Mod first stuff to make it work

.gitignore

@@ -0,0 +1,2 @@
+harbor.yml
+cert/*

README.md

@@ -0,0 +1,131 @@
+**Harbor on Podman for Rocky Linux 9**
+
+This document provides a minimal, engineer‑oriented guide to deploy Harbor on Rocky Linux 9 using Podman and podman‑compose. It covers system preparation, repository setup, configuration, TLS certificate generation, installer adjustments, and troubleshooting.
+
+## 1. Prerequisites & System Preparation
+
+1. **Update base system**
+   ```bash
+   sudo dnf update -y
+   ```
+
+2. **Enable EPEL and install dependencies**
+   ```bash
+   sudo dnf install -y epel-release
+   sudo dnf install -y \
+     podman podman-docker buildah podman-compose \
+     python3-pip wget tar gzip \
+     policycoreutils-python-utils
+   ```
+
+3. **Enable Podman socket**
+   ```bash
+   sudo systemctl enable --now podman.socket
+   ```
+
+4. **SELinux configuration**
+   - Allow containers to manage cgroups:
+     ```bash
+     sudo setsebool -P container_manage_cgroup true
+     ```
+   - Label persistent data directory:
+     ```bash
+     sudo semanage fcontext -a -t svirt_sandbox_file_t "/opt/harbor-podman(/.*)?"
+     sudo restorecon -R /opt/harbor-podman
+     ```
+
+5. **Firewall (firewalld)**
+   ```bash
+   sudo firewall-cmd --add-port=443/tcp
+   sudo firewall-cmd --add-port=443/tcp --permanent
+   ```
+
+## 2. Repository Setup
+
+1. **Create target directory**
+   ```bash
+   sudo mkdir -p /opt/harbor-podman
+   ```
+
+2. **Clone your Git repository**
+   ```bash
+   cd /opt/harbor-podman
+   git clone ssh://git@code.swissmakers.ch:6022/michael.reber/harbor-podman.git .
+   ```
+
+3. **Prepare `harbor.yml`**
+   - Copy template:
+     ```bash
+     cp harbor.yml.tmpl harbor.yml
+     ```
+   - Update hostname:
+     ```bash
+     sed -i 's|^hostname:.*|hostname: harbor.swissmakers.ch|' harbor.yml
+     ```
+   - Set data volume path:
+     ```bash
+     sed -i 's|^data_volume: .*|data_volume: /opt/harbor-podman|' harbor.yml
+     ```
+
+## 3. TLS Certificate Generation
+
+Generate a self‑signed certificate valid for 10 years:
+```bash
+sudo mkdir -p /opt/harbor-podman/cert
+sudo openssl req -newkey rsa:4096 -nodes -x509 -days 3650 \
+  -subj "/C=CH/ST=Bern/L=Bern/O=Swissmakers/CN=harbor.swissmakers.ch" \
+  -keyout /opt/harbor-podman/cert/harbor.key \
+  -out    /opt/harbor-podman/cert/harbor.crt
+```
+
+Apply ownership:
+```bash
+sudo chown -R 1000:1000 /opt/harbor-podman
+```
+
+Inject cert paths into `harbor.yml`:
+```bash
+sed -i "s|^\(certificate:\).*|\1 /opt/harbor-podman/cert/harbor.crt|" harbor.yml
+sed -i "s|^\(private_key:\).*|\1 /opt/harbor-podman/cert/harbor.key|" harbor.yml
+```
+
+## 4. Credentials Hardening
+
+Generate random passwords for admin and database:
+```bash
+sed -i "s|^harbor_admin_password:.*|harbor_admin_password: \"$(openssl rand -base64 30)\"|" harbor.yml
+
+# Update DB password under `database:` block (two lines below):
+sed -i "/^database:/ { n; n; s|^  password:.*|  password: \"$(openssl rand -base64 30)\"| }" harbor.yml
+```
+
+## 5. Run the modified Installer for Podman
+
+1. **Ensure installer picks up bundle directory**
+   ```bash
+   export HARBOR_BUNDLE_DIR=/opt/harbor-podman
+   ```
+
+2. **Run it with or without included trivy-setup**
+   ```bash
+   ./install.sh --with-trivy
+   ```
+
+3. **Verify**
+   ```bash
+   podman ps -a
+   podman logs harbor-core
+   ```
+
+## Detailed Explanation of Key Adjustments here
+
+- **`container_manage_cgroup`**: Allows Podman to manage cgroups under SELinux enforcement.
+- **SELinux file context**: The `svirt_sandbox_file_t` label authorizes container runtimes to read/write the data directory.
+- **Password randomization**: Avoids default weak credentials; injected via `openssl rand -base64`.
+- **Installer script**:
+  - Removed Docker/docker-compose checks to prevent hard failures under Podman.
+  - Overrode `DOCKER_COMPOSE` to invoke `podman-compose` transparently.
+- **Compose file tweaks**:
+  - Stripped repetitive `logging` blocks to maintain podman compatibility.
+  - Explicit `networks` stanza ensures containers attach to the correct overlay.
+

install.sh

@@ -19,7 +19,7 @@ with_clair=$false
 with_trivy=$false
 
 # flag to using docker compose v1 or v2, default would using v1 docker-compose
-DOCKER_COMPOSE=docker-compose
+DOCKER_COMPOSE=podman-compose
 
 while [ $# -gt 0 ]; do
         case $1 in
@@ -38,11 +38,7 @@ done
 workdir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 cd $workdir
 
-h2 "[Step $item]: checking if docker is installed ..."; let item+=1
-check_docker
-
-h2 "[Step $item]: checking docker-compose is installed ..."; let item+=1
-check_dockercompose
+mkdir -p common/config
 
 if [ -f harbor*.tar.gz ]
 then
@@ -74,6 +70,39 @@ if [ -n "$DOCKER_COMPOSE ps -q"  ]
 fi
 echo ""
 
+cd /opt/harbor-podman
+
+sed -i \
+  's|/var/log/harbor/:/var/log/docker/:z|/opt/harbor-podman/log:/var/log/docker/:z|' \
+  docker-compose.yml
+
+sed -i \
+  's|\./common/config|/opt/harbor-podman/common/config|g' \
+  docker-compose.yml
+
+# Mark the start of each logging: block and the line just before the next service
+sed -i \
+  -e '/^[[:space:]]\{4\}logging:/i __LOG_BLOCK_START__' \
+  -e '/^  [[:alnum:]_-]\+:/i __LOG_BLOCK_END__' \
+  docker-compose.yml
+
+# Delete from each start‑marker through its end‑marker
+sed -i '/__LOG_BLOCK_START__/,/__LOG_BLOCK_END__/d' docker-compose.yml
+
+# Remove any leftover markers
+sed -i '/__LOG_BLOCK_/d' docker-compose.yml
+
+# Fix docker-compose for podman - Delete from the first “networks:” line through EOF
+sed -i '/^networks:/,$d' docker-compose.yml
+
+# Append a simple harbor network definition
+cat << 'EOF' >> docker-compose.yml
+
+networks:
+  harbor:
+EOF
+
+
 h2 "[Step $item]: starting Harbor ..."
 $DOCKER_COMPOSE up -d