kacole2/install.sh

## install.sh
#!/bin/bash

# This script will pre-install everything needed to install Harbor on CentOS 7
# It will install Harbor using the Online Version which pulls images from DockerHub

# Python & Docker Pre-reqs
yum install gcc openssl-devel bzip2-devel wget yum-utils device-mapper-persistent-data lvm2 -y

# Install Python 2.7.15
cd /usr/src
wget https://www.python.org/ftp/python/2.7.15/Python-2.7.15.tgz
tar xzf Python-2.7.15.tgz
cd Python-2.7.15
./configure --enable-optimizations
make altinstall
curl "https://bootstrap.pypa.io/get-pip.py" -o "get-pip.py"
python2.7 get-pip.py

# Install Docker
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
yum install docker-ce -y
systemctl enable docker
groupadd docker
MAINUSER=$(logname)
usermod -aG docker $MAINUSER

# Create Self-Signed OpenSSL Certs
mkdir -p /home/$MAINUSER/harbor_install
mkdir -p /home/$MAINUSER/harbor_install/openssl
cd /home/$MAINUSER/harbor_install/openssl
FQDN="$(hostname -f)"
echo subjectAltName = IP:"$(hostname --ip-address)" > extfile.cnf
openssl req -newkey rsa:4096 -nodes -sha256 -keyout ca.key -x509 -days 3650 -out ca.crt -subj "/C=US/ST=CA/L=San Francisco/O=VMware/OU=IT Department/CN=${FQDN}"
openssl req -newkey rsa:4096 -nodes -sha256 -keyout ${FQDN}.key -out ${FQDN}.csr -subj "/C=US/ST=CA/L=San Francisco/O=VMware/OU=IT Department/CN=${FQDN}"
openssl x509 -req -days 3650 -in ${FQDN}.csr -CA ca.crt -CAkey ca.key -CAcreateserial -extfile extfile.cnf -out ${FQDN}.crt

# Copy certs to root for Harbor Inatallation
mkdir -p /root/cert/
cp ${FQDN}.crt /root/cert/
cp ${FQDN}.key /root/cert/

# Copy certs to Docker to get around X509 unauthorized cert error
mkdir -p /etc/docker/certs.d/${FQDN}/
cp ${FQDN}.crt /etc/docker/certs.d/${FQDN}/
cp ${FQDN}.key /etc/docker/certs.d/${FQDN}/
cp ca.crt /etc/docker/certs.d/${FQDN}/
cp ca.key /etc/docker/certs.d/${FQDN}/
cp /etc/docker/certs.d/${FQDN}/${FQDN}.crt /etc/docker/certs.d/${FQDN}/${FQDN}.cert
cp /etc/docker/certs.d/${FQDN}/ca.crt /etc/docker/certs.d/${FQDN}/ca.cert

# Copy certs to TLS for Notary usage
mkdir -p /home/${MAINUSER}/.docker/tls/${FQDN}:4443/
cp ca.crt /home/${MAINUSER}/.docker/tls/${FQDN}:4443/
cp ca.key /home/${MAINUSER}/.docker/tls/${FQDN}:4443/
cp /home/${MAINUSER}/.docker/tls/${FQDN}:4443/ca.crt /home/${MAINUSER}/.docker/tls/${FQDN}:4443/ca.cert
chown ${MAINUSER}:${MAINUSER} /home/${MAINUSER}/.docker

# Start the Docker Service
systemctl start docker

# Install Docker Compose
#  Can't use the standard docker method because the Harbor installation script is looking in the incorrect $PATH
#curl -L https://github.com/docker/compose/releases/download/1.22.0/docker-compose-$(uname -s)-$(uname -m) -o /usr/local/bin/docker-compose
#chmod +x /usr/local/bin/docker-compose
#  Install Docker Compose using PIP
yum install epel-release -y
pip install docker-compose

# Install Docker Notary
curl -L https://github.com/theupdateframework/notary/releases/download/v0.6.1/notary-$(uname -s)-amd64 -o /usr/local/bin/notary
chmod +x /usr/local/bin/notary

cd /home/$MAINUSER/harbor_install
wget https://storage.googleapis.com/harbor-releases/release-1.6.0/harbor-online-installer-v1.6.0.tgz
tar xvf harbor-online-installer-v1.6.0.tgz
cd harbor
sed -i "s|hostname = reg.mydomain.com|hostname = $FQDN|g" harbor.cfg
sed -i "s|ui_url_protocol = http|ui_url_protocol = https|g" harbor.cfg
sed -i "s|ssl_cert = /data/cert/server.crt|ssl_cert = /root/cert/$FQDN.crt|g" harbor.cfg
sed -i "s|ssl_cert_key = /data/cert/server.key|ssl_cert_key = /root/cert/$FQDN.key|g" harbor.cfg

# Prepare Harbor
./prepare
# Install Harbor
./install.sh --with-notary --with-clair
	#!/bin/bash

	# This script will pre-install everything needed to install Harbor on CentOS 7
	# It will install Harbor using the Online Version which pulls images from DockerHub

