customize token

2024-09-20 18:27:40 +00:00 · 2016-04-20 01:37:07 +08:00 · 2016-04-20 01:37:07 +08:00 · 4ce0bc2a29
commit 4ce0bc2a29
parent 0f02e1fa6d
6 changed files with 271 additions and 176 deletions
--- a/Deploy/config/registry/root.crt
+++ b/Deploy/config/registry/root.crt
@ -1,15 +1,33 @@
 -----BEGIN CERTIFICATE-----
-MIICWDCCAcGgAwIBAgIJAN1nLuloDeHNMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV
-BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
-aWRnaXRzIFB0eSBMdGQwHhcNMTYwMTI3MDQyMDM1WhcNNDMwNjE0MDQyMDM1WjBF
-MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50
-ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
-gQClak/4HO7EeLU0w/BhtVENPLOqU0AP2QjVUdg1qhNiDWVrbWx9KYHqz5Kn0n2+
-fxdZo3o7ZY5/2+hhgkKh1z6Kge9XGgune6z4fx2J/X2Se8WsGeQUTiND8ngSnsCA
-NtYFwW50SbUZPtyf5XjAfKRofZem51OxbxzN3217L/ubKwIDAQABo1AwTjAdBgNV
-HQ4EFgQU5EG2VrB3I6G/TudUpz+kBgQXSvYwHwYDVR0jBBgwFoAU5EG2VrB3I6G/
-TudUpz+kBgQXSvYwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOBgQAx+2eo
-oOm0YNy9KQ81+7GQkKVWoPQXjAGGgZuZj8WCFepYqUSJ4q5qbuVCY8WbGcHVk2Rx
-Jg1XDCmMjBgYP6S0ikezBRqSmNA3G6oFiydTKBfPs6RNalsB0C78Xk5l5+PIyd2R
-jFKOKoMpkjwfeJv2j64WNGoBgqj7XRBoJ11a4g==
+MIIFqTCCA5GgAwIBAgIJAL1ERoYUEaTZMA0GCSqGSIb3DQEBCwUAMGsxCzAJBgNV
+BAYTAkNOMQ4wDAYDVQQIDAVTdGF0ZTENMAsGA1UEBwwEbmFtZTEaMBgGA1UECgwR
+b3JnYW5pemF0aW9uIG5hbWUxITAfBgNVBAsMGG9yZ2FuaXphdGlvbmFsIHVuaXQg
+bmFtZTAeFw0xNjA0MTkxNzMxMThaFw0yNjA0MTcxNzMxMThaMGsxCzAJBgNVBAYT
+AkNOMQ4wDAYDVQQIDAVTdGF0ZTENMAsGA1UEBwwEbmFtZTEaMBgGA1UECgwRb3Jn
+YW5pemF0aW9uIG5hbWUxITAfBgNVBAsMGG9yZ2FuaXphdGlvbmFsIHVuaXQgbmFt
+ZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKDaZVJiE/jmnkBUv1xz
+Oc/JNNnAkNcd1Bi9Am8wZZJlmpdZieLneNbQhyNaFVYQovdHBQ+KfXyZtz9cE1rM
+TWlgpPr1Slh5CSyTTHHASpic1rDUTuvlqctFgCXHzwiDwWH+97f+HfcPUGxdXrB
+87cwWliFGSIsZKfa53cw4uNnCEcnsnk9fjT7d+eUn/PbO+tQMIPQTnu3Zc4ABjRN
+rZHiN5H6zr5xq9BJdB4n0dpDtk+8ygZqZ12Y4snL3P9nzYz9bNNA6G55B8BY6Cvg
+i3yNdrDbptdUp2FQmn3ODum7vqTLDnkBASBF/F9RV1kqRGAV2hge1VYKjm+eKB4N
+qn6Ep2cy6ZIiMX7z5OVNEgryfYIdr5UF4JEprS+vXivvRZ9kfSZC5yc976z+O/6h
+T0xR6qZaTujt3K82wPNmZRaXeNCms7QwfbJN9blvkQZSCkaTCEgbeGnrmw/RvX3p
+ilDbMABJDon9olwOGDEa+OgvTtdB0NHokD/ONKeQwf8cGde5UIWmljSaTOub1p3z
+BnEugYWZkvEFZbQssiY1LDM/o4GiQjdEVE0sLcnWbXyG1ceG6o6cIz8W64cXST9B
+4aPPWZ4y/MPm+kQsvO6PwFdRGg8AaVSKIrbB/mYLu2Q21NVnsXpje6hybyk9Cfb2
+BsGgUCEL0TdbuWuQNriqwxLdAgMBAAGjUDBOMB0GA1UdDgQWBBTvqAlIppLW24Ds
+zdEd/4oyGoCUSDAfBgNVHSMEGDAWgBTvqAlIppLW24DszdEd/4oyGoCUSDAMBgNV
+HRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQAYr1jl8N5B63J6xNfjN/dtaMKl
