From 44b27e71c2c2d3309bea614f6cfe88c196645c87 Mon Sep 17 00:00:00 2001 From: Jack Liu Date: Fri, 25 Mar 2016 09:08:44 +0800 Subject: [PATCH 01/23] update log functions in service --- service/notification.go | 11 ++++++----- service/token.go | 10 +++++----- service/utils/authutils.go | 10 +++++----- service/utils/cache.go | 5 ++--- service/utils/registryutils.go | 11 ++++++----- 5 files changed, 24 insertions(+), 23 deletions(-) diff --git a/service/notification.go b/service/notification.go index 7da62cb2d..75d8ce382 100644 --- a/service/notification.go +++ b/service/notification.go @@ -23,6 +23,7 @@ import ( "github.com/vmware/harbor/dao" "github.com/vmware/harbor/models" svc_utils "github.com/vmware/harbor/service/utils" + log "github.com/vmware/harbor/utils/log" "github.com/astaxie/beego" ) @@ -37,12 +38,12 @@ const manifestPattern = `^application/vnd.docker.distribution.manifest.v\d\+json // Post handles POST request, and records audit log or refreshes cache based on event. func (n *NotificationHandler) Post() { var notification models.Notification - // log.Printf("Notification Handler triggered!\n") - // log.Printf("request body in string: %s", string(n.Ctx.Input.CopyBody())) + // log.Info("Notification Handler triggered!\n") + // log.Infof("request body in string: %s", string(n.Ctx.Input.CopyBody())) err := json.Unmarshal(n.Ctx.Input.CopyBody(1<<32), ¬ification) if err != nil { - beego.Error("error while decoding json: ", err) + log.Error("error while decoding json: ", err) return } var username, action, repo, project string @@ -50,7 +51,7 @@ func (n *NotificationHandler) Post() { for _, e := range notification.Events { matched, err = regexp.MatchString(manifestPattern, e.Target.MediaType) if err != nil { - beego.Error("Failed to match the media type against pattern, error: ", err) + log.Error("Failed to match the media type against pattern, error: ", err) matched = false } if matched && strings.HasPrefix(e.Request.UserAgent, "docker") { @@ -68,7 +69,7 @@ func (n *NotificationHandler) Post() { go func() { err2 := svc_utils.RefreshCatalogCache() if err2 != nil { - beego.Error("Error happens when refreshing cache:", err2) + log.Error("Error happens when refreshing cache:", err2) } }() } diff --git a/service/token.go b/service/token.go index fe013be33..483583b4e 100644 --- a/service/token.go +++ b/service/token.go @@ -16,12 +16,12 @@ package service import ( - "log" "net/http" "github.com/vmware/harbor/auth" "github.com/vmware/harbor/models" svc_utils "github.com/vmware/harbor/service/utils" + log "github.com/vmware/harbor/utils/log" "github.com/astaxie/beego" "github.com/docker/distribution/registry/auth/token" @@ -38,14 +38,14 @@ type TokenHandler struct { func (a *TokenHandler) Get() { request := a.Ctx.Request - log.Println("request url: " + request.URL.String()) + log.Info("request url: " + request.URL.String()) username, password, _ := request.BasicAuth() authenticated := authenticate(username, password) service := a.GetString("service") scope := a.GetString("scope") if len(scope) == 0 && !authenticated { - log.Printf("login request with invalid credentials") + log.Info("login request with invalid credentials") a.CustomAbort(http.StatusUnauthorized, "") } access := svc_utils.GetResourceActions(scope) @@ -60,7 +60,7 @@ func (a *TokenHandler) serveToken(username, service string, access []*token.Reso //create token rawToken, err := svc_utils.MakeToken(username, service, access) if err != nil { - log.Printf("Failed to make token, error: %v", err) + log.Errorf("Failed to make token, error: %v", err) writer.WriteHeader(http.StatusInternalServerError) return } @@ -73,7 +73,7 @@ func (a *TokenHandler) serveToken(username, service string, access []*token.Reso func authenticate(principal, password string) bool { user, err := auth.Login(models.AuthModel{principal, password}) if err != nil { - log.Printf("Error occurred in UserLogin: %v", err) + log.Errorf("Error occurred in UserLogin: %v", err) return false } if user == nil { diff --git a/service/utils/authutils.go b/service/utils/authutils.go index 77ba8a738..df996524e 100644 --- a/service/utils/authutils.go +++ b/service/utils/authutils.go @@ -21,11 +21,11 @@ import ( "encoding/base64" "encoding/json" "fmt" - "log" "strings" "time" "github.com/vmware/harbor/dao" + log "github.com/vmware/harbor/utils/log" "github.com/docker/distribution/registry/auth/token" "github.com/docker/libtrust" @@ -71,19 +71,19 @@ func FilterAccess(username string, authenticated bool, a *token.ResourceActions) if username == "admin" { exist, err := dao.ProjectExists(projectName) if err != nil { - log.Printf("Error occurred in CheckExistProject: %v", err) + log.Errorf("Error occurred in CheckExistProject: %v", err) return } if exist { permission = "RW" } else { permission = "" - log.Printf("project %s does not exist, set empty permission for admin", projectName) + log.Infof("project %s does not exist, set empty permission for admin", projectName) } } else { permission, err = dao.GetPermission(username, projectName) if err != nil { - log.Printf("Error occurred in GetPermission: %v", err) + log.Errorf("Error occurred in GetPermission: %v", err) return } } @@ -96,7 +96,7 @@ func FilterAccess(username string, authenticated bool, a *token.ResourceActions) } } } - log.Printf("current access, type: %s, name:%s, actions:%v \n", a.Type, a.Name, a.Actions) + log.Infof("current access, type: %s, name:%s, actions:%v \n", a.Type, a.Name, a.Actions) } // GenTokenForUI is for the UI process to call, so it won't establish a https connection from UI to proxy. diff --git a/service/utils/cache.go b/service/utils/cache.go index 7a0ca93a4..0180cbfdd 100644 --- a/service/utils/cache.go +++ b/service/utils/cache.go @@ -20,8 +20,7 @@ import ( "time" "github.com/vmware/harbor/models" - - "github.com/astaxie/beego" + log "github.com/vmware/harbor/utils/log" "github.com/astaxie/beego/cache" ) @@ -35,7 +34,7 @@ func init() { var err error Cache, err = cache.NewCache("memory", `{"interval":720}`) if err != nil { - beego.Error("Failed to initialize cache, error:", err) + log.Error("Failed to initialize cache, error:", err) } } diff --git a/service/utils/registryutils.go b/service/utils/registryutils.go index b1aa272d1..ed3507f38 100644 --- a/service/utils/registryutils.go +++ b/service/utils/registryutils.go @@ -19,10 +19,11 @@ import ( "errors" "fmt" "io/ioutil" - "log" "net/http" "os" "strings" + + log "github.com/vmware/harbor/utils/log" ) // BuildRegistryURL ... @@ -34,7 +35,7 @@ func BuildRegistryURL(segments ...string) string { url := registryURL + "/v2" for _, s := range segments { if s == "v2" { - log.Printf("unnecessary v2 in %v", segments) + log.Infof("unnecessary v2 in %v", segments) continue } url += "/" + s @@ -59,7 +60,7 @@ func RegistryAPIGet(url, username string) ([]byte, error) { } else if response.StatusCode == http.StatusUnauthorized { authenticate := response.Header.Get("WWW-Authenticate") str := strings.Split(authenticate, " ")[1] - log.Println("url: " + url) + log.Info("url: " + url) var service string var scope string strs := strings.Split(str, ",") @@ -83,7 +84,7 @@ func RegistryAPIGet(url, username string) ([]byte, error) { request.Header.Add("Authorization", "Bearer "+token) client := &http.Client{} client.CheckRedirect = func(req *http.Request, via []*http.Request) error { - // log.Printf("via length: %d\n", len(via)) + // log.Infof("via length: %d\n", len(via)) if len(via) >= 10 { return fmt.Errorf("too many redirects") } @@ -100,7 +101,7 @@ func RegistryAPIGet(url, username string) ([]byte, error) { } if response.StatusCode != http.StatusOK { errMsg := fmt.Sprintf("Unexpected return code from registry: %d", response.StatusCode) - log.Printf(errMsg) + log.Error(errMsg) return nil, fmt.Errorf(errMsg) } result, err = ioutil.ReadAll(response.Body) From aa9fa581ecb30710811367fd3e98de0c6b3ee032 Mon Sep 17 00:00:00 2001 From: Jack Liu Date: Fri, 25 Mar 2016 09:31:50 +0800 Subject: [PATCH 02/23] fix bugs --- service/notification.go | 2 +- service/token.go | 4 ++-- service/utils/authutils.go | 2 +- service/utils/cache.go | 2 +- service/utils/registryutils.go | 6 +++--- 5 files changed, 8 insertions(+), 8 deletions(-) diff --git a/service/notification.go b/service/notification.go index 75d8ce382..9e9cdd97f 100644 --- a/service/notification.go +++ b/service/notification.go @@ -23,7 +23,7 @@ import ( "github.com/vmware/harbor/dao" "github.com/vmware/harbor/models" svc_utils "github.com/vmware/harbor/service/utils" - log "github.com/vmware/harbor/utils/log" + "github.com/vmware/harbor/utils/log" "github.com/astaxie/beego" ) diff --git a/service/token.go b/service/token.go index 483583b4e..d30f44e9a 100644 --- a/service/token.go +++ b/service/token.go @@ -21,7 +21,7 @@ import ( "github.com/vmware/harbor/auth" "github.com/vmware/harbor/models" svc_utils "github.com/vmware/harbor/service/utils" - log "github.com/vmware/harbor/utils/log" + "github.com/vmware/harbor/utils/log" "github.com/astaxie/beego" "github.com/docker/distribution/registry/auth/token" @@ -38,7 +38,7 @@ type TokenHandler struct { func (a *TokenHandler) Get() { request := a.Ctx.Request - log.Info("request url: " + request.URL.String()) + log.Infof("request url: " + request.URL.String()) username, password, _ := request.BasicAuth() authenticated := authenticate(username, password) service := a.GetString("service") diff --git a/service/utils/authutils.go b/service/utils/authutils.go index df996524e..d8abc917b 100644 --- a/service/utils/authutils.go +++ b/service/utils/authutils.go @@ -25,7 +25,7 @@ import ( "time" "github.com/vmware/harbor/dao" - log "github.com/vmware/harbor/utils/log" + "github.com/vmware/harbor/utils/log" "github.com/docker/distribution/registry/auth/token" "github.com/docker/libtrust" diff --git a/service/utils/cache.go b/service/utils/cache.go index 0180cbfdd..b44cf7031 100644 --- a/service/utils/cache.go +++ b/service/utils/cache.go @@ -20,7 +20,7 @@ import ( "time" "github.com/vmware/harbor/models" - log "github.com/vmware/harbor/utils/log" + "github.com/vmware/harbor/utils/log" "github.com/astaxie/beego/cache" ) diff --git a/service/utils/registryutils.go b/service/utils/registryutils.go index ed3507f38..153398a3b 100644 --- a/service/utils/registryutils.go +++ b/service/utils/registryutils.go @@ -23,7 +23,7 @@ import ( "os" "strings" - log "github.com/vmware/harbor/utils/log" + "github.com/vmware/harbor/utils/log" ) // BuildRegistryURL ... @@ -35,7 +35,7 @@ func BuildRegistryURL(segments ...string) string { url := registryURL + "/v2" for _, s := range segments { if s == "v2" { - log.Infof("unnecessary v2 in %v", segments) + log.Debugf("unnecessary v2 in %v", segments) continue } url += "/" + s @@ -60,7 +60,7 @@ func RegistryAPIGet(url, username string) ([]byte, error) { } else if response.StatusCode == http.StatusUnauthorized { authenticate := response.Header.Get("WWW-Authenticate") str := strings.Split(authenticate, " ")[1] - log.Info("url: " + url) + log.Debugf("url: " + url) var service string var scope string strs := strings.Split(str, ",") From e1fa43178aa5f986ce4625a37430da70f2e20642 Mon Sep 17 00:00:00 2001 From: victoriazhengwf Date: Thu, 24 Mar 2016 23:55:53 -0700 Subject: [PATCH 03/23] Use new logger --- api/base.go | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/api/base.go b/api/base.go index 0138c8fd0..2be75f681 100644 --- a/api/base.go +++ b/api/base.go @@ -17,12 +17,12 @@ package api import ( "encoding/json" - "log" "net/http" "github.com/vmware/harbor/auth" "github.com/vmware/harbor/dao" "github.com/vmware/harbor/models" + log "github.com/vmware/harbor/utils/log" "github.com/astaxie/beego" ) @@ -46,7 +46,7 @@ func (b *BaseAPI) RenderError(code int, text string) { func (b *BaseAPI) DecodeJSONReq(v interface{}) { err := json.Unmarshal(b.Ctx.Input.CopyBody(1<<32), v) if err != nil { - beego.Error("Error while decoding the json request:", err) + log.Errorf("Error while decoding the json request, error: %v", err) b.CustomAbort(http.StatusBadRequest, "Invalid json request") } } @@ -56,10 +56,10 @@ func (b *BaseAPI) ValidateUser() int { username, password, ok := b.Ctx.Request.BasicAuth() if ok { - log.Printf("Requst with Basic Authentication header, username: %s", username) + log.Infof("Requst with Basic Authentication header, username: %s", username) user, err := auth.Login(models.AuthModel{username, password}) if err != nil { - log.Printf("Error while trying to login, username: %s, error: %v", username, err) + log.Errorf("Error while trying to login, username: %s, error: %v", username, err) user = nil } if user != nil { @@ -68,17 +68,17 @@ func (b *BaseAPI) ValidateUser() int { } sessionUserID := b.GetSession("userId") if sessionUserID == nil { - beego.Warning("No user id in session, canceling request") + log.Warning("No user id in session, canceling request") b.CustomAbort(http.StatusUnauthorized, "") } userID := sessionUserID.