How to install Harbor 2.0 on a Photon OS VM

Harbor is VMware’s free, open-source image registry that ships with a few of our Tanzu products (Tanzu Kubernetes Grid Integrated Edition and vSphere 7 with Tanzu). There are numerous ways to get it up and running but I wanted to take a crack at getting it running on Photon OS, also a free, open-source project from VMware. Photon OS is very small, very fast and optimized for running container workloads on vSphere infrastructure. If you’ve been working with many VMware products over the last several years, you’ll have noticed a shift to preferring Photon OS for a large number of our software products.

We’ll start off with downloading the latest minimal Photon OS iso file from Downloading Photon OS. For this example, this was the Photon OS 3.0 Revision 2 Update3 file. I went with the minimal install as it had almost everything I needed and nothing I didn’t. I uploaded this iso file to a datastore in my vSphere environment so that I could use it later when installing the operating system on my Harbor VM. This is a simple as navigating to the Storage view in the vSphere client, selecting your datastore and then clicking the Upload Files button.

The minimal Photon OS iso file is only about 300MB so it should take a minute or less to upload (unless you’ve got a very slow network).

Creating a VM to be used for Harbor is fairly straightforward. I’m using vSphere 7.0c but the steps are nearly identical for most releases back through 6.7.

  1. Right-click your cluster and select New Virtual Machine.
  2. Select Create a new virtual machine and click the Next button.
  1. Set a name for the new VM and choose a folder for it (if desired). Click the Next button.
  1. Select a compute resource (if desired) and click the Next button.
  1. Select a datastore and click the Next button.
  1. Choose your desired compatibility level (I left it at the default and this is usually fine) and click the Next button.
  1. Set the Guest OS Family and Version. Since we’re installing Photon OS, you should choose Linux as the family and VMware Photon OS (64-bit) as the version. Click the Next button.
  1. Since Harbor requires a minimum for 2 CPUs, 4GB of RAM and 40GB of disk, we’ll need to make a few changes on the Customize hardware page. You can increase these values beyond the minimums or add additional devices if your use-case warrants it. Be sure to choose the appropriate network and set the New CD/DVD Drive to the minimal Photon OS iso file that was uploaded previously. Click the Next button when you’re ready to proceed.
  1. If everything looks good on the summary page, click the Finish button.

It will only take a split-second for the VM to be created. Once it’s in your inventory, you can right-click it and select Power -> Power On. You can select the VM itself and then click on the Launch Web Console link.

You should be presented with a screen similar to the following:

Press the Enter key to move into the installation wizard.

You need to use the arrow keys on your keyboard to navigate but get the <Accept> button highlighted and then press the Enter key.

My VM only had one disk so there wasn’t much to here but you could choose to go with a custom partition layout if you didn’t want to accept the defaults. I chose to let the installer do everything for me so I got the <Auto> button highlighted and pressed the Enter key.

The networking page does require some thought or you’ll end up with a VM that is inaccessible on your network. I went with the manual configuration and provided the information needed, as seen on the following screenshot.

After you get the <Next> button highlighted and press the Enter key on the Network Configuration page, you’ll be asked which kernel you would like to install.

If you’re running this on vSphere you’ll probably be making the same choice I did and go with the VMware hypervisor optimized option but you could choose the Generic option if you have some need for it or are running this on an IAAS other than vSphere. Get the <Next> button highlighted and press the Enter key when you’re ready to proceed.

Configure the hostname and root password when prompted.

Get the <Next> button highlighted and press the Enter key when you’re happy with the values on both of these screens.

If you’re ready to get the installation started, get the Yes option highlighted and press the Enter key.

You’ll see a progress bar as well as some basic information about what’s being done as the installation is progressing.

And when the installation is done a very short while later, you’ll be prompted to reboot (just press any key at this point).

Be sure to edit the settings on your VM and set the CD/DVD Drive back to the default setting, Client Device.

One the harbor VM is finished booting, you should be presented with a login prompt.

Go ahead and login as the root user with the password you used during the installation wizard.

