From 8892cfc0ca45de5b430367e77d20134f03c60a03 Mon Sep 17 00:00:00 2001 From: gjmzj Date: Sun, 26 Aug 2018 10:58:27 +0800 Subject: [PATCH] =?UTF-8?q?=E6=9B=B4=E6=96=B0harbor=20v1.5.2=EF=BC=8C?= =?UTF-8?q?=E4=BC=98=E5=8C=96=E5=AE=89=E8=A3=85=E6=B5=81=E7=A8=8B=E5=85=81?= =?UTF-8?q?=E8=AE=B8=E8=BF=9E=E6=8E=A5=E5=B7=B2=E6=9C=89harbor=E4=BB=93?= =?UTF-8?q?=E5=BA=93?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- 11.harbor.yml | 20 +++++--- docs/guide/harbor.md | 11 +++-- example/hosts.allinone.example | 4 +- example/hosts.m-masters.example | 4 +- example/hosts.s-master.example | 4 +- roles/harbor/defaults/main.yml | 2 + roles/harbor/tasks/main.yml | 87 +++++++++++++++------------------ tools/init_vars.yml | 2 + 8 files changed, 69 insertions(+), 65 deletions(-) create mode 100644 roles/harbor/defaults/main.yml diff --git a/11.harbor.yml b/11.harbor.yml index ba62995..afbcb07 100644 --- a/11.harbor.yml +++ b/11.harbor.yml @@ -1,9 +1,15 @@ - hosts: harbor roles: - - { role: chrony, when: "hostvars[groups.deploy[0]]['NTP_ENABLED'] == 'yes'" } - - prepare - - docker - - harbor + - { role: chrony, when: "hostvars[groups.deploy[0]]['NTP_ENABLED'] == 'yes' and NEW_INSTALL == 'yes'" } + - { role: prepare, when: "NEW_INSTALL == 'yes'" } + - { role: docker, when: "NEW_INSTALL == 'yes'" } + - { role: harbor, when: "NEW_INSTALL == 'yes'" } + tasks: + - name: 获取harbor服务器证书 + fetch: + src: "{{ ca_dir }}/ca.pem" + dest: "{{ base_dir }}/down/" + flat: yes - hosts: - kube-master @@ -15,9 +21,9 @@ tasks: - name: harbor证书目录创建 file: name=/etc/docker/certs.d/{{ harbor_domain }} state=directory - - - name: harbor服务器证书安装 - copy: src={{ ca_dir }}/ca.pem dest=/etc/docker/certs.d/{{ harbor_domain }}/ca.crt + + - name: 推送harbor服务器证书 + copy: src={{ base_dir }}/down/ca.pem dest=/etc/docker/certs.d/{{ harbor_domain }}/ca.crt # 如果你的环境中有dns服务器,可以跳过hosts文件设置 - name: 增加harbor的hosts解析 diff --git a/docs/guide/harbor.md b/docs/guide/harbor.md index 06029af..b5ee03b 100644 --- a/docs/guide/harbor.md +++ b/docs/guide/harbor.md @@ -4,7 +4,7 @@ Habor是由VMWare中国团队开源的容器镜像仓库。事实上,Habor是 ### 安装步骤 -1. 在deploy节点下载最新的 [docker-compose](https://github.com/docker/compose/releases) 二进制文件,改名后把它放到项目 `/etc/ansible/bin`目录下,后续版本会一起打包进百度云盘`k8s.xxx.tar.gz`文件中,可以省略该步骤。注:k8s.1102.tar.gz已集成该工具 +1. 在deploy节点下载最新的 [docker-compose](https://github.com/docker/compose/releases) 二进制文件,改名后把它放到项目 `/etc/ansible/bin`目录下(百度云的二进制文件中已包含) ``` bash wget https://github.com/docker/compose/releases/download/1.18.0/docker-compose-Linux-x86_64 @@ -12,17 +12,18 @@ mv docker-compose-Linux-x86_64 /etc/ansible/bin/docker-compose ``` 2. 在deploy节点下载最新的 [harbor](https://github.com/vmware/harbor/releases) 离线安装包,把它放到项目 `/etc/ansible/down` 目录下,也可以从分享的百度云盘下载 -3. 