DEV Community

Ashish-Chorge
Ashish-Chorge

Posted on

Create Harbor Server on Ubuntu VM

#kubernetes

Copy this script on your Ubuntu VM and update first user inputs section for IP, hostname and FQDN. I tested this script on Ubuntu 22.

# This script will install Harbor server 
# 

#  User Inputs
> #==================================================
> export my_hostname=<Harbor server short host name>
export my_fqdn=<Harbor server FQDN>
export my_ip=<IP Address of the Harbor server>
#==================================================

echo "Make sure your VM is configured with proper hostname, static IP address and its entry is mentioned in your DNS server"
read -n 1 -r -s -p $'Press enter to continue... else Control + c to stop \n'

die() {
    local message=$1

    echo "$message" >&2
    exit 1
}

# precheck
echo "Doing precheck "
ping $my_hostname -c 2 || die 'command failed'
ping $my_ip -c 2 || die 'command failed'
nslookup $my_fqdn || die 'command failed'
nslookup $my_fqdn | grep $my_ip || die 'command failed'

echo "==== Doing precheck ====" || die 'command failed'
ping $my_hostname -c 2 || die 'command failed'
nslookup $my_fqdn || die 'command failed'
nslookup $my_fqdn | grep $my_ip || die 'command failed'

echo "1. Enable ssh on the vm" || die 'command failed'
apt-get update || die 'command failed'
apt install openssh-server || die 'command failed'

echo "2. Verify ssh service is up and running" || die 'command failed'
systemctl status ssh || die 'command failed'

echo "3. Update the apt package index" || die 'command failed'
apt-get update || die 'command failed'

echo "4. Install packages to allow apt to use a repository over HTTPS" || die 'command failed'
apt-get install apt-transport-https ca-certificates curl gnupg-agent software-properties-common -y || die 'command failed'

echo "5. Add Docker's official GPG key" || die 'command failed'
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - || die 'command failed'
sudo apt-key fingerprint 0EBFCD88 || die 'command failed'

echo "6. Setup a stable repository" || die 'command failed'
echo -ne '\n' | add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu bionic stable" || die 'command failed'

echo "7. Install docker-ce" || die 'command failed'
apt-get update || die 'command failed'
apt-get install docker-ce docker-ce-cli containerd.io -y || die 'command failed'

echo "8. Install current stable release of Docker Compose" || die 'command failed'
curl -L "https://github.com/docker/compose/releases/download/1.25.4/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose || die 'command failed'

echo "9. Apply executable permissions to the binary" || die 'command failed'
chmod +x /usr/local/bin/docker-compose || die 'command failed'

echo "10. Verify installation" || die 'command failed'
docker-compose --version || die 'command failed'

echo "11. Download the Harbor installer" || die 'command failed'
curl -L https://github.com/goharbor/harbor/releases/download/v2.4.3/harbor-offline-installer-v2.4.3.tgz -o /root/harbor-offline-installer-v2.4.3.tgz || die 'command failed'

echo "12. Extract the Harbor installer" || die 'command failed'
tar -xvzf /root/harbor-offline-installer-v2.4.3.tgz || die 'command failed'

echo "13. Generate a CA certificate private key" || die 'command failed'
openssl genrsa -out ca.key 4096 || die 'command failed'

echo "14. Generate the CA certificate" || die 'command failed'
openssl req -x509 -new -nodes -sha512 -days 3650 -subj "/C=US/ST=CA/L=Palo Alto/O=HomeLab/OU=Solution Engineering/CN=$my_fqdn" -key ca.key -out ca.crt || die 'command failed'

echo "15. Generate a private key" || die 'command failed'
openssl genrsa -out $my_fqdn.key 4096 || die 'command failed'

echo "16. Generate a certificate signing request" || die 'command failed'
openssl req -sha512 -new -subj "/C=US/ST=CA/L=Palo Alto/O=HomeLab/OU=Solution Engineering/CN=$my_fqdn" -key $my_fqdn.key -out $my_fqdn.csr || die 'command failed'

echo "17. Generate an x509 v3 extension file" || die 'command failed'
cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names

