环境说明
企业内网环境,使用docker-compose的方式安装Harbor服务,需要先安装docker、docker-compose两个服务,将以二进制的方式安装docker和docker-compose,以适配各种安装环境。
- docker版本:20.10.21,建议使用20.10以上的版本,低版本的会出现安装异常;
- Docker-compose版本:2.24.7
- Harbor版本:2.10.3
一、编写ansible role
1.1 初始化ansible role
使用ansible-galaxy init命令初始化一个安装harbor的ansible role。
$ ansible-galaxy init /etc/ansible/roles/harbor-install
1.2 设置环境变量
通过环境变量的方式自定义安装环境,使用时候修改对应环境变量的值即可。
$ cat roles/harbor-install/vars/main.yml
---
# vars file for harbor-install
DOCKER_VERSION: "20.10.21" #docker服务版本
HARBOR_VERSION: 2.10.3 #harbor服务版本
INSTALL_PATH: /app #安装目录
HTTP_PORT: 8888 #harbor服务端口(http)
HTTPS_PORT: #harbor服务端口(https)
DATA_PATH: /app/data #harbor数据目录,规划好大小
1.3 下载文件
因为考虑到企业内网环境,提前将对应版本的安装包下载好放到roles/harbor-install/files/目录下。
$ wget -c https://download.docker.com/linux/static/stable/x86_64/docker-20.10.21.tgz
$ wget -c https://github.com/docker/compose/releases/download/v2.24.7/docker-compose-linux-x86_64
$ wget -c https://github.com/goharbor/harbor/releases/download/v2.10.3/harbor-offline-installer-v2.10.3.tgz
1.4 创建服务启动文件
安装harbor时依赖docker和containerd两个服务,将服务启动文件写好放到role/harbor-install/files/目录下。
- 创建containerd服务启动文件
$ cat role/harbor-install/files/containerd.service
[Unit]
Description=containerd container runtime
Documentation=https://containerd.io
After=network.target local-fs.target
[Service]
ExecStartPre=-/sbin/modprobe overlay
ExecStart=/usr/bin/containerd
Type=notify
Delegate=yes
KillMode=process
Restart=always
RestartSec=5
LimitNPROC=infinity
LimitCORE=infinity
LimitNOFILE=1048576
TasksMax=infinity
OOMScoreAdjust=-999
[Install]
WantedBy=multi-user.target
- 创建docker启动文件
$ cat role/harbor-install/files/docker.service
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target docker.socket firewalld.service containerd.service time-set.target
Wants=network-online.target containerd.service
Requires=docker.socket
[Service]
Type=notify
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutStartSec=0
RestartSec=2
Restart=always
StartLimitBurst=3
StartLimitInterval=60s
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
TasksMax=infinity
Delegate=yes
KillMode=process
OOMScoreAdjust=-500
[Install]
WantedBy=multi-user.target
1.5 创建Harbor配置文件模块
使用jinjia2模板文件来更具环境变量来自动生成Harbor的配置文件。
$ cat /etc/ansible/roles/harbor-install/templates/harbor.yml.j2
# Configuration file of Harbor
# The IP address or hostname to access admin UI and registry service.
# DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
hostname: {
{
ansible_host }}
# http related config
http:
# port for http, default is 80. If https enabled, this port will redirect to https port
port: {
{
HTTP_PORT }}
# https related config
#https:
# https port for harbor, default is 443
#port: 443
# The path of cert and key files for nginx
#certificate: /your/certificate/path
#private_key: /your/private/key/path
# enable strong ssl ciphers (default: false)
# strong_ssl_ciphers: false
# # Uncomment following will enable tls communication between all harbor components
# internal_tls:
# # set enabled to true means internal tls is enabled
# enabled: true
# # put your cert and key files on dir
# dir: /etc/harbor/tls/internal
# Uncomment external_url if you want to enable external proxy
# And when it enabled the hostname will no longer used
# external_url: https://reg.mydomain.com:8433
external_url: http://{
{
ansible_host }}:{
{
HTTP_PORT }}
# The initial password of Harbor admin
# It only works in first time to install harbor
# Remember Change the admin password from UI after launching Harbor.
harbor_admin_password: Harbor12345
...
#以下内容根据实际情况调整,本处保持默认的配置。
1.6 编写tasks文件
在main.yml入口引用相关的tasks部署任务文件。
$ cat roles/harbor-install/tasks/main.yml
---
- include_tasks: host-ini
最低0.47元/天 解锁文章
334
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