+gm/h/ghBl5EUTGSkkAOT+tkZkmSVhBTlqF7sndgkvNiaF3ds2tM6xXju28Ipemn7
+3nSYg7bFcxKJ6VDr21+8PZAoFC//oquXoeSpCU40Fl3uq0goxo2J9g6WikBbzpxd
+AFlXSC9baTpQpfQavuT/2Clfu1YsaFhhtGPupNoTwkzaqgBOln9kKp7DkaVuR0Lu
+x7/c+LvSGIJYwN9MKXSe1YJ4mbMVhXF6eMVwKZfbDPvgr2lkJNpCltdqd5AozunE
+kc1BDvrDoRUTMnwxixxfmTa4brYlJd/WhmtBfjOrVavm3dkzT7JusPCsiFYP8xJx
+uRsrhP5qHyNKnWKt+XQHicT74WbplHhn2HSKwAd/a1n1+AN79zXPNe4lUASmYu+a
+6dL870qEWQ8CvCyqGOmGzZnEuVGQ1I6tRpL17wLmXQyM+VS1VjjvXOD+EYmG0qMl
+k6NsleM0KxIe2E6o4Z66RlsaygoQQ1um8VRJFu64GuTWjeqOn3k6t8CkLorSsr/r
+CUd9wM09YZ5H05pEdr/dmnzjIcmLfNXprdtguMndGM97vkHvcYazc0NKrNOEcY/U
+cgcf7r2d0QVcyk4KczFv4TzaEcTMIGiUemYxOjjEaMyOs0TnOdR3keimTz970N9
+foE07UI+31lH38VOeQ==
 -----END CERTIFICATE-----
--- a/Deploy/config/ui/private_key.pem
+++ b/Deploy/config/ui/private_key.pem
@ -1,15 +1,51 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQClak/4HO7EeLU0w/BhtVENPLOqU0AP2QjVUdg1qhNiDWVrbWx9
-KYHqz5Kn0n2+fxdZo3o7ZY5/2+hhgkKh1z6Kge9XGgune6z4fx2J/X2Se8WsGeQU
-TiND8ngSnsCANtYFwW50SbUZPtyf5XjAfKRofZem51OxbxzN3217L/ubKwIDAQAB
-AoGBAITMMuNYJwAogCGaZHOs4yMjZoIJT9bpQMQxbsi2f9UqOA/ky0I4foqKloyQ
-2k6DLbXTHqBsydgwLgGKWAAiE5xIR2bPMUNSLgjbA2eLly3aOR/0FJ5n09k2EmGg
-Am7tLP+6yneXWKVi3HI3NzXriVjWK94WHGGC1b9F+n5CY/2RAkEA1d62OJUNve2k
-IY6/b6T0BdssFo3VFcm22vnayEL/wcYrnRfF9Pb5wM4HUUqwVelKTouivXg60GNK
-ZKYAx5CtHwJBAMYAEf5u0CQ/8URcwBuMkm0LzK4AM2x1nGs7gIxAEFhu1Z4xPjVe
-MtIxuHhDhlLvD760uccmo5yE72QJ1ZrYBHUCQQCAxLZMPRpoB4QyHEOREe1G9V6H
-OeBZXPk2wQcEWqqo3gt2a1DqHCXl+2aWgHTJVUxDHHngwFoRDCdHkFeZ0LcbAkAj
-T8/luI2WaXD16DS6tQ9IM1qFjbOeHDuRRENgv+wqWVnvpIibq/kUU5m6mRBTqh78
-u+6F/fYf6/VluftGalAhAkAukdMtt+sksq2e7Qw2dRr5GXtXjt+Otjj0NaJENmWk
-a7SgAs34EOWtbd0XGYpZFrg134MzQGbweFeEUTj++e8p
+MIIJJwIBAAKCAgEAoNplUmIT+OaeQFS/XHM5z8k02cCQ1x3UGL0CbzBlkmWal1mJ
+4ud41tCHI1oVVhCi90cFD4p9fJm3P1wTWsz5NaWCk+vVKWHkJLJNMccBKmJzWsNR
+O6+Wpy0WAJcfPCIPBYf73t/4d9w9QbF1esHztzBaWIUZIixkp9rndzDi42cIRyey
+eT1+NPt355Sf89s761Awg9BOe7dlzgAGNE2tkeI3kfrOvnGr0El0HifR2kO2T7zK
+BmpnXZjiycvc/2fNjP1s00DobnkHwFjoK+CLfI12sNum11SnYVCafc4O6bu+pMsO
+eQEBIEX8X1FXWSpEYBXaGB7VVgqOb54oHg2qfoSnZzLpkiIxfvPk5U0SCvJ9gh2v
+lQXgkSmtL69eK+9Fn2R9JkLnJz3vrP47/qFPTFHqplpO6O3crzbA82ZlFpd40Kaz
+tDB9sk31uW+RBlIKRpMISBt4aeubD9G9femKUNswAEkOif2iXA4YMRr46C9O10HQ
+0eiQP840p5DB/xwZ17lQhaaWNJpM65vWnfMGcS6BhZmS8QVltCyyJjUsMz+jgaJC
+N0RUTSwtydZtfIbVx4bqjpwjPxbrhxdJP0Hho89ZnjL8w+b6RCy87o/AV1EaDwBp
+VIoitsH+Zgu7ZDbU1WexemN7qHJvKT0J9vYGwaBQIQvRN1u5a5A2uKrDEt0CAwEA
+AQKCAgBqBQjbcAGyAG81/6XRjbEBH6FSFPZikyqE06+TEdcg0w89yqpzgBXJoNAx
