Ansible一键安装Harbor服务

环境说明

企业内网环境，使用docker-compose的方式安装Harbor服务，需要先安装docker、docker-compose两个服务，将以二进制的方式安装docker和docker-compose，以适配各种安装环境。

• docker版本：20.10.21，建议使用20.10以上的版本，低版本的会出现安装异常；
• Docker-compose版本：2.24.7
• Harbor版本：2.10.3

一、编写ansible role

1.1 初始化ansible role

使用ansible-galaxy init命令初始化一个安装harbor的ansible role。

$ ansible-galaxy init /etc/ansible/roles/harbor-install

1.2 设置环境变量

通过环境变量的方式自定义安装环境，使用时候修改对应环境变量的值即可。

$ cat roles/harbor-install/vars/main.yml
---
# vars file for harbor-install
DOCKER_VERSION: "20.10.21"  #docker服务版本
HARBOR_VERSION: 2.10.3     #harbor服务版本
INSTALL_PATH: /app         #安装目录
HTTP_PORT: 8888            #harbor服务端口(http)
HTTPS_PORT:                #harbor服务端口(https)
DATA_PATH: /app/data       #harbor数据目录，规划好大小

1.3 下载文件

因为考虑到企业内网环境，提前将对应版本的安装包下载好放到roles/harbor-install/files/目录下。

$ wget -c https://download.docker.com/linux/static/stable/x86_64/docker-20.10.21.tgz
$ wget -c https://github.com/docker/compose/releases/download/v2.24.7/docker-compose-linux-x86_64
$ wget -c https://github.com/goharbor/harbor/releases/download/v2.10.3/harbor-offline-installer-v2.10.3.tgz

1.4 创建服务启动文件

安装harbor时依赖docker和containerd两个服务，将服务启动文件写好放到role/harbor-install/files/目录下。

• 创建containerd服务启动文件

$ cat role/harbor-install/files/containerd.service
[Unit]
Description=containerd container runtime
Documentation=https://containerd.io
After=network.target local-fs.target

[Service]
ExecStartPre=-/sbin/modprobe overlay
ExecStart=/usr/bin/containerd

Type=notify
Delegate=yes
KillMode=process
Restart=always
RestartSec=5
LimitNPROC=infinity
LimitCORE=infinity
LimitNOFILE=1048576
TasksMax=infinity
OOMScoreAdjust=-999

[Install]
WantedBy=multi-user.target

• 创建docker启动文件

$ cat role/harbor-install/files/docker.service
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target docker.socket firewalld.service containerd.service time-set.target
Wants=network-online.target containerd.service
Requires=docker.socket

[Service]
Type=notify
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutStartSec=0
RestartSec=2
Restart=always
StartLimitBurst=3
StartLimitInterval=60s
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
TasksMax=infinity
Delegate=yes
KillMode=process
OOMScoreAdjust=-500

[Install]
WantedBy=multi-user.target

1.5 创建Harbor配置文件模块

使用jinjia2模板文件来更具环境变量来自动生成Harbor的配置文件。

$ cat /etc/ansible/roles/harbor-install/templates/harbor.yml.j2
# Configuration file of Harbor

# The IP address or hostname to access admin UI and registry service.
# DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
hostname: {
   {
    ansible_host }}

# http related config
http:
  # port for http, default is 80. If https enabled, this port will redirect to https port
  port: {
   {
    HTTP_PORT }}

# https related config
#https:
  # https port for harbor, default is 443
  #port: 443
  # The path of cert and key files for nginx
  #certificate: /your/certificate/path
  #private_key: /your/private/key/path
  # enable strong ssl ciphers (default: false)
  # strong_ssl_ciphers: false

# # Uncomment following will enable tls communication between all harbor components
# internal_tls:
#   # set enabled to true means internal tls is enabled
#   enabled: true
#   # put your cert and key files on dir
#   dir: /etc/harbor/tls/internal


# Uncomment external_url if you want to enable external proxy
# And when it enabled the hostname will no longer used
# external_url: https://reg.mydomain.com:8433
external_url: http://{
   {
    ansible_host }}:{
   {
    HTTP_PORT }}

# The initial password of Harbor admin
# It only works in first time to install harbor
# Remember Change the admin password from UI after launching Harbor.
harbor_admin_password: Harbor12345

...
#以下内容根据实际情况调整，本处保持默认的配置。

1.6 编写tasks文件

在main.yml入口引用相关的tasks部署任务文件。

$ cat roles/harbor-install/tasks/main.yml
---
- include_tasks: host-ini