nuo-recipes-fixme-rewordme
This commit is contained in:
parent
19efaa3d94
commit
d21d8a9aef
|
@ -6,6 +6,14 @@ This builder builds a QEMU image from the base build output. The goal here is to
|
||||||
with it's provisionning.
|
with it's provisionning.
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
|
source "source.vmware-vmx.alpine" {
|
||||||
|
output_directory = "${var.output_dir}/${var.version}/provisionned/vmware/docker"
|
||||||
|
vm_name = "${local.output_name}-${var.version}-docker.img"
|
||||||
|
source_path = "${var.output_dir}/${var.version}/base/${local.output_name}-${var.version}.img.vmx"
|
||||||
|
boot_command = [ "<enter><enter><wait>" ]
|
||||||
|
ssh_clear_authorized_keys = true
|
||||||
|
}
|
||||||
|
|
||||||
source "source.qemu.alpine" {
|
source "source.qemu.alpine" {
|
||||||
output_directory = "${var.output_dir}/${var.version}/provisionned/${local.Docker.Name}"
|
output_directory = "${var.output_dir}/${var.version}/provisionned/${local.Docker.Name}"
|
||||||
vm_name = "${local.output_name}-${var.version}-${local.Docker.Name}.img"
|
vm_name = "${local.output_name}-${var.version}-${local.Docker.Name}.img"
|
||||||
|
@ -17,6 +25,19 @@ EOF
|
||||||
ssh_clear_authorized_keys = true
|
ssh_clear_authorized_keys = true
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Copy ssh Cadoles keys
|
||||||
|
provisioner "file" {
|
||||||
|
destination = "/tmp"
|
||||||
|
source = "${local.locations.provisionning}/ssh/cadoles/"
|
||||||
|
}
|
||||||
|
|
||||||
|
provisioner "shell" {
|
||||||
|
inline = [
|
||||||
|
"sh -cx 'cat /tmp/*.pub >> /root/.ssh/authorized_keys'",
|
||||||
|
"sh -cx 'chmod -R 600 /root/.ssh/authorized_keys'"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
|
||||||
// Install templater and bootstraper
|
// Install templater and bootstraper
|
||||||
provisioner "shell" {
|
provisioner "shell" {
|
||||||
script = "${local.dirs.provisionning}/templater-install.sh"
|
script = "${local.dirs.provisionning}/templater-install.sh"
|
||||||
|
@ -64,8 +85,8 @@ EOF
|
||||||
post-processor "shell-local" {
|
post-processor "shell-local" {
|
||||||
inline = [
|
inline = [
|
||||||
"/bin/sh ${local.dirs.post-processors}/sparsify.sh ${var.output_dir}/${var.version}/provisionned/${local.Docker.Name} ${var.image_version}",
|
"/bin/sh ${local.dirs.post-processors}/sparsify.sh ${var.output_dir}/${var.version}/provisionned/${local.Docker.Name} ${var.image_version}",
|
||||||
"ruby ${local.dirs.tools}/one-templates -t image -m 640 -T ${local.dirs.templates}/one/image/common.tpl -n ${local.output_name}-${var.version}-${local.Docker.Name} -c '${local.Docker.Name} base image' --image-file ${var.output_dir}/${var.version}/provisionned/${local.Docker.Name}/${local.output_name}-${var.version}-${local.Docker.Name}.img",
|
//"ruby ${local.dirs.tools}/one-templates -t image -m 640 -T ${local.dirs.templates}/one/image/common.tpl -n ${local.output_name}-${var.version}-${local.Docker.Name} -c '${local.Docker.Name} base image' --image-file ${var.output_dir}/${var.version}/provisionned/${local.Docker.Name}/${local.output_name}-${var.version}-${local.Docker.Name}.img",
|
||||||
"ruby ${local.dirs.tools}/one-templates -t vm -m 640 -T ${local.dirs.templates}/one/vm/common.xml -n ${local.output_name}-${var.version}-${local.Docker.Name} --image-name ${local.output_name}-${var.version}-${local.Docker.Name}",
|
