easzlab
/
kubeasz
mirror of https://github.com/easzlab/kubeasz.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

简化harbor安装

pull/1282/head
gjmzj 2023-05-02 17:11:18 +08:00
parent 794cf6eb27
commit f2f62f347d
3 changed files with 7 additions and 84 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
example/config.yml
View File

@ -65,8 +65,9 @@ DOCKER_STORAGE_DIR: "/var/lib/docker"
ENABLE_REMOTE_API: false
# [docker]信任的HTTP仓库
INSECURE_REG: '["http://easzlab.io.local:5000"]'
INSECURE_REG:
- "http://easzlab.io.local:5000"
- "https://{{ HARBOR_REGISTRY }}"
############################
# role:kube-master

76
playbooks/11.harbor.yml
View File

@ -23,83 +23,11 @@
- kube_master
- kube_node
tasks:
- name: Define 'harbor_hostname', a domain name
set_fact: harbor_hostname={{ HARBOR_DOMAIN }}
when: "HARBOR_DOMAIN != ''"
- name: Define 'harbor_hostname', an IP Addr
set_fact: harbor_hostname={{ groups['harbor'][0] }}
when: "HARBOR_DOMAIN == ''"
- block:
- block:
- name: Creating cert dir for the docker daemon
file: name=/etc/docker/certs.d/{{ harbor_hostname }}:{{ HARBOR_TLS_PORT }} state=directory
- name: Installing the HARBOR SERVER's CA cert for docker
copy:
src: "{{ base_dir }}/down/ca.pem"
dest: "/etc/docker/certs.d/{{ harbor_hostname }}:{{ HARBOR_TLS_PORT }}/ca.crt"
when: CONTAINER_RUNTIME == 'docker'
- block:
- name: Installing the HARBOR SERVER's CA cert on k8s nodes
copy: src={{ base_dir }}/down/ca.pem dest=/usr/share/ca-certificates/harbor-ca.crt
- name: Add the HARBOR SERVER's CA cert
lineinfile:
dest: /etc/ca-certificates.conf
state: present
regexp: 'harbor-ca'
line: 'harbor-ca.crt'
- name: Update the trusted ca-certificates
shell: 'update-ca-certificates'
- name: restart containerd
service: name=containerd state=restarted
when:
- 'CONTAINER_RUNTIME == "containerd"'
- 'ansible_distribution == "Ubuntu"'
- block:
- name: Installing the HARBOR SERVER's CA cert on k8s nodes
copy: src={{ base_dir }}/down/ca.pem dest=/etc/pki/ca-trust/source/anchors/harbor-ca.crt
- name: Update the trusted ca-certificates
shell: 'update-ca-trust'
- name: restart containerd
service: name=containerd state=restarted
when:
- 'CONTAINER_RUNTIME == "containerd"'
- 'ansible_distribution in ["CentOS","RedHat","Amazon","Aliyun"]'
when: 'HARBOR_SELF_SIGNED_CERT|bool'
# [optional] if you have a DNS server, add an 'A record' instead
- name: Adding an '/etc/hosts' entry for the HARBOR DOMAIN
lineinfile:
dest: /etc/hosts
state: present
regexp: '{{ harbor_hostname }}'
line: "{{ groups['harbor'][0] }} {{ harbor_hostname }}"
regexp: '{{ HARBOR_DOMAIN }}'
line: "{{ groups['harbor'][0] }} {{ HARBOR_DOMAIN }}"
when: "hostvars[groups.harbor[0]]['HARBOR_DOMAIN'] != ''"
# [optional] 使用 cloud-init 初始化的虚拟机,/etc/hosts 后会重启时被替换,需修改对应的模板文件
- name: Adding cloud-init hosts template (debian) entry for the HARBOR DOMAIN
lineinfile:
dest: /etc/cloud/templates/hosts.debian.tmpl
state: present
regexp: '{{ harbor_hostname }}'
line: "{{ groups['harbor'][0] }} {{ harbor_hostname }}"
when: 'ansible_distribution in ["Ubuntu","Debian"]'
ignore_errors: true
- name: Adding cloud-init hosts template (redhat) entry for the HARBOR DOMAIN
lineinfile:
dest: /etc/cloud/templates/hosts.redhat.tmpl
state: present
regexp: '{{ harbor_hostname }}'
line: "{{ groups['harbor'][0] }} {{ harbor_hostname }}"
when: 'ansible_distribution in ["CentOS","RedHat","Amazon","Aliyun"]'
ignore_errors: true

10
roles/chrony/tasks/main.yml
View File

@ -5,14 +5,8 @@
- "/var/lib/chrony"
- "/var/log/chrony"
- name: apt 卸载 ntp
shell: 'apt remove -y ntp'
when: 'ansible_distribution in ["Ubuntu","Debian"]'
ignore_errors: true
- name: yum 卸载 ntp
shell: 'yum remove -y ntp'
when: 'ansible_distribution in ["CentOS","RedHat","Amazon","Aliyun"]'
- name: 卸载 ntp
package: name=ntp state=absent
ignore_errors: true
- name: 下载二进制文件chronyd