init

.gitignore

+/.settings/
+/.project

templates/harbor/0/README.md

+# Harbor 1.7.5 部署 #
+模版部署的Harbor是最基本的仓库管理组件，不包含notary、clair和chartmuseum，默认的访问协议是http，可以选择https协议，通过traefik容器进行http数据封装。
+
+模版部署，必须先设置rancher主机的标签，部署将在具有标签的主机上运行。

templates/harbor/0/docker-compose.yml

+version: '2'
+{{- $registryImage:="reg.wsy010.cn/library/goharbor/registry-photon:v2.6.2-v1.7.5" }}
+{{- $coreImage:="reg.wsy010.cn/library/goharbor/harbor-core:v1.7.5" }}
+{{- $jobserviceImage:="reg.wsy010.cn/library/goharbor/harbor-jobservice:v1.7.5" }}
+{{- $postgresqlImage:="reg.wsy010.cn/library/goharbor/harbor-db:v1.7.5" }}
+{{- $adminserverImage:="reg.wsy010.cn/library/goharbor/harbor-adminserver:v1.7.5" }}
+{{- $portalImage:="reg.wsy010.cn/library/goharbor/harbor-portal:v1.7.5" }}
+{{- $registryctlImage:="reg.wsy010.cn/library/goharbor/harbor-registryctl:v1.7.5" }}
+{{- $redisImage:="reg.wsy010.cn/library/goharbor/redis-photon:v1.7.5" }}
+{{- $configImage:="reg.wsy010.cn/library/goharbor/harbor-config:v1.7.5" }}
+volumes:
+  data-joblogs:
+    driver: ${driver}
+  data-redis:
+    driver: ${driver}
+  data-registry:
+    driver: ${driver}
+  etc-registry:
+    driver: ${driver}
+  etc-registryctl:
+    driver: ${driver}
+  etc-core:
+    driver: ${driver}
+  data-core:
+    driver: ${driver}
+  data-progresql:
+    driver: ${driver}
+  etc-jobservice:
+    driver: ${driver}
+services:
+  registry:
+    image: {{$registryImage}}
+    volumes:
+    - data-registry:/storage
+    - etc-registry:/etc/registry
+    links:
+    - postgresql:config
+    labels:
+      io.rancher.scheduler.affinity:host_label: ${hostlabel}
+  core:
+    image: {{$coreImage}}
+    environment:
+      LOG_LEVEL: info
+      CONFIG_PATH: /etc/core/app.conf
+      CORE_SECRET: M05vRxmf9tzSXyVf
+      JOBSERVICE_SECRET: CM1vXvAOrOisxgT7
+      ADMINSERVER_URL: http://adminserver:8080
+      UAA_CA_ROOT: /etc/core/certificates/uaa_ca.pem
+      _REDIS_URL: redis:6379,100,
+      SYNC_REGISTRY: 'false'
+      CHART_CACHE_DRIVER: redis
+      _REDIS_URL_REG: redis://redis:6379/1
+    volumes:
+    - etc-core:/etc/core
+    - data-core:/data
+    links:
+    - postgresql:config
+    labels:
+      io.rancher.scheduler.affinity:host_label: ${hostlabel}
+      traefik.frontend.rule: Host:${hostname};PathPrefix:/c/,/api/,/chartrepo/,/v1/,/v2/,/service/
+      traefik.port: '8080'
+      {{- if eq .Values.procotol "https" }}
+      traefik.frontend.headers.customRequestHeaders: X-Forwarded-Proto:https
+      {{- end }}
+      traefik.enable: 'true'
+  jobservice:
+    image: {{$jobserviceImage}}
+    environment:
+      CORE_SECRET: M05vRxmf9tzSXyVf
+      JOBSERVICE_SECRET: CM1vXvAOrOisxgT7
+      CORE_URL: http://core:8080
+    volumes:
+    - data-joblogs:/var/log/jobs
+    - etc-jobservice:/etc/jobservice
+    links:
+    - postgresql:config
+    labels:
+      io.rancher.scheduler.affinity:host_label: ${hostlabel}
+  postgresql:
+    image: {{$postgresqlImage}}
+    environment:
+      POSTGRES_PASSWORD: root123
+    volumes:
+    - data-progresql:/var/lib/postgresql/data
+    links:
+    - redis:config
+    labels:
+      io.rancher.scheduler.affinity:host_label: ${hostlabel}
+  adminserver:
+    image: {{$adminserverImage}}
+    environment:
+      PORT: '8080'
+      LOG_LEVEL: info
+      EXT_ENDPOINT: http://${hostname}
+      AUTH_MODE: db_auth
+      SELF_REGISTRATION: 'on'
+      LDAP_URL: ldaps://ldap.mydomain.com
+      LDAP_SEARCH_DN: ''
+      LDAP_SEARCH_PWD: ''
+      LDAP_BASE_DN: ou=people,dc=mydomain,dc=com
+      LDAP_FILTER: ''
+      LDAP_UID: uid