//"ruby ${local.dirs.tools}/one-templates -t vm -m 640 -T ${local.dirs.templates}/one/vm/common.xml -n ${local.output_name}-${var.version}-${local.Docker.Name} --image-name ${local.output_name}-${var.version}-${local.Docker.Name}",
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,17 +1,47 @@
|
||||||
locals {
|
locals {
|
||||||
// Definition of the Kubernetes service (templater compatible)
|
// Definition of the Kubernetes service (templater compatible)
|
||||||
ServiceDocker = {
|
ServiceDocker = {
|
||||||
ConfigFiles = []
|
ConfigFiles = [
|
||||||
Repositories = {}
|
{
|
||||||
|
destination = "/etc/subuid"
|
||||||
|
source = "subuid.pktpl.hcl"
|
||||||
|
mode = "600"
|
||||||
|
owner = "root"
|
||||||
|
group = "root"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
destination = "/etc/subgid"
|
||||||
|
source = "subgid.pktpl.hcl"
|
||||||
|
mode = "600"
|
||||||
|
owner = "root"
|
||||||
|
group = "root"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
Repositories = {
|
||||||
|
AlpineEdgeTesting = {
|
||||||
|
type = "apk"
|
||||||
|
name = "testing"
|
||||||
|
url = "http://mirrors.ircam.fr/pub/alpine/edge/testing"
|
||||||
|
enabled = true
|
||||||
|
}
|
||||||
|
}
|
||||||
Packages = {
|
Packages = {
|
||||||
docker = {
|
docker = {
|
||||||
name = "docker"
|
name = "docker"
|
||||||
action = "install"
|
action = "install"
|
||||||
}
|
}
|
||||||
|
docker-rootless-extras = {
|
||||||
|
name = "docker-rootless-extras"
|
||||||
|
action = "install"
|
||||||
|
}
|
||||||
docker-compose = {
|
docker-compose = {
|
||||||
name = "docker-compose"
|
name = "docker-compose"
|
||||||
action = "install"
|
action = "install"
|
||||||
}
|
}
|
||||||
|
gpg = {
|
||||||
|
name = "gpg"
|
||||||
|
action = "install"
|
||||||
|
}
|
||||||
}
|
}
|
||||||
Daemons = {
|
Daemons = {
|
||||||
docker = {
|
docker = {
|
||||||
|
@ -19,9 +49,28 @@ locals {
|
||||||
type = "auto"
|
type = "auto"
|
||||||
enabled = true
|
enabled = true
|
||||||
}
|
}
|
||||||
|
cgroups = {
|
||||||
|
name = "cgroups"
|
||||||
|
type = "auto"
|
||||||
|
enabled = true
|
||||||
|
}
|
||||||
|
local = {
|
||||||
|
name = "local"
|
||||||
|
type = "auto"
|
||||||
|
enabled = true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
Vars = {
|
||||||
|
RootlessDocker = "true"
|
||||||
|
}
|
||||||
|
Users = {
|
||||||
|
dock = {
|
||||||
|
username = "dock"
|
||||||
|
group = "dock"
|
||||||
|
home = "/srv/dock"
|
||||||
|
shell = "/bin/nologin"
|
||||||
|
}
|
||||||
}
|
}
|
||||||
Vars = {}
|
|
||||||
Users = {}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
Docker = {
|
Docker = {
|
||||||
|
|
|
@ -2,26 +2,24 @@ locals {
|
||||||
ServiceNuoHarbor = {
|
ServiceNuoHarbor = {
|
||||||
ConfigFiles = [
|
ConfigFiles = [
|
||||||
{
|
{
|
||||||
destination = "/etc/harbor/harbor.yaml"
|
destination = "/etc/harbor/harbor.yml"
|
||||||
source = "harbor/habor.yaml.pktpl.hcl"
|
source = "harbor.yml.pktpl.hcl"
|
||||||
mod = "600"
|
mode = "600"
|
||||||
},
|
owner = "root"
|
||||||
{
|
group = "root"
|
||||||
destination = "/etc/subuid"
|
|
||||||
source = "harbor/subuid.pktpl.hcl"
|
|
||||||
mod = "600"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
destination = "/etc/subgid"
|
|
||||||
source = "harbor/subgid.pktpl.hcl"
|
|
||||||
mod = "600"
|
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
Vars = {
|
Vars = {
|
||||||
AuthEnabled = false
|
AuthEnabled = false
|
||||||
User = "harbor"
|
User = "harbor"
|
||||||
Group = "harbor"
|
Group = "harbor"
|
||||||
|
HarborHTTPPort = "80"
|
||||||
|
HarborHTTPSPort = "443"
