easzlab
/
kubeasz
mirror of https://github.com/easzlab/kubeasz.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

修复 HARBOR_DOMAIN 为空及使用正式证书情况下 hostname 设置不正确问题

pull/801/head
王正良 2020-01-06 16:06:35 +08:00 committed by jmgao
parent 7df3331236
commit 086ee1ab9a
6 changed files with 24 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
11.harbor.yml
View File

@ -19,20 +19,20 @@
- kube-master - kube-master
- kube-node - kube-node
tasks: tasks:
- name: Define 'harbor_host', a domain name - name: Define 'harbor_hostname', a domain name
set_fact: harbor_host={{ hostvars[groups.harbor[0]]['HARBOR_DOMAIN'] }} set_fact: harbor_hostname={{ hostvars[groups.harbor[0]]['HARBOR_DOMAIN'] }}
- name: Define 'harbor_host', an IP Addr - name: Define 'harbor_hostname', an IP Addr
set_fact: harbor_host={{ groups['harbor'][0] }} set_fact: harbor_hostname={{ groups['harbor'][0] }}
when: hostvars[groups.harbor[0]]['HARBOR_DOMAIN'] == '' when: hostvars[groups.harbor[0]]['HARBOR_DOMAIN'] == ''
- block: - block:
- block: - block:
- name: Creating cert dir for the docker daemon - name: Creating cert dir for the docker daemon
file: name=/etc/docker/certs.d/{{ harbor_host }} state=directory file: name=/etc/docker/certs.d/{{ harbor_hostname }} state=directory
- name: Installing the HARBOR SERVER's CA cert for docker - name: Installing the HARBOR SERVER's CA cert for docker
copy: src={{ base_dir }}/down/ca.pem dest=/etc/docker/certs.d/{{ harbor_host }}/ca.crt copy: src={{ base_dir }}/down/ca.pem dest=/etc/docker/certs.d/{{ harbor_hostname }}/ca.crt
when: CONTAINER_RUNTIME == 'docker' when: CONTAINER_RUNTIME == 'docker'
- block: - block:
@ -74,23 +74,23 @@
lineinfile: lineinfile:
dest: /etc/hosts dest: /etc/hosts
state: present state: present
regexp: '{{ harbor_host }}' regexp: '{{ harbor_hostname }}'
line: "{{ groups['harbor'][0] }} {{ harbor_host }}" line: "{{ groups['harbor'][0] }} {{ harbor_hostname }}"
when: "hostvars[groups.harbor[0]]['HARBOR_DOMAIN'] != ''" when: "hostvars[groups.harbor[0]]['HARBOR_DOMAIN'] != ''"
# [optional] 使用 cloud-init 初始化的虚拟机,hosts 后会重启时被替换,需修改对应的 hosts 模板文件 # [optional] 使用 cloud-init 初始化的虚拟机,/etc/hosts 后会重启时被替换,需修改对应的模板文件
- name: Adding cloud-init hosts template (debian) entry for the HARBOR DOMAIN - name: Adding cloud-init hosts template (debian) entry for the HARBOR DOMAIN
lineinfile: lineinfile:
dest: /etc/cloud/templates/hosts.debian.tmpl dest: /etc/cloud/templates/hosts.debian.tmpl
state: present state: present
regexp: '{{ harbor_host }}' regexp: '{{ harbor_hostname }}'
line: "{{ groups['harbor'][0] }} {{ harbor_host }}" line: "{{ groups['harbor'][0] }} {{ harbor_hostname }}"
when: 'ansible_distribution in ["Ubuntu","Debian"]' when: 'ansible_distribution in ["Ubuntu","Debian"]'
- name: Adding cloud-init hosts template (redhat) entry for the HARBOR DOMAIN - name: Adding cloud-init hosts template (redhat) entry for the HARBOR DOMAIN
lineinfile: lineinfile:
dest: /etc/cloud/templates/hosts.redhat.tmpl dest: /etc/cloud/templates/hosts.redhat.tmpl
state: present state: present
regexp: '{{ harbor_host }}' regexp: '{{ harbor_hostname }}'
line: "{{ groups['harbor'][0] }} {{ harbor_host }}" line: "{{ groups['harbor'][0] }} {{ harbor_hostname }}"
when: 'ansible_distribution in ["CentOS","RedHat","Amazon"]' when: 'ansible_distribution in ["CentOS","RedHat","Amazon"]'

