Contents
概要
CentOS8をベースにHarborを構築します。HarborはVMwareが開発したプライベートコンテナイメージレポジトリです。実態はDockerのプライベートレジストリであり、Harborはフロントエンドです。
CentOS8
[root@centos ~]# hostnamectl set-hostname harbor.si1230.com [root@harbor ~]# dnf upgrade [root@harbor ~]# dnf install net-tools bash-completion vim-enhanced wget tree git [root@harbor ~]# systemctl disable --now firewalld.service [root@harbor ~]# echo "SELINUX=disabled" > /etc/selinux/config
SSL証明書の配置
SSL証明書はDockerとHarborが使用します。手順を分かりやすくする為、証明書用のディレクトリを作成し、必要なファイルを配置します。
[root@harbor ~]# mkdir /root/pki
SCP等で”/root/pki”ディレクトリに証明書を配置します。必要なファイルはルート証明書(ca.crt)、サーバー証明書(server.crt)、秘密鍵(server.key)です。本稿では既存の証明書を使用する為、証明書作成手順は省略します。
Docker
Dockerのインストールと起動
https://docs.docker.com/engine/install/centos/
2022.2.20
runcと競合してインストールできない為、install時に–allowerasingを付与することで対処。
[root@harbor ~]# yum install yum-utils [root@harbor ~]# yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo [root@harbor ~]# yum install --allowerasing docker-ce docker-ce-cli containerd.io [root@harbor ~]# systemctl enable --now docker.service [root@harbor ~]# systemctl status docker.service
DockerのSSL対応
Dockerの用のサーバー証明書
Dockerは.crtをルート証明書、.certをサーバー証明書として解釈する仕様です。サーバー証明書を.certに変換します。たまに他のソフトウェアでも見かけますが、面倒な仕様だなと思っています。もちろん、証明書ファイル名だけで設定ファイルでの指定は無いことは便利だと思いますが。
[root@harbor ~]# cd /root/pki [root@harbor ~]# openssl x509 -inform PEM -in server.crt -out server.cert [root@harbor ~]# mkdir /etc/docker/certs.d [root@harbor ~]# cd /root/pki [root@harbor ~]# cp ca.crt server.cert server.key /etc/docker/certs.d [root@harbor ~]# cp ca.crt /etc/pki/ca-trust/source/anchors [root@harbor ~]# update-ca-trust extract [root@harbor ~]# systemctl restart docker.service [root@harbor ~]# systemctl status docker.service
Docker Compose
https://docs.docker.jp/compose/install.html
[root@harbor ~]# curl -L https://github.com/docker/compose/releases/download/v2.1.0/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose [root@harbor ~]# chmod +x /usr/local/bin/docker-compose
Harbor
https://goharbor.io/docs/2.4.0/install-config/
Harbor用ディレクトリの作成
Harbor用のディレクトリは/dataです。コンテナのデータボリュームとして使われます。後述のyml内に記載されています。
[root@harbor ~]# mkdir /data
Harbor用のSSL証明書
各証明書を配置します。
[root@harbor ~]# mkdir /data/cert [root@harbor ~]# cd /root/pki [root@harbor ~]# cp server.crt server.key /data/cert
Harborのダウンロードと展開
Harborをダウンロードし、展開します。
[root@harbor ~]# wget https://github.com/goharbor/harbor/releases/download/v2.4.0/harbor-offline-installer-v2.4.0.tgz [root@harbor ~]# tar xzvf harbor-offline-installer-v2.4.0.tgz
Harborの設定
Harborを設定します。
[root@harbor ~]# cp /root/harbor/harbor.yml.tmpl /root/harbor/harbor.yml [root@harbor ~]# vim /root/harbor/harbor.yml hostname: harbor.si1230.com https: port: 443 certificate: /data/cert/server.crt private_key: /data/cert/server.key
Harborのデプロイ
prepareを実行します。prepareの内部ではDocker Composeが実行されています。
[root@harbor ~]# chmod +x /root/harbor/prepare [root@harbor ~]# /root/harbor/prepare prepare base dir is set to /root/harbor Unable to find image 'goharbor/prepare:v2.4.0' locally v2.4.0: Pulling from goharbor/prepare f46a0e9c442c: Pull complete 7e931ef2b2a4: Pull complete 81f51b80102b: Pull complete 29cc34051f9e: Pull complete 8b49406ca171: Pull complete cdece38b7418: Pull complete 91a66d468cce: Pull complete 98764516aa60: Pull complete Digest: sha256:bd88e782e9956d07f5196067c63cd46f9e792e9e59128fb2bd9d49d250e0aeb4 Status: Downloaded newer image for goharbor/prepare:v2.4.0 Generated configuration file: /config/portal/nginx.conf Generated configuration file: /config/log/logrotate.conf Generated configuration file: /config/log/rsyslog_docker.conf Generated configuration