|
||||||
|
HarborSSLCert = "/etc/ssl/certs/harbor.crt"
|
||||||
|
HarborSSLPrivKey = "/etc/ssl/certs/harbor.key"
|
||||||
HarborDomain = "reg.k8s.in.nuonet.fr"
|
HarborDomain = "reg.k8s.in.nuonet.fr"
|
||||||
|
HarborAdminPassword = "ChangeMeAsSoonAsPossible"
|
||||||
|
HarborDBPassword = "WeNeedToBeAbleToManagePasswords"
|
||||||
NIC = [
|
NIC = [
|
||||||
{
|
{
|
||||||
Name = "eth0"
|
Name = "eth0"
|
||||||
|
@ -33,37 +31,35 @@ locals {
|
||||||
DNS = [ "192.168.160.10" ]
|
DNS = [ "192.168.160.10" ]
|
||||||
Set = { Hostname = "reg.k8s.in.nuonet.fr" }
|
Set = { Hostname = "reg.k8s.in.nuonet.fr" }
|
||||||
}
|
}
|
||||||
|
Repositories = {
|
||||||
|
AlpineEdgeTesting = {
|
||||||
|
type = "apk"
|
||||||
|
name = "testing"
|
||||||
|
url = "http://mirrors.ircam.fr/pub/alpine/edge/testing"
|
||||||
|
enabled = true
|
||||||
|
}
|
||||||
|
}
|
||||||
Packages = {
|
Packages = {
|
||||||
docker = {
|
vmtools = {
|
||||||
name = "docker"
|
name = "open-vm-tools"
|
||||||
|
action = "install"
|
||||||
|
},
|
||||||
|
mkcert = {
|
||||||
|
name = "mkcert"
|
||||||
|
action = "install"
|
||||||
|
},
|
||||||
|
gpg-agent = {
|
||||||
|
name = "gpg-agent"
|
||||||
action = "install"
|
action = "install"
|
||||||
}
|
}
|
||||||
docker-rootless-extras = {
|
ncurses = {
|
||||||
name = "docker-rootless-extras"
|
name = "ncurses"
|
||||||
action = "install"
|
|
||||||
}
|
|
||||||
docker-compose = {
|
|
||||||
name = "docker-compose"
|
|
||||||
action = "install"
|
|
||||||
}
|
|
||||||
gpg = {
|
|
||||||
name = "gpg"
|
|
||||||
action = "install"
|
action = "install"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
Daemons = {
|
Daemons = {
|
||||||
docker = {
|
harbor = {
|
||||||
name = "docker"
|
name = "harbor"
|
||||||
type = "auto"
|
|
||||||
enabled = true
|
|
||||||
}
|
|
||||||
cgroups = {
|
|
||||||
name = "cgroups"
|
|
||||||
type = "auto"
|
|
||||||
enabled = true
|
|
||||||
}
|
|
||||||
local = {
|
|
||||||
name = "local"
|
|
||||||
type = "auto"
|
type = "auto"
|
||||||
enabled = true
|
enabled = true
|
||||||
}
|
}
|
||||||
|
@ -81,6 +77,7 @@ locals {
|
||||||
Name = "nuo-harbor"
|
Name = "nuo-harbor"
|
||||||
Globals = local.Globals
|
Globals = local.Globals
|
||||||
Services = {
|
Services = {
|
||||||
|
Docker = local.ServiceDocker
|
||||||
Harbor = local.ServiceNuoHarbor
|
Harbor = local.ServiceNuoHarbor
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -8,10 +8,25 @@ EOF
|
||||||
|
|
||||||
source "source.vmware-vmx.alpine" {
|
source "source.vmware-vmx.alpine" {
|
||||||
output_directory = "${var.output_dir}/${var.version}/provisionned/vmware/nuo-harbor"
|
output_directory = "${var.output_dir}/${var.version}/provisionned/vmware/nuo-harbor"
|
||||||
vm_name = "${local.output_name}-${var.version}-nuo-matchbox.img"
|
vm_name = "${local.output_name}-${var.version}-nuo-harbor.img"
|
||||||
source_path = "${var.output_dir}/${var.version}/base/${local.output_name}-${var.version}.img.vmx"
|
source_path = "${var.output_dir}/${var.version}/base/${local.output_name}-${var.version}.img.vmx"
|
||||||
|
// BUG https://github.com/hashicorp/packer-plugin-vmware/issues/119
|
||||||
|
disk_additional_size = [ 81920 ]
|
||||||
|
//
|
||||||
boot_command = [ "<enter><enter><wait>" ]
|
boot_command = [ "<enter><enter><wait>" ]
|
||||||
ssh_clear_authorized_keys = true
|
ssh_clear_authorized_keys = true
|
||||||
|
vmx_data = {
|
||||||
|
"scsi1.pcislotnumber" = "16"
|
||||||
|
"scsi1.present" = "TRUE"
|
