diff --git a/ezdown b/ezdown index a313103..d656270 100755 --- a/ezdown +++ b/ezdown @@ -18,7 +18,7 @@ KUBEASZ_VER=3.4.2 K8S_BIN_VER=v1.26.0 EXT_BIN_VER=1.6.3 SYS_PKG_VER=0.5.2 -HARBOR_VER=v2.1.3 +HARBOR_VER=v2.1.5 REGISTRY_MIRROR=CN # images downloaded by default(with '-D') diff --git a/roles/harbor/templates/harbor-v1.5.cfg.j2 b/roles/harbor/templates/harbor-v1.5.cfg.j2 deleted file mode 100644 index e62fddb..0000000 --- a/roles/harbor/templates/harbor-v1.5.cfg.j2 +++ /dev/null @@ -1,181 +0,0 @@ -## Configuration file of Harbor - -#This attribute is for migrator to detect the version of the .cfg file, DO NOT MODIFY! -_version = 1.5.0 -#The IP address or hostname to access admin UI and registry service. -#DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients. -hostname = {{ HARBOR_HOSTNAME }} - -#The protocol for accessing the UI and token/notification service, by default it is http. -#It can be set to https if ssl is enabled on nginx. -ui_url_protocol = https - -#Maximum number of job workers in job service -max_job_workers = 50 - -#Determine whether or not to generate certificate for the registry's token. -#If the value is on, the prepare script creates new root cert and private key -#for generating token to access the registry. If the value is off the default key/cert will be used. -#This flag also controls the creation of the notary signer's cert. -customize_crt = on - -#The path of cert and key files for nginx, they are applied only the protocol is set to https -ssl_cert = {{ ca_dir }}/harbor.pem -ssl_cert_key = {{ ca_dir }}/harbor-key.pem - -#The path of secretkey storage -secretkey_path = /data - -#Admiral's url, comment this attribute, or set its value to NA when Harbor is standalone -admiral_url = NA - -#Log files are rotated log_rotate_count times before being removed. If count is 0, old versions are removed rather than rotated. -log_rotate_count = 50 -#Log files are rotated only if they grow bigger than log_rotate_size bytes. If size is followed by k, the size is assumed to be in kilobytes. -#If the M is used, the size is in megabytes, and if G is used, the size is in gigabytes. So size 100, size 100k, size 100M and size 100G -#are all valid. -log_rotate_size = 200M - -#Config http proxy for Clair, e.g. http://my.proxy.com:3128 -#Clair doesn't need to connect to harbor ui container via http proxy. -http_proxy = -https_proxy = -no_proxy = 127.0.0.1,localhost,ui - -#NOTES: The properties between BEGIN INITIAL PROPERTIES and END INITIAL PROPERTIES -#only take effect in the first boot, the subsequent changes of these properties -#should be performed on web ui - -#************************BEGIN INITIAL PROPERTIES************************ - -#Email account settings for sending out password resetting emails. - -#Email server uses the given username and password to authenticate on TLS connections to host and act as identity. -#Identity left blank to act as username. -email_identity = - -email_server = smtp.mydomain.com -email_server_port = 25 -email_username = sample_admin@mydomain.com -email_password = abc -email_from = admin -email_ssl = false -email_insecure = false - -##The initial password of Harbor admin, only works for the first time when Harbor starts. -#It has no effect after the first launch of Harbor. -#Change the admin password from UI after launching Harbor. -harbor_admin_password = {{ harbor_password_gen.stdout }} - -##By default the auth mode is db_auth, i.e. the credentials are stored in a local database. -#Set it to ldap_auth if you want to verify a user's credentials against an LDAP server. -auth_mode = db_auth - -#The url for an ldap endpoint. -ldap_url = ldaps://ldap.mydomain.com - -#A user's DN who has the permission to search the LDAP/AD server. -#If your LDAP/AD server does not support anonymous search, you should configure this DN and ldap_search_pwd. -#ldap_searchdn = uid=searchuser,ou=people,dc=mydomain,dc=com - -#the password of the ldap_searchdn -#ldap_search_pwd = password - -#The base DN from which to look up a user in LDAP/AD -ldap_basedn = ou=people,dc=mydomain,dc=com - -#Search filter for LDAP/AD, make sure the syntax of the filter is correct. -#ldap_filter = (objectClass=person) - -# The attribute used in a search to match a user, it could be uid, cn, email, sAMAccountName or other attributes depending on your LDAP/AD -ldap_uid = uid - -#the scope to search for users, 0-LDAP_SCOPE_BASE, 1-LDAP_SCOPE_ONELEVEL, 2-LDAP_SCOPE_SUBTREE -ldap_scope = 2 - -#Timeout (in seconds) when connecting to an LDAP Server. The default value (and most reasonable) is 5 seconds. -ldap_timeout = 5 - -#Verify certificate from LDAP server -ldap_verify_cert = true - -#The base dn from which to lookup a group in LDAP/AD -ldap_group_basedn = ou=group,dc=mydomain,dc=com - -#filter to search LDAP/AD group -ldap_group_filter = objectclass=group - -#The attribute used to name a LDAP/AD group, it could be cn, name -ldap_group_gid = cn - -#The scope to search for ldap groups. 