Skip to content

Commit

Permalink
升级harbor版本到1.5.1,调整安装路径为/data/harbor,修复安装解压问题
Browse files Browse the repository at this point in the history
  • Loading branch information
lusyoe authored and gjmzj committed Jun 8, 2018
1 parent 68bfaa1 commit 24639cc
Show file tree
Hide file tree
Showing 3 changed files with 107 additions and 24 deletions.
14 changes: 8 additions & 6 deletions docs/guide/harbor.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,15 +4,17 @@ Habor是由VMWare中国团队开源的容器镜像仓库。事实上,Habor是

### 安装步骤

1. 在deploy节点下载最新的 [docker-compose](https://github.com/docker/compose/releases) 二进制文件,改名后把它放到项目 `/etc/ansible/bin`目录下,后续版本会一起打包进百度云盘`k8s.xxx.tar.gz`文件中,可以省略该步骤
1. 在deploy节点下载最新的 [docker-compose](https://github.com/docker/compose/releases) 二进制文件,改名后把它放到项目 `/etc/ansible/bin`目录下,后续版本会一起打包进百度云盘`k8s.xxx.tar.gz`文件中,可以省略该步骤。注:k8s.1102.tar.gz已集成该工具

``` bash
wget https://github.com/docker/compose/releases/download/1.18.0/docker-compose-Linux-x86_64
mv docker-compose-Linux-x86_64 /etc/ansible/bin/docker-compose
```
2. 在deploy节点下载最新的 [harbor](https://github.com/vmware/harbor/releases) 离线安装包,把它放到项目 `/etc/ansible/down` 目录下,也可以从分享的百度云盘下载

3. 在deploy节点编辑/etc/ansible/hosts文件,可以参考 `example`目录下的模板,修改部分举例如下
3. 由于ansible解压的一些问题,需要将官方的tgz包,重新打包为zip包

4. 在deploy节点编辑/etc/ansible/hosts文件,可以参考 `example`目录下的模板,修改部分举例如下

``` bash
# 如果启用harbor,请配置后面harbor相关参数
Expand Down Expand Up @@ -126,7 +128,7 @@ type: kubernetes.io/dockerconfigjson
+ 日志目录 `/var/log/harbor`
+ 数据目录 `/data` ,其中最主要是 `/data/database``/data/registry` 目录,如果你要彻底重新安装harbor,删除这两个目录即可

先进入harbor安装目录 `cd /opt/harbor`,常规操作如下:
先进入harbor安装目录 `cd /data/harbor`,常规操作如下:

1. 暂停harbor `docker-compose stop` : docker容器stop,并不删除容器
2. 恢复harbor `docker-compose start` : 恢复docker容器运行
Expand All @@ -151,15 +153,15 @@ type: kubernetes.io/dockerconfigjson

``` bash
# 进入harbor解压缩后的目录,停止harbor
cd /opt/harbor
cd /data/harbor
docker-compose down

# 备份这个目录
cd ..
mkdir -p /backup && mv harbor /backup/harbor

# 下载更新的离线安装包,并解压
tar zxvf harbor-offline-installer-v1.2.2.tgz -C /opt
tar zxvf harbor-offline-installer-v1.2.2.tgz -C /data

# 使用官方数据库迁移工具,备份数据库,修改数据库连接用户和密码,创建数据库备份目录
# 迁移工具使用docker镜像,镜像tag由待升级到目标harbor版本决定,这里由 1.1.2升级到1.2.2,所以使用 tag 1.2
Expand All @@ -171,7 +173,7 @@ docker run -it --rm -e DB_USR=root -e DB_PWD=xxxx -v /data/database:/var/lib/mys
docker run -it --rm -e DB_USR=root -e DB_PWD=xxxx -v /data/database:/var/lib/mysql vmware/harbor-db-migrator:1.2 up head

# 修改新版本 harbor.cfg配置,需要保持与老版本相关配置项保持一致,然后执行安装即可
cd /opt/harbor
cd /data/harbor
vi harbor.cfg
./install.sh

Expand Down
16 changes: 11 additions & 5 deletions roles/harbor/tasks/main.yml
Original file line number Diff line number Diff line change
@@ -1,6 +1,12 @@
- name: 下载docker compose 二进制文件
copy: src={{ base_dir }}/bin/docker-compose dest={{ bin_dir }}/docker-compose mode=0755

- name: 创建data目录
file:
path: /data
state: directory
mode: 0755

# 注册变量result,根据result结果判断是否已经安装过harbor
# result|failed 说明没有安装过harbor,下一步进行安装
# result|succeeded 说明已经安装过harbor,下一步跳过安装
Expand All @@ -11,14 +17,14 @@

- name: 解压harbor离线安装包
unarchive:
src: "{{ base_dir }}/down/harbor-offline-installer-v1.2.2.tgz"
dest: /opt
src: "{{ base_dir }}/down/harbor-offline-installer-v1.5.1.zip"
dest: /data
copy: yes
keep_newer: yes
when: result is failed

- name: 导入harbor所需 docker images
shell: "{{ bin_dir }}/docker load -i /opt/harbor/harbor.v1.2.2.tar.gz"
shell: "{{ bin_dir }}/docker load -i /data/harbor/harbor.v1.5.1.tar.gz"
when: result is failed

- name: 创建harbor证书请求
Expand All @@ -34,11 +40,11 @@
when: result is failed

- name: 配置 harbor.cfg 文件
template: src=harbor.cfg.j2 dest=/opt/harbor/harbor.cfg
template: src=harbor.cfg.j2 dest=/data/harbor/harbor.cfg
when: result is failed

- name: 安装 harbor
shell: "cd /opt/harbor && \
shell: "cd /data/harbor && \
export PATH={{ bin_dir }}:$PATH && \
./install.sh"
when: result is failed
101 changes: 88 additions & 13 deletions roles/harbor/templates/harbor.cfg.j2
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
## Configuration file of Harbor

