升级harbor版本到1.5.1，调整安装路径为/data/harbor，修复安装解压问题

docs/guide/harbor.md

@@ -4,7 +4,7 @@ Habor是由VMWare中国团队开源的容器镜像仓库。事实上，Habor是
 
 ### 安装步骤
 
-1. 在deploy节点下载最新的 [docker-compose](https://github.com/docker/compose/releases) 二进制文件，改名后把它放到项目 `/etc/ansible/bin`目录下，后续版本会一起打包进百度云盘`k8s.xxx.tar.gz`文件中，可以省略该步骤
+1. 在deploy节点下载最新的 [docker-compose](https://github.com/docker/compose/releases) 二进制文件，改名后把它放到项目 `/etc/ansible/bin`目录下，后续版本会一起打包进百度云盘`k8s.xxx.tar.gz`文件中，可以省略该步骤。注：k8s.1102.tar.gz已集成该工具
 
 ``` bash
 wget https://github.com/docker/compose/releases/download/1.18.0/docker-compose-Linux-x86_64
@@ -12,7 +12,9 @@ mv docker-compose-Linux-x86_64 /etc/ansible/bin/docker-compose
 ```
 2. 在deploy节点下载最新的 [harbor](https://github.com/vmware/harbor/releases) 离线安装包，把它放到项目 `/etc/ansible/down` 目录下，也可以从分享的百度云盘下载
 
-3. 在deploy节点编辑/etc/ansible/hosts文件，可以参考 `example`目录下的模板，修改部分举例如下
+3. 由于ansible解压的一些问题，需要将官方的tgz包，重新打包为zip包
+
+4. 在deploy节点编辑/etc/ansible/hosts文件，可以参考 `example`目录下的模板，修改部分举例如下
 
 ``` bash
 # 如果启用harbor，请配置后面harbor相关参数
@@ -126,7 +128,7 @@ type: kubernetes.io/dockerconfigjson
 + 日志目录 `/var/log/harbor`
 + 数据目录 `/data` ，其中最主要是 `/data/database` 和 `/data/registry` 目录，如果你要彻底重新安装harbor，删除这两个目录即可
 
-先进入harbor安装目录 `cd /opt/harbor`，常规操作如下：
+先进入harbor安装目录 `cd /data/harbor`，常规操作如下：
 
 1. 暂停harbor `docker-compose stop` : docker容器stop，并不删除容器
 2. 恢复harbor `docker-compose start` : 恢复docker容器运行
@@ -151,7 +153,7 @@ type: kubernetes.io/dockerconfigjson
 
 ``` bash
 # 进入harbor解压缩后的目录，停止harbor
-cd /opt/harbor
+cd /data/harbor
 docker-compose down
 
 # 备份这个目录
@@ -159,7 +161,7 @@ cd ..
 mkdir -p /backup && mv harbor /backup/harbor
 
 # 下载更新的离线安装包，并解压
-tar zxvf harbor-offline-installer-v1.2.2.tgz  -C /opt
+tar zxvf harbor-offline-installer-v1.2.2.tgz  -C /data
 
 # 使用官方数据库迁移工具，备份数据库，修改数据库连接用户和密码，创建数据库备份目录
 # 迁移工具使用docker镜像，镜像tag由待升级到目标harbor版本决定，这里由 1.1.2升级到1.2.2，所以使用 tag 1.2
@@ -171,7 +173,7 @@ docker run -it --rm -e DB_USR=root -e DB_PWD=xxxx -v /data/database:/var/lib/mys
 docker run -it --rm -e DB_USR=root -e DB_PWD=xxxx -v /data/database:/var/lib/mysql vmware/harbor-db-migrator:1.2 up head
 
 # 修改新版本 harbor.cfg配置，需要保持与老版本相关配置项保持一致，然后执行安装即可
-cd /opt/harbor
+cd /data/harbor
 vi harbor.cfg
 ./install.sh
 

roles/harbor/tasks/main.yml

@@ -1,6 +1,12 @@
 - name: 下载docker compose 二进制文件
   copy: src={{ base_dir }}/bin/docker-compose dest={{ bin_dir }}/docker-compose mode=0755
 