||||||
|
"scsi1.virtualdev" = "lsilogic"
|
||||||
|
"scsi1:0.filename" = "disk-1.vmdk"
|
||||||
|
"scsi1:0.present" = "TRUE"
|
||||||
|
"scsi1:0.redo" = ""
|
||||||
|
}
|
||||||
|
vmx_data_post = {
|
||||||
|
"memsize" = "4096",
|
||||||
|
"numvcpus" = "2",
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
source "source.qemu.alpine" {
|
source "source.qemu.alpine" {
|
||||||
|
@ -19,87 +34,103 @@ EOF
|
||||||
vm_name = "${local.output_name}-${var.version}-${local.Config.Name}.img"
|
vm_name = "${local.output_name}-${var.version}-${local.Config.Name}.img"
|
||||||
iso_url = "${var.output_dir}/${var.version}/base/${local.output_name}-${var.version}.img"
|
iso_url = "${var.output_dir}/${var.version}/base/${local.output_name}-${var.version}.img"
|
||||||
iso_checksum = "none"
|
iso_checksum = "none"
|
||||||
disk_size = 40960
|
disk_size = 81920
|
||||||
disk_image = true
|
disk_image = true
|
||||||
boot_command = [ "<enter><enter><wait>" ]
|
boot_command = [ "<enter><enter><wait>" ]
|
||||||
ssh_clear_authorized_keys = true
|
ssh_clear_authorized_keys = true
|
||||||
}
|
}
|
||||||
|
|
||||||
provisioner "file" {
|
|
||||||
destination = "/tmp/${build.name}.sh"
|
|
||||||
source = "${path.cwd}/provisionning/${var.name}/${build.name}.sh"
|
|
||||||
}
|
|
||||||
|
|
||||||
provisioner "file" {
|
|
||||||
destination = "/tmp/install-${build.name}.sh"
|
|
||||||
source = "${path.cwd}/provisionning/${build.name}/install.sh"
|
|
||||||
}
|
|
||||||
|
|
||||||
provisioner "file" {
|
|
||||||
destination = "/tmp/install-templater.sh"
|
|
||||||
source = "${path.cwd}/provisionning/templater/install.sh"
|
|
||||||
}
|
|
||||||
|
|
||||||
// Install OpenNebula context tool
|
|
||||||
provisioner "file" {
|
|
||||||
destination = "/tmp/one-context.sh"
|
|
||||||
source = "${path.cwd}/provisionning/${var.name}/one-context.sh"
|
|
||||||
}
|
|
||||||
|
|
||||||
// Deploy the opennebula context script to manage configuration
|
|
||||||
provisioner "file" {
|
|
||||||
destination = "/tmp/net-96-templater"
|
|
||||||
source = "${path.cwd}/provisionning/one-context/net-96-templater"
|
|
||||||
}
|
|
||||||
|
|
||||||
provisioner "shell" {
|
provisioner "shell" {
|
||||||
inline = [
|
script = "${local.dirs.provisionning}/tools/additionnal-disk"
|
||||||
"sh -cx 'sh /tmp/one-context.sh'",
|
environment_vars = [
|
||||||
"sh -cx 'sh /tmp/${build.name}.sh'",
|
"PV_DEVICE=/dev/sdb",
|
||||||
"sh -cx 'sh /tmp/install-templater.sh'",
|
"VG_NAME=data",
|
||||||
"sh -cx 'sh /tmp/install-${build.name}.sh'",
|
"LV_NAME=harbor-data",
|
||||||
"sh -cx 'cp /tmp/net-96-templater /etc/one-context.d/net-96-templater'",
|
"LV_MTP=/srv/harbor",
|
||||||
"sh -cx 'chmod +x /etc/one-context.d/net-96-templater'"
|
"LV_FS=ext4"
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
||||||
provisioner "file" {
|
// Install templater and bootstraper
|
||||||
name = "templater"
|
provisioner "shell" {
|
||||||
destination = "${local.Config.ConfigFiles[0].destination}"
|
script = "${local.dirs.provisionning}/templater-install.sh"
|
||||||
content = templatefile("${path.cwd}/templates/conf/${build.name}/${local.Config.ConfigFiles[0].source}", local.Config)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Copy static configurations to /etc
|
||||||
|
provisioner "file" {
|
||||||
|
destination = "/etc"
|
||||||
|
source = "${local.dirs.provisionning}/conf/${build.name}/"
|
||||||
|
}
|
||||||
|
|
||||||
// Create Builder directories on the image.