0-LDAP_SCOPE_BASE, 1-LDAP_SCOPE_ONELEVEL, 2-LDAP_SCOPE_SUBTREE -ldap_group_scope = 2 - -#Turn on or off the self-registration feature -self_registration = on - -#The expiration time (in minute) of token created by token service, default is 30 minutes -token_expiration = 30 - -#The flag to control what users have permission to create projects -#The default value "everyone" allows everyone to creates a project. -#Set to "adminonly" so that only admin user can create project. -project_creation_restriction = everyone - -#************************END INITIAL PROPERTIES************************ - -#######Harbor DB configuration section####### - -#The address of the Harbor database. Only need to change when using external db. -db_host = mysql - -#The password for the root user of Harbor DB. Change this before any production use. -db_password = {{ db_password_gen.stdout }} - -#The port of Harbor database host -db_port = 3306 - -#The user name of Harbor database -db_user = root - -##### End of Harbor DB configuration####### - -#The redis server address. Only needed in HA installation. -#address:port[,weight,password,db_index] -redis_url = redis:6379 - -##########Clair DB configuration############ - -#Clair DB host address. Only change it when using an exteral DB. -clair_db_host = postgres - -#The password of the Clair's postgres database. Only effective when Harbor is deployed with Clair. -#Please update it before deployment. Subsequent update will cause Clair's API server and Harbor unable to access Clair's database. -clair_db_password = password - -#Clair DB connect port -clair_db_port = 5432 - -#Clair DB username -clair_db_username = postgres - -#Clair default database -clair_db = postgres - -##########End of Clair DB configuration############ - -#The following attributes only need to be set when auth mode is uaa_auth -uaa_endpoint = uaa.mydomain.org -uaa_clientid = id -uaa_clientsecret = secret -uaa_verify_cert = true -uaa_ca_cert = /path/to/ca.pem - - -### Docker Registry setting ### -#registry_storage_provider can be: filesystem, s3, gcs, azure, etc. -registry_storage_provider_name = filesystem -#registry_storage_provider_config is a comma separated "key: value" pairs, e.g. "key1: value, key2: value2". -#Refer to https://docs.docker.com/registry/configuration/#storage for all available configuration. -registry_storage_provider_config = - diff --git a/roles/harbor/templates/harbor-v1.6.cfg.j2 b/roles/harbor/templates/harbor-v1.6.cfg.j2 deleted file mode 100644 index fb070ac..0000000 --- a/roles/harbor/templates/harbor-v1.6.cfg.j2 +++ /dev/null @@ -1,203 +0,0 @@ -## Configuration file of Harbor - -#This attribute is for migrator to detect the version of the .cfg file, DO NOT MODIFY! -_version = 1.6.0 -#The IP address or hostname to access admin UI and registry service. -#DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients. -hostname = }} - -#The protocol for accessing the UI and token/notification service, by default it is http. -#It can be set to https if ssl is enabled on nginx. -ui_url_protocol = https - -#Maximum number of job workers in job service -max_job_workers = 10 - -#Determine whether or not to generate certificate for the registry's token. -#If the value is on, the prepare script creates new root cert and private key -#for generating token to access the registry. If the value is off the default key/cert will be used. -#This flag also controls the creation of the notary signer's cert. -customize_crt = on - -#The path of cert and key files for nginx, they are applied only the protocol is set to https -ssl_cert = {{ ca_dir }}/harbor.pem -ssl_cert_key = {{ ca_dir }}/harbor-key.pem - -#The path of secretkey storage -secretkey_path = /data - -#Admiral's url, comment this attribute, or set its value to NA when Harbor is standalone -admiral_url = NA - -#Log files are rotated log_rotate_count times before being removed. If count is 0, old versions are removed rather than rotated. -log_rotate_count = 50 -#Log files are rotated only if they grow bigger than log_rotate_size bytes. If size is followed by k, the size is assumed to be in kilobytes. -#If the M is used, the size is in megabytes, and if G is used, the size is in gigabytes. So size 100, size 100k, size 100M and size 100G -#are all valid. -log_rotate_size = 200M - -#Config http proxy for Clair, e.g. http://my.proxy.com:3128 -#Clair doesn't need to connect to harbor ui container via http proxy. -http_proxy = -https_proxy = -no_proxy = 127.0.0.1,localhost,ui,registry - -#NOTES: The properties between BEGIN INITIAL PROPERTIES and END INITIAL PROPERTIES -#only take effect in the first boot, the subsequent changes of these properties -#should be performed on web ui - -#************************BEGIN INITIAL PROPERTIES************************ - -#Email account settings for sending out password resetting emails. - -#Email server uses the given username and password to authenticate on TLS connections to host and act as identity. -#Identity left blank to act as username. -email_identity = - -email_server = smtp.mydomain.com -email_server_port = 25 -email_username = sample_admin@mydomain.com -email_password = abc -email_from = admin -email_ssl = false -email_insecure = false - -##The initial password of Harbor admin, only works for the first time when Harbor starts. -#It has no effect after the first launch of Harbor. -#Change the admin password from UI after launching Harbor. -harbor_admin_password = {{ harbor_password_gen.stdout }} - -##By default the auth mode is db_auth, i.e. the credentials are stored in a local database. -#Set it to ldap_auth if you want to verify a user's credentials against an LDAP server. -auth_mode = db_auth - -#The url for an ldap endpoint. -ldap_url = ldaps://ldap.mydomain.com - -#A user's DN who has the permission to search the LDAP/AD server. -#If your LDAP/AD server does not support anonymous search, you should configure this DN and ldap_search_pwd. -#ldap_searchdn = uid=searchuser,ou=people,dc=mydomain,dc=com - -#the password of the ldap_searchdn -#ldap_search_pwd = password - -#The base DN from which to look up a user in LDAP/AD -ldap_basedn = ou=people,dc=mydomain,dc=com - -#Search filter for LDAP/AD, make sure the syntax of the filter is correct. -#ldap_filter = (objectClass=person) - -# The attribute used in a search to match a user, it could be uid, cn, email, sAMAccountName or other attributes depending on your LDAP/AD -ldap_uid = uid - -#the scope to search for users, 0-LDAP_SCOPE_BASE, 1-LDAP_SCOPE_ONELEVEL, 2-LDAP_SCOPE_SUBTREE -ldap_scope = 2 - -#Timeout (in seconds) when connecting to an LDAP Server. The default value (and most reasonable) is 5 seconds. -ldap_timeout = 5 - -#Verify certificate from LDAP server -ldap_verify_cert = true - -#The base dn from which to lookup a group in LDAP/AD -ldap_group_basedn = ou=group,dc=mydomain,dc=com - -#filter to search LDAP/AD group -ldap_group_filter = objectclass=group - -#The attribute used to name a LDAP/AD group, it could be cn, name -ldap_group_gid = cn - -#The scope to search for ldap groups. 0-LDAP_SCOPE_BASE, 1-LDAP_SCOPE_ONELEVEL, 2-LDAP_SCOPE_SUBTREE -ldap_group_scope = 2 - -#Turn on or off the self-registration feature -self_registration = off - -#The expiration time (in minute) of token created by token service, default is 30 minutes -token_expiration = 30 - -#The flag to control what users have permission to create projects -#The default value "everyone" allows everyone to creates a project. -#Set to "adminonly" so that only admin user can create project. -project_creation_restriction = adminonly - -#************************END INITIAL PROPERTIES************************ - -#######Harbor DB configuration section####### - -#The address of the Harbor database. Only need to change when using external db. -db_host = postgresql - -#The password for the root user of Harbor DB. Change this before any production use. -db_password = {{ db_password_gen.stdout }} - -#The port of Harbor database host -db_port = 5432 - -#The user name of Harbor database -db_user = postgres - -##### End of Harbor DB configuration####### - -##########Redis server configuration.