With my recent exploration of GenAI and using a private ChatGPT solution with my own blog posts, I quickly realized in the space of AI/ML, the required software dependencies can take up a significant amount of storage, especially for a kubernetes/container-based deployment.
To give you an example, to deploy the private ChatGPT (h2ogpt) application using kubernetes, just the container image itself is a whopping 40GB+! š²
Unfourntately, this is not a one off scenario but a common theme when working in the AI/ML space that the size of the packages and drivers are extremely large even when using containers. I figure I should probably setup my own container registry instead of pulling directly from the Internet given the size of these images.
I already have a local Harbor instance running in a VM but with my Synology, I have been using it centralize a number of functions and that would be the ideal place to actually run Harbor. While you can run individualĀ containers on the Synology as I have demonstrated HERE with GitLab, the Harbor installation processes relies on Docker Compose, which Synology does not natively support using the Synology DiskStation Manager (DSM) interface.
With a little bit of tinkering and trial/error, I was able to finally get Harbor running on my Synology and centralize all my storage needs including having my own container registry.
Step 1 - Login to the DSM management interface and create a new shared folder called harbor
Step 2 - Generate a self-signed TLS certificate for Harbor since we are going to consume the registry using vSphere with Tanzu, which only supports HTTPS and SCP that to your Synology.
openssl req -newkey rsa:4096 -nodes -sha256 -keyout primp-industries.local.key -subj "/CN=nas.primp-industries.local/O=nas.primp-industries.local" -addext "subjectAltName = DNS:nas.primp-industries.local" -x509 -days 3650 -out primp-industries.local.crt
Step 3 - SSH to the Synology as the remainder steps will require the command-line. The following commands will download the latest Harbor release (as of this blog post, v2.9.0 is latest but you can change to your desired version) and setup the required directories and also copy the generated TLS certificate file to the certs directory which will be referenced in the Harbor configuration file. You will need to replace the volume1 with the name of your Synology volume label and the TLS certificate filename.
cd /volume1/harbor
wget https://github.com/goharbor/harbor/releases/download/v2.9.0/harbor-offline-installer-v2.9.0.tgz
tar -zxvf harbor-offline-installer-v2.9.0.tgz
mkdir -p /volume1/harbor/harbor/{data,config,log,secret,certs}
mkdir -p /volume1/harbor/harbor/common/config
cp primp-industries.local.* /volume1/harbor/harbor/certs/
sudo chown -R 10000:10000 /volume1/harbor
sudo chmod -R 755 /volume1/harbor/harbor
cd /volume1/harbor/harbor/
Step 4 - Next, we need to update the harbor.yml configuration file and below is a snippet of the changes I made for my setup which includes the hostname, HTTP(s) ports, TLS certificate paths and data_volume. You can leave the default Harbor admin password since you will need to change it upon logging in for the first time.
hostname: nas.primp-industries.local # http related config http: # port for http, default is 80. If https enabled, this port will redirect to https port port: 8888 # https related config https: # https port for harbor, default is 443 port: 8443 # The path of cert and key files for nginx certificate: /volume1/harbor/harbor/certs/primp-industries.local.crt private_key: /volume1/harbor/harbor/certs/primp-industries.local.key # The initial password of Harbor admin # It only works in first time to install harbor # Remember Change the admin password from UI after launching Harbor. harbor_admin_password: Harbor1234 # The default data volume data_volume: /volume1/harbor/harbor/data
Step 4 - Now we run the Harbor prepare script which will verify that everything was setup correctly prior to performing Harbor installation.
sudo ./prepare
Note: If you run into any errors, please resolve them before proceeding. More than likely, you missed a step or forgot to update a value during Step 3.
Step 5 - Finally to install Harbor, we run the install.sh script like the following:
sudo ./install.sh
This process can take a few minutes but once everything is up and running, you should be able to open a browser to the FQDN (remember to try HTTPS) and the port you had specified on your Synology and login using admin and the default password (Harbor1234). Once successfully logged in, you should immediately change the default password by clicking on the username on the upper right hand side.
Before you can start pushing and pulling images to your private Harbor registry, you need to configure your Docker Client so that it is aware of the insecure registry which includes HTTP or or HTTPS (with self-signed TLS certificate), unless you are using a proper signed TLS certificate
Since I am using Docker Desktop on macOS, you can easily do this by going to Settings->Docker Engine and then append the Harbor hostame and port to the existing JSON configuration:
"insecure-registries": [ "nas.primp-industries.local:8443" ]
Note: For more details on configuring Docker Client with insecure registry including HTTP, please see the documentation here.
At this point you should be able to push container image to your Harbor registry.
Similarly, you should also be able to pull the container image from your Harbor registry.
While you will not be able to administrator Harbor using the Synology DSM, you can still get progress for the individual containers that make up the Harbor registry, which can be useful to determine if all services are healthy and running.
duckblaster7090 says
My DS918+ running DSM 7.2-64570 Update 3 and Container Manager 20.10.23-1473 has support for docker compose, they call it Projects.
William Lam says
Oh .... that's what Projects are for. I vaguely recall looking at that when I had first setup my Synology but didn't connect the dots. While Harbor uses docker compose, the install/setup requires running the scripts from console anyhow, so I don't think it would have worked anyhow. At least this follows the Harbor setup process in case there's any issues, could ask for help
Christopher says
While you might have to run scripts from console for this setup of harbour, you should look into running portainer on your Syno and from there you get more docker functionality. I typically put portainer (with portainer agent) in a compose in the projects part of Container Manager, and then use portainer for most other docker stuff, including watchtower to update my containers automatically. And since I have two Syno boxes, I deploy portainer agent on the second and can control both from the same Portainer interface on my main Syno.
Christopher says
And of course Portainer doesn't call it "compose" either, they call it Stacks. Yayh!!?! š
Pascal says
Hi, Thanks for those installation instructions, I follow the to the letter and runs in the following errror; "Error response from daemon: Bind mount failed: '/var/log/harbor' does not exists" Any idea? Best Regards, Pascal.