[agent-go] [Bastion] - install docker; docker-compose; install harbor

agent-go/a_executor/BaseFunction.go

@@ -3,10 +3,14 @@ package a_executor
 import (
 	"fmt"
 	"net"
+	"os"
 	"strings"
 	"wdd.io/agent-go/a_agent"
+	"wdd.io/agent-go/a_executor/beans"
 )
 
+var OctopusAgentInstallPrefix = "/root/wdd/"
+
 type BaseFunc interface {
 
 	// Command 返回基础函数的命令行
@@ -384,11 +388,11 @@ func (op *AgentOsOperator) installDefaultSSHKeyExec(funcArgs []string) (bool, []
 	}
 
 	// download standard private and public key
-	ok, resultLog := BasicDownloadFileByCurl(op.OssOfflinePrefix+"id_ed25519_private_key", "/root/.ssh/id_ed25519")
+	ok, resultLog := BasicDownloadFile(op.OssOfflinePrefix+"id_ed25519_private_key", "", "", "", "/root/.ssh/id_ed25519")
 	if !ok {
 		return false, resultLog
 	}
-	ok, resultLog = BasicDownloadFileByCurl(op.OssOfflinePrefix+"id_ed25519_public_key.pub", "/root/.ssh/id_ed25519.pub")
+	ok, resultLog = BasicDownloadFile(op.OssOfflinePrefix+"id_ed25519_public_key.pub", "", "", "", "/root/.ssh/id_ed25519.pub")
 	if !ok {
 		return false, resultLog
 	}
@@ -445,7 +449,6 @@ func (op *AgentOsOperator) removeDocker() [][]string {
 }
 
 func (op *AgentOsOperator) removeDockerExec() (bool, []string) {
-	var resultLog []string
 
 	dockerServiceStopCommand := [][]string{
 		{
@@ -467,7 +470,8 @@ func (op *AgentOsOperator) removeDockerExec() (bool, []string) {
 
 	ok, l := AllCompleteExecutor(dockerServiceStopCommand)
 	if !ok {
-		resultLog = append(resultLog, l...)
+		log.Error("[removeDockerExec] - 停止docker服务失败！")
+		return false, l
 	}
 
 	dockerStaff := []string{
@@ -491,14 +495,25 @@ func (op *AgentOsOperator) removeDockerExec() (bool, []string) {
 
 	for _, staff := range dockerStaff {
 		removeCommand := append(op.RemoveCommandPrefix, staff)
-
-		ok, result := AllCommandExecutor(removeCommand)
-		if !ok {
-			resultLog = append(resultLog, result...)
-		}
+		AllCommandExecutor(removeCommand)
 	}
 
-	return true, resultLog
+	_ = os.Remove(beans.DockerServiceFile)
+	_ = os.Remove(beans.DockerDaemonService)
+	_ = os.Remove(beans.DockerSocketFile)
+
+	AllCommandExecutor([]string{
+		"systemctl",
+		"daemon-reload",
+	})
+
+	return true, []string{
+		"[removeDockerExec] - docker remove success !",
+	}
+}
+
+func (op *AgentOsOperator) RemoveDockerBastion() (bool, []string) {
+	return op.removeDockerExec()
 }
 
 func (op *AgentOsOperator) installDocker(args []string) [][]string {
@@ -616,7 +631,7 @@ func (op *AgentOsOperator) installDocker(args []string) [][]string {
 
 func (op *AgentOsOperator) installDockerExec(args []string) (bool, []string) {
 
-	BasicCreateFolder("/root/wdd/")
+	BasicCreateFolder(OctopusAgentInstallPrefix)
 
 	op.removeDockerExec()
 
@@ -855,7 +870,7 @@ func (op *AgentOsOperator) installDockerOfflineExec(args []string) (bool, []stri
 		dockerOfflineFileName = "docker-arm64-20.10.15.tgz"
 	}
 
