手当たり次第に書くんだ

飽きっぽいのは本能

目次に戻る

概要

CentOS8をベースにHarborを構築します。HarborはVMwareが開発したプライベートコンテナイメージレポジトリです。実態はDockerのプライベートレジストリであり、Harborはフロントエンドです。

CentOS8

[root@centos ~]# hostnamectl set-hostname harbor.si1230.com
[root@harbor ~]# dnf upgrade
[root@harbor ~]# dnf install net-tools bash-completion vim-enhanced wget tree git
[root@harbor ~]# systemctl disable --now firewalld.service
[root@harbor ~]# echo "SELINUX=disabled" > /etc/selinux/config

SSL証明書の配置

SSL証明書はDockerとHarborが使用します。手順を分かりやすくする為、証明書用のディレクトリを作成し、必要なファイルを配置します。

[root@harbor ~]# mkdir /root/pki

SCP等で”/root/pki”ディレクトリに証明書を配置します。必要なファイルはルート証明書(ca.crt)、サーバー証明書(server.crt)、秘密鍵(server.key)です。本稿では既存の証明書を使用する為、証明書作成手順は省略します。

Docker

Dockerのインストールと起動

https://docs.docker.com/engine/install/centos/

2022.2.20
runcと競合してインストールできない為、install時に–allowerasingを付与することで対処。

[root@harbor ~]# yum install yum-utils
[root@harbor ~]# yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
[root@harbor ~]# yum install --allowerasing docker-ce docker-ce-cli containerd.io
[root@harbor ~]# systemctl enable --now docker.service
[root@harbor ~]# systemctl status docker.service

DockerのSSL対応

Dockerの用のサーバー証明書

Dockerは.crtをルート証明書、.certをサーバー証明書として解釈する仕様です。サーバー証明書を.certに変換します。たまに他のソフトウェアでも見かけますが、面倒な仕様だなと思っています。もちろん、証明書ファイル名だけで設定ファイルでの指定は無いことは便利だと思いますが。

[root@harbor ~]# cd /root/pki
[root@harbor ~]# openssl x509 -inform PEM -in server.crt -out server.cert
[root@harbor ~]# mkdir /etc/docker/certs.d
[root@harbor ~]# cd /root/pki
[root@harbor ~]# cp ca.crt server.cert server.key /etc/docker/certs.d
[root@harbor ~]# cp ca.crt /etc/pki/ca-trust/source/anchors
[root@harbor ~]# update-ca-trust extract
[root@harbor ~]# systemctl restart docker.service
[root@harbor ~]# systemctl status docker.service

Docker Compose

https://docs.docker.jp/compose/install.html

[root@harbor ~]# curl -L https://github.com/docker/compose/releases/download/v2.1.0/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
[root@harbor ~]# chmod +x /usr/local/bin/docker-compose

Harbor

https://goharbor.io/docs/2.4.0/install-config/

Harbor用ディレクトリの作成

Harbor用のディレクトリは/dataです。コンテナのデータボリュームとして使われます。後述のyml内に記載されています。

[root@harbor ~]# mkdir /data

Harbor用のSSL証明書

各証明書を配置します。

[root@harbor ~]# mkdir /data/cert
[root@harbor ~]# cd /root/pki
[root@harbor ~]# cp server.crt server.key /data/cert

Harborのダウンロードと展開

Harborをダウンロードし、展開します。

[root@harbor ~]# wget https://github.com/goharbor/harbor/releases/download/v2.4.0/harbor-offline-installer-v2.4.0.tgz
[root@harbor ~]# tar xzvf harbor-offline-installer-v2.4.0.tgz

Harborの設定

Harborを設定します。

[root@harbor ~]# cp /root/harbor/harbor.yml.tmpl /root/harbor/harbor.yml
[root@harbor ~]# vim /root/harbor/harbor.yml

hostname: harbor.si1230.com
https:
  port: 443
  certificate: /data/cert/server.crt
  private_key: /data/cert/server.key