由于ansible解压的一些问题,需要将官方的tgz包,重新打包为zip包 +3. 由于ansible解压的一些问题,需要将官方的tgz包,重新打包为zip包(百度云分享的harbor离线包已经重新打包为zip格式) 4. 在deploy节点编辑/etc/ansible/hosts文件,可以参考 `example`目录下的模板,修改部分举例如下 ``` bash -# 如果启用harbor,请配置后面harbor相关参数 +# 参数 NEW_INSTALL=(yes/no):yes表示新建 harbor,并配置k8s节点的docker可以使用harbor仓库 +# no 表示仅配置k8s节点的docker使用已有的harbor仓库 [harbor] -192.168.1.8 HARBOR_DOMAIN="harbor.yourdomain.com" +#192.168.1.8 HARBOR_DOMAIN="harbor.yourdomain.com" NEW_INSTALL=no ``` -4. 在deploy节点执行 `cd /etc/ansible && ansible-playbook 11.harbor.yml`,完成harbor安装 +5. 在deploy节点执行 `ansible-playbook /etc/ansible/11.harbor.yml`,完成harbor安装和docker 客户端配置 ### 安装讲解 diff --git a/example/hosts.allinone.example b/example/hosts.allinone.example index df8b195..46ea836 100644 --- a/example/hosts.allinone.example +++ b/example/hosts.allinone.example @@ -13,9 +13,9 @@ [kube-node] 192.168.1.1 -# 如果启用harbor,请配置后面harbor相关参数 +# 参数 NEW_INSTALL:yes表示新建,no表示使用已有harbor服务器 [harbor] -#192.168.1.8 HARBOR_DOMAIN="harbor.yourdomain.com" +#192.168.1.8 HARBOR_DOMAIN="harbor.yourdomain.com" NEW_INSTALL=no # 预留组,后续添加node节点使用 [new-node] diff --git a/example/hosts.m-masters.example b/example/hosts.m-masters.example index a185dc5..f23b350 100644 --- a/example/hosts.m-masters.example +++ b/example/hosts.m-masters.example @@ -22,9 +22,9 @@ 192.168.1.3 192.168.1.4 -# 如果启用harbor,请配置后面harbor相关参数 +# 参数 NEW_INSTALL:yes表示新建,no表示使用已有harbor服务器 [harbor] -#192.168.1.8 HARBOR_DOMAIN="harbor.yourdomain.com" +#192.168.1.8 HARBOR_DOMAIN="harbor.yourdomain.com" NEW_INSTALL=no # 预留组,后续添加master节点使用 [new-master] diff --git a/example/hosts.s-master.example b/example/hosts.s-master.example index 0f3a1f1..cde3724 100644 --- a/example/hosts.s-master.example +++ b/example/hosts.s-master.example @@ -14,9 +14,9 @@ 192.168.1.2 192.168.1.3 -# 如果启用harbor,请配置后面harbor相关参数 +# 参数 NEW_INSTALL:yes表示新建,no表示使用已有harbor服务器 [harbor] -#192.168.1.8 HARBOR_DOMAIN="harbor.yourdomain.com" +#192.168.1.8 HARBOR_DOMAIN="harbor.yourdomain.com" NEW_INSTALL=no # 预留组,后续添加node节点使用 [new-node] diff --git a/roles/harbor/defaults/main.yml b/roles/harbor/defaults/main.yml new file mode 100644 index 0000000..59bbc62 --- /dev/null +++ b/roles/harbor/defaults/main.yml @@ -0,0 +1,2 @@ +# harbor version +HARBOR_VER: "v1.5.2" diff --git a/roles/harbor/tasks/main.yml b/roles/harbor/tasks/main.yml index 258cbc3..dd1d95e 100644 --- a/roles/harbor/tasks/main.yml +++ b/roles/harbor/tasks/main.yml @@ -1,57 +1,50 @@ -- name: 下载docker compose 二进制文件 - copy: src={{ base_dir }}/bin/docker-compose dest={{ bin_dir }}/docker-compose mode=0755 - - name: 创建data目录 file: path: /data state: directory mode: 0755 -# 注册变量result,根据result结果判断是否已经安装过harbor -# result|failed 说明没有安装过harbor,下一步进行安装 -# result|succeeded 