From e23228ee4b4ab0bcd90cce6e2d6703cf6264e05d Mon Sep 17 00:00:00 2001 From: xiahaoshawn Date: Mon, 11 Apr 2016 19:07:19 +0800 Subject: [PATCH 01/29] add test-travis --- test-travis | 1 + 1 file changed, 1 insertion(+) create mode 100644 test-travis diff --git a/test-travis b/test-travis new file mode 100644 index 000000000..0331e0131 --- /dev/null +++ b/test-travis @@ -0,0 +1 @@ +hello travis From 1045b7836aaa7c142930b8053a58cfeb555a4286 Mon Sep 17 00:00:00 2001 From: xiahaoshawn Date: Thu, 14 Apr 2016 14:35:25 +0800 Subject: [PATCH 02/29] Revert "add test-travis" This reverts commit e23228ee4b4ab0bcd90cce6e2d6703cf6264e05d. --- test-travis | 1 - 1 file changed, 1 deletion(-) delete mode 100644 test-travis diff --git a/test-travis b/test-travis deleted file mode 100644 index 0331e0131..000000000 --- a/test-travis +++ /dev/null @@ -1 +0,0 @@ -hello travis From 652fb25c438bc873449032fc5e7c4fd44adc7272 Mon Sep 17 00:00:00 2001 From: xiahaoshawn Date: Thu, 14 Apr 2016 14:48:20 +0800 Subject: [PATCH 03/29] add docker service --- .travis.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.travis.yml b/.travis.yml index 6e536c507..b78785fd6 100644 --- a/.travis.yml +++ b/.travis.yml @@ -7,6 +7,7 @@ go_import_path: github.com/vmware/harbor service: - mysql + - docker env: GO15VENDOREXPERIMENT=1 DB_HOST=127.0.0.1 DB_PORT=3306 DB_USR=root DB_PWD= @@ -26,3 +27,5 @@ script: - go list ./... | grep -v /vendor/ | xargs -L1 fgt golint - go list ./... | grep -v 'vendor' | xargs -L1 go vet - go list ./... | grep -v 'vendor' | xargs -L1 go test -v + - docker version + - docker-compose version From ea4acda3cd415913c1ef8060f8126d11ef933f6b Mon Sep 17 00:00:00 2001 From: xiahaoshawn Date: Thu, 14 Apr 2016 15:18:38 +0800 Subject: [PATCH 04/29] use standard environment --- .travis.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.travis.yml b/.travis.yml index b78785fd6..d022aa409 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,3 +1,5 @@ +sudo: required + language: go go: From b3075e46c2e4fad8159b2b5cfc4c90826383ef2e Mon Sep 17 00:00:00 2001 From: xiahaoshawn Date: Thu, 14 Apr 2016 15:47:02 +0800 Subject: [PATCH 05/29] use Trusty Beta image --- .travis.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.travis.yml b/.travis.yml index d022aa409..1f487c054 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,4 +1,5 @@ sudo: required +dist: trusty language: go From 4cb5ed3ee5430bce1eebc3344b3c5d685e8941d4 Mon Sep 17 00:00:00 2001 From: xiahaoshawn Date: Thu, 14 Apr 2016 18:29:18 +0800 Subject: [PATCH 06/29] add comments of x-fowarded-XXX headers --- Deploy/config/nginx/nginx.https.conf | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/Deploy/config/nginx/nginx.https.conf b/Deploy/config/nginx/nginx.https.conf index 7e03b9585..71d7d25ab 100644 --- a/Deploy/config/nginx/nginx.https.conf +++ b/Deploy/config/nginx/nginx.https.conf @@ -45,9 +45,12 @@ http { location / { proxy_pass http://ui/; proxy_set_header Host $http_host; + + # Remove the following three lines if setting up harbor behind an nginx proxy or Elastic Load Balancing. proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; + proxy_buffering off; proxy_request_buffering off; } @@ -59,9 +62,12 @@ http { location /v2/ { proxy_pass http://registry/v2/; proxy_set_header Host $http_host; + + # Remove the following three lines if setting up harbor behind an nginx proxy or Elastic Load Balancing. proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; + proxy_buffering off; proxy_request_buffering off; @@ -70,9 +76,12 @@ http { location /service/ { proxy_pass http://ui/service/; proxy_set_header Host $http_host; + + # Remove the following three lines if setting up harbor behind an nginx proxy or Elastic Load Balancing. proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; + proxy_buffering off; proxy_request_buffering off; } From a01830d9e7857a6affbaf27addd9835ec366dd84 Mon Sep 17 00:00:00 2001 From: xiahaoshawn Date: Thu, 14 Apr 2016 18:56:44 +0800 Subject: [PATCH 07/29] Revert "use Trusty Beta image" This reverts commit b3075e46c2e4fad8159b2b5cfc4c90826383ef2e. --- .travis.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 1f487c054..d022aa409 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,5 +1,4 @@ sudo: required -dist: trusty language: go From 68e78f7748b6c5ee9be96ff7fb8a5ffe2b306e35 Mon Sep 17 00:00:00 2001 From: xiahaoshawn Date: Thu, 14 Apr 2016 18:57:22 +0800 Subject: [PATCH 08/29] Revert "use standard environment" This reverts commit ea4acda3cd415913c1ef8060f8126d11ef933f6b. --- .travis.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index d022aa409..b78785fd6 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,5 +1,3 @@ -sudo: required - language: go go: From da929df36ead8cd381ed957b206ebdc73eee3836 Mon Sep 17 00:00:00 2001 From: xiahaoshawn Date: Thu, 14 Apr 2016 18:58:17 +0800 Subject: [PATCH 09/29] Revert "add docker service" This reverts commit 652fb25c438bc873449032fc5e7c4fd44adc7272. --- .travis.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/.travis.yml b/.travis.yml index b78785fd6..6e536c507 100644 --- a/.travis.yml +++ b/.travis.yml @@ -7,7 +7,6 @@ go_import_path: github.com/vmware/harbor service: - mysql - - docker env: GO15VENDOREXPERIMENT=1 DB_HOST=127.0.0.1 DB_PORT=3306 DB_USR=root DB_PWD= @@ -27,5 +26,3 @@ script: - go list ./... | grep -v /vendor/ | xargs -L1 fgt golint - go list ./... | grep -v 'vendor' | xargs -L1 go vet - go list ./... | grep -v 'vendor' | xargs -L1 go test -v - - docker version - - docker-compose version From 23170ce806ee04615542962c673be2613b06410a Mon Sep 17 00:00:00 2001 From: xiahaoshawn Date: Thu, 14 Apr 2016 19:01:07 +0800 Subject: [PATCH 10/29] update configure_https.md --- docs/configure_https.