kolesaev.harbor

Panoramica Versioni Approfondimenti

Ansible Role Harbor

Example Playbook

---
- name: Install Harbor
  hosts: all
  become: yes
  gather_facts: yes

  roles:

    # Install Docker and Docker Compose
    - role: geerlingguy.docker

    # Install Harbor
    - role: kolesaev.harbor
      vars:
        harbor_parent_dir: /data
        harbor_data_dir: /data/harbor_data
        harbor_enable_trivy: true
        harbor_external_url: "https://{{ ansible_hostname }}"
        harbor_admin_password: "{{ lookup('ansible.builtin.env', 'HARBOR_ADMIN_PWD') | default('Harbor12345') }}"
        harbor_http_port: 5680
        harbor_https_port: 5643
        harbor_iface_ip: 127.0.0.1

        harbor_projects_to_remove:
          - library

        harbor_users:
          - name: "user-one"

        harbor_registries:
          - url: "https://hub.docker.com"
            name: "docker-hub"
            type: "docker-hub"

        harbor_projects:
          - name: "new-project"
            auto_scan: yes
            public: no
            retention_policy:
              schedule: Hourly
              rules:
                - repositories_mask_type: "matching"
                  repositories_mask: "**"
                  tags_mask_type: "matching"
                  tags_mask: "dev-*"
                  rule_type: "pushed_by_days"
                  rule_value: 30

          - name: "docker-hub"
            public: yes
            proxy_registry: "docker-hub"

        harbor_members:
          - project: "new-project"
            name: "user-one"
            role_id: 2

Role Variables

You can use any true/false variables (yes/no/true/false).

Default values are set in defaults/main.yml.

---
# Should we disable unattended upgrades?
system_disable_unattended_upgrades: false

# Version to install
harbor_version: "2.10.0"

# Should we force-install Harbor if already installed?
harbor_force_install: false

# Choose installation type: "online" or "offline"
harbor_installation_type: online

# Set the IP address or domain name of the target host for Harbor
harbor_hostname: "{{ ansible_host }}"

# Initial password for Harbor admin
harbor_admin_password: "Harbor12345"

# Directory to create Harbor
harbor_parent_dir: /home

# Data storage location
harbor_data_dir: "{{ harbor_parent_dir }}/harbor/data"

# HTTP port
harbor_http_port: 80

# HTTPS port
harbor_https_port: 443

# Install with Trivy or not
harbor_enable_trivy: false

# Set harbor_external_url if you want an external proxy
harbor_external_url: ""

# Set an interface IP for open ports if external proxy is enabled
harbor_iface_ip: "" 

###########################################################
#####                                               #####
##### The interface IP can be set once using this role, #####
##### it won't update unless you delete the indicator file #####
##### or use the harbor_force_install variable        #####
#####                                               #####
###########################################################

#################
### API settings ###
#################

# Are only admins allowed to create projects?
harbor_project_creation_restriction: false

# List of registries to remove
harbor_registries_to_remove: []

# List of members to remove
harbor_members_to_remove: []

# List of projects to remove
harbor_projects_to_remove: []

# List of users to remove
harbor_users_to_remove: []

# List of projects to create
harbor_projects: []

# List of users to create
harbor_users: []

# List of project members to create
harbor_members: []

# List of mirror registries to create
harbor_registries: []

# Configure garbage collector settings
harbor_gc: {}

Reinstall

To reinstall Harbor, delete the installed-indicator file in the Harbor directory or set the harbor_force_install variable to true.

API actions will run every time this role is used, even if the indicator file exists.

Features

  • Install Harbor

  • Create/Update/Configure via API:

    • Projects
    • Registries
    • Users
    • Members
    • Retention Policies
    • Garbage Collector

  • API-related features:

    • Objects will be updated each time they are in the creation list.
    • An object won't be removed if it's also in the creation list. To recreate, first remove it from the list, then add again.

Requirements

Remote OS Packages

You need Docker and docker-compose-plugin. You can install them manually or use an Ansible playbook, like geerlingguy.docker.

Local Ansible Collections

Install the necessary collections:

  1. For general utilities:

    ansible-galaxy collection install community.general

  2. For cryptographic functions:

    ansible-galaxy collection install community.crypto

  3. For Docker interactions:

    ansible-galaxy collection install community.docker

Not Implemented

  • Installation of external databases, Redis, syslog servers, tracing, metrics endpoints, etc.
  • API features like CVE allow lists, job services, purges, replications, robots, user groups, webhooks, immutable tag rules, preheats, external authentication providers, etc.

Acknowledgments

Special thanks to the projects that helped with the implementation:

Informazioni sul progetto

Install and configure harbor on your system.

role harbor docker registry trivy containers
Installa
ansible-galaxy install kolesaev.harbor
GitHub repository
1 stelle
0 fork
0 problemi aperti
Licenza
mit
Download
124
Proprietario