To access the system remotely you can either create a new user with the useradd command or allow the root user to login via SSH. The former is the preferred option but since I was just running this in a nested lab, I chose to allow root logins over SSH. This is accomplished by setting the PermitRootLogin value to yes in the /etc/ssh/sshd_config file.

sed -I 's/^PermitRootLogin no/PermitRootLogin yes/' /etc/ssh/sshd_config
systemctl restart sshd

And then I was able to ssh to my Harbor VM as the root user.

The installer configures the DNS settings and hostname but does not configure a domain suffix. I issued the following commands to get this set appropriately:

echo "Domain=corp.tanzu" >> /etc/systemd/network/99-static-en.network
systemctl restart systemd-networkd

For Harbor to function, we need to have docker installed and running. Photon OS comes with docker installed but it’s not enabled by default. The following commands take care of that for us:

systemctl enable docker
systemctl start docker

One of the pieces that we need that isn’t available on Photon OS by default is docker-compose. You can find detailed installation instructions for docker-compose at Install Compose but it’s really as simple as running the following two commands:

curl -L "https://github.com/docker/compose/releases/download/1.26.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/harbor

The only extra piece of software that I found I needed (outside of Harbor itself) was the tar executable. I used the tdnf install tar -y command to install it but you could also use yum install tar -y. And just to be sure I was running the latest and greatest Photon OS, I ran tdnf upgrade -y to get all packages up to the most current version.

Harbor does require a certificate to work properly (as does nearly every private registry) and there are numerous ways to create one. I’ve done this in the past with openssl and a simple CA built on Linux and have also used cert-manager. This time around I decided to go with the Microsoft Certificate Authority that I already had up and running on my Windows jump box. For a production environment you would likely be obtaining a CA certificate from a legitimate, external authority. If you are also using a Microsoft Certificate Authority though, you can use the following steps to create a certificate for Harbor.

The first step is to create a new key that will be used when creating the CSR. You can do this on the Harbor VM as it already has openssl installed.

openssl genrsa -out harbor.corp.tanzu.key 4096

Next up it to create an openssl configuration file that will be fed into openssl when creating the CSR. You can see from this example that I’m setting the commonname to harbor.corp.tanzu (the hostname of my Harbor VM) and also setting a few SANs in case anyone tries to get to it via it’s short name or IP address.

echo "[ req ]
default_bits = 4096
distinguished_name = req_distinguished_name
req_extensions = req_ext
prompt = no
[ req_distinguished_name ]
countryName = US
stateOrProvinceName = California
localityName = CA
organizationName = Tanzu
commonName = harbor.corp.tanzu
[ req_ext ]
subjectAltName = @alt_names
[alt_names]
DNS.1 = harbor.corp.tanzu
DNS.2 = harbor
IP.1 = 192.168.110.30" > harbor-cert.cnf

The last step is to use openssl to create the CSR that will be fed to the Microsoft Certificate Authority.

openssl req -config harbor-cert.cnf -nodes -new -out harbor.corp.tanzu.csr -key harbor.corp.tanzu.key

There should be a new file named harbor.corp.tanzu.csr in the current working directory.

When I access the web enrollment page for my Microsoft Certificate Authority, the following page is shown (you’ll likely see something similar):

Note: If you don’t already have a copy of the CA certificate saved, click on the Download a CA certificate, certificate chain, or CRL link and download the CA certificate in Base 64 format as it will be needed later.

Click on the Request a certificate link and then click on the advanced certificate request link on the next page.

Paste the contents of the CSR that was created earlier in the Base-64-encoded certificate request field and choose the appropriate Certificate Template. I already had a vSphere template created which works fine for this exercise (you can read about how to create one at Creating a Microsoft Certificate Authority Template for SSL certificate creation in vSphere 6.x/7.x (2112009).

Click the Submit button to create the certificate.

To download the certificate, set the type to Base 64 encoded and then click on the Download certificate link. A file named certnew.cer will be downloaded.

Rename the CA certificate file to ca.crt and the certnew.cer file to harbor.corp.tanzu.crt (or the FQDN of your Harbor VM). Copy both files to the Harbor VM.

