Community

Blog
×
Community Blog How to Install Harbor on CentOS 7

How to Install Harbor on CentOS 7

In this tutorial, we will be installing and configuring Harbor on an Alibaba Cloud Elastic Compute Service (ECS) instance with CentOS 7.

By Arslan Ud Din Shafiq, Alibaba Cloud Tech Share Author. Tech Share is Alibaba Cloud's incentive program to encourage the sharing of technical knowledge and best practices within the cloud community.

Harbor is an open-source, enterprise-class registry server which extends an open source Docker Distribution. Harbor includes Docker Distribution functionalities as well as other features such as identity, security, and management. As compared to Docker Distribution, Harbor has better performance and security.

Harbor stores and distribute Docker images; it has good image transfer efficiency and images are replicated among multiple registries. Harbor also provides advanced user management, activity auditing, access control and security features. You can setup multiple registries using Harbor.

Harbor is deployed as Docker containers, and therefore Linux distributions that support Docker are required. Harbor does not restrict its installation to any specific operating system (OS). You can use any operating system (OS) of your choice; however, the installation steps would vary according to the choice of operating system.

In this tutorial, we will be installing and configuring Harbor on an Alibaba Cloud Elastic Compute Service (ECS) instance with CentOS 7.

Prerequisites

  • You must have Alibaba Cloud Elastic Compute Service (ECS) activated and verified your valid payment method. If you are a new user, you can get a free account in your Alibaba Cloud account. If you don't know about how to setup your ECS instance, you can refer to this tutorial or quick-start guide. Your ECS instance must have at least 1GB RAM and 1 Core processor.
  • A domain name registered from Alibaba Cloud. If you have already registered a domain from Alibaba Cloud or any other host, you can update its domain nameserver records.
  • Domain name must be pointed to your Alibaba Cloud ECS's IP address
  • Server's hostname is set up.
  • Access to VNC console in your Alibaba Cloud or SSH client installed in your PC

After completing the prerequisites, login as a root user with your root username & password via SSH client or VNC console available in your Alibaba Cloud account dashboard.

Setting Up Your Alibaba Cloud ECS Instance

Add a User with Root Privileges

In the first step, you will add a new user and give it sudo privileges. Sudo privileges will allow this username to make administrative changes on system when required. This user will be used to login from via SSH for everyday use. Once you have added this user, to keep your server secure from various attacks, you will disable the remote root access to root user.

To create a new user account, use the following command:

#  adduser aareez 

where "aareez" can be any username of your choice.

You will need to set password for your added username. To set password, execute the following command:

#  passwd aareez 

Set your desired password and retype your desired password, then hit Enter. To confirm the data is correct, type Y and hit Enter.

Now assign username to sudo user's group to give administrative privileges. For this, we will check /etc/sudoers file and see whether sudoers group is enabled or not. For this purpose, we will execute the following command:

#  visudo 

After executing the above command, a file will be opened, find the following lines in the opened file.

1

Sometimes by default the second line %wheel ALL=(ALL:ALL) ALL is commented (starting with hash # ), due to which even after adding username to sudoers, it gives error on using sudo. To prevent this issue, if this line starts with '#' sign, remove this symbol and save the changes by pressing Esc, type :x and hit enter.

Now, add your username "aareez" to the "wheel" group by executing the following command:

#  usermod -aG wheel aareez 

After execution of the above command, you can verify the membership for that group by executing the following command:

#  groups aareez 

Your username has been successfully added to sudoers group and it is able to execute any root command.

Now, log in by using your new username and password. OR Use the following command to switch user:

#  su - aareez 

You can see that you have been logged in from your new account now. If you want to verify this, you can use the command below:

#  whoami 

Install wget

You will need to install wget to download files from URL. Execute the following command:

#  sudo yum install wget 

You will be asked to enter your password, then you will be prompted to confirmation message Is this ok?. Type Y and hit Enter.

Install nano-editor

You will need to install nano edit files. Execute the following command:

#  sudo yum install nano 

You will be prompted to confirmation message Is this ok?. Type Y and hit Enter.

Install epel-release

You will need to install epel-release to import epel repository. Execute the following command:

#  sudo yum install epel-release 

You will be prompted to confirmation message Is this ok?. Type Y and hit Enter.

