Merge pull request #5739 from steven-zou/fix_s3_storage_issue

Fix issues related with chart storage

make/docker-compose.chartmuseum.tpl

@@ -20,6 +20,7 @@ services:
       - redis
     volumes:
       - /data/chart_storage:/chart_storage:z
+      - ./common/config/chartserver:/etc/chartserver:z
     logging:
       driver: "syslog"
       options:  

make/harbor.cfg

@@ -186,14 +186,16 @@ uaa_verify_cert = true
 uaa_ca_cert = /path/to/ca.pem
 
 
-### Docker Registry setting ###
+### Harbor Storage settings ###
+#Please be aware that the following storage settings will be applied to both docker registry and helm chart repository.
 #registry_storage_provider can be: filesystem, s3, gcs, azure, etc.
 registry_storage_provider_name = filesystem
 #registry_storage_provider_config is a comma separated "key: value" pairs, e.g. "key1: value, key2: value2".
+#To avoid duplicated configurations, both docker registry and chart repository follow the same storage configuration specifications of docker registry.
 #Refer to https://docs.docker.com/registry/configuration/#storage for all available configuration.
 registry_storage_provider_config =
 #registry_custom_ca_bundle is the path to the custom root ca certificate, which will be injected into the truststore
-#of registry's container.  This is usually needed when the user hosts a internal storage with self signed certificate.
+#of registry's and chart repository's containers.  This is usually needed when the user hosts a internal storage with self signed certificate.
 registry_custom_ca_bundle = 
 
 #If reload_config=true, all settings which present in harbor.cfg take effect after prepare and restart harbor, it overwrites exsiting settings.

make/photon/chartserver/docker-entrypoint.sh

@@ -7,6 +7,22 @@ if [ -d /chart_storage ]; then
     chown 10000:10000 -R /chart_storage
 fi
 
-# Start the server process
+#Config the custom ca bundle
+if [ -f /etc/chartserver/custom-ca-bundle.crt ]; then
+    if grep -q "Photon" /etc/lsb-release; then
+        if [ ! -f /etc/pki/tls/certs/ca-bundle.crt.original ]; then
+            cp /etc/pki/tls/certs/ca-bundle.crt /etc/pki/tls/certs/ca-bundle.crt.original
+        fi
+
+        echo "Appending custom ca bundle ..."
+        cp /etc/pki/tls/certs/ca-bundle.crt.original /etc/pki/tls/certs/ca-bundle.crt
+        cat /etc/chartserver/custom-ca-bundle.crt >> /etc/pki/tls/certs/ca-bundle.crt
+        echo "Done."
+    else
+        echo "Current OS is not Photon, skip appending ca bundle"
+    fi
+fi
+
+#Start the server process
 sudo -E -H -u \#10000 sh -c "/chartserver/chartm" #Parameters are set by ENV
 set +e

make/prepare

@@ -399,6 +399,14 @@ if storage_provider_name == "filesystem":
 # generate storage configuration section in yaml format
 storage_provider_conf_list = [storage_provider_name + ':']
 for c in storage_provider_config.split(","):
+    kvs = c.split(": ")
+    if len(kvs) == 2:
+        if kvs[0].strip() == "keyfile":
+            srcKeyFile = kvs[1].strip()
+            if os.path.isfile(srcKeyFile):
+                shutil.copyfile(srcKeyFile, os.path.join(registry_config_dir, "gcs.key"))
+                storage_provider_conf_list.append("keyfile: %s" % "/etc/registry/gcs.key")
+                continue
     storage_provider_conf_list.append(c.strip())
 storage_provider_info = ('\n' + ' ' * 4).join(storage_provider_conf_list)
 render(os.path.join(templates_dir, "registry", registry_config_file),
@@ -612,6 +620,11 @@ if args.chart_mode:
         print ("Create config folder: %s" % chartm_config_dir)
         os.makedirs(chartm_config_dir)
 