The next set of commands (run on the Harbor VM) will get the necessary folder structure created for Docker and Harbor to use the new certificate and get everything copied to the right directories.

mkdir -p /data/
cert
mkdir -p /etc/docker/certs.d/harbor.corpt.tanzu
cp ~/harbor.corp.tanzu.crt /data/cert/
cp ~/harbor.corp.tanzu.key /data/cert/
openssl x509 -inform PEM -in ~/harbor.corp.tanzu.crt -out /etc/docker/certs.d/harbor.corpt.tanzu
/harbor.corp.tanzu.cert
cp ~/harbor.corp.tanzu.key /etc/docker/certs.d/harbor.corpt.tanzu/
cp ~/ca.crt /etc/docker/certs.d/harbor.corpt.tanzu/
systemctl restart docker

With all of this preliminary work out of the way, we’re finally ready to start installing Harbor. The first thing to do is get the installer executable. There are a few different varieties available on the Harbor Release page but I went with the 2.0.2 online installer variant.

curl -L https://github.com/goharbor/harbor/releases/download/v2.0.2/harbor-online-installer-v2.0.2.tgz -o ~/harbor.tgz

tar -zxvf ~/harbor.tgz
harbor/prepare
harbor/LICENSE
harbor/install.sh
harbor/common.sh
harbor/harbor.yml.tmpl

As you can see, there are only four files that come with this bundle. We’ll make a copy of the harbor.yml.tmpl file to be used during our installation. There are a few placeholder values that need to be updated…change the hostname value from reg.mydomain.com, change the certificate value from /your/certificate/path, change the private_key value from /your/private/key/path, change the harbor_admin_password value from Harbor12345 and change the root database user password from root123.

cp harbor/harbor.yml.tmpl harbor/harbor.yml

sed -i 's/hostname: reg.mydomain.com/hostname: harbor.corp.local/' ~/harbor/harbor.yml
sed -i 's/your\/certificate\/path/data\/cert\/harbor.corp.local.crt/' ~/harbor/harbor.yml
sed -i 's/your\/private\/key\/path/data\/cert\/harbor.corp.local.key/' ~/harbor/harbor.yml
sed -i 's/Harbor12345/VMware1!/' ~/harbor/harbor.yml
sed -i 's/root123/VMware1!/' ~/harbor/harbor.yml

There are loads of other settings that can be adjusted in here but these are the minimum needed to get Harbor successfully deployed. You can read about all of the various options at Configure the Harbor YML File.

When you’re ready, you can run the install.sh script with any additional parameters you want to use to customize the installation. My example below installs to the current directory (/root), installs the trivy scanner, Notary, Clair and the chart repository service. You can read about the different options that can be used with the installer script at Run the Installer Script.

harbor/install.sh --with-trivy --with-chartmuseum --with-clair --with-notary

You’ll see a lot of output as the installer has to pull down several container images to be used by Harbor.

Harbor Installer Output
[Step 0]: checking if docker is installed ...

Note: docker version: 19.03.10

[Step 1]: checking docker-compose is installed ...

Note: docker-compose version: 1.26.2


[Step 2]: preparing environment ...

[Step 3]: preparing harbor configs ...
prepare base dir is set to /root/harbor
Unable to find image 'goharbor/prepare:v2.0.2' locally
v2.0.2: Pulling from goharbor/prepare
07cd1d2c25e7: Pull complete
8619c71f6190: Pull complete
383992c4c4a1: Pull complete
176c2d89ef30: Pull complete
2b2aec6b7bd9: Pull complete
d50e9b907385: Pull complete
94d7a7b9afbb: Pull complete
6bf806af059b: Pull complete
Digest: sha256:7e4b50df3b7fe6bef66a0dc368f9b6882089508906901989738b521179e71f7e
Status: Downloaded newer image for goharbor/prepare:v2.0.2
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/registryctl/config.yml
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
Generated and saved secret to file: /data/secret/keys/secretkey
Successfully called func: create_root_cert
Successfully called func: create_root_cert
Successfully called func: create_cert
Copying certs for notary signer
Copying nginx configuration file for notary
Generated configuration file: /config/nginx/conf.d/notary.upstream.conf
Generated configuration file: /config/nginx/conf.d/notary.server.conf
Generated configuration file: /config/notary/server-config.postgres.json
Generated configuration file: /config/notary/server_env
Generated and saved secret to file: /data/secret/keys/defaultalias
Generated configuration file: /config/notary/signer_env
Generated configuration file: /config/notary/signer-config.postgres.json
Generated configuration file: /config/clair/postgres_env
Generated configuration file: /config/clair/config.yaml
Generated configuration file: /config/clair/clair_env
Generated configuration file: /config/clair-adapter/env
Generated configuration file: /config/trivy-adapter/env
Generated configuration file: /config/chartserver/env
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir



[Step 4]: starting Harbor ...
Creating network "harbor_harbor" with the default driver
Creating network "harbor_harbor-clair" with the default driver
Creating network "harbor_harbor-notary" with the default driver
Creating network "harbor_harbor-chartmuseum" with the default driver
Creating network "harbor_notary-sig" with the default driver
Pulling log (goharbor/harbor-log:v2.0.2)...
v2.0.2: Pulling from goharbor/harbor-log
07cd1d2c25e7: Already exists
d89ac869e801: Pull complete
8b9cd891f824: Pull complete
bd60aaa28aa3: Pull complete
75472aa9d464: Pull complete
e68df0fc8993: Pull complete
97fe23a823dc: Pull complete
1376ee2d952e: Pull complete
8185789cf6e6: Pull complete
Digest: sha256:570fceafb651e5c9490d270b4eeaf8f6871a1a02e623eec03feacea5ba28405a
Status: Downloaded newer image for goharbor/harbor-log:v2.0.2
Pulling registry (goharbor/registry-photon:v2.0.2)...
v2.0.2: Pulling from goharbor/registry-photon
07cd1d2c25e7: Already exists
3a9f69465479: Pull complete
75de84349314: Pull complete
737370c89d3b: Pull complete
8f75ac4c7b6f: Pull complete
dedd49693e33: Pull complete
Digest: sha256:be8963f9466c0d6722b5db1090ef36ebef1c94f805ebcb0616631d07ee5404e2
Status: Downloaded newer image for goharbor/registry-photon:v2.0.2
Pulling registryctl (goharbor/harbor-registryctl:v2.0.2)...
v2.0.2: Pulling from goharbor/harbor-registryctl
07cd1d2c25e7: Already exists
035312fd43ff: Pull complete
d88a09756dca: Pull complete
3aba5adb7c79: Pull complete
0e533f05b2c9: Pull complete
2277f1dbcb1c: Pull complete
95ec400e5164: Pull complete
Digest: sha256:5e4787c7e138efa9bccf5d73576d9f4fae8a7e9b4dd9bee753d47d4c53a5cb2f
Status: Downloaded newer image for goharbor/harbor-registryctl:v2.0.2
Pulling postgresql (goharbor/harbor-db:v2.0.2)...
v2.0.2: Pulling from goharbor/harbor-db
07cd1d2c25e7: Already exists
e948c37e7207: Pull complete
3a71cebd7999: Pull complete
f109dc6b3800: Pull complete
e4be30958527: Pull complete
82ce571198d0: Pull complete
5706317d7d15: Pull complete
fa8166be32b9: Pull complete
b4cf3d29c739: Pull complete
Digest: sha256:b48a75379f64bc753d5b77bd0f187404553577f4b7bca8653514618b48fd58eb
Status: Downloaded newer image for goharbor/harbor-db:v2.0.2
Pulling portal (goharbor/harbor-portal:v2.0.2)...
v2.0.2: Pulling from goharbor/harbor-portal
07cd1d2c25e7: Already exists
ba0578672ca0: Pull complete
a4049803e285: Pull complete
6e7b285c4e83: Pull complete
fd8e11cd61fa: Pull complete
814aa4d80c9d: Pull complete
15bc9946d17d: Pull complete
ce6b3b0ea5e0: Pull complete
901ce17214e0: Pull complete
Digest: sha256:e9770b4e81d23204f82f309a45b6bbf0f2d3d04b799d6809032370b32b3e8bc8
Status: Downloaded newer image for goharbor/harbor-portal:v2.0.2
Pulling redis (goharbor/redis-photon:v2.0.2)...
v2.0.2: Pulling from goharbor/redis-photon
07cd1d2c25e7: Already exists
4319f9523628: Pull complete
286473b88c0c: Pull complete
d42081d9071a: Pull complete
f945dcaa9608: Pull complete
Digest: sha256:2510920e4faef376509a41bbfe58ea62f3e3e1c0dbcfca579581909b279ebaaa
Status: Downloaded newer image for goharbor/redis-photon:v2.0.2
Pulling core (goharbor/harbor-core:v2.0.2)...
v2.0.2: Pulling from goharbor/harbor-core
07cd1d2c25e7: Already exists
bdc8a779277e: Pull complete
4e1127c85380: Pull complete
ffc6af618257: Pull complete
414603b1ee40: Pull complete
da211b348d01: Pull complete
c1b4d6a8d2d8: Pull complete
7663f4268e24: Pull complete
ca33837424db: Pull complete
Digest: sha256:8cedaa21e940155f37de0712954753638c050eda2630825f284eaab8df2ec6e2
Status: Downloaded newer image for goharbor/harbor-core:v2.0.2
Pulling jobservice (goharbor/harbor-jobservice:v2.0.2)...
v2.0.2: Pulling from goharbor/harbor-jobservice
07cd1d2c25e7: Already exists
deafefaaee4f: Pull complete
a7a2f8217853: Pull complete
3f37fa27fb65: Pull complete