+      LDAP_SCOPE: '2'
+      LDAP_TIMEOUT: '5'
+      LDAP_VERIFY_CERT: 'true'
+      DATABASE_TYPE: postgresql
+      POSTGRESQL_HOST: postgresql
+      POSTGRESQL_PORT: '5432'
+      POSTGRESQL_USERNAME: postgres
+      POSTGRESQL_PASSWORD: root123
+      POSTGRESQL_DATABASE: registry
+      POSTGRESQL_SSLMODE: disable
+      LDAP_GROUP_BASEDN: ou=group,dc=mydomain,dc=com
+      LDAP_GROUP_FILTER: objectclass=group
+      LDAP_GROUP_GID: cn
+      LDAP_GROUP_SCOPE: '2'
+      REGISTRY_URL: http://registry:5000
+      TOKEN_SERVICE_URL: http://core:8080/service/token
+      EMAIL_HOST: smtp.mydomain.com
+      EMAIL_PORT: '25'
+      EMAIL_USR: sample_admin@mydomain.com
+      EMAIL_PWD: abc
+      EMAIL_SSL: 'false'
+      EMAIL_FROM: admin <sample_admin@mydomain.com>
+      EMAIL_IDENTITY: ''
+      EMAIL_INSECURE: 'false'
+      HARBOR_ADMIN_PASSWORD: ${password}
+      PROJECT_CREATION_RESTRICTION: everyone
+      MAX_JOB_WORKERS: '10'
+      CORE_SECRET: M05vRxmf9tzSXyVf
+      JOBSERVICE_SECRET: CM1vXvAOrOisxgT7
+      TOKEN_EXPIRATION: '30'
+      CFG_EXPIRATION: '5'
+      ADMIRAL_URL: NA
+      WITH_NOTARY: 'False'
+      WITH_CLAIR: 'False'
+      CLAIR_DB_PASSWORD: root123
+      CLAIR_DB_HOST: postgresql
+      CLAIR_DB_PORT: '5432'
+      CLAIR_DB_USERNAME: postgres
+      CLAIR_DB: postgres
+      CLAIR_DB_SSLMODE: disable
+      RESET: 'false'
+      UAA_ENDPOINT: uaa.mydomain.org
+      UAA_CLIENTID: id
+      UAA_CLIENTSECRET: secret
+      UAA_VERIFY_CERT: 'true'
+      CORE_URL: http://core:8080
+      JOBSERVICE_URL: http://jobservice:8080
+      CLAIR_URL: http://clair:6060
+      NOTARY_URL: http://notary-server:4443
+      REGISTRY_STORAGE_PROVIDER_NAME: filesystem
+      READ_ONLY: 'false'
+      SKIP_RELOAD_ENV_PATTERN: $$^
+      RELOAD_KEY: ''
+      CHART_REPOSITORY_URL: http://chartmuseum:9999
+      LDAP_GROUP_ADMIN_DN: ''
+      REGISTRY_CONTROLLER_URL: http://registryctl:8080
+      WITH_CHARTMUSEUM: 'False'
+    volumes:
+    - etc-core:/etc/adminserver
+    - data-core:/data
+    links:
+    - postgresql:config
+    labels:
+      io.rancher.scheduler.affinity:host_label: ${hostlabel}
+  portal:
+    image: {{$portalImage}}
+    links:
+    - config:config
+    labels:
+      io.rancher.scheduler.affinity:host_label: ${hostlabel}
+      traefik.frontend.rule: Host:${hostname}
+      traefik.port: '80'
+      {{- if eq .Values.procotol "https" }}
+      traefik.frontend.headers.customRequestHeaders: X-Forwarded-Proto:https
+      {{- end }}
+      traefik.enable: 'true'
+  registryctl:
+    image: {{$registryctlImage}}
+    environment:
+      CORE_SECRET: M05vRxmf9tzSXyVf
+      JOBSERVICE_SECRET: CM1vXvAOrOisxgT7
+    volumes:
+    - data-registry:/storage
+    - etc-registry:/etc/registry
+    - etc-registryctl:/etc/registryctl
+    links:
+    - postgresql:config
+    labels:
+      io.rancher.scheduler.affinity:host_label: ${hostlabel}
+  redis:
+    image: {{$redisImage}}
+    volumes:
+    - data-redis:/var/lib/redis
+    links:
+    - portal:config
+    labels:
+      io.rancher.scheduler.affinity:host_label: ${hostlabel}
+  config:
+    image: {{$configImage}}
+    volumes:
+    - etc-registry:/etc/registry
+    - etc-registryctl:/etc/registryctl
+    - etc-core:/etc/core
+    - etc-jobservice:/etc/jobservice
+    network_mode: none
+    labels:
+      io.rancher.scheduler.affinity:host_label: ${hostlabel}
+      io.rancher.container.start_once: 'true'
+    environment:
+      DOMAIN: ${hostname}
+      SCHEME: ${procotol}
\ No newline at end of file