+    # handle custom ca bundle
+    if len(registry_custom_ca_bundle_path) > 0 and os.path.isfile(registry_custom_ca_bundle_path):
+        shutil.copyfile(registry_custom_ca_bundle_path, os.path.join(chartm_config_dir, "custom-ca-bundle.crt"))
+        print("Copied custom ca bundle: %s" % os.path.join(chartm_config_dir, "custom-ca-bundle.crt"))
+    
     # process redis info
     cache_store = "redis"
     cache_redis_password = redis_password
@@ -643,15 +656,25 @@ if args.chart_mode:
         storage_provider_config_options.append("STORAGE_AMAZON_PREFIX=%s" % storgae_provider_confg_map.get("rootdirectory", ""))
         storage_provider_config_options.append("STORAGE_AMAZON_REGION=%s" % storgae_provider_confg_map.get("region", ""))
         storage_provider_config_options.append("STORAGE_AMAZON_ENDPOINT=%s" % storgae_provider_confg_map.get("regionendpoint", ""))
+        storage_provider_config_options.append("AWS_ACCESS_KEY_ID=%s" % storgae_provider_confg_map.get("accesskey", ""))
+        storage_provider_config_options.append("AWS_SECRET_ACCESS_KEY=%s" % storgae_provider_confg_map.get("secretkey", ""))
     elif storage_provider_name == "gcs":
         # google cloud storage
         storage_driver = "google"
         storage_provider_config_options.append("STORAGE_GOOGLE_BUCKET=%s" % storgae_provider_confg_map.get("bucket", ""))
         storage_provider_config_options.append("STORAGE_GOOGLE_PREFIX=%s" % storgae_provider_confg_map.get("rootdirectory", ""))
+
+        keyFileOnHost = storgae_provider_confg_map.get("keyfile", "")
+        if os.path.isfile(keyFileOnHost):
+            shutil.copyfile(keyFileOnHost, os.path.join(chartm_config_dir, "gcs.key"))
+            targetKeyFile = "/etc/chartserver/gcs.key"
+            storage_provider_config_options.append("GOOGLE_APPLICATION_CREDENTIALS=%s" % targetKeyFile)
     elif storage_provider_name == "azure":
         # azure storage
         storage_driver = "microsoft"
         storage_provider_config_options.append("STORAGE_MICROSOFT_CONTAINER=%s" % storgae_provider_confg_map.get("container", ""))
+        storage_provider_config_options.append("AZURE_STORAGE_ACCOUNT=%s" % storgae_provider_confg_map.get("accountname", ""))
+        storage_provider_config_options.append("AZURE_STORAGE_ACCESS_KEY=%s" % storgae_provider_confg_map.get("accountkey", ""))
         storage_provider_config_options.append("STORAGE_MICROSOFT_PREFIX=/azure/harbor/charts")
     elif storage_provider_name == "swift":
         # open stack swift
@@ -659,12 +682,21 @@ if args.chart_mode:
         storage_provider_config_options.append("STORAGE_OPENSTACK_CONTAINER=%s" % storgae_provider_confg_map.get("container", ""))
         storage_provider_config_options.append("STORAGE_OPENSTACK_PREFIX=%s" % storgae_provider_confg_map.get("rootdirectory", ""))
         storage_provider_config_options.append("STORAGE_OPENSTACK_REGION=%s" % storgae_provider_confg_map.get("region", ""))
+        storage_provider_config_options.append("OS_AUTH_URL=%s" % storgae_provider_confg_map.get("authurl", ""))
+        storage_provider_config_options.append("OS_USERNAME=%s" % storgae_provider_confg_map.get("username", ""))
+        storage_provider_config_options.append("OS_PASSWORD=%s" % storgae_provider_confg_map.get("password", ""))
+        storage_provider_config_options.append("OS_PROJECT_ID=%s" % storgae_provider_confg_map.get("tenantid", ""))
+        storage_provider_config_options.append("OS_PROJECT_NAME=%s" % storgae_provider_confg_map.get("tenant", ""))
+        storage_provider_config_options.append("OS_DOMAIN_ID=%s" % storgae_provider_confg_map.get("domainid", ""))
+        storage_provider_config_options.append("OS_DOMAIN_NAME=%s" % storgae_provider_confg_map.get("domain", ""))
     elif storage_provider_name == "oss":
         # aliyun OSS
         storage_driver = "alibaba"
         storage_provider_config_options.append("STORAGE_ALIBABA_BUCKET=%s" % storgae_provider_confg_map.get("bucket", ""))
         storage_provider_config_options.append("STORAGE_ALIBABA_PREFIX=%s" % storgae_provider_confg_map.get("rootdirectory", ""))
         storage_provider_config_options.append("STORAGE_ALIBABA_ENDPOINT=%s" % storgae_provider_confg_map.get("endpoint", ""))
+        storage_provider_config_options.append("ALIBABA_CLOUD_ACCESS_KEY_ID=%s" % storgae_provider_confg_map.get("accesskeyid", ""))
+        storage_provider_config_options.append("ALIBABA_CLOUD_ACCESS_KEY_SECRET=%s" % storgae_provider_confg_map.get("accesskeysecret", ""))
     else:
         # use local file system
         storage_provider_config_options.append("STORAGE_LOCAL_ROOTDIR=/chart_storage")