############ - -#Redis connection address -redis_host = redis - -#Redis connection port -redis_port = 6379 - -#Redis connection password -redis_password = - -#Redis connection db index -#db_index 1,2,3 is for registry, jobservice and chartmuseum. -#db_index 0 is for UI, it's unchangeable -redis_db_index = 1,2,3 - -##########Redis server configuration.############ - -##########Clair DB configuration############ - -#Clair DB host address. Only change it when using an exteral DB. -clair_db_host = postgresql -#The password of the Clair's postgres database. Only effective when Harbor is deployed with Clair. -#Please update it before deployment. Subsequent update will cause Clair's API server and Harbor unable to access Clair's database. -clair_db_password = root123 -#Clair DB connect port -clair_db_port = 5432 -#Clair DB username -clair_db_username = postgres -#Clair default database -clair_db = postgres - -#The interval of clair updaters, the unit is hour, set to 0 to disable the updaters. -clair_updaters_interval = 12 - -##########End of Clair DB configuration############ - -#The following attributes only need to be set when auth mode is uaa_auth -uaa_endpoint = uaa.mydomain.org -uaa_clientid = id -uaa_clientsecret = secret -uaa_verify_cert = true -uaa_ca_cert = /path/to/ca.pem - - -### Harbor Storage settings ### -#Please be aware that the following storage settings will be applied to both docker registry and helm chart repository. -#registry_storage_provider can be: filesystem, s3, gcs, azure, etc. -registry_storage_provider_name = filesystem -#registry_storage_provider_config is a comma separated "key: value" pairs, e.g. "key1: value, key2: value2". -#To avoid duplicated configurations, both docker registry and chart repository follow the same storage configuration specifications of docker registry. -#Refer to https://docs.docker.com/registry/configuration/#storage for all available configuration. -registry_storage_provider_config = -#registry_custom_ca_bundle is the path to the custom root ca certificate, which will be injected into the truststore -#of registry's and chart repository's containers. This is usually needed when the user hosts a internal storage with self signed certificate. -registry_custom_ca_bundle = - -#If reload_config=true, all settings which present in harbor.cfg take effect after prepare and restart harbor, it overwrites exsiting settings. -#reload_config=true -#Regular expression to match skipped environment variables -#skip_reload_env_pattern=(^EMAIL.*)|(^LDAP.*) diff --git a/roles/harbor/templates/harbor-v1.7.cfg.j2 b/roles/harbor/templates/harbor-v1.7.cfg.j2 deleted file mode 100644 index cba729f..0000000 --- a/roles/harbor/templates/harbor-v1.7.cfg.j2 +++ /dev/null @@ -1,204 +0,0 @@ -## Configuration file of Harbor - -#This attribute is for migrator to detect the version of the .cfg file, DO NOT MODIFY! -_version = 1.7.0 -#The IP address or hostname to access admin UI and registry service. -#DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients. -#DO NOT comment out this line, modify the value of "hostname" directly, or the installation will fail. -hostname ={{ HARBOR_HOSTNAME }} - -#The protocol for accessing the UI and token/notification service, by default it is http. -#It can be set to https if ssl is enabled on nginx. -ui_url_protocol = https - -#Maximum number of job workers in job service -max_job_workers = 10 - -#Determine whether or not to generate certificate for the registry's token. -#If the value is on, the prepare script creates new root cert and private key -#for generating token to access the registry. If the value is off the default key/cert will be used. -#This flag also controls the creation of the notary signer's cert. -customize_crt = on - -#The path of cert and key files for nginx, they are applied only the protocol is set to https -ssl_cert = {{ ca_dir }}/harbor.pem -ssl_cert_key = {{ ca_dir }}/harbor-key.pem - -#The path of secretkey storage -secretkey_path = /data - -#Admiral's url, comment this attribute, or set its value to NA when Harbor is standalone -admiral_url = NA - -#Log files are rotated log_rotate_count times before being removed. If count is 0, old versions are removed rather than rotated. -log_rotate_count = 50 -#Log