+oOKHQ5fmXE0dnS5wvfBmNo4bPxbTITAbx0lMaVUySsNOl9hQ02ss26fjKyylK7Zg
+1TqlK92yy5pboEvo1KUbc5f3PXchuyERT0jtmU0Oxd3iVbp2ICb4n1WnS7yvtz+k
+x/VViZ7IzqXre5T/PjY/vQxZ1QkeKnhuI125cLrKImACsERFFHRJwil2aROQQYDZ
+eSFExmpZD4B3DUUl62gMg40jvnCxu5wLnfst2oIoRjRNz09NB430mFIFt3/Cgd6C
+BN8Jyi4fFsgVNd1vRK31K81NYbyJc+kRgVv4bl7z32eHTrUBBS852jqxRBof6esY
+4j9/Egt5tVrobIlKtgHDWYvjzAWJqcZBfD2Terlu71bpxpfQTHh7ixepzVhzl1eP
+YG+goQt+bBIFY3IftNP7jxK5LIsL+CPBkSdrFFZX2hbheYMlcy/FefdSYCP9mIih
+yJcf/1kcUAVTmzL5J1G7J7bYqSNcLhBmu9seuzbpKq3RzWNKxl9ALd0T+pPZR5ZH
+2oOFgletEofb2p34vhE7TBFZobXtgupKNbghJYKzIVnFtp02pUODgyaU8KQNINeO
+gMHeUoaAPo/BNemejhy5BqJOIdQk2C7DGl2gKJP7ulp/Eed0EQKCAQEAzSQsLXc/
+Kp2y+BequL2XlpsJYhTs2fvtbUuq9oMMK3gX9s6+a5hQ5ITnXrxB9HzKAjDUWHlF
+qLKBrB3X/jYjyiLQeXhTpliUXL/FGU9lfR9/btbqA3PxMZZyNYlZAStLp7/xlzHV
+XrcvB9k5v3keE+GqufhXuRTs6jNAVWeyh9GWsA97FgQtJU46xXGLT1gEkS7vSa5a
+fyqAatXUEL8EjnhHf5Dkp1FYiywdK31YbkaYCd/Umdezc8mauetybWjbrj3JICTp
+KBfrZJQGd5ioADzll1xa4yFExDnBq2we2ugm/6jgYRJd6gO/uSZ1OkpcSFKxOB5m
+hOUns5n7spLl3wKCAQEAyLtblCvJ1psn8tIYnouXl58/VQyXKGNlGsifXAuMI5tk
+eyR/dJYgGjzwv4e3ys1m+4v0LSCGwAz8cSqCL9M2k1jAIDjb5i5/uvP2/fUxscjD
+WdxBNhpnkdyxULv6Pc5RBGgnOZilAAJ0Ne0QoCXU7UmcdaiQzdjJLhK+Awu7+3eq
+JpR5IV8kwNesB8jYDbYCo5SQDxtPRCr6b1t4gUQq6g2krISBEyWQlPp3yRjf4fd
+JRBUrN82mpxC6EFj79rPbP4TIrZXT3eki65CAi+ebC8bw3/+5V63rmuhXRtufIn6
+KgTbf7pEiXF2WAlocDgZ4spUxZbT7nyfYFtBCF1GwwKCAQAxkoUuc3uLM9KUyztR
+K1efaFWrIv1da9ijKb7llSNyubGozasMWyFpJ4i1xu51Q1aZku0teBjSPFjDm+6f
+GrwpU6JnSCGGuC8Z/qmFhT80LlFgGoUwUms9nWp573fXpXvBzMt3yu4R1liCIAcp
+cv5GtajJCe9A5YKe0cXBHa7xzT8JyqPm3Rl/w1jGb7rHcLCh2OKwPnbV9hJUPtnh
+NhfGyeAVPpFSsYChGQbvhHnDJEIHWNSKXKqb12MRfIkJUWaMw5d/sgu5yZXzlyW8
+7uHiNNUSb5ny+w4gEQjxAM6v/Zu2+jtGmeah70f8WQPJE0EbpQf4VLhXcvzWFObS
+71anAoIBAGnJ7CKzzSTQEoazWQw9jz/2Sl9dSlCbyY4LC4lsAIhHffY0LwPXlsWd
+NlgKg79a7xpFEQOzb7DJZ0WQ3Jmt28Zd8KtKrAGsod56csI2teD3aJT0Ml38HndN
+8xkUaHaoRCRpa7q8CsFtiadd7/Qm3AfOUqnjk6UYyjYA5KkgRwrpb26jjeM8woGM
+Nhvl3TP403UEuq5l6kBTh/agwcdrWfTNqy02sa4YWtxL8yaJu/JbPR4qdCXDYbir
+/8r9o1imXckYQid6J5uW914yEVGrnPdxAFXRIBnsCCvhR2KVcW4rHW+FrdSr6zDw
+XilZk/QIbQQMFA8qRTkb7rbOgQCSgBcCggEAPepUfUh8GcWr+y27ypwpPbiuO1l5
+4QWMpOmQT1Ft58LoP0r0f5XASUKFrYiwIYOJjoED6kh5XdWBauydui2tTYvy5mLQ
+xhtRAe4KrqrHEiYopR+C6SAJQ+Q7vJ2ZlVlMCabPjMdIews0cLCtyeyi3ZRF6wf1
+mz+g0fjtBLQXveOBakDzE8zjHGo86qGFDCYKhdILl9Fmr+imH3xq51bFOgXkW0bd
+FwXscmJSJZcl91MQ/Y1hPprL4F7cnwkvUwIRWzkxpyCObwVtXhrwqhGxn+7NpESN
+6w3CT3mA5JfISq0KOrwrKd0PxuRPexcGyhcoaT+TEdST1m18ey9bP8E8hg==
 -----END RSA PRIVATE KEY-----
--- a/Deploy/harbor.cfg
+++ b/Deploy/harbor.cfg
@ -2,35 +2,45 @@

