修复 HARBOR_DOMAIN 为空及使用正式证书情况下 hostname 设置不正确问题

2020-01-06 16:06:35 +08:00 · 2020-01-06 16:06:35 +08:00 · 086ee1ab9a
parent 7df3331236
commit 086ee1ab9a
6 changed files with 24 additions and 22 deletions
--- a/11.harbor.yml
+++ b/11.harbor.yml
@ -19,20 +19,20 @@
  - kube-master
  - kube-node
  tasks:
-  - name: Define 'harbor_host', a domain name
-    set_fact: harbor_host={{ hostvars[groups.harbor[0]]['HARBOR_DOMAIN'] }}
+  - name: Define 'harbor_hostname', a domain name
+    set_fact: harbor_hostname={{ hostvars[groups.harbor[0]]['HARBOR_DOMAIN'] }}

-  - name: Define 'harbor_host', an IP Addr
-    set_fact: harbor_host={{ groups['harbor'][0] }}
+  - name: Define 'harbor_hostname', an IP Addr
+    set_fact: harbor_hostname={{ groups['harbor'][0] }}
    when: hostvars[groups.harbor[0]]['HARBOR_DOMAIN'] == ''
  
  - block:  
      - block:  
        - name: Creating cert dir for the docker daemon
-          file: name=/etc/docker/certs.d/{{ harbor_host }} state=directory
+          file: name=/etc/docker/certs.d/{{ harbor_hostname }} state=directory
    
        - name: Installing the HARBOR SERVER's CA cert for docker
-          copy: src={{ base_dir }}/down/ca.pem dest=/etc/docker/certs.d/{{ harbor_host }}/ca.crt
+          copy: src={{ base_dir }}/down/ca.pem dest=/etc/docker/certs.d/{{ harbor_hostname }}/ca.crt
        when: CONTAINER_RUNTIME == 'docker'

      - block:  
@ -74,23 +74,23 @@
    lineinfile:
      dest: /etc/hosts
      state: present
-      regexp: '{{ harbor_host }}'
-      line: "{{ groups['harbor'][0] }} {{ harbor_host }}"
+      regexp: '{{ harbor_hostname }}'
+      line: "{{ groups['harbor'][0] }} {{ harbor_hostname }}"
    when: "hostvars[groups.harbor[0]]['HARBOR_DOMAIN'] != ''"
  
-  # [optional] 使用 cloud-init 初始化的虚拟机，hosts 后会重启时被替换，需修改对应的 hosts 模板文件 
+  # [optional] 使用 cloud-init 初始化的虚拟机，/etc/hosts 后会重启时被替换，需修改对应的模板文件 
  - name: Adding cloud-init hosts template (debian) entry for the HARBOR DOMAIN
    lineinfile:
      dest: /etc/cloud/templates/hosts.debian.tmpl
      state: present
-      regexp: '{{ harbor_host }}'
-      line: "{{ groups['harbor'][0] }} {{ harbor_host }}"
+      regexp: '{{ harbor_hostname }}'
+      line: "{{ groups['harbor'][0] }} {{ harbor_hostname }}"
    when: 'ansible_distribution in ["Ubuntu","Debian"]'

  - name: Adding cloud-init hosts template (redhat) entry for the HARBOR DOMAIN
    lineinfile:
      dest: /etc/cloud/templates/hosts.redhat.tmpl
      state: present
-      regexp: '{{ harbor_host }}'
-      line: "{{ groups['harbor'][0] }} {{ harbor_host }}"
+      regexp: '{{ harbor_hostname }}'
+      line: "{{ groups['harbor'][0] }} {{ harbor_hostname }}"
    when: 'ansible_distribution in ["CentOS","RedHat","Amazon"]' 
--- a/down/download.sh
+++ b/down/download.sh
@ -8,7 +8,7 @@ ETCD_VER=v3.3.10
 DOCKER_VER=18.09.6
 CNI_VER=v0.7.5
 DOCKER_COMPOSE_VER=1.23.2
-HARBOR_VER=v1.5.4
+HARBOR_VER=v1.9.4
 CONTAINERD_VER=1.2.6

 echo -e "\nNote: It's suggested to download using 'tools/easzup -D', everything needed will be ready in '/etc/ansible'."
--- a/roles/harbor/defaults/main.yml
+++ b/roles/harbor/defaults/main.yml
@ -1,6 +1,9 @@
-# harbor version，完整版本号，目前支持 v1.5.x , v1.6.x, v1.7.x
-HARBOR_VER: "v1.7.4"
+# harbor version，完整版本号，目前支持 v1.5.x , v1.6.x, v1.7.x, v1.8.x, v1.9.x, v1.10.x
+HARBOR_VER: "v1.9.4"

-# harbor 主版本号，目前支持主版本号 v1.5/v1.6/v1.7
-# 从完整版本号提取出主版本号 v1.5/v1.6/v1.7
+# harbor 主版本号，目前支持主版本号 v1.5/v1.6/v1.7/v1.8/v1.9/v.10
+# 从完整版本号提取出主版本号 v1.5/v1.6/v1.7/v1.8/v1.9/v.10
 HARBOR_VER_MAIN: "{{ HARBOR_VER.split('.')[0] }}.{{ HARBOR_VER.split('.')[1] }}"
+
+# HARBOR_HOSTNAME 值设置
+HARBOR_HOSTNAME: "{{ inventory_hostname if (HARBOR_DOMAIN == '') else HARBOR_DOMAIN }}"
--- a/roles/harbor/templates/harbor-csr.json.j2
+++ b/roles/harbor/templates/harbor-csr.json.j2
@ -2,8 +2,7 @@
  "CN": "harbor",
  "hosts": [
    "127.0.0.1",
-    "{{ inventory_hostname }}",
-    "{{ HARBOR_DOMAIN }}"
+    "{{ HARBOR_HOSTNAME }}"
  ],
  "key": {
    "algo": "rsa",
--- a/roles/harbor/templates/harbor-v1.10.yml.j2
+++ b/roles/harbor/templates/harbor-v1.10.yml.j2
@ -2,7 +2,7 @@

 # The IP address or hostname to access admin UI and registry service.
 # DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
-hostname: {{ inventory_hostname }}
+hostname: {{ HARBOR_HOSTNAME }}

 # http related config
 http:
--- a/roles/harbor/templates/harbor-v1.5.cfg.j2
+++ b/roles/harbor/templates/harbor-v1.5.cfg.j2
@ -4,7 +4,7 @@
 _version = 1.5.0
 #The IP address or hostname to access admin UI and registry service.
 #DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
-hostname = {{ inventory_hostname }}
+hostname = {{ HARBOR_HOSTNAME }}

 #The protocol for accessing the UI and token/notification service, by default it is http.
 #It can be set to https if ssl is enabled on nginx.