file: /config/nginx/nginx.conf Generated configuration file: /config/core/env Generated configuration file: /config/core/app.conf Generated configuration file: /config/registry/config.yml Generated configuration file: /config/registryctl/env Generated configuration file: /config/registryctl/config.yml Generated configuration file: /config/db/env Generated configuration file: /config/jobservice/env Generated configuration file: /config/jobservice/config.yml Generated and saved secret to file: /data/secret/keys/secretkey Successfully called func: create_root_cert Generated configuration file: /compose_location/docker-compose.yml Clean up the input dir
install.shを実行します。
[root@harbor ~]# chmod +x /root/harbor/install.sh [root@harbor ~]# /root/harbor/install.sh [Step 0]: checking if docker is installed ... Note: docker version: 20.10.10 [Step 1]: checking docker-compose is installed ... Note: docker-compose version: 2.1.0 [Step 2]: loading Harbor images ... Loaded image: goharbor/nginx-photon:v2.4.0 Loaded image: goharbor/registry-photon:v2.4.0 Loaded image: goharbor/harbor-portal:v2.4.0 Loaded image: goharbor/harbor-jobservice:v2.4.0 4386974468aa: Loading layer [==================================================>] 6.82MB/6.82MB 579a66424b7a: Loading layer [==================================================>] 5.928MB/5.928MB 2b9d2e280ef8: Loading layer [==================================================>] 15.88MB/15.88MB d9567ce114f8: Loading layer [==================================================>] 29.29MB/29.29MB 5d01e6628d85: Loading layer [==================================================>] 22.02kB/22.02kB 8c80a21febbf: Loading layer [==================================================>] 15.88MB/15.88MB Loaded image: goharbor/notary-server-photon:v2.4.0 7767a9a4479b: Loading layer [==================================================>] 6.82MB/6.82MB 0664c36ecb86: Loading layer [==================================================>] 5.928MB/5.928MB ad0f949dfc16: Loading layer [==================================================>] 14.47MB/14.47MB df51bcd9a736: Loading layer [==================================================>] 29.29MB/29.29MB 2cf7b7bb600e: Loading layer [==================================================>] 22.02kB/22.02kB a3b43b64a719: Loading layer [==================================================>] 14.47MB/14.47MB Loaded image: goharbor/notary-signer-photon:v2.4.0 f3bbf8e07e1f: Loading layer [==================================================>] 7.363MB/7.363MB ea614a476036: Loading layer [==================================================>] 4.096kB/4.096kB 38f5e7b4e1e1: Loading layer [==================================================>] 3.072kB/3.072kB 78afbc6e6135: Loading layer [==================================================>] 39.27MB/39.27MB 6203e5b43d83: Loading layer [==================================================>] 12.37MB/12.37MB 800fc9f7d779: Loading layer [==================================================>] 52.43MB/52.43MB Loaded image: goharbor/trivy-adapter-photon:v2.4.0 Loaded image: goharbor/prepare:v2.4.0 Loaded image: goharbor/harbor-core:v2.4.0 e532b9dd2cad: Loading layer [==================================================>] 9.918MB/9.918MB aefdfde2cb3a: Loading layer [==================================================>] 18.13MB/18.13MB d9a12ea52fc1: Loading layer [==================================================>] 4.608kB/4.608kB aace45b92bba: Loading layer [==================================================>] 18.93MB/18.93MB Loaded image: goharbor/harbor-exporter:v2.4.0 Loaded