 #The IP address or hostname to access admin UI and registry service.
 #DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
-hostname = reg.mydomain.com
+hostname="reg.mydomain.com"

 #The protocol for accessing the UI and token/notification service, by default it is http.
 #It can be set to https if ssl is enabled on nginx.
-ui_url_protocol = http
+ui_url_protocol="http"

 #Email account settings for sending out password resetting emails.
-email_server = smtp.mydomain.com 
-email_server_port = 25
-email_username = sample_admin@mydomain.com
-email_password = abc
-email_from = admin <sample_admin@mydomain.com>
+email_server="smtp.mydomain.com"
+email_server_port="25"
+email_username="sample_admin@mydomain.com"
+email_password="abc"
+email_from="admin <sample_admin@mydomain.com>"

 ##The password of Harbor admin, change this before any production use.
-harbor_admin_password= Harbor12345
+harbor_admin_password="Harbor12345"

 ##By default the auth mode is db_auth, i.e. the credentials are stored in a local database.
 #Set it to ldap_auth if you want to verify a user's credentials against an LDAP server.
-auth_mode = db_auth
+auth_mode="db_auth"

 #The url for an ldap endpoint.
-ldap_url = ldaps://ldap.mydomain.com
+ldap_url="ldaps://ldap.mydomain.com"

 #The basedn template to look up a user in LDAP and verify the user's password.
-ldap_basedn = uid=%s,ou=people,dc=mydomain,dc=com
+ldap_basedn="uid=%s,ou=people,dc=mydomain,dc=com"

 #The password for the root user of mysql db, change this before any production use.
-db_password = root123
+db_password="root123"