-	ok, resultLog := BasicDownloadFile(op.OssOfflinePrefix+dockerOfflineFileName, "", "", "", "/root/wdd/"+dockerOfflineFileName)
+	ok, resultLog := BasicDownloadFile(op.OssOfflinePrefix+dockerOfflineFileName, "", "", "", OctopusAgentInstallPrefix+dockerOfflineFileName)
 	if !ok {
 		return false, resultLog
 	}
@@ -865,7 +880,7 @@ func (op *AgentOsOperator) installDockerOfflineExec(args []string) (bool, []stri
 	PureResultSingleExecute([]string{
 		"tar",
 		"-vxf",
-		"/root/wdd/" + dockerOfflineFileName,
+		OctopusAgentInstallPrefix + dockerOfflineFileName,
 		"-C",
 		"/root/wdd",
 	})
@@ -878,17 +893,17 @@ func (op *AgentOsOperator) installDockerOfflineExec(args []string) (bool, []stri
 	}
 
 	// systemd daemonize docker
-	downloadOk, log2 := BasicDownloadFileByCurl(op.OssOfflinePrefix+"docker-containerd-daemon.service", "/lib/systemd/system/containerd.service")
+	downloadOk, log2 := BasicDownloadFile(op.OssOfflinePrefix+"docker-containerd-daemon.service", "", "", "", beans.ContainerdServiceFile)
 	if !downloadOk {
 		return false, append(log2, "[installDockerOfflineExec] - daemon file download error !")
 	}
 
-	downloadOk, log2 = BasicDownloadFileByCurl(op.OssOfflinePrefix+"docker-socket-daemon.service", "/lib/systemd/system/docker.socket")
+	downloadOk, log2 = BasicDownloadFile(op.OssOfflinePrefix+"docker-socket-daemon.service", "", "", "", beans.DockerSocketDaemonService)
 	if !downloadOk {
 		return false, append(log2, "[installDockerOfflineExec] - daemon file download error !")
 	}
 
-	downloadOk, log2 = BasicDownloadFileByCurl(op.OssOfflinePrefix+"docker-daemon.service", "/lib/systemd/system/docker.service")
+	downloadOk, log2 = BasicDownloadFile(op.OssOfflinePrefix+"docker-daemon.service", "", "", "", beans.DockerServiceFile)
 	if !downloadOk {
 		return false, append(log2, "[installDockerOfflineExec] - daemon file download error !")
 	}
@@ -965,7 +980,7 @@ func (op *AgentOsOperator) InstallDockerBastion() (bool, []string) {
 
 	BasicRemoveFolderComplete("/root/wdd/docker")
 
-	dockerLocalFile := "/root/wdd/" + dockerOfflineFileName
+	dockerLocalFile := OctopusAgentInstallPrefix + dockerOfflineFileName
 	if !BasicFileExistAndNotNull(dockerLocalFile) {
 		sprintf := fmt.Sprintf("docker offline file not exists ! => %s", dockerLocalFile)
 		log.Error(sprintf)
@@ -989,6 +1004,91 @@ func (op *AgentOsOperator) InstallDockerBastion() (bool, []string) {
 