[alt_names]
DNS.1=$my_fqdn
DNS.2=$my_hostname
IP.1=$my_ip
EOF

echo "18. Use the v3.ext file to generate a certificate for the Harbor host" || die 'command failed'
openssl x509 -req -sha512 -days 3650 -extfile v3.ext -CA ca.crt -CAkey ca.key -CAcreateserial -in $my_fqdn.csr -out $my_fqdn.crt || die 'command failed'

echo "19. Provide the certificates to harbor and docker" || die 'command failed'
sudo mkdir -p /data/cert || die 'command failed'
sudo mkdir -p /etc/docker/certs.d/$my_fqdn/ || die 'command failed'
sudo cp ~/$my_fqdn.crt /data/cert/$my_fqdn.crt || die 'command failed'
sudo cp ~/$my_fqdn.crt /etc/docker/certs.d/$my_fqdn/$my_fqdn.crt || die 'command failed'
sudo cp ~/ca.crt /etc/docker/certs.d/$my_fqdn/ca.crt || die 'command failed'
sudo openssl x509 -inform PEM -in ~/$my_fqdn.crt -out /etc/docker/certs.d/$my_fqdn/$my_fqdn.cert || die 'command failed'
sudo cp ~/$my_fqdn.key /data/cert/$my_fqdn.key || die 'command failed'
sudo cp ~/$my_fqdn.key /etc/docker/certs.d/$my_fqdn/$my_fqdn.key || die 'command failed'

sudo systemctl restart docker || die 'command failed'

echo "20. Copy and update certificate on Harbor VM" || die 'command failed'
cp $my_fqdn.crt /usr/local/share/ca-certificates/update-ca-certificates || die 'command failed'

echo "21. Configure the Harbor YML file manually" || die 'command failed'
cp /root/harbor/harbor.yml.tmpl /root/harbor/harbor.yml || die 'command failed'

##### update the yml file manually
#echo "Update the yml file manually /root/harbor/harbor.yml and execute below command" || die 'command failed'
#echo "/root/harbor/install.sh --with-notary --with-chartmuseum || die 'command failed'"

cp /root/harbor/harbor.yml.tmpl /root/harbor/harbor.yml || die 'command failed'
cat /root/harbor/harbor.yml | sed -e "s/hostname: reg.mydomain.com/hostname: $my_fqdn/" > /tmp/1 || die 'command failed'
cat /tmp/1 | sed -e "s/certificate: \/your\/certificate\/path/certificate: \/root\/$my_fqdn.crt/" > /tmp/2 || die 'command failed'
cat /tmp/2 | sed -e "s/private_key: \/your\/private\/key\/path/private_key : \/root\/$my_fqdn.key/" > /tmp/3 || die 'command failed'
cp /tmp/3 /root/harbor/harbor.yml || die 'command failed'

echo "22. Install with Notary, Clair and Chart Repository Service" || die 'command failed'
/root/harbor/install.sh --with-notary --with-chartmuseum || die 'command failed'
Enter fullscreen mode Exit fullscreen mode
profile
AWS
 Promoted

AWS Q Developer image

Top comments (0)

profile
Sentry
 Promoted

Sentry image

See why 4M developers consider Sentry, “not bad.”

Fixing code doesn’t have to be the worst part of your day. Learn how Sentry can help.

Learn more

Read next

ahmad_tibibi profile image

Eleventy Tailwind

Ahmad Tibibi -

turingvangisms profile image

TS1245: Method '{0}' cannot have an implementation because it is marked abstract

Turing -

turingvangisms profile image

TS1243: '{0}' modifier cannot be used with '{1}' modifier

Turing -

turingvangisms profile image

TS1246: An interface property cannot have an initializer

Turing -