mirror of https://github.com/easzlab/kubeasz.git
更新harbor v1.5.2,优化安装流程允许连接已有harbor仓库
parent
c911d2f58a
commit
8892cfc0ca
|
@ -1,9 +1,15 @@
|
|||
- hosts: harbor
|
||||
roles:
|
||||
- { role: chrony, when: "hostvars[groups.deploy[0]]['NTP_ENABLED'] == 'yes'" }
|
||||
- prepare
|
||||
- docker
|
||||
- harbor
|
||||
- { role: chrony, when: "hostvars[groups.deploy[0]]['NTP_ENABLED'] == 'yes' and NEW_INSTALL == 'yes'" }
|
||||
- { role: prepare, when: "NEW_INSTALL == 'yes'" }
|
||||
- { role: docker, when: "NEW_INSTALL == 'yes'" }
|
||||
- { role: harbor, when: "NEW_INSTALL == 'yes'" }
|
||||
tasks:
|
||||
- name: 获取harbor服务器证书
|
||||
fetch:
|
||||
src: "{{ ca_dir }}/ca.pem"
|
||||
dest: "{{ base_dir }}/down/"
|
||||
flat: yes
|
||||
|
||||
- hosts:
|
||||
- kube-master
|
||||
|
@ -15,9 +21,9 @@
|
|||
tasks:
|
||||
- name: harbor证书目录创建
|
||||
file: name=/etc/docker/certs.d/{{ harbor_domain }} state=directory
|
||||
|
||||
- name: harbor服务器证书安装
|
||||
copy: src={{ ca_dir }}/ca.pem dest=/etc/docker/certs.d/{{ harbor_domain }}/ca.crt
|
||||
|
||||
- name: 推送harbor服务器证书
|
||||
copy: src={{ base_dir }}/down/ca.pem dest=/etc/docker/certs.d/{{ harbor_domain }}/ca.crt
|
||||
|
||||
# 如果你的环境中有dns服务器,可以跳过hosts文件设置
|
||||
- name: 增加harbor的hosts解析
|
||||
|
|
|
@ -4,7 +4,7 @@ Habor是由VMWare中国团队开源的容器镜像仓库。事实上,Habor是
|
|||
|
||||
### 安装步骤
|
||||
|
||||
1. 在deploy节点下载最新的 [docker-compose](https://github.com/docker/compose/releases) 二进制文件,改名后把它放到项目 `/etc/ansible/bin`目录下,后续版本会一起打包进百度云盘`k8s.xxx.tar.gz`文件中,可以省略该步骤。注:k8s.1102.tar.gz已集成该工具
|
||||
1. 在deploy节点下载最新的 [docker-compose](https://github.com/docker/compose/releases) 二进制文件,改名后把它放到项目 `/etc/ansible/bin`目录下(百度云的二进制文件中已包含)
|
||||
|
||||
``` bash
|
||||
wget https://github.com/docker/compose/releases/download/1.18.0/docker-compose-Linux-x86_64
|
||||
|
@ -12,17 +12,18 @@ mv docker-compose-Linux-x86_64 /etc/ansible/bin/docker-compose
|
|||
```
|
||||
2. 在deploy节点下载最新的 [harbor](https://github.com/vmware/harbor/releases) 离线安装包,把它放到项目 `/etc/ansible/down` 目录下,也可以从分享的百度云盘下载
|
||||
|
||||
3. 由于ansible解压的一些问题,需要将官方的tgz包,重新打包为zip包
|
||||
3. 由于ansible解压的一些问题,需要将官方的tgz包,重新打包为zip包(百度云分享的harbor离线包已经重新打包为zip格式)
|
||||
|
||||
4. 在deploy节点编辑/etc/ansible/hosts文件,可以参考 `example`目录下的模板,修改部分举例如下
|
||||
|
||||
``` bash
|
||||
# 如果启用harbor,请配置后面harbor相关参数
|
||||
# 参数 NEW_INSTALL=(yes/no):yes表示新建 harbor,并配置k8s节点的docker可以使用harbor仓库
|
||||
# no 表示仅配置k8s节点的docker使用已有的harbor仓库
|
||||
[harbor]
|
||||
192.168.1.8 HARBOR_DOMAIN="harbor.yourdomain.com"
|