 	// daemon docker
 
+	// systemd daemonize docker
+	BasicAppendOverwriteContentToFile(beans.ContainerdDaemonService, beans.ContainerdServiceFile)
+	if !BasicFileExistAndNotNull(beans.ContainerdServiceFile) {
+		return false, []string{"docker deamon file not exists !"}
+	}
+	BasicAppendOverwriteContentToFile(beans.DockerSocketDaemonService, beans.DockerSocketFile)
+	if !BasicFileExistAndNotNull(beans.DockerSocketFile) {
+		return false, []string{"docker deamon file not exists !"}
+	}
+	BasicAppendOverwriteContentToFile(beans.DockerDaemonService, beans.DockerServiceFile)
+	if !BasicFileExistAndNotNull(beans.DockerServiceFile) {
+		return false, []string{"docker deamon file not exists !"}
+	}
+	log.InfoF("[InstallDockerBastion] - docker dameon file append success !")
+
+	// run the docker
+	executor, log3 := AllCommandExecutor([]string{
+		"systemctl",
+		"daemon-reload",
+	})
+	if !executor {
+		return false, append(log3, "[InstallDockerBastion] -  daemon reload error !")
+	}
+
+	AllCompleteExecutor([][]string{
+		{
+			"systemctl",
+			"unmask",
+			"containerd",
+		},
+		{
+			"systemctl",
+			"unmask",
+			"docker.socket",
+		},
+		{
+			"systemctl",
+			"unmask",
+			"docker",
+		},
+	})
+
+	AllCompleteExecutor([][]string{
+		{
+			"groupadd",
+			"docker",
+		},
+		{
+			"usermod",
+			"-aG",
+			"docker",
+			"root",
+		},
+		{
+			"newgrp",
+			"docker",
+		},
+	})
+
+	systemdUp, _ := BasicSystemdUp("containerd")
+	if !systemdUp {
+		log.Warn("[InstallDockerBastion] - start containerd service error !")
+	}
+
+	commandExecutor, _ := AllCompleteExecutor([][]string{
+		{
+			"systemctl",
+			"start",
+			"docker.socket",
+		},
+		{
+			"systemctl",
+			"enable",
+			"docker.socket",
+		},
+	})
+	if !commandExecutor {
+		log.Warn("[InstallDockerBastion] - start docker.socket error !")
+	}
+
+	up, log4 := BasicSystemdUp("docker")
+	if !up {
+		return false, append(log4, "[InstallDockerBastion] - start docker service error !")
+	}
+
 	return true, []string{
 		"[InstallDockerBastion] - docker offline installation from local success!",
 	}
@@ -1058,7 +1158,7 @@ func (op *AgentOsOperator) installDockerComposeExec() (bool, []string) {
 
 	log.InfoF("需要安装的docker版本为 => %s", DockerComposeFile)
 
-	ok, resultLog := BasicDownloadFileByCurl(DockerComposeFile, "/usr/local/bin/docker-compose")
+	ok, resultLog := BasicDownloadFile(DockerComposeFile, "", "", "", "/usr/local/bin/docker-compose")
 	if !ok {
 		return false, resultLog
 	}
@@ -1091,7 +1191,7 @@ func (op *AgentOsOperator) installHelm() [][]string {
 		{
 			"mkdir",
 			"-p",
-			"/root/wdd/",
+			OctopusAgentInstallPrefix,
 		},
 		{
 			"rm",
@@ -1212,7 +1312,7 @@ func (op *AgentOsOperator) modifyDockerConfigExec(args []string) (bool, []string
 	}
 
 	// download new
-	ok, resultLog := BasicDownloadFileByCurl(op.OssOfflinePrefix+"docker-daemon-template.json", dockerDaemonFile)
+	ok, resultLog := BasicDownloadFile(op.OssOfflinePrefix+"docker-daemon-template.json", "", "", "", dockerDaemonFile)
 	if !ok {
 		return false, append(resultLog, "[modifyDockerConfigExec] - error download docker-daemon-template.json !")
 	}
@@ -1299,7 +1399,7 @@ func (op *AgentOsOperator) installNFSOfflineExec() (bool, []string) {
 	nfsClientOfflinePackageOSSUrl := op.OssOfflinePrefix + nfsClientOfflinePackageName
 	log.InfoF("[installNFSOfflineExec]- start to download nfs-client offline package from => %s", nfsClientOfflinePackageOSSUrl)
 
