DEV Community

Ashish-Chorge
Ashish-Chorge

Posted on

Create Harbor Server on Ubuntu VM

Copy this script on your Ubuntu VM and update first user inputs section for IP, hostname and FQDN. I tested this script on Ubuntu 22.

# This script will install Harbor server 
# 

#  User Inputs
> #==================================================
> export my_hostname=<Harbor server short host name>
export my_fqdn=<Harbor server FQDN>
export my_ip=<IP Address of the Harbor server>
#==================================================

echo "Make sure your VM is configured with proper hostname, static IP address and its entry is mentioned in your DNS server"
read -n 1 -r -s -p $'Press enter to continue... else Control + c to stop \n'

die() {
    local message=$1

    echo "$message" >&2
    exit 1
}

# precheck
echo "Doing precheck "
ping $my_hostname -c 2 || die 'command failed'
ping $my_ip -c 2 || die 'command failed'
nslookup $my_fqdn || die 'command failed'
nslookup $my_fqdn | grep $my_ip || die 'command failed'

echo "==== Doing precheck ====" || die 'command failed'
ping $my_hostname -c 2 || die 'command failed'
nslookup $my_fqdn || die 'command failed'
nslookup $my_fqdn | grep $my_ip || die 'command failed'

echo "1. Enable ssh on the vm" || die 'command failed'
apt-get update || die 'command failed'
apt install openssh-server || die 'command failed'

echo "2. Verify ssh service is up and running" || die 'command failed'
systemctl status ssh || die 'command failed'

echo "3. Update the apt package index" || die 'command failed'
apt-get update || die 'command failed'

echo "4. Install packages to allow apt to use a repository over HTTPS" || die 'command failed'
apt-get install apt-transport-https ca-certificates curl gnupg-agent software-properties-common -y || die 'command failed'

echo "5. Add Docker's official GPG key" || die 'command failed'
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - || die 'command failed'
sudo apt-key fingerprint 0EBFCD88 || die 'command failed'

echo "6. Setup a stable repository" || die 'command failed'
echo -ne '\n' | add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu bionic stable" || die 'command failed'

echo "7. Install docker-ce" || die 'command failed'
apt-get update || die 'command failed'
apt-get install docker-ce docker-ce-cli containerd.io -y || die 'command failed'

echo "8. Install current stable release of Docker Compose" || die 'command failed'
curl -L "https://github.com/docker/compose/releases/download/1.25.4/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose || die 'command failed'

echo "9. Apply executable permissions to the binary" || die 'command failed'
chmod +x /usr/local/bin/docker-compose || die 'command failed'

echo "10. Verify installation" || die 'command failed'
docker-compose --version || die 'command failed'

echo "11. Download the Harbor installer" || die 'command failed'
curl -L https://github.com/goharbor/harbor/releases/download/v2.4.3/harbor-offline-installer-v2.4.3.tgz -o /root/harbor-offline-installer-v2.4.3.tgz || die 'command failed'

echo "12. Extract the Harbor installer" || die 'command failed'
tar -xvzf /root/harbor-offline-installer-v2.4.3.tgz || die 'command failed'

echo "13. Generate a CA certificate private key" || die 'command failed'
openssl genrsa -out ca.key 4096 || die 'command failed'

echo "14. Generate the CA certificate" || die 'command failed'
openssl req -x509 -new -nodes -sha512 -days 3650 -subj "/C=US/ST=CA/L=Palo Alto/O=HomeLab/OU=Solution Engineering/CN=$my_fqdn" -key ca.key -out ca.crt || die 'command failed'

echo "15. Generate a private key" || die 'command failed'
openssl genrsa -out $my_fqdn.key 4096 || die 'command failed'

echo "16. Generate a certificate signing request" || die 'command failed'
openssl req -sha512 -new -subj "/C=US/ST=CA/L=Palo Alto/O=HomeLab/OU=Solution Engineering/CN=$my_fqdn" -key $my_fqdn.key -out $my_fqdn.csr || die 'command failed'

echo "17. Generate an x509 v3 extension file" || die 'command failed'
cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names

[alt_names]
DNS.1=$my_fqdn
DNS.2=$my_hostname
IP.1=$my_ip
EOF

echo "18. Use the v3.ext file to generate a certificate for the Harbor host" || die 'command failed'
openssl x509 -req -sha512 -days 3650 -extfile v3.ext -CA ca.crt -CAkey ca.key -CAcreateserial -in $my_fqdn.csr -out $my_fqdn.crt || die 'command failed'

echo "19. Provide the certificates to harbor and docker" || die 'command failed'
sudo mkdir -p /data/cert || die 'command failed'
sudo mkdir -p /etc/docker/certs.d/$my_fqdn/ || die 'command failed'
sudo cp ~/$my_fqdn.crt /data/cert/$my_fqdn.crt || die 'command failed'
sudo cp ~/$my_fqdn.crt /etc/docker/certs.d/$my_fqdn/$my_fqdn.crt || die 'command failed'
sudo cp ~/ca.crt /etc/docker/certs.d/$my_fqdn/ca.crt || die 'command failed'
sudo openssl x509 -inform PEM -in ~/$my_fqdn.crt -out /etc/docker/certs.d/$my_fqdn/$my_fqdn.cert || die 'command failed'
sudo cp ~/$my_fqdn.key /data/cert/$my_fqdn.key || die 'command failed'
sudo cp ~/$my_fqdn.key /etc/docker/certs.d/$my_fqdn/$my_fqdn.key || die 'command failed'

sudo systemctl restart docker || die 'command failed'

echo "20. Copy and update certificate on Harbor VM" || die 'command failed'
cp $my_fqdn.crt /usr/local/share/ca-certificates/update-ca-certificates || die 'command failed'

echo "21. Configure the Harbor YML file manually" || die 'command failed'
cp /root/harbor/harbor.yml.tmpl /root/harbor/harbor.yml || die 'command failed'

##### update the yml file manually
#echo "Update the yml file manually /root/harbor/harbor.yml and execute below command" || die 'command failed'
#echo "/root/harbor/install.sh --with-notary --with-chartmuseum || die 'command failed'"

cp /root/harbor/harbor.yml.tmpl /root/harbor/harbor.yml || die 'command failed'
cat /root/harbor/harbor.yml | sed -e "s/hostname: reg.mydomain.com/hostname: $my_fqdn/" > /tmp/1 || die 'command failed'
cat /tmp/1 | sed -e "s/certificate: \/your\/certificate\/path/certificate: \/root\/$my_fqdn.crt/" > /tmp/2 || die 'command failed'
cat /tmp/2 | sed -e "s/private_key: \/your\/private\/key\/path/private_key : \/root\/$my_fqdn.key/" > /tmp/3 || die 'command failed'
cp /tmp/3 /root/harbor/harbor.yml || die 'command failed'

echo "22. Install with Notary, Clair and Chart Repository Service" || die 'command failed'
/root/harbor/install.sh --with-notary --with-chartmuseum || die 'command failed'

Enter fullscreen mode Exit fullscreen mode

Top comments (0)