diff --git a/recipes/alpine/docker.pkr.hcl b/recipes/alpine/docker.pkr.hcl index b6890aa..e580c91 100644 --- a/recipes/alpine/docker.pkr.hcl +++ b/recipes/alpine/docker.pkr.hcl @@ -6,6 +6,14 @@ This builder builds a QEMU image from the base build output. The goal here is to with it's provisionning. EOF + source "source.vmware-vmx.alpine" { + output_directory = "${var.output_dir}/${var.version}/provisionned/vmware/docker" + vm_name = "${local.output_name}-${var.version}-docker.img" + source_path = "${var.output_dir}/${var.version}/base/${local.output_name}-${var.version}.img.vmx" + boot_command = [ "" ] + ssh_clear_authorized_keys = true + } + source "source.qemu.alpine" { output_directory = "${var.output_dir}/${var.version}/provisionned/${local.Docker.Name}" vm_name = "${local.output_name}-${var.version}-${local.Docker.Name}.img" @@ -17,6 +25,19 @@ EOF ssh_clear_authorized_keys = true } + // Copy ssh Cadoles keys + provisioner "file" { + destination = "/tmp" + source = "${local.locations.provisionning}/ssh/cadoles/" + } + + provisioner "shell" { + inline = [ + "sh -cx 'cat /tmp/*.pub >> /root/.ssh/authorized_keys'", + "sh -cx 'chmod -R 600 /root/.ssh/authorized_keys'" + ] + } + // Install templater and bootstraper provisioner "shell" { script = "${local.dirs.provisionning}/templater-install.sh" @@ -64,8 +85,8 @@ EOF post-processor "shell-local" { inline = [ "/bin/sh ${local.dirs.post-processors}/sparsify.sh ${var.output_dir}/${var.version}/provisionned/${local.Docker.Name} ${var.image_version}", - "ruby ${local.dirs.tools}/one-templates -t image -m 640 -T ${local.dirs.templates}/one/image/common.tpl -n ${local.output_name}-${var.version}-${local.Docker.Name} -c '${local.Docker.Name} base image' --image-file ${var.output_dir}/${var.version}/provisionned/${local.Docker.Name}/${local.output_name}-${var.version}-${local.Docker.Name}.img", - "ruby ${local.dirs.tools}/one-templates -t vm -m 640 -T ${local.dirs.templates}/one/vm/common.xml -n ${local.output_name}-${var.version}-${local.Docker.Name} --image-name ${local.output_name}-${var.version}-${local.Docker.Name}", + //"ruby ${local.dirs.tools}/one-templates -t image -m 640 -T ${local.dirs.templates}/one/image/common.tpl -n ${local.output_name}-${var.version}-${local.Docker.Name} -c '${local.Docker.Name} base image' --image-file ${var.output_dir}/${var.version}/provisionned/${local.Docker.Name}/${local.output_name}-${var.version}-${local.Docker.Name}.img", + //"ruby ${local.dirs.tools}/one-templates -t vm -m 640 -T ${local.dirs.templates}/one/vm/common.xml -n ${local.output_name}-${var.version}-${local.Docker.Name} --image-name ${local.output_name}-${var.version}-${local.Docker.Name}", ] } diff --git a/recipes/alpine/locals.docker.pkr.hcl b/recipes/alpine/locals.docker.pkr.hcl index 4dacc91..2d46ebb 100644 --- a/recipes/alpine/locals.docker.pkr.hcl +++ b/recipes/alpine/locals.docker.pkr.hcl @@ -1,27 +1,76 @@ locals { // Definition of the Kubernetes service (templater compatible) ServiceDocker = { - ConfigFiles = [] - Repositories = {} + ConfigFiles = [ + { + destination = "/etc/subuid" + source = "subuid.pktpl.hcl" + mode = "600" + owner = "root" + group = "root" + }, + { + destination = "/etc/subgid" + source = "subgid.pktpl.hcl" + mode = "600" + owner = "root" + group = "root" + } + ] + Repositories = { + AlpineEdgeTesting = { + type = "apk" + name = "testing" + url = "http://mirrors.ircam.fr/pub/alpine/edge/testing" + enabled = true + } + } Packages = { docker = { name = "docker" action = "install" } + docker-rootless-extras = { + name = "docker-rootless-extras" + action = "install" + } docker-compose = { name = "docker-compose" action = "install" } + gpg = { + name = "gpg" + action = "install" + } } Daemons = { - docker = { + docker = { name = "docker" type = "auto" enabled = true } + cgroups = { + name = "cgroups" + type = "auto" + enabled = true + } + local = { + name = "local" + type = "auto" + enabled = true + } + } + Vars = { + RootlessDocker = "true" + } + Users = { + dock = { + username = "dock" + group = "dock" + home = "/srv/dock" + shell = "/bin/nologin" + } } - Vars = {} - Users = {} } Docker = { diff --git a/recipes/alpine/locals.nuo-harbor.pkr.hcl b/recipes/alpine/locals.nuo-harbor.pkr.hcl index ec99fbc..3b852db 100644 --- a/recipes/alpine/locals.nuo-harbor.pkr.hcl +++ b/recipes/alpine/locals.nuo-harbor.pkr.hcl @@ -2,26 +2,24 @@ locals { ServiceNuoHarbor = { ConfigFiles = [ { - destination = "/etc/harbor/harbor.yaml" - source = "harbor/habor.yaml.pktpl.hcl" - mod = "600" - }, - { - destination = "/etc/subuid" - source = "harbor/subuid.pktpl.hcl" - mod = "600" - }, - { - destination = "/etc/subgid" - source = "harbor/subgid.pktpl.hcl" - mod = "600" + destination = "/etc/harbor/harbor.yml" + source = "harbor.yml.pktpl.hcl" + mode = "600" + owner = "root" + group = "root" } ] Vars = { AuthEnabled = false User = "harbor" Group = "harbor" + HarborHTTPPort = "80" + HarborHTTPSPort = "443" + HarborSSLCert = "/etc/ssl/certs/harbor.crt" + HarborSSLPrivKey = "/etc/ssl/certs/harbor.key" HarborDomain = "reg.k8s.in.nuonet.fr" + HarborAdminPassword = "ChangeMeAsSoonAsPossible" + HarborDBPassword = "WeNeedToBeAbleToManagePasswords" NIC = [ { Name = "eth0" @@ -33,37 +31,35 @@ locals { DNS = [ "192.168.160.10" ] Set = { Hostname = "reg.k8s.in.nuonet.fr" } } + Repositories = { + AlpineEdgeTesting = { + type = "apk" + name = "testing" + url = "http://mirrors.ircam.fr/pub/alpine/edge/testing" + enabled = true + } + } Packages = { - docker = { - name = "docker" + vmtools = { + name = "open-vm-tools" + action = "install" + }, + mkcert = { + name = "mkcert" + action = "install" + }, + gpg-agent = { + name = "gpg-agent" action = "install" } - docker-rootless-extras = { - name = "docker-rootless-extras" - action = "install" - } - docker-compose = { - name = "docker-compose" - action = "install" - } - gpg = { - name = "gpg" + ncurses = { + name = "ncurses" action = "install" } } Daemons = { - docker = { - name = "docker" - type = "auto" - enabled = true - } - cgroups = { - name = "cgroups" - type = "auto" - enabled = true - } - local = { - name = "local" + harbor = { + name = "harbor" type = "auto" enabled = true } @@ -81,6 +77,7 @@ locals { Name = "nuo-harbor" Globals = local.Globals Services = { + Docker = local.ServiceDocker Harbor = local.ServiceNuoHarbor } } diff --git a/recipes/alpine/nuo-harbor.pkr.hcl