Harbor 설치

Tech Note 정보
카테고리: [ Cloud Computing & MSA ]
조회수: 42540

1. 개요

2. 다운로드

홈페이지 : https://github.com/goharbor/harbor/releases

$ wget https://storage.googleapis.com/harbor-releases/release-1.9.0/harbor-online-installer-v1.9.0.tgz
--2019-09-30 23:17:36--  https://storage.googleapis.com/harbor-releases/release-1.9.0/harbor-online-installer-v1.9.0.tgz
Resolving storage.googleapis.com (storage.googleapis.com)... 172.217.161.80, 2404:6800:4004:81b::2010
Connecting to storage.googleapis.com (storage.googleapis.com)|172.217.161.80|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 8396 (8.2K) [application/x-tar]
Saving to: ‘harbor-online-installer-v1.9.0.tgz’
 
harbor-online-installer-v1.9.0.tgz                  100%[==================================================================================================================>]   8.20K  --.-KB/s    in 0s
 
2019-09-30 23:17:42 (78.8 MB/s) - ‘harbor-online-installer-v1.9.0.tgz’ saved [8396/8396]

파일을 확인한다.

$ ls -tlr
total 32
-rwxr-xr-x 1 ubuntu ubuntu  1748 Sep 19 05:59 prepare
-rwxr-xr-x 1 ubuntu ubuntu  5088 Sep 19 05:59 install.sh
-rw-r--r-- 1 ubuntu ubuntu  5805 Sep 19 05:59 harbor.yml
-rw-r--r-- 1 ubuntu ubuntu 11347 Sep 19 05:59 LICENSE

3. 설치 시작

install.sh 실행한다.

$ ./install.sh
➜ Please set hostname and other necessary attributes in harbor.yml first. DO NOT use localhost or 127.0.0.1 for hostname, because Harbor needs to be accessed by external clients.
Please set --with-notary if needs enable Notary in Harbor, and set ui_url_protocol/ssl_cert/ssl_cert_key in harbor.yml bacause notary must run under https.
Please set --with-clair if needs enable Clair in Harbor
Please set --with-chartmuseum if needs enable Chartmuseum in Harbor

-> 이 메시지가 나오면 harbor.yml에서 호스트명 변경

$ ./install.sh
 
[Step 0]: checking installation environment ...
 
Note: docker version: 18.09.7
✖ Need to install docker-compose(1.18.0+) by yourself first and run this script again.

-> 이 메시지가 나오면 docker-compose를 설치

$ ./install.sh

[Step 0]: checking installation environment ...

Note: docker version: 18.09.7

Note: docker-compose version: 1.24.1

[Step 1]: preparing environment ...
prepare base dir is set to /home/ubuntu/harbor/harbor
docker: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Post http://%2Fvar%2Frun%2Fdocker.sock/v1.39/containers/create: dial unix /var/run/docker.sock: connect: permission denied.
See 'docker run --help'.

-> 이 메시지가 나오면 sudo로 실행

$ sudo ./install.sh

[Step 0]: checking installation environment ...

Note: docker version: 18.09.7

Note: docker-compose version: 1.24.1

[Step 1]: preparing environment ...
prepare base dir is set to /home/ubuntu/harbor/harbor
Unable to find image 'goharbor/prepare:v1.9.0' locally
v1.9.0: Pulling from goharbor/prepare
a1fd40743af1: Pull complete
2abd879a065c: Pull complete
97e2250cf3db: Pull complete
4aa32a250145: Pull complete
a9edf7ed2d3d: Pull complete
9960c7e0f209: Pull complete
c3f6c5fd4eca: Pull complete
Digest: sha256:3ab709e7f62dac42b729535a13a7fba6fed92071bab75b5ba7f1bb26a59db20f
Status: Downloaded newer image for goharbor/prepare:v1.9.0
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
Generated and saved secret to file: /secret/keys/secretkey
Generated certificate, key file: /secret/core/private_key.pem, cert file: /secret/registry/root.crt
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir

4. 확인

브라우저로 http://로 접속한다. (80번 포트임)

로그인 정보는 harbor.yml에 들어있다.

5. HTTPS 설정

애초에 harbor.yml에 https 설정을 했으면 상관없는데 이미 설치가 완료된 상태에서 https를 설정하는 방법이다.

5.1. harbor.yml 수정

(물론 key는 이미 생성되어 있는 상태임)

https:
  port: 443
  certificate: /home/ubuntu/key/server.crt
  private_key: /home/ubuntu/key/server.key

5.2. prepare 실행

$ sudo ./prepare
prepare base dir is set to /home/ubuntu/harbor
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
loaded secret from file: /secret/keys/secretkey
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir

5.3. docker compose down

$ sudo docker-compose down -v
Stopping nginx             ... done
Stopping harbor-jobservice ... done
Stopping harbor-core       ... done
Stopping registryctl       ... done
Stopping redis             ... done
Stopping harbor-portal     ... done
Stopping registry          ... done
Stopping harbor-db         ... done
Stopping harbor-log        ... done
Removing nginx             ... done
Removing harbor-jobservice ... done
Removing harbor-core       ... done
Removing registryctl       ... done
Removing redis             ... done
Removing harbor-portal     ... done
Removing registry          ... done
Removing harbor-db         ... done
Removing harbor-log        ... done
Removing network harbor_harbor

5.4. docker compuse up

$ sudo docker-compose up -d
Creating network "harbor_harbor" with the default driver
Creating harbor-log ... done
Creating harbor-portal ... done
Creating harbor-db     ... done
Creating registry      ... done
Creating registryctl   ... done
Creating redis         ... done
Creating harbor-core   ... done
Creating harbor-jobservice ... done
Creating nginx             ... done

6. docker push

6.1. docker login

$ sudo docker login ip-172-31-8-20:443
Username: kasey88
Password:
WARNING! Your password will be stored unencrypted in /home/ubuntu/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

6.2. docker tag

$ sudo docker tag appscan:0.1 ip-172-31-8-20:443/kasey88/apps:0.1

6.3. docker push

$ sudo docker push ip-172-31-8-20:443/kasey88/apps:0.1

docker images로 확인한다.

$ sudo docker images
REPOSITORY                           TAG                        IMAGE ID            CREATED             SIZE
apps                                 0.1                        f80dee56d41e        17 hours ago        90.8MB
ip-172-31-8-20:443/kasey88/apps      0.1                        f80dee56d41e        17 hours ago        90.8MB