-	ok, resultLog := BasicDownloadFileByCurl(nfsClientOfflinePackageOSSUrl, "/root/wdd/"+nfsClientOfflinePackageName)
+	ok, resultLog := BasicDownloadFile(nfsClientOfflinePackageOSSUrl, "", "", "", OctopusAgentInstallPrefix+nfsClientOfflinePackageName)
 	if !ok {
 		return false, append(resultLog, "[installNFSOfflineExec]- download nfs-client offline package error !", nfsClientOfflinePackageOSSUrl)
 	}
@@ -1310,7 +1410,7 @@ func (op *AgentOsOperator) installNFSOfflineExec() (bool, []string) {
 	AllCommandExecutor([]string{
 		"tar",
 		"-zvxf",
-		"/root/wdd/" + nfsClientOfflinePackageName,
+		OctopusAgentInstallPrefix + nfsClientOfflinePackageName,
 		"-C",
 		"/root/wdd",
 	})
@@ -1429,7 +1529,7 @@ func (op *AgentOsOperator) installNFSServerOfflineExec() (bool, []string) {
 	// download from oss
 	nfsServerOfflinePackageOSSUrl := op.OssOfflinePrefix + nfsServerOfflinePackageName
 	log.InfoF("[installNFSServerOfflineExec]- start to download nfs-server offline package from => %s", nfsServerOfflinePackageOSSUrl)
-	ok, resultLog := BasicDownloadFileByCurl(nfsServerOfflinePackageOSSUrl, "/root/wdd/"+nfsServerOfflinePackageName)
+	ok, resultLog := BasicDownloadFileByCurl(nfsServerOfflinePackageOSSUrl, OctopusAgentInstallPrefix+nfsServerOfflinePackageName)
 	if !ok {
 		return false, append(resultLog, "[installNFSServerOfflineExec]- download nfs-server offline package error !", nfsServerOfflinePackageOSSUrl)
 	}
@@ -1440,7 +1540,7 @@ func (op *AgentOsOperator) installNFSServerOfflineExec() (bool, []string) {
 	AllCommandExecutor([]string{
 		"tar",
 		"-zvxf",
-		"/root/wdd/" + nfsServerOfflinePackageName,
+		OctopusAgentInstallPrefix + nfsServerOfflinePackageName,
 		"-C",
 		"/root/wdd",
 	})
@@ -1516,7 +1616,7 @@ func (op *AgentOsOperator) installHarbor() [][]string {
 		//{
 		//	"mkdir",
 		//	"-p",
-		//	"/root/wdd/",
+		//	OctopusAgentInstallPrefix,
 		//},
 		//{
 		//	"rm",
@@ -1535,7 +1635,7 @@ func (op *AgentOsOperator) installHarbor() [][]string {
 			"-zvxf",
 			"/root/wdd/harbor-offline-installer-v2.9.0.tgz",
 			"-C",
-			"/root/wdd/",
+			OctopusAgentInstallPrefix,
 		},
 		{
 			"rm",
@@ -1575,12 +1675,9 @@ func (op *AgentOsOperator) installHarbor() [][]string {
 
 	return installHarborFunc
 }
-
-// installHarborExec install harbor offline
-func (op *AgentOsOperator) installHarborExec() (bool, []string) {
-
+func (op *AgentOsOperator) checkHarborInstallExec() (bool, []string) {
 	// check docker-compose
-	if !BasicFileExistAndNotNull("/usr/local/bin/docker-compose") {
+	if !BasicCommandExistByPath("/usr/local/bin/docker-compose") {
 		return false, []string{
 			"[install harbor] - docker-compose uninstalled ! can't install harbor!",
 		}
@@ -1626,25 +1723,32 @@ func (op *AgentOsOperator) installHarborExec() (bool, []string) {
 			"[install harbor] - script do not support for aarch64 version of harbor installation !",
 		}
 	}
+}
+
+// installHarborExec install harbor offline
+func (op *AgentOsOperator) installHarborExec() (bool, []string) {
+
+	// 抽离
+	checkHarborInstallExec, i := op.checkHarborInstallExec()
+	if !checkHarborInstallExec {
+		return false, i
+	}
 
 	// download offline file
 	harborOfflineFileURL := op.OssOfflinePrefix + "harbor-offline-installer-v2.9.0.tgz"
 	log.InfoF("[install harbor] - start to download harbor offline installer from => %s !", harborOfflineFileURL)
 
-	BasicCreateFolder("/root/wdd/")
+	BasicCreateFolder(OctopusAgentInstallPrefix)
 
 	BasicRemoveFolderComplete("/root/wdd/harbor-offline-installer-v2.9.0.tgz")
 	BasicRemoveFolderComplete("/root/wdd/harbor")
 