e494603ffb58: Pull complete
bf3b99cc1215: Pull complete
Digest: sha256:d8477257a3ab8385b2c80ff229e87e9d3b20fb139e54e6657ffc6ff827eb2fcb
Status: Downloaded newer image for goharbor/harbor-jobservice:v2.0.2
Pulling proxy (goharbor/nginx-photon:v2.0.2)...
v2.0.2: Pulling from goharbor/nginx-photon
07cd1d2c25e7: Already exists
71bd4936dbd0: Pull complete
Digest: sha256:faa9c384b3e1abdb83043cd9212ad131a45a10a3dd1eddb629907eb1f7556116
Status: Downloaded newer image for goharbor/nginx-photon:v2.0.2
Pulling notary-signer (goharbor/notary-signer-photon:v2.0.2)...
v2.0.2: Pulling from goharbor/notary-signer-photon
07cd1d2c25e7: Already exists
36ad417faa91: Pull complete
4353b4f42868: Pull complete
47814cfd998a: Pull complete
5b77ebafec8b: Pull complete
6d4ed9afb582: Pull complete
6bb5aa0cd81f: Pull complete
Digest: sha256:141311d3f1609dcbaaeebcb4ba311817e92eb073fba7ba3ee540631f1dfb8321
Status: Downloaded newer image for goharbor/notary-signer-photon:v2.0.2
Pulling notary-server (goharbor/notary-server-photon:v2.0.2)...
v2.0.2: Pulling from goharbor/notary-server-photon
07cd1d2c25e7: Already exists
36ad417faa91: Already exists
4353b4f42868: Already exists
d94fae612c0a: Pull complete
c9b5b7a50cd4: Pull complete
6ca3b958e621: Pull complete
3b5129923539: Pull complete
Digest: sha256:2201af0b394c7de6ee06167e6985af2f2a0ebb4288f91e26209081c3ad553894
Status: Downloaded newer image for goharbor/notary-server-photon:v2.0.2
Pulling clair (goharbor/clair-photon:v2.0.2)...
v2.0.2: Pulling from goharbor/clair-photon
07cd1d2c25e7: Already exists
f3128675d018: Pull complete
9f90be1b140d: Pull complete
a64645d7754b: Pull complete
2d87fe2eb846: Pull complete
f75479f3eabb: Pull complete
426b5f795420: Pull complete
Digest: sha256:b03f5fb58928161dc32ab4ba7c5de4d23dd4d36da68e56a5709006567f90a75c
Status: Downloaded newer image for goharbor/clair-photon:v2.0.2
Pulling clair-adapter (goharbor/clair-adapter-photon:v2.0.2)...
v2.0.2: Pulling from goharbor/clair-adapter-photon
07cd1d2c25e7: Already exists
c5f1096eb386: Pull complete
0ad3ea9b33e1: Pull complete
a2f9213b6a03: Pull complete
d2da6b4c9ee9: Pull complete
ad89758617c9: Pull complete
Digest: sha256:518b17077d6cb2a3fd0f78aa1af529f5c7f1133076d893396b34b2e85273a794
Status: Downloaded newer image for goharbor/clair-adapter-photon:v2.0.2
Pulling trivy-adapter (goharbor/trivy-adapter-photon:v2.0.2)...
v2.0.2: Pulling from goharbor/trivy-adapter-photon
07cd1d2c25e7: Already exists
e41d2cfc0aef: Pull complete
0517ab0645b3: Pull complete
5905ece4c968: Pull complete
1a964cd6f92d: Pull complete
edb60e7a4b8e: Pull complete
465ae0d71fa0: Pull complete
Digest: sha256:316d0bc11a070c1a43a00af8f8c90f782a2ffcdceaf87fb29a3a6ac0aa5d95e2
Status: Downloaded newer image for goharbor/trivy-adapter-photon:v2.0.2
Pulling chartmuseum (goharbor/chartmuseum-photon:v2.0.2)...
v2.0.2: Pulling from goharbor/chartmuseum-photon
07cd1d2c25e7: Already exists
23cbc8230159: Pull complete
aa6fb2fbee20: Pull complete
d59a684068e1: Pull complete
677c6a771ab3: Pull complete
60f3109a22a6: Pull complete
Digest: sha256:367f25072ffaaac3332d1adc8fc8ebe695f3d7678ba8ec1907fc89b12d557cc2
Status: Downloaded newer image for goharbor/chartmuseum-photon:v2.0.2
Creating harbor-log ... done
Creating registryctl   ... done
Creating redis         ... done
Creating harbor-db     ... done
Creating harbor-portal ... done
Creating registry      ... done
Creating chartmuseum   ... done
Creating trivy-adapter ... done
Creating clair         ... done
Creating notary-signer ... done
Creating harbor-core   ... done
Creating clair-adapter     ... done
Creating notary-server     ... done
Creating nginx             ... done
Creating harbor-jobservice ... done
✔ ----Harbor has been installed and started successfully.----