(int) u, err := dao.GetUser(models.User{UserID: userID}) if err != nil { - beego.Error("Error occurred in GetUser:", err) + log.Errorf("Error occurred in GetUser, error: %v", err) b.CustomAbort(http.StatusInternalServerError, "Internal error.") } if u == nil { - beego.Warning("User was deleted already, user id: ", userID, " canceling request.") + log.Warningf("User was deleted already, user id: %d ", userID, " canceling request.") b.CustomAbort(http.StatusUnauthorized, "") } return userID From e5304137008c8afddef71169470142b0415d9408 Mon Sep 17 00:00:00 2001 From: wy65701436 Date: Fri, 25 Mar 2016 00:08:32 -0700 Subject: [PATCH 04/23] update logger for autoenticator.go, passed on docker-compose build --- auth/authenticator.go | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/auth/authenticator.go b/auth/authenticator.go index 14f881cde..78770eb8a 100644 --- a/auth/authenticator.go +++ b/auth/authenticator.go @@ -17,12 +17,11 @@ package auth import ( "fmt" - "log" "os" - "github.com/vmware/harbor/models" + log "github.com/vmware/harbor/utils/log" - "github.com/astaxie/beego" + "github.com/vmware/harbor/models" ) // Authenticator provides interface to authenticate user credentials. @@ -37,7 +36,7 @@ var registry = make(map[string]Authenticator) // Register add different authenticators to registry map. func Register(name string, authenticator Authenticator) { if _, dup := registry[name]; dup { - log.Printf("authenticator: %s has been registered", name) + log.Infof("authenticator: %s has been registered", name) return } registry[name] = authenticator @@ -50,7 +49,7 @@ func Login(m models.AuthModel) (*models.User, error) { if authMode == "" || m.Principal == "admin" { authMode = "db_auth" } - beego.Debug("Current AUTH_MODE is ", authMode) + log.Debug("Current AUTH_MODE is ", authMode) authenticator, ok := registry[authMode] if !ok { From d0da45960da53ed5c602b6c16277eefadc03ef0e Mon Sep 17 00:00:00 2001 From: xiahaoshawn Date: Fri, 25 Mar 2016 17:11:12 +0800 Subject: [PATCH 05/23] add cert directory and nginx.https.conf file --- Deploy/config/nginx/cert/.gitignore | 0 Deploy/config/nginx/nginx.https.conf | 85 ++++++++++++++++++++++++++++ 2 files changed, 85 insertions(+) create mode 100644 Deploy/config/nginx/cert/.gitignore create mode 100644 Deploy/config/nginx/nginx.https.conf diff --git a/Deploy/config/nginx/cert/.gitignore b/Deploy/config/nginx/cert/.gitignore new file mode 100644 index 000000000..e69de29bb diff --git a/Deploy/config/nginx/nginx.https.conf b/Deploy/config/nginx/nginx.https.conf new file mode 100644 index 000000000..0eb9d25f8 --- /dev/null +++ b/Deploy/config/nginx/nginx.https.conf @@ -0,0 +1,85 @@ +worker_processes auto; + +events { + worker_connections 1024; + use epoll; + multi_accept on; +} + +http { + tcp_nodelay on; + + # this is necessary for us to be able to disable request buffering in all cases + proxy_http_version 1.1; + + + upstream registry { + server registry:5000; + } + + upstream ui { + server ui:80; + } + + + server { + listen 443 ssl; + server_name harbordomian.com; + + # SSL + ssl_certificate /etc/nginx/conf.d/harbordomian.crt; + ssl_certificate_key /etc/nginx/conf.d/harbordomian.key; + + # Recommendations from https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html + ssl_protocols TLSv1.1 TLSv1.2; + ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; + ssl_prefer_server_ciphers on; + ssl_session_cache shared:SSL:10m; + + # disable any limits to avoid HTTP 413 for large image uploads + client_max_body_size 0; + + # required to avoid HTTP 411: see Issue #1486 (https://github.com/docker/docker/issues/1486) + chunked_transfer_encoding on; + + location / { + proxy_pass http://ui/; + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_buffering off; + proxy_request_buffering off; + } + + location /v1/ { + return 404; + } + + location /v2/ { + proxy_pass http://registry/v2/; + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_buffering off; + proxy_request_buffering off; + + } + + location /service/ { + proxy_pass http://ui/service/; + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_buffering off; + proxy_request_buffering off; + } + } + server { + listen 80; + server_name harbordomian.com; + rewrite ^/(.*) https://$server_name$1 permanent; + } +} From 43041be61bbe59894514bcd202052e47a3abc26a Mon Sep 17 00:00:00 2001 From: victoriazhengwf Date: Fri, 25 Mar 2016 02:22:07 -0700 Subject: [PATCH 06/23] Update logger for api/base.go --- api/base.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/api/base.go b/api/base.go index 2be75f681..fce36b136 100644 --- a/api/base.go +++ b/api/base.go @@ -78,7 +78,7 @@ func (b *BaseAPI) ValidateUser() int { b.CustomAbort(http.StatusInternalServerError, "Internal error.") } if u == nil { - log.Warningf("User was deleted already, user id: %d ", userID, " canceling request.") + log.Warningf("User was deleted already, user id: %d, canceling request.", userID) b.CustomAbort(http.StatusUnauthorized, "") } return userID From d2eaf6a14857017ab23dfd2b1015d0f3834a6634 Mon Sep 17 00:00:00 2001 From: wy65701436 Date: Fri, 25 Mar 2016 03:17:42 -0700 Subject: [PATCH 07/23] update logger for ldap.go --- auth/ldap/ldap.go | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/auth/ldap/ldap.go b/auth/ldap/ldap.go index bc24cb8fe..43b317721 100644 --- a/auth/ldap/ldap.go +++ b/auth/ldap/ldap.go @@ -18,15 +18,15 @@ package ldap import ( "errors" "fmt" - "log" "os" "strings" + log "github.com/vmware/harbor/utils/log" + "github.com/vmware/harbor/auth" "github.com/vmware/harbor/dao" "github.com/vmware/harbor/models" - "github.com/astaxie/beego" "github.com/mqu/openldap" ) @@ -44,7 +44,7 @@ func (l *Auth) Authenticate(m models.AuthModel) (*models.User, error) { if ldapURL == "" { return nil, errors.New("Can not get any available LDAP_URL.") } - beego.Debug("ldapURL:", ldapURL) + log.Debug("ldapURL:", ldapURL) p := m.Principal for _, c := range metaChars { @@ -66,7 +66,7 @@ func (l *Auth) Authenticate(m models.AuthModel) (*models.User, error) { } baseDn := fmt.Sprintf(ldapBaseDn, m.Principal) - beego.Debug("baseDn:", baseDn) + log.Debug("baseDn:", baseDn) err = ldap.Bind(baseDn, m.Password) if err != nil { @@ -83,7 +83,7 @@ func (l *Auth) Authenticate(m models.AuthModel) (*models.User, error) { return nil, err } if len(result.Entries()) != 1 { - log.Printf("Found more than one entry.") + log.Infof("Found more than one entry.") return nil, nil } en := result.Entries()[0] @@ -100,7 +100,7 @@ func (l *Auth) Authenticate(m models.AuthModel) (*models.User, error) { } } - beego.Debug("username:", u.Username, ",email:", u.Email, ",realname:", u.Realname) + log.Debug("username:", u.Username, ",email:", u.Email, ",realname:", u.Realname) exist, err := dao.UserExists(u, "username") if err != nil { From 317de6ee88c77ba6b07c5017f049e0a5e8650b92 Mon Sep 17 00:00:00 2001 From: wy65701436 Date: Fri, 25 Mar 2016 03:41:10 -0700 Subject: [PATCH 08/23] update logger per comments --- auth/authenticator.go | 2 +- auth/ldap/ldap.go | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/auth/authenticator.go b/auth/authenticator.go index 78770eb8a..1640a842e 100644 --- a/auth/authenticator.go +++ b/auth/authenticator.go @@ -19,7 +19,7 @@ import ( "fmt" "os" - log "github.com/vmware/harbor/utils/log" + "github.com/vmware/harbor/utils/log" "github.com/vmware/harbor/models" ) diff --git a/auth/ldap/ldap.go b/auth/ldap/ldap.go index 43b317721..53d17a174 100644 --- a/auth/ldap/ldap.go +++ b/auth/ldap/ldap.go @@ -21,7 +21,7 @@ import ( "os" "strings" - log "github.com/vmware/harbor/utils/log" + "github.com/vmware/harbor/utils/log" "github.com/vmware/harbor/auth" "github.com/vmware/harbor/dao" @@ -83,7 +83,7 @@ func (l *Auth) Authenticate(m models.AuthModel) (*models.User, error) { return nil, err } if len(result.Entries()) != 1 { - log.Infof("Found more than one entry.") + log.Warningf("Found more than one entry.") return nil, nil } en := result.Entries()[0] From 9ee238d840e3efd5d826d4ed464397421078e537 Mon Sep 17 00:00:00 2001 From: xiahaoshawn Date: Fri, 25 Mar 2016 18:47:33 +0800 Subject: [PATCH 09/23] change tpyo and change nginx.conf to cert --- Deploy/config/nginx/nginx.https.conf | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Deploy/config/nginx/nginx.https.conf b/Deploy/config/nginx/nginx.https.conf index 0eb9d25f8..7e03b9585 100644 --- a/Deploy/config/nginx/nginx.https.conf +++ b/Deploy/config/nginx/nginx.https.conf @@ -24,11 +24,11 @@ http { server { listen 443 ssl; - server_name harbordomian.com; + server_name harbordomain.com; # SSL - ssl_certificate /etc/nginx/conf.d/harbordomian.crt; - ssl_certificate_key /etc/nginx/conf.d/harbordomian.key; + ssl_certificate /etc/nginx/cert/harbordomain.crt; + ssl_certificate_key /etc/nginx/cert/harbordomain.key; # Recommendations from https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html ssl_protocols TLSv1.1 TLSv1.2; @@ -79,7 +79,7 @@ http { } server { listen 80; - server_name harbordomian.com; + server_name harbordomain.com; rewrite ^/(.*) https://$server_name$1 permanent; } } From cea9cca52ae0a03cff1f4eaa2e0143b12815343d Mon Sep 17 00:00:00 2001 From: Jack Liu Date: Sun, 27 Mar 2016 00:18:11 +0800 Subject: [PATCH 10/23] Update to use placeholder --- service/notification.go | 6 +++--- service/token.go | 2 +- service/utils/authutils.go | 2 +- service/utils/cache.go | 2 +- service/utils/registryutils.go | 2 +- 5 files changed, 7 insertions(+), 7 deletions(-) diff --git a/service/notification.go b/service/notification.go index 9e9cdd97f..7f35f8b67 100644 --- a/service/notification.go +++ b/service/notification.go @@ -43,7 +43,7 @@ func (n *NotificationHandler) Post() { err := json.Unmarshal(n.Ctx.Input.CopyBody(1<<32), ¬ification) if err != nil { - log.Error("error while decoding json: ", err) + log.Errorf("error while decoding json: %v", err) return } var username, action, repo, project string @@ -51,7 +51,7 @@ func (n *NotificationHandler) Post() { for _, e := range notification.Events { matched, err = regexp.MatchString(manifestPattern, e.Target.MediaType) if err != nil { - log.Error("Failed to match the media type against pattern, error: ", err) + log.Errorf("Failed to match the media type against pattern, error: %v", err) matched = false } if matched && strings.HasPrefix(e.Request.UserAgent, "docker") { @@ -69,7 +69,7 @@ func (n *NotificationHandler) Post() { go func() { err2 := svc_utils.RefreshCatalogCache() if err2 != nil { - log.Error("Error happens when refreshing cache:", err2) + log.Errorf("Error happens when refreshing cache: %v", err2) } }() } diff --git a/service/token.go b/service/token.go index d30f44e9a..b274be3f8 100644 --- a/service/token.go +++ b/service/token.go @@ -38,7 +38,7 @@ type TokenHandler struct { func (a *TokenHandler) Get() { request := a.Ctx.Request - log.Infof("request url: " + request.URL.String()) + log.Infof("request url: %v", request.URL.String()) username, password, _ := request.BasicAuth() authenticated := authenticate(username, password) service := a.GetString("service") diff --git a/service/utils/authutils.go b/service/utils/authutils.go index d8abc917b..4c00dd579 100644 --- a/service/utils/authutils.go +++ b/service/utils/authutils.go @@ -78,7 +78,7 @@ func FilterAccess(username string, authenticated bool, a *token.ResourceActions) permission = "RW" } else { permission = "" - log.Infof("project %s does not exist, set empty permission for admin", projectName) + log.Infof("project %s does not exist, set empty permission for admin\n", projectName) } } else { permission, err = dao.GetPermission(username, projectName) diff --git a/service/utils/cache.go b/service/utils/cache.go index b44cf7031..81ec5a52b 100644 --- a/service/utils/cache.go +++ b/service/utils/cache.go @@ -34,7 +34,7 @@ func init() { var err error Cache, err = cache.NewCache("memory", `{"interval":720}`) if err != nil { - log.Error("Failed to initialize cache, error:", err) + log.Errorf("Failed to initialize cache, error:%v", err) } } diff --git a/service/utils/registryutils.go b/service/utils/registryutils.go index 153398a3b..97c4b53f8 100644 --- a/service/utils/registryutils.go +++ b/service/utils/registryutils.go @@ -60,7 +60,7 @@ func RegistryAPIGet(url, username string) ([]byte, error) { } else if response.StatusCode == http.StatusUnauthorized { authenticate := response.Header.Get("WWW-Authenticate") str := strings.Split(authenticate, " ")[1] - log.Debugf("url: " + url) + log.Debugf("url: %s", url) var service string var scope string strs := strings.Split(str, ",") From 474ae23cdbcfabf278d12ee3f40071229e333267 Mon Sep 17 00:00:00 2001 From: victoriazhengwf Date: Sun, 27 Mar 2016 17:50:09 -0700 Subject: [PATCH 11/23] Use new logger for api package --- api/base.go | 2 +- api/member.go | 43 ++++++++++++++++++++++--------------------- api/project.go | 28 ++++++++++++++-------------- api/repository.go | 19 ++++++++++--------- api/search.go | 5 +++-- api/user.go | 27 ++++++++++++++------------- api/utils.go | 7 ++++--- 7 files changed, 68 insertions(+), 63 deletions(-) diff --git a/api/base.go b/api/base.go index fce36b136..33f20ad1f 100644 --- a/api/base.go +++ b/api/base.go @@ -22,7 +22,7 @@ import ( "github.com/vmware/harbor/auth" "github.com/vmware/harbor/dao" "github.com/vmware/harbor/models" - log "github.com/vmware/harbor/utils/log" + "github.com/vmware/harbor/utils/log" "github.com/astaxie/beego" ) diff --git a/api/member.go b/api/member.go index 2e9243d12..6a681f3f9 100644 --- a/api/member.go +++ b/api/member.go @@ -21,6 +21,7 @@ import ( "github.com/vmware/harbor/dao" "github.com/vmware/harbor/models" + "github.com/vmware/harbor/utils/log" "github.com/astaxie/beego" ) @@ -43,18 +44,18 @@ type memberReq struct { func (pma *ProjectMemberAPI) Prepare() { pid, err := strconv.ParseInt(pma.Ctx.Input.Param(":pid"), 10, 64) if err != nil { - beego.Error("Error parsing project id:", pid, ", error:", err) + log.Errorf("Error parsing project id: %d, error: %v", pid, err) pma.CustomAbort(http.StatusBadRequest, "invalid project Id") return } p, err := dao.GetProjectByID(pid) if err != nil { - beego.Error("Error occurred in GetProjectById:", err) + log.Errorf("Error occurred in GetProjectById, error: %v", err) pma.CustomAbort(http.StatusInternalServerError, "Internal error.") } if p == nil { - beego.Warning("Project with id:", pid, "does not exist.") + log.Warningf("Project with id: %d does not exist.", pid) pma.CustomAbort(http.StatusNotFound, "Project does not exist") } pma.project = p @@ -67,7 +68,7 @@ func (pma *ProjectMemberAPI) Prepare() { } else if len(mid) > 0 { memberID, err := strconv.Atoi(mid) if err != nil { - beego.Error("Invalid member Id, error:", err) + log.Errorf("Invalid member Id, error: %v", err) pma.CustomAbort(http.StatusBadRequest, "Invalid member id") } pma.memberID = memberID @@ -78,7 +79,7 @@ func (pma *ProjectMemberAPI) Prepare() { func (pma *ProjectMemberAPI) Get() { pid := pma.project.ProjectID if !checkProjectPermission(pma.currentUserID, pid) { - beego.Warning("Current user, user id :", pma.currentUserID, "does not have permission for project, id:", pid) + log.Warningf("Current user, user id: %d does not have permission for project, id: %d", pma.currentUserID, pid) pma.RenderError(http.StatusForbidden, "") return } @@ -87,7 +88,7 @@ func (pma *ProjectMemberAPI) Get() { queryUser := models.User{Username: "%" + username + "%"} userList, err := dao.GetUserByProject(pid, queryUser) if err != nil { - beego.Error("Failed to query database for member list, error:", err) + log.Errorf("Failed to query database for member list, error: %v", err) pma.RenderError(http.StatusInternalServerError, "Internal Server Error") return } @@ -95,14 +96,14 @@ func (pma *ProjectMemberAPI) Get() { } else { //return detail of a member roleList, err := dao.GetUserProjectRoles(models.User{UserID: pma.memberID}, pid) if err != nil { - beego.Error("Error occurred in GetUserProjectRoles:", err) + log.Errorf("Error occurred in GetUserProjectRoles, error: %v", err) pma.CustomAbort(http.StatusInternalServerError, "Internal error.") } //return empty role list to indicate if a user is not a member result := make(map[string]interface{}) user, err := dao.GetUser(models.User{UserID: pma.memberID}) if err != nil { - beego.Error("Error occurred in GetUser:", err) + log.Errorf("Error occurred in GetUser, error: %v", err) pma.CustomAbort(http.StatusInternalServerError, "Internal error.") } result["user_name"] = user.Username @@ -119,11 +120,11 @@ func (pma *ProjectMemberAPI) Post() { userQuery := models.User{UserID: pma.currentUserID, RoleID: models.PROJECTADMIN} rolelist, err := dao.GetUserProjectRoles(userQuery, pid) if err != nil { - beego.Error("Error occurred in GetUserProjectRoles:", err) + log.Errorf("Error occurred in GetUserProjectRoles, error: %v", err) pma.CustomAbort(http.StatusInternalServerError, "Internal error.") } if len(rolelist) == 0 { - beego.Warning("Current user, id:", pma.currentUserID, "does not have project admin role for project, id:", pid) + log.Warningf("Current user, id: %d does not have project admin role for project, id: %d", pma.currentUserID, pid) pma.RenderError(http.StatusForbidden, "") return } @@ -132,17 +133,17 @@ func (pma *ProjectMemberAPI) Post() { username := req.Username userID := checkUserExists(username) if userID <= 0 { - beego.Warning("User does not exist, user name:", username) + log.Warningf("User does not exist, user name: %s", username) pma.RenderError(http.StatusNotFound, "User does not exist") return } rolelist, err = dao.GetUserProjectRoles(models.User{UserID: userID}, pid) if err != nil { - beego.Error("Error occurred in GetUserProjectRoles:", err) + log.Errorf("Error occurred in GetUserProjectRoles, error: %v", err) pma.CustomAbort(http.StatusInternalServerError, "Internal error.") } if len(rolelist) > 0 { - beego.Warning("user is already added to project, user id:", userID, ", project id:", pid) + log.Warningf("user is already added to project, user id: %d, project id: %d", userID, pid) pma.RenderError(http.StatusConflict, "user is ready in project") return } @@ -150,7 +151,7 @@ func (pma *ProjectMemberAPI) Post() { for _, rid := range req.Roles { err = dao.AddUserProjectRole(userID, pid, int(rid)) if err != nil { - beego.Error("Failed to update DB to add project user role, project id:", pid, ", user id:", userID, ", role id:", rid) + log.Errorf("Failed to update DB to add project user role, project id: %d, user id: %d, role id: %d", pid, userID, rid) pma.RenderError(http.StatusInternalServerError, "Failed to update data in database") return } @@ -164,11 +165,11 @@ func (pma *ProjectMemberAPI) Put() { userQuery := models.User{UserID: pma.currentUserID, RoleID: models.PROJECTADMIN} rolelist, err := dao.GetUserProjectRoles(userQuery, pid) if err != nil { - beego.Error("Error occurred in GetUserProjectRoles:", err) + log.Errorf("Error occurred in GetUserProjectRoles, error: %v", err) pma.CustomAbort(http.StatusInternalServerError, "Internal error.") } if len(rolelist) == 0 { - beego.Warning("Current user, id:", pma.currentUserID, ", does not have project admin role for project, id:", pid) + log.Warningf("Current user, id: %d does not have project admin role for project, id: %d", pma.currentUserID, pid) pma.RenderError(http.StatusForbidden, "") return } @@ -176,7 +177,7 @@ func (pma *ProjectMemberAPI) Put() { pma.DecodeJSONReq(&req) roleList, err := dao.GetUserProjectRoles(models.User{UserID: mid}, pid) if len(roleList) == 0 { - beego.Warning("User is not in project, user id:", mid, ", project id:", pid) + log.Warningf("User is not in project, user id: %d, project id: %d", mid, pid) pma.RenderError(http.StatusNotFound, "user not exist in project") return } @@ -184,7 +185,7 @@ func (pma *ProjectMemberAPI) Put() { //delete user project role record for the given user err = dao.DeleteUserProjectRoles(mid, pid) if err != nil { - beego.Error("Failed to delete project roles for user, user id:", mid, ", project id: ", pid, ", error: ", err) + log.Errorf("Failed to delete project roles for user, user id: %d, project id: %d, error: %v", mid, pid, err) pma.RenderError(http.StatusInternalServerError, "Failed to update data in DB") return } @@ -192,7 +193,7 @@ func (pma *ProjectMemberAPI) Put() { for _, rid := range req.Roles { err = dao.AddUserProjectRole(mid, pid, int(rid)) if err != nil { - beego.Error("Failed to update DB to add project user role, project id:", pid, ", user id:", mid, ", role id:", rid) + log.Errorf("Failed to update DB to add project user role, project id: %d, user id: %d, role id: %d", pid, mid, rid) pma.RenderError(http.StatusInternalServerError, "Failed to update data in database") return } @@ -206,13 +207,13 @@ func (pma *ProjectMemberAPI) Delete() { userQuery := models.User{UserID: pma.currentUserID, RoleID: models.PROJECTADMIN} rolelist, err := dao.GetUserProjectRoles(userQuery, pid) if len(rolelist) == 0 { - beego.Warning("Current user, id:", pma.currentUserID, ", does not have project admin role for project, id:", pid) + log.Warningf("Current user, id: %d does not have project admin role for project, id: %d", pma.currentUserID, pid) pma.RenderError(http.StatusForbidden, "") return } err = dao.DeleteUserProjectRoles(mid, pid) if err != nil { - beego.Error("Failed to delete project roles for user, user id:", mid, ", project id:", pid, ", error:", err) + log.Errorf("Failed to delete project roles for user, user id: %d, project id: %d, error: %v", mid, pid, err) pma.RenderError(http.StatusInternalServerError, "Failed to update data in DB") return } diff --git a/api/project.go b/api/project.go index fc8c86f33..04d538ead 100644 --- a/api/project.go +++ b/api/project.go @@ -17,11 +17,11 @@ package api import ( "fmt" - "log" "net/http" "github.com/vmware/harbor/dao" "github.com/vmware/harbor/models" + "github.com/vmware/harbor/utils/log" "strconv" "time" @@ -51,12 +51,12 @@ func (p *ProjectAPI) Prepare() { var err error p.projectID, err = strconv.ParseInt(idStr, 10, 64) if err != nil { - log.Printf("Error parsing project id: %s, error: %v", idStr, err) + log.Errorf("Error parsing project id: %s, error: %v", idStr, err) p.CustomAbort(http.StatusBadRequest, "invalid project id") } exist, err := dao.ProjectExists(p.projectID) if err != nil { - log.Printf("Error occurred in ProjectExists: %v", err) + log.Errorf("Error occurred in ProjectExists, error: %v", err) p.CustomAbort(http.StatusInternalServerError, "Internal error.") } if !exist { @@ -75,14 +75,14 @@ func (p *ProjectAPI) Post() { } err := validateProjectReq(req) if err != nil { - beego.Error("Invalid project request, error: ", err) + log.Errorf("Invalid project request, error: %v", err) p.RenderError(http.StatusBadRequest, "Invalid request for creating project") return } projectName := req.ProjectName exist, err := dao.ProjectExists(projectName) if err != nil { - beego.Error("Error happened checking project existence in db:", err, ", project name:", projectName) + log.Errorf("Error happened checking project existence in db, error: %v, project name: %s", err, projectName) } if exist { p.RenderError(http.StatusConflict, "") @@ -91,7 +91,7 @@ func (p *ProjectAPI) Post() { project := models.Project{OwnerID: p.userID, Name: projectName, CreationTime: time.Now(), Public: public} err = dao.AddProject(project) if err != nil { - beego.Error("Failed to add project, error: ", err) + log.Errorf("Failed to add project, error: %v", err) p.RenderError(http.StatusInternalServerError, "Failed to add project") } } @@ -101,7 +101,7 @@ func (p *ProjectAPI) Head() { projectName := p.GetString("project_name") result, err := dao.ProjectExists(projectName) if err != nil { - beego.Error("Error while communicating with DB: ", err) + log.Errorf("Error while communicating with DB, error: %v", err) p.RenderError(http.StatusInternalServerError, "Error while communicating with DB") return } @@ -123,7 +123,7 @@ func (p *ProjectAPI) Get() { projectList, err := dao.QueryProject(queryProject) if err != nil { - beego.Error("Error occurred in QueryProject:", err) + log.Errorf("Error occurred in QueryProject, error: %v", err) p.CustomAbort(http.StatusInternalServerError, "Internal error.") } for i := 0; i < len(projectList); i++ { @@ -142,7 +142,7 @@ func (p *ProjectAPI) Put() { projectID, err := strconv.ParseInt(p.Ctx.Input.Param(":id"), 10, 64) if err != nil { - beego.Error("Error parsing project id:", projectID, ", error: ", err) + log.Errorf("Error parsing project id: %d, error: %v", projectID, err) p.RenderError(http.StatusBadRequest, "invalid project id") return } @@ -152,13 +152,13 @@ func (p *ProjectAPI) Put() { public = 1 } if !isProjectAdmin(p.userID, projectID) { - beego.Warning("Current user, id:", p.userID, ", does not have project admin role for project, id:", projectID) + log.Warningf("Current user, id: %d does not have project admin role for project, id: %d", p.userID, projectID) p.RenderError(http.StatusForbidden, "") return } err = dao.ToggleProjectPublicity(p.projectID, public) if err != nil { - beego.Error("Error while updating project, project id:", projectID, ", error:", err) + log.Errorf("Error while updating project, project id: %d, error: %v", projectID, err) p.RenderError(http.StatusInternalServerError, "Failed to update project") } } @@ -177,11 +177,11 @@ func (p *ProjectAPI) FilterAccessLog() { query := models.AccessLog{ProjectID: p.projectID, Username: "%" + username + "%", Keywords: keywords, BeginTime: beginTime, BeginTimestamp: filter.BeginTimestamp, EndTime: endTime, EndTimestamp: filter.EndTimestamp} - log.Printf("Query AccessLog: begin: %v, end: %v, keywords: %s", query.BeginTime, query.EndTime, query.Keywords) + log.Infof("Query AccessLog: begin: %v, end: %v, keywords: %s", query.BeginTime, query.EndTime, query.Keywords) accessLogList, err := dao.GetAccessLogs(query) if err != nil { - log.Printf("Error occurred in GetAccessLogs: %v", err) + log.Errorf("Error occurred in GetAccessLogs, error: %v", err) p.CustomAbort(http.StatusInternalServerError, "Internal error.") } p.Data["json"] = accessLogList @@ -192,7 +192,7 @@ func isProjectAdmin(userID int, pid int64) bool { userQuery := models.User{UserID: userID, RoleID: models.PROJECTADMIN} rolelist, err := dao.GetUserProjectRoles(userQuery, pid) if err != nil { - beego.Error("Error occurred in GetUserProjectRoles:", err, ", returning false") + log.Errorf("Error occurred in GetUserProjectRoles, returning false, error: %v", err) return false } return len(rolelist) > 0 diff --git a/api/repository.go b/api/repository.go index 7fec81068..b7ba6625d 100644 --- a/api/repository.go +++ b/api/repository.go @@ -25,6 +25,7 @@ import ( "github.com/vmware/harbor/dao" "github.com/vmware/harbor/models" svc_utils "github.com/vmware/harbor/service/utils" + "github.com/vmware/harbor/utils/log" "github.com/astaxie/beego" ) @@ -49,7 +50,7 @@ func (ra *RepositoryAPI) Prepare() { } username, ok := ra.GetSession("username").