Harborのデプロイ

prepareを実行します。prepareの内部ではDocker Composeが実行されています。

[root@harbor ~]# chmod +x /root/harbor/prepare
[root@harbor ~]# /root/harbor/prepare

prepare base dir is set to /root/harbor
Unable to find image 'goharbor/prepare:v2.4.0' locally
v2.4.0: Pulling from goharbor/prepare
f46a0e9c442c: Pull complete
7e931ef2b2a4: Pull complete
81f51b80102b: Pull complete
29cc34051f9e: Pull complete
8b49406ca171: Pull complete
cdece38b7418: Pull complete
91a66d468cce: Pull complete
98764516aa60: Pull complete
Digest: sha256:bd88e782e9956d07f5196067c63cd46f9e792e9e59128fb2bd9d49d250e0aeb4
Status: Downloaded newer image for goharbor/prepare:v2.4.0
Generated configuration file: /config/portal/nginx.conf
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/registryctl/config.yml
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
Generated and saved secret to file: /data/secret/keys/secretkey
Successfully called func: create_root_cert
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir

install.shを実行します。

[root@harbor ~]# chmod +x /root/harbor/install.sh
[root@harbor ~]# /root/harbor/install.sh

[Step 0]: checking if docker is installed ...

Note: docker version: 20.10.10

[Step 1]: checking docker-compose is installed ...

Note: docker-compose version: 2.1.0

[Step 2]: loading Harbor images ...
Loaded image: goharbor/nginx-photon:v2.4.0
Loaded image: goharbor/registry-photon:v2.4.0
Loaded image: goharbor/harbor-portal:v2.4.0
Loaded image: goharbor/harbor-jobservice:v2.4.0
4386974468aa: Loading layer [==================================================>]   6.82MB/6.82MB
579a66424b7a: Loading layer [==================================================>]  5.928MB/5.928MB
2b9d2e280ef8: Loading layer [==================================================>]  15.88MB/15.88MB
d9567ce114f8: Loading layer [==================================================>]  29.29MB/29.29MB
5d01e6628d85: Loading layer [==================================================>]  22.02kB/22.02kB
8c80a21febbf: Loading layer [==================================================>]  15.88MB/15.88MB
Loaded image: goharbor/notary-server-photon:v2.4.0
7767a9a4479b: Loading layer [==================================================>]   6.82MB/6.82MB
0664c36ecb86: Loading layer [==================================================>]  5.928MB/5.928MB
ad0f949dfc16: Loading layer [==================================================>]  14.47MB/14.47MB
df51bcd9a736: Loading layer [==================================================>]  29.29MB/29.29MB
2cf7b7bb600e: Loading layer [==================================================>]  22.02kB/22.02kB
a3b43b64a719: Loading layer [==================================================>]  14.47MB/14.47MB
Loaded image: goharbor/notary-signer-photon:v2.4.0
f3bbf8e07e1f: Loading layer [==================================================>]  7.363MB/7.363MB
ea614a476036: Loading layer [==================================================>]  4.096kB/4.096kB
38f5e7b4e1e1: Loading layer [==================================================>]  3.072kB/3.072kB
78afbc6e6135: Loading layer [==================================================>]  39.27MB/39.27MB
6203e5b43d83: Loading layer [==================================================>]  12.37MB/12.37MB
800fc9f7d779: Loading layer [==================================================>]  52.43MB/52.43MB
Loaded image: goharbor/trivy-adapter-photon:v2.4.0
Loaded image: goharbor/prepare:v2.4.0
Loaded image: goharbor/harbor-core:v2.4.0
e532b9dd2cad: Loading layer [==================================================>]  9.918MB/9.918MB
aefdfde2cb3a: Loading layer [==================================================>]  18.13MB/18.13MB
d9a12ea52fc1: Loading layer [==================================================>]  4.608kB/4.608kB
aace45b92bba: Loading layer [==================================================>]  18.93MB/18.93MB
Loaded image: goharbor/harbor-exporter:v2.4.0
Loaded image: goharbor/harbor-log:v2.4.0
Loaded image: goharbor/harbor-db:v2.4.0
Loaded image: goharbor/harbor-registryctl:v2.4.0
Loaded image: goharbor/redis-photon:v2.4.0
bf6fc6847c5e: Loading layer [==================================================>]  6.824MB/6.824MB
0b6586c93e0a: Loading layer [==================================================>]   64.5MB/64.5MB
5f2896ebc8d8: Loading layer [==================================================>]  3.072kB/3.072kB
1e0535e72851: Loading layer [==================================================>]  4.096kB/4.096kB
55569fb37556: Loading layer [==================================================>]  65.29MB/65.29MB
Loaded image: goharbor/chartmuseum-photon:v2.4.0

[Step 3]: preparing environment ...