	# Python & Docker Pre-reqs
	yum install gcc openssl-devel bzip2-devel wget yum-utils device-mapper-persistent-data lvm2 -y

	# Install Python 2.7.15
	cd /usr/src
	wget https://www.python.org/ftp/python/2.7.15/Python-2.7.15.tgz
	tar xzf Python-2.7.15.tgz
	cd Python-2.7.15
	./configure --enable-optimizations
	make altinstall
	curl "https://bootstrap.pypa.io/get-pip.py" -o "get-pip.py"
	python2.7 get-pip.py

	# Install Docker
	yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
	yum install docker-ce -y
	systemctl enable docker
	groupadd docker
	MAINUSER=$(logname)
	usermod -aG docker $MAINUSER

	# Create Self-Signed OpenSSL Certs
	mkdir -p /home/$MAINUSER/harbor_install
	mkdir -p /home/$MAINUSER/harbor_install/openssl
	cd /home/$MAINUSER/harbor_install/openssl
	FQDN="$(hostname -f)"
	echo subjectAltName = IP:"$(hostname --ip-address)" > extfile.cnf
	openssl req -newkey rsa:4096 -nodes -sha256 -keyout ca.key -x509 -days 3650 -out ca.crt -subj "/C=US/ST=CA/L=San Francisco/O=VMware/OU=IT Department/CN=${FQDN}"
	openssl req -newkey rsa:4096 -nodes -sha256 -keyout ${FQDN}.key -out ${FQDN}.csr -subj "/C=US/ST=CA/L=San Francisco/O=VMware/OU=IT Department/CN=${FQDN}"
	openssl x509 -req -days 3650 -in ${FQDN}.csr -CA ca.crt -CAkey ca.key -CAcreateserial -extfile extfile.cnf -out ${FQDN}.crt

	# Copy certs to root for Harbor Inatallation
	mkdir -p /root/cert/
	cp ${FQDN}.crt /root/cert/
	cp ${FQDN}.key /root/cert/

	# Copy certs to Docker to get around X509 unauthorized cert error
	mkdir -p /etc/docker/certs.d/${FQDN}/
	cp ${FQDN}.crt /etc/docker/certs.d/${FQDN}/
	cp ${FQDN}.key /etc/docker/certs.d/${FQDN}/
	cp ca.crt /etc/docker/certs.d/${FQDN}/
	cp ca.key /etc/docker/certs.d/${FQDN}/
	cp /etc/docker/certs.d/${FQDN}/${FQDN}.crt /etc/docker/certs.d/${FQDN}/${FQDN}.cert
	cp /etc/docker/certs.d/${FQDN}/ca.crt /etc/docker/certs.d/${FQDN}/ca.cert

	# Copy certs to TLS for Notary usage
	mkdir -p /home/${MAINUSER}/.docker/tls/${FQDN}:4443/
	cp ca.crt /home/${MAINUSER}/.docker/tls/${FQDN}:4443/
	cp ca.key /home/${MAINUSER}/.docker/tls/${FQDN}:4443/
	cp /home/${MAINUSER}/.docker/tls/${FQDN}:4443/ca.crt /home/${MAINUSER}/.docker/tls/${FQDN}:4443/ca.cert
	chown ${MAINUSER}:${MAINUSER} /home/${MAINUSER}/.docker

	# Start the Docker Service
	systemctl start docker

	# Install Docker Compose
	# Can't use the standard docker method because the Harbor installation script is looking in the incorrect $PATH
	#curl -L https://github.com/docker/compose/releases/download/1.22.0/docker-compose-$(uname -s)-$(uname -m) -o /usr/local/bin/docker-compose
	#chmod +x /usr/local/bin/docker-compose
	# Install Docker Compose using PIP
	yum install epel-release -y
	pip install docker-compose

	# Install Docker Notary
	curl -L https://github.com/theupdateframework/notary/releases/download/v0.6.1/notary-$(uname -s)-amd64 -o /usr/local/bin/notary
	chmod +x /usr/local/bin/notary

	cd /home/$MAINUSER/harbor_install
	wget https://storage.googleapis.com/harbor-releases/release-1.6.0/harbor-online-installer-v1.6.0.tgz
	tar xvf harbor-online-installer-v1.6.0.tgz
	cd harbor
	sed -i "s\|hostname = reg.mydomain.com\|hostname = $FQDN\|g" harbor.cfg
	sed -i "s\|ui_url_protocol = http\|ui_url_protocol = https\|g" harbor.cfg
	sed -i "s\|ssl_cert = /data/cert/server.crt\|ssl_cert = /root/cert/$FQDN.crt\|g" harbor.cfg
	sed -i "s\|ssl_cert_key = /data/cert/server.key\|ssl_cert_key = /root/cert/$FQDN.key\|g" harbor.cfg

	# Prepare Harbor
	./prepare
	# Install Harbor
	./install.sh --with-notary --with-clair