(string) if !ok { - beego.Warning("failed to get username from session") + log.Warning("failed to get username from session") ra.username = "" } else { ra.username = username @@ -60,17 +61,17 @@ func (ra *RepositoryAPI) Prepare() { func (ra *RepositoryAPI) Get() { projectID, err0 := ra.GetInt64("project_id") if err0 != nil { - beego.Error("Failed to get project id, error:", err0) + log.Errorf("Failed to get project id, error: %v", err0) ra.RenderError(http.StatusBadRequest, "Invalid project id") return } p, err := dao.GetProjectByID(projectID) if err != nil { - beego.Error("Error occurred in GetProjectById:", err) + log.Errorf("Error occurred in GetProjectById, error: %v", err) ra.CustomAbort(http.StatusInternalServerError, "Internal error.") } if p == nil { - beego.Warning("Project with Id:", projectID, ", does not exist") + log.Warningf("Project with Id: %d does not exist", projectID) ra.RenderError(http.StatusNotFound, "") return } @@ -80,7 +81,7 @@ func (ra *RepositoryAPI) Get() { } repoList, err := svc_utils.GetRepoFromCache() if err != nil { - beego.Error("Failed to get repo from cache, error:", err) + log.Errorf("Failed to get repo from cache, error: %v", err) ra.RenderError(http.StatusInternalServerError, "internal sever error") } projectName := p.Name @@ -131,7 +132,7 @@ func (ra *RepositoryAPI) GetTags() { repoName := ra.GetString("repo_name") result, err := svc_utils.RegistryAPIGet(svc_utils.BuildRegistryURL(repoName, "tags", "list"), ra.username) if err != nil { - beego.Error("Failed to get repo tags, repo name:", repoName, ", error: ", err) + log.Errorf("Failed to get repo tags, repo name: %s, error: %v", repoName, err) ra.RenderError(http.StatusInternalServerError, "Failed to get repo tags") } else { t := tag{} @@ -151,14 +152,14 @@ func (ra *RepositoryAPI) GetManifests() { result, err := svc_utils.RegistryAPIGet(svc_utils.BuildRegistryURL(repoName, "manifests", tag), ra.username) if err != nil { - beego.Error("Failed to get manifests for repo, repo name:", repoName, ", tag:", tag, ", error:", err) + log.Errorf("Failed to get manifests for repo, repo name: %s, tag: %s, error: %v", repoName, tag, err) ra.RenderError(http.StatusInternalServerError, "Internal Server Error") return } mani := manifest{} err = json.Unmarshal(result, &mani) if err != nil { - beego.Error("Failed to decode json from response for manifests, repo name:", repoName, ", tag:", tag, ", error:", err) + log.Errorf("Failed to decode json from response for manifests, repo name: %s, tag: %s, error: %v", repoName, tag, err) ra.RenderError(http.StatusInternalServerError, "Internal Server Error") return } @@ -166,7 +167,7 @@ func (ra *RepositoryAPI) GetManifests() { err = json.Unmarshal([]byte(v1Compatibility), &item) if err != nil { - beego.Error("Failed to decode V1 field for repo, repo name:", repoName, ", tag:", tag, ", error:", err) + log.Errorf("Failed to decode V1 field for repo, repo name: %s, tag: %s, error: %v", repoName, tag, err) ra.RenderError(http.StatusInternalServerError, "Internal Server Error") return } diff --git a/api/search.go b/api/search.go index fe6f76f26..ff9ebc8ff 100644 --- a/api/search.go +++ b/api/search.go @@ -24,6 +24,7 @@ import ( "github.com/vmware/harbor/models" svc_utils "github.com/vmware/harbor/service/utils" "github.com/vmware/harbor/utils" + "github.com/vmware/harbor/utils/log" "github.com/astaxie/beego" ) @@ -47,7 +48,7 @@ func (n *SearchAPI) Get() { keyword := n.GetString("q") projects, err := dao.QueryRelevantProjects(userID) if err != nil { - beego.Error("Failed to get projects of user id:", userID, ", error:", err) + log.Errorf("Failed to get projects of user id: %d, error: %v", userID, err) n.CustomAbort(http.StatusInternalServerError, "Failed to get project search result") } projectSorter := &utils.ProjectSorter{Projects: projects} @@ -69,7 +70,7 @@ func (n *SearchAPI) Get() { repositories, err2 := svc_utils.GetRepoFromCache() if err2 != nil { - beego.Error("Failed to get repos from cache, error :", err2) + log.Errorf("Failed to get repos from cache, error: %v", err2) n.CustomAbort(http.StatusInternalServerError, "Failed to get repositories search result") } sort.Strings(repositories) diff --git a/api/user.go b/api/user.go index e104520c8..0ccca4287 100644 --- a/api/user.go +++ b/api/user.go @@ -21,6 +21,7 @@ import ( "github.com/vmware/harbor/dao" "github.com/vmware/harbor/models" + "github.com/vmware/harbor/utils/log" "github.com/astaxie/beego" ) @@ -43,17 +44,17 @@ func (ua *UserAPI) Prepare() { var err error ua.userID, err = strconv.Atoi(id) if err != nil { - beego.Error("Invalid user id, error:", err) + log.Errorf("Invalid user id, error: %v", err) ua.CustomAbort(http.StatusBadRequest, "Invalid user Id") } userQuery := models.User{UserID: ua.userID} u, err := dao.GetUser(userQuery) if err != nil { - beego.Error("Error occurred in GetUser:", err) + log.Errorf("Error occurred in GetUser, error: %v", err) ua.CustomAbort(http.StatusInternalServerError, "Internal error.") } if u == nil { - beego.Error("User with Id:", ua.userID, "does not exist") + log.Errorf("User with Id: %d does not exist", ua.userID) ua.CustomAbort(http.StatusNotFound, "") } } @@ -63,13 +64,13 @@ func (ua *UserAPI) Prepare() { func (ua *UserAPI) Get() { exist, err := dao.IsAdminRole(ua.currentUserID) if err != nil { - beego.Error("Error occurred in IsAdminRole:", err) + log.Errorf("Error occurred in IsAdminRole, error: %v", err) ua.CustomAbort(http.StatusInternalServerError, "Internal error.") } if ua.userID == 0 { //list users if !exist { - beego.Error("Current user, id:", ua.currentUserID, ", does not have admin role, can not list users") + log.Errorf("Current user, id: %d does not have admin role, can not list users", ua.currentUserID) ua.RenderError(http.StatusForbidden, "User does not have admin role") return } @@ -80,7 +81,7 @@ func (ua *UserAPI) Get() { } userList, err := dao.ListUsers(userQuery) if err != nil { - beego.Error("Failed to get data from database, error:", err) + log.Errorf("Failed to get data from database, error: %v", err) ua.RenderError(http.StatusInternalServerError, "Failed to query from database") return } @@ -90,12 +91,12 @@ func (ua *UserAPI) Get() { userQuery := models.User{UserID: ua.userID} u, err := dao.GetUser(userQuery) if err != nil { - beego.Error("Error occurred in GetUser:", err) + log.Errorf("Error occurred in GetUser, error: %v", err) ua.CustomAbort(http.StatusInternalServerError, "Internal error.") } ua.Data["json"] = u } else { - beego.Error("Current user, id:", ua.currentUserID, "does not have admin role, can not view other user's detail") + log.Errorf("Current user, id: %d does not have admin role, can not view other user's detail", ua.currentUserID) ua.RenderError(http.StatusForbidden, "User does not have admin role") return } @@ -106,11 +107,11 @@ func (ua *UserAPI) Get() { func (ua *UserAPI) Put() { //currently only for toggle admin, so no request body exist, err := dao.IsAdminRole(ua.currentUserID) if err != nil { - beego.Error("Error occurred in IsAdminRole:", err) + log.Errorf("Error occurred in IsAdminRole, error: %v", err) ua.CustomAbort(http.StatusInternalServerError, "Internal error.") } if !exist { - beego.Warning("current user, id:", ua.currentUserID, ", does not have admin role, can not update other user's role") + log.Warningf("current user, id: %d does not have admin role, can not update other user's role", ua.currentUserID) ua.RenderError(http.StatusForbidden, "User does not have admin role") return } @@ -122,17 +123,17 @@ func (ua *UserAPI) Put() { //currently only for toggle admin, so no request body func (ua *UserAPI) Delete() { exist, err := dao.IsAdminRole(ua.currentUserID) if err != nil { - beego.Error("Error occurred in IsAdminRole:", err) + log.Errorf("Error occurred in IsAdminRole, error: %v", err) ua.CustomAbort(http.StatusInternalServerError, "Internal error.") } if !exist { - beego.Warning("current user, id:", ua.currentUserID, ", does not have admin role, can not remove user") + log.Warningf("current user, id: %d does not have admin role, can not remove user", ua.currentUserID) ua.RenderError(http.StatusForbidden, "User does not have admin role") return } err = dao.DeleteUser(ua.userID) if err != nil { - beego.Error("Failed to delete data from database, error:", err) + log.Errorf("Failed to delete data from database, error: %v", err) ua.RenderError(http.StatusInternalServerError, "Failed to delete User") return } diff --git a/api/utils.go b/api/utils.go index 700bf9fb9..bebff3d90 100644 --- a/api/utils.go +++ b/api/utils.go @@ -18,6 +18,7 @@ package api import ( "github.com/vmware/harbor/dao" "github.com/vmware/harbor/models" + "github.com/vmware/harbor/utils/log" "github.com/astaxie/beego" ) @@ -25,7 +26,7 @@ import ( func checkProjectPermission(userID int, projectID int64) bool { exist, err := dao.IsAdminRole(userID) if err != nil { - beego.Error("Error occurred in IsAdminRole:", err) + log.Errorf("Error occurred in IsAdminRole, error: %v", err) return false } if exist { @@ -33,7 +34,7 @@ func checkProjectPermission(userID int, projectID int64) bool { } roleList, err := dao.GetUserProjectRoles(models.User{UserID: userID}, projectID) if err != nil { - beego.Error("Error occurred in GetUserProjectRoles:", err) + log.Errorf("Error occurred in GetUserProjectRoles, error: %v", err) return false } return len(roleList) > 0 @@ -42,7 +43,7 @@ func checkProjectPermission(userID int, projectID int64) bool { func checkUserExists(name string) int { u, err := dao.GetUser(models.User{Username: name}) if err != nil { - beego.Error("Error occurred in GetUser:", err) + log.Errorf("Error occurred in GetUser, error: %v", err) return 0 } if u != nil { From c8f3644622a87f36846661c0e800ef582f57511d Mon Sep 17 00:00:00 2001 From: victoriazhengwf Date: Sun, 27 Mar 2016 18:13:33 -0700 Subject: [PATCH 12/23] Remove 'import beego' in api package --- api/base.go | 2 -- api/member.go | 2 -- api/project.go | 2 -- api/repository.go | 2 -- api/search.go | 2 -- api/user.go | 2 -- api/utils.go | 2 -- 7 files changed, 14 deletions(-) diff --git a/api/base.go b/api/base.go index 33f20ad1f..70f6c509d 100644 --- a/api/base.go +++ b/api/base.go @@ -23,8 +23,6 @@ import ( "github.com/vmware/harbor/dao" "github.com/vmware/harbor/models" "github.com/vmware/harbor/utils/log" - - "github.com/astaxie/beego" ) // BaseAPI wraps common methods for controllers to host API diff --git a/api/member.go b/api/member.go index 6a681f3f9..e286caa00 100644 --- a/api/member.go +++ b/api/member.go @@ -22,8 +22,6 @@ import ( "github.com/vmware/harbor/dao" "github.com/vmware/harbor/models" "github.com/vmware/harbor/utils/log" - - "github.com/astaxie/beego" ) // ProjectMemberAPI handles request to /api/projects/{}/members/{} diff --git a/api/project.go b/api/project.go index 04d538ead..d9553902f 100644 --- a/api/project.go +++ b/api/project.go @@ -25,8 +25,6 @@ import ( "strconv" "time" - - "github.com/astaxie/beego" ) // ProjectAPI handles request to /api/projects/{} /api/projects/{}/logs diff --git a/api/repository.go b/api/repository.go index b7ba6625d..0ce3cf8d1 100644 --- a/api/repository.go +++ b/api/repository.go @@ -26,8 +26,6 @@ import ( "github.com/vmware/harbor/models" svc_utils "github.com/vmware/harbor/service/utils" "github.com/vmware/harbor/utils/log" - - "github.com/astaxie/beego" ) // RepositoryAPI handles request to /api/repositories /api/repositories/tags /api/repositories/manifests, the parm has to be put diff --git a/api/search.go b/api/search.go index ff9ebc8ff..043e5408f 100644 --- a/api/search.go +++ b/api/search.go @@ -25,8 +25,6 @@ import ( svc_utils "github.com/vmware/harbor/service/utils" "github.com/vmware/harbor/utils" "github.com/vmware/harbor/utils/log" - - "github.com/astaxie/beego" ) // SearchAPI handles requesst to /api/search diff --git a/api/user.go b/api/user.go index 0ccca4287..482ab319b 100644 --- a/api/user.go +++ b/api/user.go @@ -22,8 +22,6 @@ import ( "github.com/vmware/harbor/dao" "github.com/vmware/harbor/models" "github.com/vmware/harbor/utils/log" - - "github.com/astaxie/beego" ) // UserAPI handles request to /api/users/{} diff --git a/api/utils.go b/api/utils.go index bebff3d90..2246138df 100644 --- a/api/utils.go +++ b/api/utils.go @@ -19,8 +19,6 @@ import ( "github.com/vmware/harbor/dao" "github.com/vmware/harbor/models" "github.com/vmware/harbor/utils/log" - - "github.com/astaxie/beego" ) func checkProjectPermission(userID int, projectID int64) bool { From da326282ea37c32fb52b07a6e6ea5bb7a80f9cf1 Mon Sep 17 00:00:00 2001 From: victoriazhengwf Date: Sun, 27 Mar 2016 18:17:56 -0700 Subject: [PATCH 13/23] Import beego in api/base.go --- api/base.