Migrating 1.10 updates from install guide

This commit is contained in:
Stuart Clements 2019-12-13 13:16:18 +01:00
parent 9f767a6aac
commit 6c6ccb698e
7 changed files with 75 additions and 29 deletions

View File

@ -7,10 +7,10 @@ This is the main table of contents for the Harbor documentation.
This section describes how to install Harbor and perform the required initial configurations. These day 1 operations are performed by the Harbor Administrator.
- [Harbor Installation and Configuration](install_config/_index.md)
- [Installing Harbor](install_config/installation/_index.md)
- [Installing Harbor](install_config/installation/_index.md)
- [Test Harbor with the Demo Server](install_config/installation/demo_server.md)
- [Harbor Installation Prerequisites](install_config/installation/installation_prereqs.md)
- [Configure HTTPS Access to Harbor](install_config/installation/configure_https.md)
- **[Configure HTTPS Access to Harbor](install_config/installation/configure_https.md)**
- [Download the Harbor Installer](install_config/installation/download_installer.md)
- [Configure the Harbor YML File](install_config/installation/configure_yml_file.md)
- [Run the Installer Script](install_config/installation/run_installer_script.md)

View File

@ -70,3 +70,4 @@ $ sudo docker-compose up -d
```
Please check the [Docker Compose command-line reference](https://docs.docker.com/compose/reference/) for more on docker-compose.

View File

@ -50,7 +50,7 @@ You can use certificates that are signed by a trusted third-party CA, or you can
<tr>
<td valign="top"><code>harbor_admin_password</code></td>
<td valign="top">None</td>
<td valign="top">Set an initial password for the Harbor administrator. This password is only used on the first time that Harbor starts. On subsequent logins, this setting is ignored and the administrator's password is set in the Harbor Portal. The default username and password are <code>admin</code> and <code>Harbor12345</code>.</td>
<td valign="top">Set an initial password for the Harbor system administrator. This password is only used on the first time that Harbor starts. On subsequent logins, this setting is ignored and the administrator's password is set in the Harbor Portal. The default username and password are <code>admin</code> and <code>Harbor12345</code>.</td>
</tr>
<tr>
<td valign="top"><code>database</code></td>
@ -148,7 +148,7 @@ You can use certificates that are signed by a trusted third-party CA, or you can
</tr>
</table>
## Optional parameters
### Optional parameters
The following table lists the additional, optional parameters that you can set to configure your Harbor deployment beyond the minimum required settings. To enable a setting, you must uncomment it in `harbor.yml` by deleting the leading `#` character.
@ -290,20 +290,12 @@ The following table lists the additional, optional parameters that you can set t
<td valign="top"><code>chartmuseum_db_index</code></td>
<td valign="top">Database index for Chart museum.</td>
</tr>
<tr>
<td valign="top"><code>uaa</code></td>
<td valign="top">&nbsp;</td>
<td valign="top">Enable UAA to trust the certificate of a UAA instance that is hosted via a self-signed certificate.</td>
</tr>
<tr>
<td valign="top">&nbsp;</td>
<td valign="top"><code>ca_file</code></td>
<td valign="top">The path to the self-signed certificate of the UAA instance, for example <code>/path/to/ca</code>.</td>
</tr>
</table>
**NOTE**: The `harbor.yml` file includes options to configure a UAA CA certificate. This authentication mode is not recommended and is not documented.
<a id="backend"></a>
## Configuring a Storage Backend
### Configuring a Storage Backend
By default Harbor uses local storage for the registry, but you can optionally configure the `storage_service` setting so that Harbor uses external storage. For information about how to configure the storage backend of a registry for different storage providers, see the [Registry Configuration Reference](https://docs.docker.com/registry/configuration/#storage) in the Docker documentation. For example, if you use Openstack Swift as your storage backend, the parameters might resemble the following:
@ -322,13 +314,13 @@ storage_service:
disable: false
```
## Configure Persistent Data and Log Files
## Persistent Data and Log Files
By default, registry data is persisted in the host's `/data/` directory. This data remains unchanged even when Harbor's containers are removed and/or recreated. You can edit the `data_volume` in `harbor.yml` file to change this directory.
In addition, Harbor uses `rsyslog` to collect the logs for each container. By default, these log files are stored in the directory `/var/log/harbor/` on the target host. You can change the log directory in `harbor.yml`.
## Configure Harbor to Listen on a Customized Port
## Configuring Harbor to Listen on a Customized Port
By default, Harbor listens on port 443(HTTPS) and 80(HTTP, if configured) for both Harbor portal and Docker commands. You can reconfigure the default ports in `harbor.yml`