 #Turn on or off the self-registration feature
-self_registration = on
+self_registration="on"
+
+#Turn on or off the custom-generate token
+customize_token="on"
+
+#token message
+crt_countryname="CN"
+crt_state="State"
+crt_name="name"
+crt_organizationname="organization name"
+crt_organizationalunitname="organizational unit name"
 #####
--- a/Deploy/prepare
+++ b/Deploy/prepare
@ -1,98 +1,133 @@
-#!/usr/bin/python
-# -*- coding: utf-8 -*-
-from __future__ import print_function, unicode_literals # We require Python 2.6 or later
-from string import Template
-import os
-import sys
-from io import open
+#!/bin/bash
+# Requires: openssl

-if sys.version_info[:3][0] == 2:
-    import ConfigParser as ConfigParser
-    import StringIO as StringIO
+source ./harbor.cfg

-if sys.version_info[:3][0] == 3:
-    import configparser as ConfigParser
-    import io as StringIO
+config_path="./config"
+ui_path="./config/ui"
+db_path="./config/db"
+tpl_path="./templates"

-#Read configurations
-conf = StringIO.StringIO()
-conf.write("[configuration]\n")
-conf.write(open("harbor.cfg").read())
-conf.seek(0, os.SEEK_SET)
-rcp = ConfigParser.RawConfigParser()
-rcp.readfp(conf)
+mkdir -p $tpl_path
+mkdir -p $ui_path $db_path

-hostname = rcp.get("configuration", "hostname")
-ui_url = rcp.get("configuration", "ui_url_protocol") + "://" + hostname
-email_server = rcp.get("configuration", "email_server")
-email_server_port = rcp.get("configuration", "email_server_port")
-email_username = rcp.get("configuration", "email_username")
-email_password = rcp.get("configuration", "email_password")
-email_from = rcp.get("configuration", "email_from")
-harbor_admin_password = rcp.get("configuration", "harbor_admin_password")
-auth_mode = rcp.get("configuration", "auth_mode")
-ldap_url = rcp.get("configuration", "ldap_url")
-ldap_basedn = rcp.get("configuration", "ldap_basedn")
-db_password = rcp.get("configuration", "db_password")
-self_registration = rcp.get("configuration", "self_registration")
-########
+declare -a arr=("$ui_path/env" "$ui_path/app.conf" "$config_path/registry/config.yml" "$db_path/env")

-base_dir = os.path.dirname(__file__)
-config_dir = os.path.join(base_dir, "config")
-templates_dir = os.path.join(base_dir, "templates")
+for i in "${arr[@]}"; do
+    if [ -e $i ]; then
+        echo "Clearing the configuration file: "$i
+        rm $i
+    fi
+done

+echo "appname = registry
+runmode = dev

-ui_config_dir = os.path.join(config_dir,"ui")
-if not os.path.exists(ui_config_dir):
-    os.makedirs(os.path.join(config_dir, "ui"))
+[lang]
+types = en-US|zh-CN
+names = en-US|zh-CN

-db_config_dir = os.path.join(config_dir, "db")
-if not os.path.exists(db_config_dir):
-    os.makedirs(os.path.join(config_dir, "db"))
+[dev]
+httpport = 80

-def render(src, dest, **kw):
-    t = Template(open(src, 'r').read())
-    with open(dest, 'w') as f:
-        f.write(t.substitute(**kw))
-    print("Generated configuration file: %s" % dest)
+[mail]
+host = $email_server
+port = $email_server_port
+username = $email_username
+password = $email_password
+from = $email_from" > $ui_path/app.conf
+echo "Generated configuration file: "$ui_path/app.conf

-ui_conf_env = os.path.join(config_dir, "ui", "env")
-ui_conf = os.path.join(config_dir, "ui", "app.conf")
-registry_conf = os.path.join(config_dir, "registry", "config.yml")
-db_conf_env = os.path.join(config_dir, "db", "env")
+echo "MYSQL_HOST=mysql
+MYSQL_PORT=3306
+MYSQL_USR=root
+MYSQL_PWD=$db_password
+REGISTRY_URL=http://registry:5000
+CONFIG_PATH=/etc/ui/app.conf
+HARBOR_REG_URL=$hostname
+HARBOR_ADMIN_PASSWORD=$harbor_admin_password
+HARBOR_URL=$hostname
+AUTH_MODE=$auth_mode
+LDAP_URL=$ldap_url
+LDAP_BASE_DN=$ldap_basedn
+SELF_REGISTRATION=$self_registration
+LOG_LEVEL=debug" > $ui_path/env
+echo "Generated configuration file: "$ui_path/env

