update： support docker-registry

shiqinfeng1 · Nov 16, 2023 · b43653a · b43653a
1 parent 8050f03
commit b43653a
Show file tree

Hide file tree

Showing 8 changed files with 137 additions and 13 deletions.
diff --git a/README.md b/README.md
@@ -28,6 +28,8 @@
 
     检查是否生效: `ssh '[email protected]'`, 如果微提示输入密码，表示已生效
     如果未生效， 参考这里解决：https://www.slw.ac.cn/article/linux-cmd-remotelogin.html
+    如果本机也是作为被ansible管理的主机，也需要设置本机免密登录（ssh-copy-id到本机）
+
 - 下载安装dns域名管理工具
 
     ```bash
@@ -65,6 +67,8 @@
    ...
   ```
 
+  如果主机较多， 也可以使用下面介绍的ansible来批量设置
+
 - 非root账号
   测试环境可以直接使用root账号， 如果为了安全性则使用非root账号， 但需要确保具有sudo权限。
   新建非root账号
@@ -89,15 +93,18 @@ centos7
 
 ```bash
 sudo yum install -y epel-release
-sudo yum install -y ansible
+sudo dnf install ansible
+# sudo dnf install ansible-collection-community-general
 ansible --version  # 输出版本信息，例如： ansible 2.9.27
 ```
 
 ubuntu
 
 ```bash
-sudo apt install -y ansible
-ansible --version  # 输出版本信息，例如： ansible 2.9.6
+$ sudo apt update
+$ sudo apt install software-properties-common
+$ sudo add-apt-repository --yes --update ppa:ansible/ansible
+$ sudo apt install ansible
 ```
 
 安装完成后，默认配置文件在 `/etc/ansible/` 下
@@ -111,8 +118,13 @@ ansible.cfg  hosts  roles
 默认的配置在 `/etc/ansible/hosts` 中，追加自己的配置，例如：
 
 ```ini
+[all]
+master hostname=master ansible_python_interpreter=/usr/bin/python3 ansible_ssh_host=192.168.72.36 ansible_ssh_port=22 ansible_ssh_user=sqf # ansible_ssh_pass='Tsss'
+node1 hostname=node1 ansible_python_interpreter=/usr/bin/python3 ansible_ssh_host=192.168.72.84 ansible_ssh_port=22 ansible_ssh_user=user # ansible_ssh_pass='Tsss'
+[registry]
+master
 [webservers]
-node1 ansible_user=user
+node1
 [dbservers]
 node1
 ```
@@ -153,16 +165,22 @@ become=True
 become_method=sudo
 ```
 
-修改后在playbook或命令行中可以不加 `become/become-method` 这些配置
+修改后在playbook或命令行中可以不加 `become/become-method` 这些配置了
 
-将文件直接传输到atlanta组中的所有服务器
+将文件直接传输到all组中的所有服务器
 
 ```bash
 # mode=600 文件属性 
 # owner=mdehaan group=mdehaan 文件所有者
 ansible all -m copy -a "src=/etc/hosts dest=/tmp/hosts mode=600 owner=mdehaan group=mdehaan"
 ```
 
+批量设置hostname
+
+```bash
+ansible-playbook ./deploy/docker/cluster/ansible_playbook/modify_hostname.yml
+```
+
 ### 检查剧本有效性及彩排
 
 举例：
@@ -174,14 +192,18 @@ ansible-playbook --check deploy/docker/cluster/ansible-playbook/install_docker-o
 
 ### 部署基础设施
 
-1. 安装docker
+2. 安装docker
 
     ```bash
-    ansible-playbook deploy/docker/cluster/ansible-playbook/install_docker-online.yml
+    ansible-playbook ./deploy/docker/cluster/ansible-playbook/install_docker_online.yml
     ```
 
 2. 自建镜像仓库
-    [参考项目](https://github.com/Joxit/docker-registry-ui)
+    项目来自[这里](https://github.com/Joxit/docker-registry-ui), 部署操作：
+
+    ```bash
+    ansible-playbook ./deploy/docker/cluster/ansible_playbook/install_docker_registry.yml
+    ```
 
 3. 制作镜像
 

diff --git a/...nsible-playbook/install_docker_online.yml → ...nsible_playbook/install_docker_online.yml b/...nsible-playbook/install_docker_online.yml → ...nsible_playbook/install_docker_online.yml
@@ -46,6 +46,9 @@
       command: docker-compose --version
       register: docker_compose_check
 