|
// Copy configuration values on the image
|
||||||
provisioner "shell" {
|
provisioner "shell" {
|
||||||
inline = [
|
inline = [
|
||||||
"sh -cx 'mkdir -p ${local.builder_config.TemplateDir}/${build.name}'",
|
"sh -cx 'mkdir -p ${local.builder_config.TemplateDir}'",
|
||||||
"sh -cx 'chown ${local.Config.User}:${local.Config.Group} ${local.builder_config.TemplateDir}/${build.name}'",
|
"sh -cx 'mkdir -p ${local.builder_config.ValueDir}'"
|
||||||
"sh -cx 'mkdir -p ${local.builder_config.ValueDir}/${build.name}'",
|
]
|
||||||
"sh -cx 'chown ${local.Config.User}:${local.Config.Group} ${local.builder_config.ValueDir}/${build.name}'",
|
|
||||||
"sh -cx 'mkdir -p ${local.Config.StorageRoot}'",
|
|
||||||
"sh -cx 'chown ${local.Config.User}:${local.Config.Group} ${local.Config.StorageRoot}'" ]
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// Copy configuration template on the image
|
// Copy configuration templates to the image
|
||||||
provisioner "file" {
|
provisioner "file" {
|
||||||
destination = "${local.builder_config.TemplateDir}/${build.name}/${local.Config.ConfigFiles[0].source}"
|
destination = "${local.builder_config.TemplateDir}/"
|
||||||
source = "${path.cwd}/templates/conf/${build.name}/${local.Config.ConfigFiles[0].source}"
|
source = "${local.dirs.templates}/conf/${build.name}/"
|
||||||
|
}
|
||||||
|
// Copy Docker configuration templates to the image
|
||||||
|
provisioner "file" {
|
||||||
|
destination = "${local.builder_config.TemplateDir}/"
|
||||||
|
source = "${local.dirs.templates}/conf/docker/"
|
||||||
}
|
}
|
||||||
|
|
||||||
// Copy configuration values on the image
|
// Copy configuration values on the image
|
||||||
provisioner "file" {
|
provisioner "file" {
|
||||||
destination = "${local.builder_config.ValueDir}/${build.name}/values.json"
|
destination = "${local.builder_config.ValueDir}/${build.name}.json"
|
||||||
content = "${jsonencode(local.Config)}"
|
content = "${jsonencode(local.NuoHarbor)}"
|
||||||
}
|
}
|
||||||
|
|
||||||
post-processor "shell-local" {
|
provisioner "file" {
|
||||||
name = "publish"
|
destination = "/etc/local.d/templater.start"
|
||||||
|
source = "${local.locations.provisionning}/conf/common/templater.start"
|
||||||
|
}
|
||||||
|
|
||||||
|
// Copy ssh Cadoles keys
|
||||||
|
provisioner "file" {
|
||||||
|
destination = "/tmp"
|
||||||
|
source = "${local.locations.provisionning}/ssh/cadoles/"
|
||||||
|
}
|
||||||
|
|
||||||
|
// Copy CNOUS SSH keys
|
||||||
|
provisioner "file" {
|
||||||
|
destination = "/tmp"
|
||||||
|
source = "${local.locations.provisionning}/ssh/cnous/"
|
||||||
|
}
|
||||||
|
|
||||||
|
provisioner "shell" {
|
||||||
inline = [
|
inline = [
|
||||||
"/bin/sh ${path.cwd}/post-processors/sparsify.sh ${var.output_dir}/${var.version}/provisionned/${build.name} ${var.image_version}",
|
"sh -cx 'cat /tmp/*.pub >> /root/.ssh/authorized_keys'",
|
||||||
"ruby ${path.cwd}/tools/one-templates -t image -T ${path.cwd}/templates/one/image/common.tpl -n ${local.output_name}-${var.version}-${build.name} -c '${build.name} base image' --image-file ${var.output_dir}/${var.version}/provisionned/${build.name}/${local.output_name}-${var.version}-${build.name}.img",
|
"sh -cx 'chmod -R 600 /root/.ssh/authorized_keys'"
|
||||||