At this point, Harbor should be up and running and you can test connectivity to the Harbor UI in a browser (https://harbor.corp.tanzu in my example):

Note: If you already had your CA certificate added to the Trusted Root Certificate Authorities store you shouldn’t get any certificate warnings when accessing the UI.

You can login as the admin user with the password that was configured in the yaml file during installation. Once in, you should see a single Project named library and not much else:

Before we can start pushing any images to Harbor, we need to get the harbor certificate copied to our local machine. This is similar to the prep work that was done on the Harbor VM prior to installing Harbor. Just make sure you have a copy of the Harbor certificate (or the CA certificate) on your local system and run commands similar to the following:

sudo mkdir -p /etc/docker/certs.d/harbor.corp.tanzu
sudo cp ~/harbor.corp.tanzu.crt /etc/docker/certs.d/harbor.corp.tanzu/ca.crt
sudo systemctl restart docker

Now you can login to Harbor with the docker command and start tagging and pushing images.

docker login harbor.corp.tanzu
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /home/ubuntu/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

docker pull busybox
Using default tag: latest
latest: Pulling from library/busybox
61c5ed1cbdf8: Pull complete
Digest: sha256:4f47c01fa91355af2865ac10fef5bf6ec9c7f42ad2321377c21e844427972977
Status: Downloaded newer image for busybox:latest
docker.io/library/busybox:latest

docker tag busybox harbor.corp.tanzu/library/busybox:latest

docker push harbor.corp.tanzu/library/busybox:latest
The push refers to repository [harbor.corp.tanzu/library/busybox]
514c3a3e64d4: Pushed
latest: digest: sha256:400ee2ed939df769d4681023810d2e4fb9479b8401d97003c710d0e20f7c49c6 size: 527

And you’ll see that the busybox image that was just pushed to Harbor is visible in the UI now as well.