+    - debug:
+        msg: "{{ docker_compose_check }}"
+
     - name: Download and install docker-compose
       uri:
         url: 'https://get.daocloud.io/docker/compose/releases/download/v2.11.1/docker-compose-{{ ansible_system }}-{{ ansible_architecture }}'

diff --git a/deploy/docker/cluster/ansible_playbook/install_docker_registry.yml b/deploy/docker/cluster/ansible_playbook/install_docker_registry.yml
@@ -0,0 +1,57 @@
+---
+- name: Install Docker Image Registry
+  hosts: registry
+  become: true
+  gather_facts: false
+  vars_files:
+    - vars.yml
+  tasks:
+  - name: Ensure /etc/docker/daemon.json file exists
+    copy:
+      content: "{}"
+      dest: /etc/docker/daemon.json
+      force: false
+
+  - name: load /etc/docker/daemon.json
+    slurp:
+      src: /etc/docker/daemon.json
+    register: imported_var
+
+  - name: append more key/values
+    set_fact:
+      imported_var: "{{ imported_var.content|b64decode|from_json | default([]) | combine(item, recursive=True) }}"
+    loop:
+      - { 'insecure-registries': ['{{inventory_hostname}}:{{registry_listen_port}}'] }  
+
+  - name: Save /etc/docker/daemon.json
+    copy: 
+      content: "{{ imported_var | to_nice_json }}" 
+      dest: /etc/docker/daemon.json
+
+  - name: Restart Docker service
+    service:
+      name: docker
+      state: restarted
+
+  - name: Copy Docker Compose files
+    template: 
+      src: ../../{{ item }}
+      dest: /tmp/{{ item }}
+      force: true
+    loop:
+      - deploy_docker_registry.yml
+
+  - name: Stop Docker Image Registry
+    shell:
+      cmd: "docker-compose -f /tmp/deploy_docker_registry.yml down"
+
+  - name: Start Docker Image Registry
+    shell:
+      cmd: "docker-compose -f /tmp/deploy_docker_registry.yml up -d"
+
+  - name: Delete docker-compose.yml
+    file: 
+      dest: /tmp/{{ item }}.yml
+      state: absent
+    loop:
+      - deploy_docker_registry
diff --git a/deploy/docker/cluster/ansible_playbook/modify_hostname.yml b/deploy/docker/cluster/ansible_playbook/modify_hostname.yml
@@ -0,0 +1,7 @@
+---
+- hosts: all
+  tasks:
+    - name: change name
+      raw: "echo {{hostname|quote}} > /etc/hostname"
+    - name:
+      shell: hostnamectl set-hostname {{hostname|quote}}
diff --git a/deploy/docker/cluster/ansible_playbook/vars.yml b/deploy/docker/cluster/ansible_playbook/vars.yml
@@ -0,0 +1 @@
+registry_listen_port: 8080
diff --git a/deploy/docker/cluster/prepare-infra-images.sh b/deploy/docker/cluster/prepare-infra-images.sh
diff --git a/deploy/docker/deploy_docker_registry.yml b/deploy/docker/deploy_docker_registry.yml
@@ -0,0 +1,35 @@
+version: '3.8'
+
+services:
+  registry-ui:
+    image: joxit/docker-registry-ui:main
+    restart: always
+    ports:
+      - {{registry_listen_port}}:80
+    environment:
+      - SINGLE_REGISTRY=true
+      - REGISTRY_TITLE=Docker Registry UI
+      - DELETE_IMAGES=true
+      - SHOW_CONTENT_DIGEST=true
+      - NGINX_PROXY_PASS_URL=http://registry-server:5000
+      - SHOW_CATALOG_NB_TAGS=true
+      - CATALOG_MIN_BRANCHES=1
+      - CATALOG_MAX_BRANCHES=1
+      - TAGLIST_PAGE_SIZE=100
+      - REGISTRY_SECURED=false
+      - CATALOG_ELEMENTS_LIMIT=1000
+    container_name: registry-ui
+
+  registry-server:
+    image: registry:2.8.2
+    restart: always
+    environment:
+      REGISTRY_HTTP_HEADERS_Access-Control-Allow-Origin: '["*"]'
+      REGISTRY_HTTP_HEADERS_Access-Control-Allow-Methods: '[HEAD,GET,OPTIONS,DELETE]'
+      REGISTRY_HTTP_HEADERS_Access-Control-Allow-Credentials: '[true]'
+      REGISTRY_HTTP_HEADERS_Access-Control-Allow-Headers: '[Authorization,Accept,Cache-Control]'
+      REGISTRY_HTTP_HEADERS_Access-Control-Expose-Headers: '[Docker-Content-Digest]'
+      REGISTRY_STORAGE_DELETE_ENABLED: 'true'
+    volumes:
+      - ./registry/data:/var/lib/registry
+    container_name: registry-server
diff --git a/deploy/docker/prepare-infra-images.sh b/deploy/docker/prepare-infra-images.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+
+docker pull joxit/docker-registry-ui:main
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,3 @@
		#!/bin/bash

		docker pull joxit/docker-registry-ui:main