"ruby ${path.cwd}/tools/one-templates -t vm -T ${path.cwd}/templates/one/vm/${build.name}.xml -n ${local.output_name}-${var.version}-${build.name} --image-name ${local.output_name}-${var.version}-${build.name}",
|
]
|
||||||
|
}
|
||||||
|
|
||||||
|
// Generate default configuration for the server
|
||||||
|
provisioner "shell" {
|
||||||
|
max_retries = 3
|
||||||
|
inline = [ "sh -cx '/usr/local/bin/btr -c ${local.builder_config.ValueDir}/ -t ${local.builder_config.TemplateDir}'" ]
|
||||||
|
}
|
||||||
|
|
||||||
|
provisioner "shell" {
|
||||||
|
environment_vars = [
|
||||||
|
"HARBOR_SSL_CERT=${local.NuoHarbor.Services.Harbor.Vars.HarborSSLCert}",
|
||||||
|
"HARBOR_SSL_KEY=${local.NuoHarbor.Services.Harbor.Vars.HarborSSLPrivKey}",
|
||||||
|
"HARBOR_DOMAIN=${local.NuoHarbor.Services.Harbor.Vars.HarborDomain}"
|
||||||
|
]
|
||||||
|
script = "${local.dirs.provisionning}/${build.name}.sh"
|
||||||
|
}
|
||||||
|
|
||||||
|
provisioner "shell" {
|
||||||
|
inline = [
|
||||||
|
"chmod +x /etc/local.d/templater.start"
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -77,7 +77,7 @@ EOF
|
||||||
|
|
||||||
provisioner "file" {
|
provisioner "file" {
|
||||||
destination = "/etc/local.d/templater.start"
|
destination = "/etc/local.d/templater.start"
|
||||||
source = "${local.locations.provisionning}/conf/${build.name}/templater.start"
|
source = "${local.locations.provisionning}/conf/common/templater.start"
|
||||||
}
|
}
|
||||||
|
|
||||||
// Copy tftp provisionning script
|
// Copy tftp provisionning script
|
||||||
|
|
|
@ -0,0 +1,64 @@
|
||||||
|
#!/sbin/openrc-run
|
||||||
|
|
||||||
|
: ${SUBCFGDIR:=/srv}
|
||||||
|
DOCKER_COMPOSE_UP_ARGS=${DOCKER_COMPOSE_UP_ARGS-"--no-build --no-recreate --no-deps"}
|
||||||
|
|
||||||
|
SUBSVC="${SVCNAME#*.}"
|
||||||
|
[ -z "${SUBSVC}" ] && exit 1
|
||||||
|
: ${SUBCFG:="${SUBCFGDIR}/${SUBSVC}/docker-compose.yml"}
|
||||||
|
DOCOCMD="/usr/bin/docker-compose"
|
||||||
|
export COMPOSE_HTTP_TIMEOUT=300
|
||||||
|
|
||||||
|
description="Manage docker services defined in ${SUBCFG}"
|
||||||
|
extra_commands="configtest build"
|
||||||
|
description_configtest="Check configuration via \"docker-compose -f ${SUBCFG} config\""
|
||||||
|
description_build="Run \"docker-compose -f ${SUBCFG} build\""
|
||||||
|
|
||||||
|
depend() {
|
||||||
|
need localmount net docker
|
||||||
|
use dns
|
||||||
|
after docker
|
||||||
|
}
|
||||||
|
|
||||||
|
configtest() {
|
||||||
|
if ! [ -f "${SUBCFG}" ]; then
|
||||||
|
eerror "The config file ${SUBCFG} does not exist!"
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
if "${DOCOCMD}" -f "${SUBCFG}" config >&/dev/null; then
|
||||||
|
einfo "config: ok"
|
||||||
|
else
|
||||||
|
eerror "config: error"
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
build() {
|
||||||
|
configtest || return 1
|
||||||
|
ebegin "Building dockerservice ${SUBSVC}"
|
||||||
|
"${DOCOCMD}" -f "${SUBCFG}" build
|
||||||
|
eend $?
|
||||||
|
}
|
||||||
|
|
||||||
|
start() {
|
||||||
|
configtest || return 1
|
||||||
|
ebegin "Starting dockerservice ${SUBSVC}"
|
||||||
|
sleep 5
|
||||||
|
"${DOCOCMD}" -f "${SUBCFG}" up -d ${DOCKER_COMPOSE_UP_ARGS}
|
||||||
|
eend $?
|
||||||
|
}
|
||||||
|
|
||||||
|
stop() {
|
||||||
|
ebegin "Stopping dockerservice ${SUBSVC}"
|
||||||
|
"${DOCOCMD}" -f "${SUBCFG}" stop --timeout=300
|
||||||
|
eend $?