files are rotated only if they grow bigger than log_rotate_size bytes. If size is followed by k, the size is assumed to be in kilobytes. -#If the M is used, the size is in megabytes, and if G is used, the size is in gigabytes. So size 100, size 100k, size 100M and size 100G -#are all valid. -log_rotate_size = 200M - -#Config http proxy for Clair, e.g. http://my.proxy.com:3128 -#Clair doesn't need to connect to harbor internal components via http proxy. -http_proxy = -https_proxy = -no_proxy = 127.0.0.1,localhost,core,registry - -#NOTES: The properties between BEGIN INITIAL PROPERTIES and END INITIAL PROPERTIES -#only take effect in the first boot, the subsequent changes of these properties -#should be performed on web ui - -#************************BEGIN INITIAL PROPERTIES************************ - -#Email account settings for sending out password resetting emails. - -#Email server uses the given username and password to authenticate on TLS connections to host and act as identity. -#Identity left blank to act as username. -email_identity = - -email_server = smtp.mydomain.com -email_server_port = 25 -email_username = sample_admin@mydomain.com -email_password = abc -email_from = admin -email_ssl = false -email_insecure = false - -##The initial password of Harbor admin, only works for the first time when Harbor starts. -#It has no effect after the first launch of Harbor. -#Change the admin password from UI after launching Harbor. -harbor_admin_password = {{ harbor_password_gen.stdout }} - -##By default the auth mode is db_auth, i.e. the credentials are stored in a local database. -#Set it to ldap_auth if you want to verify a user's credentials against an LDAP server. -auth_mode = db_auth - -#The url for an ldap endpoint. -ldap_url = ldaps://ldap.mydomain.com - -#A user's DN who has the permission to search the LDAP/AD server. -#If your LDAP/AD server does not support anonymous search, you should configure this DN and ldap_search_pwd. -#ldap_searchdn = uid=searchuser,ou=people,dc=mydomain,dc=com - -#the password of the ldap_searchdn -#ldap_search_pwd = password - -#The base DN from which to look up a user in LDAP/AD -ldap_basedn = ou=people,dc=mydomain,dc=com - -#Search filter for LDAP/AD, make sure the syntax of the filter is correct. -#ldap_filter = (objectClass=person) - -# The attribute used in a search to match a user, it could be uid, cn, email, sAMAccountName or other attributes depending on your LDAP/AD -ldap_uid = uid - -#the scope to search for users, 0-LDAP_SCOPE_BASE, 1-LDAP_SCOPE_ONELEVEL, 2-LDAP_SCOPE_SUBTREE -ldap_scope = 2 - -#Timeout (in seconds) when connecting to an LDAP Server. The default value (and most reasonable) is 5 seconds. -ldap_timeout = 5 - -#Verify certificate from LDAP server -ldap_verify_cert = true - -#The base dn from which to lookup a group in LDAP/AD -ldap_group_basedn = ou=group,dc=mydomain,dc=com - -#filter to search LDAP/AD group -ldap_group_filter = objectclass=group - -#The attribute used to name a LDAP/AD group, it could be cn, name -ldap_group_gid = cn - -#The scope to search for ldap groups. 0-LDAP_SCOPE_BASE, 1-LDAP_SCOPE_ONELEVEL, 2-LDAP_SCOPE_SUBTREE -ldap_group_scope = 2 - -#Turn on or off the self-registration feature -self_registration = on - -#The expiration time (in minute) of token created by token service, default is 30 minutes -token_expiration = 30 - -#The flag to control what users have permission to create projects -#The default value "everyone" allows everyone to creates a project. -#Set to "adminonly" so that only admin user can create project. -project_creation_restriction = everyone - -#************************END INITIAL PROPERTIES************************ - -#######Harbor DB configuration section####### - -#The address of the Harbor database. Only need to change when using external db. -db_host = postgresql - -#The password for the root user of Harbor DB. Change this before any production use. -db_password = {{ db_password_gen.stdout }} - -#The port of Harbor database host -db_port = 5432 - -#The user name of Harbor database -db_user = postgres - -##### End of Harbor DB configuration####### - -##########Redis server configuration.