b/recipes/alpine/nuo-harbor.pkr.hcl index 80cc86a..8608da3 100644 --- a/recipes/alpine/nuo-harbor.pkr.hcl +++ b/recipes/alpine/nuo-harbor.pkr.hcl @@ -8,10 +8,25 @@ EOF source "source.vmware-vmx.alpine" { output_directory = "${var.output_dir}/${var.version}/provisionned/vmware/nuo-harbor" - vm_name = "${local.output_name}-${var.version}-nuo-matchbox.img" + vm_name = "${local.output_name}-${var.version}-nuo-harbor.img" source_path = "${var.output_dir}/${var.version}/base/${local.output_name}-${var.version}.img.vmx" + // BUG https://github.com/hashicorp/packer-plugin-vmware/issues/119 + disk_additional_size = [ 81920 ] + // boot_command = [ "" ] ssh_clear_authorized_keys = true + vmx_data = { + "scsi1.pcislotnumber" = "16" + "scsi1.present" = "TRUE" + "scsi1.virtualdev" = "lsilogic" + "scsi1:0.filename" = "disk-1.vmdk" + "scsi1:0.present" = "TRUE" + "scsi1:0.redo" = "" + } + vmx_data_post = { + "memsize" = "4096", + "numvcpus" = "2", + } } source "source.qemu.alpine" { @@ -19,87 +34,103 @@ EOF vm_name = "${local.output_name}-${var.version}-${local.Config.Name}.img" iso_url = "${var.output_dir}/${var.version}/base/${local.output_name}-${var.version}.img" iso_checksum = "none" - disk_size = 40960 + disk_size = 81920 disk_image = true boot_command = [ "" ] ssh_clear_authorized_keys = true } - provisioner "file" { - destination = "/tmp/${build.name}.sh" - source = "${path.cwd}/provisionning/${var.name}/${build.name}.sh" - } - - provisioner "file" { - destination = "/tmp/install-${build.name}.sh" - source = "${path.cwd}/provisionning/${build.name}/install.sh" - } - - provisioner "file" { - destination = "/tmp/install-templater.sh" - source = "${path.cwd}/provisionning/templater/install.sh" - } - - // Install OpenNebula context tool - provisioner "file" { - destination = "/tmp/one-context.sh" - source = "${path.cwd}/provisionning/${var.name}/one-context.sh" - } - - // Deploy the opennebula context script to manage configuration - provisioner "file" { - destination = "/tmp/net-96-templater" - source = "${path.cwd}/provisionning/one-context/net-96-templater" - } - provisioner "shell" { - inline = [ - "sh -cx 'sh /tmp/one-context.sh'", - "sh -cx 'sh /tmp/${build.name}.sh'", - "sh -cx 'sh /tmp/install-templater.sh'", - "sh -cx 'sh /tmp/install-${build.name}.sh'", - "sh -cx 'cp /tmp/net-96-templater /etc/one-context.d/net-96-templater'", - "sh -cx 'chmod +x /etc/one-context.d/net-96-templater'" + script = "${local.dirs.provisionning}/tools/additionnal-disk" + environment_vars = [ + "PV_DEVICE=/dev/sdb", + "VG_NAME=data", + "LV_NAME=harbor-data", + "LV_MTP=/srv/harbor", + "LV_FS=ext4" ] } - provisioner "file" { - name = "templater" - destination = "${local.Config.ConfigFiles[0].destination}" - content = templatefile("${path.cwd}/templates/conf/${build.name}/${local.Config.ConfigFiles[0].source}", local.Config) + // Install templater and bootstraper + provisioner "shell" { + script = "${local.dirs.provisionning}/templater-install.sh" } + // Copy static configurations to /etc + provisioner "file" { + destination = "/etc" + source = "${local.dirs.provisionning}/conf/${build.name}/" + } - // Create Builder directories on the