nicholasamorim / ansible-role-harbor Goto Github PK
View Code? Open in Web Editor NEWAn Ansible Role that installs Harbor.
License: MIT License
An Ansible Role that installs Harbor.
License: MIT License
When you first run the role you get:
TASK [ Uncompressing Harbor installer...] ************************************************
skipping: [test_server]
That is probably because unarchive sees that {{ harbor_install_dir }}/harbor already exists. It is created by
- name: "Creating Harbor directory... ({{ harbor_install_dir }}/harbor)"
file: ...
I updated to the latest version.
Getting to the end of the corridor!
Creating users fail with the message below. Would you have any idea why?
failed: [test_server] (item={u'username': u'julien', u'has_admin_role': True, u'role_name':
u'developer', u'realname': u'Julien', u'password': u'PASSWORD', u'email': u'[email protected]',
u'role_id': 2}) => {"changed": false, "connection": "close", "content": "<html>\r\n<head>
<title>502 Bad Gateway</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>502
Bad Gateway</h1></center>\r\n<hr><center>nginx</center>\r\n</body>\r\n</html>\r\n",
"content_length": "166", "content_type": "text/html", "date": "Wed, 20 Mar 2019 07:35:00 GMT",
"item": {"email": "[email protected]", "has_admin_role": true, "password": "PASSWORD",
"realname": "Julien", "role_id": 2, "role_name": "developer", "username": "julien"}, "msg": "Status
code was 502 and not [201, 409]: HTTP Error 502: Bad Gateway", "redirected": false, "server":
"nginx", "status": 502, "url": "https://repo.mydomain.domain.com:8443/api/users"}
In addition:
Here is my playbook:
- name: Deploying a docker repository at "{{ DOCKER_REPO_DOMAIM }}:{{ DOCKER_REPO_HTTPS_PORT }}"
hosts: docker-servers
remote_user: "{{ SSH_USER }}"
become: true
roles:
- deploy_harbor_via_compose
vars:
ansible_become_pass: "{{ INITIAL_PASSWORD }}"
harbor_self_registration: "off"
harbor_hostname: "{{ DOCKER_REPO_DOMAIM }}"
harbor_admin_password: "{{ DOCKER_REPO_ADMIN_PASSWORD }}"
harbor_extras:
- clair
- notary
harbor_install_dir: "{{ WORKING_DIRECTORY }}/repository/install"
harbor_datadir: "{{ WORKING_DIRECTORY }}/repository/data"
harbor_ui_url_protocol: "https"
harbor_exposed_http_port: "{{ DOCKER_REPO_HTTP_PORT }}"
harbor_exposed_https_port: "{{ DOCKER_REPO_HTTPS_PORT }}"
harbor_ssl_cert: "{{ WORKING_DIRECTORY }}/certs/{{ DOMAIN_NAME }}-fullcert.pem"
harbor_ssl_cert_key: "{{ WORKING_DIRECTORY }}/certs/{{ DOMAIN_NAME }}-privkey.pem"
harbor_users: "{{ DOCKER_REPO_USERS }}"
Because of many changes on v1.8.0, this role doesnt support 1.8.0 :(
fatal: [192.168.30.249]: FAILED! => {
"msg": "The task includes an option with an undefined variable. The error was: 'harbor_ssl_cert' is undefined\n\nThe error appears to be in '/root/ansible-command-test/harbor/ansible-role-harbor/tasks/main.yml': line 59, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n- name: Creating SSL certs folder\n ^ here\n"
}
It seems some things are missing if you don't enable the "behind proxy" flag but on my way to figure out what it is I am reporting more issues.
On my last run I got fatal: [test_server]: FAILED! => {"changed": false, "msg": "Failed to import docker or docker-py - No module named 'docker'. Try
pip install dockeror
pip install docker-py (Python 2.6)"}
I think the role should include this to solve this error:
- name: Install base packages needed for docker install
apt:
name: "{{ packages }}"
update_cache: yes
state: latest
vars:
packages:
- python3-pip
become: true
- name: Install latest docker python bindings
pip:
name: "{{ packages }}"
executable: pip3
state: latest
vars:
packages:
- docker
- jsondiff ##check if needed, I know it is for swarm but don't know about compose
- pyyaml ##check if needed, I know it is for swarm but don't know about compose
- docker-compose
become: true
Hello,
Thank you for sharing this nice project!
When I run it I get:
The conditional check 'not harbor_folder_st.stat.isdir' failed. The error was: error while evaluating conditional (not harbor_folder_st.stat.isdir): 'dict object' has no attribute 'isdir'
I do not have the directory created initially.