||||
#192.168.1.8 HARBOR_DOMAIN="harbor.yourdomain.com" NEW_INSTALL=no
|
||||
```
|
||||
|
||||
4. 在deploy节点执行 `cd /etc/ansible && ansible-playbook 11.harbor.yml`,完成harbor安装
|
||||
5. 在deploy节点执行 `ansible-playbook /etc/ansible/11.harbor.yml`,完成harbor安装和docker 客户端配置
|
||||
|
||||
### 安装讲解
|
||||
|
||||
|
|
|
@ -13,9 +13,9 @@
|
|||
[kube-node]
|
||||
192.168.1.1
|
||||
|
||||
# 如果启用harbor,请配置后面harbor相关参数
|
||||
# 参数 NEW_INSTALL:yes表示新建,no表示使用已有harbor服务器
|
||||
[harbor]
|
||||
#192.168.1.8 HARBOR_DOMAIN="harbor.yourdomain.com"
|
||||
#192.168.1.8 HARBOR_DOMAIN="harbor.yourdomain.com" NEW_INSTALL=no
|
||||
|
||||
# 预留组,后续添加node节点使用
|
||||
[new-node]
|
||||
|
|
|
@ -22,9 +22,9 @@
|
|||
192.168.1.3
|
||||
192.168.1.4
|
||||
|
||||
# 如果启用harbor,请配置后面harbor相关参数
|
||||
# 参数 NEW_INSTALL:yes表示新建,no表示使用已有harbor服务器
|
||||
[harbor]
|
||||
#192.168.1.8 HARBOR_DOMAIN="harbor.yourdomain.com"
|
||||
#192.168.1.8 HARBOR_DOMAIN="harbor.yourdomain.com" NEW_INSTALL=no
|
||||
|
||||
# 预留组,后续添加master节点使用
|
||||
[new-master]
|
||||
|
|
|
@ -14,9 +14,9 @@
|
|||
192.168.1.2
|
||||
192.168.1.3
|
||||
|
||||
# 如果启用harbor,请配置后面harbor相关参数
|
||||
# 参数 NEW_INSTALL:yes表示新建,no表示使用已有harbor服务器
|
||||
[harbor]
|
||||
#192.168.1.8 HARBOR_DOMAIN="harbor.yourdomain.com"
|
||||
#192.168.1.8 HARBOR_DOMAIN="harbor.yourdomain.com" NEW_INSTALL=no
|
||||
|
||||
# 预留组,后续添加node节点使用
|
||||
[new-node]
|
||||
|
|
|
@ -0,0 +1,2 @@
|
|||
# harbor version
|
||||
HARBOR_VER: "v1.5.2"
|
|
@ -1,57 +1,50 @@
|
|||
- name: 下载docker compose 二进制文件
|
||||
copy: src={{ base_dir }}/bin/docker-compose dest={{ bin_dir }}/docker-compose mode=0755
|
||||
|
||||
- name: 创建data目录
|
||||
file:
|
||||
path: /data
|
||||
state: directory
|
||||
mode: 0755
|
||||
|
||||
# 注册变量result,根据result结果判断是否已经安装过harbor
|
||||
# result|failed 说明没有安装过harbor,下一步进行安装
|
||||
# result|succeeded 说明已经安装过harbor,下一步跳过安装
|
||||
# 注册变量result,如果/data目录下存在registry目录说明已经安装过harbor,则不进行安装
|
||||
- name: 注册变量result
|
||||
command: ls /data/registry
|
||||
command: ls /data
|
||||
register: result
|
||||
ignore_errors: True
|
||||
|
||||
- name: 安装解压工具
|
||||
package: name={{ item }} state=present
|
||||
with_items:
|
||||
- zip
|
||||
- unzip
|
||||
- block:
|
||||
- name: 下载docker compose 二进制文件
|
||||
copy: src={{ base_dir }}/bin/docker-compose dest={{ bin_dir }}/docker-compose mode=0755
|
||||
|
||||
- name: 解压harbor离线安装包
|
||||
unarchive:
|
||||
src: "{{ base_dir }}/down/harbor-offline-installer-v1.5.1.zip"
|
||||
dest: /data
|
||||
copy: yes
|
||||