2
down/download.sh
View File

@ -8,7 +8,7 @@ ETCD_VER=v3.3.10
DOCKER_VER=18.09.6 DOCKER_VER=18.09.6
CNI_VER=v0.7.5 CNI_VER=v0.7.5
DOCKER_COMPOSE_VER=1.23.2 DOCKER_COMPOSE_VER=1.23.2
HARBOR_VER=v1.5.4 HARBOR_VER=v1.9.4
CONTAINERD_VER=1.2.6 CONTAINERD_VER=1.2.6
echo -e "\nNote: It's suggested to download using 'tools/easzup -D', everything needed will be ready in '/etc/ansible'." echo -e "\nNote: It's suggested to download using 'tools/easzup -D', everything needed will be ready in '/etc/ansible'."

11
roles/harbor/defaults/main.yml
View File

@ -1,6 +1,9 @@
# harbor version完整版本号目前支持 v1.5.x , v1.6.x, v1.7.x # harbor version完整版本号目前支持 v1.5.x , v1.6.x, v1.7.x, v1.8.x, v1.9.x, v1.10.x
HARBOR_VER: "v1.7.4" HARBOR_VER: "v1.9.4"
# harbor 主版本号,目前支持主版本号 v1.5/v1.6/v1.7 # harbor 主版本号,目前支持主版本号 v1.5/v1.6/v1.7/v1.8/v1.9/v.10
# 从完整版本号提取出主版本号 v1.5/v1.6/v1.7 # 从完整版本号提取出主版本号 v1.5/v1.6/v1.7/v1.8/v1.9/v.10
HARBOR_VER_MAIN: "{{ HARBOR_VER.split('.')[0] }}.{{ HARBOR_VER.split('.')[1] }}" HARBOR_VER_MAIN: "{{ HARBOR_VER.split('.')[0] }}.{{ HARBOR_VER.split('.')[1] }}"
# HARBOR_HOSTNAME 值设置
HARBOR_HOSTNAME: "{{ inventory_hostname if (HARBOR_DOMAIN == '') else HARBOR_DOMAIN }}"

3
roles/harbor/templates/harbor-csr.json.j2
View File

@ -2,8 +2,7 @@
"CN": "harbor", "CN": "harbor",
"hosts": [ "hosts": [
"127.0.0.1", "127.0.0.1",
"{{ inventory_hostname }}", "{{ HARBOR_HOSTNAME }}"
"{{ HARBOR_DOMAIN }}"
], ],
"key": { "key": {
"algo": "rsa", "algo": "rsa",

2
roles/harbor/templates/harbor-v1.10.yml.j2
View File

@ -2,7 +2,7 @@
# The IP address or hostname to access admin UI and registry service. # The IP address or hostname to access admin UI and registry service.
# DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients. # DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
hostname: {{ inventory_hostname }} hostname: {{ HARBOR_HOSTNAME }}
# http related config # http related config
http: http:

2
roles/harbor/templates/harbor-v1.5.cfg.j2
View File

@ -4,7 +4,7 @@
_version = 1.5.0 _version = 1.5.0
#The IP address or hostname to access admin UI and registry service. #The IP address or hostname to access admin UI and registry service.
#DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients. #DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
hostname = {{ inventory_hostname }} hostname = {{ HARBOR_HOSTNAME }}
#The protocol for accessing the UI and token/notification service, by default it is http. #The protocol for accessing the UI and token/notification service, by default it is http.
#It can be set to https if ssl is enabled on nginx. #It can be set to https if ssl is enabled on nginx.