Harbor Installation & Configuration

Preparation

# mkdir /workspace
# cd /workspace
# wget https://github.com/goharbor/harbor/releases/download/v1.10.1/harbor-offline-installer-v1.10.1.tgz
# tar -xvf harbor-offline-installer-v1.10.1.tgz
# cd harbor

# vi harbor.yml

hostname: 192.168.65.141 <- Ubah sesuai dengan IP Harbor.
  http:
    port: 80
  https:
    port: 443
    certificate: /data/cert/example.com.crt
    private_key: /data/cert/example.com.key

Crete SSL self-sign certificates

# openssl genrsa -out ca.key 4096

# openssl req -x509 -new -nodes -sha512 -days 3650 \
   -subj "/C=CN/ST=Jakarta/L=Jakarta/O=example/OU=Personal/CN=example.com" \
   -key ca.key \
   -out ca.crt

# openssl genrsa -out example.com.key 4096

# openssl req -sha512 -new \
   -subj "/C=CN/ST=Jakarta/L=Jakarta/O=example/OU=Personal/CN=example.com" \
   -key example.com.key \
   -out example.com.csr

# cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names

[alt_names]
DNS.1=example.com
DNS.2=example
DNS.3=harbor
IP.1=192.168.65.141
EOF

# openssl x509 -req -sha512 -days 3650 \
   -extfile v3.ext \
   -CA ca.crt -CAkey ca.key -CAcreateserial \
   -in example.com.csr \
   -out example.com.crt

# mkdir /data/cert/
# cp example.com.crt /data/cert/
# cp example.com.key /data/cert/
# openssl x509 -inform PEM -in example.com.crt -out example.com.cert
# mkdir /etc/docker/certs.d/example.com/
# cp example.com.cert /etc/docker/certs.d/example.com/
# cp example.com.key /etc/docker/certs.d/example.com/
# cp ca.crt /etc/docker/certs.d/example.com/
# cp ca.crt /usr/local/share/ca-certificates/
# update-ca-certificates
# systemctl restart docker

Deploy Harbor

# ./prepare
# docker-compose down -v
# docker-compose up -d

Push Docker images

# docker login example.com
# docker tag mysql:latest example.com/nama_project/mysql:latest
# docker push example.com/nama_project/mysql:latest

Done

Monitoring Jenkins dengan Prometheus dan Grafana

1. Jalankan container jenkins, prometheus dan grafana, dalam tutorial ini semua container ada di dalam satu host.

# docker run -d --name invaleed/jenkins-custom -p 8080:8080 -p 50000:50000 jenkins
# docker run -d --name prometheus -p 9090:9090 prom/prometheus
# docker run -d --name grafana -p 3000:3000 grafana/grafana

2. Install “Prometheus metrics plugin” di Jenkins
3. Periksa hasil instalasi plugin dengan mengakses http://JENKINS_HOST:PORT/prometheus
4. Ubah konfigurasi prometheus dengan menambahakan konfigurasi berikut di bagian paling bawah pada berkas prometheus.yml

# docker exec -it prometheus /bin/sh
# vi /etc/prometheus/prometheus.yml

- job_name: 'jenkins'
  metrics_path: /prometheus
  static_configs:
    - targets: ['JENKINS_HOST:PORT']

# docker restart prometheus

5. Login ke grafana http://GRAFANA_HOST:PORT/ menggunakan username admin/admin
6. Dashboard — Add Datastore — pilih Prometheus, masukkan url “PROMETHEUS_HOST:PORT”, save & test.
7. Dashboard — Import Dashboard — Masukkan ID 9964
8. Done