部署docker-registry +ui , 使用ansible部署docker实例
#部署docker-registry +ui , 使用ansible部署docker实例
docker registry 配置域名证书, 用户密码认证, 轻量UI
shell部署docker-registry+ui https://www.cnblogs.com/elvi/p/13394449.html
#运行
ansible-playbook docker-registry.yml
#删除
ansible-playbook docker-registry.yml -t remove
#浏览器登录查看
registry非本机,设置hosts解析 ip hub.elvin.vip
实例使用域名证书hub.elvin.vip
ansible-docker模块参考官网
https://docs.ansible.com/ansible/2.7/modules/docker_container_module.html
#playbook如下
# docker-registry.yml
- name: registry
hosts: localhost
#变量
vars:
username: admin
password: docker
net_name: "registry-net"
data_dir: "/data/docker/docker-registry"
domain_name: "hub.elvin.vip"
download_url: "http://files.elvin.vip/docker"
tasks:
##########ansible运行docker需安装docker-py
- name: "install python-pip "
package:
name:
- "python-pip"
state: present
tags: py
- name: pip install docker-py
pip:
name:
- docker-py>=1.10.6
- PyYAML>=5.3.0
extra_args: -i https://mirrors.aliyun.com/pypi/simple
tags: py
##########
- name: Create user file
shell: |
mkdir -p {{ data_dir }}
docker run --rm alivv/htpasswd {{ username }} {{ password }} >{{ data_dir }}/htpasswd
changed_when: false
- name: Download https certificate
get_url:
url: "{{ download_url }}/{{ item }}"
dest: "{{ data_dir }}/{{ item }}"
mode: 0644
force: yes
with_items:
- "{{ domain_name }}_private.key"
- "{{ domain_name }}_full_chain.pem"
- name: Create network -> {{ net_name }}
docker_network:
name: "{{ net_name }}"
driver_options:
com.docker.network.bridge.name: "{{ net_name }}"
ipam_options:
subnet: '10.20.20.0/24'
gateway: 10.20.20.1
iprange: '10.20.20.0/24'
##########container
- name: Create container registry-srv
docker_container:
name: registry-srv
image: registry
state: started
restart: yes
restart_policy: "unless-stopped"
memory: 512M
privileged: yes
networks:
- name: "{{ net_name }}"
ipv4_address: 10.20.20.11
aliases:
- registry
ports:
- "443:443"
volumes:
- "/etc/localtime:/etc/localtime:ro"
- "{{ data_dir }}:/var/lib/registry"
env:
REGISTRY_AUTH: "htpasswd"
REGISTRY_AUTH_HTPASSWD_REALM: "Registry Realm"
REGISTRY_AUTH_HTPASSWD_PATH: "/var/lib/registry/htpasswd"
REGISTRY_HTTP_ADDR: "0.0.0.0:443"
REGISTRY_STORAGE_DELETE_ENABLED: "true"
REGISTRY_HTTP_TLS_KEY: "/var/lib/registry/{{ domain_name }}_private.key"
REGISTRY_HTTP_TLS_CERTIFICATE: "/var/lib/registry/{{ domain_name }}_full_chain.pem"
- name: Create container registry-ui
docker_container:
name: registry-ui
image: joxit/docker-registry-ui:1.3-static
state: started
restart: yes
restart_policy: unless-stopped
memory: 64M
networks:
- name: "{{ net_name }}"
ipv4_address: 10.20.20.12
ports:
- "80:80"
volumes:
- "/etc/localtime:/etc/localtime:ro"
env:
REGISTRY_URL: "https://registry:443"
PULL_URL: "{{ domain_name }}"
DELETE_IMAGES: "true"
REGISTRY_TITLE: "Docker registry"
##########remove
- name: Delete container
docker_container:
name: "{{ item }}"
state: absent
force_kill: yes
with_items:
- "registry-ui"
- "registry-srv"
tags: never,remove
- name: Delete network -> {{ net_name }}
docker_network:
name: "{{ net_name }}"
state: absent
force: yes
tags: never,remove
本文来自博客园,作者:blog-elvin-vip,转载请注明原文链接:https://www.cnblogs.com/elvi/p/13394492.html