+- name: 创建data目录
+  file:
+    path: /data
+    state: directory
+    mode: 0755
+
 # 注册变量result，根据result结果判断是否已经安装过harbor
 # result|failed 说明没有安装过harbor，下一步进行安装
 # result|succeeded 说明已经安装过harbor，下一步跳过安装
@@ -11,14 +17,14 @@
 
 - name: 解压harbor离线安装包
   unarchive: 
-    src: "{{ base_dir }}/down/harbor-offline-installer-v1.2.2.tgz"
+    src: "{{ base_dir }}/down/harbor-offline-installer-v1.5.1.zip"
-    dest: /opt
+    dest: /data
     copy: yes
     keep_newer: yes
   when: result is failed
 
 - name: 导入harbor所需 docker images
-  shell: "{{ bin_dir }}/docker load -i /opt/harbor/harbor.v1.2.2.tar.gz"
+  shell: "{{ bin_dir }}/docker load -i /data/harbor/harbor.v1.5.1.tar.gz"
   when: result is failed
 
 - name: 创建harbor证书请求
@@ -34,11 +40,11 @@
   when: result is failed
 
 - name: 配置 harbor.cfg 文件
-  template: src=harbor.cfg.j2 dest=/opt/harbor/harbor.cfg
+  template: src=harbor.cfg.j2 dest=/data/harbor/harbor.cfg
   when: result is failed
 
 - name: 安装 harbor
-  shell: "cd /opt/harbor && \
+  shell: "cd /data/harbor && \
 	export PATH={{ bin_dir }}:$PATH && \
 	 ./install.sh"
   when: result is failed

roles/harbor/templates/harbor.cfg.j2

@@ -1,5 +1,7 @@
 ## Configuration file of Harbor
 
+#This attribute is for migrator to detect the version of the .cfg file, DO NOT MODIFY!
+_version = 1.5.0
 #The IP address or hostname to access admin UI and registry service.
 #DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
 hostname = {{ NODE_IP }}
@@ -8,11 +10,8 @@ hostname = {{ NODE_IP }}
 #It can be set to https if ssl is enabled on nginx.
 ui_url_protocol = https
 
-#The password for the root user of mysql db, change this before any production use.
-db_password = Harbor12345
-
 #Maximum number of job workers in job service  
-max_job_workers = 3 
+max_job_workers = 50
 
 #Determine whether or not to generate certificate for the registry's token.
 #If the value is on, the prepare script creates new root cert and private key 
@@ -30,9 +29,18 @@ secretkey_path = /data
 #Admiral's url, comment this attribute, or set its value to NA when Harbor is standalone
 admiral_url = NA
 
-#The password of the Clair's postgres database, only effective when Harbor is deployed with Clair.
+#Log files are rotated log_rotate_count times before being removed. If count is 0, old versions are removed rather than rotated.
-#Please update it before deployment, subsequent update will cause Clair's API server and Harbor unable to access Clair's database.
+log_rotate_count = 50
-clair_db_password = password
+#Log files are rotated only if they grow bigger than log_rotate_size bytes. If size is followed by k, the size is assumed to be in kilobytes. 
+#If the M is used, the size is in megabytes, and if G is used, the size is in gigabytes. So size 100, size 100k, size 100M and size 100G 
+#are all valid.
+log_rotate_size = 200M
+
+#Config http proxy for Clair, e.g. http://my.proxy.com:3128
+#Clair doesn't need to connect to harbor ui container via http proxy.
+http_proxy =
+https_proxy =
+no_proxy = 127.0.0.1,localhost,ui
 
 #NOTES: The properties between BEGIN INITIAL PROPERTIES and END INITIAL PROPERTIES
 #only take effect in the first boot, the subsequent changes of these properties 
@@ -52,6 +60,7 @@ email_username = sample_admin@mydomain.com
 email_password = abc
 email_from = admin <sample_admin@mydomain.com>
 email_ssl = false
+email_insecure = false
 
