Classes
Public Classes
harbor: This class installs and configures Harbor (https://goharbor.io).
Private Classes
harbor::backup: Backs up Harbor database to a known location if a version change is detectedharbor::config: Handles Harbor configuration files and running the migratorharbor::install: Download Harbor and install into/opt/harborand loads docker images if the offline installer is usedharbor::prepare: Runs the Harbor prepare scriptharbor::service: Sets up a systemd unit file and service for Harbor
Resource types
harbor_project: Manage projects within Harborharbor_registry: Manage Harbor registry endpointsharbor_replication_policy: Manage Harbor replication policiesharbor_system_label: Manage Harbor system labelsharbor_user_settings: Manage Harbor system configuration settings
Harbor Puppet module main class
- Note For full configuration parameter documentation, see the {https://github.com/goharbor/harbor/blob/master/docs/installation_guide.md Harbor Installation Guide}.
include harborThe following parameters are available in the harbor class.
Data type: Pattern[/\d+\.\d+\.\d+.*/]
Specifies the Harbor version to install. See available releases at {https://github.com/goharbor/harbor/releases Harbor Releases}
Data type: Pattern[/\d+\.\d+\.\d+.*/]
Specifies the Harbor release for the download URL.
Data type: Enum['offline','online']
Specifies which installer type to use. Note that not every release has both installer types available.
Data type: Boolean
Specifies whether to include Notary functionality in the deployment. Defaults to false
Data type: Boolean
Specifies whether to include Clair functionality in the deployment. Defaults to false
Data type: Boolean
Specifies whether to include Helm Chart repository functionality in the deployment. Defaults to false
Data type: Boolean
Specifies whether to include high availability functionality in the deployment. Defaults to false
Data type: Stdlib::Httpurl
Specifies download location for the Harbor installation tar file.
Default value: "https://storage.googleapis.com/harbor-releases/release-${release}/harbor-${installer}-installer-v${version}.tgz"
Data type: String
Specifies the MD5 checksum for downloaded Harbor installation tar file.
Data type: Stdlib::Host
The target host's hostname, which is used to access the Portal and the registry service. It should be the IP address or the fully qualified domain name (FQDN) of your target machine. Defaults to facts.fqdn
Data type: Enum['http','https']
http or https. Defaults to http
Data type: Integer
The maximum number of replication workers in job service Defaults to 10
Data type: Enum['enabled','disabled']
Change the value of absolute_url to enabled can enable absolute url in chart Defaults to disabled
Data type: Enum['on','off']
When this attribute is on, the prepare script creates private key and root certificate for the generation/verification of the registry's token. Defaults to on
Data type: Stdlib::Absolutepath
The path of SSL certificate,
Data type: Stdlib::Absolutepath
The path of SSL key
Data type: Stdlib::Absolutepath
The path of key for encrypt or decrypt the password of a remote registry in a replication policy.
Data type: Variant[Stdlib::Httpurl,String[0,0]]
Data type: Enum['debug','info','warning','error','fatal']
Defaults to 'info'
Data type: Integer
Defaults to 50
Data type: String
Defaults to 200M
Data type: String
Defaults to /var/log/harbor
Data type: Variant[Stdlib::Httpurl,String[0,0]]
Defaults to None
Data type: Variant[Stdlib::Httpurl,String[0,0]]
Defaults to None
Data type: String
Defaults to None
Data type: String
Defaults to '/data'
Data type: String
Defaults to Harbor12345
Data type: Stdlib::Host
Defaults to postgresql
Data type: String
Defaults to root123
Data type: Stdlib::Port
Defaults to 5432
Data type: String
Defaults to postgres
Data type: Integer
Defaults to 50
Data type: Integer
Defaults to 100
Data type: Boolean
Defaults to false
Data type: Stdlib::Host
Defaults to redis
Data type: Stdlib::Port
Defaults to 6379
Data type: String
Defaults to None
Data type: Integer
Data type: Integer
Data type: Integer
Data type: Integer
Data type: Stdlib::Host
Defaults to postgresql
Data type: String
Defaults to root123
Data type: Stdlib::Port
Defaults to 5432
Data type: String
Defaults to postgres
Data type: String
Defaults to postgres
Data type: Integer
Data type: String
Data type: Enum['filesystem','s3','gcs','azure','swift','oss']
Data type: String
Data type: Variant[Stdlib::Absolutepath,String[0,0]]
Data type: Variant[Boolean,String[0,0]]
Data type: String
Data type: Integer
Data type: Boolean
Specifies whether to create a backup tar file of the Harbor database if an upgrade is detected Defaults to false
Data type: Stdlib::Absolutepath
Specifies the directory in which to store Harbor backup files Defaults to '/tmp'
Manage projects within Harbor
harbor_project { 'my-project':
ensure => present,
public => 'true',
members => ['bob', 'alice'],
}The following properties are available in the harbor_project type.