The one thing that’s missing at this point is a means to get Harbor to start automatically at system boot. I opted to create a systemd service to handle this. If you choose to go this route you can use the following example and just make sure to change the path where Harbor was installed.

echo "
[Unit]
Description=Harbor
After=docker.service systemd-networkd.service systemd-resolved.service
Requires=docker.service
Documentation=http://github.com/vmware/harbor

[Service]
Type=simple
Restart=on-failure
RestartSec=5
ExecStart=/usr/local/bin/docker-compose -f /root/harbor/docker-compose.yml up
ExecStop=/usr/local/bin/docker-compose -f /root/harbor/docker-compose.yml down

[Install]
WantedBy=multi-user.target" | sudo tee /etc/systemd/system/harbor.service > /dev/null

chmod +x /etc/systemd/system/harbor.service
systemctl enable harbor.service

To switch over from the manual startup method invoked during installation and systemd, stop the current running processes and then start the systemd service.

docker-compose -v /root/harbor/docker-compose.yml down
Stopping nginx             ... done
Stopping harbor-jobservice ... done
Stopping harbor-core       ... done
Stopping harbor-portal     ... done
Stopping registry          ... done
Stopping harbor-db         ... done
Stopping redis             ... done
Stopping registryctl       ... done
Stopping harbor-log        ... done
WARNING: Found orphan containers (chartmuseum, trivy-adapter, notary-server, clair, notary-signer, clair-adapter) for this project. If you removed or renamed this service in your compose file, you can run this command with the --remove-orphans flag to clean it up.
Removing nginx             ... done
Removing harbor-jobservice ... done
Removing harbor-core       ... done
Removing harbor-portal     ... done
Removing registry          ... done
Removing harbor-db         ... done
Removing redis             ... done
Removing registryctl       ... done
Removing harbor-log        ... done
Removing network harbor_harbor

systemctl start harbor

You can check the status of the harbor service with the systemctl command.

systemctl status harbor
● harbor.service - Harbor
   Loaded: loaded (/etc/systemd/system/harbor.service; enabled; vendor preset: enabled)
   Active: active (running) since Sun 2020-08-23 00:05:26 UTC; 18s ago
     Docs: http://github.com/vmware/harbor
 Main PID: 3837 (docker-compose)
    Tasks: 12 (limit: 4718)
   Memory: 62.3M
   CGroup: /system.slice/harbor.service
           ├─3837 /usr/local/bin/docker-compose -f /root/harbor/docker-compose.yml up
           └─3838 /usr/local/bin/docker-compose -f /root/harbor/docker-compose.yml up

Aug 23 00:05:33 harbor docker-compose[3837]: Creating nginx             ...
Aug 23 00:05:35 harbor docker-compose[3837]: [216B blob data]
Aug 23 00:05:35 harbor docker-compose[3837]: harbor-core    | WARNING: no logs are available with the 'syslog' log driver
Aug 23 00:05:35 harbor docker-compose[3837]: harbor-db      | WARNING: no logs are available with the 'syslog' log driver
Aug 23 00:05:35 harbor docker-compose[3837]: harbor-jobservice | WARNING: no logs are available with the 'syslog' log driver
Aug 23 00:05:35 harbor docker-compose[3837]: harbor-portal  | WARNING: no logs are available with the 'syslog' log driver
Aug 23 00:05:35 harbor docker-compose[3837]: nginx          | WARNING: no logs are available with the 'syslog' log driver
Aug 23 00:05:35 harbor docker-compose[3837]: redis          | WARNING: no logs are available with the 'syslog' log driver
Aug 23 00:05:35 harbor docker-compose[3837]: registry       | WARNING: no logs are available with the 'syslog' log driver
Aug 23 00:05:35 harbor docker-compose[3837]: registryctl    | WARNING: no logs are available with the 'syslog' log driver

You can also use the journalctl -u harbor command to view logs from the harbor service if you suspect that there are issues with it.

2 thoughts on “How to install Harbor 2.0 on a Photon OS VM”

  1. Pingback: Working with TKG Extensions and Shared Services in TKG 1.2 – Little Stuff

  2. Pingback: VMware Blockchain 1.6.0.1 Install on vSphere 7U3 – Little Stuff

Leave a Comment

Your email address will not be published. Required fields are marked *