View File

@ -11,7 +11,31 @@ The installation processes are almost the same for both the online and offline i
## Download and Unpack the Installer
1. Go to the [Harbor releases page](https://github.com/goharbor/harbor/releases).
1. Select either the online or offline installer for the version you want to install.
1. Download either the online or offline installer for the version you want to install.
1. Optionally download the corresponding `*.asc` file to verify that the package is genuine.
The `*.asc` file is an OpenPGP key file. Perform the following steps to verify that the downloaded bundle is genuine.
1. Obtain the public key for the `*.asc` file.
<pre>gpg --keyserver hkps://keyserver.ubuntu.com --receive-keys 644FF454C0B4115C</pre>
You should see the message ` public key "Harbor-sign (The key for signing Harbor build) <jiangd@vmware.com>" imported`
1. Verify that the package is genuine by running one of the following commands.
- Online installer: <pre>gpg -v --keyserver hkps://keyserver.ubuntu.com --verify harbor-online-installer-<i>version</i>.tgz.asc</pre>
- Offline installer: <pre>gpg -v --keyserver hkps://keyserver.ubuntu.com --verify harbor-offline-installer-<i>version</i>.tgz.asc</pre>
The `gpg` command verifies that the signature of the bundle matches that of the `*.asc` key file. You should see confirmation that the signature is correct.
<pre>
gpg: armor header: Version: GnuPG v1
gpg: assuming signed data in 'harbor-offline-installer-v1.10.0-rc2.tgz'
gpg: Signature made Fri, Dec 6, 2019 5:04:17 AM WEST
gpg: using RSA key 644FF454C0B4115C
gpg: using pgp trust model
gpg: Good signature from "Harbor-sign (The key for signing Harbor build) &lt;jiangd@vmware.com&gt; [unknown]
</pre>
1. Use `tar` to extract the installer package:
- Online installer:<pre>bash $ tar xvf harbor-online-installer-<em>version</em>.tgz</pre>

View File

@ -1,8 +1,8 @@
# Harbor Installation Prerequisites
Harbor is deployed as several Docker containers. You can therefore deploy it on any Linux distribution that supports Docker. The target host requires Docker and Docker Compose to be installed.
Harbor is deployed as several Docker containers. You can therefore deploy it on any Linux distribution that supports Docker. The target host requires Docker, and Docker Compose to be installed.
## Hardware
### Hardware
The following table lists the minimum and recommended hardware configurations for deploying Harbor.
@ -12,25 +12,25 @@ The following table lists the minimum and recommended hardware configurations fo
|Mem|4 GB|8 GB|
|Disk|40 GB|160 GB|
## Software
### Software
The following table lists the software versions that must be installed on the target host.
|Software|Version|Description|
|---|---|---|
|Docker Engine|17.06.0-ce+ or higher|For installation instructions, see the [Docker Engine doc](https://docs.docker.com/engine/installation/)|
|Docker Compose|1.18.0 or higher|For installation instructions, see [Docker Compose doc](https://docs.docker.com/compose/install/)|
|OpenSSL|Latest is preferred|Used to generate the Harbor certificate and keys|
|Docker engine|version 17.06.0-ce+ or higher|For installation instructions, see [docker engine doc](https://docs.docker.com/engine/installation/)|
|Docker Compose|version 1.18.0 or higher|For installation instructions, see [docker compose doc](https://docs.docker.com/compose/install/)|
|Openssl|latest is preferred|Used to generate certificate and keys for Harbor|
## Network ports
### Network ports
Harbor requires that the following ports be open on the target host.
|Port|Protocol|Description|
|---|---|---|
|443|HTTPS|Harbor interface and core API accept HTTPS requests on this port. You can change this port in the configuration file.|
|443|HTTPS|Harbor portal and core API accept HTTPS requests on this port. You can change this port in the configuration file.|
|4443|HTTPS|Connections to the Docker Content Trust service for Harbor. Only required if Notary is enabled. You can change this port in the configuration file.|
|80|HTTP|Harbor interface and core API accept HTTP requests on this port. You can change this port in the configuration file.|
|80|HTTP|Harbor portal and core API accept HTTP requests on this port. You can change this port in the configuration file.|
## What to Do Next ##