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/api/base.go b/api/base.go index 70f6c509d..33f20ad1f 100644 --- a/api/base.go +++ b/api/base.go @@ -23,6 +23,8 @@ import ( "github.com/vmware/harbor/dao" "github.com/vmware/harbor/models" "github.com/vmware/harbor/utils/log" + + "github.com/astaxie/beego" ) // BaseAPI wraps common methods for controllers to host API From 45929455e49673394ff5e07525f51b531f979dc5 Mon Sep 17 00:00:00 2001 From: xiahaoshawn Date: Mon, 28 Mar 2016 15:48:14 +0800 Subject: [PATCH 14/23] add https configure doc and change docker-compose proxy volumes --- Deploy/docker-compose.yml | 2 +- docs/configure_https.md | 80 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 81 insertions(+), 1 deletion(-) create mode 100644 docs/configure_https.md diff --git a/Deploy/docker-compose.yml b/Deploy/docker-compose.yml index 566a02938..d7a3ba547 100644 --- a/Deploy/docker-compose.yml +++ b/Deploy/docker-compose.yml @@ -49,7 +49,7 @@ ui: proxy: image: library/nginx:1.9 volumes: - - ./config/nginx/nginx.conf:/etc/nginx/nginx.conf + - ./config/nginx:/etc/nginx links: - ui - registry diff --git a/docs/configure_https.md b/docs/configure_https.md new file mode 100644 index 000000000..00e1f796e --- /dev/null +++ b/docs/configure_https.md @@ -0,0 +1,80 @@ +#Configure Harbor with HTTPS Access + +Because Harbor does not ship with any certificates, it uses HTTP by default to serve registry requests. This makes it relative simple to configure. However, it is highly recommended that security be enabled for any production environment. Harbor has an Nginx instance as a reverse proxy for all services, you can configure Nginx to enable https. + +##Get a certificate + +Assuming that your registry’s domain is harbordomain.com, and that its DNS record points to the host where you are running Harbor, you first should get a certificate from a CA. The certificate usually contains a .crt file and a .key file, for example, harbordomain.crt and harbordomain.key. + +In a test or development environment, you may choose to use a self-signed certificate instead of the one from a CA. The below command generates your own certificate: +``` +openssl req \ + -newkey rsa:4096 -nodes -sha256 -keyout harbordomain.key \ + -x509 -days 365 -out harbordomain.crt +``` +Be sure to use harbordomain as a CN. + +##Configuration of Nginx +After obtaining the .crt and .key files, change the directory to Deploy/config/nginx in Harbor project. +``` + cd Deploy/config/nginx +``` +Create a new directory “cert/” if it does not exist. Then copy harbordomain.crt and harbordomain.key to cert/. + +Rename the existing configuration file of Nginx: +``` + mv nginx.conf nginx.conf.bak +``` +Copy the template nginx.https.conf as the new configuration file: +``` + cp nginx.https.conf nginx.conf +``` +Edit the file nginx.conf and replace two occurrences of harbordomain.com to your own domain name. +``` + server { + listen 443 ssl; + server_name harbordomain.com; + +… + + server { + listen 80; + server_name harbordomain.com; + rewrite ^/(.*) https://$server_name$1 permanent; +``` + + +Then look for the SSL section to make sure the files of your certificates match the names in the config file. +``` +… + # SSL + ssl_certificate /etc/nginx/cert/harbordomain.crt; + ssl_certificate_key /etc/nginx/cert/harbordomain.key; +``` +Save your changes in nginx.conf. + +##Installation of Harbor +Next, edit the file Deploy/harbor.cfg , update the hostname and the protocol: +``` + #set hostname + hostname = habordomain.com + #set ui_url_protocol + ui_url_protocol = https +``` + + +Generate configuration files for Harbor: +``` + ./prepare +``` +If Harbor is already running, stop and remove the existing instance: +``` + docker-compose stop + docker-compose rm +``` + +Finally, restart Harbor: +``` + docker-compose up –d +``` + From a2f665887270f0a52e2f690d08bcd2d964a1ed1e Mon Sep 17 00:00:00 2001 From: Henry Zhang Date: Mon, 28 Mar 2016 22:21:06 +0800 Subject: [PATCH 15/23] README update --- README.md | 118 +++++++++++++++++++++++++++++------------------------- 1 file changed, 63 insertions(+), 55 deletions(-) diff --git a/README.md b/README.md index 5d25539d6..0009c3b7b 100644 --- a/README.md +++ b/README.md @@ -1,55 +1,63 @@ -# Harbor - -[![Build Status](https://travis-ci.org/vmware/harbor.svg?branch=master)](https://travis-ci.org/vmware/harbor) - -![alg tag](https://cloud.githubusercontent.com/assets/2390463/13484557/088a1000-e13a-11e5-87d4-a64366365bef.png) - -Project Harbor is an enterprise-class registry server. It extends the open source Docker Registry server by adding more functionalities usually required by an enterprise. Harbor is designed to be deployed in a private environment of an organization. A private registry is important for organizations who care much about security. In addition, a private registry improves productivity by eliminating the need to download images from the public network. This is very helpful to container users who do not have a good network to the Internet. For example, Harbor accelerates the progress of Chinese developers, because they no longer need to pull images from the Internet. - -### Features -* **Role Based Access Control**: Users and docker repositories are organized via "projects", a user can have different permission for images under a namespace. -* **Graphical user portal**: User can easily browse, search docker repositories, manage projects/namespaces. -* **AD/LDAP support**: Harbor integrates with existing AD/LDAP of the enterprise for user authentication and management. -* **Auditing**: All the operations to the repositories are tracked and can be used for auditing purpose. -* **Internationalization**: Localized for English and Chinese languages. More languages can be added. -* **RESTful API**: RESTful APIs are provided for most administrative operations of Harbor. The integration with other management softwares becomes easy. - -### Try it -Harbor is self-contained and can be easily deployed via docker-compose. - -**System requirements:** -Harbor only works with docker 1.8+ and docker-compose 1.6.0+ . -The host must be connected to the Internet. - -1. Get the source code: - - ```sh - $ git clone https://github.com/vmware/harbor - ``` -2. Edit the file **Deploy/harbor.cfg**, make necessary configuration changes such as hostname, admin password and mail server. Refer to [Installation Guide](docs/installation_guide.md) for more info. - - -3. Install Harbor by the following commands. It may take a while for the docker-compose process to finish. - ```sh - $ cd Deploy - - $ ./prepare - Generated configuration file: ./config/ui/env - Generated configuration file: ./config/ui/app.conf - Generated configuration file: ./config/registry/config.yml - Generated configuration file: ./config/db/env - - $ docker-compose up - ``` -If everything works fine, you can open a browser to visit the admin portal at http://yourhostname . The default administrator username and password are admin/Harbor12345 . - -**NOTE:** -To simplify the installation process, a pre-built installation package of Harbor is provided so that you don't need to clone the source code. By using this package, you can even install Harbor onto a host that is not connected to the Internet. For details on how to download and use this installation package, please refer to [Installation Guide](docs/installation_guide.md) . - -For information on how to use Harbor, please see [User Guide](docs/user_guide.md) . - -### Contribution -We welcome contributions from the community. If you wish to contribute code, we require that you first sign our [Contributor License Agreement](https://vmware.github.io/photon/assets/files/vmware_cla.pdf) and return a copy to osscontributions@vmware.com before we can merge your contribution. - -### License -Harbor is available under the [Apache 2 license](LICENSE). +# Harbor + +[![Build Status](https://travis-ci.org/vmware/harbor.svg?branch=master)](https://travis-ci.org/vmware/harbor) + +![alg tag](https://cloud.githubusercontent.com/assets/2390463/13484557/088a1000-e13a-11e5-87d4-a64366365bef.png) + +> Project Harbor is initiated by VMware China R&D as a Cloud Application Accelerator (CAA) project. CAA provides a set of tools to improve the productivity of cloud developers in China and other countries. CAA includes tools like registry server, mirror server, decentralized image distributor, etc. + +Project Harbor is an enterprise-class registry server. It extends the open source Docker Registry server by adding more functionalities usually required by an enterprise. Harbor is designed to be deployed in a private environment of an organization. A private registry is important for organizations who care much about security. In addition, a private registry improves productivity by eliminating the need to download images from the public network. This is very helpful to container users who do not have a good network to the Internet. + +### Features +* **Role Based Access Control**: Users and docker repositories are organized via "projects", a user can have different permission for images under a namespace. +* **Graphical user portal**: User can easily browse, search docker repositories, manage projects/namespaces. +* **AD/LDAP support**: Harbor integrates with existing AD/LDAP of the enterprise for user authentication and management. +* **Auditing**: All the operations to the repositories are tracked and can be used for auditing purpose. +* **Internationalization**: Localized for English and Chinese languages. More languages can be added. +* **RESTful API**: RESTful APIs are provided for most administrative operations of Harbor. The integration with other management softwares becomes easy. + +### Try it +Harbor is self-contained and can be easily deployed via docker-compose. + +**System requirements:** +Harbor only works with docker 1.8+ and docker-compose 1.6.0+ . +The host must be connected to the Internet. + +1. Get the source code: + + ```sh + $ git clone https://github.com/vmware/harbor + ``` +2. Edit the file **Deploy/harbor.cfg**, make necessary configuration changes such as hostname, admin password and mail server. Refer to [Installation Guide](docs/installation_guide.md) for more info. + + +3. Install Harbor by the following commands. It may take a while for the docker-compose process to finish. + ```sh + $ cd Deploy + + $ ./prepare + Generated configuration file: ./config/ui/env + Generated configuration file: ./config/ui/app.conf + Generated configuration file: ./config/registry/config.yml + Generated configuration file: ./config/db/env + + $ docker-compose up + ``` +If everything works fine, you can open a browser to visit the admin portal at http://your_registry_host . The default administrator username and password are admin/Harbor12345 . + +After creating a project in the admin portal, you can login and use docker commands to push images. The default port of Harbor registry server is 80: +```sh +$ docker login your_registry_host +$ docker push your_registry_host/myrepo/myapp +``` + +**NOTE:** +To simplify the installation process, a pre-built installation package of Harbor is provided so that you don't need to clone the source code. By using this package, you can even install Harbor onto a host that is not connected to the Internet. For details on how to download and use this installation package, please refer to [Installation Guide](docs/installation_guide.md) . + +For information on how to use Harbor, please see [User Guide](docs/user_guide.md) . + +### Contribution +We welcome contributions from the community. If you wish to contribute code, we require that you first sign our [Contributor License Agreement](https://vmware.github.io/photon/assets/files/vmware_cla.pdf) and return a copy to osscontributions@vmware.com before we can merge your contribution. + +### License +Harbor is available under the [Apache 2 license](LICENSE). From 761e708c3a230c5eb860c092564b29a016b83ebd Mon Sep 17 00:00:00 2001 From: Henry Zhang Date: Tue, 29 Mar 2016 09:39:37 +0800 Subject: [PATCH 16/23] add partners/users --- README.md | 6 ++++++ docs/img/UserMaDai.jpg | Bin 0 -> 8894 bytes docs/img/dataman.png | Bin 0 -> 7698 bytes docs/img/slamteclogo.png | Bin 0 -> 3701 bytes 4 files changed, 6 insertions(+) create mode 100644 docs/img/UserMaDai.jpg create mode 100644 docs/img/dataman.png create mode 100644 docs/img/slamteclogo.png diff --git a/README.md b/README.md index 0009c3b7b..b3535b19c 100644 --- a/README.md +++ b/README.md @@ -61,3 +61,9 @@ We welcome contributions from the community. If you wish to contribute code, we ### License Harbor is available under the [Apache 2 license](LICENSE). + +### Users +![MadaiLiCai](docs/img/UserMaDai.jpg) ![Slamtec](docs/img/slamteclogo.png) + +### Partners +![DataMan](docs/img/dataman.png) diff --git a/docs/img/UserMaDai.jpg b/docs/img/UserMaDai.jpg new file mode 100644 index 0000000000000000000000000000000000000000..fbec1584e7f6cf3fc22eb8243a8f9489cd211f06 GIT binary patch literal 8894 zcmb_>cU)6Vx9+BQ=^~&8sZyl(sv;mF1WbDapzM>Q{|TX~q6} z$}w{;c_9^Oru`nx^n8bKHHy4Wec4!F-^JV#Y-oJbfMPxXP|IJrcGZBI0|21DK>?OV zSA}ft?1dOUQW&rR+<+3Gsp`oT2OGiryJ*r45YD!db(s5l-xI)iu;mRQF&!hM-y_iwt zYEv(-A>25#_6Z2`lGyDQ#;u04nrIb}v)zmdK^{*Ki8eKQOaqG5~wGG8tZtfnQ z_q-t9fkD9`q42N=v2l;$6A~XMWn@0f%FcP7n^#g=R$ftARbA8E(%SaA{Y^(_AF6*~ zaOnN;$kg=A?A-jPg+=uG#+S{nTi?EK%L9cSbW%g8;1T`?Co|{ zEJ|yznFXN=UzclpXn8p>IYuctMv?uzYf5Eo-^{=)@{)Ro7R;-*E9@IIp;T(t%}{W- ztmnb`7p8@9ObJ9Z_^HbFm>iNvj@k^ri zVMLlvoU<)WBlTNPBzV-n$f3`2U~li}`k*ytEVF%NYjoY~NMNcweD8I`%6P8o{* zGSCJ>k%0xRzS9p5`oY}aNxV}kEVI*?pT4opqgowj#D89 zu6}Je6*ql028~gJGZjlw#@^$9l8VtVp6@;C*zuxzulc#Wiu76sqcD$fpNrWnZ$!;; z@1J(C)|GJ>(QKm_Xi5>>0-m{O@1W<{5#M}qD zeYX-E(7X%J3bLNLZ`g<*#N9XTi!6W1);c0Gj(O4J^l1=2?