image. + // Copy configuration values on the image provisioner "shell" { inline = [ - "sh -cx 'mkdir -p ${local.builder_config.TemplateDir}/${build.name}'", - "sh -cx 'chown ${local.Config.User}:${local.Config.Group} ${local.builder_config.TemplateDir}/${build.name}'", - "sh -cx 'mkdir -p ${local.builder_config.ValueDir}/${build.name}'", - "sh -cx 'chown ${local.Config.User}:${local.Config.Group} ${local.builder_config.ValueDir}/${build.name}'", - "sh -cx 'mkdir -p ${local.Config.StorageRoot}'", - "sh -cx 'chown ${local.Config.User}:${local.Config.Group} ${local.Config.StorageRoot}'" ] + "sh -cx 'mkdir -p ${local.builder_config.TemplateDir}'", + "sh -cx 'mkdir -p ${local.builder_config.ValueDir}'" + ] } - // Copy configuration template on the image + // Copy configuration templates to the image provisioner "file" { - destination = "${local.builder_config.TemplateDir}/${build.name}/${local.Config.ConfigFiles[0].source}" - source = "${path.cwd}/templates/conf/${build.name}/${local.Config.ConfigFiles[0].source}" + destination = "${local.builder_config.TemplateDir}/" + source = "${local.dirs.templates}/conf/${build.name}/" + } + // Copy Docker configuration templates to the image + provisioner "file" { + destination = "${local.builder_config.TemplateDir}/" + source = "${local.dirs.templates}/conf/docker/" } // Copy configuration values on the image provisioner "file" { - destination = "${local.builder_config.ValueDir}/${build.name}/values.json" - content = "${jsonencode(local.Config)}" + destination = "${local.builder_config.ValueDir}/${build.name}.json" + content = "${jsonencode(local.NuoHarbor)}" } - post-processor "shell-local" { - name = "publish" + provisioner "file" { + destination = "/etc/local.d/templater.start" + source = "${local.locations.provisionning}/conf/common/templater.start" + } + + // Copy ssh Cadoles keys + provisioner "file" { + destination = "/tmp" + source = "${local.locations.provisionning}/ssh/cadoles/" + } + + // Copy CNOUS SSH keys + provisioner "file" { + destination = "/tmp" + source = "${local.locations.provisionning}/ssh/cnous/" + } + + provisioner "shell" { inline = [ - "/bin/sh ${path.cwd}/post-processors/sparsify.sh ${var.output_dir}/${var.version}/provisionned/${build.name} ${var.image_version}", - "ruby ${path.cwd}/tools/one-templates -t image -T ${path.cwd}/templates/one/image/common.tpl -n ${local.output_name}-${var.version}-${build.name} -c '${build.name} base image' --image-file ${var.output_dir}/${var.version}/provisionned/${build.name}/${local.output_name}-${var.version}-${build.name}.img", - "ruby ${path.cwd}/tools/one-templates -t vm -T ${path.cwd}/templates/one/vm/${build.name}.xml -n ${local.output_name}-${var.version}-${build.name} --image-name ${local.output_name}-${var.version}-${build.name}", + "sh -cx 'cat /tmp/*.pub >> /root/.ssh/authorized_keys'", + "sh -cx 'chmod -R 600 /root/.ssh/authorized_keys'" ] } -} \ No newline at end of file + // Generate default configuration for the server + provisioner "shell" { + max_retries = 3 + inline = [ "sh -cx '/usr/local/bin/btr -c ${local.builder_config.ValueDir}/ -t ${local.builder_config.TemplateDir}'" ] + } + + provisioner "shell" { + environment_vars = [ + "HARBOR_SSL_CERT=${local.NuoHarbor.Services.Harbor.Vars.HarborSSLCert}", + "HARBOR_SSL_KEY=${local.NuoHarbor.Services.Harbor.Vars.HarborSSLPrivKey}", + "HARBOR_DOMAIN=${local.NuoHarbor.Services.Harbor.Vars.HarborDomain}" + ] + script = "${local.dirs.provisionning}/${build.name}.sh" + } + + provisioner "shell" { + inline = [ + "chmod +x /etc/local.d/templater.start" + ] + } + +} + diff --git a/recipes/alpine/nuo-matchbox.pkr.hcl b/recipes/alpine/nuo-matchbox.pkr.hcl index 6b52e02..bc65ac8 100644 --- a/recipes/alpine/nuo-matchbox.pkr.hcl +++ b/recipes/alpine/nuo-matchbox.pkr.hcl @@ -77,7 +77,7 @@ EOF provisioner "file" { destination = "/etc/local.d/templater.start" - source = "${local.locations.provisionning}/conf/${build.name}/templater.start" + source = "${local.locations.provisionning}/conf/common/templater.start" } // Copy tftp provisionning script diff --git a/recipes/alpine/provisionning/conf/matchbox/templater.start b/recipes/alpine/provisionning/conf/common/templater.start similarity index 100% rename from recipes/alpine/provisionning/conf/matchbox/templater.start rename to recipes/alpine/provisionning/conf/common/templater.start diff --git a/recipes/alpine/provisionning/conf/harbor/init.d/harbor b/recipes/alpine/provisionning/conf/harbor/init.d/harbor new file mode 100755 index 0000000..86a2255 --- /dev/null +++ b/recipes/alpine/provisionning/conf/harbor/init.d/harbor @@ -0,0 +1,64 @@ +#!/sbin/openrc-run + +: ${SUBCFGDIR:=/srv} +DOCKER_COMPOSE_UP_ARGS=${DOCKER_COMPOSE_UP_ARGS-"--no-build --no-recreate --no-deps"} + +SUBSVC="${SVCNAME#*.}" +[ -z "${SUBSVC}" ] && exit 1 +: ${SUBCFG:="${SUBCFGDIR}/${SUBSVC}/docker-compose.yml"} +DOCOCMD="/usr/bin/docker-compose" +export COMPOSE_HTTP_TIMEOUT=300 + +description="Manage docker services defined in ${SUBCFG}" +extra_commands="configtest build" +description_configtest="Check configuration via \"docker-compose -f ${SUBCFG} config\"" +description_build="Run \"docker-compose -f ${SUBCFG} build\"" + +depend() { + need localmount net docker + use dns + after docker +} + +configtest() { + if ! [ -f "${SUBCFG}" ]; then + eerror "The config file ${SUBCFG} does not exist!" + return 1 + fi + if "${DOCOCMD}" -f "${SUBCFG}" config >&/dev/null; then + einfo "config: ok" + else + eerror "config: error" + return 1 + fi +} + +build() { + configtest || return 1 + ebegin "Building dockerservice ${SUBSVC}" + "${DOCOCMD}" -f "${SUBCFG}" build + eend $? +} + +start() { + configtest || return 1 + ebegin "Starting dockerservice ${SUBSVC}" + sleep 5 + "${DOCOCMD}" -f "${SUBCFG}" up -d ${DOCKER_COMPOSE_UP_ARGS} + eend $? +} + +stop() { + ebegin "Stopping dockerservice ${SUBSVC}" + "${DOCOCMD}" -f "${SUBCFG}" stop --timeout=300 + eend $? +} + +status() { + if [ "$("${DOCOCMD}" -f "${SUBCFG}" top | wc -l)" -gt "0" ]; then + einfo "status: started" + else + einfo "status: stopped" + return 3 + fi +} diff --git a/recipes/alpine/provisionning/conf/harbor/subgid.pktpl.hcl b/recipes/alpine/provisionning/conf/harbor/subgid.pktpl.hcl deleted file mode 100644 index 4b0808d..0000000 --- a/recipes/alpine/provisionning/conf/harbor/subgid.pktpl.hcl +++ /dev/null @@ -1 +0,0 @@ -harbor:231072:65536 \ No newline at end of file diff --git a/recipes/alpine/provisionning/conf/harbor/subuid.pktpl.hcl b/recipes/alpine/provisionning/conf/harbor/subuid.pktpl.hcl deleted file mode 100644 index 4b0808d..0000000 --- a/recipes/alpine/provisionning/conf/harbor/subuid.pktpl.hcl +++ /dev/null @@ -1 +0,0 @@ -harbor:231072:65536 \ No newline at end of file diff --git a/recipes/alpine/provisionning/nuo-harbor b/recipes/alpine/provisionning/conf/nuo-harbor similarity index 100% rename from recipes/alpine/provisionning/nuo-harbor rename to recipes/alpine/provisionning/conf/nuo-harbor diff --git a/recipes/alpine/provisionning/harbor.sh b/recipes/alpine/provisionning/harbor.sh index f5e8a06..35068b3 100644 --- a/recipes/alpine/provisionning/harbor.sh +++ b/recipes/alpine/provisionning/harbor.sh @@ -3,12 +3,16 @@ HARBOR_VERSION="2.8.2" HARBOR_SOURCE_URL="https://github.com/goharbor/harbor/releases/download/v${HARBOR_VERSION}/" HARBOR_INSTALLER="harbor-offline-installer-v${HARBOR_VERSION}.tgz" +HARBOR_INSTALLER_ASC="${HARBOR_INSTALLER}.asc" +export TERM=xterm gpg --keyserver hkps://keyserver.ubuntu.com --receive-keys 644FF454C0B4115C -cd /tmp -wget ${HARBOR_SOURCE_URL}${HARBOR_INSTALLER} +cd /srv + +wget -q ${HARBOR_SOURCE_URL}${HARBOR_INSTALLER} +wget -q ${HARBOR_SOURCE_URL}${HARBOR_INSTALLER_ASC} gpg -v --keyserver hkps://keyserver.ubuntu.com --verify ${HARBOR_INSTALLER}.asc if [ $? -ne 0 ]; then @@ -18,3 +22,17 @@ fi tar xzvf ${HARBOR_INSTALLER} +if [ ! -f ${HARBOR_SSL_CERT} ];then + mkcert -install + mkcert -cert-file ${HARBOR_SSL_CERT} -key-file ${HARBOR_SSL_KEY} ${HARBOR_DOMAIN} +fi + +cd harbor + +ln -s /etc/harbor/harbor.yml . + +service docker start +sleep 5 + +./prepare +./install.sh --with-notary --with-trivy \ No newline at end of file diff --git a/recipes/alpine/provisionning/nuo-harbor.sh b/recipes/alpine/provisionning/nuo-harbor.sh new file mode 120000 index 0000000..9fd9a39 --- /dev/null +++ b/recipes/alpine/provisionning/nuo-harbor.sh @@ -0,0 +1 @@ +harbor.sh \ No newline at end of file diff --git a/recipes/alpine/provisionning/tools/additionnal-disk b/recipes/alpine/provisionning/tools/additionnal-disk new file mode 100644 index 0000000..7dd4786 --- /dev/null +++ b/recipes/alpine/provisionning/tools/additionnal-disk @@ -0,0 +1,27 @@ +#!/bin/sh + +# +# Quick and dirty script to add disk space +# It creates a new PV (with the additionnal disk), +# a new VG and a new LV with 100% disk space +# The names and devices are provided with env variables: +# - PV_DEVICE : The /dev/xxx device +# - VG_NAME: The new vg name +# - LV_NAME: Then new lv name +# - LV_MTP: The mount point for the FS created on the LV +# - LV_FS: The fstype of the new FS +# +if [ -e ${PV_DEVICE} ]; then + pvcreate ${PV_DEVICE} + vgcreate ${VG_NAME} ${PV_DEVICE} + lvcreate -Ay -l 100%FREE -n ${LV_NAME} ${VG_NAME} + mkfs.