Version: 1.1.4
GitCommit: v1.1.4-0-g5fd4c4d
docker-init:
Version: 0.19.0
GitCommit: de40ad0

Step 3: Install Docker Compose

sudo curl -SL https://github.com/docker/compose/releases/download/v2.15.1/docker-compose-linux-x86_64 -o /usr/local/bin/docker-compose

sudo chmod +x /usr/local/bin/docker-compose
[root@harbor ~]# docker compose version
Docker Compose version v2.15.1

Step 4: Install OpenSSL for Certificates

sudo yum install openssl -y 

Step 5: Download Harbor installer.

Releases · goharbor/harbor (github.com)

wget https://github.com/goharbor/harbor/releases/download/v2.7.0/harbor-online-installer-v2.7.0.tgz

[root@harbor ~]# ll
total 12
-rw-r--r--. 1 root root 10987 Dec 19 02:43 harbor-online-installer-v2.7.0.tgz

Step 6: Create Certificates using openssl for HTTPS.

For the hostname I’m using my.harbor.com

mkdir -p cert
cd cert

openssl genrsa -out ca.key 4096

openssl req -x509 -new -nodes -sha512 -days 3650 \
-subj "/C=PH/ST=NCR/L=Manila/O=Any/OU=Personal/CN=my.harbor.com" \
-key ca.key \
-out ca.crt


openssl genrsa -out my.harbor.com.key 4096


openssl req -sha512 -new \
-subj "/C=CN/PH=NCR/L=Manila/O=Any/OU=Personal/CN=my.harbor.com" \
-key my.harbor.com.key \
-out my.harbor.com.csr


cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1=my.harbor.com
EOF




openssl x509 -req -sha512 -days 3650 \
-extfile v3.ext \
-CA ca.crt -CAkey ca.key -CAcreateserial \
-in my.harbor.com.csr \
-out my.harbor.com.crt

openssl x509 -inform PEM -in my.harbor.com.crt -out my.harbor.com.cert

[root@harbor ~]# ls cert
ca.crt ca.key ca.srl my.harbor.com.cert my.harbor.com.crt my.harbor.com.csr my.harbor.com.key v3.ext

Copy .crt and .key in folder /data/cert

mkdir -p /data/cert/
cp my.harbor.com.crt /data/cert/
cp my.harbor.com.key /data/cert/

[root@harbor ~]# ls /data/cert/
my.harbor.com.crt my.harbor.com.key

Copy .cert .key ca.crt to docker certs

Note: make sure that the name of the folder is same for your hostname and port.

mkdir -p /etc/docker/certs.d/my.harbor.com:8443/
cp my.harbor.com.cert /etc/docker/certs.d/my.harbor.com:8443/
cp my.harbor.com.key /etc/docker/certs.d/my.harbor.com:8443/
cp ca.crt /etc/docker/certs.d/my.harbor.com:8443/

[root@harbor ~]# ls /etc/docker/certs.d/my.harbor.com:8443/
ca.crt my.harbor.com.cert my.harbor.com.key

Step 7: Install Harbor

tar -xvf harbor-online-installer-v2.7.0.tgz
cd harbor

Edit harbor.yml template and rename it to harbor.yml

You can choose the port for the http and https.

hostname: my.harbor.com

# https related config
https:
# https port for harbor, default is 443
port: 8443
# The path of cert and key files for nginx
certificate: /data/cert/my.harbor.com.crt
private_key: /data/cert/my.harbor.com.key

harbor_admin_password: admin

inside the harbor folder

./prepare

docker compose up -d

then check if containers are up

[root@harbor ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
19755a629759 goharbor/harbor-jobservice:v2.7.0 "/harbor/entrypoint.…" 10 minutes ago Up 10 minutes (healthy) harbor-jobservice
d5999a3d4a20 goharbor/nginx-photon:v2.7.0 "nginx -g 'daemon of…" 10 minutes ago Up 10 minutes (healthy) 0.0.0.0:8443->8443/tcp, :::8443->8443/tcp, 0.0.0.0:8081->8080/tcp, :::8081->8080/tcp nginx
f2b8d084368f goharbor/harbor-core:v2.7.0 "/harbor/entrypoint.…" 10 minutes ago Up 10 minutes (healthy) harbor-core
355020aa5c04 goharbor/redis-photon:v2.7.0 "redis-server /etc/r…" 10 minutes ago Up 10 minutes (healthy) redis
97eec786f2dd goharbor/harbor-registryctl:v2.7.0 "/home/harbor/start.…" 10 minutes ago Up 10 minutes (healthy) registryctl
a365effeed86 goharbor/harbor-db:v2.7.0 "/docker-entrypoint.…" 10 minutes ago Up 10 minutes (healthy) harbor-db
c14d58a8b0b9 goharbor/registry-photon:v2.7.0 "/home/harbor/entryp…" 10 minutes ago Up 10 minutes (healthy) registry
1742ab1d2cc6 goharbor/harbor-portal:v2.7.0 "nginx -g 'daemon of…" 10 minutes ago Up 10 minutes (healthy) harbor-portal
7830bc74811c goharbor/harbor-log:v2.7.0 "/bin/sh -c /usr/loc…" 10 minutes ago Up 10 minutes (healthy) 127.0.0.1:1514->10514/tcp harbor-log

In your browser.

You can download the certificate you generated to enable https.

login using the credentials you provided in the harbor.yml file

Conclusion

In this tutorial, we’ve installed harbor centos 7 using docker and docker compose and configure HTTPS access.

=====================================================

mkdir -p cert

cd cert


openssl genrsa -out ca.key 4096


openssl req -x509 -new -nodes -sha512 -days 3650 \

 -subj "/C=PH/ST=NCR/L=Manila/O=Any/OU=Personal/CN=harbor.yogya.com" \

 -key ca.key \

 -out ca.crt

 

 

openssl genrsa -out harbor.yogya.com.key 4096

 

 

openssl req -sha512 -new \

    -subj "/C=CN/PH=NCR/L=Manila/O=Any/OU=Personal/CN=harbor.yogya.com" \

    -key harbor.yogya.com.key \

    -out harbor.yogya.com.csr

 

 

cat > v3.ext <<-EOF

authorityKeyIdentifier=keyid,issuer

basicConstraints=CA:FALSE

keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment

extendedKeyUsage = serverAuth

subjectAltName = @alt_names

[alt_names]

DNS.1=harbor.yogya.com

EOF



 

openssl x509 -req -sha512 -days 3650 \

    -extfile v3.ext \

    -CA ca.crt -CAkey ca.key -CAcreateserial \

    -in harbor.yogya.com.csr \

    -out harbor.yogya.com.crt


openssl x509 -inform PEM -in harbor.yogya.com.crt -out harbor.yogya.com.cert

Tidak ada komentar:

Posting Komentar