Ansible Role: Harbor
An Ansible Role that installs Harbor on Linux.
This role is in alpha stage. Issues and PRs are welcome.
Requirements
None.
Role Variables
For a complete list see defaults/main.yaml
.
By default, the role uses the IP of the current host to set harbor_hostname
. You can override it.
To change the install dir:
harbor_install_dir: /opt
To change default protocol:
harbor_ui_url_protocol: "http"
If you want to change the exposed ports of Harbor's NGINX from the defaults of 80 and 443, use:
harbor_exposed_http_port: 81
harbor_exposed_https_port: 444
To install with extras set:
harbor_extras:
- clair
- notary
If you already have a Redis set-up, you might want to change the default redis hostname and port of Harbor:
# change these if you have your own redis running already
harbor_redis_host: redis
harbor_redis_port: 6379
You can also pass extra arguments to the installer with harbor_installer_extra_args
(a string).
You may define harbor_projects
if you want projects to be automatically created once harbor is installed.
harbor_projects:
- project_name: test
is_public: "false"
content_trust: "false"
prevent_vul: "true"
severity: "high"
auto_scan: "true"
By default, users can self-register. If you prefer to create users automatically, you must disable self-registration and set a list of users. Those users will be created automatically. The password defaults to "HarborUser12345".
This operation is idempotent.
harbor_self_registration: "off"
harbor_users:
- username: user1
email: user1@test.com
realname: User Number 1
role_name: developer
role_id: 2
has_admin_role: true
Dependencies
None.
Example Playbook
---
- name: Installing and configuring Harbor
hosts: registry
vars:
harbor_projects:
- project_name: myproject
is_public: "false"
content_trust: "false"
prevent_vul: "true"
severity: "high"
auto_scan: "true"
harbor_users:
- username: user1
email: user1@test.com
realname: User Number 1
role_name: developer
role_id: 2
has_admin_role: true
roles:
- harbor
After the playbook runs, you should be able to navigate to your host on port 80/443 and see Harbor's UI. You can login with admin/Harbor12345
. If you changed the exposed ports, remember to use them instead of 80/443.
For convenience, this role includes tasks to stop, start and restart the registry using docker-compose.
Here's a playbook created specifically to restart the registry:
---
- hosts: registry
tasks:
- name: Restarting Harbor
include_role:
name: harbor
tasks_from: restart
Running the playbook above effectively restarts all components of Harbor. This takes into consideration if you are using clair
and/or notary
and uses their docker-compose files too.
tasks_from
can be restart
, start
and stop
.
If you are running the playbook again to ensure the list of users but you have already changed the default admin password, you can set the harbor_admin_password
variable somewhere or simply pass it in the command-line with -e "harbor_admin_password=mypass"
.
Author Information
This role was created in 2019 by Nicholas Amorim.