templates/harbor/0/rancher-compose.yml

+version: '2'
+catalog:
+  name: harbor
+  version: v1.7.5
+  description: |
+    企业级容器仓库 [by VMware]
+  minimum_rancher_version: v0.59.0
+  questions: 
+    - variable: hostname
+      label: 网页访问域名
+      description: | 
+        网页和仓库访问域名。
+      default: "harbor.example.com"
+      required: true
+      type: string
+    - variable: hostlabel
+      label: 主机调度标签
+      description: | 
+        只有拥有标签的主机才能运行。
+      default: "harbor-host=true"
+      required: true
+      type: string
+    - variable: password
+      label: 网页管理登录密码
+      description: | 
+        网页管理登录默认帐号admin，密码默认Harbor12345
+      default: "Harbor12345"
+      required: true
+      type: string
+    - variable: procotol
+      label: 域名访问协议
+      description: | 
+        默认http协议。选择https协议需要traefik配置自动签发证书。
+      default: http
+      required: true
+      type: enum
+      options: 
+        - http
+        - https
+    - variable: driver
+      label: 存储驱动
+      description: | 
+        存储驱动方式：rancher-nfs/local/rancher-ebs
+      default: rancher-nfs
+      required: true
+      type: enum
+      options: 
+        - rancher-nfs
+        - local
+        - rancher-ebs
+services:
+  registry:
+    scale: 1
+  core:
+    scale: 1
+  jobservice:
+    scale: 1
+  postgresql:
+    scale: 1
+  adminserver:
+    scale: 1
+  portal:
+    scale: 1
+  registryctl:
+    scale: 1
+  redis:
+    scale: 1
+  config:
+    scale: 1
\ No newline at end of file