|
||||||
|
}
|
||||||
|
|
||||||
|
status() {
|
||||||
|
if [ "$("${DOCOCMD}" -f "${SUBCFG}" top | wc -l)" -gt "0" ]; then
|
||||||
|
einfo "status: started"
|
||||||
|
else
|
||||||
|
einfo "status: stopped"
|
||||||
|
return 3
|
||||||
|
fi
|
||||||
|
}
|
|
@ -1 +0,0 @@
|
||||||
harbor:231072:65536
|
|
|
@ -1 +0,0 @@
|
||||||
harbor:231072:65536
|
|
|
@ -3,12 +3,16 @@
|
||||||
HARBOR_VERSION="2.8.2"
|
HARBOR_VERSION="2.8.2"
|
||||||
HARBOR_SOURCE_URL="https://github.com/goharbor/harbor/releases/download/v${HARBOR_VERSION}/"
|
HARBOR_SOURCE_URL="https://github.com/goharbor/harbor/releases/download/v${HARBOR_VERSION}/"
|
||||||
HARBOR_INSTALLER="harbor-offline-installer-v${HARBOR_VERSION}.tgz"
|
HARBOR_INSTALLER="harbor-offline-installer-v${HARBOR_VERSION}.tgz"
|
||||||
|
HARBOR_INSTALLER_ASC="${HARBOR_INSTALLER}.asc"
|
||||||
|
export TERM=xterm
|
||||||
|
|
||||||
|
|
||||||
gpg --keyserver hkps://keyserver.ubuntu.com --receive-keys 644FF454C0B4115C
|
gpg --keyserver hkps://keyserver.ubuntu.com --receive-keys 644FF454C0B4115C
|
||||||
|
|
||||||
cd /tmp
|
cd /srv
|
||||||
wget ${HARBOR_SOURCE_URL}${HARBOR_INSTALLER}
|
|
||||||
|
wget -q ${HARBOR_SOURCE_URL}${HARBOR_INSTALLER}
|
||||||
|
wget -q ${HARBOR_SOURCE_URL}${HARBOR_INSTALLER_ASC}
|
||||||
|
|
||||||
gpg -v --keyserver hkps://keyserver.ubuntu.com --verify ${HARBOR_INSTALLER}.asc
|
gpg -v --keyserver hkps://keyserver.ubuntu.com --verify ${HARBOR_INSTALLER}.asc
|
||||||
if [ $? -ne 0 ]; then
|
if [ $? -ne 0 ]; then
|
||||||
|
@ -18,3 +22,17 @@ fi
|
||||||
|
|
||||||
tar xzvf ${HARBOR_INSTALLER}
|
tar xzvf ${HARBOR_INSTALLER}
|
||||||
|
|
||||||
|
if [ ! -f ${HARBOR_SSL_CERT} ];then
|
||||||
|
mkcert -install
|
||||||
|
mkcert -cert-file ${HARBOR_SSL_CERT} -key-file ${HARBOR_SSL_KEY} ${HARBOR_DOMAIN}
|
||||||
|
fi
|
||||||
|
|
||||||
|
cd harbor
|
||||||
|
|
||||||
|
ln -s /etc/harbor/harbor.yml .
|
||||||
|
|
||||||
|
service docker start
|
||||||
|
sleep 5
|
||||||
|
|
||||||
|
./prepare
|
||||||
|
./install.sh --with-notary --with-trivy
|
|
@ -0,0 +1 @@
|
||||||
|
harbor.sh
|
|
@ -0,0 +1,27 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
#
|
||||||
|
# Quick and dirty script to add disk space
|
||||||
|
# It creates a new PV (with the additionnal disk),
|
||||||
|
# a new VG and a new LV with 100% disk space
|
||||||
|
# The names and devices are provided with env variables:
|
||||||
|
# - PV_DEVICE : The /dev/xxx device
|
||||||
|
# - VG_NAME: The new vg name
|
||||||
|
# - LV_NAME: Then new lv name
|
||||||
|
# - LV_MTP: The mount point for the FS created on the LV
|
||||||
|
# - LV_FS: The fstype of the new FS
|
||||||
|
#
|
||||||
|
if [ -e ${PV_DEVICE} ]; then
|
||||||
|
pvcreate ${PV_DEVICE}
|
||||||
|
vgcreate ${VG_NAME} ${PV_DEVICE}
|
||||||
|
lvcreate -Ay -l 100%FREE -n ${LV_NAME} ${VG_NAME}
|
||||||
|
mkfs.${LV_FS} /dev/${VG_NAME}/${LV_NAME}
|
||||||
|
if [ ! -d ${LV_MTP} ]; then
|
||||||
|
mkdir -p ${LV_MTP}
|
||||||
|
fi
|
||||||
|
mount /dev/${VG_NAME}/${LV_NAME} ${LV_MTP}
|
||||||
|
echo "/dev/${VG_NAME}/${LV_NAME} ${LV_MTP} ${LV_FS} rw,relatime 0 1" >> /etc/fstab
|
||||||
|
else
|
||||||
|
echo "${PV_DEVICE} is missing"