############ - -#Redis connection address -redis_host = redis - -#Redis connection port -redis_port = 6379 - -#Redis connection password -redis_password = - -#Redis connection db index -#db_index 1,2,3 is for registry, jobservice and chartmuseum. -#db_index 0 is for UI, it's unchangeable -redis_db_index = 1,2,3 - -########## End of Redis server configuration ############ - -##########Clair DB configuration############ - -#Clair DB host address. Only change it when using an exteral DB. -clair_db_host = postgresql -#The password of the Clair's postgres database. Only effective when Harbor is deployed with Clair. -#Please update it before deployment. Subsequent update will cause Clair's API server and Harbor unable to access Clair's database. -clair_db_password = root123 -#Clair DB connect port -clair_db_port = 5432 -#Clair DB username -clair_db_username = postgres -#Clair default database -clair_db = postgres - -#The interval of clair updaters, the unit is hour, set to 0 to disable the updaters. -clair_updaters_interval = 12 - -##########End of Clair DB configuration############ - -#The following attributes only need to be set when auth mode is uaa_auth -uaa_endpoint = uaa.mydomain.org -uaa_clientid = id -uaa_clientsecret = secret -uaa_verify_cert = true -uaa_ca_cert = /path/to/ca.pem - - -### Harbor Storage settings ### -#Please be aware that the following storage settings will be applied to both docker registry and helm chart repository. -#registry_storage_provider can be: filesystem, s3, gcs, azure, etc. -registry_storage_provider_name = filesystem -#registry_storage_provider_config is a comma separated "key: value" pairs, e.g. "key1: value, key2: value2". -#To avoid duplicated configurations, both docker registry and chart repository follow the same storage configuration specifications of docker registry. -#Refer to https://docs.docker.com/registry/configuration/#storage for all available configuration. -registry_storage_provider_config = -#registry_custom_ca_bundle is the path to the custom root ca certificate, which will be injected into the truststore -#of registry's and chart repository's containers. This is usually needed when the user hosts a internal storage with self signed certificate. -registry_custom_ca_bundle = - -#If reload_config=true, all settings which present in harbor.cfg take effect after prepare and restart harbor, it overwrites exsiting settings. -#reload_config=true -#Regular expression to match skipped environment variables -#skip_reload_env_pattern=(^EMAIL.*)|(^LDAP.*) diff --git a/roles/harbor/templates/harbor-v1.8.yml.j2 b/roles/harbor/templates/harbor-v1.8.yml.j2 deleted file mode 100644 index 0ee574d..0000000 --- a/roles/harbor/templates/harbor-v1.8.yml.j2 +++ /dev/null @@ -1,130 +0,0 @@ -# Configuration file of Harbor - -# The IP address or hostname to access admin UI and registry service. -# DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients. -hostname: {{ HARBOR_HOSTNAME }} - -# http related config -http: - # port for http, default is 80. If https enabled, this port will redirect to https port - port: 80 - -# https related config -https: -# # https port for harbor, default is 443 - port: 443 -# # The path of cert and key files for nginx - certificate: {{ ca_dir }}/harbor.pem - private_key: {{ ca_dir }}/harbor-key.pem - -# Uncomment external_url if you want to enable external proxy -# And when it enabled the hostname will no longer used -# external_url: https://reg.mydomain.com:8433 - -# The initial password of Harbor admin -# It only works in first time to install harbor -# Remember Change the admin password from UI after launching Harbor. -harbor_admin_password: {{ harbor_password_gen.stdout }} - -# Harbor DB configuration -database: - # The password for the root user of Harbor DB. Change this before any production use. - password: {{ db_password_gen.stdout }} - -# The default data volume -data_volume: /data - -# Harbor Storage settings by default is using /data dir on local filesystem -# Uncomment storage_service setting If you want to using external storage -# storage_service: -# # ca_bundle is the path to the custom root ca certificate, which will be injected into the truststore -# # of registry's and chart repository's containers. This is usually needed when the user hosts a internal storage with self signed certificate. -# ca_bundle: - -# # storage backend, default is filesystem, options include filesystem, azure, gcs, s3, swift and oss -# # for more info about this configuration please refer