-	downloadOk, l := BasicDownloadFileByCurl(harborOfflineFileURL, "/root/wdd/harbor-offline-installer-v2.9.0.tgz")
+	log.Info("[install harbor] - start to download harbor offline installation file!")
+	downloadOk, l := BasicDownloadFile(harborOfflineFileURL, "", "", "", "/root/wdd/harbor-offline-installer-v2.9.0.tgz")
 	if !downloadOk {
 		return false, append(l, "download harbor offline installer failed!")
 	}
 
-	if !BasicFileExistAndNotNull("/root/wdd/harbor-offline-installer-v2.9.0.tgz") {
-		return false, []string{"download harbor offline installer failed!"}
-	}
-
 	// unzip
 	AllCompleteExecutor([][]string{
 		{
@@ -1652,7 +1756,7 @@ func (op *AgentOsOperator) installHarborExec() (bool, []string) {
 			"-zvxf",
 			"/root/wdd/harbor-offline-installer-v2.9.0.tgz",
 			"-C",
-			"/root/wdd/",
+			OctopusAgentInstallPrefix,
 		},
 		{
 			"rm",
@@ -1663,17 +1767,25 @@ func (op *AgentOsOperator) installHarborExec() (bool, []string) {
 
 	// configuration
 	log.Info("[install harbor] - start to download harbor config file!")
-	AllCommandExecutor([]string{
-		"wget",
-		"--no-check-certificate",
-		op.OssOfflinePrefix + "harbor-config-template.yml",
-		"-qO",
-		"/root/wdd/harbor/harbor.yml",
-	})
-	if !BasicFileExistAndNotNull("/root/wdd/harbor/harbor.yml") {
-		return false, []string{"harbor config template file download error !"}
+	ok, resultLog := BasicDownloadFile(op.OssOfflinePrefix+"harbor-config-template.yml", "", "", "", "/root/wdd/harbor/harbor.yml")
+	if !ok {
+		return false, resultLog
 	}
 
+	// install and config
+	installHarborAndConfig, i2 := op.installHarborAndConfig()
+	if !installHarborAndConfig {
+		return false, i2
+	}
+
+	msg := "[install harbor] - harbor start complete !"
+	log.Info(msg)
+
+	return true, []string{msg}
+}
+
+func (op *AgentOsOperator) installHarborAndConfig() (bool, []string) {
+
 	log.Info("[install harbor] - start to modify harbor config file!")
 
 	AllCommandExecutor([]string{
@@ -1686,7 +1798,8 @@ func (op *AgentOsOperator) installHarborExec() (bool, []string) {
 	BasicReplace("/root/wdd/harbor/harbor.yml", "HarborHostPort", "8033")
 	BasicReplace("/root/wdd/harbor/harbor.yml", "HarborAdminPas", "V2ryStr@ngPss")
 
-	log.InfoF("[install harbor] - harbor config changed success to => %s!", op.AgentServerInfo.ServerIPInV4)
+	log.InfoF("[install harbor] - harbor config file changed to => %s %s %s !\n", op.AgentServerInfo.ServerIPInV4, "8033", "V2ryStr@ngPss")
+
 	// install
 	log.Info("[install harbor] - going to start harbor !")
 	executor := ReadTimeCommandExecutor([]string{
@@ -1700,7 +1813,51 @@ func (op *AgentOsOperator) installHarborExec() (bool, []string) {
 		}
 	}
 
