部署docker-registry +ui , 使用ansible部署docker实例

#部署docker-registry +ui , 使用ansible部署docker实例

docker registry 配置域名证书, 用户密码认证, 轻量UI
shell部署docker-registry+ui https://www.cnblogs.com/elvi/p/13394449.html

---

#运行
ansible-playbook docker-registry.yml

#删除
ansible-playbook docker-registry.yml -t remove

#浏览器登录查看

---

registry非本机,设置hosts解析 ip hub.elvin.vip
实例使用域名证书hub.elvin.vip
ansible-docker模块参考官网
https://docs.ansible.com/ansible/2.7/modules/docker_container_module.html

#playbook如下

# docker-registry.yml

- name: registry

  hosts: localhost
  #变量
  vars:
    username: admin
    password: docker
    net_name: "registry-net"
    data_dir: "/data/docker/docker-registry"
    domain_name: "hub.elvin.vip"
    download_url: "http://files.elvin.vip/docker"

  tasks:

##########ansible运行docker需安装docker-py 
  - name: "install python-pip "
    package:
      name:
        - "python-pip"
      state: present
    tags: py

  - name: pip install docker-py 
    pip:
      name:
        - docker-py>=1.10.6
        - PyYAML>=5.3.0
      extra_args: -i https://mirrors.aliyun.com/pypi/simple
    tags: py

##########
  - name: Create user file
    shell: |
      mkdir -p {{ data_dir }}
      docker run --rm alivv/htpasswd {{ username }} {{ password }} >{{ data_dir }}/htpasswd
    changed_when: false

  - name: Download https certificate
    get_url:
      url: "{{ download_url }}/{{ item }}"
      dest: "{{ data_dir }}/{{ item }}"
      mode: 0644
      force: yes
    with_items:
      - "{{ domain_name }}_private.key"
      - "{{ domain_name }}_full_chain.pem"

  - name: Create network -> {{ net_name }}
    docker_network:
      name: "{{ net_name }}"
      driver_options:
        com.docker.network.bridge.name: "{{ net_name }}"
      ipam_options:
        subnet: '10.20.20.0/24'
        gateway: 10.20.20.1
        iprange: '10.20.20.0/24'

##########container
  - name: Create container registry-srv
    docker_container: 
      name: registry-srv
      image: registry
      state: started
      restart: yes
      restart_policy: "unless-stopped"
      memory: 512M
      privileged: yes
      networks:
        - name: "{{ net_name }}"
          ipv4_address: 10.20.20.11
          aliases: 
            - registry
      ports:
        - "443:443"
      volumes:
        - "/etc/localtime:/etc/localtime:ro"
        - "{{ data_dir }}:/var/lib/registry"
      env:
        REGISTRY_AUTH: "htpasswd"
        REGISTRY_AUTH_HTPASSWD_REALM: "Registry Realm" 
        REGISTRY_AUTH_HTPASSWD_PATH: "/var/lib/registry/htpasswd"
        REGISTRY_HTTP_ADDR: "0.0.0.0:443"
        REGISTRY_STORAGE_DELETE_ENABLED: "true"
        REGISTRY_HTTP_TLS_KEY: "/var/lib/registry/{{ domain_name }}_private.key"
        REGISTRY_HTTP_TLS_CERTIFICATE: "/var/lib/registry/{{ domain_name }}_full_chain.pem"

  - name: Create container registry-ui
    docker_container: 
      name: registry-ui
      image: joxit/docker-registry-ui:1.3-static
      state: started
      restart: yes
      restart_policy: unless-stopped
      memory: 64M
      networks:
        - name: "{{ net_name }}"
          ipv4_address: 10.20.20.12
      ports:
        - "80:80"
      volumes:
        - "/etc/localtime:/etc/localtime:ro"
      env:
        REGISTRY_URL: "https://registry:443"
        PULL_URL: "{{ domain_name }}"
        DELETE_IMAGES: "true"
        REGISTRY_TITLE: "Docker registry"

##########remove
  - name: Delete container
    docker_container:
      name: "{{ item }}"
      state: absent
      force_kill: yes
    with_items:
      - "registry-ui"
      - "registry-srv"
    tags: never,remove

  - name: Delete network -> {{ net_name }}
    docker_network:
      name: "{{ net_name }}"
      state: absent
      force: yes
    tags: never,remove