 ##The initial password of Harbor admin, only works for the first time when Harbor starts. 
 #It has no effect after the first launch of Harbor.
@@ -81,12 +90,27 @@ ldap_basedn = ou=people,dc=mydomain,dc=com
 # The attribute used in a search to match a user, it could be uid, cn, email, sAMAccountName or other attributes depending on your LDAP/AD  
 ldap_uid = uid 
 
-#the scope to search for users, 1-LDAP_SCOPE_BASE, 2-LDAP_SCOPE_ONELEVEL, 3-LDAP_SCOPE_SUBTREE
+#the scope to search for users, 0-LDAP_SCOPE_BASE, 1-LDAP_SCOPE_ONELEVEL, 2-LDAP_SCOPE_SUBTREE
-ldap_scope = 3 
+ldap_scope = 2
 
 #Timeout (in seconds)  when connecting to an LDAP Server. The default value (and most reasonable) is 5 seconds.
 ldap_timeout = 5
 
+#Verify certificate from LDAP server
+ldap_verify_cert = true
+
+#The base dn from which to lookup a group in LDAP/AD
+ldap_group_basedn = ou=group,dc=mydomain,dc=com
+
+#filter to search LDAP/AD group
+ldap_group_filter = objectclass=group
+
+#The attribute used to name a LDAP/AD group, it could be cn, name
+ldap_group_gid = cn
+
+#The scope to search for ldap groups. 0-LDAP_SCOPE_BASE, 1-LDAP_SCOPE_ONELEVEL, 2-LDAP_SCOPE_SUBTREE
+ldap_group_scope = 2
+
 #Turn on or off the self-registration feature
 self_registration = on
 
@@ -98,9 +122,60 @@ token_expiration = 30
 #Set to "adminonly" so that only admin user can create project.
 project_creation_restriction = everyone
 
-#Determine whether the job service should verify the ssl cert when it connects to a remote registry.
-#Set this flag to off when the remote registry uses a self-signed or untrusted certificate.
-verify_remote_cert = on
 #************************END INITIAL PROPERTIES************************
-#############
+
+#######Harbor DB configuration section#######
+
+#The address of the Harbor database. Only need to change when using external db.
+db_host = mysql
+
+#The password for the root user of Harbor DB. Change this before any production use.
+db_password = root123
+
+#The port of Harbor database host
+db_port = 3306
+
+#The user name of Harbor database
+db_user = root
+
+##### End of Harbor DB configuration#######
+
+#The redis server address. Only needed in HA installation.
+#address:port[,weight,password,db_index]
+redis_url = redis:6379
+
+##########Clair DB configuration############
+
+#Clair DB host address. Only change it when using an exteral DB.
+clair_db_host = postgres
+
+#The password of the Clair's postgres database. Only effective when Harbor is deployed with Clair.
+#Please update it before deployment. Subsequent update will cause Clair's API server and Harbor unable to access Clair's database.
+clair_db_password = password
+
+#Clair DB connect port
+clair_db_port = 5432
+
+#Clair DB username
+clair_db_username = postgres
+
+#Clair default database
+clair_db = postgres
+
+##########End of Clair DB configuration############
+
+#The following attributes only need to be set when auth mode is uaa_auth
+uaa_endpoint = uaa.mydomain.org
+uaa_clientid = id
+uaa_clientsecret = secret
+uaa_verify_cert = true
+uaa_ca_cert = /path/to/ca.pem
+
+
+### Docker Registry setting ###
+#registry_storage_provider can be: filesystem, s3, gcs, azure, etc.
+registry_storage_provider_name = filesystem
+#registry_storage_provider_config is a comma separated "key: value" pairs, e.g. "key1: value, key2: value2".
+#Refer to https://docs.docker.com/registry/configuration/#storage for all available configuration.
+registry_storage_provider_config =