-conf_files = [ ui_conf, ui_conf_env, registry_conf, db_conf_env ]
-for f in conf_files:
-    if os.path.exists(f):
-        print("Clearing the configuration file: %s" % f)
-        os.remove(f)
+echo "MYSQL_ROOT_PASSWORD=$db_password" > $config_path/db/env
+echo "Generated configuration file: "$config_path/db/env

-render(os.path.join(templates_dir, "ui", "env"),
-        ui_conf_env,
-        hostname=hostname,
-        db_password=db_password,
-        ui_url=ui_url,
-        auth_mode=auth_mode,
-        admin_pwd=harbor_admin_password,
-        ldap_url=ldap_url,
-        ldap_basedn=ldap_basedn,
-	self_registration=self_registration)
+echo "version: 0.1
+log:
+  level: debug
+  fields:
+    service: registry
+storage:
+    cache:
+        layerinfo: inmemory
+    filesystem:
+        rootdirectory: /storage
+    maintenance:
+        uploadpurging:
+            enabled: false
+    delete:
+        enabled: true
+http:
+    addr: :5000
+    secret: placeholder
+    debug:
+        addr: localhost:5001
+auth:
+  token:
+    issuer: registry-token-issuer
+    realm: $ui_url/service/token
+    rootcertbundle: /etc/registry/root.crt
+    service: token-service

-render(os.path.join(templates_dir, "ui", "app.conf"),
-        ui_conf,
-        email_server=email_server,
-        email_server_port=email_server_port,
-        email_user_name=email_username,
-        email_user_password=email_password,
-        email_from=email_from,
-        ui_url=ui_url)
+notifications:
+  endpoints:
+      - name: harbor
+        disabled: false
+        url: http://ui/service/notifications
+        timeout: 500
+        threshold: 5
+        backoff: 1000" > $config_path/registry/config.yml
+echo "Generated configuration file: "$config_path/registry/config.yml

-render(os.path.join(templates_dir, "registry", "config.yml"),
-        registry_conf,
-        ui_url=ui_url)
+is_fail=0

-render(os.path.join(templates_dir, "db", "env"),
-        db_conf_env,
-        db_password=db_password)
+if [ $customize_token == "on" ];then