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/docs/configure_https.md b/docs/configure_https.md index e366cb5d7..ff18f7217 100644 --- a/docs/configure_https.md +++ b/docs/configure_https.md @@ -120,3 +120,11 @@ After setting up HTTPS for Harbor, you can verify it by the follow steps: cp yourdomain.com.crt /etc/pki/ca-trust/source/anchors/reg.yourdomain.com.crt update-ca-trust ``` + +3. If setting up harbor behind an nginx proxy or elastic load balancing, harbor nginx will reset the values of x-fowarded-XXX headers from first layer nginx or elastic load balancing, and the requests will not be routed properly. +In this situation remove the following lines in "location /", "location /v2/" and "location /service/" sections. + ``` + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + ``` From e537c1ac277d3e9a4f9f48a64f27fef56cda82cd Mon Sep 17 00:00:00 2001 From: saga92 Date: Tue, 19 Apr 2016 18:29:44 +0800 Subject: [PATCH 11/29] add prepare shell --- Deploy/prepare.sh | 55 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) create mode 100644 Deploy/prepare.sh diff --git a/Deploy/prepare.sh b/Deploy/prepare.sh new file mode 100644 index 000000000..87443f5fc --- /dev/null +++ b/Deploy/prepare.sh @@ -0,0 +1,55 @@ +# Requires: openssl + +## Configuration file of Harbor + +#The IP address or hostname to access admin UI and registry service. +#DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients. +hostname = "reg.mydomain.com" + +#The protocol for accessing the UI and token/notification service, by default it is http. +#It can be set to https if ssl is enabled on nginx. +ui_url_protocol = "http" + +#Email account settings for sending out password resetting emails. +email_server = "smtp.mydomain.com" +email_server_port = "25" +email_username = "sample_admin@mydomain.com" +email_password = "abc" +email_from = "admin " + +##The password of Harbor admin, change this before any production use. +harbor_admin_password= "Harbor12345" + +##By default the auth mode is db_auth, i.e. the credentials are stored in a local database. +#Set it to ldap_auth if you want to verify a user's credentials against an LDAP server. +auth_mode = "db_auth" + +#The url for an ldap endpoint. +ldap_url = "ldaps://ldap.mydomain.com" + +#The basedn template to look up a user in LDAP and verify the user's password. +ldap_basedn = "uid=%s,ou=people,dc=mydomain,dc=com" + +#The password for the root user of mysql db, change this before any production use. +db_password = "root123" + +#Turn on or off the self-registration feature +self_registration = "on" +##### + +config_path = "./config" +ui_path = "./config/ui" +db_path = "./config/db" +tpl_path = "./templates" + +mkdir -p $tpl_path +mkdir -p $ui_path $db_path + +declare -a arr=("$ui_path/env" "$ui_path/app.conf" "$config_path/registry/config.yml" "$db_path/env") + +for i in "${arr[@]}"; do + if -e $i; do + echo "Clearing the configuration file: "$i + rm $i + fi +done