[Step 4]: preparing harbor configs ...
prepare base dir is set to /root/harbor
Clearing the configuration file: /config/portal/nginx.conf
Clearing the configuration file: /config/log/logrotate.conf
Clearing the configuration file: /config/log/rsyslog_docker.conf
Clearing the configuration file: /config/nginx/nginx.conf
Clearing the configuration file: /config/core/env
Clearing the configuration file: /config/core/app.conf
Clearing the configuration file: /config/registry/passwd
Clearing the configuration file: /config/registry/config.yml
Clearing the configuration file: /config/registryctl/env
Clearing the configuration file: /config/registryctl/config.yml
Clearing the configuration file: /config/db/env
Clearing the configuration file: /config/jobservice/env
Clearing the configuration file: /config/jobservice/config.yml
Generated configuration file: /config/portal/nginx.conf
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/registryctl/config.yml
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
loaded secret from file: /data/secret/keys/secretkey
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir

[Step 5]: starting Harbor ...
[+] Running 0/0
 ⠋ Container harbor-log  Creating                                                                                                                                                                         0.0s
Error response from daemon: invalid mount config for type "bind": bind source path does not exist: /var/log/harbor/

どうやらharbor-logがボリュームでマウントしたい/var/log/harborが無いようなので作成して再度実行します。prepareの不足でしょうか。

[root@harbor ~]# mkdir /var/log/harbor
[root@harbor ~]# /root/harbor/install.sh

[Step 0]: checking if docker is installed ...

Note: docker version: 20.10.10

[Step 1]: checking docker-compose is installed ...

Note: docker-compose version: 2.1.0

[Step 2]: loading Harbor images ...
Loaded image: goharbor/nginx-photon:v2.4.0
Loaded image: goharbor/registry-photon:v2.4.0
Loaded image: goharbor/harbor-portal:v2.4.0
Loaded image: goharbor/harbor-jobservice:v2.4.0
Loaded image: goharbor/notary-server-photon:v2.4.0
Loaded image: goharbor/notary-signer-photon:v2.4.0
Loaded image: goharbor/trivy-adapter-photon:v2.4.0
Loaded image: goharbor/prepare:v2.4.0
Loaded image: goharbor/harbor-core:v2.4.0
Loaded image: goharbor/harbor-exporter:v2.4.0
Loaded image: goharbor/harbor-log:v2.4.0
Loaded image: goharbor/harbor-db:v2.4.0
Loaded image: goharbor/harbor-registryctl:v2.4.0
Loaded image: goharbor/redis-photon:v2.4.0
Loaded image: goharbor/chartmuseum-photon:v2.4.0

[Step 3]: preparing environment ...

[Step 4]: preparing harbor configs ...
prepare base dir is set to /root/harbor
Clearing the configuration file: /config/portal/nginx.conf
Clearing the configuration file: /config/log/logrotate.conf
Clearing the configuration file: /config/log/rsyslog_docker.conf
Clearing the configuration file: /config/nginx/nginx.conf
Clearing the configuration file: /config/core/env
Clearing the configuration file: /config/core/app.conf
Clearing the configuration file: /config/registry/passwd
Clearing the configuration file: /config/registry/config.yml
Clearing the configuration file: /config/registryctl/env
Clearing the configuration file: /config/registryctl/config.yml
Clearing the configuration file: /config/db/env
Clearing the configuration file: /config/jobservice/env
Clearing the configuration file: /config/jobservice/config.yml
Generated configuration file: /config/portal/nginx.conf
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/registryctl/config.yml
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
loaded secret from file: /data/secret/keys/secretkey
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir

[Step 5]: starting Harbor ...
[+] Running 9/9
 ⠿ Container harbor-log         Started                                                                                                                                                                   0.8s
 ⠿ Container harbor-portal      Started                                                                                                                                                                   4.2s
 ⠿ Container redis              Started                                                                                                                                                                   4.2s
 ⠿ Container registryctl        Started                                                                                                                                                                   5.2s
 ⠿ Container registry           Started                                                                                                                                                                   4.2s
 ⠿ Container harbor-db          Started                                                                                                                                                                   4.2s
 ⠿ Container harbor-core        Started                                                                                                                                                                   6.1s
 ⠿ Container harbor-jobservice  Started                                                                                                                                                                   9.2s
 ⠿ Container nginx              Started                                                                                                                                                                   9.1s
✔ ----Harbor has been installed and started successfully.----