$u!tS2#NH#knNuqUgnv zB;fzf(#gjqx*!wWt+mi3Wfu6H!v}qEI@BW3e7b6tLlmnAubuGT`7uETAPrB`NE09? znD*tlA7No%#p+X9RA&oA$3KD(tn@X0Uggjj2wQl2Q(0c6JUOItRQBHSk`_tu+!^(m z;I%5EjrH%Ige|?^i5P+TA@(!dh36;d&ZvA)9CVm#?Y_jKkYu|7H#7SAg&w>Cc=%l( z_tptqOL*K`l(YvwucK?S%T+tX*#6quL*`pUK|gzXXv7pKjqXxG_k8Iv8KC1KJYS5P zxA=fw3iD-L-Gumj4C42cxs1s$^@0bIm|bup*JnlY4wcV2&v1Tqcv~FZd9e6xRXRNF z-2(xVePuj4$4q(4xh6-o8Sg!=Q$M~K^#Fq{svfEEEc;R{=wL9mi*U9I-mI)XfT1QB z4X{V=G|$Jfz!D4^V+I645k>+Ph_jwOp_D=1N187bJ5JJbMR3AVy%j4U9!Dn!h-UC- zY~65W_nvFz-Y4D=+gW@(U1*j}-OJkW(07QGMKFd2yS>`4c|C*oo|i1NTx6`Jz|UTF z=p1vS&g?T>zRi#xHb9M7YPL@rbW$S&S2K{6<%y*-ElYRGe+GothrG@vy^7eP+Wduc zw2A56K!4!3j(O%hv0`Hy46a#d5ZUj-hZF3M5Tr#iz@D?t5E~JOv))B@*7r9pt?2bL zOrblymNWEO#nJLf+rwFxyRxFkr=O4k9>iLPOMAkQlO~(mV7s$0E~_A}p*_R4;;4J}cFdqvI9N=JjOWiM5Ajb;yj_c^B)k66n?U@brZ;qHX-WVh+Y2R?(T zHQP%vb)<_d;STC)u9oU^-=u^eMgsuzA9fN``w?%{XI+}(2BPFTd(tY0wlk9bSA%Y( z$j#?zVS-AL8&Ttxgu;>@9qoQPu8BFptcb}~SVpeR(r_cuU0 z-*HdYLosx9Uaxhju+Eh%c7$X*vAU2C!e5~}ZgIZP40@(V1?}(oyzDB!TO3(SVhKNz zS&o`1!h(^f?Y+)(l7YCEAzhFU)C7fF>J#mWtDgaR@990xt-ppEbv>{h*G*zC~C)!ewu6XS3P?e2WpX~Zh2 z$g;Hw;j$TfaNEJe*(*9IACd zX)cYbAhQBDqt9)KL|7O_t6&Sw~0S6W@tW@O&v|+Ul6)84k%{ zIR^Rid`ubpdzQ{nsozj}_J*nS)qq&q z@jsQFBzo-)3LC=cANy1hAiZ5pNuf!CaoKK1zthdt@`}3d8k_S0k*Sn%aE(xZWEo-I zOn4Z4q`yEYS-RP#Di4n!B%p9!?eXT~YJ$SH!Wq}`&lUHm)mSAZ#)by45AJnZ?HrIXlm$0zLJWn-uAhv`MP1QV-|iL-Rn!Y*cW8YD;9HWlz=}J!R=B4}?w>u#+-{kv@shgy; z4)66N8$nN%*$HA5xksjI0~lxcZ>C8XRIx9Of#7Oentw1pw&Q^AZjU*@rN*UkWJF@N zJ2Hav;S(sK!3_z3OZ3}&c8~$aBe*xpGG>7cgjb9Ur^=5MSj02-g8CxaBK$YlV?ngP zb_v4m2}C<6PKva#{&uB`30sA`I?Q@2vgdl)tqSU!u24kyS6(5s2bVC%ir(4S> zyhBY#7MHiXda}2p9{0i%^yzERUXiA=W4s!-Qh4l^d!-FcErg^Nca3Lzh-^T8G&JUhhjasuXK@x=2XUq&2RK-R~y+eRvVWB zNsQ?gM5}ofaU5TA5Id7k`;)LLZV~660+k)>uOZ{#&y=^iel8dfRSHvcTQnG^e4GXvdX`nv9dfhYhb`y z{D4EJl*Gh-WE=Idh?xwmRcA!75b8HTT=1t_XoOqsryqZ6w+9EqeT-#G3RglsJ>Dm? zO5YE9mQfy)MTu<*1`OW@`$7VVDSaKrNszFHf^NUqIQ7WQZ~e@s!wZOzzNpMOGhTf3 z4Rlj_8dJj!EPbrUdILd|yFbsl+y@p}>20G~Uq9RW?Ywki5vp0bRC29WQYdyt0L3Ef z;-)_0IBxNFB^yfo;~mM)wZySs*UtUuWn=3%o1hLzxus&MfEngndsRLZYNP+#c^8i+ zNLL;ry$DEbCrCv1UhaA=-5zdUBPTiZLzF5dvfsM2nZ3YH;MWK#63L_swuI0=k~kK# z`75=-NAez|YPJ5j#o&TcXYIIf#+PK`(anUHDhIn5#1UiEkX}>e&i8da5WEEqid&x! zaPLJsE;9%D9k#?=7Wp`2-5=?j>>{W5HUn1QJ{eY2h&^SM zCVOf^At)>KszscKWM5wBlgu_P(~9YgfG+E9Xb3{zZ>*hDCcSz1Y_wu?emp}leG;_3 zHN<)n#p;h@mEuyLyjpYd3_$e`2r21#NpcA3iObrTBl4P%uG=Iacibo|Dr4Cn-)jzY zNX+GAKvWvFidPsQ17$f@d)i@SK$z8rfVll&ft{Ev`JhNRYQlwigRqRt(Z{yVXF#yq z^{PjSAGHQWVvOMoPb0bmr!`)!;*rPcnRvHMgEuX6?z64OcZN?(Ja)@t;*cb9$6E@% zqG#MqcLt+DeA|UoxJ$2^N>)BpdS{E}t$Ye=h>=%mOh}Sv3d|w^-?PHVFta~Wd54lVJ3U>$i}l-)LhAm*a)uRS90XCKu?#+ z&f9}&@N|vEfVQLeRmd$9+utx3IkUIyCCIfbUB!&~p+YI_zLK)q9Ow4+GHeP@jH(c# zRs1Fycq7eDI%P-(odL$OL|E_SsFAv`pPVC7+)MLK5^>r8hAkpNI zqNb7c^F*4s<3v5EjvStm48(?ObK|HFT{~xr1>VL#a=ox&Ia5BT!Y(YVCV5e{H8tjp z0Z*KJH2asW9Ut`WW0%$g%#XF-*wjSvHbTKVm`k-W?{_cj+=0|YXkfUIwsD)K9Y5m* ztPMj5`!|W5L(240HmkQ*;es_TT4-w}1Bs^SGei-&#M3@nDO#B9b{5^Xz|LUiZ+-5z z@2MVJGXO*Tr*WwS(Fqg_`$IB-bz$n}E&mV}SWeJ$!kH!9Q(2OBG+}F1YaE>7wX)na zKP^?mG!C4#X-a(L-HhrhX}v^SaL{QJ1+IKgNJ2;X?&0qpA zyYtD{J$Lq*vM^=k)!Vs>wb&%^;#_-}2+g=sY(r{8Tpk??vsCH*lb2RBA0+!lN(jim z*%V#+A>SF>ht*XSyDutaEbZ)Ncg|d}+j<)ksx&q# zo%-zMa*l?m6lK#L6O8CR6`@7h+A$tKjgZ@TuN_=XkZ??OK(@}l{=Q-U^bg}Q?NuR< z)c5IzyDzpF{IsH+jehSo>{pTYKF@U$U_Q?HCE|fnW#Sr`kbqcdu3O!aRPfKx6`Vllik*9xNGP1zQrc}Kul7FNxkv6SB zXSH$-ecjW;fPeTFK?%2k?;jo0Q6;Q^asz52V=SIg%3 zr>#w0a#s9&176&i%g$++_TI`Mo^PK=day4djN5UTgMp&hma8|s+wEnPAW_0iuX9hG zS56xoID--8jyL`E*^m84X|Z^l!Mrpsbnw zT^pGrk&|h-rW6y|wYVq+iqJK^wQLY&v#?eWB}WF5;%9?*=~f+E1;9ylcZA1x_N+B> zM3>BN-x~?IvUqgXwC#a#v+Z*6M_-NcbhN==C^Hm+u+P2Gu zxbN`20f-o&{_@&jcZ-CX*qb5t+8bSyJyp9_;MHg4QdhgkbO!5JZ)gBN)-83o$59~gQJm7BJ}l^0gG zn%=9LV7?|G^ipoY37Y!sifA0PU;U1r4sxx547BnMuoEQtFtchX9T2+bO^zN5EchJX z&5t{mz95lr=!5KF<)5Nu0?Mp^DmU2g&B|7>3T7Ll|5z4pBd(>cs@RxH+cAE9F|Y$+t9t?N@GgprG97>k z41I{#mwvu@xrnOx{=m7a7NPKL_43PiiTHs+<3592?fQ`$BUdgex#Z|!Es@kw{SO%4 zJrOKg*zI2|KS-so<% zNQc6N*f(|80yV0w2Tj48IuHXei?m&!S!vhYVjCva7GlGR@LP>v;i_gbyG3lXD|CcANlo3ZJ+%xk>DNLP|5Q4_1zN15V>Qj|gQ zwf89NQ?VkHj@>UisOSEAXL}B~&_X?vWY2Gs%R&Y?1H$LO3=z2x&|5p)wWQHMVp~J( zyxt*Xfa|BM>nW$UV^j=^R~8t7a4Txdj#VBQ>nkQ0V~@vpGG! z35S@o9h#Gud8j%W2CW)zxlYKt z+)pW*TQ6py7nLYK8)09t+FxcX)ArRKFVX4K4V1rFF4ql5qwQk$0 z^5zosp6uk40`DD+OcUlzs-J9AmQ}Kemf<1-d;eTrwjS0zRX|@DlK}!&4L3AUY$m4k zJ=p|093S44GSHde?SoNFGeo;}Js#riT;UwMZULTV$1*mq38)*V`Gu4ln%5Cw`>oMk zKvffwvbUojSVcfiW=3uQ0Gm;@^R&nu-@x{e%F46%mQ)sQu(?T&m(A2@=(^{Hv}M>w zkOA3*kqsrrnYH|Rnrv4OBiYicdBqyN19JfZfz>rOmIwABbHwq_b1q%aEDR!xiH5u% zh&BY1m&E(n`-^;ub)*GX>AKpsu>gJH;|0!~EZ5APD?%|$3}q!v4GERb`BigC&)n;# zZA^7jc+JX+#niP_T8ze#*d4tD(EjiBRN^TxNzJ+yK@iVDT~a(2FT50PnPPU6PxGPe z(vQtJ*j!I^Nl%D2U%J7v>jg3pU3plTIo^bESRCDzBp^_8=eZ}Lzm{dk=fTrE)1xsf zD;LgM$dy#B*{D!n$_OkBqk)~XEbfOV<8dXkcVzSB%5q@vAKr3UgNatxdRI;9MXJ5M)7 zR6<9J59wn`PpFq{KP?)H#IGoPqS_8H*3K{%%`gp<=vyU-5A{+OmPKu9i9L$noX>b^ zhp$6?Wo6~W-sX9|%-($BILdl+z%9(S$&*G%iEgp(-BBA)xnX|&2i~8Uij@RskowR^ zt1N-()YqoBTl2O|m#ckt#Sh-@?yJKVjqrikB8&&t%^u7CRQXUvj_t?jnT~krg!VLL z%d*MN>v4+B!vboKXYa(6#Y`+T;JvZ1om6b7305NdSHn)~sqeaO1KcZmWr zgnRMgC=(unZ~?J{Ins}?nL%9f3jvbf3*jGP7FOX$x*igE8e7|5gQL2)bSZ4(N9K+5lqZKMi`WR z|MT^6&9yt-jXmuSPr|Dvtb*=XCCr4>-;k=FjJvS2mXYe4psS@ixS;?8J*kzPgQ{t$ zZU(y-taOTIU_9K$$bbhK__T$t+;Ky*EVH1C9?1~pDzc{(>JvVxsN_Rmox6;Cj**`AqPFITEaebweM@E;)jkCNav%LDIenRYb)WnZ+6WnAIlyF3#zqthudMkGEQckV;8Dz zlnP*H;0ID)AlA>OE@YCTdt}K#UyS!rXVO;fL)2`J&UNvl*6>5HAdcQH!S-eszh##4 z(q{6Ptd&0!P;eYY4RNBj^0(TbRP?=_SnU4V!OkpS-#HNK^%nY%-Dlg;@|EicCc)=W zS`%Me<68IyjNCE@cUS@7SLem@hp4I0O4`Cju_pd@fqRGfA|~>Kx2w+#8%vs*N?s~! zTXtIb`D#MsI34K+@)6aL8!7fc8|2##0qf#@xlO z{EfgaRd9md+KW{>qS%qOON93{k=@k?$6_8@XtJ5@BIYY<+5EY@XID%jjl0L-@|cMl zE4dNNn(qgb$w#Cc%_cVsHNjx_d4e1@XDUO*u7v6w@u_? zC5aJ@6~PY@x`H--c4_(U;h{%|EFu3@(; w+sqx8Rz|j*%oHcQ@8~seyGd!Dw)hg5BPX?Bk8f^nUa+P7<+iPRpSjt>Hq)$ literal 0 HcmV?d00001 diff --git a/docs/img/dataman.png b/docs/img/dataman.png new file mode 100644 index 0000000000000000000000000000000000000000..aa5ef07b0b98daef0b5180892317a124af080907 GIT binary patch literal 7698 zcmV+t9_`_YP)Px#1ZP1_K>z@;j|==^1poj532;bRa{vGi!~g&e!~vBn4jTXf02y>eSaefwW^{L9 za%BKPWN%_+AW3auXJt}lVPtu6$z?nM03Cu!L_t(|UhSO;yiL{H$G!je{SW;cB$9ca z$A}UN4N4*;jWmb`ibA6%%8*2oNKqmYlB6O52*V*gdwfEU) zya%QG`+T0yz31$;*WTxx=eO1~t+jK=UjVCjr^~wwc1owIo21F8HFD{YWm10NVyQ4- ziBuoFOs*TbO4@&#EN{&HRpxI?bI!^}HnNUCEkV|$9F~Va+b9KkFOUmgNs_{S7fOkK zi==e_#Zqp-Vkz$k|Cf1vv6OsmkrYvFF6xyed0tMEmSfh+?9Hi8Z`sI3eE8E5WaZ97 zQh)eL$<=ed6zjJzK!$-!q(Te=aY`t{K$ME=_0+ZdoZhpMjo9#~BFLTN*30=l=1Zym zi?ovaDSxcO>;h5h3|lS-emm-1DI3{{4u1-Qtk{t*`FbsoqOUGY7%{wp33lE~^W>wY zDb7{1k&VbW?F1RKbhlRAvTCIFQ|v?veWR*0|pJ2+wQtY+T7P( zOOxie$noRHouelY+qQ3)mbcv{_qKb;C9UpgBQw97?X=1oMt(3__h&xasg~CFwv$_K zZ|&TT8wnxE$IDW5#EEb$egsZ7CKC}T{_>jlInMvXl6LC4ZLdDCL062rD}5L-S_GDY}C8vdZ}Ff zvJ4VcQvW~J?J4Qlsf%>*k@gQiDgy_-<(wTq>eRnRU(4JxQmNXd>V6tIEwYZ6d%r4W zDqifm#;KI5>iaCE1|L7fO_2RcsS5U4AjSJF@>RaSiV)p`ik8;bGS@{)SEwre2fpdF$~w+Sf{@`Zt;{7qrTeQ%?w9Aw*X#E?pDZ!>@~i1m zqHJaT17JRE-m+EpDuu&bF+WVH@>MfTtSU&km)^SCJZOMgdi8)Y5J2a~RPp zDl@0T#Wh1pNi{p&tsKy-pkd=?`a1TttEgEH|0$6;a^#4lr>CnK_P5g}hYlTb?#7Ln z2{L8PUNzz-`6^l{!SA4!idl!q7S6k0yF^Gl*TP{Z+fEcN5y18@rOXgpv0@Qy{DwC+ z(|y&ccTI-xfoRi8nNUQ)h`bPC$`D>Va?{PX$_qVS(S5{&W5R8T8|?^2OSH(reZ>?Yo=|^Nd-ooFd3uKkd-yIg*yK6WxOe!{0xyllXSvZZM0 z3bJPHI;Yi{kC+IuYFD~k(38ZTzmj={g27sEFL%y%gFFd!Qhw*fBRJdSU%WVa>_i|R z6X9CSG~`ASf!=*z(_v7|DqH*%u56`hLG3WPYF&Ai?yLDNx69Sn-zW`lXe!s=*jyfY ztgEj%04WI@(;tGL(C4)Q&e7O$+nx7lQ_6e4m{>%xh;G$Zvm3(uZw!9hIrGdyOax){ z$9(ZqFt1?h6i_ooC}7S|f8}>>tU|apk5caRKl~GCzos6EDq{~plC~Xm&WayDZ`&?E z&6_VvmM)i7t5<7b)cyX4IWCf*$bI_{kPXQjWyQ)>T9z(bF7uNXsB@P&y+wywS6roM z73o#LdH5SYYe#&JFibxV}(J$eZ zjW&Mg$10Gq>YGcQUi~p_{tmrXB;4!=`Cp&&i*rWSvHcfiR(|=lO#kLv`D*$MS-Wn% znjtD=C>qZ9`yY;xg^L!;y!lBo_osQ1ym6Crb^s4Q`nVp+t6x@E3#QwbU(axk25{iO z0hhl}soG^yw?RYaXzciU#y3)|bj6JOG(!JG=4_wHykEFPIp^#%3o#MoGG#7d8u=-g zEo9B_pOoyJ6&i^o2qsb_uo5wx?}Hz5&xFL)Xc3+zNk~2<*F}Y8wr2)`AcS!*ELcnv z2eZhl*hvc(X_Jdl8^J-x0k<*yz4u+=So$6GR{SPU`-dLUITq6&0tq0^tnYu&CZCri z+&?qqnTD7MaeH@B$@0$GnV=8I!8x?a zSGc77_FLv>y}n6v)h06>%kh*wdz_=Oql6-{9d>6xuVy(W6JzELBnyhhvn5)Tw{1J{Au!^?dU+%CsB!W}tLs z+42>-jkzYmXC&elE7osFma}qRs7m2K1zz>lGUaZeU4T63w~1$__THVr0J+Nnk;@Z88u#aLeXv6(eau^GGWqkV%14=*VR}I*at)6^@w9FacI@1xobF5?17)m! zSsi`s_jK~jOOWx(2T4s;q%Bk;qdiV} z15Z?lVnuQx=3M&OvuCf|(dItYzNUUJproZ`x24Fj0x}zO&Ip7goNFU+U3VCm`Y(bK zvEYm%$P3?W)ym~nEF+NT-Gw`y*8YGTUel_O8u?p|jXn8v$>3!{Q8h?fd#Hcz#h}BK zjk-MFJ`aH)mEOp@i8Xo36z!Dboa1}s&R0bHWPa7WAC3D&pVLVBA@~lQQ>a8)sqL6# z1|vWCP?wLGb5Twzc~M?NEN$l0jor*Kz_i2MF#Q<`m{&ubRsoC}{gLZ_kg}E4%-1b* z=8Fa!H*V73kICO41R}imfZ&VS?Gh!_xe*BQLsSImJA1n}ok+NOmC6XCH_rLC1HU_G z1!Mg36v?Oj2>Uz~`tlIT#ArZhHZbyM-Uq%*@}9#^i(pJ$vrqdo_I((kFO~qm@XgOo z>)5e<`!DkO)M?suBE)O3M>)>_J~wxU?VB@C0eScRQO;435q91Deh_Vt;0s@A;RX%QVT+d6jcDo=NRLCZ7Gy`-Ie zW1gD6nI&7@dAB_GV$Y1WiIS(DeL)`U`jm4=ZiFQW<_;q&%H-!5+rq3s;x8PUk6Gh# zkm)nGQs%ws@vq02x$!{I;wyZS9y7N&ErPKp{SWQynD$(*~j&glkOy=JXY0-v0`QRXEr&;%h-NM6Gaw<-nknl(mH zCd|5>%3p~W^xkVJ&9Q6mEEfVSRbF@$MbL`pm zYa2DyPAkrA&I=33w_%p2KG?C7uKuOW1k-H9$Pb+(ZZNypiAGyc^HO8+(Fs;0~pHl^2f{;(Zq_RzyNP;hL$GFgb z1hWy*C;J>`rWwguUx(4}hhJPJFerW=HA930?V|a75E_$f*^YGQ%*Yt={)gJOH6tLS zEMeXT4R6qOOtw&>LGhu92vxb{a{W5g8fivWZ;k@NPZ*Ge6@-J{8mh@)_i0A%UAz39 z{u#;)^k&>KjoLl*h|?l=q^BR2i#(?%kC`WohOyodtdOJ>Wmr2-I zu`@j=yo#A~=t%gGa5Nw!Oy0!wOM>x&2m~Qw7EM(E!gm3=2{lK9fojApS>CYbV#mg)I^W$Mqxhx;!9o5zIe$}mk{lGLXD7yB$!Vx z_3W)nFhT*dr*id7f>6J;_2>A*(oI{m(vGm{4+&HRM=n`exoUM#q7M_1eZOJ_dsJbb znSS{GF00$XIhr^SFd-9 zVl-gpDsCnIAZxSHYn-G0$k~HU>)f9q8iCZ`Zj2npys71F8A=C1KAAY#ITDP{U7pM! z2)+v&sfEI(&0BO*%P0{-;oz(N2Rbcc16wyyALeIXVJb$0A|=bY{3!m%v5p07g2(5w z?}J3@`=iDKg^Y4>i#nBS6wq=CY^`V6bq9Gj3k(4kyhkAI62vs!DhC)cyM@9 zMFXyDhmXl&u>KKy zutkntxQJl0W2?u5$y284jqU9IxEGRxZ2J=p0waHBenx*@HLH;Gi5A1&8=(ghyAOPs zlYzJhQc3;zeg%Nh3eWIBQNx8psgbgM9L}NiWLy?@H|+AoW>jV-;Xb0p z=WF)`^~3+X7b&+w645>{R$-=$w4B(+)7@VTT0dcg_o#mw{n5ux>(J=&N*`CP6a=$L z#_YuAbfGX~CQE<6k?AvL%6GHBm%Hx1-{ll%_ESpsI;AnuqS~c(gJw3e{zHZh*PG@c z_)jcOI+X6VGCFp8To)+X_kg3%(&CAqekKzpO-`5)EP43R$6TK~B0=UW)5os_Jsx3n zUB1JA6E1_c6O*-rZl4E9FpauT4_JOn^$oxxO(#0=d~Z??GICnYZfk1R?9gT ze39Dq0*ODA4qpb-${wMKT)jQ)UFrMU03D_@@1yjDee)J9uKbxcx(|a|b?dvr!+wH! z_14hPL4r{DZr1nOEb{Bq7RWin@|BoT3KnTE z1PSz8EUcLp4n*L%f4{zscnR`nSTMz)aCeA+fF{V1W5=~pdzCLRujh~T$eg8O6Eg>4cpGoTS))#M#vCTgxB_gOr>47ZoOR5 zprL->Zp-r88nv#_Z6FJ?hsnAlJR5|E*ciOryRWVSw%gDr=9Z0eYBs_tx7%finsw+S zE8CS~Ig~IX zurR9s57F&0g}Fjzo0))_BNS129|gz6!qmES$Z}o65)B|?xYdx+3fC_jAxlqGhYY#B zYX)mTj;n#l4?B15lJ)AiX-gIzKLW6U9MLe7d0(jh-{SEt0PnHCmT9*@{m(UR@V?!b zkwwn?X3a`gz?yV@&z@@-VN<;Q`!mf`)_AZ{gkRf}Eqvx*cZBy@GYG;yR(3WztAa99 zCeHftXz}@)ebQvqYHjWz_!T(Rm{<^w6^p#r`jhqAZ;BS97VmbPdjETkMewm&jSXE= zlZ`VA83ZAxkSIUI2s0A1LTZFvPW-TDce*0XUZvc-Wb~5V^3}TivUy+hVPJ##+tQ-i zb~IYS|M+Zm)<@b?@qEE-WE~j<0j%&#l$m9Oq#&~Z;n`D-McWT*a%9!-Fv533csdba z#oV;7raP~)@n?mLAUtHB5uXweKLv?bAPN1(Vs2#>lUDB4CSIb*fe_wh+oD7O=X}=p zXWmwwXBu1t0hheB%y(0_tO}#=*)Pu1rqam>wE5(W-V`% zKK=ST?`Go4tFM_p~EFD?V!9r zYP59h+{Jk}fFI_})wNwjv)FCki*8SKmt)6{NxKI-N|WZTWX#xc&XEAdPne`L*)~4@ zWTJdMJu^%@`lE3&_s4n8E0Mi>_XS15CQSNN2OhZB#?4ylN6ei#5xt4otM6<2{@Oj% z(KkSGLYb>ib$?!$+ORtbPph&)qV+{}PX`X9>e{oGx3$)Z)B~x3*DYGzDPMUu1UCpG z$iBlzb-6|&M_wbCCj;jE>RjpMp^b9l<5?9MN+8;~irm{%qg%U@ym6zPohz?Wq;GUI zhqdUu3wrnvpXYP+W1j{;e14zYtHaLfp5d(Hw z89ZdD^Gfuy3v;m#n1#+=p3r3{ET@I=JPnKeh@$~TjI?LBmk-B`l^p;0PY_86Ekg{} z+r0R4Z~4!;dEDhJCq#da`szDkGjOVd4G&0Ce@O(|xVvq888-Yq=M~}Rtx~9j`%wswsTqTvTMQVvNp400^zoUm{{rBF{?ESPp2Zk#O_uq-_7AI3++9@Z zB?v_H66BH2UFD6znH$=r>`Bqd&PZU!36>}Y=T#;`5(F&YnXdB=thY$SZ1Ptj2>B8gj}i9H>Jz6(_%Z!^O%(`Y{~%P_@*~;c zv1?yik*=TSC25nx22Y~(?uW~c?-T_B5^+4m)ek7mvE!K`cs+x72m;s*66DVBHl0A5 z``XF7)=Y?>RH%ge5e^XK^*1t~tDcgQA{XW_=DZ3GN_JY@dZ+U$0KQM#FT3;Zwt8K> z4NNgMld$1Oklnj82R`rbVGx!e2KOq3J4cyZBoebils`K`_-veqNp;7^vF{aZzy=De zNw}x;0RzfbD9p4$;h}d{IjIBz zzos3Lwv#sKY&OXc-rmB21{ZoZuGkcTex>hTlg$|Cd%b;@Ds6- z1eLdxdgEa7K+i5uJmVY*fEuf5R^)^qnngx7C>{C7e{xEb=C|mo-Y1^!9^|CgtX*H% zKzYITpVS#q65p`#P1;Fk&tMxla^#Rdj%L=BJ+AJtQ@1I!D&658ee6 z$M&CR=aTDgY^IAU*=_N{0&eBU4C~RWkMoMhIqZ-e|2)Te6##n~b3cdE-K9f=-yWuw z`(`zhum=}G0Wa8<EUHrNlB&7E%^ zvsORFma1HYM?{Aclrd3xgm8FZa3Mp-zdxSu?{i(B&wan|>-~DYU+=?pU)Sffi<6yx<7-3hs@o300A>-c*p@X8A;|4 z=m88;1efj_;pFBU5#(z|gY2;Y!Hw!%~R0f5#G9ct`-B&%q)Pp`oGh(A{u0*B@bIW@d&!8Y7I24TTGniCM92eYFlbn70t!Pw5>aL-8zUnl z8?-6L3~gg$W`(gbu{ObAY<^*hY~K(joyGr!rTrI+{-4;5fnaikk%@FJ;~1T0%Vjgc zKNH6?{zZ!o(a6RGjWRPsS?~ULEq`HY|Dxq@tkwU-B7|ZP8}0o+?f!KnoS}{FKf^0D z{uzHdOE~jf;c$a;H`4$BsY!dHm0Q^Ghr^QTZVy#w4`Z4YCAnsSE>>=0az4aj=w@+Z zp%Ow&0d%b~q3~2d$IFA~?aD|K3DNB^!Cj45h$bnVRxG;BRzyY(4UUz)o~%(x)lOfJ zT9<^?