propagate more env vars

Deploy/harbor.cfg

@@ -38,6 +38,10 @@ self_registration = on
 #Number of job workers in job service, default is 3 
 max_job_workers = 3 
 
+#Toggle on and off to tell job service wheter or not verify the ssl cert
+#when it tries to access a remote registry
+verify_remote_cert = on
+
 #Turn on or off the customize your certificate for registry's token.
 #If the value is on, the prepare script will generate new root cert and private key 
 #for generating token to access the image in registry.

Deploy/prepare

@@ -47,6 +47,7 @@ crt_organizationalunit = rcp.get("configuration", "crt_organizationalunit")
 crt_commonname = rcp.get("configuration", "crt_commonname")
 crt_email = rcp.get("configuration", "crt_email")
 max_job_workers = rcp.get("configuration", "max_job_workers")
+verify_remote_cert = rcp.get("configuration", "verify_remote_cert")
 ########
 
 ui_secret = ''.join(random.choice(string.ascii_letters+string.digits) for i in range(16))  
@@ -122,7 +123,8 @@ render(os.path.join(templates_dir, "jobservice", "env"),
         db_password=db_password,
         ui_secret=ui_secret,
         max_job_workers=max_job_workers,
-        ui_url=ui_url)
+        ui_url=ui_url,
+        verify_remote_cert=verify_remote_cert)
 
 def validate_crt_subj(dirty_subj):
     subj_list = [item for item in dirty_subj.strip().split("/") \

Deploy/templates/jobservice/env

@@ -3,7 +3,10 @@ MYSQL_PORT=3306
 MYSQL_USR=root
 MYSQL_PWD=$db_password
 UI_SECRET=$ui_secret
-HARBOR_URL=$ui_url
+REGISTRY_URL=http://registry:5000
+VERIFY_REMOTE_CERT=$verify_remote_cert
 MAX_JOB_WORKERS=$max_job_workers
 LOG_LEVEL=debug
 GODEBUG=netdns=cgo
+EXT_ENDPOINT=$ui_url
+TOKEN_URL=http://ui

Deploy/templates/ui/env

@@ -3,10 +3,11 @@ MYSQL_PORT=3306
 MYSQL_USR=root
 MYSQL_PWD=$db_password
 REGISTRY_URL=http://registry:5000
+UI_URL=http://ui
 CONFIG_PATH=/etc/ui/app.conf
 HARBOR_REG_URL=$hostname
 HARBOR_ADMIN_PASSWORD=$harbor_admin_password
-HARBOR_URL=$hostname
+HARBOR_URL=$ui_url
 AUTH_MODE=$auth_mode
 LDAP_URL=$ldap_url
 LDAP_BASE_DN=$ldap_basedn
@@ -14,3 +15,5 @@ UI_SECRET=$ui_secret
 SELF_REGISTRATION=$self_registration
 LOG_LEVEL=debug
 GODEBUG=netdns=cgo
+EXT_ENDPOINT=$ui_url
+TOKEN_URL=http://ui

api/jobs/replication.go

@@ -1,16 +1,16 @@
 /*
-    Copyright (c) 2016 VMware, Inc. All Rights Reserved.
-    Licensed under the Apache License, Version 2.0 (the "License");
-    you may not use this file except in compliance with the License.
-    You may obtain a copy of the License at
-        
-        http://www.apache.org/licenses/LICENSE-2.0
-        
-    Unless required by applicable law or agreed to in writing, software
-    distributed under the License is distributed on an "AS IS" BASIS,
-    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-    See the License for the specific language governing permissions and
-    limitations under the License.
+   Copyright (c) 2016 VMware, Inc. All Rights Reserved.
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
 */
 
 package api
@@ -165,7 +165,7 @@ func getRepoList(projectID int64) ([]string, error) {
 			uiPwd = "Harbor12345"
 		}
 	*/
-	uiURL := config.LocalHarborURL()
+	uiURL := config.LocalUIURL()
 	client := &http.Client{}
 	req, err := http.NewRequest("GET", uiURL+"/api/repositories?project_id="+strconv.Itoa(int(projectID)), nil)
 	if err != nil {

job/config/config.go

@@ -1,16 +1,16 @@
 /*
-    Copyright (c) 2016 VMware, Inc. All Rights Reserved.
-    Licensed under the Apache License, Version 2.0 (the "License");
-    you may not use this file except in compliance with the License.
-    You may obtain a copy of the License at
-        
-        http://www.apache.org/licenses/LICENSE-2.0
-        
-    Unless required by applicable law or agreed to in writing, software
-    distributed under the License is distributed on an "AS IS" BASIS,
-    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-    See the License for the specific language governing permissions and
-    limitations under the License.
+   Copyright (c) 2016 VMware, Inc. All Rights Reserved.
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
 */
 