keep_newer: yes
|
||||
mode: 0755
|
||||
when: result is failed
|
||||
|
||||
- name: 导入harbor所需 docker images
|
||||
shell: "{{ bin_dir }}/docker load -i /data/harbor/harbor.v1.5.1.tar.gz"
|
||||
when: result is failed
|
||||
|
||||
- name: 创建harbor证书请求
|
||||
template: src=harbor-csr.json.j2 dest={{ ca_dir }}/harbor-csr.json
|
||||
when: result is failed
|
||||
|
||||
- name: 创建harbor证书和私钥
|
||||
shell: "cd {{ ca_dir }} && {{ bin_dir }}/cfssl gencert \
|
||||
-ca={{ ca_dir }}/ca.pem \
|
||||
-ca-key={{ ca_dir }}/ca-key.pem \
|
||||
-config={{ ca_dir }}/ca-config.json \
|
||||
-profile=kubernetes harbor-csr.json | {{ bin_dir }}/cfssljson -bare harbor"
|
||||
when: result is failed
|
||||
|
||||
- name: 配置 harbor.cfg 文件
|
||||
template: src=harbor.cfg.j2 dest=/data/harbor/harbor.cfg
|
||||
when: result is failed
|
||||
|
||||
- name: 安装 harbor
|
||||
shell: "cd /data/harbor && \
|
||||
export PATH={{ bin_dir }}:$PATH && \
|
||||
./install.sh --with-clair"
|
||||
when: result is failed
|
||||
- name: 安装解压工具
|
||||
package: name={{ item }} state=present
|
||||
with_items:
|
||||
- zip
|
||||
- unzip
|
||||
|
||||
- name: 解压harbor离线安装包
|
||||
unarchive:
|
||||
src: "{{ base_dir }}/down/harbor-offline-installer-{{ HARBOR_VER }}.zip"
|
||||
dest: /data
|
||||
copy: yes
|
||||
keep_newer: yes
|
||||
mode: 0755
|
||||
|
||||
- name: 导入harbor所需 docker images
|
||||
shell: "{{ bin_dir }}/docker load -i /data/harbor/harbor.{{ HARBOR_VER }}.tar.gz"
|
||||
|
||||
- name: 创建harbor证书请求
|
||||
template: src=harbor-csr.json.j2 dest={{ ca_dir }}/harbor-csr.json
|
||||
|
||||
- name: 创建harbor证书和私钥
|
||||
shell: "cd {{ ca_dir }} && {{ bin_dir }}/cfssl gencert \
|
||||
-ca={{ ca_dir }}/ca.pem \
|
||||
-ca-key={{ ca_dir }}/ca-key.pem \
|
||||
-config={{ ca_dir }}/ca-config.json \
|
||||
-profile=kubernetes harbor-csr.json | {{ bin_dir }}/cfssljson -bare harbor"
|
||||
|
||||
- name: 配置 harbor.cfg 文件
|
||||
template: src=harbor.cfg.j2 dest=/data/harbor/harbor.cfg
|
||||
|
||||
- name: 安装 harbor
|
||||
shell: "cd /data/harbor && \
|
||||
export PATH={{ bin_dir }}:$PATH && \
|
||||
./install.sh --with-clair"
|
||||
when: '"registry" not in result.stdout'
|
||||
|
|
|
@ -15,6 +15,7 @@
|
|||
- docker
|
||||
- etcd
|
||||
- flannel
|
||||
- harbor
|
||||
- helm
|
||||
- kube-master
|
||||
- kube-node
|
||||
|
@ -36,6 +37,7 @@
|
|||
- docker
|
||||
- etcd
|
||||
- flannel
|
||||
- harbor
|
||||
- helm
|
||||
- kube-master
|
||||
- kube-node
|
||||
|
|
Loading…
Reference in New Issue