-print("The configuration files are ready, please use docker-compose to start the service.")
+    if [ -e $ui_path/private_key.pem ]; then
+        echo "clearing the origin private_key.pem in "$ui_pth
+        rm $ui_path/private_key.pem
+    fi
+    openssl genrsa -out $ui_path/private_key.pem 4096
+    if [ -e $ui_path/private_key.pem ]; then
+        echo "private_key.gem has been generated in "$ui_path
+    else echo "generate private_key.gem fail."
+        is_fail=1
+    fi
+
+    if [ -e $config_path/registry/root.crt ]; then
+        echo "clearing the origin root.crt in "$config_path"/registry"
+        rm $config_path/registry/root.crt
+    fi
+
+    openssl req -new -x509 -key $ui_path/private_key.pem -out $config_path/registry/root.crt -days 3650 \
+        -subj "/C=$crt_countryname/ST=$crt_state/L=$crt_name/O=$crt_organizationname/OU=$crt_organizationalunitname"
+    if [ -e $config_path/registry/root.crt ]; then
+        echo "root.crt has been generated in "$config_path"/registry"
+    else echo "generate root.crt fail."
+        is_fail=1
+    fi
+elif [ $customize_token != "off" ]; then
+    echo "wrong args found in customize_token: "$customize_token
+    is_fail=1
+fi
+
+if [ $is_fail -eq 0 ];then
+    echo "The configuration files are ready, please use docker-compose to start the service."
+else
+    echo "some problem occurs."
+fi
--- a/Deploy/prepare.sh
+++ b/Deploy/prepare.sh
@ -1,55 +0,0 @@
-# Requires: openssl
-
-## Configuration file of Harbor
-
-#The IP address or hostname to access admin UI and registry service.
-#DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
-hostname = "reg.mydomain.com"
-
-#The protocol for accessing the UI and token/notification service, by default it is http.
-#It can be set to https if ssl is enabled on nginx.
-ui_url_protocol = "http"
-
-#Email account settings for sending out password resetting emails.
-email_server = "smtp.mydomain.com"
-email_server_port = "25"
-email_username = "sample_admin@mydomain.com"
-email_password = "abc"
-email_from = "admin <sample_admin@mydomain.com>"
-
-##The password of Harbor admin, change this before any production use.
-harbor_admin_password= "Harbor12345"
-
-##By default the auth mode is db_auth, i.e. the credentials are stored in a local database.
-#Set it to ldap_auth if you want to verify a user's credentials against an LDAP server.
-auth_mode = "db_auth"
-
-#The url for an ldap endpoint.
-ldap_url = "ldaps://ldap.mydomain.com"
-
-#The basedn template to look up a user in LDAP and verify the user's password.
-ldap_basedn = "uid=%s,ou=people,dc=mydomain,dc=com"
-
-#The password for the root user of mysql db, change this before any production use.
-db_password = "root123"
-
-#Turn on or off the self-registration feature
-self_registration = "on"
-#####
-
-config_path = "./config"
-ui_path = "./config/ui"
-db_path = "./config/db"
-tpl_path = "./templates"
-
-mkdir -p $tpl_path
-mkdir -p $ui_path $db_path
-
-declare -a arr=("$ui_path/env" "$ui_path/app.conf" "$config_path/registry/config.yml" "$db_path/env")
-
-for i in "${arr[@]}"; do
-    if -e $i; do
-        echo "Clearing the configuration file: "$i
-        rm $i
-    fi
-done
--- a/Deploy/private_key.pem
+++ b/Deploy/private_key.pem
