devteam/sharenet
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix Harbor registry install directory
Some checks are pending
CI/CD Pipeline / Test Backend (push) Waiting to run
Details
CI/CD Pipeline / Test Frontend (push) Waiting to run
Details
CI/CD Pipeline / Build and Push Docker Images (push) Blocked by required conditions
Details
CI/CD Pipeline / Deploy to Production (push) Blocked by required conditions
Details

Browse source
This commit is contained in:
continuist 2025-06-29 01:56:13 -04:00
parent 04b8537c96
commit 34a2a403b0
1 changed files with 40 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

53
CI_CD_PIPELINE_SETUP_GUIDE.md
View file

@ -455,14 +455,7 @@ sudo usermod -aG docker SERVICE_USER
### Step 5: Set Up Harbor Container Registry ### Step 5: Set Up Harbor Container Registry
#### 5.1 Create Harbor Directory #### 5.1 Generate SSL Certificates
```bash
sudo mkdir -p /opt/registry
sudo chown SERVICE_USER:SERVICE_USER /opt/registry
```
#### 5.2 Generate SSL Certificates
```bash ```bash
# Create system SSL directory for Harbor certificates # Create system SSL directory for Harbor certificates
@ -486,7 +479,7 @@ sudo chmod 644 /etc/ssl/registry/registry.crt
- `registry.key`: `600` (owner read/write only) - private key must be secure - `registry.key`: `600` (owner read/write only) - private key must be secure
- `registry.crt`: `644` (owner read/write, group/others read) - certificate can be read by services - `registry.crt`: `644` (owner read/write, group/others read) - certificate can be read by services
#### 5.3 Update Harbor Configuration with Actual IP Address #### 5.2 Update Harbor Configuration with Actual IP Address
```bash ```bash
# Switch to SERVICE_USER (registry directory owner) # Switch to SERVICE_USER (registry directory owner)
@ -511,7 +504,7 @@ exit
**Important**: This step replaces all instances of `YOUR_CI_CD_IP` with your actual CI/CD Linode IP address and all instances of `APP_NAME` with the actual application name in the Harbor configuration files. **Important**: This step replaces all instances of `YOUR_CI_CD_IP` with your actual CI/CD Linode IP address and all instances of `APP_NAME` with the actual application name in the Harbor configuration files.
#### 5.4 Set Harbor Environment Variables #### 5.3 Set Harbor Environment Variables
```bash ```bash
# Set environment variables for Harbor # Set environment variables for Harbor
@ -528,7 +521,7 @@ sed -i "s/your-db-password/$DB_PASSWORD/g" docker-compose.yml
**Important**: Change the default passwords for production use. The default admin password is `Harbor12345` - change this immediately after first login. **Important**: Change the default passwords for production use. The default admin password is `Harbor12345` - change this immediately after first login.
#### 5.5 Start Harbor #### 5.4 Start Harbor
```bash ```bash
# Switch to SERVICE_USER (registry directory owner) # Switch to SERVICE_USER (registry directory owner)
@ -543,7 +536,7 @@ exit
**Important**: Harbor startup can take 2-3 minutes as it initializes the database and downloads vulnerability databases. The health check will ensure all services are running properly. **Important**: Harbor startup can take 2-3 minutes as it initializes the database and downloads vulnerability databases. The health check will ensure all services are running properly.
#### 5.6 Wait for Harbor Startup #### 5.5 Wait for Harbor Startup
```bash ```bash
# Monitor Harbor startup progress # Monitor Harbor startup progress
@ -553,7 +546,7 @@ docker compose logs -f
**Expected output**: You should see logs from all Harbor services (core, database, redis, registry, portal, nginx, jobservice, trivy) starting up. Wait until you see "Harbor has been installed and started successfully" or similar success messages. **Expected output**: You should see logs from all Harbor services (core, database, redis, registry, portal, nginx, jobservice, trivy) starting up. Wait until you see "Harbor has been installed and started successfully" or similar success messages.
#### 5.7 Test Harbor Setup #### 5.6 Test Harbor Setup
```bash ```bash
# Check if all Harbor containers are running # Check if all Harbor containers are running
@ -571,6 +564,39 @@ curl -k -I https://localhost:8080
**Important**: All Harbor services should show as "Up" in the `docker compose ps` output. The health check should return a JSON response indicating all services are healthy. **Important**: All Harbor services should show as "Up" in the `docker compose ps` output. The health check should return a JSON response indicating all services are healthy.
#### 5.7 Test Harbor Access
```bash
# Test Docker login to Harbor
docker login YOUR_CI_CD_IP:8080
# Enter: ci-user and your-secure-password
# Create a test image
echo "FROM alpine:latest" > /tmp/test.Dockerfile
echo "RUN echo 'Hello from Harbor test image'" >> /tmp/test.Dockerfile
# Build and tag test image for public project
docker build -f /tmp/test.Dockerfile -t YOUR_CI_CD_IP:8080/public/test:latest /tmp
# Push to Harbor (requires authentication)
docker push YOUR_CI_CD_IP:8080/public/test:latest
# Verify image is in Harbor
curl -k https://localhost:8080/v2/_catalog
# Test public pull (no authentication required)
docker logout YOUR_CI_CD_IP:8080
docker pull YOUR_CI_CD_IP:8080/public/test:latest
# Clean up test image
docker rmi YOUR_CI_CD_IP:8080/public/test:latest
```
**Expected behavior**:
- ✅ **Push requires authentication**: `docker push` only works when logged in
- ✅ **Pull works without authentication**: `docker pull` works without login for public projects
- ✅ **Web UI accessible**: Harbor UI is available at `https://YOUR_CI_CD_IP:8080`
#### 5.8 Access Harbor Web UI #### 5.8 Access Harbor Web UI
1. **Open your browser** and navigate to: `https://YOUR_CI_CD_IP:8080` 1. **Open your browser** and navigate to: `https://YOUR_CI_CD_IP:8080`
@ -652,7 +678,6 @@ Your Harbor registry is now configured with the following access model:
- ✅ **Vulnerability scanning**: Automatic CVE scanning with Trivy - ✅ **Vulnerability scanning**: Automatic CVE scanning with Trivy
- ✅ **Role-based access control**: Different user roles (admin, developer, guest) - ✅ **Role-based access control**: Different user roles (admin, developer, guest)
- ✅ **Audit logs**: Complete trail of all operations - ✅ **Audit logs**: Complete trail of all operations
- ✅ **Image signing**: Content trust features available
### Step 6: Configure Docker for Harbor Access ### Step 6: Configure Docker for Harbor Access