-	msg := "[install harbor] - harbor start complete !"
+	return true, nil
+}
+
+func (op *AgentOsOperator) InstallHarborBastion() (bool, []string) {
+	// 抽离
+	checkHarborInstallExec, i := op.checkHarborInstallExec()
+	if !checkHarborInstallExec {
+		return false, i
+	}
+
+	// local file check exists
+	if !BasicFileExistAndNotNull("/root/wdd/harbor-offline-installer-v2.9.0.tgz") {
+		return false, []string{"[InstallHarborBastion] - harbor offline installer not exists !"}
+	}
+
+	// unzip
+	AllCompleteExecutor([][]string{
+		{
+			"tar",
+			"-zvxf",
+			"/root/wdd/harbor-offline-installer-v2.9.0.tgz",
+			"-C",
+			OctopusAgentInstallPrefix,
+		},
+		{
+			"rm",
+			"-rf",
+			"/root/wdd/harbor/harbor.yml",
+		},
+	})
+
+	// configuration
+	if !BasicAppendOverwriteContentToFile(beans.HarborTemplateFile, "/root/wdd/harbor/harbor.yml") {
+		return false, []string{
+			"[InstallHarborBastion] - harbor config file append failed !",
+		}
+	}
+
+	// install and config
+	installHarborAndConfig, i2 := op.installHarborAndConfig()
+	if !installHarborAndConfig {
+		return false, i2
+	}
+
+	msg := "[InstallHarborBastion] - harbor install SUCCESSES !"
 	log.Info(msg)
 
 	return true, []string{msg}
@@ -2197,7 +2354,7 @@ func (op *AgentOsOperator) installZSH() [][]string {
 		{
 			"mkdir",
 			"-p",
-			"/root/wdd/",
+			OctopusAgentInstallPrefix,
 		},
 		append(
 			op.InstallCommandPrefix,
@@ -2331,7 +2488,7 @@ func (op *AgentOsOperator) installZSHExec() (bool, []string) {
 	BasicRemoveFolderComplete("/root/.oh-my-zsh")
 	BasicRemoveFolderComplete("/root/wdd/zsh-install.sh")
 	BasicRemoveFolderComplete("/root/wdd/oh-my-zsh-plugins-list.txt")
-	BasicCreateFolder("/root/wdd/")
+	BasicCreateFolder(OctopusAgentInstallPrefix)
 
 	ok, resultLog := AllCommandExecutor(
 		append(op.InstallCommandPrefix, "zsh", "git"))
@@ -2348,7 +2505,7 @@ func (op *AgentOsOperator) installZSHExec() (bool, []string) {
 	}
 	log.InfoF("开始下载zsh的安装脚本 => %s", zshRemoteGitUrl)
 
-	resultOk, l := BasicDownloadFileByCurl(zshRemoteGitUrl, "/root/wdd/zsh-install.sh")
+	resultOk, l := BasicDownloadFile(zshRemoteGitUrl, "", "", "", "/root/wdd/zsh-install.sh")
 	if !resultOk {
 		l = append(l, "zsh-install.sh 下载失败！ 安装终止")
 		return false, l

agent-go/a_executor/BasicFunction.go

@@ -578,6 +578,14 @@ func BasicDownloadFile(downloadUrl string, socksProxyUrl string, proxyUser strin
 		return false, resultLog
 	}
 
+	// check file exists
+	existAndNotNull := BasicFileExistAndNotNull(desFile)
+	if !existAndNotNull {
+		return false, []string{
+			"[BasicDownloadFile] - file not exist  download error!",
+		}
+	}
+
 	return true, resultLog
 }
 
@@ -724,6 +732,17 @@ func BasicAppendContentToFile(content string, targetFile string) bool {
 	return true
 }
 
+// BasicAppendOverwriteContentToFile 向目标文件中写入一些内容,覆盖源文件
+func BasicAppendOverwriteContentToFile(content string, targetFile string) bool {
+
+	err := os.Remove(targetFile)
+	if err != nil {
+		log.WarnF("[BasicAppendOverwriteContentToFile] - Error removing file: %s , error is %s", targetFile, err.Error())
+	}
+
+	return BasicAppendContentToFile(content, targetFile)
+}
+
 // BasicAppendNullToFile 清空一个文件
 func BasicAppendNullToFile(targetFile string) bool {
 