Valid values: present, absent
The basic property that the resource should be in.
Default value: present
Valid values: true, false
Whether to mark the project for public access
Default value: false
An array of members for the project
The following parameters are available in the harbor_project type.
namevar
The name of the project
Manage Harbor registry endpoints
harbor_registry { 'my-registry':
ensure => present,
url => 'https://registry.example.org',
description => 'Upstream registry',
set_credential => 'true',
access_key => 'admin',
access_secret => $encrypted_password,
}The following properties are available in the harbor_registry type.
Valid values: present, absent
The basic property that the resource should be in.
Default value: present
Description of the registry
The registry URL string
Valid values: true, false
Whether or not the certificate will be verified when Harbor tries to access the server
Default value: false
The following parameters are available in the harbor_registry type.
namevar
The registry name
Valid values: true, false
Whether to set the credential for the registry
Default value: false
The access key or username for the registry if using set_credential
The secret or password for the registry if using set_credential
Manage Harbor replication policies
harbor_replication_policy { 'example-replication':
ensure => 'present',
deletion => false,
enabled => true,
override => false,
replication_mode => 'pull',
remote_registry => 'UPSTREAM'
filters => [{'type' => 'name', 'value' => 'exampleproject/**'}, {'type' => 'tag', 'value' => '*'}],
trigger => {type => "scheduled", trigger_settings => {cron => "0 0 15 * * *"}},
}The following properties are available in the harbor_replication_policy type.
Valid values: present, absent
The basic property that the resource should be in.
Default value: present
The description of the policy
Default value: ''
The destination namespace
Trigger type and trigger settings for policy
The replication policy filter array
Whether to replicate the deletion operation
Whether to override the resources on the destination registry
Whether the policy is enabled or not
The following parameters are available in the harbor_replication_policy type.
namevar
The policy name
Valid values: push, pull
The replication policy direction. Can be "push" or "pull"
The name of registry to push to/pull from
Manage Harbor system labels
harbor_system_label { 'foo':
ensure => 'present',
description => "Black text on white background label",
color => '#FFFFFF',
}The following properties are available in the harbor_system_label type.
Valid values: present, absent
The basic property that the resource should be in.
Default value: present
The description of label
Default value: ''
The color of label
Default value: #FFFFFF
The following parameters are available in the harbor_system_label type.
namevar
The name of label
Manage Harbor system configuration settings
harbor_user_settings { 'ldap_settings':
auth_mode => 'ldap_auth',
ldap_url => 'ldap://example.org',
ldap_base_dn => 'dc=example,dc=org',
ldap_search_dn => '<ldap_bind_user>',
}The following properties are available in the harbor_user_settings type.
Valid values: db_auth, ldap_auth, uaa_auth, oidc_auth
The auth mode of current system, such as "db_auth", "ldap_auth"
Default value: db_auth
The sender name for Email notification
Default value: admin [email protected]
The hostname of SMTP server that sends Email notification
Default value: smtp.mydomain.com
The port of SMTP server
Default value: 25
By default it is empty so the email_username is picked
The username for authentication against SMTP server
Default value: [email protected]
Valid values: true, false
When set to true the system will access Email server via TLS by default. If set to false, it still will handle "STARTTLS" from server side
Default value: false
Valid values: true, false
Whether or not the certificate will be verified when Harbor tries to access the email server
Default value: false
The URL of LDAP server
The Base DN for LDAP binding
The filter for LDAP binding
Valid values: 0, 1, 2
The scope to search ldap. "0-LDAP_SCOPE_BASE, 1-LDAP_SCOPE_ONELEVEL, 2-LDAP_SCOPE_SUBTREE"
Default value: 2
The attribute which is used as identity for the LDAP binding, such as "CN" or "SAMAccountname"
Default value: cn
The DN of the user to do the search
Timeout in seconds for connection to LDAP server
Default value: 5
Valid values: cn, gid
The attribute which is used as identity of the LDAP group, default is cn
The base DN to search LDAP group
The filter to search the ldap group
Valid values: 0, 1, 2
The scope to search ldap groups. "0-LDAP_SCOPE_BASE, 1-LDAP_SCOPE_ONELEVEL, 2-LDAP_SCOPE_SUBTREE"
Default value: 2
Specify the ldap group which have the same privilege with Harbor admin
Valid values: everyone, adminonly
This attribute restricts what users have the permission to create project. It can be "everyone" or "adminonly"
Default value: everyone
Valid values: true, false
"docker push" is prohibited by Harbor if set to true
Default value: false
Valid values: true, false
Whether the Harbor instance supports self-registration. If set to false, admin needs to add user to the instance
Default value: true
The expiration time of the token for internal Registry, in minutes
Default value: 30
The following parameters are available in the harbor_user_settings type.
namevar
Arbitrary name for the group of settings controlled in the resource