I have involved with a project which needed an automated VMware Harbor registry deployment with GitLab automation, Terraform and Ansible. I thought to writeup for those who are interested with some similar automation work. Actually, this was a sub part of the full project and, I only focus on the VMware Harbor registry deployment in this post. You can find the GitLab repository I created for this from here.
Cloud Platform Configuration
AWS used as the cloud platform for this deployment and, basic VPC setup configured with two public subnets and a private subnet. Again, I focus only the harbor deployment here and use the shared GitLab runners to deploy the application and automation. So, Harbor is deploying to one of the Public subnets of the VPC. GitLab runners are accessing the deployed EC2 from its public IP.
Read More: VMware Kubernetes Academy – A Free Education Platform
Terraform Configuration
Terraform used to build up the backend Cloud platform and EC2 Instance was created to install the Harbor Registry. In this article, I want to add the public IP address of the instance to the “harbor.yml” file to customize the deployment. These configurations should be changed according to the actual requirement of the Harbor registry. All other configurations are with the default settings. I have created a dynamic Ansible inventory file called “harbor_hosts” and updated the “harbor.yml” configuration file with the instance details using Terraform Provisioner local-exec.
Here is the sample Terraform EC2 configuration and entire GitLab repository can be found here.
Ansible Configuration For Harbor Deployment
Ansible playbooks used to install Docker, Docker compose and, perform the harbor configuration and installation on the deployed EC2 instance. You can find my previous post to see how to install Docker and Docker compose with Ansible.
In the Harbor installation, I followed below steps using the Ansible playbook.
- Downloading Harbor
- Unzip Habor File
- Copy Habor Configuration
- Install Harbor
Here is my Ansible Playbook for the above tasks
- name: Habor ansible playbook
become: yes
gather_facts: false
hosts: all
tasks:
- name: Downloading Harbor
remote_user: ubuntu
get_url:
url: https://github.com/goharbor/harbor/releases/download/v1.10.0-rc1/harbor-offline-installer-v1.10.0-rc1.tgz
dest: /tmp
mode: '0777'
- name: Unzip Habor File
remote_user: ubuntu
unarchive:
src: /tmp/harbor-offline-installer-v1.10.0-rc1.tgz
dest: /tmp
remote_src: yes
- name: Copy Habor Configuration
remote_user: ubuntu
copy:
src: harbor.yml
dest: /tmp/harbor
backup: yes
- name: Install Harbor
remote_user: ubuntu
shell: /tmp/harbor/install.sh
GitLab CI For The Harbor Deployment
When executing the GitLab Job I used my customized Ubuntu based Docker image to with installed Terraform and Ansible, which I always use for my deployments.
In order to use GitLab CI AWS authentication, “Access Key ID” and “Secret Access Key ID” and, custom “Keypair” (private and public keys) to deploy the AWS EC2 instance used as the CI/CD Variables in the GitLab repository. My Custom Keys encoded to the base64 values and stored.
These variables directly used in the GitLab CI workflow for the deployment in my “gitlab-ci.yml” file. Single stage, “instance deploy” used as I didn’t want to go forward with multiple stages in this deployment, and few scripting steps followed to achieve the ultimate success of the job.
Here is my “gitlab-ci.yml” file for the deployment
image:
name: arunalakmal/terransible-aws:1.0
entrypoint:
- '/usr/bin/env'
- 'PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin'
- ‘PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID} AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY}'
before_script:
- mkdir -p ~/.ssh
- chmod 700 ~/.ssh
- echo $IRONMANSSH | base64 -di > ~/.ssh/ironman
- chmod 700 ~/.ssh/ironman
- echo $IRONMANPUBSSH | base64 -di > ~/.ssh/ironman.pub
- chmod 700 ~/.ssh/ironman.pub
- eval $(ssh-agent -s)
- ssh-add ~/.ssh/ironman
- rm -rf .terraform
- terraform --version
- terraform init
stages:
- instance deploy
instance deploy:
stage: instance deploy
script:
- terraform validate
- terraform plan -out "hbrdeploy"
- terraform apply -input=false "hbrdeploy"
- export ANSIBLE_HOST_KEY_CHECKING=False
- ansible-playbook -i harbor_hosts ansible-docker-deploy.yaml
- ansible-playbook -i harbor_hosts harbor-ansible-playbook.yaml
Once the pipeline triggered, deployment will automatically deployed the infrastructure and the Harbor registry in an EC2 Instance.
So Harbor registry can be accessible with the Public IP address
There are many tweaks can be made and different approaches can be used for similar deployment. This is the way I achieved my VMware Harbor registry deployment with GitLab, Terraform and Ansible.