View File

@ -27,7 +27,7 @@ $ docker login reg.yourdomain.com
$ docker push reg.yourdomain.com/myproject/myrepo:mytag
```
**IMPORTANT:** If your installation of Harbor uses HTTP, you must add the option `--insecure-registry` to your client's Docker daemon and restart the Docker service.
**IMPORTANT:** If your installation of Harbor uses HTTP, you must add the option `--insecure-registry` to your client's Docker daemon and restart the Docker service. For more information, see [Connecting to Harbor via HTTP](#connect_http) below.
## Installation with Notary
@ -51,6 +51,8 @@ To install Harbor with Clair service, add the `--with-clair` parameter when you
For more information about Clair, see the [Clair documentation](https://coreos.com/clair/docs/2.0.1/).
By default, Harbor limits the CPU usage of the Clair container to 150000 to avoid it using up all CPU resources. This is defined in the `docker-compose.clair.yml` file. You can modify this file based on your hardware configuration.
## Installation with Chart Repository Service
To install Harbor with chart repository service, add the `--with-chartmuseum` parameter when you run ```install.sh```:
@ -67,6 +69,31 @@ If you want to install all three of Notary, Clair and chart repository service,
$ sudo ./install.sh --with-notary --with-clair --with-chartmuseum
```
<a id="connect_http"></a>
## Connecting to Harbor via HTTP
**IMPORTANT:** If your installation of Harbor uses HTTP rather than HTTPS, you must add the option `--insecure-registry` to your client's Docker daemon. By default, the daemon file is located at `/etc/docker/daemon.json`.
For example, add the following to your `daemon.json` file:
<pre>
{
"insecure-registries" : ["<i>myregistrydomain.com</i>:5000", "0.0.0.0"]
}
</pre>
After you update `daemon.json`, you must restart both Docker Engine and Harbor.
1. Restart Docker Engine.
`systemctl restart docker`
1. Stop Harbor.
`docker-compose down -v`
1. Restart Harbor.
`docker-compose up -d`
## What to Do Next ##
If installation succeeds, continue to set up Harbor by following the instructions in [Post-Installation Configuration](install_config/configuration/_index.md) and [Initial Configuration in the Harbor UI](install_config/configuration/initial_config_ui.md).

View File

@ -2,6 +2,8 @@
## Harbor Doesn't Start or Functions Incorrectly
Harbor Doesn't Start or Functions Incorrectly
When Harbor does not function correctly, run the following commands to find out if all of Harbor's containers in **UP** status:
```
$ sudo docker-compose ps
@ -20,7 +22,7 @@ When Harbor does not function correctly, run the following commands to find out
If a container is not in the `Up` state, check the log file for that container in `/var/log/harbor`. For example, if the `harbor-core` container is not running, look at the `core.log` log file.
## Using nginx or Load Balancing
### Using nginx or Load Balancing
When setting up Harbor behind an `nginx` proxy or elastic load balancing, look for the following line in `common/config/nginx/nginx.conf` and, if the proxy already has similar settings, remove it from the sections `location /`, `location /v2/` and `location /service/`.