Update Your CentOS 7 System

Before proceeding with installation of any kind of package, use the following command to update your CentOS system. To execute this command, remember to login from non-root user with sudo privileges.

First clear cache by executing following command:

#  sudo yum clean all 

Now update the system with the following command:

#  sudo yum -y update 

Install yum-utils

You will need to install yum-utils to import yum utils.

Execute the following command:

#  sudo yum install yum-utils 

You will be prompted to confirmation message Is this ok?. Type Y and hit Enter.

Installing Docker CE and Docker Compose

Install Docker CE

To install Docker ce and Docker compose, I recommend you to login as root user.

#  su - root 

First, you will need to install docker-ce. Execute the following command to repo for docker:

#  yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo 

Execute the following command:

#  yum install docker-ce 

You will be prompted to confirmation message Is this ok?. Type Y and hit Enter.
You will be asked again Is this ok? Type Y and hit Enter.

Install python-pip

You will also need to install python-pip. Execute the following command:

#  yum install python-pip 

Install Docker Compose

You will need to install docker-compose. Execute the following command to get latest version of docker-compose.

#  pip install docker-compose 

Now you will need to start docker by using the following command:

#  systemctl start docker 

To verify if the docker is working correctly, execute the following command.

#  docker run hello-world 

Installing Harbor

Before installing Harbor, switch to your own user with sudo rights. In my case, username is aareez, replace it with your username in the following command.

#  su - aareez 

To install Harbor, you will be required to download binary from release page. Binary is available in offline as well as online installer. You can use any of your choice.

For Online Installer
For online installer, execute the following command:

#  wget https://github.com/vmware/harbor/releases/download/v1.2.0/harbor-online-installer-v1.2.0.tgz 

For Offline Installer
For online installer, execute the following command:

#  wget https://github.com/vmware/harbor/releases/download/v1.2.0/harbor-offline-installer-v1.2.0.tgz 

Extract the package with the following command:

For Online Installer

#  tar -xvf harbor-online-installer-v1.2.0.tgz 

For Offline Installer

#  tar -xvf harbor-offline-installer-v1.2.0.tgz 

Generate SSL Certificate

I recommend generating an SSL certificate for your Harbor instance; otherwise, it will use http by default and you will need to add --insecure-registry to your client's Docker daemon.

Switch to root user by executing the command su - root and enter your password.

To generate your own SSL certificate, execute the commands below. Remember to change imarslan.com to your domain name.

#  mkdir cert && cd cert 
# openssl req -sha256 -x509 -days 365 -nodes -newkey rsa:4096 -keyout  harbor.imarslan.com.key -out harbor.imarslan.com.crt

Enter your country code, only 2 letters. In my case, I used PK.

Enter the full name of your province.

Enter the full name of your city.

Enter the full name of your organization.

Enter the full name of your organizational unit.

Enter your common name. In my case, I used server's hostname.

Enter your email address.

Configuring Harbor

Switch to your own created user with sudo rights. In my case, username is aareez.

#  su - aareez 

Navigate to /harbor/ directory.

#  cd harbor 

Now you will need to edit configuration file of Harbor. Execute the command below:

#  sudo nano harbor.cfg 

Copy and paste the text below in the opened file. Remember to change hostname according to your settings. Then press Ctrl+X, then type Y and then hit Enter to save your configuration.

hostname = harbor.imarslan.com
ui_url_protocol = https
ssl_cert = /root/cert/harbor.imarslan.com.crt
ssl_cert_key = /root/cert/harbor.imarslan.com.key

To complete the installation, execute the following command.

#  sudo ./install.sh 

Execute the following command to run docker in the background.

#  sudo docker-compose up -d 

Now you can access Harbor by accessing your domain or IP address of Alibaba Cloud ECS. In my case, I will access using http://www.imarslan.com and it will show the following screen.

2

You can login using the default username and password.

Username: admin
Password: Harbor12345

After logging in, you will see the following dashboard.

3

Congratulations, you have successfully installed Harbor!

0 0 0
Share on

Alibaba Clouder

813 posts | 117 followers

You may also like

Comments