增加containerd与harbor集成

2019-05-19 22:01:40 +08:00 · 2019-05-19 22:01:40 +08:00 · e749f32738
parent 1bf7636fa3
commit e749f32738
2 changed files with 44 additions and 9 deletions
--- a/11.harbor.yml
+++ b/11.harbor.yml
@ -18,18 +18,53 @@
  - kube-master
  - kube-node
  tasks:
-  - name: Define 'harbor_host', a domain
+  - name: Define 'harbor_host', a domain name
    set_fact: harbor_host="{{ hostvars[groups.harbor[0]]['HARBOR_DOMAIN'] }}"

  - name: Define 'harbor_host', an IP Addr
    set_fact: harbor_host="{{ groups['harbor'][0] }}"
-    when: "hostvars[groups.harbor[0]]['HARBOR_DOMAIN'] == ''"
+    when: hostvars[groups.harbor[0]]['HARBOR_DOMAIN'] == ''
  
-  - name: Creating cert dir of the HARBOR SERVER for the docker daemon
+  - block:  
+      - name: Creating cert dir for the docker daemon
        file: name=/etc/docker/certs.d/{{ harbor_host }} state=directory
  
-  - name: Installing the HARBOR SERVER's cert on k8s nodes
+      - name: Installing the HARBOR SERVER's CA cert for docker
        copy: src={{ base_dir }}/down/ca.pem dest=/etc/docker/certs.d/{{ harbor_host }}/ca.crt
+    when: CONTAINER_RUNTIME == 'docker'
+
+  - block:  
+      - name: Installing the HARBOR SERVER's CA cert on k8s nodes
+        copy: src={{ base_dir }}/down/ca.pem dest=/usr/share/ca-certificates/harbor-ca.crt
+
+      - name: Add the HARBOR SERVER's CA cert 
+        lineinfile:
+          dest: /etc/ca-certificates.conf
+          state: present
+          regexp: 'harbor-ca'
+          line: 'harbor-ca.crt'
+
+      - name: Update the trusted ca-certificates
+        shell: 'update-ca-certificates'
+
+      - name: restart containerd
+        service: name=containerd state=restarted
+    when:
+    - 'CONTAINER_RUNTIME == "containerd"'
+    - 'ansible_distribution == "Ubuntu"'
+
+  - block:  
+      - name: Installing the HARBOR SERVER's CA cert on k8s nodes
+        copy: src={{ base_dir }}/down/ca.pem dest=/etc/pki/ca-trust/source/anchors/harbor-ca.crt
+
+      - name: Update the trusted ca-certificates
+        shell: 'update-ca-trust'
+
+      - name: restart containerd
+        service: name=containerd state=restarted
+    when:
+    - 'CONTAINER_RUNTIME == "containerd"'
+    - 'ansible_distribution in ["CentOS","RedHat","Amazon"]'

  # [optional] if you have a DNS server, add an 'A record' instead
  - name: Adding an '/etc/hosts' entry for the HARBOR DOMAIN
--- a/roles/prepare/tasks/main.yml
+++ b/roles/prepare/tasks/main.yml
@ -1,9 +1,9 @@
 # 系统基础软件环境
 - import_tasks: debian.yml
-  when: ansible_distribution == "Ubuntu" or ansible_distribution == "Debian"
+  when: 'ansible_distribution in ["Ubuntu","Debian"]'

 - import_tasks: centos.yml
-  when: ansible_distribution == "CentOS" or ansible_distribution == "RedHat" or ansible_distribution == "Amazon"
+  when: 'ansible_distribution in ["CentOS","RedHat","Amazon"]' 

 # 公共系统参数设置
 - import_tasks: common.yml