 package config
@@ -26,9 +26,11 @@ import (
 const defaultMaxWorkers int = 10
 
 var maxJobWorkers int
-var localURL string
+var localUIURL string
+var localRegURL string
 var logDir string
 var uiSecret string
+var verifyRemoteCert string
 
 func init() {
 	maxWorkersEnv := os.Getenv("MAX_JOB_WORKERS")
@@ -39,9 +41,14 @@ func init() {
 		maxJobWorkers = defaultMaxWorkers
 	}
 
-	localURL = os.Getenv("HARBOR_URL")
-	if len(localURL) == 0 {
-		localURL = "http://registry:5000/"
+	localRegURL = os.Getenv("REGISTRY_URL")
+	if len(localRegURL) == 0 {
+		localRegURL = "http://registry:5000"
+	}
+
+	localUIURL = os.Getenv("UI_URL")
+	if len(localUIURL) == 0 {
+		localUIURL = "http://ui"
 	}
 
 	logDir = os.Getenv("LOG_DIR")
@@ -67,8 +74,15 @@ func init() {
 		panic("UI Secret is not set")
 	}
 
+	verifyRemoteCert = os.Getenv("VERIFY_REMOTE_CERT")
+	if len(verifyRemoteCert) == 0 {
+		verifyRemoteCert = "on"
+	}
+
 	log.Debugf("config: maxJobWorkers: %d", maxJobWorkers)
-	log.Debugf("config: localHarborURL: %s", localURL)
+	log.Debugf("config: localUIURL: %s", localUIURL)
+	log.Debugf("config: localRegURL: %s", localRegURL)
+	log.Debugf("config: verifyRemoteCert: %s", verifyRemoteCert)
 	log.Debugf("config: logDir: %s", logDir)
 	log.Debugf("config: uiSecret: ******")
 }
@@ -78,9 +92,14 @@ func MaxJobWorkers() int {
 	return maxJobWorkers
 }
 
-// LocalHarborURL returns the local registry url, job service will use this URL to pull manifest and repository.
-func LocalHarborURL() string {
-	return localURL
+// LocaUIURL returns the local ui url, job service will use this URL to call API hosted on ui process
+func LocalUIURL() string {
+	return localUIURL
+}
+
+// LocalRegURL returns the local registry url, job service will use this URL to pull image from the registry
+func LocalRegURL() string {
+	return localRegURL
 }
 
 // LogDir returns the absolute path to which the log file will be written
@@ -92,3 +111,8 @@ func LogDir() string {
 func UISecret() string {
 	return uiSecret
 }
+
+// VerifyRemoteCert return the flag to tell jobservice whether or not verify the cert of remote registry
+func VerifyRemoteCert() bool {
+	return verifyRemoteCert != "off"
+}

job/statemachine.go

@@ -1,16 +1,16 @@
 /*
-    Copyright (c) 2016 VMware, Inc. All Rights Reserved.
-    Licensed under the Apache License, Version 2.0 (the "License");
-    you may not use this file except in compliance with the License.
-    You may obtain a copy of the License at
-        
-        http://www.apache.org/licenses/LICENSE-2.0
-        
-    Unless required by applicable law or agreed to in writing, software
-    distributed under the License is distributed on an "AS IS" BASIS,
-    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-    See the License for the specific language governing permissions and
-    limitations under the License.
+   Copyright (c) 2016 VMware, Inc. All Rights Reserved.
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
 */
 
 package job
@@ -38,6 +38,7 @@ type RepJobParm struct {
 	Tags           []string
 	Enabled        int
 	Operation      string
+	Insecure       bool
 }
 
 // SM is the state machine to handle job, it handles one job at a time.
@@ -205,11 +206,12 @@ func (sm *SM) Reset(jid int64) error {
 		return fmt.Errorf("The policy doesn't exist in DB, policy id:%d", job.PolicyID)
 	}
 	sm.Parms = &RepJobParm{
-		LocalRegURL: config.LocalHarborURL(),
+		LocalRegURL: config.LocalRegURL(),
 		Repository:  job.Repository,
 		Tags:        job.TagList,
 		Enabled:     policy.Enabled,
 		Operation:   job.Operation,
+		Insecure:    !config.VerifyRemoteCert(),
 	}
 	if policy.Enabled == 0 {
 		//worker will cancel this job