gitea-admin
/
hetzner-ansible
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
prodnso
main
qa
feature/DEV-655
feature/SC-124
feature/SC-55
feature/DEV-470_2nd
feature/DEV-380_2nd
feature/DEV-380
master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '7cdc602534'
${ noResults }
hetzner-ansible/roles/harbor/tasks/install.yml

165 lines
5.2 KiB
YAML
Raw Blame History

---
### tags:
- name: "Setup DNS configuration for {{ inventory_hostname }} harbor"
include_role:
name: dns
vars:
record_data: "{{ stage_server_ip }}"
record_name: "{{ inventory_hostname }}"
- name: 'Ensures {{ service_base_path }}/{{ inventory_hostname }} directory exists'
file:
state: directory
path: '{{ service_base_path }}/{{ inventory_hostname }}'
mode: 0755
owner: root
group: root
tags:
- update_deployment
- update_config
- name: Install pip dependencies
ansible.builtin.pip:
name: "{{ item }}"
loop:
- docker-compose
- name: 'Copy hacky upgrade script'
template:
src: 'hacky_harbor_upgrade.sh.j2'
dest: '/root/hacky_harbor_upgrade.sh'
owner: 'root'
group: 'root'
mode: '0744'
tags:
- upgrade-helper
# work around for DEV-271("container start failure after reboot")
- name: Ensure systemd file
template:
src: harbor-systemd.service.j2
dest: /etc/systemd/system/harbor.service
owner: root
group: root
mode: 0755
- name: "Check if harbor tarball exists"
stat:
path: '{{ service_base_path }}/{{ inventory_hostname }}/harbor-offline-installer-{{ harbor_version }}.tgz'
register: harbor_tarball
- name: Download harbor offline installer
ansible.builtin.get_url:
url: https://github.com/goharbor/harbor/releases/download/{{ harbor_version }}/harbor-offline-installer-{{ harbor_version }}.tgz
dest: "{{ service_base_path }}/{{ inventory_hostname }}/harbor-offline-installer-{{ harbor_version }}.tgz"
when:
- not harbor_tarball.stat.exists
- name: "Set fact"
set_fact:
remote_docker_compose_file_path: '{{ service_base_path }}/{{ inventory_hostname }}/harbor/docker-compose.yml'
- name: "Check if {{ inventory_hostname }}/harbor/docker-compose.yml exists"
stat:
path: '{{ remote_docker_compose_file_path }}'
register: harbor_installation
- name: Extract harbor-offline-installer-{{ harbor_version }}.tgz into {{ service_base_path }}/{{ inventory_hostname }}
ansible.builtin.unarchive:
src: "{{ service_base_path }}/{{ inventory_hostname }}/harbor-offline-installer-{{ harbor_version }}.tgz"
dest: "{{ service_base_path }}/{{ inventory_hostname }}"
remote_src: yes
when:
- not harbor_installation.stat.exists
- name: Ensure config template files are populated from templates/harbor
template:
src: "harbor.yml.j2"
dest: "{{ service_base_path }}/{{ inventory_hostname }}/harbor/harbor.yml"
owner: 'root'
group: 'root'
mode: 0644
# due to missing customized docker-compose-file for smardigo enviroment,
# every start of harbor standard installation will fail in current smardigo enviroment
# therefore we do whitlisting for all non-zero script return codes
# => failed_when statement for ansible-lint
- name: "Exec harbor install.sh "
ansible.builtin.command:
cmd: './install.sh {{ harbor_install_opts | default("--with-trivy --with-chartmuseum") }}'
chdir: '{{ service_base_path }}/{{ inventory_hostname }}/harbor/'
creates: '{{ remote_docker_compose_file_path }}'
register: run_installscript
ignore_errors: yes
- name: "Stopping harbor"
community.docker.docker_compose:
project_src: '{{ service_base_path }}/{{ inventory_hostname }}/harbor/'
stopped: yes
when:
- not harbor_installation.stat.exists
- name: "ensure harbor systemd service also stopped"
systemd:
name: harbor
state: stopped
daemon_reload: yes
when:
- not harbor_installation.stat.exists
# create backup in case just sth weird had happened
- name: "Create backup of generated docker-compose.yml by install.sh"
copy:
src: '{{ remote_docker_compose_file_path }}'
dest: '{{ remote_docker_compose_file_path }}_from_installsh'
owner: 'root'
group: 'root'
mode: 0644
remote_src: yes
when:
- not harbor_installation.stat.exists
- name: "Create backup of common/config/nginx/nginx.conf"
copy:
src: '{{ service_base_path }}/{{ inventory_hostname }}/harbor/common/config/nginx/nginx.conf'
dest: '{{ service_base_path }}/{{ inventory_hostname }}/harbor/common/config/nginx/nginx.conf_orig'
owner: 'root'
group: 'root'
mode: 0644
remote_src: yes
when:
- not harbor_installation.stat.exists
- name: "Removing lines with proxy_set_header due to running behind traefik"
ansible.builtin.lineinfile:
path: '{{ service_base_path }}/{{ inventory_hostname }}/harbor/common/config/nginx/nginx.conf'
state: absent
regexp: 'proxy_set_header'
- name: "Read remote docker-compose.yml from harbor DIR"
ansible.builtin.slurp:
src: '{{ remote_docker_compose_file_path }}'
register: docker_compose_file_remote_encoded
- name: "Set fact"
set_fact:
harbor_dockercompose_merged: '{{ docker_compose_file_remote_encoded.content | b64decode | from_yaml | combine(harbor_dockercompose_customized, recursive=True) }}'
- name: "Create docker-compose.yml with merged VARs"
copy:
content: "{{ harbor_dockercompose_merged | to_nice_yaml(indent=2) }}"
dest: '{{ remote_docker_compose_file_path }}'
owner: 'root'
group: 'root'
mode: '0644'
register: docker_compose_change
notify: harbor restart
- name: "Ensure harbor systemd service started"
systemd:
name: harbor
state: started
enabled: yes
Reference in New Issue View Git Blame Copy Permalink