_KH>`ZNl$k;pqQ2_xo_A-GqX_Pl!6nu z2$pQG03=FVUveJGoUh4Mx@DPl_s(EirT=`rzHe-s=)QNzOY@1T1+H&T_@3J^XDFL@ zNg&ef6@kREyuFdP2+Tz9_6i|KndtGvItNcJ#VlW+{wz(muuC@jZ|}+#shxXi^F5mc zeV5$kMX7Du)`k5|l^lMXpBP@6N;4U2f) ziVucA4Md5J?-j5H3-ZkdBext*RGEbrVQ{d9 zJG9*QH33&M(G4o&>)t&=GR>Xm2r4^Y>;VV2uiQ!C=uh|wYUA}K*QuWZjc>J9?4Z0I z<>y-ujoDp$0n%&_lg#;e^{!LNqd-&-L1ihhL;u@+Jg3x31(1Z2fgIOMjF3aEG^Lnf zGTtoMqzUFhcaKcXw~f~I;5C*MHV0RoVC7${+qFHQ?@Z-`dT2~3tmyQf7cZLDFL9)! zMyP|gn>dB&iw>td0a)|sDyTqh!8&JIo2Mk9 z3rJ0eEaYg66^u_lPr#{TTOHte2=R;>R6T5HTpGp zw4N@*g;8U}Yh;|)K39uFvL6MTwvQiZbPSW5(ATk-IVCHwn)~D6EB|e@Kv;@M;CN9Y|s=N<6$%Btt?<4)}-JUEePs{ zuPz)B@8v@#P=TTM3EO*Bt{w8-@#85}{+yYgO1uc>EmJc|PIAR$(m)VYHp)_XCfn-S zWo~7MxhSYhy;s$7a_DvBq>`amIkFEdt!@ByhK_z~zB#Wya}ahy9@xQ*e|DpLZ6p(! ztG4}V>1ouEON*V#EZdNB zrF^E}05WqvWqVokS=@Iu)_iW!O1;H9m5cN-;HL=5z(n5!ixlaPoKO|AC7}j1v-N#( za#l^TjP#-DzQzS$wWJB7Be5U+Z6N@v!PdXvb!B+MnDE0oueV9c4m{P_FtS69>z2`F z%qjd3skvWKW^|%wZ@fjP@?fw)8sqLNtMy9lYv(NkHJ9rDIPko|!#AB$B`!4co2gbb;sTeD8)1P1baH5t+wP5>rZ)t=dm@6N3sX(z;w^*833U+pGGf=}aOnlO>e3M_xs@qtkg3h~uhYZvW%T~r}T&YGfpC`IVl`57p z{WNK`?XmRGcGi?wZJWz`z|vvh@uoPXqR8yqC!~8=9cL{`Ma_3xQ@?Ct&5)%1h;1h# zBP!&|WOF=Wu8r-(2Sk9u@EvlGFSnTYTwc81E3(!fxI?+;12Uza_J*;BW*`p|-|JXtyh_NY2VMT7L(K1Jm!D1Mn` zUQw}Fy%}?1NGT>J<`~SiCR%-Rv@)yKuR16KP|Z-E^Y7h$X7QeFOmo|y*idwKU{R?o zG{3}RtnY_-DQbRc1xWmCB}PCT?KHhM6mdbRTivD56Pi2&q$Xf;s+1?tIj;-)C5VrL z^E9gvuF|4LNdd_Zd-tDtu%Ht(hnF0Sck9U+{N`%?`|C(TIN`ff?Yd`W+PtJdq+%u? z)l5n&QSSG`rc|~MJNVt3jo%A>CbhccxZdp9i2S3fsd&qW(&dY`(GJ@kLDnw>K;q&! z+|O{|T(9lAD9H7xi@WC7zy){u4o0J%>PFa+ zz!oKI@Xy~hAr4rwF*M#{hgyAKoT@qcyf_e}((!`m49>gc0#fRxol`w`|G4Qu`CJW= zcMb9Mh3>dctouTu*X3d8mmo-qgucx5vaLIKzqzUDJqQi{gO1Du99FU(LoS;$ofCGi zG7W&+Dv(*BpMq)U$WitcAMmxV`9oqfi`=^$siyOw=uX$nBLt zpOUQKlG<9dZ%`gEun(-YH7SWRb8ngkM;jSlQNR1;)vR^p6S0J4>FI=HrNy-pu=a_q zts_s0b>%%;m`zLXN@o{j$~||Rw?{a}qM-3Hwv=f~oS8c*>Dft%8R50iP$gR<;Y!F| z+;X$XYP|t4qqrYqH{@_$oCG>~J5vQ zYi_UAtNMeST`FXe$=a(&D`#Xei_)@1H=TjuNRJPW_m;~{RA$#GkG1K$;(%gxcBTDx zQ#JZdO>u7XAarO(-l5;KroHtRIU&tU<+wch9qBLdQmPO)5ST{gb~whe6`VC+$3>Yd zV4MQCrtUtv3;!qA()I1u^8{Tn4J?snG05`Fvb!^G>3vo0%K$3Dswr!9VO9hyc#5lC`|!;$Or zTZ{{$tdfckWo(Te*uTw0k~k3U-IZ}+%|V<~l`dc3>bJ|(%&00Rb1);pBI?cO!Tss9 z8xIGei}VylmU_%ekE3a$s?!g&+Va=nC!Lb}*F)Xb^RIkQTWis|hiP7JH3bQru15qB z^5pBK!n2(9yCMmyEe|A?qq;ItPI_~NxaECyr_wo@%?gXR&$(vhU;}pbwbUDA*Uy-0 z&nc&Wzd+Vmi~^J^Pi$}4zw^sAT8gBBykcqc8|JK>)X`^gqK#w2$QYEzn%J?Rj+!5R zvbbSSn%2VR=2)1bL4iWuo8lAg8rx2n9)u}hl2uqR02@S%dxTt?AIb1K_lTDuve1fE|N*9YCPxDtYi)q$RDV{Ym=8P3QwBoHD%>2 zt>zvMAmm*6_-!3Mb342ub__3F_?ty{a(PJ6^Y-)fxJ}3@i|r|RN{Axn2y^_?(Bl?h zgSdW(dfS;f=Z Date: Tue, 29 Mar 2016 09:53:34 +0800 Subject: [PATCH 17/23] README --- README.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index b3535b19c..a42578377 100644 --- a/README.md +++ b/README.md @@ -62,8 +62,10 @@ We welcome contributions from the community. If you wish to contribute code, we ### License Harbor is available under the [Apache 2 license](LICENSE). +### Partners +![DataMan](docs/img/dataman.png) + ### Users ![MadaiLiCai](docs/img/UserMaDai.jpg) ![Slamtec](docs/img/slamteclogo.png) -### Partners -![DataMan](docs/img/dataman.png) + From 0dfcaf0274ed58df8a9527859a054f570be89493 Mon Sep 17 00:00:00 2001 From: Henry Zhang Date: Tue, 29 Mar 2016 10:00:58 +0800 Subject: [PATCH 18/23] README --- README.md | 6 ++---- docs/img/UserMaDai.jpg | Bin 8894 -> 8379 bytes 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index a42578377..5ec78056f 100644 --- a/README.md +++ b/README.md @@ -63,9 +63,7 @@ We welcome contributions from the community. If you wish to contribute code, we Harbor is available under the [Apache 2 license](LICENSE). ### Partners -![DataMan](docs/img/dataman.png) +DataMan ### Users -![MadaiLiCai](docs/img/UserMaDai.jpg) ![Slamtec](docs/img/slamteclogo.png) - - +MaDaiLiCai SlamTec diff --git a/docs/img/UserMaDai.jpg b/docs/img/UserMaDai.jpg index fbec1584e7f6cf3fc22eb8243a8f9489cd211f06..f99cb959c0f9365d7ef14a071a1a671ae8e5d883 100644 GIT binary patch delta 7083 zcmWkycRbYpAHPDf%idQ}#u?fBR6_XLGvdnL$~<*^Dl_Xslo1uWWE@$U7qX%hBHKBX zeP@1f<9EM*K7V{3kN5lidOe@7@qE2H3|p_)q%klkLwf7b3TB9>kAPRBSp|fWh(H857OEgHQL)+C|-&l?b-p!2h z6@q2hnzvylpm-6deN?14L~>$(U#-F%jGUTqbSd52(~~RVFgu@`AUw~8TYAU?bQ;42 zXpk=5!-{f$^KhVciyt~!$Cenfbq2N^e7LJlgEY8_RMKCuZL^n3DfwJaq&^FH(=A({ zn-!fsJ8({4f7{?=#re^tuACRl{>4J?~X;9h2fPeON8QR9lAD}{q7mjo#I7(OSegpOQ3hxL#wn4p0(b#f&lE}^ws+6)? zl6UXpciZ^tliM^%=C0O6LYw)Eds673t3P;40y=!#r_2nm9QsVXNbkoAQtE*a07!z? zAiB#)0_c5oUBle|Xn3n3kH2>78>XzY&qQjQuY1d;xJD^&3AGcG4w`?`Aimp^H|7^{ zk1HEE0Q0f>f$hq0f?(o~AD*+y_e)lVbgp{xbJHy$_Q6Cw_*6l0o#kA^=6K%#4dPCq zR0--PAej0^*|4BQs3X-wy-zb{G-jD-i(14>I=p&j4Fka%|VJOGzcteBW6Xa6PS~IQ_+ks2)A=F znH@0mVM94IHvXXi?>=kMAbyr-relYLNH*r)YDB?b`uI!K(H+meKd55;?>h%ac{@jw zO|i)7)|8{O^nB?@)cMx|7_ik>llg@6dhyVNSD?MH!$Fqm-+nKYRH64B8pNvG0wYo1 zY#SLE)nD^p+n`r_sfg*l__2d(*kN+9B;U@bS-JxoU3Bq;s#eNhV}& zL`BQ$&ErA7I1NiIieOTQN6MxXo*kh)E z>|ec;Q-@NM2_4v+RBxEJT~|h&MZQ#dD{3VE!o74U3wS{g(h%@-mY+Aue+aFwcO-l- zCW{7;9xc!yUyHe>PZtvg%Lclu4+ zo0D&1zaZ)o=F$6uZ0*iQ`7kjR^QLdeM%QEh&n1Rceue{DT*Kt+HPW^59g~;%sayAxfke}}zLj@t0 zqZHPTEjnKAbigf8I&}1;L9dFn{NU7RJoX&Ydr>C_VOn(We$6ujRplP#1a2d|sOQJ4 zzB7Cb0V*Z0@D*lRh1G+@ZEB1E6`UnaW&lE6`F>h%@>lj8>mn!29~N6$yFux<@>4Jk z=s$lClt_JF)4421_vJmhBY!rOwI6KPwPg*9Ug#JR{IIKW_nd`NW?=>wm4%Id=+roF z;hlb+*x%GPlXt5v3auppw*Q*SF)#U>*fR~32Zfuxuh~S{lohNPX?1>?Uq5%y0d#LV z(;yOEm~Q0iGWW0qbjHZPAj)yYPsb%Df9&{EO7I%Yqw8Fne6-`{qmLjHoZAvZzD~Em zeC&>Voy%50r}pb_L?-sA^6jUeHA7xJkGY$c0!mR?lPWC3NV~?hSw;aadaPRaEc!== zHJ_sop#(G}w%B0@Q$nFTqw31clLT+(B^m@mmLW;?xTJm{YrUIW=LVcUs`X9&vV1P0 z6KWzB*~pB7nhuQb>CCeS2nffP_(WjV_>}|mSu#s<&#d>a>709%Vax|QaHW!*q6~O! zS(q)jW>JkzCEHZvnehQXyT2u@BP+SbRA0(Nw;V8mo+PHI;`*p=^D^9$>*po$;#IX{ z!pQ})-Dj|y$Z-8PfPKH)aElP2vm(hK?e3m1E$a2fkpPXwNzfn*t8wTl13ZS3+N6JM zi};Bg@>Ghx^T6&PKh-V${UdSak=NoXW#(HsmR;QXH|dpe`0+dg;E9;z>Y0FS3V%)_%cVVg*{nr7}69GEBsb<+dh8rXkK~Q+HY+6kV1n*w9ZXT`p2}=v!N2)$0I-~hbrO^ z=qWNcDDu&Gv1d#{F{2i*`Ti&<|Bvif4<%qz>PKLf2zX!n?;g*A3k?#_3B+rQ*Di?h zbi<*)$o5`mYI2X&+OBq9%$2-5-(poAxhYcHZ@q`@)CcAMKI?!Y4G5M=R5r3q6aO3& zs2C7|i5CcUV;bASsLZ_^l+5@Flk@+Q`N=-#nxGKn3cYj)Q3v(wel!q$y7h%R0MUOM zkyM?Go_g2dfOh9cd6kMcF0`cetq3O4AUVGqPkUsZW&50h6#WmAQO*?Lw=?SESB=pS zx&K;DioxqBJ<8fHJ7?N_w_JU77Xve%HJ#o!?g5CQO&f#{C}m3Z9wJ!-eyQd6M#p8R z0kNE%PPuSI&E>Wb-rJJV3O?KkfS}IOORXOPtHV26UpObBb2I5>49~8LUrM?^c`2APt$OgVV~EbFG|*`Pze*MZ4Hxy3I+#F%axi|6f+?g{W;B z^)On^V=~5n5RF(aspz#S_5Ui5x+s+Lbm-cETHn5|yy=6A>z@b0{pu;<@SP^n2S)a< z7DHnttSgMYv~4j){%fl}TJq4M*~x>xjp#*a0<;NA<{7>;>wH|@iFH9}z6J+SJ89VyU-Ai5+|&p35{FeXwhxmO!;-T}?R z_d@gv1uV}NY!j4K?=^+6kzG3cDIX}W;Cum%0MW8trAwPD;S%LF`R1|VY|-no={tti zbgi$bqWexHF)X1uEa!DoVV%wy_vw7xxmelQ?>OLmeF!Kw1aO9QNV)nW&XX>Gk(KS#bo;gfaq|@Rny*YgVT$6UqAWMcJNZrFOS4 zK)g|Wv)tb&x!!VLv%Y4TKfn?1Y>SdZNB|msuBivhfOPDNaySq$HcmAjqe1HVkBzdX zhi{wo&X(O3xo`YqUI*Z!|0gEDB(IuSq;g@*t}*SDt)Py3mE1CW#*Ih{b1;1s!#)^g!((A`j21wm2^S%OP8ON zvPq@{K0^;F8?kwA3EqK}g>~n3g)h70sg?}}xV*HWL9*a9NVl#7ml7uDM*2fF*`H1s zvEG!brP)G#O68=i+EG3*IQ8@!#aWw*o5UQf!ZO)iYMc9&Miaya2I-N>oRU$EeA(8KnI1HQA zSbplMaC7y$+E?cC&H8;#)ut!6YT9|YRo=|Ut0j^#F?0enu-PXJNH0qw^4p-~BWE{9 zSIyzcMOhQoe20~J;O21lSC6Zi-#>@QcmFQae&J*L+Bz!!4u-#S_OK3@_wwWdc!-yS zeu8!(o@!4#u0LrH>zij&XuGK>V%8L3_B8pwl+8o(iic!EZQ2K&RB?C!UBt(rng*F< z8SC6Go-wCECaUy7HJcTf9+dE+PP| z=W_*;>Qa6N2iumZmu)MARE}i~m%YoO_y4C@vLK}*RxGxAPNoAaCe3%oN)Q9geK@u< z{oeL?0Ac0)EvbVU8cuQClB`QIcRs3H{QN?XsJI}w7|LxNr4o((SEM%*4#c+rDGDCr zx*AtriuKG@L>-(BT~)IBSuH-6rZt>3FU`1pluc!$k6la}z;quW|DU)}TVAXHD2peI zjF}|w7u3GUw(?>YT+WhPj`u29R#8Uda0|c$N`FI-0M}o6*diKEgP=L!Mf_G(ucitj zQ|1oai--j7<7jryJ-PsG)U4MDzdAo3C+riboq0r8Fk(wL(QV%Q{5PG{?G71*$55d z{b>GtV|m${^NWWIjpr$7?|*IC>Y-vUvH40FuhhD!KXLRe1O5@&d92N}5r#2{lt^KV z>HKp^+Uj=VDUY;;@P45SXY?=tS!aC_OMwLG0ZW&;5GQLbTo9mB4Hdm8?|ylrbW~Rl z1LJ~U*KGdmxpn>=-@pQDNU3mvz)aHL=(y5z*Kb)NzWs&ki2qdMe#pvj)A6{yX%Q4fz#SXL{va!X58k6L5)}&Yv*P@zmZKg!?`A@On8^L;YgJKE+LwFi*rQK$C4%xb!3pA_+bHUG83-8v3@RJl&-t9N)O@b~8-BBkT)7k?82aWMMoN-v{(iJxpn{3z z>4rkPko5>46PpO2%%2Q?Zt#A!x?|H|?%YB0^KJcyrpN6S*8*PtpJK!01I$3f~r8K@sk8a{9XpDe^E zERK)bkbDvwIQYjGmueD)g5^CEgbtog8)!;F3LU={6Ab|HN?!)BP&CI#8U+t_ZwA@+ z9Om|l=&9qY`KLr8UNA?qevn&nIJ$O0wp=n-wmm|5vNEKhHELy|F&FXR;Ez7t z@F-?UH#U64hz4o5`mX$Z1cJyF5|rALqMj`#dK@HD(s04k@@Lk+w49*yNxcOk>r*LH zw~jTFHZ~swgz>E~8hQHc90W@~E3;{49R&7$$O2F*3qTT~vIv zot?J%L-~Qz!j7XQpN#qlTD~ZMwS1j~O@BTFI%fz>j=UhTmipV)QD)0d8jHh$2G=>v zQZZSe>7a~Kn$!~m;IWA)oy95!ym?0U!O?yU=eKCic3*d+maN6KtEg9(+<&#*eQ)$% z!pKdAUSQz~y(w5G08R4raec7(nX`FsJ2ZhXim$0PJK9(@xF5`BI%iOlD}Kvfq%p0z zQxkULcVb0`W)ojjF~~=x+jk19BnRU%IB}l;<@=4gIN)hK822pK2P-* z;^rF;JFEQH{&qcF$;PjjzwFOlHzY;$q`Df3XetUzd?IoRa<-rP*mrlWn@`jrwOlN` zF}0yBdBNi9pi-eka=(XLk&A1n^q6_M#dj@}hN{`Bk`YQemfp))fb%35DoZ+vuj49; zVVr#Z0}^3y<#4z@=opvuT(rNg_sn#~e~{ZLnRS<(zDeAgd$0%v75;8opImc8hIP$B zC+f|a?K)bXcFp|Dx4SyyU)R5unUu9$dUIxp9h2KuNJ2EwYoaAKE>;gbPw!=BT>!7H zu~ceX5T@^bguEfJUDn};8qD)dXCJ{Y?GVDz@{}P?2o?=2l;MaWh$O(zJaoMm%DnQc zjcsv#m0^DMrR>jt`2{>lFVB~#wUvry3oAFfS*f%oxGR7Ag&B?umRTc&DTt6@56Ar)(deuW0vEQ0i+7VACv%-B1IREZu&UfoJ0w{Z$K^7M{78A9 z!3GOR-u%6_?6atr?xe$yhcFUhM9kv+X3WC2AU(++$x~szhv^?cRj|)A-mRB&z&&Md z?wiR3BsWc2=joZ-*ZQmx_47>no~f(na8_1a zJfhE^kr@&uTt9C5f883uUZ!NyD^EP`6wVVXI1Q$7C_0dE$@M31!|nl#kK$XXKfEry z&5$0^j4HRkyD6ew^X(HUVO?WNZhS$zy? zwR+~!(G9FQUJ9mRAvDP46I_+$7)pHjs*r`je1Pw+_E*ggQGJhcNO~mMz~56X$oGPFY~mlK227 zbwi032v9mF7jsV-|}NU(#S zl;`NDR538y^4GqJ;+y8N&8?+JNVV2*huJ_+tDaNOOJ8-eyR+V6%-`4JD zzP2|R3Fk?!{guRhSLtWpz517ZM*Qij`B8;I)yEH^$y6RXqM7T(936@%<%ufQM;xZ3 zc*{5p@uoV-Rl6Ig{7RbXow%NVfwa9_az7#LB!O8ZLl1*@+~7I+4@KX?JdHt?Sb?_D z3pgkeN{HzwQoD|a9c`&4ZxDDAljSnMo~|?fIn2HN{O((;cmKr{6ERedFJRPrYR|;n zIg-~>R54#esX!>Q@ux~PI`YlY{b{4=sHy76mX7fPxk(@`IUfFut`h9&FFiy#(Z2wa ztM^#rD;KY?cH+w_H)Hke(pB5R2TZ9SB61f@E*aSk>EfO%o>r4glyu}2k;iUcsuifu zB}Fbr)>;0RME}&x?okjsPIqo*NYc}OZj<2T>X_!eQpOQ8ce~ll1-|Zy%2~vMSHzk& zL}(Cz(G;v*XWYU}BtzV%1KPJ!dMj}jOQM~1C?x%SKJzSfmM#00-DwVvSP1}X@a&#S}&L^ikyp8zQ%o}a< zNP24i!9Io88gUCyOk)!znQD}}h^e*J_Sm0>hU4Dip+`i9UY zppuNMQWd?$9LOqNesbgGQLI62mh`$I?{O_9Q$nN^wY%%Fhk5gz*Y@PH-Y-$iAtD)C zr5Vl$&%g3 z$TB2_$qY4)jG1@d-}~+TaDLC1b3ONSuIJva`*i)+qt}#t>XZiLb8G6U;S&J0G;v>U zkz>uLnG{0_oo^?exfAmctwO?T4z{oXD#$gt_7~>20+XW^lcNbgRIBI3)W=3Mjzhs%4O3*{RZA&I4)qCu~fx5oUK*PV)rxap8+RJaLgsZKA% zzr=gv^&RxT$YH*(q3m4iTR{2Id{(#(IIsqPEwJq+Bt9oGoA2*|7+&=D(s+D5ex%#K zxZ8i9E3|QxynNHG>1|bPh5DD{TwBTK?O#BNt<>tWUNA?~BG0I^i>gG065E<^y|sz|q}7OX64tdSr8S z&ErU5x*}}vedF?YuO9Cw+9Vy)4#mKuMLyi( zv_Ag&ZS#`g^FQx8OyupSgY}&K+R4f;y6nvAqk5Mr7b6Y5#{VUj5PW%l^{A1?iyJ)V zae0;Lb#?}!ZeiZnfo!%9qNe1}uRG4wmtQbAeZlM4JY??Dh(dCKYyG5|9uF7KgNth_ zA3W|Pxapn$%rRCQa6)8~_!R2$%R+EK<1sSpndR(L{U*vF`KfVVM8#Y7wh@tWVt$Xq z*FogCM~7K#(dfi?$I`^>qSs3kA^-o829l3Ub)ZJ%2dg28N^D4+-4|VWI>Ic$bf$Xc zf+z`wtef!K*`A<7JR4u9(I%j*zFN0%+o7R9#2QjsRpyF9#wXzi7P{)cZ(mR!2wnJi zU+JcDMRIV}sO*#DMNOLEl}l=~L95kNE6cw<@td&TiD-fOA&yI1MM6`!OUhpqfI&N4 zTlWn%`9$k=q=~`r?`Poa5I4WO<6hc-^ZZba`3;Q|J zL&B$_X-qc?yXVV>=@2F!@C`n8-s}ruG1P};Wy8~Z@)^Io%q=3y*aI0zJL^OixjQG4 zcc^s5ahCIk-N%xs&IA0<73r`v;L~#fnr&4aA;&~%)3G*3rG?@(uH7(>k9?S179ww|NJF@wb0L2W$4P;ChfUQa)H$lj1-_sEi>7t4LYdOA-7SOs)~d% znbyTe6~6<*8iLYtZQNlo*BY=jd zLpXBQm}A02$(FkSwzHwXd2t!m&pb`&^jJdao)ahBOxzmIy495xH9nI>hwuQaC?|CM zkb?%h>LA)tn4DD@Tlz!L*mv!+ZL;MauaxM+yp8Dh(^x;qYWlX5H_)qyd797hb(6+I zB*9F3ND}>Yh!B9V-wvKy1Ql;-)Z-SFy*K4l9JrLVfirf2msc;;8(=XcV;H{7Y!+B; zU%n2e$QG}C1qhNE19=rI@lU6Ix7&TN#Q#22>g5}8&pO8`b;s{q+92fgIix~ayjjIr zR7PO?-zmqXnV#c`t$Mi&{=D~15DBAAZ)}zPWE)!}2lt9wGRsDTEM;$0ca3Hb|MI?~ z8V9WA0RYJi3IQKa7*2H?uYcjwn_jiPAyZGg&K72;mga1(hWjZc{2~ehIs1=;#)>}T zjr^u_>bQ|AxyF&WazV=x!||t4C&GN?A$f7zbnE(~XLl`E#KY~`|sv)ig?-|=)_{O+r@-@G*(@eI-hbug}hdH}ZiV*(W zR~GoMB23ioA*=s0v43x@`6~>ML+AVqA9u_1cl7Lg(;abNTtHd7yn6g>qPba?vVk3 zu|Ao4Ju{<%wokm@c2ztsiKwFiY+*+-OOdn1Bsk`xt%ndN9TM9*qyzOv7-7kaeWE?F z4YN?MJ=m+}XTA zvbjP@YoJg4Uw%Mlb5^{wH7o&9hE6{LmooDfE^)frA*?E&<3D^1J&wk>!@u%Ta>11~ zI^-pd4-8pbdNSa6K5nDxBUzh>AF8v%YAlW_W3mD_qOPoqgqs<@I>ClT?8Ct86VwYX zgV0uZs!XH=ZLDcKFT1$Xu>zb#$O<4_u&sm3u7S3IBDdI>b0&L-XV&}TJ>GHo_Xb64SM!=H7AB73dUx; z9Q{oJA zwJ_=~<&DDLN!4?b5@SPyFjAl|QDPNOF_>m!fI^xsay7kD*-hSRS&JqQk&sv7v zU$J#kdmed*zPM%R(ETF4_<>+T&2jPB$$|`rKLNNU=tM~6=Eh~Vv{h&VvY?nRs>CsQ zh9(#!X=Y!rooyoNMPwc;+trkv_&}bg@)%Llz*mgJI)N$cyZjaNF@GH%^aC0`IfP@M zQIi~lj_#Q%POX;3f@qgV!7@K@_8FdRmd-kS(vN9^zEx~PQ%=|t zpHq5*EA46iL6n$|1E$A4rVuVwF7+b=+F6?;10)|Mo)IA2o&iXSep~krI)vp2>4i0q zUZ6w5D#wLWZ;lk2#j*4P(7p)vaQ}6V80hIgyPz;So@#?2OVQTXJ}y_YlB&tKhtEBT z=($_|pz`E>X9N)TgZFf{8EBGi?177V9?xX)NiLREv3KaWY@>GY(d7bW&(Fw}@j; zq4JL9kKplNmnzzvzZH&$$cw#FKD1lIM8lW>!Z4mW*%{1=P#uV!ZDnv!LpC?$x*x>v z9HilHn0m2%47e=S{24Le#Qu+;aWx;l(-d z+*M@7(_mv(7Z`FqSHo}wRk;q&2D&UkLg~RlR{I?EG;L@ZdW^=bmRm-OlT}~P6p#dj zQWu$h2d$&lIZgc1pXe%i?&kYh3-j}HdV1$do&y)O%V?||N7j*(#b@b|)f!Yd8`!W8 z7A=RkyM0bRC;jwUCaNMjixJ}z%tXF*j)iy{Yx*S&~Vn1&7aXA}7{pS_I!L@i{zaGu~ z@@-SwPpfAgo)zW_WdbI|pXllW1j0)9uj4L-07_RKVmv?$sS_%q^CWkzj%klPubz_} z@+DG*5#S%4+D-CF6O>gjMIxDY%^Cnh`e@=L;>MrUMsLX{p4BT2$E|wT6g%t2g;C#= zsYmzY-zp#M5`iO@$RSvB)y}Uq7!=t`fX1%PJhL;uiZ&>eRo2Wtt?SKt-fk?NRML5U zwE1j3c3*_X{_i+Xi}~mw4Nto|6?qNmWK7misRVVlE#5bEE#t`F8i>jFfDPU7uZHEO zP`|_0=vyL_Lzev!KFLmU3LjCv4d|)R;v&*{i!|Bu6Y|fpLT;PIx=Hrsg(PLPYZ_P1 zpaQxqyAi>FuHP7%QzpG-_;Qp&OFz5!WK0$&@ zd*0IQf_q}K_T{L&Mzp(DKs;v0h0$ag%5MLvJoEp436ZH^~^aeu5?*!gk1P1Ibunmr^{&P|v{N}WAaVxNFi$-ddz=76Xvtv{c5WyuT~+P_Fn1w|*YY#cA> z5RwyXH*dw4(7*~1=0G-yf1B56ft4Mg&XIdiRTQEG^8O-N>fvS1^V*r?~;n%~<$8JgahuF8k*F06j+9(FTbO^Ip zFOOQ>*~{*ny=JrdF*rnVY*acm^X*cOx~LRGlSc;uz30O< z8M2S%_;tA4`e&`68c@PM)eh4(_x{(q>Fa+iOQ&yNbxZx6uD_eV$?T^Y>1gnGw{gFk zw)YL!3Ho|FQWmKPid6}#Z~%-47Fz0;IStK&veX@{{4BJqZgkKj5SR|qQgH)=ZBuwW zrAPa?