agent-go/a_executor/beans/DockerDaemonConfig.go

@@ -0,0 +1,112 @@
+package beans
+
+var ContainerdServiceFile = "/lib/systemd/system/containerd.service"
+var DockerSocketFile = "/lib/systemd/system/docker.socket"
+var DockerServiceFile = "/lib/systemd/system/docker.service"
+
+var ContainerdDaemonService = `
+# Copyright The containerd Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+[Unit]
+Description=containerd container runtime
+Documentation=https://containerd.io
+After=network.target local-fs.target
+
+[Service]
+ExecStartPre=-/sbin/modprobe overlay
+ExecStart=/usr/bin/containerd
+
+Type=notify
+Delegate=yes
+KillMode=process
+Restart=always
+RestartSec=5
+# Having non-zero Limit*s causes performance problems due to accounting overhead
+# in the kernel. We recommend using cgroups to do container-local accounting.
+LimitNPROC=infinity
+LimitCORE=infinity
+LimitNOFILE=infinity
+# Comment TasksMax if your systemd version does not supports it.
+# Only systemd 226 and above support this version.
+TasksMax=infinity
+OOMScoreAdjust=-999
+
+[Install]
+WantedBy=multi-user.target
+`
+
+var DockerSocketDaemonService = `
+[Unit]
+Description=Docker Socket for the API
+
+[Socket]
+ListenStream=/var/run/docker.sock
+SocketMode=0660
+SocketUser=root
+SocketGroup=docker
+
+[Install]
+WantedBy=sockets.target
+`
+
+var DockerDaemonService = `
+[Unit]
+Description=Docker Application Container Engine
+Documentation=https://docs.docker.com
+After=network-online.target docker.socket firewalld.service containerd.service
+Wants=network-online.target
+Requires=docker.socket containerd.service
+
+[Service]
+Type=notify
+# the default is not to use systemd for cgroups because the delegate issues still
+# exists and systemd currently does not support the cgroup feature set required
+# for containers run by docker
+ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
+ExecReload=/bin/kill -s HUP $MAINPID
+TimeoutSec=0
+RestartSec=2
+Restart=always
+
+# Note that StartLimit* options were moved from "Service" to "Unit" in systemd 229.
+# Both the old, and new location are accepted by systemd 229 and up, so using the old location
+# to make them work for either version of systemd.
+StartLimitBurst=3
+
+# Note that StartLimitInterval was renamed to StartLimitIntervalSec in systemd 230.
+# Both the old, and new name are accepted by systemd 230 and up, so using the old name to make
+# this option work for either version of systemd.
+StartLimitInterval=60s
+
+# Having non-zero Limit*s causes performance problems due to accounting overhead
+# in the kernel. We recommend using cgroups to do container-local accounting.
+LimitNOFILE=infinity
+LimitNPROC=infinity
+LimitCORE=infinity
+
+# Comment TasksMax if your systemd version does not support it.
+# Only systemd 226 and above support this option.
+TasksMax=infinity
+
+# set delegate yes so that systemd does not reset the cgroups of docker containers
+Delegate=yes
+
+# kill only the docker process, not all processes in the cgroup
+KillMode=process
+OOMScoreAdjust=-500
+
+[Install]
+WantedBy=multi-user.target
+`

agent-go/a_executor/beans/HarborTemplateConfig.go

@@ -0,0 +1,53 @@
+package beans
+
+var HarborTemplateFile = `
+hostname: HarborHostName
+
+http:
+  port: HarborHostPort
+
+harbor_admin_password: HarborAdminPas
+
+database:
+  password: HarborAdminPas
+  max_idle_conns: 50
+  max_open_conns: 1000
+  conn_max_lifetime: 3600
+  conn_max_idle_time: 3600
+
+data_volume: /var/lib/docker/harbor-data
+
+jobservice:
+  max_job_workers: 10
+  job_loggers:
+    - STD_OUTPUT
+    - FILE
+  logger_sweeper_duration: 3
+
+notification:
+  webhook_job_max_retry: 10
+  webhook_job_http_client_timeout: 10
+
+
+log:
+  level: warning
+  local:
+    rotate_count: 50
+    rotate_size: 200M
+    location: /var/log/harbor
+
+cache:
+  enabled: false
+  expire_hours: 24
+
+_version: 2.9.0
+
+proxy:
+  http_proxy:
+  https_proxy:
+  no_proxy:
+  components:
+    - core
+    - jobservice
+    - trivy
+`