easzlab
/
kubeasz
mirror of https://github.com/easzlab/kubeasz.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
kubeasz/11.harbor.yml

97 lines
3.6 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

# [optional] to set up a HARBOR, and to integrate the HARBOR with k8s cluster
# read the guide: 'guide/harbor.md'
- hosts: harbor
roles:
- { role: chrony, when: "NEW_INSTALL == 'yes' and groups['chrony']|length > 0" }
- { role: prepare, when: "NEW_INSTALL == 'yes'" }
- { role: docker, when: "NEW_INSTALL == 'yes'" }
- { role: harbor, when: "NEW_INSTALL == 'yes'" }
tasks:
- name: Fetching the HARBOR SERVER's CA cert
fetch:
src: "{{ ca_dir }}/ca.pem"
dest: "{{ base_dir }}/down/"
flat: yes
when: hostvars[groups.harbor[0]]['SELF_SIGNED_CERT'] == 'yes'
- hosts:
- kube-master
- kube-node
tasks:
- name: Define 'harbor_host', a domain name
set_fact: harbor_host={{ hostvars[groups.harbor[0]]['HARBOR_DOMAIN'] }}
- name: Define 'harbor_host', an IP Addr
set_fact: harbor_host={{ groups['harbor'][0] }}
when: hostvars[groups.harbor[0]]['HARBOR_DOMAIN'] == ''
- block:
- block:
- name: Creating cert dir for the docker daemon
file: name=/etc/docker/certs.d/{{ harbor_host }} state=directory
- name: Installing the HARBOR SERVER's CA cert for docker
copy: src={{ base_dir }}/down/ca.pem dest=/etc/docker/certs.d/{{ harbor_host }}/ca.crt
when: CONTAINER_RUNTIME == 'docker'
- block:
- name: Installing the HARBOR SERVER's CA cert on k8s nodes
copy: src={{ base_dir }}/down/ca.pem dest=/usr/share/ca-certificates/harbor-ca.crt
- name: Add the HARBOR SERVER's CA cert
lineinfile:
dest: /etc/ca-certificates.conf
state: present
regexp: 'harbor-ca'
line: 'harbor-ca.crt'
- name: Update the trusted ca-certificates
shell: 'update-ca-certificates'
- name: restart containerd
service: name=containerd state=restarted
when:
- 'CONTAINER_RUNTIME == "containerd"'
- 'ansible_distribution == "Ubuntu"'
- block:
- name: Installing the HARBOR SERVER's CA cert on k8s nodes
copy: src={{ base_dir }}/down/ca.pem dest=/etc/pki/ca-trust/source/anchors/harbor-ca.crt
- name: Update the trusted ca-certificates
shell: 'update-ca-trust'
- name: restart containerd
service: name=containerd state=restarted
when:
- 'CONTAINER_RUNTIME == "containerd"'
- 'ansible_distribution in ["CentOS","RedHat","Amazon"]'
when: hostvars[groups.harbor[0]]['SELF_SIGNED_CERT'] == 'yes'
# [optional] if you have a DNS server, add an 'A record' instead
- name: Adding an '/etc/hosts' entry for the HARBOR DOMAIN
lineinfile:
dest: /etc/hosts
state: present
regexp: '{{ harbor_host }}'
line: "{{ groups['harbor'][0] }} {{ harbor_host }}"
when: "hostvars[groups.harbor[0]]['HARBOR_DOMAIN'] != ''"
# [optional] 使用 cloud-init 初始化的虚拟机hosts 后会重启时被替换,需修改对应的 hosts 模板文件
- name: Adding cloud-init hosts template (debian) entry for the HARBOR DOMAIN
lineinfile:
dest: /etc/cloud/templates/hosts.debian.tmpl
state: present
regexp: '{{ harbor_host }}'
line: "{{ groups['harbor'][0] }} {{ harbor_host }}"
when: 'ansible_distribution in ["Ubuntu","Debian"]'
- name: Adding cloud-init hosts template (redhat) entry for the HARBOR DOMAIN
lineinfile:
dest: /etc/cloud/templates/hosts.redhat.tmpl
state: present
regexp: '{{ harbor_host }}'
line: "{{ groups['harbor'][0] }} {{ harbor_host }}"
when: 'ansible_distribution in ["CentOS","RedHat","Amazon"]'
Reference in New Issue View Git Blame Copy Permalink