-
Notifications
You must be signed in to change notification settings - Fork 16
harbor_feature
The appliance comes with a preinstalled Harbor service and it includes the following features:
- Zero-touch deployment and configuration of:
- service IP address
- internal database password
- Harbor admin user password
- service SSL certificate
- Use of a persistent disk image for storing the registry images (optional)
In this guide you'll learn how to use the contextualization attributes to automate the setup and configuration of your Harbor registries.
The contextualization parameters (CONTEXT section) in the VM template controls the configuration of the service, see the table below
| Parameter | Default | Description |
|---|---|---|
ONEAPP_HARBOR_ADMIN_PASSWORD |
Harbor12345 |
Harbor password for the admin user |
ONEAPP_HARBOR_DB_PASSWORD |
random | Harbor PostgreSQL database password |
ONEAPP_HARBOR_HOSTNAME |
local IP | Harbor hostname/IP exposing the service (certificate CN) |
ONEAPP_HARBOR_SSL_CERT |
self-signed | SSL certificate (.crt content). Base64 encoded |
ONEAPP_HARBOR_SSL_KEY |
self-signed | SSL private key (.key content). Base64 encoded |
ONEAPP_HARBOR_REGISTRY_DEV |
Harbor registry disk device name (e.g. sdb, vdb, etc.) |
If ONEAPP_HARBOR_SSL_CERT and ONEAPP_HARBOR_SSL_KEY are set, the service will use this certificate for the HTTPS (port 443) service. In this case the ONEAPP_HARBOR_HOSTNAME should be set to the CN of the provided certificate.
Note
The service will also listen on port 80 (HTTP), redirecting the traffic to the HTTPS port.
If not, a self-signed certificate will be generated using the provided value in ONEAPP_HARBOR_HOSTNAME or the first routable VM IP address. In this case, you will have to add the repository (value of ONEAPP_HARBOR_HOSTNAME or VM IP) to the list of insecure-registries in /etc/docker/daemon.json configuration file.
Important
The self-signed certificates are impractical for a production environment! For the serious use, you should get SSL certificates from a trusted certificate authority.
Registry data can be configured to use an external disk. You can make this disk persistent to preserve the registry once the harbor instance is terminated or to use it in multiple harbor appliances for different teams or project. For example, use the following CLI command to create a harbor_storage image:
oneimage create -d default --name Harbor_storage --prefix vd --fs xfs --size 40960 --type OS --format qcow2 --persistent
Note
Adjust the datastore ID, disk size, and disk FS type. The command uses the default datastore, a disk size of 40960MB and XFS filesystem type. Also the image can be --persistent to keep a copy of the registry data after the VM is destroyed.
Finally add a DISK to the Harbor VM template based on this new image. Now you need to configure the appliance to use this disk by setting the ONEAPP_HARBOR_REGISTRY_DEV to the disk device. The actual device used by the Guest OS will the depend on the bus e.g. sdb or vdb depending on the DEV_PREFIX used in the oneimage create above.
Important
You need to use the same ONEAPP_HARBOR_ADMIN_PASSWORD and ONEAPP_HARBOR_DB_PASSWORD on all Harbor instances using the same registry disk image.
- OpenNebula Apps Overview
- OS Appliances Update Policy
- OneApps Quick Intro
- Build Instructions
- Linux Contextualization Packages
- Windows Contextualization Packages
- OneKE (OpenNebula Kubernetes Edition)
- Virtual Router
- Release Notes
- Overview
- Quick Start
- OpenRC Services
- Virtual Router Modules
- Glossary
- WordPress
- Harbor Container Registry
- MinIO
- Development