[agent-go] [Bastion] - install docker; docker-compose; install harbor
This commit is contained in:
zeaslity
112
agent-go/a_executor/beans/DockerDaemonConfig.go
Normal file
112
agent-go/a_executor/beans/DockerDaemonConfig.go
Normal file
@@ -0,0 +1,112 @@
|
||||
package beans
|
||||
|
||||
var ContainerdServiceFile = "/lib/systemd/system/containerd.service"
|
||||
var DockerSocketFile = "/lib/systemd/system/docker.socket"
|
||||
var DockerServiceFile = "/lib/systemd/system/docker.service"
|
||||
|
||||
var ContainerdDaemonService = `
|
||||
# Copyright The containerd Authors.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
[Unit]
|
||||
Description=containerd container runtime
|
||||
Documentation=https://containerd.io
|
||||
After=network.target local-fs.target
|
||||
|
||||
[Service]
|
||||
ExecStartPre=-/sbin/modprobe overlay
|
||||
ExecStart=/usr/bin/containerd
|
||||
|
||||
Type=notify
|
||||
Delegate=yes
|
||||
KillMode=process
|
||||
Restart=always
|
||||
RestartSec=5
|
||||
# Having non-zero Limit*s causes performance problems due to accounting overhead
|
||||
# in the kernel. We recommend using cgroups to do container-local accounting.
|
||||
LimitNPROC=infinity
|
||||
LimitCORE=infinity
|
||||
LimitNOFILE=infinity
|
||||
# Comment TasksMax if your systemd version does not supports it.
|
||||
# Only systemd 226 and above support this version.
|
||||
TasksMax=infinity
|
||||
OOMScoreAdjust=-999
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
`
|
||||
|
||||
var DockerSocketDaemonService = `
|
||||
[Unit]
|
||||
Description=Docker Socket for the API
|
||||
|
||||
[Socket]
|
||||
ListenStream=/var/run/docker.sock
|
||||
SocketMode=0660
|
||||
SocketUser=root
|
||||
SocketGroup=docker
|
||||
|
||||
[Install]
|
||||
WantedBy=sockets.target
|
||||
`
|
||||
|
||||
var DockerDaemonService = `
|
||||
[Unit]
|
||||
Description=Docker Application Container Engine
|
||||
Documentation=https://docs.docker.com
|
||||
After=network-online.target docker.socket firewalld.service containerd.service
|
||||
Wants=network-online.target
|
||||
Requires=docker.socket containerd.service
|
||||
|
||||
[Service]
|
||||
Type=notify
|
||||
# the default is not to use systemd for cgroups because the delegate issues still
|
||||
# exists and systemd currently does not support the cgroup feature set required
|
||||
# for containers run by docker
|
||||
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
|
||||
ExecReload=/bin/kill -s HUP $MAINPID
|
||||
TimeoutSec=0
|
||||
RestartSec=2
|
||||
Restart=always
|
||||
|
||||
# Note that StartLimit* options were moved from "Service" to "Unit" in systemd 229.
|
||||
# Both the old, and new location are accepted by systemd 229 and up, so using the old location
|
||||
# to make them work for either version of systemd.
|
||||
StartLimitBurst=3
|
||||
|
||||
# Note that StartLimitInterval was renamed to StartLimitIntervalSec in systemd 230.
|
||||
# Both the old, and new name are accepted by systemd 230 and up, so using the old name to make
|
||||
# this option work for either version of systemd.
|
||||
StartLimitInterval=60s
|
||||
|
||||
# Having non-zero Limit*s causes performance problems due to accounting overhead
|
||||
# in the kernel. We recommend using cgroups to do container-local accounting.
|
||||
LimitNOFILE=infinity
|
||||
LimitNPROC=infinity
|
||||
LimitCORE=infinity
|
||||
|
||||
# Comment TasksMax if your systemd version does not support it.
|
||||
# Only systemd 226 and above support this option.
|
||||
TasksMax=infinity
|
||||
|
||||
# set delegate yes so that systemd does not reset the cgroups of docker containers
|
||||
Delegate=yes
|
||||
|
||||
# kill only the docker process, not all processes in the cgroup
|
||||
KillMode=process
|
||||
OOMScoreAdjust=-500
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
`
|
||||
53
agent-go/a_executor/beans/HarborTemplateConfig.go
Normal file
53
agent-go/a_executor/beans/HarborTemplateConfig.go
Normal file
@@ -0,0 +1,53 @@
|
||||
package beans
|
||||
|
||||
var HarborTemplateFile = `
|
||||
hostname: HarborHostName
|
||||
|
||||
http:
|
||||
port: HarborHostPort
|
||||
|
||||
harbor_admin_password: HarborAdminPas
|
||||
|
||||
database:
|
||||
password: HarborAdminPas
|
||||
max_idle_conns: 50
|
||||
max_open_conns: 1000
|
||||
conn_max_lifetime: 3600
|
||||
conn_max_idle_time: 3600
|
||||
|
||||
data_volume: /var/lib/docker/harbor-data
|
||||
|
||||
jobservice:
|
||||
max_job_workers: 10
|
||||
job_loggers:
|
||||
- STD_OUTPUT
|
||||
- FILE
|
||||
logger_sweeper_duration: 3
|
||||
|
||||
notification:
|
||||
webhook_job_max_retry: 10
|
||||
webhook_job_http_client_timeout: 10
|
||||
|
||||
|
||||
log:
|
||||
level: warning
|
||||
local:
|
||||
rotate_count: 50
|
||||
rotate_size: 200M
|
||||
location: /var/log/harbor
|
||||
|
||||
cache:
|
||||
enabled: false
|
||||
expire_hours: 24
|
||||
|
||||
_version: 2.9.0
|
||||
|
||||
proxy:
|
||||
http_proxy:
|
||||
https_proxy:
|
||||
no_proxy:
|
||||
components:
|
||||
- core
|
||||
- jobservice
|
||||
- trivy
|
||||
`
|
||||
Reference in New Issue
Block a user