#This attribute is for migrator to detect the version of the .cfg file, DO NOT MODIFY!
_version = 1.5.0
#The IP address or hostname to access admin UI and registry service.
#DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
hostname = {{ NODE_IP }}
Expand All @@ -8,11 +10,8 @@ hostname = {{ NODE_IP }}
#It can be set to https if ssl is enabled on nginx.
ui_url_protocol = https

#The password for the root user of mysql db, change this before any production use.
db_password = Harbor12345

#Maximum number of job workers in job service
max_job_workers = 3
max_job_workers = 50

#Determine whether or not to generate certificate for the registry's token.
#If the value is on, the prepare script creates new root cert and private key
Expand All @@ -30,9 +29,18 @@ secretkey_path = /data
#Admiral's url, comment this attribute, or set its value to NA when Harbor is standalone
admiral_url = NA

#The password of the Clair's postgres database, only effective when Harbor is deployed with Clair.
#Please update it before deployment, subsequent update will cause Clair's API server and Harbor unable to access Clair's database.
clair_db_password = password
#Log files are rotated log_rotate_count times before being removed. If count is 0, old versions are removed rather than rotated.
log_rotate_count = 50
#Log files are rotated only if they grow bigger than log_rotate_size bytes. If size is followed by k, the size is assumed to be in kilobytes.
#If the M is used, the size is in megabytes, and if G is used, the size is in gigabytes. So size 100, size 100k, size 100M and size 100G
#are all valid.
log_rotate_size = 200M

#Config http proxy for Clair, e.g. http://my.proxy.com:3128
#Clair doesn't need to connect to harbor ui container via http proxy.
http_proxy =
https_proxy =
no_proxy = 127.0.0.1,localhost,ui

#NOTES: The properties between BEGIN INITIAL PROPERTIES and END INITIAL PROPERTIES
#only take effect in the first boot, the subsequent changes of these properties
Expand All @@ -52,6 +60,7 @@ email_username = [email protected]
email_password = abc
email_from = admin <sample[email protected]>
email_ssl = false
email_insecure = false

##The initial password of Harbor admin, only works for the first time when Harbor starts.
#It has no effect after the first launch of Harbor.
Expand Down Expand Up @@ -81,12 +90,27 @@ ldap_basedn = ou=people,dc=mydomain,dc=com
# The attribute used in a search to match a user, it could be uid, cn, email, sAMAccountName or other attributes depending on your LDAP/AD
ldap_uid = uid

#the scope to search for users, 1-LDAP_SCOPE_BASE, 2-LDAP_SCOPE_ONELEVEL, 3-LDAP_SCOPE_SUBTREE
ldap_scope = 3
#the scope to search for users, 0-LDAP_SCOPE_BASE, 1-LDAP_SCOPE_ONELEVEL, 2-LDAP_SCOPE_SUBTREE
ldap_scope = 2

#Timeout (in seconds) when connecting to an LDAP Server. The default value (and most reasonable) is 5 seconds.
ldap_timeout = 5

#Verify certificate from LDAP server
ldap_verify_cert = true

#The base dn from which to lookup a group in LDAP/AD
ldap_group_basedn = ou=group,dc=mydomain,dc=com

#filter to search LDAP/AD group
ldap_group_filter = objectclass=group

#The attribute used to name a LDAP/AD group, it could be cn, name
ldap_group_gid = cn

#The scope to search for ldap groups. 0-LDAP_SCOPE_BASE, 1-LDAP_SCOPE_ONELEVEL, 2-LDAP_SCOPE_SUBTREE
ldap_group_scope = 2

#Turn on or off the self-registration feature
self_registration = on

Expand All @@ -98,9 +122,60 @@ token_expiration = 30
#Set to "adminonly" so that only admin user can create project.
project_creation_restriction = everyone

#Determine whether the job service should verify the ssl cert when it connects to a remote registry.
#Set this flag to off when the remote registry uses a self-signed or untrusted certificate.
verify_remote_cert = on
#************************END INITIAL PROPERTIES************************
#############

#######Harbor DB configuration section#######

#The address of the Harbor database. Only need to change when using external db.
db_host = mysql

#The password for the root user of Harbor DB. Change this before any production use.
db_password = root123

#The port of Harbor database host
db_port = 3306

#The user name of Harbor database
db_user = root

##### End of Harbor DB configuration#######

#The redis server address. Only needed in HA installation.
#address:port[,weight,password,db_index]
redis_url = redis:6379

##########Clair DB configuration############

#Clair DB host address. Only change it when using an exteral DB.
clair_db_host = postgres

#The password of the Clair's postgres database. Only effective when Harbor is deployed with Clair.
#Please update it before deployment. Subsequent update will cause Clair's API server and Harbor unable to access Clair's database.
clair_db_password = password

#Clair DB connect port
clair_db_port = 5432

#Clair DB username
clair_db_username = postgres

#Clair default database
clair_db = postgres

##########End of Clair DB configuration############

#The following attributes only need to be set when auth mode is uaa_auth
uaa_endpoint = uaa.mydomain.org
uaa_clientid = id
uaa_clientsecret = secret
uaa_verify_cert = true
uaa_ca_cert = /path/to/ca.pem


### Docker Registry setting ###
#registry_storage_provider can be: filesystem, s3, gcs, azure, etc.
registry_storage_provider_name = filesystem
#registry_storage_provider_config is a comma separated "key: value" pairs, e.g. "key1: value, key2: value2".
#Refer to https://docs.docker.com/registry/configuration/#storage for all available configuration.
registry_storage_provider_config =

0 comments on commit 24639cc

Please sign in to comment.