問題なければDockerコマンドで状態を確認できます。

[root@harbor ~]# docker images

REPOSITORY                      TAG       IMAGE ID       CREATED       SIZE
goharbor/harbor-exporter        v2.4.0    4c61c8b7a70c   13 days ago   82MB
goharbor/chartmuseum-photon     v2.4.0    67b824008b50   13 days ago   173MB
goharbor/redis-photon           v2.4.0    8db1d1af9272   13 days ago   155MB
goharbor/trivy-adapter-photon   v2.4.0    bfd73a656727   13 days ago   148MB
goharbor/notary-server-photon   v2.4.0    f07f3e0c3bea   13 days ago   110MB
goharbor/notary-signer-photon   v2.4.0    dd4d5090ab32   13 days ago   107MB
goharbor/harbor-registryctl     v2.4.0    7cb8dd808259   13 days ago   136MB
goharbor/registry-photon        v2.4.0    928dc0fba05c   13 days ago   78.5MB
goharbor/nginx-photon           v2.4.0    a2592618911d   13 days ago   45MB
goharbor/harbor-log             v2.4.0    a54fed3c39f6   13 days ago   159MB
goharbor/harbor-jobservice      v2.4.0    cd119b9530dd   13 days ago   220MB
goharbor/harbor-core            v2.4.0    3399864a55e2   13 days ago   197MB
goharbor/harbor-portal          v2.4.0    f585c7a62e69   13 days ago   54MB
goharbor/harbor-db              v2.4.0    de4b1b67e241   13 days ago   228MB
goharbor/prepare                v2.4.0    5216fde1e4e8   13 days ago   254MB

[root@harbor ~]# docker ps

CONTAINER ID   IMAGE                                COMMAND                  CREATED         STATUS                   PORTS                                                                            NAMES
172db2caeffb   goharbor/harbor-jobservice:v2.4.0    "/harbor/entrypoint.…"   2 minutes ago   Up 2 minutes (healthy)                                                                                    harbor-jobservice
51b2012f288d   goharbor/nginx-photon:v2.4.0         "nginx -g 'daemon of…"   2 minutes ago   Up 2 minutes (healthy)   0.0.0.0:80->8080/tcp, :::80->8080/tcp, 0.0.0.0:443->8443/tcp, :::443->8443/tcp   nginx
3eb954bd4cf5   goharbor/harbor-core:v2.4.0          "/harbor/entrypoint.…"   2 minutes ago   Up 2 minutes (healthy)                                                                                    harbor-core
d2179042cca7   goharbor/harbor-registryctl:v2.4.0   "/home/harbor/start.…"   2 minutes ago   Up 2 minutes (healthy)                                                                                    registryctl
97e301d2500c   goharbor/harbor-portal:v2.4.0        "nginx -g 'daemon of…"   2 minutes ago   Up 2 minutes (healthy)                                                                                    harbor-portal
5e022c69e2a7   goharbor/redis-photon:v2.4.0         "redis-server /etc/r…"   2 minutes ago   Up 2 minutes (healthy)                                                                                    redis
3d662bfd3ac7   goharbor/harbor-db:v2.4.0            "/docker-entrypoint.…"   2 minutes ago   Up 2 minutes (healthy)                                                                                    harbor-db
723075cf33e2   goharbor/registry-photon:v2.4.0      "/home/harbor/entryp…"   2 minutes ago   Up 2 minutes (healthy)                                                                                    registry
b3702a8c14db   goharbor/harbor-log:v2.4.0           "/bin/sh -c /usr/loc…"   2 minutes ago   Up 2 minutes (healthy)   127.0.0.1:1514->10514/tcp                                                        harbor-log