${LV_FS} /dev/${VG_NAME}/${LV_NAME} + if [ ! -d ${LV_MTP} ]; then + mkdir -p ${LV_MTP} + fi + mount /dev/${VG_NAME}/${LV_NAME} ${LV_MTP} + echo "/dev/${VG_NAME}/${LV_NAME} ${LV_MTP} ${LV_FS} rw,relatime 0 1" >> /etc/fstab +else + echo "${PV_DEVICE} is missing" + exit 3 +fi \ No newline at end of file diff --git a/recipes/alpine/templates/conf/docker/subgid.pktpl.hcl b/recipes/alpine/templates/conf/docker/subgid.pktpl.hcl new file mode 100644 index 0000000..6187cff --- /dev/null +++ b/recipes/alpine/templates/conf/docker/subgid.pktpl.hcl @@ -0,0 +1,6 @@ + +# Configuration file of Harbor + +# The IP address or hostname to access admin UI and registry service. +# DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients. +hostname: ${Vars.RootlessDocker} diff --git a/recipes/alpine/templates/conf/docker/subuid.pktpl.hcl b/recipes/alpine/templates/conf/docker/subuid.pktpl.hcl new file mode 100644 index 0000000..c512a70 --- /dev/null +++ b/recipes/alpine/templates/conf/docker/subuid.pktpl.hcl @@ -0,0 +1,3 @@ +%{ if Vars.RootlessDocker } +docker:231072:65536 +%{ endif } \ No newline at end of file diff --git a/recipes/alpine/templates/conf/harbor/harbor.yml.pkr.hcl b/recipes/alpine/templates/conf/harbor/harbor.yml.pktpl.hcl similarity index 97% rename from recipes/alpine/templates/conf/harbor/harbor.yml.pkr.hcl rename to recipes/alpine/templates/conf/harbor/harbor.yml.pktpl.hcl index 7e2cab9..24a94cf 100644 --- a/recipes/alpine/templates/conf/harbor/harbor.yml.pkr.hcl +++ b/recipes/alpine/templates/conf/harbor/harbor.yml.pktpl.hcl @@ -7,15 +7,15 @@ hostname: ${Vars.HarborDomain} # http related config http: # port for http, default is 80. If https enabled, this port will redirect to https port - port: 80 + port: ${Vars.HarborHTTPPort} # https related config https: # https port for harbor, default is 443 - port: 443 + port: ${Vars.HarborHTTPSPort} # The path of cert and key files for nginx - certificate: /etc/ssl/certs/cadoles.com.cert - private_key: /etc/ssl/private/cadoles.com.key + certificate: ${Vars.HarborSSLCert} + private_key: ${Vars.HarborSSLPrivKey} # # Uncomment following will enable tls communication between all harbor components # internal_tls: @@ -31,12 +31,12 @@ https: # The initial password of Harbor admin # It only works in first time to install harbor # Remember Change the admin password from UI after launching Harbor. -harbor_admin_password: FixMeAsSoonAsPossible +harbor_admin_password: ${Vars.HarborAdminPassword} # Harbor DB configuration database: # The password for the root user of Harbor DB. Change this before any production use. - password: FixMeAsSoonAsPossible + password: ${Vars.HarborDBPassword} # The maximum number of connections in the idle connection pool. If it <=0, no idle connections are retained. max_idle_conns: 50 # The maximum number of open connections to the database. If it <= 0, then there is no limit on the number of open connections. @@ -103,10 +103,12 @@ trivy: jobservice: # Maximum number of job workers in job service max_job_workers: 10 + logger_sweeper_duration: 300 notification: # Maximum retry count for webhook job webhook_job_max_retry: 10 + webhook_job_http_client_timeout: 300 chart: # Change the value of absolute_url to enabled can enable absolute url in chart diff --git a/recipes/alpine/templates/conf/nuo-harbor b/recipes/alpine/templates/conf/nuo-harbor new file mode 120000 index 0000000..8b35999 --- /dev/null +++ b/recipes/alpine/templates/conf/nuo-harbor @@ -0,0 +1 @@ +harbor \ No newline at end of file