So I did a debug and there is the big picture:
TASK [deploy_harbor_via_compose : debug] *******************************************************************************
ok: [test_server] => {
"msg": {
"changed": false,
"failed": false,
"stat": {
"exists": false
}
}
}
TASK [deploy_harbor_via_compose : Downloading Harbor 1.7.4 (offline installer)] ****************************************
fatal: [test_server]: FAILED! => {"msg": "The conditional check 'not harbor_folder_st.stat.isdir' failed. The error was: error while evaluating conditional (not harbor_folder_st.stat.isdir): 'dict object' has no attribute 'isdir'\n\nThe error appears to have been in '/DIR/roles/deploy_harbor_via_compose/tasks/main.yml': line 8, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n msg: \"{{ harbor_folder_st }}\"\n- name: \"Downloading Harbor {{ harbor_version }} (offline installer)\"\n ^ here\nWe could be wrong, but this one looks like it might be an issue with\nmissing quotes. Always quote template expression brackets when they\nstart a value. For instance:\n\n with_items:\n - {{ foo }}\n\nShould be written as:\n\n with_items:\n - \"{{ foo }}\"\n"}
to retry, use: --limit @/DIR/playbook-deploy-docker-repo.retry
So I tried to replace those instances:
when:
- not harbor_folder_st.stat.exists
- not harbor_folder_st.stat.isdir
by
when:
- not harbor_folder_st.stat.exists or (harbor_folder_st.stat.isdir is defined and not harbor_folder_st.stat.isdir)
But then it would skip the unzip:
TASK [deploy_harbor_via_compose : Uncompressing Harbor installer...] ***************************************************
skipping: [test_server]
Did I miss something? How would it be best to fix that?
By default, things are created with "mode": "0755"
This could be changed to 0750 I believe.
When I try to install the role from Ansible Galaxy I get an error message:
$ sudo ansible-galaxy install nicholasamorim.harbor
- downloading role 'harbor', owned by nicholasamorim
- downloading role from https://github.com/nicholasamorim/ansible-role-harbor/archive/master.tar.gz
[WARNING]: - nicholasamorim.harbor was NOT installed successfully: this role does not appear to have a meta/main.yml file.
ERROR! - you can use --ignore-errors to skip failed roles and finish processing the list.
I believe that this is because ansible-galaxy expects a meta/main.yml but the meta file in this repository is meta/main.yaml
Hello!
I try install harbor and get error
ERROR! the role 'harbor' was not found in /home/user/github/infrastructure-as-a-code-example/12-harbor/roles:/home/user/.ansible/roles:/usr/share/ansible/roles:/etc/ansible/roles:/home/user/github/infrastructure-as-a-code-example/12-harbor
The error appears to be in '/home/user/github/infrastructure-as-a-code-example/12-harbor/playbook.yml': line 20, column 7, but may
be elsewhere in the file depending on the exact syntax problem.
The offending line appears to be:
roles:
- harbor
^ here
I install role
ansible-galaxy install nicholasamorim.harbor
Playbook
---
- name: Installing and configuring Harbor
hosts: harbor
vars:
harbor_projects:
- project_name: myproject
is_public: "false"
content_trust: "false"
prevent_vul: "true"
severity: "high"
auto_scan: "true"
harbor_users:
- username: user1
email: [email protected]
realname: User Number 1
role_name: developer
role_id: 2
has_admin_role: true
roles:
- harbor
This is what you get with a custom port (HTTPS):
CURL:
< HTTP/1.1 401 Unauthorized
< Server: nginx
< Date: Fri, 05 Apr 2019 13:29:45 GMT
< Content-Type: application/json; charset=utf-8
< Content-Length: 87
< Connection: keep-alive
< Docker-Distribution-Api-Version: registry/2.0
< Set-Cookie: sid=b9969f27808d09cd150a27e0122fc068; Path=/; HttpOnly
< Www-Authenticate: Bearer realm="https://DOMAIN.COM/service/token",service="harbor-registry"
<
{"errors":[{"code":"UNAUTHORIZED","message":"authentication required","detail":null}]}
* Connection #0 to host DOMAIN.COM left intact
$ sudo docker login DOMAIN.COM8443
[sudo] password for user:
Username: user
Password:
Error response from daemon: Get https://DOMAIN.COM:8443/v2/: Get https://DOMAIN.COM/service/token?account=user&client_id=docker&offline_token=true&service=harbor-registry: dial tcp 192.168.x.x:443: connect: connection refused
I found what is wrong and will try to fix it.
./config/notary/server-config.postgres.json: "realm": "https://DOMAIN.COM/service/token"
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.