(C2j-IjJ8w^(^Az?;8eYWZ9JJcf~hf>Pn=|$TL|i-yz&}chln^egGJUTK)9vOUaZD}r|L;3|0owilo76K8zJVnkaLpeaR!$ot$kw!@55Q7a% zMo`Q%Xk3XeIx)4QbJYpyzTRtPGVXiTdl7L@-BNAY#>LWjp0nPyj06jnDq#MGNrg5s zw&gg-Kr6yl-$~1*v`Z)Lo~J64&vX#Fh~~Kdwv-mlF5Zp{C&x|%)LR%S)TyX)#w-+u z86+g4Hh?70K&RblisAFnZ-=l`9vj=j16C!lhQ~Fx%W?cOmc~vw%YHrq`S)>1#czkEiQawj>(d6Nik%0g3M?$xf0W8Wo zBsQsrr}jaZ5*}^*ln!~f?Xq?A@UM=_pzevp2ANj*N>ribbZo~uSr+ceD<-X3zBC`mgs*uq?)PT13T`u6M-LFPS_`u2UZydTOT~BXB zC9Fae4;dHDe2aRPl1GjH8iOWD`XQCN1_SjMw` zE@HOWxM5>Gu=;I+Gh8}{BJyD>61rtOF!Tx`H)BSwD5_~Qeo{Sg_Kv{Sw{i;(h}6vg zL}L;CYL8&rnAJu)q>XQY1C-<=&Z%Oxp@g0fIWRWgpeua$CwFdq2QZiqXP(*kR(y?; z2`IPxE&pcfX7~_u=+2n*gKQg?irss-_GNU}eAsT~!6XQr-z$iO_J1?Bd5Efr+YEAh zke%W8-7hASH^a)`vtrcS$f%B1y+j*xI-vvy#gwb!!h2xv8?p@1nTD)&_pN>ySHc-`yx^GJB-T1M|pglMq>}>Y@gF%33nyKUw0!^YR<7& zuE5#H&P#2!n@|L25^Y)DPFm^@pF(2yh1gh6q4jRKb zwLSIVY|=J?CS_eXe7kQ*j$;j`>0l@Kh>vPa=b``HKzUp$r=wz$c05+ z*E-GmYvI7Cq|t7y{zgoC?%7pdVT?0Pl&V33^)b@@P>K>XuI>q=YZWWTYTNv=LAdX) zb)s|NMP_OlG+Tb7TsAs{GazjK`w*4;fUvp4T}K=JC$>4n!Rr-Fhj9ItmCd(k^9-^s zYd7;3{*->4Cnr<$;&DKT{E|qtzDnaxJQl_cP>}|m!I}c zYYQ(+pbJGkVG(%#4=qr2eeKOU1(r@~vX)vB&u(1>n zk*An@|J;pxUihBT1~D6Yqpfl-*xD{GZv~7hO|z`0@L{JF73EhUZ&C1Dtc?kgB1l6z z3zV{(Hc^QW)Q=y3J@z%Rw-mQM7Vd+g#>5mC3f8bOu zZoM$1DT;UNpbFxf>UnD5~)ETFx zH8_+_QX})%AYR#h(eOiuM`7o_XVs6$F9Vm(UJA!R^B;#2ZBs1F3tU(&$}ZpW6jR6I z#k?X%Oe`~c8ayvDW|O|Y_yvjX1w%-KPBE2I7e+n>82@^hhCC<%N6fE|TNrv$g6vu6e=jDBEy4L^gh8U6EyWwP5~K zwzHdoY}xI+67}8zTtGlzO|6yrfo(93I{ppk)Rk$b7g0jh=lw#p0*&5MpOT*9`4Z}B z3(nH@b?svTy28f`oH<#}89V=7jb>#oFKup&uW~G?#w7xouJtok#yTmyCgmk!YMRQe z2ICmg4lEwJ|935wdLB+wwQK`G@f_?8g=6ue8)4=tCinR?URW<~Z^ZiIdZJ2ug0=Y4 z^_HBk(IHV)hea9V%|tu==&mFPU~xj+Q;0uHvg7mcnVp%@=;h^Wm(Ao#t5>a*88sRp z`4ZIu5^lejrZxGLYDgIUC7kW88TX87-S6kfPm8&j6C+Kcu0pKL&80mV3)qZ>g#bM6 zmk(~o-*mvT%vLQ?(Z9f9Hp8>B-B`KSb30-T9uGaQ1dSD9nx-leBE*MuNwlPsi`HN9 z`XX`5@?TGE1sH0f3`J4Kp%Q&7p!iTP9RkD@x2q=fDExH1-h8;p;ygwewWy7c_j~{Y|V~j(3Er4NY2P3CyIvH-6Zbw`sgo z@Nsuv%@=P#2_zL0-AFFBB#zfghstv7+oP8{;-urzX-ekhQ=NBX6 zWImvnZc^Uc|rR;$H$?gp@JCZ!AoYOJ^;K1>=2K1 z!)&j!%jstrfg3z+YGHPa4+Hk5RH2)LgS`Y6jPSS;V?#AEAZ6#OgCLmYOxzQb$4 zFto1FM)iVwsIiruOrwSZs?{$e$vaHb=N&S2$AQsIlR>+qlb+8vFxUuzeRxKH%k6(z za~prqf!`8B4vliuEZ_?FnNEp~2M%g`57N#|MT&t&rjy}%<-h*@cvTDBdDPw1gSJZw ztDdlU_Q)cBHn`!QRLxZEwVhQ|s!zO*rpn;Dye~AVP7;SuRae;vaxGl$6h#r;T*l}S zH#+3&CZTG_g}}DNMkszMLzS!CvVuMBvfj-5;hpOr<>*=X{ZZLV^F=EOi0kHbHjho- ztwd2j-Zvb%QR63c7GOYbm6^p^|Jcw+^<5&D-8DIr8e~kQ%4;8HzccqS_x;j^-q%W{ z3?0YQgd&$1gZrmiie&ElU9(EZvWG!}s%_n2HpCw+Q>ZH(SL>Rj0yvoYA*uPm+U3-R z3|dr=EFIDp?RC_dxLNlCJC~z<}(UK4TMaeZPy}JPS}-+(`bOwfs*40gq+i zfd9oU{~zvOD&fga3~7J$U}ui6?+O(Aev|Oe=9~3s#q!+)qo6BT&50jvv90_91}+(c zJLe#fKb_YrUSOv~s!kW-#hUri0#6PLM2v0@KCHPkY$$1BEP126eaT_r_qz#^<8+L( z@5_}YU??sKAx9{Vdpzkp@ADE@qWNt!Bq(?^T|jHPRsFTHJ4-IUt6)8_O9dVeTg_i# zqKX|^I)!`9P&u5v$!w+}MMfLhPGUZy<}KeUdUnMm(ztu{ZjBkKGG-+QQc|=!J$?BN z%hz>!WqUjRMhUGpmJJEn;#JyiqvrN|-D^bP_we$bt=N+wH9+)F1wO~tWX=z!oX8fw#(s@c>_#bf7smlNW From 01232eff53abe9ea7ad444278c38335aaabfdb26 Mon Sep 17 00:00:00 2001 From: Henry Zhang Date: Tue, 29 Mar 2016 10:02:50 +0800 Subject: [PATCH 19/23] README --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 5ec78056f..e94a80be9 100644 --- a/README.md +++ b/README.md @@ -63,7 +63,7 @@ We welcome contributions from the community. If you wish to contribute code, we Harbor is available under the [Apache 2 license](LICENSE). ### Partners -DataMan +DataMan ### Users -MaDaiLiCai SlamTec +MaDaiLiCai SlamTec From 40aff95c0dc39f3d1c89749647ad41fab2caf523 Mon Sep 17 00:00:00 2001 From: xiahaoshawn Date: Tue, 29 Mar 2016 11:59:52 +0800 Subject: [PATCH 20/23] refactor configure_https.md --- docs/configure_https.md | 87 ++++++++++++++++++++++++++++++----------- 1 file changed, 65 insertions(+), 22 deletions(-) diff --git a/docs/configure_https.md b/docs/configure_https.md index 00e1f796e..2acf58f0b 100644 --- a/docs/configure_https.md +++ b/docs/configure_https.md @@ -1,35 +1,56 @@ #Configure Harbor with HTTPS Access -Because Harbor does not ship with any certificates, it uses HTTP by default to serve registry requests. This makes it relative simple to configure. However, it is highly recommended that security be enabled for any production environment. Harbor has an Nginx instance as a reverse proxy for all services, you can configure Nginx to enable https. +Because Harbor does not ship with any certificates, it uses HTTP by default to serve registry requests. This makes it relatively simple to configure. However, it is highly recommended that security be enabled for any production environment. Harbor has an Nginx instance as a reverse proxy for all services, you can configure Nginx to enable https. ##Get a certificate -Assuming that your registry’s domain is harbordomain.com, and that its DNS record points to the host where you are running Harbor, you first should get a certificate from a CA. The certificate usually contains a .crt file and a .key file, for example, harbordomain.crt and harbordomain.key. +Assuming that your registry’s **hostname** is **reg.yourdomain.com**, and that its DNS record points to the host where you are running Harbor, you first should get a certificate from a CA. The certificate usually contains a .crt file and a .key file, for example, **yourdomain.com.crt** and **yourdomain.com.key**. -In a test or development environment, you may choose to use a self-signed certificate instead of the one from a CA. The below command generates your own certificate: +In a test or development environment, you may choose to use a self-signed certificate instead of the one from a CA. The below commands generate your own certificate: + +1) Create your own CA certificate: ``` -openssl req \ - -newkey rsa:4096 -nodes -sha256 -keyout harbordomain.key \ - -x509 -days 365 -out harbordomain.crt + openssl req \ + -newkey rsa:4096 -nodes -sha256 -keyout ca.key \ + -x509 -days 365 -out ca.crt +``` +2) Generate a Certificate Signing Request, be sure to use **reg.yourdomain.com** as the CN (Common Name): +``` + openssl req \ + -newkey rsa:4096 -nodes -sha256 -keyout yourdomain.com.key \ + -out yourdomain.com.csr +``` +3) Generate the certificate of your registry host + +You need to configure openssl first. On Ubuntu, the config file locates at /etc/ssl/openssl.cnf. Refer to openssl document for more information. The default CA directory of openssl is called demoCA. Let’s creates necessary directories and files: +``` + mkdir demoCA + cd demoCA + touch index.txt + echo '01' > serial + cd .. + ``` +Then run this command to generate the certificate of your registry host: +``` + openssl ca -in yourdomain.com.csr -out yourdomain.com.crt -cert ca.crt -keyfile ca.key –outdir . ``` -Be sure to use harbordomain as a CN. ##Configuration of Nginx -After obtaining the .crt and .key files, change the directory to Deploy/config/nginx in Harbor project. +After obtaining the **yourdomain.com.crt** and **yourdomain.com.key** files, change the directory to Deploy/config/nginx in Harbor project. ``` cd Deploy/config/nginx ``` -Create a new directory “cert/” if it does not exist. Then copy harbordomain.crt and harbordomain.key to cert/. +Create a new directory “cert/” if it does not exist. Then copy **yourdomain.com.crt** and **yourdomain.com.key** to cert/. Rename the existing configuration file of Nginx: ``` mv nginx.conf nginx.conf.bak ``` -Copy the template nginx.https.conf as the new configuration file: +Copy the template **nginx.https.conf** as the new configuration file: ``` cp nginx.https.conf nginx.conf ``` -Edit the file nginx.conf and replace two occurrences of harbordomain.com to your own domain name. +Edit the file nginx.conf and replace two occurrences of **server name** harbordomain.com to your own host name: reg.yourdomain.com . ``` server { listen 443 ssl; @@ -41,15 +62,16 @@ Edit the file nginx.conf and replace two occurrences of harbordomain.com to your listen 80; server_name harbordomain.com; rewrite ^/(.*) https://$server_name$1 permanent; + ``` - - -Then look for the SSL section to make sure the files of your certificates match the names in the config file. +Then look for the SSL section to make sure the files of your certificates match the names in the config file. Do not change the path of the files. ``` … + # SSL - ssl_certificate /etc/nginx/cert/harbordomain.crt; - ssl_certificate_key /etc/nginx/cert/harbordomain.key; + ssl_certificate /etc/nginx/cert/yourdomain.com.crt; + ssl_certificate_key /etc/nginx/cert/yourdomain.com.key; + ``` Save your changes in nginx.conf. @@ -57,24 +79,45 @@ Save your changes in nginx.conf. Next, edit the file Deploy/harbor.cfg , update the hostname and the protocol: ``` #set hostname - hostname = habordomain.com + hostname = reg.yourdomain.com #set ui_url_protocol ui_url_protocol = https ``` - Generate configuration files for Harbor: ``` - ./prepare +./prepare ``` -If Harbor is already running, stop and remove the existing instance: +If Harbor is already running, stop and remove the existing instance. Your image data remain in the file system ``` - docker-compose stop + docker-compose stop docker-compose rm ``` - Finally, restart Harbor: ``` docker-compose up –d ``` +After setting up HTTPS for Harbor, you can verify it by the follow steps: + +1. Open a browser and enter the address: https://reg.yourdomain.com . It should display the user interface of Harbor. + +2. On a machine with Docker daemon, make sure the option “--insecure-registry” does not present, run any docker command to verify the setup, e.g. +``` + docker login reg.yourdomain.com +``` +##Troubleshooting +1.` `You may get an intermediate certificate from a certificate issuer. In this case, you should merge the intermediate certificate with your own certificate to create a certificate bundle. You can achieve this by the below command: +``` + cat intermediate-certificate.pem >> yourdomain.com.crt +``` +2.` `On some systems where docker daemon runs, you may need to trust the certificate at OS level. + On Ubuntu, this can be done by below commands: +``` + cp youdomain.com.crt /usr/local/share/ca-certificates/reg.yourdomain.com.crt + update-ca-certificates +``` + On Red Hat (CentOS etc), the commands are: +``` + cp yourdomain.com.crt /etc/pki/ca-trust/source/anchors/reg.yourdomain.com.crt + update-ca-trust From 93803ac3aa563c5ed74e0e380622598da4aedb72 Mon Sep 17 00:00:00 2001 From: Tan Jiang Date: Tue, 29 Mar 2016 19:37:04 +0800 Subject: [PATCH 21/23] fix potential index out of range error --- service/utils/registryutils.go | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/service/utils/registryutils.go b/service/utils/registryutils.go index 97c4b53f8..93dd9e81c 100644 --- a/service/utils/registryutils.go +++ b/service/utils/registryutils.go @@ -46,6 +46,8 @@ func BuildRegistryURL(segments ...string) string { // RegistryAPIGet triggers GET request to the URL which is the endpoint of registry and returns the response body. // It will attach a valid jwt token to the request if registry requires. func RegistryAPIGet(url, username string) ([]byte, error) { + + log.Debugf("Registry API url: %s", url) response, err := http.Get(url) if err != nil { return nil, err @@ -59,8 +61,8 @@ func RegistryAPIGet(url, username string) ([]byte, error) { return result, nil } else if response.StatusCode == http.StatusUnauthorized { authenticate := response.Header.Get("WWW-Authenticate") + log.Debugf("authenticate header: %s", authenticate) str := strings.Split(authenticate, " ")[1] - log.Debugf("url: %s", url) var service string var scope string strs := strings.Split(str, ",") @@ -71,8 +73,12 @@ func RegistryAPIGet(url, username string) ([]byte, error) { scope = s } } - service = strings.Split(service, "\"")[1] - scope = strings.Split(scope, "\"")[1] + if arr := strings.Split(service, "\""); len(arr) > 1 { + service = arr[1] + } + if arr := strings.Split(scope, "\""); len(arr) > 1 { + scope = arr[1] + } token, err := GenTokenForUI(username, service, scope) if err != nil { return nil, err From 88de5aeffe9e8442b23959566849cc3caee0d39e Mon Sep 17 00:00:00 2001 From: Tan Jiang Date: Wed, 30 Mar 2016 15:53:35 +0800 Subject: [PATCH 22/23] set default log level to debug for troubleshooting --- Deploy/templates/ui/env | 1 + 1 file changed, 1 insertion(+) diff --git a/Deploy/templates/ui/env b/Deploy/templates/ui/env index 55701bbdb..45e64c188 100644 --- a/Deploy/templates/ui/env +++ b/Deploy/templates/ui/env @@ -8,3 +8,4 @@ HARBOR_URL=$ui_url AUTH_MODE=$auth_mode LDAP_URL=$ldap_url LDAP_BASE_DN=$ldap_basedn +lOG_LEVEL=debug From a577c6c4030bd49491cabd6510c570c703417605 Mon Sep 17 00:00:00 2001 From: Tan Jiang Date: Wed, 30 Mar 2016 15:55:14 +0800 Subject: [PATCH 23/23] set default log level to debug for troubleshooting --- Deploy/templates/ui/env | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Deploy/templates/ui/env b/Deploy/templates/ui/env index 45e64c188..8fe9710c1 100644 --- a/Deploy/templates/ui/env +++ b/Deploy/templates/ui/env @@ -8,4 +8,4 @@ HARBOR_URL=$ui_url AUTH_MODE=$auth_mode LDAP_URL=$ldap_url LDAP_BASE_DN=$ldap_basedn -lOG_LEVEL=debug +LOG_LEVEL=debug