From 37092f801431702773ba70d9e53765eaa545856c Mon Sep 17 00:00:00 2001 From: MIchael Haehnel Date: Fri, 24 Nov 2023 14:56:17 +0100 Subject: [PATCH] DEV-1297 Add lvm to harbor role - increased size harbor data volume on prodnso --- group_vars/harbor/plain.yml | 139 ++++++++++++++-------------- group_vars/stage_prodnso/harbor.yml | 2 + roles/harbor/defaults/main.yml | 88 +++++++++--------- roles/harbor/tasks/main.yml | 8 ++ 4 files changed, 127 insertions(+), 110 deletions(-) create mode 100644 group_vars/stage_prodnso/harbor.yml diff --git a/group_vars/harbor/plain.yml b/group_vars/harbor/plain.yml index 5f503d9..bce1879 100644 --- a/group_vars/harbor/plain.yml +++ b/group_vars/harbor/plain.yml @@ -1,72 +1,77 @@ --- - hetzner_server_type: cpx31 hetzner_server_labels: "stage={{ stage }} service=harbor" +harbor_homedir: "/data" + +harbor_pgdatadir_lvm_hcloudvol_size: 50 +harbor_pgdatadir_lvm_hcloudvol_count: 1 +harbor_pgdatadir_lvm_hcloudvol_mountpath: "{{ harbor_homedir }}" + filebeat_inputs: -- type: log - paths: - - /var/log/harbor/portal.log - fields: - harbor: true - harbor-component: harbor-portal -- type: log - paths: - - /var/log/harbor/exporter.log - fields: - harbor: true - harbor-component: harbor-exporter -- type: log - paths: - - /var/log/harbor/redis.log - fields: - harbor: true - harbor-component: redis -- type: log - paths: - - /var/log/harbor/registryctl.log - fields: - harbor: true - harbor-component: registryctl -- type: log - paths: - - /var/log/harbor/chartmuseum.log - fields: - harbor: true - harbor-component: chartmuseum -- type: log - paths: - - /var/log/harbor/trivy-adapter.log - fields: - harbor: true - harbor-component: trivy-adapter -- type: log - paths: - - /var/log/harbor/postgresql.log - fields: - harbor: true - harbor-component: harbor-db -- type: log - paths: - - /var/log/harbor/jobservice.log - fields: - harbor: true - harbor-component: harbor-jobservice -- type: log - paths: - - /var/log/harbor/proxy.log - fields: - harbor: true - harbor-component: nginx -- type: log - paths: - - /var/log/harbor/registry.log - fields: - harbor: true - harbor-component: registry -- type: log - paths: - - /var/log/harbor/core.log - fields: - harbor: true - harbor-component: harbor-core + - type: log + paths: + - /var/log/harbor/portal.log + fields: + harbor: true + harbor-component: harbor-portal + - type: log + paths: + - /var/log/harbor/exporter.log + fields: + harbor: true + harbor-component: harbor-exporter + - type: log + paths: + - /var/log/harbor/redis.log + fields: + harbor: true + harbor-component: redis + - type: log + paths: + - /var/log/harbor/registryctl.log + fields: + harbor: true + harbor-component: registryctl + - type: log + paths: + - /var/log/harbor/chartmuseum.log + fields: + harbor: true + harbor-component: chartmuseum + - type: log + paths: + - /var/log/harbor/trivy-adapter.log + fields: + harbor: true + harbor-component: trivy-adapter + - type: log + paths: + - /var/log/harbor/postgresql.log + fields: + harbor: true + harbor-component: harbor-db + - type: log + paths: + - /var/log/harbor/jobservice.log + fields: + harbor: true + harbor-component: harbor-jobservice + - type: log + paths: + - /var/log/harbor/proxy.log + fields: + harbor: true + harbor-component: nginx + - type: log + paths: + - /var/log/harbor/registry.log + fields: + harbor: true + harbor-component: registry + - type: log + paths: + - /var/log/harbor/core.log + fields: + harbor: true + harbor-component: harbor-core diff --git a/group_vars/stage_prodnso/harbor.yml b/group_vars/stage_prodnso/harbor.yml new file mode 100644 index 0000000..c9b74b0 --- /dev/null +++ b/group_vars/stage_prodnso/harbor.yml @@ -0,0 +1,2 @@ +--- +harbor_pgdatadir_lvm_hcloudvol_size: 300 diff --git a/roles/harbor/defaults/main.yml b/roles/harbor/defaults/main.yml index 1a7a6e6..e281684 100644 --- a/roles/harbor/defaults/main.yml +++ b/roles/harbor/defaults/main.yml @@ -1,9 +1,14 @@ --- +harbor_homedir: "/data" -harbor_hostname: '{{ stage_server_domain }}' -harbor_external_url: 'https://{{ stage_server_domain }}' +harbor_pgdatadir_lvm_hcloudvol_size: 50 +harbor_pgdatadir_lvm_hcloudvol_count: 1 +harbor_pgdatadir_lvm_hcloudvol_mountpath: "{{ harbor_homedir }}" -harbor_id: '{{ inventory_hostname }}-harbor' +harbor_hostname: "{{ stage_server_domain }}" +harbor_external_url: "https://{{ stage_server_domain }}" + +harbor_id: "{{ inventory_hostname }}-harbor" harbor_dockercompose_customized: services: @@ -33,36 +38,35 @@ harbor_dockercompose_customized: external: true harbor_base_configuration: - email_host: '{{ shared_service_mail_hostname }}' + email_host: "{{ shared_service_mail_hostname }}" email_port: 25 - email_from: '{{ harbor_id }}@netgo.de' - email_password: '' - email_username: '' + email_from: "{{ harbor_id }}@netgo.de" + email_password: "" + email_username: "" email_insecure: true auth_mode: oidc_auth oidc_name: "{{ harbor_oidc_realm }}" - oidc_endpoint: 'https://{{ shared_service_hostname_keycloak }}/auth/realms/{{ harbor_oidc_realm }}' + oidc_endpoint: "https://{{ shared_service_hostname_keycloak }}/auth/realms/{{ harbor_oidc_realm }}" oidc_client_id: "{{ harbor_oidc_client_id }}" oidc_client_secret: "{{ harbor_oidc_client_secret }}" oidc_groups_claim: groups oidc_scope: openid oidc_verify_cert: true oidc_auto_onboard: true - oidc_admin_group: 'admin' - oidc_user_claim: 'sub' + oidc_admin_group: "admin" + oidc_user_claim: "sub" scan_all_policy: parameter: daily_time: 0 project_object_template: project_attributes: - project_name: '{{ elem }}' + project_name: "{{ elem }}" meta_data: auto_scan: true project_state: present members: - - - group_name: '{{ elem }}' + - group_name: "{{ elem }}" group_type: oidc role: projectadmin @@ -74,44 +78,42 @@ harbor_projects_smardigo_default: harbor_projects: [] harbor_robot_tokens: - - - secret_refresh: true -# token_state: present + - secret_refresh: true + # token_state: present name: ansible level: system - description: 'smardigo docker pull credentials' - secret: '{{ harbor_token }}' + description: "smardigo docker pull credentials" + secret: "{{ harbor_token }}" disable: false duration: -1 editable: true expires_at: -1 permissions: - - access: - - action: push - resource: repository - - action: pull - resource: repository - - action: delete - resource: artifact - - action: read - resource: helm-chart - - action: create - resource: helm-chart-version - - action: delete - resource: helm-chart-version - - action: create - resource: tag - - action: delete - resource: tag - - action: create - resource: artifact-label - - action: create - resource: scan - kind: project - namespace: "*" + - access: + - action: push + resource: repository + - action: pull + resource: repository + - action: delete + resource: artifact + - action: read + resource: helm-chart + - action: create + resource: helm-chart-version + - action: delete + resource: helm-chart-version + - action: create + resource: tag + - action: delete + resource: tag + - action: create + resource: artifact-label + - action: create + resource: scan + kind: project + namespace: "*" harbor_scanall: - - - schedule: + - schedule: cron: 0 0 1 * * * type: Custom diff --git a/roles/harbor/tasks/main.yml b/roles/harbor/tasks/main.yml index 43a4c5f..574d037 100644 --- a/roles/harbor/tasks/main.yml +++ b/roles/harbor/tasks/main.yml @@ -1,4 +1,12 @@ --- +- name: "Create/Resize LVM for datadir" + include_role: + name: lvm_with_hetzner_volumes + vars: + lvm_with_hetzner_volumes__volprefix: harbor_datadir + lvm_with_hetzner_volumes__volsize: "{{ harbor_pgdatadir_lvm_hcloudvol_size }}" + lvm_with_hetzner_volumes__volcount: "{{ harbor_pgdatadir_lvm_hcloudvol_count }}" + lvm_with_hetzner_volumes__mountpath: "{{ harbor_pgdatadir_lvm_hcloudvol_mountpath }}" - name: "Install harbor" include_tasks: install.yml