DEV-1297 Add lvm to harbor role

- increased size harbor data volume on prodnso
2 years ago · 37092f8014
parent f3d953414e
commit 37092f8014
4 changed files with 127 additions and 110 deletions
--- a/group_vars/harbor/plain.yml
+++ b/group_vars/harbor/plain.yml
@ -1,72 +1,77 @@
 ---
 hetzner_server_type: cpx31
 hetzner_server_labels: "stage={{ stage }} service=harbor"
 harbor_homedir: "/data"
 harbor_pgdatadir_lvm_hcloudvol_size: 50
 harbor_pgdatadir_lvm_hcloudvol_count: 1
 harbor_pgdatadir_lvm_hcloudvol_mountpath: "{{ harbor_homedir }}"
 filebeat_inputs:
- type: log
+  - type: log
-  paths:
+    paths:
-    - /var/log/harbor/portal.log
+      - /var/log/harbor/portal.log
-  fields:
+    fields:
-    harbor: true
+      harbor: true
-    harbor-component: harbor-portal
+      harbor-component: harbor-portal
- type: log
+  - type: log
-  paths:
+    paths:
-    - /var/log/harbor/exporter.log
+      - /var/log/harbor/exporter.log
-  fields:
+    fields:
-    harbor: true
+      harbor: true
-    harbor-component: harbor-exporter
+      harbor-component: harbor-exporter
- type: log
+  - type: log
-  paths:
+    paths:
-    - /var/log/harbor/redis.log
+      - /var/log/harbor/redis.log
-  fields:
+    fields:
-    harbor: true
+      harbor: true
-    harbor-component: redis
+      harbor-component: redis
- type: log
+  - type: log
-  paths:
+    paths:
-    - /var/log/harbor/registryctl.log
+      - /var/log/harbor/registryctl.log
-  fields:
+    fields:
-    harbor: true
+      harbor: true
-    harbor-component: registryctl
+      harbor-component: registryctl
- type: log
+  - type: log
-  paths:
+    paths:
-    - /var/log/harbor/chartmuseum.log
+      - /var/log/harbor/chartmuseum.log
-  fields:
+    fields:
-    harbor: true
+      harbor: true
-    harbor-component: chartmuseum
+      harbor-component: chartmuseum
- type: log
+  - type: log
-  paths:
+    paths:
-    - /var/log/harbor/trivy-adapter.log
+      - /var/log/harbor/trivy-adapter.log
-  fields:
+    fields:
-    harbor: true
+      harbor: true
-    harbor-component: trivy-adapter
+      harbor-component: trivy-adapter
- type: log
+  - type: log
-  paths:
+    paths:
-    - /var/log/harbor/postgresql.log
+      - /var/log/harbor/postgresql.log
-  fields:
+    fields:
-    harbor: true
+      harbor: true
-    harbor-component: harbor-db
+      harbor-component: harbor-db
- type: log
+  - type: log
-  paths:
+    paths:
-    - /var/log/harbor/jobservice.log
+      - /var/log/harbor/jobservice.log
-  fields:
+    fields:
-    harbor: true
+      harbor: true
-    harbor-component: harbor-jobservice
+      harbor-component: harbor-jobservice
- type: log
+  - type: log
-  paths:
+    paths:
-    - /var/log/harbor/proxy.log
+      - /var/log/harbor/proxy.log
-  fields:
+    fields:
-    harbor: true
+      harbor: true
-    harbor-component: nginx
+      harbor-component: nginx
- type: log
+  - type: log
-  paths:
+    paths:
-    - /var/log/harbor/registry.log
+      - /var/log/harbor/registry.log
-  fields:
+    fields:
-    harbor: true
+      harbor: true
-    harbor-component: registry
+      harbor-component: registry
- type: log
+  - type: log
-  paths:
+    paths:
-    - /var/log/harbor/core.log
+      - /var/log/harbor/core.log
-  fields:
+    fields:
-    harbor: true
+      harbor: true
-    harbor-component: harbor-core
+      harbor-component: harbor-core
--- a/group_vars/stage_prodnso/harbor.yml
+++ b/group_vars/stage_prodnso/harbor.yml
@ -0,0 +1,2 @@
 ---
 harbor_pgdatadir_lvm_hcloudvol_size: 300
--- a/roles/harbor/defaults/main.yml
+++ b/roles/harbor/defaults/main.yml
@ -1,9 +1,14 @@
 ---
 harbor_homedir: "/data"
-harbor_hostname: '{{ stage_server_domain }}'
+harbor_pgdatadir_lvm_hcloudvol_size: 50
-harbor_external_url: 'https://{{ stage_server_domain }}'
+harbor_pgdatadir_lvm_hcloudvol_count: 1
 harbor_pgdatadir_lvm_hcloudvol_mountpath: "{{ harbor_homedir }}"
-harbor_id: '{{ inventory_hostname }}-harbor'
+harbor_hostname: "{{ stage_server_domain }}"