说明已经安装过harbor,下一步跳过安装 +# 注册变量result,如果/data目录下存在registry目录说明已经安装过harbor,则不进行安装 - name: 注册变量result - command: ls /data/registry + command: ls /data register: result - ignore_errors: True -- name: 安装解压工具 - package: name={{ item }} state=present - with_items: - - zip - - unzip +- block: + - name: 下载docker compose 二进制文件 + copy: src={{ base_dir }}/bin/docker-compose dest={{ bin_dir }}/docker-compose mode=0755 -- name: 解压harbor离线安装包 - unarchive: - src: "{{ base_dir }}/down/harbor-offline-installer-v1.5.1.zip" - dest: /data - copy: yes - keep_newer: yes - mode: 0755 - when: result is failed - -- name: 导入harbor所需 docker images - shell: "{{ bin_dir }}/docker load -i /data/harbor/harbor.v1.5.1.tar.gz" - when: result is failed - -- name: 创建harbor证书请求 - template: src=harbor-csr.json.j2 dest={{ ca_dir }}/harbor-csr.json - when: result is failed - -- name: 创建harbor证书和私钥 - shell: "cd {{ ca_dir }} && {{ bin_dir }}/cfssl gencert \ - -ca={{ ca_dir }}/ca.pem \ - -ca-key={{ ca_dir }}/ca-key.pem \ - -config={{ ca_dir }}/ca-config.json \ - -profile=kubernetes harbor-csr.json | {{ bin_dir }}/cfssljson -bare harbor" - when: result is failed - -- name: 配置 harbor.cfg 文件 - template: src=harbor.cfg.j2 dest=/data/harbor/harbor.cfg - when: result is failed - -- name: 安装 harbor - shell: "cd /data/harbor && \ - export PATH={{ bin_dir }}:$PATH && \ - ./install.sh --with-clair" - when: result is failed + - name: 安装解压工具 + package: name={{ item }} state=present + with_items: + - zip + - unzip + + - name: 解压harbor离线安装包 + unarchive: + src: "{{ base_dir }}/down/harbor-offline-installer-{{ HARBOR_VER }}.zip" + dest: /data + copy: yes + keep_newer: yes + mode: 0755 + + - name: 导入harbor所需 docker images + shell: "{{ bin_dir }}/docker load -i /data/harbor/harbor.{{ HARBOR_VER }}.tar.gz" + + - name: 创建harbor证书请求 + template: src=harbor-csr.json.j2 dest={{ ca_dir }}/harbor-csr.json + + - name: 创建harbor证书和私钥 + shell: "cd {{ ca_dir }} && {{ bin_dir }}/cfssl gencert \ + -ca={{ ca_dir }}/ca.pem \ + -ca-key={{ ca_dir }}/ca-key.pem \ + -config={{ ca_dir }}/ca-config.json \ + -profile=kubernetes harbor-csr.json | {{ bin_dir }}/cfssljson -bare harbor" + + - name: 配置 harbor.cfg 文件 + template: src=harbor.cfg.j2 dest=/data/harbor/harbor.cfg + + - name: 安装 harbor + shell: "cd /data/harbor && \ + export PATH={{ bin_dir }}:$PATH && \ + ./install.sh --with-clair" + when: '"registry" not in result.stdout' diff --git a/tools/init_vars.yml b/tools/init_vars.yml index 65b6673..6019e00 100644 --- a/tools/init_vars.yml +++ b/tools/init_vars.yml @@ -15,6 +15,7 @@ - docker - etcd - flannel + - harbor - helm - kube-master - kube-node @@ -36,6 +37,7 @@ - docker - etcd - flannel + - harbor - helm - kube-master - kube-node