image: goharbor/harbor-log:v2.4.0 Loaded image: goharbor/harbor-db:v2.4.0 Loaded image: goharbor/harbor-registryctl:v2.4.0 Loaded image: goharbor/redis-photon:v2.4.0 bf6fc6847c5e: Loading layer [==================================================>] 6.824MB/6.824MB 0b6586c93e0a: Loading layer [==================================================>] 64.5MB/64.5MB 5f2896ebc8d8: Loading layer [==================================================>] 3.072kB/3.072kB 1e0535e72851: Loading layer [==================================================>] 4.096kB/4.096kB 55569fb37556: Loading layer [==================================================>] 65.29MB/65.29MB Loaded image: goharbor/chartmuseum-photon:v2.4.0 [Step 3]: preparing environment ... [Step 4]: preparing harbor configs ... prepare base dir is set to /root/harbor Clearing the configuration file: /config/portal/nginx.conf Clearing the configuration file: /config/log/logrotate.conf Clearing the configuration file: /config/log/rsyslog_docker.conf Clearing the configuration file: /config/nginx/nginx.conf Clearing the configuration file: /config/core/env Clearing the configuration file: /config/core/app.conf Clearing the configuration file: /config/registry/passwd Clearing the configuration file: /config/registry/config.yml Clearing the configuration file: /config/registryctl/env Clearing the configuration file: /config/registryctl/config.yml Clearing the configuration file: /config/db/env Clearing the configuration file: /config/jobservice/env Clearing the configuration file: /config/jobservice/config.yml Generated configuration file: /config/portal/nginx.conf Generated configuration file: /config/log/logrotate.conf Generated configuration file: /config/log/rsyslog_docker.conf Generated configuration file: /config/nginx/nginx.conf Generated configuration file: /config/core/env Generated configuration file: /config/core/app.conf Generated configuration file: /config/registry/config.yml Generated configuration file: /config/registryctl/env Generated configuration file: /config/registryctl/config.yml Generated configuration file: /config/db/env Generated configuration file: /config/jobservice/env Generated configuration file: /config/jobservice/config.yml loaded secret from file: /data/secret/keys/secretkey Generated configuration file: /compose_location/docker-compose.yml Clean up the input dir [Step 5]: starting Harbor ... [+] Running 0/0 ⠋ Container harbor-log Creating 0.0s Error response from daemon: invalid mount config for type "bind": bind source path does not exist: /var/log/harbor/
どうやらharbor-logがボリュームでマウントしたい/var/log/harborが無いようなので作成して再度実行します。prepareの不足でしょうか。
[root@harbor ~]# mkdir /var/log/harbor [root@harbor ~]# /root/harbor/install.sh [Step 0]: checking if docker is installed ... Note: docker version: 20.10.10 [Step 1]: checking docker-compose is installed ... Note: docker-compose version: 2.1.0 [Step 2]: loading Harbor images ... Loaded image: goharbor/nginx-photon:v2.4.0 Loaded image: goharbor/registry-photon:v2.4.0 Loaded image: goharbor/harbor-portal:v2.4.0 Loaded image: goharbor/harbor-jobservice:v2.4.0 Loaded image: goharbor/notary-server-photon:v2.4.0 Loaded image: goharbor/notary-signer-photon:v2.4.0 Loaded image: goharbor/trivy-adapter-photon:v2.4.0 Loaded image: goharbor/prepare:v2.4.0 Loaded image: goharbor/harbor-core:v2.4.0 Loaded image: goharbor/harbor-exporter:v2.4.0 Loaded image: goharbor/harbor-log:v2.4.0 Loaded image: goharbor/harbor-db:v2.4.0 Loaded image: goharbor/harbor-registryctl:v2.4.0 Loaded image: goharbor/redis-photon:v2.4.0 Loaded image: goharbor/chartmuseum-photon:v2.4.0 [Step 3]: preparing environment ... [Step 4]: preparing harbor configs ... prepare base dir is set to /root/harbor Clearing the configuration file: /config/portal/nginx.conf Clearing the configuration file: /config/log/logrotate.conf Clearing the configuration file: /config/log/rsyslog_docker.conf Clearing the configuration file: /config/nginx/nginx.conf Clearing the configuration file: /config/core/env Clearing the configuration file: /config/core/app.conf Clearing the configuration file: /config/registry/passwd Clearing the configuration file: /config/registry/config.yml Clearing the configuration file: /config/registryctl/env Clearing the configuration file: /config/registryctl/config.yml Clearing the configuration file: /config/db/env Clearing the configuration file: /config/jobservice/env Clearing the configuration file: /config/jobservice/config.yml Generated configuration file: /config/portal/nginx.conf Generated configuration file: /config/log/logrotate.conf Generated configuration file: /config/log/rsyslog_docker.conf Generated configuration file: /config/nginx/nginx.conf Generated configuration file: /config/core/env Generated configuration file: /config/core/app.conf Generated configuration file: /config/registry/config.yml Generated configuration file: /config/registryctl/env Generated configuration file: /config/registryctl/config.yml Generated configuration file: /config/db/env Generated configuration file: /config/jobservice/env Generated configuration file: /config/jobservice/config.yml loaded secret from file: /data/secret/keys/secretkey Generated configuration file: /compose_location/docker-compose.yml Clean up the input dir [Step 5]: starting Harbor ... [+] Running 9/9 ⠿ Container harbor-log Started 0.8s ⠿ Container harbor-portal Started 4.2s ⠿ Container redis Started 4.2s ⠿ Container registryctl Started 5.2s ⠿ Container registry Started 4.2s ⠿ Container harbor-db Started 4.2s ⠿ Container harbor-core Started 6.1s ⠿ Container harbor-jobservice Started 9.2s ⠿ Container nginx Started 9.1s ✔ ----Harbor has been installed and started successfully.----
問題なければDockerコマンドで状態を確認できます。
[root@harbor ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE goharbor/harbor-exporter v2.4.0 4c61c8b7a70c 13 days ago 82MB goharbor/chartmuseum-photon v2.4.0 67b824008b50 13 days ago 173MB goharbor/redis-photon v2.4.0 8db1d1af9272 13 days ago 155MB goharbor/trivy-adapter-photon v2.4.0 bfd73a656727 13 days ago 148MB goharbor/notary-server-photon v2.4.0 f07f3e0c3bea 13 days ago 110MB goharbor/notary-signer-photon v2.4.0 dd4d5090ab32 13 days ago 107MB goharbor/harbor-registryctl v2.4.0 7cb8dd808259 13 days ago 136MB goharbor/registry-photon v2.4.0 928dc0fba05c 13 days ago 78.5MB goharbor/nginx-photon v2.4.0 a2592618911d 13 days ago 45MB goharbor/harbor-log v2.4.0 a54fed3c39f6 13 days ago 159MB goharbor/harbor-jobservice v2.4.0 cd119b9530dd 13 days ago 220MB goharbor/harbor-core v2.4.0 3399864a55e2 13 days ago 197MB goharbor/harbor-portal v2.4.0 f585c7a62e69 13 days ago 54MB goharbor/harbor-db v2.4.0 de4b1b67e241 13 days ago 228MB goharbor/prepare v2.4.0 5216fde1e4e8 13 days ago 254MB [root@harbor ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 172db2caeffb goharbor/harbor-jobservice:v2.4.0 "/harbor/entrypoint.…" 2 minutes ago Up 2 minutes (healthy) harbor-jobservice 51b2012f288d goharbor/nginx-photon:v2.4.0 "nginx -g 'daemon of…" 2 minutes ago Up 2 minutes (healthy) 0.0.0.0:80->8080/tcp, :::80->8080/tcp, 0.0.0.0:443->8443/tcp, :::443->8443/tcp nginx 3eb954bd4cf5 goharbor/harbor-core:v2.4.0 "/harbor/entrypoint.