Harborにブラウザで接続

ブラウザから”https://harbor ip or fqdn”で接続できます。デフォルト値はユーザ名:admin、パスワード:Harbor12345です。

ログイン出来たら新しいプロジェクトとしてmyprojectを作成します。

Dockerにログイン

Dockerにログインします。ここで失敗するケースはおそらく証明書の信頼設定の問題です。

[root@harbor ~]# docker login harbor.si1230.com

HarborにPush

成功するとHarborのダッシュボードにPushしたイメージの情報が表示されます。

[root@harbor ~]# docker pull centos
[root@harbor ~]# docker images

REPOSITORY                      TAG       IMAGE ID       CREATED       SIZE
goharbor/harbor-exporter        v2.4.0    4c61c8b7a70c   13 days ago   82MB
goharbor/chartmuseum-photon     v2.4.0    67b824008b50   13 days ago   173MB
goharbor/redis-photon           v2.4.0    8db1d1af9272   13 days ago   155MB
goharbor/trivy-adapter-photon   v2.4.0    bfd73a656727   13 days ago   148MB
goharbor/notary-server-photon   v2.4.0    f07f3e0c3bea   13 days ago   110MB
goharbor/notary-signer-photon   v2.4.0    dd4d5090ab32   13 days ago   107MB
goharbor/harbor-registryctl     v2.4.0    7cb8dd808259   13 days ago   136MB
goharbor/registry-photon        v2.4.0    928dc0fba05c   13 days ago   78.5MB
goharbor/nginx-photon           v2.4.0    a2592618911d   13 days ago   45MB
goharbor/harbor-log             v2.4.0    a54fed3c39f6   13 days ago   159MB
goharbor/harbor-jobservice      v2.4.0    cd119b9530dd   13 days ago   220MB
goharbor/harbor-core            v2.4.0    3399864a55e2   13 days ago   197MB
goharbor/harbor-portal          v2.4.0    f585c7a62e69   13 days ago   54MB
goharbor/harbor-db              v2.4.0    de4b1b67e241   13 days ago   228MB
goharbor/prepare                v2.4.0    5216fde1e4e8   13 days ago   254MB
centos                          latest    5d0da3dc9764   7 weeks ago   231MB

[root@harbor ~]# docker tag 5d0da3dc9764 harbor.si1230.com/myproject/centos:latest
[root@harbor ~]# docker images

REPOSITORY                           TAG       IMAGE ID       CREATED       SIZE
goharbor/harbor-exporter             v2.4.0    4c61c8b7a70c   13 days ago   82MB
goharbor/chartmuseum-photon          v2.4.0    67b824008b50   13 days ago   173MB
goharbor/redis-photon                v2.4.0    8db1d1af9272   13 days ago   155MB
goharbor/trivy-adapter-photon        v2.4.0    bfd73a656727   13 days ago   148MB
goharbor/notary-server-photon        v2.4.0    f07f3e0c3bea   13 days ago   110MB
goharbor/notary-signer-photon        v2.4.0    dd4d5090ab32   13 days ago   107MB
goharbor/harbor-registryctl          v2.4.0    7cb8dd808259   13 days ago   136MB
goharbor/registry-photon             v2.4.0    928dc0fba05c   13 days ago   78.5MB
goharbor/nginx-photon                v2.4.0    a2592618911d   13 days ago   45MB
goharbor/harbor-log                  v2.4.0    a54fed3c39f6   13 days ago   159MB
goharbor/harbor-jobservice           v2.4.0    cd119b9530dd   13 days ago   220MB
goharbor/harbor-core                 v2.4.0    3399864a55e2   13 days ago   197MB
goharbor/harbor-portal               v2.4.0    f585c7a62e69   13 days ago   54MB
goharbor/harbor-db                   v2.4.0    de4b1b67e241   13 days ago   228MB
goharbor/prepare                     v2.4.0    5216fde1e4e8   13 days ago   254MB
centos                               latest    5d0da3dc9764   7 weeks ago   231MB
harbor.si1230.com/myproject/centos   latest    5d0da3dc9764   7 weeks ago   231MB

[root@harbor ~]# docker push harbor.si1230.com/myproject/centos:latest

The push refers to repository [harbor.si1230.com/myproject/centos]
74ddd0ec08fa: Pushed
latest: digest: sha256:a1801b843b1bfaf77c501e7a6d3f709401a1e0c83863037fa3aab063a7fdb9dc size: 529

目次に戻る

CentOS 8 Harbor 構築

コメントを残す

メールアドレスが公開されることはありません。 が付いている欄は必須項目です

日本語が含まれない投稿は無視されますのでご注意ください。(スパム対策)

トップへ戻る