Install Harbor on Ubuntu 20.04

Reading Time: 4 mins

If you are looking for an on-premises Docker image registry, then Harbor is the best solution that not only hosts your images, but also scans for any vulnerabilities. Key features of Harbor include:

      • Security and vulnerability analysis
      • Content signing and validation
      • Extensible API and web UI
      • Image replication
      • Role-based access control
      • Multitenant

In this post, I will take you through the process of installing Harbor into ubuntu 20.04 vm (with docker tools installation), where harbor runs in several Docker containers. You can also deploy it on any Linux distribution that supports Docker. For more info on supported OS, please refer harbor.io

Let’s get started,

Installation Prerequisites

VM creation:

  • You can use any environment of your choice to create an ubuntu vm, but I created a vm instance in GCP with public ip attached and e2-medium machine type. You can refer here to know the steps to deploy a vm in GCP.
  • By default, only few ports are opened for deployed vm in GCP. So, you should create firewall rule to allow ports: 80, 443, 4443.
  • Navigate to GCP console > VPC Network > Firewall > Create Firewall rule
      • Name: allow-for-harbor-registry
      • Targets: Specified target tags
      • Target Tags: jumpbox  – Note: Create a network tag for vm as jumpbox under vm instance section 
      • Source IPv4 ranges: 0.0.0.0/0 – Since this need to be accessible over Internet
      • TCP: 80,443,4443
      • Create
  • Click on newly created firewall to confirm the applicable instances list:

#set the hostname
sudo hostnamectl set-hostname <newNameHere>

sudo nano /etc/hosts

sudo reboot

#Ex:
eknath@registry:~/harbor$ hostname
registry.captainvirtualization.in 

Docker Install

Install Docker Engine on Ubuntu vm:

Docker Engine Install steps
#If older versions of docker engines are installed, uninstall them:

sudo apt-get remove docker docker-engine docker.io containerd runc

#Update the apt package index and install packages to allow apt to use a repository over HTTPS:
sudo apt-get update

sudo apt-get install \
    ca-certificates \
    curl \
    gnupg \
    lsb-release

#Add Docker’s official GPG key:
 curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg


echo \
  "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu \
  $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

#Update the apt package index, and install the latest version of Docker Engine and containerd
sudo apt-get update
 sudo apt-get install docker-ce docker-ce-cli containerd.io

#Test the installation
docker version

Install Docker Compose on Ubuntu vm:

Docker Compose Install steps
#Run this command to download the current stable release of Docker Compose:

sudo curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose

#Apply executable permissions to the binary:
 sudo chmod +x /usr/local/bin/docker-compose

#Test the installation.
docker-compose --version

 

Download the Installer

  • Go to Harbor releases page.
  • Find the latest version and pull into the ubuntu box that is created earlier using the command.

Note: Download either the online or offline installer for the version you want to install. I am going ahead with online installer.

wget https://github.com/goharbor/harbor/releases/download/v2.3.4/harbor-online-installer-v2.3.4.tgz

tar -xvf harbor-online-installer-v2.3.4.tgz

cd harbor

cp harbor.yml.tmpl harbor.yml

Creating SSL Keys

  • Below SSL command creates two files ie., cert and key files, which will be added in harbor.yml in next section.
SSL certs
#Syntax to generate cert and key: 
openssl req \
    -newkey rsa:4096 -nodes -sha256 -keyout domain.key \
    -x509 -days 365 -out domain.crt \
    -subj "/CN=localhost/C=<Country>/ST=<State>/L=<Location>/O=<Organization>"

#Example for ref, where captainvirtualization.in is domain I purchased from godaddy, IN=India, KA=Karnataka,  

openssl req \
    -newkey rsa:4096 -nodes -sha256 -keyout registry.captainvirtualization.in.key \
    -x509 -days 365 -out registry.captainvirtualization.in.crt \
    -subj "/CN=registry.captainvirtualization.in/C=IN/ST=KA/L=Bengaluru/O=CaptainVirtualization"

