This post describes how to setup Harbor to run on a standalone VM. There are times when you want to do this, such as occasions where your environment does not have internet access or you want to have a local repository running close to your environment.
I found that I was running a lot of TKG deployments against TKG staging builds in my lab and wanted to speed up cluster creation times, so building a local Harbor repository would make things a bit quicker and more reliable.
This post describes how you can setup a Harbor repository on a Photon VM.
Step 1: Setup a static IP
See the documentation https://vmware.github.io/photon/assets/files/html/3.0/photon_admin/setting-a-static-ip-address.html, and https://vmware.github.io/photon/assets/files/html/3.0/photon_admin/adding-a-dns-server.html
vi /etc/systemd/network/10-static-en.network
chmod 644 /etc/systemd/network/10-static-en.network
systemctl restart systemd-networkd
vi /etc/hostname
rebootStep 2: Enable pings to the VM
iptables -A INPUT -p ICMP -j ACCEPT
iptables -A OUTPUT -p ICMP -j ACCEPTStep 3: Update Photon repositories and perform updates
cd /etc/yum.repos.d/
sed -i 's/dl.bintray.com\/vmware/packages.vmware.com\/photon\/$releasever/g' photon.repo photon-updates.repo photon-extras.repo photon-debuginfo.repo
tdnf --assumeyes update
tdnf updateinfo
tdnf -y distro-sync
tdnf install -y bindutils tar parted
rebootStep 4: Install docker-compose
curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
docker-compose --version
systemctl start docker
systemctl enable docker
docker versionStep 5: Add a data disk for Harbor
Add another vmdk file to the VM then run the below
fdisk -l
parted /dev/sdb mklabel gpt mkpart ext4 0% 100%
mkfs -t ext4 /dev/sdb1
mkdir /data
vim /etc/fstabAppend the following line to the end of the file
/dev/sdb1 /data ext4 defaults 0 0
mount /data
df -hStep 6: Setup Harbor
mkdir -p /harbor /etc/docker/certs.d/harbor.vmwire.com
cd /harbor
curl -sLO https://github.com/goharbor/harbor/releases/download/v2.4.1/harbor-offline-installer-v2.4.1.tgz
tar xvf harbor-offline-installer-v2.4.1.tgz --strip-components=1Step 7: Prepare SSL certificates
I use Let’s Encrypt and have the following three files renamed from the original Let’s Encrypt filenames:
harbor.cert
harbor_key.key and
ca.crt
harbor.cert is the wildcard certificate issued for my domain by Let’s Encrypt, it is originally named cert.pem.
harbor_key.key is orginally named privkey.pem.
ca.crt is chain.pem.
Copy all three certificate files to /etc/docker/certs.d/harbor.vmwire.com
cp harbor.cert harbor_key.key ca.crt /etc/docker/certs.d/harbor.vmwire.com/Step 8: Edit the harbor.yml file
# Configuration file of Harbor
# The IP address or hostname to access admin UI and registry service.
# DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
hostname: harbor.vmwire.com
# http related config
http:
# port for http, default is 80. If https enabled, this port will redirect to https port
port: 80
# https related config
https:
# https port for harbor, default is 443
port: 443
# The path of cert and key files for nginx
certificate: /etc/docker/certs.d/harbor.vmwire.com/harbor.cert
private_key: /etc/docker/certs.d/harbor.vmwire.com/harbor_key.key
[snipped]
Update line 5 with your harbor instance’s FQDN.
Update lines 17 and 18 with the certificate and private key.
You can leave all the other lines on default.
Install Harbor with the following command:
./install.shCheck to see if services are running
docker-compose psStep 9: Add harbor FQDN to your DNS servers and connect to Harbor.
To upgrade, download the new offline installer and run
install.sh
VMwire 