diff --git a/example/config.yml b/example/config.yml index e6e3727..859c921 100644 --- a/example/config.yml +++ b/example/config.yml @@ -65,8 +65,9 @@ DOCKER_STORAGE_DIR: "/var/lib/docker" ENABLE_REMOTE_API: false # [docker]信任的HTTP仓库 -INSECURE_REG: '["http://easzlab.io.local:5000"]' - +INSECURE_REG: + - "http://easzlab.io.local:5000" + - "https://{{ HARBOR_REGISTRY }}" ############################ # role:kube-master diff --git a/playbooks/11.harbor.yml b/playbooks/11.harbor.yml index 208e22e..a211de7 100644 --- a/playbooks/11.harbor.yml +++ b/playbooks/11.harbor.yml @@ -23,83 +23,11 @@ - kube_master - kube_node tasks: - - name: Define 'harbor_hostname', a domain name - set_fact: harbor_hostname={{ HARBOR_DOMAIN }} - when: "HARBOR_DOMAIN != ''" - - - name: Define 'harbor_hostname', an IP Addr - set_fact: harbor_hostname={{ groups['harbor'][0] }} - when: "HARBOR_DOMAIN == ''" - - - block: - - block: - - name: Creating cert dir for the docker daemon - file: name=/etc/docker/certs.d/{{ harbor_hostname }}:{{ HARBOR_TLS_PORT }} state=directory - - - name: Installing the HARBOR SERVER's CA cert for docker - copy: - src: "{{ base_dir }}/down/ca.pem" - dest: "/etc/docker/certs.d/{{ harbor_hostname }}:{{ HARBOR_TLS_PORT }}/ca.crt" - when: CONTAINER_RUNTIME == 'docker' - - - block: - - name: Installing the HARBOR SERVER's CA cert on k8s nodes - copy: src={{ base_dir }}/down/ca.pem dest=/usr/share/ca-certificates/harbor-ca.crt - - - name: Add the HARBOR SERVER's CA cert - lineinfile: - dest: /etc/ca-certificates.conf - state: present - regexp: 'harbor-ca' - line: 'harbor-ca.crt' - - - name: Update the trusted ca-certificates - shell: 'update-ca-certificates' - - - name: restart containerd - service: name=containerd state=restarted - when: - - 'CONTAINER_RUNTIME == "containerd"' - - 'ansible_distribution == "Ubuntu"' - - - block: - - name: Installing the HARBOR SERVER's CA cert on k8s nodes - copy: src={{ base_dir }}/down/ca.pem dest=/etc/pki/ca-trust/source/anchors/harbor-ca.crt - - - name: Update the trusted ca-certificates - shell: 'update-ca-trust' - - - name: restart containerd - service: name=containerd state=restarted - when: - - 'CONTAINER_RUNTIME == "containerd"' - - 'ansible_distribution in ["CentOS","RedHat","Amazon","Aliyun"]' - when: 'HARBOR_SELF_SIGNED_CERT|bool' - # [optional] if you have a DNS server, add an 'A record' instead - name: Adding an '/etc/hosts' entry for the HARBOR DOMAIN lineinfile: dest: /etc/hosts state: present - regexp: '{{ harbor_hostname }}' - line: "{{ groups['harbor'][0] }} {{ harbor_hostname }}" + regexp: '{{ HARBOR_DOMAIN }}' + line: "{{ groups['harbor'][0] }} {{ HARBOR_DOMAIN }}" when: "hostvars[groups.harbor[0]]['HARBOR_DOMAIN'] != ''" - - # [optional] 使用 cloud-init 初始化的虚拟机,/etc/hosts 后会重启时被替换,需修改对应的模板文件 - - name: Adding cloud-init hosts template (debian) entry for the HARBOR DOMAIN - lineinfile: - dest: /etc/cloud/templates/hosts.debian.tmpl - state: present - regexp: '{{ harbor_hostname }}' - line: "{{ groups['harbor'][0] }} {{ harbor_hostname }}" - when: 'ansible_distribution in ["Ubuntu","Debian"]' - ignore_errors: true - - - name: Adding cloud-init hosts template (redhat) entry for the HARBOR DOMAIN - lineinfile: - dest: /etc/cloud/templates/hosts.redhat.tmpl - state: present - regexp: '{{ harbor_hostname }}' - line: "{{ groups['harbor'][0] }} {{ harbor_hostname }}" - when: 'ansible_distribution in ["CentOS","RedHat","Amazon","Aliyun"]' - ignore_errors: true \ No newline at end of file diff --git a/roles/chrony/tasks/main.yml b/roles/chrony/tasks/main.yml index b52fe77..3147651 100644 --- a/roles/chrony/tasks/main.yml +++ b/roles/chrony/tasks/main.yml @@ -5,14 +5,8 @@ - "/var/lib/chrony" - "/var/log/chrony" -- name: apt 卸载 ntp - shell: 'apt remove -y ntp' - when: 'ansible_distribution in ["Ubuntu","Debian"]' - ignore_errors: true - -- name: yum 卸载 ntp - shell: 'yum remove -y ntp' - when: 'ansible_distribution in ["CentOS","RedHat","Amazon","Aliyun"]' +- name: 卸载 ntp + package: name=ntp state=absent ignore_errors: true - name: 下载二进制文件chronyd