@ -0,0 +1,51 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIJKgIBAAKCAgEA2Vxkww4IWVte7tUqQrCoVHhz1rETMuGH29Ix5d3MDEptVFsz
+CoF2hfgHuG9sH5ZqLR9sYz+Dn0pMyAk6dhMHW3DaGua94VeV74cWus7H1zoU5UWL
+Uss87DiwzNeJ4XkjO0Y+k8XDOTulTSnXMwdtTR7EWu1Qa+kcofwnqrONhzFMae8G
+rYsTnHa3QWpQkuTvZP6Vy8EaSomhEyDLx2V0ulxwi4I7Z3Mwb3hJakaK3uFMNdz
+JTkgXaG9nnV2Qj/mglc7h9ApBZFOVu9n9jBM7+++5F/0TvJ24YRNMnvrAzIMeWQH
+goA6WwHQaHBZ0ffEHwcpotX/GS+25lds9xFY9vvflDtckjT7Q0qTD2d1N+NghMwF
+58w2+gQzoZJ3pEOH+OfX6xd0FBL4YymG1Nds50WWcX2AtxoKrVmFao/YqNqNaIU2
+hFjt8Pig+BEAqPLVoBpHvNtdhotD2EJP64dcVqta0fa8rqrbTyz2jnJH146JKzu8
+suI1+IWAWInvgk8+ujwfShT0GRGCaIVb+YGgr6OzFiZsZUnN7ufPnUAcETxrWG+G
+SbNfjqixIrNHm5YtJL/ne+O+qd9IBEPu5XDyQXMy/by6FWz61E6ocSaRwcm4uSyO
+Mj0JJToMClAU/VhzaDhaUOO74nojpEfJRllj8vYmPcjRv5KWWmeYYSUbascCAwEA
+AQKCAgEAwxfZ3PVQaxvG1ql/2AIF5GOE3ZNsPwQM1DIS1VZBmlqHTOraojhXcKGS
+FGn161gvjragq2hLtIKU7grSbT5hISLmsLSgg40Ap9Bhh2SoHDcmoC7OgY6n7QJp
+NkLToAwBomdHLY2Yz1sI4HyIimXFJi5SYaaVw3WlXIMd+2pTwp9uDbscUZWHqRUq
+M62sITQCtGsIjI5H8DiD/8VJDdYJLxiXIYn+O4CiUtciKZJhSdwBTThkQmnG8iOF
+NaAKeCYwuJaheSJOX4/vd7pEXsU1mTpf5U121BFuwLXmMETnSKP4bFBrKSf8uMil
+Dcih5gL0BkGAjoZzBGE+Ufrwc8YfSU/w9xEl0Lj1ScH1rD9t8RqZbvV/IPf1wuik
+FK2NXN1uBrqbJtUuNuO9E3rguzgRExtjMwBjXgbWBN32GIJPgi2QpInOg8ApRAWe
+T9koVtsQXPq5Z+prm9anRL4xEBnbor7RUL56HcGW/i5yBh6RnVhr0R/diVmYqPQQ
+HO2LuLpMWjolyssQpf3uIUV/mgO8sZaLcBL0LScvtaMw2+ORy3aH7JV86pCKOmGQ
+kN3gWI7fp6h2N4gAua/e1O0serm5uQ2HeDc8qH1S3Qxhph7e4GPQPsgGZcKbmtms
+QVKSk2Bkaae9Qs4zrDX6sqZ3K5NwnGFyRP5cO57gr3UsCdkBSokCggEBAPj4H/rN
+Yvu0aQQQBubUbpwU3/JzHBjgnxbk7XfEFfIN9bHhOJZveN9rycTr+PqqnAHkAAKf
+fCW5gDGd24ZuA0oiLOrnkLVxKkS0PTuu+xoFHTTjFrxhSNafFWNUEG4Iz6lBv35K
+f7veAe8DBGI+cutTc9WLA9Z2AsfJ2EYt1A3vJpIHIPFZ4zrB0xLFOxm0MMfRieXE
+1uSSGor1CrhEu7AwWTyBrkRkowKaTdDmPMnDhI1XM+w1wP0X3HojOA6TY6ZTxYqU
+iDU65NTg1I4pT5k7RmjnMS2wS/l63MayMJLlKMub9CU1cTFnF6GiggadkxaBOn4m
+R2htbpjDlmzZuz0CggEBAN9/wyvsJiEDnEro7lMR8hXQl4qqjSylsYSLkdwVhdq9
+it2OjjBp5lA70NEAD4xMFCygJCnY+zsdqZ/RASHmrX9hpROrTK/mO+dcKoWfquYa
+y8v0LScLAr9XJ2fN1ykiT9gYnNykxTpoM60cNyHH9wXHSQ8ZIyhgpL37gK36co7g
+fAAORwiqasQPSzvhQdTq5H/vdoaFZGsfY8WDijq7rCblWSZY1zTwGyS713RVcZ6+
+5/C8Newj2jOXOuFxXTx4l59fmxRwsfQS8dMh/QIWrKkQmwYYGxo/UU1QUuUzi7EC
+tmQ2xseXvXWaIpWzlexws3ejABO+/0BiZsINLUNF7lMCggEAQAICrsc5CH9EdH/u
+VlANM+GGBd4kPh0ZqZgnmR/3iGigXyAJHVwBVmdu00rbkw5j13SXsBTypPxBAgCU
+nMYR4HBS3f20zYEPneQ8zehZtEHWVW+Au+PDBzKVHBlTtAZd5ST7J2vd1R3pn1pG
+OT/W6btlz2PTE8L5SgYRrVFA8GgooWhlxscWTVfhfTTp0dzqoaS0cDcgDFmnq0v+
+eotpOY3kk1K/y+OXqSaklO1seW7j2DawKa1UNX15+Iivc8fe2bc11UAEmLLQfA5l
+dzsVtM5xdqzhjt6BWd2Ffyv2ov15dIdeyGYp+MqJX8vY4/yFAUcuE5qhxy5DPdEj
+Dk8X/QKCAQEAq0ASJA2GCbXig+OG+U++1shF1ZJpKdSr+IuY77HuJnUlei5I9P+v
+4bpzfjE1uKJyst7h1s7TcbCA0FwtKfS+6+O9wRx4Xi9jpxsP2eNF55qQnW4zSr89
+E6+MGhW2z2XjGAmD5+y40tAVCIeeFtxJgrv4VwFD1yR2FrwnFSfZr3CCkuhdtV4f
+AKtXUkJ/Vs3E1+J8RwbestYSdL0dpXM3rXX+oUthWsa/hZ4IsLLnpGNTBTqxdobi
+IrW2ABgFANjGFPAEu9y9/e6mLMjWPEtzcPewUTMXUT1C5qKtYcHlP3R8nLz8AuNZ
+4EqCRYKdVdXlLb5PyNGIc6TyZ64BCJME0QKCAQEA2aswFkz/TBerqypNN2sH934Z
+fquoCIoGofcxrgs9j+pu8QeSp25ka0UsnyvAOT6wic441JqgcSB3sqqEDLW2Dpqa
+l6nT3l1QVaf78hFRprJDJq4Xv2tZWhNdslCrvJsAtYvy0flfDPS4DODfxdAXUv5N
+g/Vw3hqOaXM1i+PC3Ry4QkUXFugH11rXef+1fiQEz3EMSCUx6wAtTOGzLIDnpoLu
+okn40CqsvKIpWIRrTBeBAByQ71QaUK0uPbw9KvW0Eqpv0lU0I/IdAU9YO2IC7XG6
+M10Qb1uFQJkuW+O7Ix0jVmyLUYU1ebcMWLJeKekHbRmtXt4o3m9mpwKzp7Pnnw==
+-----END RSA PRIVATE KEY-----