F: Implementation of Harbor-based Docker Registry Appliance for OpenNebula Marketplace #79
Description
Harbor Docker Registry Appliance for OpenNebula Marketplace
Feature Description
Implementation of a Harbor-based Docker registry appliance for publication in the OpenNebula Marketplace. This appliance will provide a robust and secure Docker registry environment using Harbor.
Main Characteristics:
- Base OS: Ubuntu 22.04.
- Registry Platform: Harbor an open-source and self-hosted registry for container images.
Use Case
As part of the 6GSandbox project, this Docker registry appliance will enhance the OneKE offer by allowing organizations to easily deploy and manage their own Docker registries.
Data Model
Inputs:
- Hostname
- Admin password
- SSL certificate path
- Private key path
Actions:
- Bootstrap: Initial VM setup, including OS installation and network configuration.
- Installation: Deployment and configuration of Docker and Harbor, including setting up Harbor's configuration files (
harbor.yml) with the correct certificate paths and system settings. - Cleanup: Removal of unnecessary files to minimize disk footprint.
Documentation
This section will cover the deployment and management of the Harbor-based Docker registry appliance, including:
- Installation guide
- User manual for the Harbor interface
- Troubleshooting tips
Tests
Test Descriptions:
- Functionality Tests: Ensure the appliance boots correctly and Harbor operates as expected.
- Integration Tests: Validate appliance integration with the existing OpenNebula infrastructure.
Testing Environment:
- Tests will be performed in a micro-environment mimicking a typical SME setup.
- New microenv needed? Jenkins?
Other Considerations
Security Implications:
- SSL/TLS setup validation for secure communications.
New Files:
- Installation scripts
- Default configuration files for Harbor
References
- Harbor Official Website
- Harbor - A Trusted Cloud-Native Registry for Kubernetes and Docker
- Set Up a Self-Hosted Harbor Registry and Deploy Images to Kubernetes
Work Plan
- Phase 1: Selection and setup of the base OS, Docker and Harbor Installation and VM conversion to QCOW2 image (1 day).
- Phase 2: Testing and documentation preparation (2 days).
- Phase 3: Submission to the OpenNebula Marketplace and Feedback (2 days).
- Phase 4: Final Adjustments and Release (2 days).
Step-by-Step Installation Guide
1. Update and Install Necessary Packages
sudo apt update && sudo apt install openssl ca-certificates curl gnupg -y2. Set Up Docker Repository
sudo install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
sudo chmod a+r /etc/apt/keyrings/docker.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(. /etc/os-release && echo $VERSION_CODENAME) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt update
sudo apt install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin -y3. Generate SSL Certificates
mkdir certs
openssl req -x509 -nodes -days 730 -newkey rsa:4096 -sha256 -keyout certs/harbor.testlab.local.key -addext "subjectAltName = DNS:harbor.testlab.local" -out certs/harbor.testlab.local.crt
sudo mv certs/harbor.testlab.local.crt /etc/ssl/certs/
sudo mv certs/harbor.testlab.local.key /etc/ssl/private/4. Download and Install Harbor
curl -s https://api.github.com/repos/goharbor/harbor/releases/latest | grep browser_download_url | cut -d '"' -f 4 | grep '\.tgz$' | grep online | wget -i -
tar -xvzf harbor-online-installer-v.tgz
cp harbor.yml.tmpl harbor.yml
nano harbor.yml # Modify the paths of certificate and private_key
sudo ./install.shNote: In the harbor.yml file, set the certificate and private_key fields to /etc/ssl/certs/harbor.testlab.local.crt and /etc/ssl/private/harbor.testlab.local.key, respectively.
5. Clean Up
sudo apt-get clean
sudo rm -rf /var/lib/apt/lists/*6. Convert VM Disk to QCOW2 Image
sudo qemu-img convert -f raw -O qcow2 /dev/xvda1 converted.qcow2
gzip converted.qcow2