https://docs.docker.com/registry/configuration/ -# filesystem: -# maxthreads: 100 -# # set disable to true when you want to disable registry redirect -# redirect: -# disabled: false - -# Clair configuration -clair: - # The interval of clair updaters, the unit is hour, set to 0 to disable the updaters. - updaters_interval: 12 - - # Config http proxy for Clair, e.g. http://my.proxy.com:3128 - # Clair doesn't need to connect to harbor internal components via http proxy. - http_proxy: - https_proxy: - no_proxy: 127.0.0.1,localhost,core,registry - -jobservice: - # Maximum number of job workers in job service - max_job_workers: 10 - -chart: - # Change the value of absolute_url to enabled can enable absolute url in chart - absolute_url: disabled - -# Log configurations -log: - # options are debug, info, warning, error, fatal - level: info - # Log files are rotated log_rotate_count times before being removed. If count is 0, old versions are removed rather than rotated. - rotate_count: 50 - # Log files are rotated only if they grow bigger than log_rotate_size bytes. If size is followed by k, the size is assumed to be in kilobytes. - # If the M is used, the size is in megabytes, and if G is used, the size is in gigabytes. So size 100, size 100k, size 100M and size 100G - # are all valid. - rotate_size: 200M - # The directory on your host that store log - location: /var/log/harbor - -#This attribute is for migrator to detect the version of the .cfg file, DO NOT MODIFY! -_version: 1.8.0 - -# Uncomment external_database if using external database. -# external_database: -# harbor: -# host: harbor_db_host -# port: harbor_db_port -# db_name: harbor_db_name -# username: harbor_db_username -# password: harbor_db_password -# ssl_mode: disable -# clair: -# host: clair_db_host -# port: clair_db_port -# db_name: clair_db_name -# username: clair_db_username -# password: clair_db_password -# ssl_mode: disable -# notary_signer: -# host: notary_signer_db_host -# port: notary_signer_db_port -# db_name: notary_signer_db_name -# username: notary_signer_db_username -# password: notary_signer_db_password -# ssl_mode: disable -# notary_server: -# host: notary_server_db_host -# port: notary_server_db_port -# db_name: notary_server_db_name -# username: notary_server_db_username -# password: notary_server_db_password -# ssl_mode: disable - -# Uncomment external_redis if using external Redis server -# external_redis: -# host: redis -# port: 6379 -# password: -# # db_index 0 is for core, it's unchangeable -# registry_db_index: 1 -# jobservice_db_index: 2 -# chartmuseum_db_index: 3 - -# Uncomment uaa for trusting the certificate of uaa instance that is hosted via self-signed cert. -# uaa: -# ca_file: /path/to/ca diff --git a/roles/harbor/templates/harbor-v1.9.yml.j2 b/roles/harbor/templates/harbor-v1.9.yml.j2 deleted file mode 100644 index 50ea9c1..0000000 --- a/roles/harbor/templates/harbor-v1.9.yml.j2 +++ /dev/null @@ -1,163 +0,0 @@ -# Configuration file of Harbor - -# The IP address or hostname to access admin UI and registry service. -# DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients. -hostname: {{ HARBOR_HOSTNAME }} - -# http related config -http: - # port for http, default is 80. If https enabled, this port will redirect to https port -# port: 80 - -# https related config -https: -# # https port for harbor, default is 443 - port: 443 -# # The path of cert and key files for nginx - certificate: {{ ca_dir }}/harbor.pem - private_key: {{ ca_dir }}/harbor-key.pem - -# Uncomment external_url if you want to enable external proxy -# And when it enabled the hostname will no longer used -# external_url: https://reg.mydomain.com:8433 - -# The initial password of Harbor admin -# It only works in first time to install harbor -# Remember Change the admin password from UI after launching Harbor. -harbor_admin_password: {{ harbor_password_gen.stdout }} - -# Harbor DB configuration -database: - # The password for the root user of Harbor DB. Change this before any production use. - password: {{ db_password_gen.stdout }} - # The maximum number of connections in the idle connection pool. If it <=0, no idle connections are retained. - max_idle_conns: 50 - # The maximum number of open connections to the database. If it <= 0, then there is no limit on the number of open connections. - # Note: the default number