templates/harbor/README.md

+# rancher部署手动转化步骤 #
+
+* 1. [官网最新版下载地址](https://github.com/goharbor/harbor/releases)，下载版本后解压。使用Online版即可。
+
+```
+tar xvf harbor-online-installer-<version>.tgz
+```
+* 2. 进入解压的目录harbor，编辑配置文件harbor.cfg，只需要修改harbor的配置hostname为访问域名和访问协议为http即可，其他保留默认。
+
+```
+#The IP address or hostname to access admin UI and registry service.
+#DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
+#DO NOT comment out this line, modify the value of "hostname" directly, or the installation will fail.
+hostname = harbor.example.com
+
+#The protocol for accessing the UI and token/notification service, by default it is http.
+#It can be set to https if ssl is enabled on nginx.
+ui_url_protocol = http
+```
+* 3. 使用python运行harbor目录中的配置文件生成脚本prepare
+
+```
+python prepare
+```
+* 4. 配置文件生成完毕后，查看harbor目录的docker-compose.yml文件，去除log服务、proxy服务，然后把配置文件中各服务的镜像、环境变量、存储对应填入rancher中启动即可。
+* 5. 相关存储对应rancher关系参考：
+
+> rancher存储挂载：
+
+```
+  registry:
+    volumes:
+    - data-registry:/storage
+    - etc-registry:/etc/registry
+
+  core:
+    volumes:
+    - etc-core:/etc/core
+    - data-core:/data
+
+  jobservice:
+    volumes:
+    - data-joblogs:/var/log/jobs
+    - etc-jobservice:/etc/jobservice
+
+  postgresql:
+    volumes:
+    - data-progresql:/var/lib/postgresql/data
+
+  adminserver:
+    volumes:
+    - etc-core:/etc/adminserver
+    - data-core:/data
+
+  registryctl:
+    volumes:
+    - data-registry:/storage
+    - etc-registry:/etc/registry
+    - etc-registryctl:/etc/registryctl
+	
+  redis:
+    volumes:
+    - data-redis:/var/lib/redis
+```
+> 原存储挂载：
+
+```
+  registry:
+    volumes:
+      - /data/registry:/storage:z
+      - ./common/config/registry/:/etc/registry/:z
+      - ./common/config/custom-ca-bundle.crt:/harbor_cust_cert/custom-ca-bundle.crt:z
+
+  registryctl:
+    volumes:
+      - /data/registry:/storage:z
+      - ./common/config/registry/:/etc/registry/:z
+      - ./common/config/registryctl/config.yml:/etc/registryctl/config.yml:z
+
+  postgresql:
+    volumes:
+      - /data/database:/var/lib/postgresql/data:z
+
+  adminserver:
+    volumes:
+      - /data/config/:/etc/adminserver/config/:z
+      - /data/secretkey:/etc/adminserver/key:z
+      - /data/:/data/:z
+
+  core:
+    volumes:
+      - ./common/config/core/app.conf:/etc/core/app.conf:z
+      - ./common/config/core/private_key.pem:/etc/core/private_key.pem:z
+      - ./common/config/core/certificates/:/etc/core/certificates/:z
+      - /data/secretkey:/etc/core/key:z
+      - /data/ca_download/:/etc/core/ca/:z
+      - /data/psc/:/etc/core/token/:z
+      - /data/:/data/:z
+
+  jobservice:
+    volumes:
+      - /data/job_logs:/var/log/jobs:z
+      - ./common/config/jobservice/config.yml:/etc/jobservice/config.yml:z
+
+  redis:
+    volumes:
+      - /data/redis:/var/lib/redis
+```
+* 6. 由于rancher存储挂载后，应该在配置目录下有默认生成的配置文件，需要手动写入到对应配置目录中，否则容器启动异常。

templates/harbor/config.yml

+name: harbor
+description: |
+  企业级容器仓库 [by VMware]
+version: v1.7.5
+category: Private Container Registry
+projectURL: https://github.com/vmware/harbor 
+license: Apache License 2.0