…" 2 minutes ago Up 2 minutes (healthy) harbor-core d2179042cca7 goharbor/harbor-registryctl:v2.4.0 "/home/harbor/start.…" 2 minutes ago Up 2 minutes (healthy) registryctl 97e301d2500c goharbor/harbor-portal:v2.4.0 "nginx -g 'daemon of…" 2 minutes ago Up 2 minutes (healthy) harbor-portal 5e022c69e2a7 goharbor/redis-photon:v2.4.0 "redis-server /etc/r…" 2 minutes ago Up 2 minutes (healthy) redis 3d662bfd3ac7 goharbor/harbor-db:v2.4.0 "/docker-entrypoint.…" 2 minutes ago Up 2 minutes (healthy) harbor-db 723075cf33e2 goharbor/registry-photon:v2.4.0 "/home/harbor/entryp…" 2 minutes ago Up 2 minutes (healthy) registry b3702a8c14db goharbor/harbor-log:v2.4.0 "/bin/sh -c /usr/loc…" 2 minutes ago Up 2 minutes (healthy) 127.0.0.1:1514->10514/tcp harbor-log
Harborにブラウザで接続
ブラウザから”https://harbor ip or fqdn”で接続できます。デフォルト値はユーザ名:admin、パスワード:Harbor12345です。
ログイン出来たら新しいプロジェクトとしてmyprojectを作成します。
Dockerにログイン
Dockerにログインします。ここで失敗するケースはおそらく証明書の信頼設定の問題です。
[root@harbor ~]# docker login harbor.si1230.com
HarborにPush
成功するとHarborのダッシュボードにPushしたイメージの情報が表示されます。
[root@harbor ~]# docker pull centos [root@harbor ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE goharbor/harbor-exporter v2.4.0 4c61c8b7a70c 13 days ago 82MB goharbor/chartmuseum-photon v2.4.0 67b824008b50 13 days ago 173MB goharbor/redis-photon v2.4.0 8db1d1af9272 13 days ago 155MB goharbor/trivy-adapter-photon v2.4.0 bfd73a656727 13 days ago 148MB goharbor/notary-server-photon v2.4.0 f07f3e0c3bea 13 days ago 110MB goharbor/notary-signer-photon v2.4.0 dd4d5090ab32 13 days ago 107MB goharbor/harbor-registryctl v2.4.0 7cb8dd808259 13 days ago 136MB goharbor/registry-photon v2.4.0 928dc0fba05c 13 days ago 78.5MB goharbor/nginx-photon v2.4.0 a2592618911d 13 days ago 45MB goharbor/harbor-log v2.4.0 a54fed3c39f6 13 days ago 159MB goharbor/harbor-jobservice v2.4.0 cd119b9530dd 13 days ago 220MB goharbor/harbor-core v2.4.0 3399864a55e2 13 days ago 197MB goharbor/harbor-portal v2.4.0 f585c7a62e69 13 days ago 54MB goharbor/harbor-db v2.4.0 de4b1b67e241 13 days ago 228MB goharbor/prepare v2.4.0 5216fde1e4e8 13 days ago 254MB centos latest 5d0da3dc9764 7 weeks ago 231MB [root@harbor ~]# docker tag 5d0da3dc9764 harbor.si1230.com/myproject/centos:latest [root@harbor ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE goharbor/harbor-exporter v2.4.0 4c61c8b7a70c 13 days ago 82MB goharbor/chartmuseum-photon v2.4.0 67b824008b50 13 days ago 173MB goharbor/redis-photon v2.4.0 8db1d1af9272 13 days ago 155MB goharbor/trivy-adapter-photon v2.4.0 bfd73a656727 13 days ago 148MB goharbor/notary-server-photon v2.4.0 f07f3e0c3bea 13 days ago 110MB goharbor/notary-signer-photon v2.4.0 dd4d5090ab32 13 days ago 107MB goharbor/harbor-registryctl v2.4.0 7cb8dd808259 13 days ago 136MB goharbor/registry-photon v2.4.0 928dc0fba05c 13 days ago 78.5MB goharbor/nginx-photon v2.4.0 a2592618911d 13 days ago 45MB goharbor/harbor-log v2.4.0 a54fed3c39f6 13 days ago 159MB goharbor/harbor-jobservice v2.4.0 cd119b9530dd 13 days ago 220MB goharbor/harbor-core v2.4.0 3399864a55e2 13 days ago 197MB goharbor/harbor-portal v2.4.0 f585c7a62e69 13 days ago 54MB goharbor/harbor-db v2.4.0 de4b1b67e241 13 days ago 228MB goharbor/prepare v2.4.0 5216fde1e4e8 13 days ago 254MB centos latest 5d0da3dc9764 7 weeks ago 231MB harbor.si1230.com/myproject/centos latest 5d0da3dc9764 7 weeks ago 231MB [root@harbor ~]# docker push harbor.si1230.com/myproject/centos:latest The push refers to repository [harbor.si1230.com/myproject/centos] 74ddd0ec08fa: Pushed latest: digest: sha256:a1801b843b1bfaf77c501e7a6d3f709401a1e0c83863037fa3aab063a7fdb9dc size: 529