From e749f32738496e838766351168a7d55b734a2422 Mon Sep 17 00:00:00 2001
From: gjmzj <gaojianming.zj@139.com>
Date: Sun, 19 May 2019 22:01:40 +0800
Subject: [PATCH] =?UTF-8?q?=E5=A2=9E=E5=8A=A0containerd=E4=B8=8Eharbor?=
 =?UTF-8?q?=E9=9B=86=E6=88=90?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 11.harbor.yml                | 49 ++++++++++++++++++++++++++++++------
 roles/prepare/tasks/main.yml |  4 +--
 2 files changed, 44 insertions(+), 9 deletions(-)

diff --git a/11.harbor.yml b/11.harbor.yml
index 289580c..e2664fd 100644
--- a/11.harbor.yml
+++ b/11.harbor.yml
@@ -18,18 +18,53 @@
   - kube-master
   - kube-node
   tasks:
-  - name: Define 'harbor_host', a domain
+  - name: Define 'harbor_host', a domain name
     set_fact: harbor_host="{{ hostvars[groups.harbor[0]]['HARBOR_DOMAIN'] }}"
 
   - name: Define 'harbor_host', an IP Addr
     set_fact: harbor_host="{{ groups['harbor'][0] }}"
-    when: "hostvars[groups.harbor[0]]['HARBOR_DOMAIN'] == ''"
-    
-  - name: Creating cert dir of the HARBOR SERVER for the docker daemon
-    file: name=/etc/docker/certs.d/{{ harbor_host }} state=directory
+    when: hostvars[groups.harbor[0]]['HARBOR_DOMAIN'] == ''
   
-  - name: Installing the HARBOR SERVER's cert on k8s nodes
-    copy: src={{ base_dir }}/down/ca.pem dest=/etc/docker/certs.d/{{ harbor_host }}/ca.crt
+  - block:  
+      - name: Creating cert dir for the docker daemon
+        file: name=/etc/docker/certs.d/{{ harbor_host }} state=directory
+  
+      - name: Installing the HARBOR SERVER's CA cert for docker
+        copy: src={{ base_dir }}/down/ca.pem dest=/etc/docker/certs.d/{{ harbor_host }}/ca.crt
+    when: CONTAINER_RUNTIME == 'docker'
+
+  - block:  
+      - name: Installing the HARBOR SERVER's CA cert on k8s nodes
+        copy: src={{ base_dir }}/down/ca.pem dest=/usr/share/ca-certificates/harbor-ca.crt
+
+      - name: Add the HARBOR SERVER's CA cert 
+        lineinfile:
+          dest: /etc/ca-certificates.conf
+          state: present
+          regexp: 'harbor-ca'
+          line: 'harbor-ca.crt'
+
+      - name: Update the trusted ca-certificates
+        shell: 'update-ca-certificates'
+
+      - name: restart containerd
+        service: name=containerd state=restarted
+    when:
+    - 'CONTAINER_RUNTIME == "containerd"'
+    - 'ansible_distribution == "Ubuntu"'
+
+  - block:  
+      - name: Installing the HARBOR SERVER's CA cert on k8s nodes
+        copy: src={{ base_dir }}/down/ca.pem dest=/etc/pki/ca-trust/source/anchors/harbor-ca.crt
+
+      - name: Update the trusted ca-certificates
+        shell: 'update-ca-trust'
+
+      - name: restart containerd
+        service: name=containerd state=restarted
+    when:
+    - 'CONTAINER_RUNTIME == "containerd"'
+    - 'ansible_distribution in ["CentOS","RedHat","Amazon"]'
 
   # [optional] if you have a DNS server, add an 'A record' instead
   - name: Adding an '/etc/hosts' entry for the HARBOR DOMAIN
diff --git a/roles/prepare/tasks/main.yml b/roles/prepare/tasks/main.yml
index 1394502..17cc93d 100644
--- a/roles/prepare/tasks/main.yml
+++ b/roles/prepare/tasks/main.yml
@@ -1,9 +1,9 @@
 # 系统基础软件环境
 - import_tasks: debian.yml
-  when: ansible_distribution == "Ubuntu" or ansible_distribution == "Debian"
+  when: 'ansible_distribution in ["Ubuntu","Debian"]'
 
 - import_tasks: centos.yml
-  when: ansible_distribution == "CentOS" or ansible_distribution == "RedHat" or ansible_distribution == "Amazon"
+  when: 'ansible_distribution in ["CentOS","RedHat","Amazon"]' 
 
 # 公共系统参数设置
 - import_tasks: common.yml