|
||||||
|
exit 3
|
||||||
|
fi
|
|
@ -0,0 +1,6 @@
|
||||||
|
|
||||||
|
# Configuration file of Harbor
|
||||||
|
|
||||||
|
# The IP address or hostname to access admin UI and registry service.
|
||||||
|
# DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
|
||||||
|
hostname: ${Vars.RootlessDocker}
|
|
@ -0,0 +1,3 @@
|
||||||
|
%{ if Vars.RootlessDocker }
|
||||||
|
docker:231072:65536
|
||||||
|
%{ endif }
|
|
@ -7,15 +7,15 @@ hostname: ${Vars.HarborDomain}
|
||||||
# http related config
|
# http related config
|
||||||
http:
|
http:
|
||||||
# port for http, default is 80. If https enabled, this port will redirect to https port
|
# port for http, default is 80. If https enabled, this port will redirect to https port
|
||||||
port: 80
|
port: ${Vars.HarborHTTPPort}
|
||||||
|
|
||||||
# https related config
|
# https related config
|
||||||
https:
|
https:
|
||||||
# https port for harbor, default is 443
|
# https port for harbor, default is 443
|
||||||
port: 443
|
port: ${Vars.HarborHTTPSPort}
|
||||||
# The path of cert and key files for nginx
|
# The path of cert and key files for nginx
|
||||||
certificate: /etc/ssl/certs/cadoles.com.cert
|
certificate: ${Vars.HarborSSLCert}
|
||||||
private_key: /etc/ssl/private/cadoles.com.key
|
private_key: ${Vars.HarborSSLPrivKey}
|
||||||
|
|
||||||
# # Uncomment following will enable tls communication between all harbor components
|
# # Uncomment following will enable tls communication between all harbor components
|
||||||
# internal_tls:
|
# internal_tls:
|
||||||
|
@ -31,12 +31,12 @@ https:
|
||||||
# The initial password of Harbor admin
|
# The initial password of Harbor admin
|
||||||
# It only works in first time to install harbor
|
# It only works in first time to install harbor
|
||||||
# Remember Change the admin password from UI after launching Harbor.
|
# Remember Change the admin password from UI after launching Harbor.
|
||||||
harbor_admin_password: FixMeAsSoonAsPossible
|
harbor_admin_password: ${Vars.HarborAdminPassword}
|
||||||
|
|
||||||
# Harbor DB configuration
|
# Harbor DB configuration
|
||||||
database:
|
database:
|
||||||
# The password for the root user of Harbor DB. Change this before any production use.
|
# The password for the root user of Harbor DB. Change this before any production use.
|
||||||
password: FixMeAsSoonAsPossible
|
password: ${Vars.HarborDBPassword}
|
||||||
# The maximum number of connections in the idle connection pool. If it <=0, no idle connections are retained.
|
# The maximum number of connections in the idle connection pool. If it <=0, no idle connections are retained.
|
||||||
max_idle_conns: 50
|
max_idle_conns: 50
|
||||||
# The maximum number of open connections to the database. If it <= 0, then there is no limit on the number of open connections.
|
# The maximum number of open connections to the database. If it <= 0, then there is no limit on the number of open connections.
|
||||||
|
@ -103,10 +103,12 @@ trivy:
|
||||||
jobservice:
|
jobservice:
|
||||||
# Maximum number of job workers in job service
|
# Maximum number of job workers in job service
|
||||||
max_job_workers: 10
|
max_job_workers: 10
|
||||||
|
logger_sweeper_duration: 300
|
||||||
|
|
||||||
notification:
|
notification:
|
||||||
# Maximum retry count for webhook job
|
# Maximum retry count for webhook job
|
||||||
webhook_job_max_retry: 10
|
webhook_job_max_retry: 10
|
||||||
|
webhook_job_http_client_timeout: 300
|
||||||
|
|
||||||
chart:
|
chart:
|
||||||
# Change the value of absolute_url to enabled can enable absolute url in chart
|
# Change the value of absolute_url to enabled can enable absolute url in chart
|
|
@ -0,0 +1 @@
|
||||||
|
harbor
|
Loading…
Reference in New Issue