Configure the Harbor Installer

  • hostname — set this to either the IP address or the domain of your hosting server.
  • harbor_admin_password — set this to a strong, unique password.
  • Edit the paths of the keys to reflect as shown in below example:
harbor file
###### Change it according to your setup. 

hostname: registry.captainvirtualization.in

# http related config
http:
  # port for http, default is 80. If https enabled, this port will redirect to https port
  port: 80

# https related config
https:
  # https port for harbor, default is 443
  port: 443
  # The path of cert and key files for nginx
  certificate: /etc/ssl/registry.captainvirtualization.in.crt
  private_key: /etc/ssl/registry.captainvirtualization.in.key
  • Save and close the file.

Installing Harbor

  • It’s time to install Harbor. You can install Harbor with different configurations:
          • Just Harbor, without Notary, Clair or Chart Repository Service
          • Harbor with Notary
          • Harbor with Clair
          • Harbor with Chart Repository Service
  • Here, I am covering installation without any additional configurations.
Install Harbor
eknath@registry:~/harbor$ sudo ./install.sh

[Step 0]: checking if docker is installed ...

Note: docker version: 20.10.11

[Step 1]: checking docker-compose is installed ...

Note: docker-compose version: 1.29.2


[Step 2]: preparing environment ...

[Step 3]: preparing harbor configs ...
prepare base dir is set to /home/eknath/harbor
Clearing the configuration file: /config/registryctl/env
Clearing the configuration file: /config/registryctl/config.yml
Clearing the configuration file: /config/nginx/nginx.conf
Clearing the configuration file: /config/db/env
Clearing the configuration file: /config/registry/root.crt
Clearing the configuration file: /config/registry/passwd
Clearing the configuration file: /config/registry/config.yml
Clearing the configuration file: /config/jobservice/env
Clearing the configuration file: /config/jobservice/config.yml
Clearing the configuration file: /config/portal/nginx.conf
Clearing the configuration file: /config/core/env
Clearing the configuration file: /config/core/app.conf
Clearing the configuration file: /config/log/rsyslog_docker.conf
Clearing the configuration file: /config/log/logrotate.conf
Generated configuration file: /config/portal/nginx.conf
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/registryctl/config.yml
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
loaded secret from file: /data/secret/keys/secretkey
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir



[Step 4]: starting Harbor ...
Creating harbor-log ... done
Creating harbor-db     ... done
Creating harbor-portal ... done
Creating registryctl   ... done
Creating registry      ... done
Creating redis         ... done
Creating harbor-core   ... done
Creating nginx             ... done
Creating harbor-jobservice ... done
✔ ----Harbor has been installed and started successfully.----

# Check the status of docker containers and wait till all of them turns healthy:

docker ps -a
  • After successful installation, access Harbor using https://SERVER_IP/harbor (Where SERVER_IP is the IP address or domain of your Harbor server). You will be prompted for the admin user credentials (username is admin and password is the password you set in the harbor.yml file).

  • Once logged in, you should be able to create new projects, pull and push images into Harbor.

Push an Image into Harbor

Image push to harbor
# Log into Harbor using CLI:

eknath@registry:~/harbor$ docker login registry.captainvirtualization.in
Username: admin
Password:

Login Succeeded

# Created a new project named bbanews-test

# Tag an Image:

#Syntax:  docker tag SOURCE_IMAGE[:TAG] registry.captainvirtualization.in/bbabews-test/REPOSITORY[:TAG]

#Ex:
eknath@registry:~/harbor$ sudo docker tag eknath009/nginx-bbanews:latest registry.captainvirtualization.in/bbabews-test/bbanews:latest

#To list the tagged image

docker images 

# Push the Image into Harbor registry
#Syntax: docker push registry.captainvirtualization.in/bbabews-test/REPOSITORY[:TAG]

eknath@registry:~/harbor$ sudo docker push registry.captainvirtualization.in/bbabews-test/bbanews:latest

Verify the Image

  • Login to Harbor and you can find the details of pushed image like Overview, Build history etc..

Leave a Reply