of connections is 100 for postgres. - max_open_conns: 100 - -# The default data volume -data_volume: /data - -# Harbor Storage settings by default is using /data dir on local filesystem -# Uncomment storage_service setting If you want to using external storage -# storage_service: -# # ca_bundle is the path to the custom root ca certificate, which will be injected into the truststore -# # of registry's and chart repository's containers. This is usually needed when the user hosts a internal storage with self signed certificate. -# ca_bundle: - -# # storage backend, default is filesystem, options include filesystem, azure, gcs, s3, swift and oss -# # for more info about this configuration please refer https://docs.docker.com/registry/configuration/ -# filesystem: -# maxthreads: 100 -# # set disable to true when you want to disable registry redirect -# redirect: -# disabled: false - -# Clair configuration -clair: - # The interval of clair updaters, the unit is hour, set to 0 to disable the updaters. - updaters_interval: 12 - -jobservice: - # Maximum number of job workers in job service - max_job_workers: 10 - -notification: - # Maximum retry count for webhook job - webhook_job_max_retry: 10 - -chart: - # Change the value of absolute_url to enabled can enable absolute url in chart - absolute_url: disabled - -# Log configurations -log: - # options are debug, info, warning, error, fatal - level: info - # configs for logs in local storage - local: - # Log files are rotated log_rotate_count times before being removed. If count is 0, old versions are removed rather than rotated. - rotate_count: 50 - # Log files are rotated only if they grow bigger than log_rotate_size bytes. If size is followed by k, the size is assumed to be in kilobytes. - # If the M is used, the size is in megabytes, and if G is used, the size is in gigabytes. So size 100, size 100k, size 100M and size 100G - # are all valid. - rotate_size: 200M - # The directory on your host that store log - location: /var/log/harbor - - # Uncomment following lines to enable external syslog endpoint. - # external_endpoint: - # # protocol used to transmit log to external endpoint, options is tcp or udp - # protocol: tcp - # # The host of external endpoint - # host: localhost - # # Port of external endpoint - # port: 5140 - -#This attribute is for migrator to detect the version of the .cfg file, DO NOT MODIFY! -_version: 1.9.0 - -# Uncomment external_database if using external database. -# external_database: -# harbor: -# host: harbor_db_host -# port: harbor_db_port -# db_name: harbor_db_name -# username: harbor_db_username -# password: harbor_db_password -# ssl_mode: disable -# max_idle_conns: 2 -# max_open_conns: 0 -# clair: -# host: clair_db_host -# port: clair_db_port -# db_name: clair_db_name -# username: clair_db_username -# password: clair_db_password -# ssl_mode: disable -# notary_signer: -# host: notary_signer_db_host -# port: notary_signer_db_port -# db_name: notary_signer_db_name -# username: notary_signer_db_username -# password: notary_signer_db_password -# ssl_mode: disable -# notary_server: -# host: notary_server_db_host -# port: notary_server_db_port -# db_name: notary_server_db_name -# username: notary_server_db_username -# password: notary_server_db_password -# ssl_mode: disable - -# Uncomment external_redis if using external Redis server -# external_redis: -# host: redis -# port: 6379 -# password: -# # db_index 0 is for core, it's unchangeable -# registry_db_index: 1 -# jobservice_db_index: 2 -# chartmuseum_db_index: 3 - -# Uncomment uaa for trusting the certificate of uaa instance that is hosted via self-signed cert. -# uaa: -# ca_file: /path/to/ca - -# Global proxy -# Config http proxy for components, e.g. http://my.proxy.com:3128 -# Components doesn't need to connect to each others via http proxy. -# Remove component from `components` array if want disable proxy -# for it. If you want use proxy for replication, MUST enable proxy -# for core and jobservice, and set `http_proxy` and `https_proxy`. -# Add domain to the `no_proxy` field, when you want disable proxy -# for some special registry. -proxy: - http_proxy: - https_proxy: - no_proxy: 127.0.0.1,localhost,.local,.internal,log,db,redis,nginx,core,portal,postgresql,jobservice,registry,registryctl,clair - components: - - core - - jobservice - - clair