 harbor_external_url: "https://{{ stage_server_domain }}"
 harbor_id: "{{ inventory_hostname }}-harbor"
 harbor_dockercompose_customized:
  services:
@ -33,36 +38,35 @@ harbor_dockercompose_customized:
      external: true
 harbor_base_configuration:
-  email_host: '{{ shared_service_mail_hostname }}'
+  email_host: "{{ shared_service_mail_hostname }}"
  email_port: 25
-  email_from: '{{ harbor_id }}@netgo.de'
+  email_from: "{{ harbor_id }}@netgo.de"
-  email_password: ''
+  email_password: ""
-  email_username: ''
+  email_username: ""
  email_insecure: true
  auth_mode: oidc_auth
  oidc_name: "{{ harbor_oidc_realm }}"
-  oidc_endpoint: 'https://{{ shared_service_hostname_keycloak }}/auth/realms/{{ harbor_oidc_realm }}'
+  oidc_endpoint: "https://{{ shared_service_hostname_keycloak }}/auth/realms/{{ harbor_oidc_realm }}"
  oidc_client_id: "{{ harbor_oidc_client_id }}"
  oidc_client_secret: "{{ harbor_oidc_client_secret }}"
  oidc_groups_claim: groups
  oidc_scope: openid
  oidc_verify_cert: true
  oidc_auto_onboard: true
-  oidc_admin_group: 'admin'
+  oidc_admin_group: "admin"
-  oidc_user_claim: 'sub'
+  oidc_user_claim: "sub"
  scan_all_policy:
    parameter:
      daily_time: 0
 project_object_template:
  project_attributes:
-    project_name: '{{ elem }}'
+    project_name: "{{ elem }}"
  meta_data:
    auto_scan: true
  project_state: present
  members:
-    -
+    - group_name: "{{ elem }}"
      group_name: '{{ elem }}'
      group_type: oidc
      role: projectadmin
@ -74,44 +78,42 @@ harbor_projects_smardigo_default:
 harbor_projects: []
 harbor_robot_tokens:
-  -
+  - secret_refresh: true
-    secret_refresh: true
+    #    token_state: present
 #    token_state: present
    name: ansible
    level: system
-    description: 'smardigo docker pull credentials'
+    description: "smardigo docker pull credentials"
-    secret: '{{ harbor_token }}'
+    secret: "{{ harbor_token }}"
    disable: false
    duration: -1
    editable: true
    expires_at: -1
    permissions:
-    - access:
+      - access:
-      - action: push
+          - action: push
-        resource: repository
+            resource: repository
-      - action: pull
+          - action: pull
-        resource: repository
+            resource: repository
-      - action: delete
+          - action: delete
-        resource: artifact
+            resource: artifact
-      - action: read
+          - action: read
-        resource: helm-chart
+            resource: helm-chart
-      - action: create
+          - action: create
-        resource: helm-chart-version
+            resource: helm-chart-version
-      - action: delete
+          - action: delete
-        resource: helm-chart-version
+            resource: helm-chart-version
-      - action: create
+          - action: create
-        resource: tag
+            resource: tag
-      - action: delete
+          - action: delete
-        resource: tag
+            resource: tag
-      - action: create
+          - action: create
-        resource: artifact-label
+            resource: artifact-label
-      - action: create
+          - action: create
-        resource: scan
+            resource: scan
-      kind: project
+        kind: project
-      namespace: "*"
+        namespace: "*"
 harbor_scanall:
-  -
+  - schedule:
    schedule:
      cron: 0 0 1 * * *
      type: Custom
--- a/roles/harbor/tasks/main.yml
+++ b/roles/harbor/tasks/main.yml
@ -1,4 +1,12 @@
 ---
 - name: "Create/Resize LVM for datadir"
  include_role:
    name: lvm_with_hetzner_volumes
  vars:
    lvm_with_hetzner_volumes__volprefix: harbor_datadir
    lvm_with_hetzner_volumes__volsize: "{{ harbor_pgdatadir_lvm_hcloudvol_size }}"
    lvm_with_hetzner_volumes__volcount: "{{ harbor_pgdatadir_lvm_hcloudvol_count }}"
    lvm_with_hetzner_volumes__mountpath: "{{ harbor_pgdatadir_lvm_hcloudvol_mountpath }}"
 - name: "Install harbor"
  include_tasks: install.yml
		`@ -0,0 +1,2 @@`
							`---`
							`harbor_pgdatadir_lvm_hcloudvol_size: 300`