Followers

Harbor Docker Registry

  Prerequisites Docker is to be installed Docker-compose is to be installed Step 1 : Create the certificate keys and private key for Harbor ...

 Prerequisites

  • Docker is to be installed
  • Docker-compose is to be installed

Step 1 : Create the certificate keys and private key for Harbor 

             vi keygen.sh    

            


#!/bin/bash
    
#########################################
#
#-- Create all necessary certs for Harbor
#
#-- Author: Raman Sharma
#
#-- Version 1.0 (06-Nov-2020)
#
#########################################
clear
echo
echo "*************************************************************"
echo "***                                                       ***"
echo "*** Script to create CA cert and private key, server CSR, ***"
echo "*** x509 ext file, and certs for Harbor and Docker        ***"
echo "***                                                       ***"
echo "*************************************************************"
echo

echo
echo "Type in the fully qualified domain name of the harbor registry (e.g. harbor.vmware.com): "
read fqdn

if [ -z "$fqdn" ]
then
        echo "no fqdn supplied"
        exit
fi

echo
echo "Step 1 - Generate a CA Cert"
echo
echo "Step 1.1 -  Generate a CA Cert Private Key"
echo
 sudo openssl genrsa -out ca.key 4096
echo
echo "Step 1.2 -  Generate a CA Cert Certificate"
echo
 sudo openssl req -x509 -new -nodes -sha512 -days 3650 -subj "/C=IE/ST=CORK/L=CORK/O=OCTO/OU=Personal/CN=${fqdn}"  -key ca.key -out ca.crt
echo
echo "Hit enter to continue";read null
echo
echo "Step 2 - Generate a Server Certificate"
echo
echo "Step 2.1 - Generate a Server Certificate Private Key"
echo
 sudo openssl genrsa -out ${fqdn}.key 4096
echo
echo "Step 2.2 - Generate a Server Certificate Signing Request"
echo
 sudo openssl req -sha512 -new \
         -subj "/C=IE/ST=CORK/L=CORK/O=OCTO/OU=Personal/CN=${fqdn}" \
         -key ${fqdn}.key \
         -out ${fqdn}.csr
echo
echo "Step 2.3 - Generate a x509 v3 extension file"
echo
 cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1=${fqdn}
EOF
echo
echo "Step 2.4 - Use the x509 v3 extension file to gerneate a cert for the Harbor host"
echo
 sudo openssl x509 -req -sha512 \
         -days 3650 -extfile v3.ext \
         -CA ca.crt -CAkey ca.key -CAcreateserial \
         -in ${fqdn}.csr \
         -out ${fqdn}.crt
echo
echo "Hit enter to continue";read null
echo
echo "Step 3 - Provide the certificates to Harbor and Docker"
echo
echo "Step 3.1 - Copy server cert and key to harbor host folder - /data/cert"
echo
 sudo mkdir -p /data/cert
 sudo cp ${fqdn}.crt /data/cert/
 sudo cp ${fqdn}.key /data/cert/
echo
echo "Step 3.2 - Convert .crt to .cert as required by Docker"
echo
 sudo openssl x509 -inform PEM \
         -in ${fqdn}.crt \
         -out ${fqdn}.cert
echo
echo "Step 3.3 - Copy server cert and key to docker host folder - /etc/docker/certs.d/${fqdn}"
echo
 sudo mkdir -p /etc/docker/certs.d/${fqdn}
 sudo cp ${fqdn}.cert /etc/docker/certs.d/${fqdn}
 sudo cp ${fqdn}.key /etc/docker/certs.d/${fqdn}
 sudo cp ca.crt  /etc/docker/certs.d/${fqdn}
echo
echo "Step 4 -  Restart Docker"
echo
echo "Hit enter to continue";read null
echo
 sudo systemctl restart docker
echo

Step 2: sh keygen.sh

           domain name I am providing raman.com

           same domain with IP address should be added in the /etc/hosts file.

           Also copy .crt file with .cert so that docker can read it.

           sudo cp /data/cert/raman.com.crt /data/cert/raman.com.cert

Step 3:  Download and Deploy Harbor

  •              docker login
  •              sudo wget https://github.com/goharbor/harbor/releases/download/v2.4.2/harbor-offline-installer-v2.4.2.tgz
  •             sudo tar zxvf harbor-offline-installer-v2.4.2.tgz
  •             cd harbor/
  •             cp harbor.yml.tmpl harbor.yml
  •             change domain name(raman.com) and certificate path(/data/cert/raman.com.crt and /data/cert/raman.com.key) in harbor.yaml
  •            sudo ./prepare
  •           sudo docker-compose up -d
  •           docker ps
  •           sudo docker login http://raman.com
  •           sudo docker login https://raman.com
  •           sudo docker run hello-world
  •          sudo docker tag hello-world:latest  raman.com/library/hello-world:latest
  •           sudo docker push raman.com/library/hello-world:latest

             

     

COMMENTS

Name

Ansible,6,AWS,1,Azure DevOps,1,Containerization with docker,2,DevOps,2,Docker Quiz,1,Docker Swarm,1,DockerCompose,1,ELK,2,git,2,git quiz,1,Git Worksheet,1,ITIL,1,ITSM,1,Jira,3,Kubernetes,1,Kubernetes Quiz,5,SAST DAST Security Testing,1,SDLC Quiz,5,SonarQube,3,Splunk,2,vagrant kubernetes,1,Windows,1,YAML Basics,1,
ltr
item
DevOpsWorld: Harbor Docker Registry
Harbor Docker Registry
DevOpsWorld
https://www.devopsworld.co.in/2022/03/harbor-docker-registry.html
https://www.devopsworld.co.in/
https://www.devopsworld.co.in/
https://www.devopsworld.co.in/2022/03/harbor-docker-registry.html
true
5997357714110665304
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share to a social network STEP 2: Click the link on your social network Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy Table of Content