Harbor for PoC

2021-03-30
harbor
harbor/poc/private registry/veba

Configure Harbor for LAB or PoC Environment (container based). These are series for configuring VEBA (openfaas for vmware event based alerting).

Summary tasks:

  1. Deploy and configure photon-os. Photon-OS easier to prepare for container (docker) based workloads.
  2. Install and configure Harbor

Deploy and Configure Photon

  1. To install photon, download latest from https://github.com/vmware/photon/wiki/Downloading-Photon-OS

Deploy from OVA normally quite easy.

Go to console of the deployed VM and login using these credentials”
Default username: “root”
Default password: “changeme”

  1. Change the network to static if the LAB or POC doesn’t hanve dhcp.
1
2
3
4
5
6
7
8
cat > /etc/systemd/network/10-static-en.network << "EOF"
[Match]
Name=eth0
[Network]
Address=198.168.110.101/24
Gateway=198.168.110.1
DNS=192.168.110.10
EOF

  1. Change the new file’s mode bits by running the chmod command:

    1
    chmod 644 10-static-en.network

  2. Apply the configuration by running the following command:

1
systemctl restart systemd-networkd

  1. Clear your VM ID by running command:

    1
    echo -n > /etc/machine-id

  2. Change the server hostname by editing the file: /etc/hostname

    1
    2
    cat /etc/hostname
    veba-cli

  3. Change the server hostname/IP relationship by editing the file: /etc/hosts

    1
    2
    3
    4
    5
    6
    7
    8
    cat /etc/hosts
    # Begin /etc/hosts (network card version)

    ::1         ipv6-localhost ipv6-loopback
    127.0.0.1   localhost.localdomain
    127.0.0.1   localhost
    127.0.0.1   veba-cli
    # End /etc/hosts (network card version)

Install and Configure Harbor

These steps refering blog from https://www.virtuallyghetto.com/2020/05/configure-non-secure-harbor-registry-with-tanzu-kubernetes-grid-tkg.html

  1. Install required packages in the photon-os

    1
    2
    tdnf -y update
    tdnf -y install perl

  2. Enable and start the docker client:

    1
    2
    systemctl enable docker
    systemctl start docker

  3. To be able to use the Docker client to push containers to our insecure registry, we will need to create the following configuration to allow us to connect and push containers into our insecure registry. In this example, I will be using IP Address of 192.168.110.101 and port 80. 

    1
    2
    3
    4
    5
    6
    cat > /etc/docker/daemon.json << EOF
    {
    "insecure-registries": ["http://192.168.110.101:80"]
    }
    EOF
    systemctl restart docker

  4. Download and install Docker Compose which is required to run Harbor:

    1
    2
    curl -L "https://github.com/docker/compose/releases/download/1.28.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
    chmod +x /usr/local/bin/docker-compose

  5. Download and extract the Harbor Offline Installer:

    1
    2
    3
    4
    curl -L https://github.com/goharbor/harbor/releases/download/v2.1.3/harbor-offline-installer-v2.1.3.tgz -o harbor-offline-installer-v2.1.3.tgz
    tdnf -y install tar
    tar xvzf harbor-offline-installer*.tgz
    rm -f harbor-offline-installer-v2.1.3.tgz

  6. Change into harbor directory and edit the harbor.yml configuration file. First, comment out the entire https section as we are just going to be using http. Next, update the following properties with the respective values of your environment and then save the changes and exit.

property value
hostname 192.168.110.101
harbor_admin_password VMware1!
password VMware1!

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
root@veba-cli [ ~/harbor ]# mv harbor.yml.tmpl harbor.yml


# The IP address or hostname to access admin UI and registry service.
# DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
hostname: 192.168.110.101

# https related config
#https:
  # https port for harbor, default is 443
  #port: 443
  # The path of cert and key files for nginx
  #certificate: /your/certificate/path
  #private_key: /your/private/key/path

# The initial password of Harbor admin
# It only works in first time to install harbor
# Remember Change the admin password from UI after launching Harbor.
harbor_admin_password: VMware1!

# Harbor DB configuration
database:
  # The password for the root user of Harbor DB. Change this before any production use.
  password: VMware1!
  # The maximum number of connections in the idle connection pool. If it <=0, no idle connections are retained.
  max_idle_conns: 50
  # The maximum number of open connections to the database. If it <= 0, then there is no limit on the number of open connections.
  # Note: the default number of connections is 1024 for postgres of harbor.
  max_open_conns: 1000

  1. Run the following command to start the Harbor installation:

    1
    ./install.sh

  2. Test access to harbor private registry

    1
    2
    3
    4
    5
    6
    7
    root@veba-cli [ ~/harbor ]# docker login -u admin -p VMware1! 192.168.110.101:80/library
    WARNING! Using --password via the CLI is insecure. Use --password-stdin.
    WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
    Configure a credential helper to remove this warning. See
    https://docs.docker.com/engine/reference/commandline/login/#credentials-store

    Login Succeeded