would it be possible to get some ansible roles for the deployment?
casualjim
All 14 comments
or a guide on how to deploy without using the scripts
casualjim
on 25 Aug 2016
@casualjim
Are you trying to use ansible to call docker to deploy? This is easy as the docker-compose.yml is self-explanatory.
Or are you asking for using ansible to deploy without docker, I believe this is doable, but we haven't tried that, so maybe difficult.
reasonerjt
on 25 Aug 2016
memo:
https://github.com/supervised-io/machines/blob/dockerRegistryAnsible/terraform/playbooks/harbor.yml
reasonerjt
on 25 Aug 2016
@casualjim
Did you work on it already? I'd like to write an ansible galaxy role. If someone already started it, I needn't work it from beginning.
This is the list about the configuration or private keys we need take care.
Deploy/config/registry/root.crt
Deploy/config/ui/private_key.pem
Deploy/config/db/env
Deploy/config/jobservice/env
Deploy/config/registry/config.yml
Deploy/config/ui/app.conf
Deploy/config/ui/env
and https://docs.ansible.com/ansible/docker_service_module.html
ozbillwang
on 2 Sep 2016
yeah we have something in the repo linked by @reasonerjt
casualjim
on 2 Sep 2016
@casualjim
The link as marked as memo is 404 error for me.
ozbillwang
on 2 Sep 2016
@reasonerjt
Could you open it to public for this link: https://github.com/supervised-io/machines/blob/dockerRegistryAnsible/terraform/playbooks/harbor.yml ?
ozbillwang
on 2 Sep 2016
It gives me 404 now also...
reasonerjt
on 2 Sep 2016
@reasonerjt & @casualjim
If this link is broken, could you please upload the codes from your fork, if you had it?
ozbillwang
on 29 Sep 2016
ansible role for harbor
tasks/main.yml
---
- name: ensure data folders
file: path=/var/lib/harbor/{{ item }} mode=0755 state=directory
with_items:
- database
- logs
- job_logs
- registry
- name: ensure config folder
file: path=/etc/harbor/ mode=0755 state=directory
- name: copy config files
copy: src=config/{{ item }} dest=/etc/harbor mode=0644
with_items:
- db
- jobservice
- nginx
- registry
- ui
- name: add app.config
template: src=app.conf dest=/etc/harbor/ui/app.conf mode=0644
- name: install docker registry
docker_container:
name: registry
image: library/registry:2.5.0
restart_policy: always
volumes:
- "/var/lib/harbor/registry:/storage"
- "/etc/harbor/registry:/etc/registry/"
env:
GODEBUG: "netdns=cgo"
ports:
- "5001:5001"
command: "serve /etc/registry/config.yml"
- name: install mysql
docker_container:
name: mysql
image: jcali/mysql
restart_policy: always
env:
MYSQL_ROOT_PASSWORD: root123
volumes:
- /var/lib/harbor/database:/var/lib/mysql
- name: install ui
docker_container:
name: ui
image: jcali/ui
restart_policy: always
links:
- "mysql:mysql"
env:
MYSQL_HOST: mysql
MYSQL_PORT: 3306
MYSQL_USR: root
MYSQL_PWD: "{{harbor_db_pass}}"
REGISTRY_URL: http://registry:5000
UI_URL: http://ui
CONFIG_PATH: /etc/ui/app.conf
HARBOR_REG_URL: "{{inventory_hostname}}"
HARBOR_ADMIN_PASSWORD: "{{harbor_admin_pass}}"
HARBOR_URL: http://{{inventory_hostname}}
AUTH_MODE: db_auth
LDAP_URL: ldaps://ldap.mydomain.com
LDAP_BASE_DN: "uid=%s,ou=people,dc=mydomain,dc=com"
UI_SECRET: "{{harbor_ui_secret}}"
SELF_REGISTRATION: "on"
USE_COMPRESSED_JS: "on"
LOG_LEVEL: debug
GODEBUG: "netdns=cgo"
EXT_ENDPOINT: http://{{inventory_hostname}}
TOKEN_URL: http://ui
VERIFY_REMOTE_CERT: "on"
TOKEN_EXPIRATION: 30
ports:
- "8000:80"
volumes:
- /etc/harbor/ui/app.conf:/etc/ui/app.conf
- /etc/harbor/ui/private_key.pem:/etc/ui/private_key.pem
- name: install jobservice
docker_container:
name: jobservice
image: jcali/jobservice
restart_policy: always
links:
- "mysql:mysql"
env:
MYSQL_HOST: mysql
MYSQL_PORT: 3306
MYSQL_USR: root
MYSQL_PWD: "{{harbor_db_pass}}"
UI_SECRET: "{{harbor_ui_secret}}"
CONFIG_PATH: /etc/jobservice/app.conf
REGISTRY_URL: http://registry:5000
VERIFY_REMOTE_CERT: "on"
MAX_JOB_WORKERS: 3
LOG_LEVEL: debug
LOG_DIR: /var/log/jobs
GODEBUG: "netdns=cgo"
EXT_ENDPOINT: http://{{inventory_hostname}}
TOKEN_URL: http://ui
volumes:
- /var/lib/harbor/job_logs:/var/log/jobs
- /etc/harbor/jobservice/app.conf:/etc/jobservice/app.conf
- name: Create certs directory
file: path=/etc/nginx/cert mode=0755 state=directory
- name: add certificate
copy: dest="/etc/nginx/cert/celloproject.io.crt" content="{{ celloproject_io_certificate }}"
- name: add key
copy: dest="/etc/nginx/cert/celloproject.io.key" content="{{ celloproject_io_private_key }}"
- name: set up nginx
docker_container:
name: nginx
image: library/nginx:1.9.0
restart_policy: always
ports:
- "80:80"
- "443:443"
links:
- "mysql:mysql"
- "registry:registry"
- "ui:ui"
volumes:
- "/etc/harbor/nginx:/etc/nginx/"
- "/etc/nginx/cert/:/etc/nginx/cert/"
templates/app.conf
appname = {{ harbor_appname }}
runmode = {{ harbor_runmode }}
[lang]
types = en-US|zh-CN
names = en-US|zh-CN
[dev]
httpport = {{ harbor_dev_httpport }}
[mail]
host = {{ smtp_host }}
port = {{ smtp_port }}
username = {{ smtp_username }}
password = {{ smtp_password }}
from = {{ email_from }}
ssl = false
this is most of the work, can't share the repo publicly because it requires all kinds of corp hoops.
casualjim
on 15 Oct 2016
Ended up here after looking at the installation instructions and the intstall.sh, which don't look very idempotent (yet?).
Will try out the above to see how far that gets me.
senorsmile
on 19 Sep 2017
In foreseeable future, here will be three deployment approaches supported:
- docker-compose: For quickly deployment on single host.
- bosh-release/tile: For product integration.
- helm chart: For deployment on top of k8s cluster.
So I'm closing this issue as won't fix, any interest to maintain other form of installation would be appreciated.
reasonerjt
on 26 Jul 2018
I have started this: https://github.com/nicholasamorim/ansible-role-harbor
It does some thins like install (obviously) but also creates users and projects. It also allows you to change some things like the default Redis settings, in case the user already has another docker instance of redis running and so on.
I'd love to get input on it to make it better as I'm a novice to Harbor.
nicholasamorim
on 15 Mar 2019
Related issues
mramanathan
路
3Comments
levchik
路
4Comments
a-kinder
路
3Comments
xiaosadexiaohai
路
3Comments
andrewtchin
路
3Comments
Most helpful comment
ansible role for harbor
tasks/main.yml
templates/app.conf