From 0f02e1fa6d80b2bfdf3edd535268c5b427f89f18 Mon Sep 17 00:00:00 2001 From: saga92 Date: Wed, 20 Apr 2016 01:34:48 +0800 Subject: [PATCH 12/29] customize token --- Deploy/prepare.py | 98 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 98 insertions(+) create mode 100755 Deploy/prepare.py diff --git a/Deploy/prepare.py b/Deploy/prepare.py new file mode 100755 index 000000000..5571e3c20 --- /dev/null +++ b/Deploy/prepare.py @@ -0,0 +1,98 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +from __future__ import print_function, unicode_literals # We require Python 2.6 or later +from string import Template +import os +import sys +from io import open + +if sys.version_info[:3][0] == 2: + import ConfigParser as ConfigParser + import StringIO as StringIO + +if sys.version_info[:3][0] == 3: + import configparser as ConfigParser + import io as StringIO + +#Read configurations +conf = StringIO.StringIO() +conf.write("[configuration]\n") +conf.write(open("harbor.cfg").read()) +conf.seek(0, os.SEEK_SET) +rcp = ConfigParser.RawConfigParser() +rcp.readfp(conf) + +hostname = rcp.get("configuration", "hostname") +ui_url = rcp.get("configuration", "ui_url_protocol") + "://" + hostname +email_server = rcp.get("configuration", "email_server") +email_server_port = rcp.get("configuration", "email_server_port") +email_username = rcp.get("configuration", "email_username") +email_password = rcp.get("configuration", "email_password") +email_from = rcp.get("configuration", "email_from") +harbor_admin_password = rcp.get("configuration", "harbor_admin_password") +auth_mode = rcp.get("configuration", "auth_mode") +ldap_url = rcp.get("configuration", "ldap_url") +ldap_basedn = rcp.get("configuration", "ldap_basedn") +db_password = rcp.get("configuration", "db_password") +self_registration = rcp.get("configuration", "self_registration") +######## + +base_dir = os.path.dirname(__file__) +config_dir = os.path.join(base_dir, "config") +templates_dir = os.path.join(base_dir, "templates") + + +ui_config_dir = os.path.join(config_dir,"ui") +if not os.path.exists(ui_config_dir): + os.makedirs(os.path.join(config_dir, "ui")) + +db_config_dir = os.path.join(config_dir, "db") +if not os.path.exists(db_config_dir): + os.makedirs(os.path.join(config_dir, "db")) + +def render(src, dest, **kw): + t = Template(open(src, 'r').read()) + with open(dest, 'w') as f: + f.write(t.substitute(**kw)) + print("Generated configuration file: %s" % dest) + +ui_conf_env = os.path.join(config_dir, "ui", "env") +ui_conf = os.path.join(config_dir, "ui", "app.conf") +registry_conf = os.path.join(config_dir, "registry", "config.yml") +db_conf_env = os.path.join(config_dir, "db", "env") + +conf_files = [ ui_conf, ui_conf_env, registry_conf, db_conf_env ] +for f in conf_files: + if os.path.exists(f): + print("Clearing the configuration file: %s" % f) + os.remove(f) + +render(os.path.join(templates_dir, "ui", "env"), + ui_conf_env, + hostname=hostname, + db_password=db_password, + ui_url=ui_url, + auth_mode=auth_mode, + admin_pwd=harbor_admin_password, + ldap_url=ldap_url, + ldap_basedn=ldap_basedn, + self_registration=self_registration) + +render(os.path.join(templates_dir, "ui", "app.conf"), + ui_conf, + email_server=email_server, + email_server_port=email_server_port, + email_user_name=email_username, + email_user_password=email_password, + email_from=email_from, + ui_url=ui_url) + +render(os.path.join(templates_dir, "registry", "config.yml"), + registry_conf, + ui_url=ui_url) + +render(os.path.join(templates_dir, "db", "env"), + db_conf_env, + db_password=db_password) + +print("The configuration files are ready, please use docker-compose to start the service.") From 4ce0bc2a298257d0990b53af682903040e044368 Mon Sep 17 00:00:00 2001 From: saga92 Date: Wed, 20 Apr 2016 01:37:07 +0800 Subject: [PATCH 13/29] customize token --- Deploy/config/registry/root.crt | 44 +++++-- Deploy/config/ui/private_key.pem | 62 ++++++++-- Deploy/harbor.cfg | 36 ++++-- Deploy/prepare | 199 ++++++++++++++++++------------- Deploy/prepare.sh | 55 --------- Deploy/private_key.pem | 51 ++++++++ 6 files changed, 271 insertions(+), 176 deletions(-) delete mode 100644 Deploy/prepare.sh create mode 100644 Deploy/private_key.pem diff --git a/Deploy/config/registry/root.crt b/Deploy/config/registry/root.crt index 326d8080a..e088a9520 100644 --- a/Deploy/config/registry/root.crt +++ b/Deploy/config/registry/root.crt @@ -1,15 +1,33 @@ -----BEGIN CERTIFICATE----- -MIICWDCCAcGgAwIBAgIJAN1nLuloDeHNMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV -BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX -aWRnaXRzIFB0eSBMdGQwHhcNMTYwMTI3MDQyMDM1WhcNNDMwNjE0MDQyMDM1WjBF -MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50 -ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB -gQClak/4HO7EeLU0w/BhtVENPLOqU0AP2QjVUdg1qhNiDWVrbWx9KYHqz5Kn0n2+ -fxdZo3o7ZY5/2+hhgkKh1z6Kge9XGgune6z4fx2J/X2Se8WsGeQUTiND8ngSnsCA -NtYFwW50SbUZPtyf5XjAfKRofZem51OxbxzN3217L/ubKwIDAQABo1AwTjAdBgNV -HQ4EFgQU5EG2VrB3I6G/TudUpz+kBgQXSvYwHwYDVR0jBBgwFoAU5EG2VrB3I6G/ -TudUpz+kBgQXSvYwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOBgQAx+2eo -oOm0YNy9KQ81+7GQkKVWoPQXjAGGgZuZj8WCFepYqUSJ4q5qbuVCY8WbGcHVk2Rx -Jg1XDCmMjBgYP6S0ikezBRqSmNA3G6oFiydTKBfPs6RNalsB0C78Xk5l5+PIyd2R -jFKOKoMpkjwfeJv2j64WNGoBgqj7XRBoJ11a4g== +MIIFqTCCA5GgAwIBAgIJAL1ERoYUEaTZMA0GCSqGSIb3DQEBCwUAMGsxCzAJBgNV +BAYTAkNOMQ4wDAYDVQQIDAVTdGF0ZTENMAsGA1UEBwwEbmFtZTEaMBgGA1UECgwR +b3JnYW5pemF0aW9uIG5hbWUxITAfBgNVBAsMGG9yZ2FuaXphdGlvbmFsIHVuaXQg +bmFtZTAeFw0xNjA0MTkxNzMxMThaFw0yNjA0MTcxNzMxMThaMGsxCzAJBgNVBAYT +AkNOMQ4wDAYDVQQIDAVTdGF0ZTENMAsGA1UEBwwEbmFtZTEaMBgGA1UECgwRb3Jn +YW5pemF0aW9uIG5hbWUxITAfBgNVBAsMGG9yZ2FuaXphdGlvbmFsIHVuaXQgbmFt +ZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKDaZVJiE/jmnkBUv1xz +Oc/JNNnAkNcd1Bi9Am8wZZJlmpdZieLneNbQhyNaFVYQovdHBQ+KfXyZtz9cE1rM ++TWlgpPr1Slh5CSyTTHHASpic1rDUTuvlqctFgCXHzwiDwWH+97f+HfcPUGxdXrB +87cwWliFGSIsZKfa53cw4uNnCEcnsnk9fjT7d+eUn/PbO+tQMIPQTnu3Zc4ABjRN +rZHiN5H6zr5xq9BJdB4n0dpDtk+8ygZqZ12Y4snL3P9nzYz9bNNA6G55B8BY6Cvg +i3yNdrDbptdUp2FQmn3ODum7vqTLDnkBASBF/F9RV1kqRGAV2hge1VYKjm+eKB4N +qn6Ep2cy6ZIiMX7z5OVNEgryfYIdr5UF4JEprS+vXivvRZ9kfSZC5yc976z+O/6h +T0xR6qZaTujt3K82wPNmZRaXeNCms7QwfbJN9blvkQZSCkaTCEgbeGnrmw/RvX3p +ilDbMABJDon9olwOGDEa+OgvTtdB0NHokD/ONKeQwf8cGde5UIWmljSaTOub1p3z +BnEugYWZkvEFZbQssiY1LDM/o4GiQjdEVE0sLcnWbXyG1ceG6o6cIz8W64cXST9B +4aPPWZ4y/MPm+kQsvO6PwFdRGg8AaVSKIrbB/mYLu2Q21NVnsXpje6hybyk9Cfb2 +BsGgUCEL0TdbuWuQNriqwxLdAgMBAAGjUDBOMB0GA1UdDgQWBBTvqAlIppLW24Ds +zdEd/4oyGoCUSDAfBgNVHSMEGDAWgBTvqAlIppLW24DszdEd/4oyGoCUSDAMBgNV +HRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQAYr1jl8N5B63J6xNfjN/dtaMKl +gm/h/ghBl5EUTGSkkAOT+tkZkmSVhBTlqF7sndgkvNiaF3ds2tM6xXju28Ipemn7 +3nSYg7bFcxKJ6VDr21+8PZAoFC//oquXoeSpCU40Fl3uq0goxo2J9g6WikBbzpxd +AFlXSC9baTpQpfQavuT/2Clfu1YsaFhhtGPupNoTwkzaqgBOln9kKp7DkaVuR0Lu +x7/c+LvSGIJYwN9MKXSe1YJ4mbMVhXF6eMVwKZfbDPvgr2lkJNpCltdqd5AozunE +kc1BDvrDoRUTMnwxixxfmTa4brYlJd/WhmtBfjOrVavm3dkzT7JusPCsiFYP8xJx +uRsrhP5qHyNKnWKt+XQHicT74WbplHhn2HSKwAd/a1n1+AN79zXPNe4lUASmYu+a +6dL870qEWQ8CvCyqGOmGzZnEuVGQ1I6tRpL17wLmXQyM+VS1VjjvXOD+EYmG0qMl +k6NsleM0KxIe2E6o4Z66RlsaygoQQ1um8VRJFu64GuTWjeqOn3k6t8CkLorSsr/r +CUd9wM09YZ5H05pEdr/dmnzjIcmLfNXprdtguMndGM97vkHvcYazc0NKrNOEcY/U ++cgcf7r2d0QVcyk4KczFv4TzaEcTMIGiUemYxOjjEaMyOs0TnOdR3keimTz970N9 +foE07UI+31lH38VOeQ== -----END CERTIFICATE----- diff --git a/Deploy/config/ui/private_key.pem b/Deploy/config/ui/private_key.pem index 6c68cacb3..5f2bc093c 100644 --- a/Deploy/config/ui/private_key.pem +++ b/Deploy/config/ui/private_key.pem @@ -1,15 +1,51 @@ -----BEGIN RSA PRIVATE KEY----- -MIICXQIBAAKBgQClak/4HO7EeLU0w/BhtVENPLOqU0AP2QjVUdg1qhNiDWVrbWx9 -KYHqz5Kn0n2+fxdZo3o7ZY5/2+hhgkKh1z6Kge9XGgune6z4fx2J/X2Se8WsGeQU -TiND8ngSnsCANtYFwW50SbUZPtyf5XjAfKRofZem51OxbxzN3217L/ubKwIDAQAB -AoGBAITMMuNYJwAogCGaZHOs4yMjZoIJT9bpQMQxbsi2f9UqOA/ky0I4foqKloyQ -2k6DLbXTHqBsydgwLgGKWAAiE5xIR2bPMUNSLgjbA2eLly3aOR/0FJ5n09k2EmGg -Am7tLP+6yneXWKVi3HI3NzXriVjWK94WHGGC1b9F+n5CY/2RAkEA1d62OJUNve2k -IY6/b6T0BdssFo3VFcm22vnayEL/wcYrnRfF9Pb5wM4HUUqwVelKTouivXg60GNK -ZKYAx5CtHwJBAMYAEf5u0CQ/8URcwBuMkm0LzK4AM2x1nGs7gIxAEFhu1Z4xPjVe -MtIxuHhDhlLvD760uccmo5yE72QJ1ZrYBHUCQQCAxLZMPRpoB4QyHEOREe1G9V6H -OeBZXPk2wQcEWqqo3gt2a1DqHCXl+2aWgHTJVUxDHHngwFoRDCdHkFeZ0LcbAkAj -T8/luI2WaXD16DS6tQ9IM1qFjbOeHDuRRENgv+wqWVnvpIibq/kUU5m6mRBTqh78 -u+6F/fYf6/VluftGalAhAkAukdMtt+sksq2e7Qw2dRr5GXtXjt+Otjj0NaJENmWk -a7SgAs34EOWtbd0XGYpZFrg134MzQGbweFeEUTj++e8p +MIIJJwIBAAKCAgEAoNplUmIT+OaeQFS/XHM5z8k02cCQ1x3UGL0CbzBlkmWal1mJ +4ud41tCHI1oVVhCi90cFD4p9fJm3P1wTWsz5NaWCk+vVKWHkJLJNMccBKmJzWsNR +O6+Wpy0WAJcfPCIPBYf73t/4d9w9QbF1esHztzBaWIUZIixkp9rndzDi42cIRyey +eT1+NPt355Sf89s761Awg9BOe7dlzgAGNE2tkeI3kfrOvnGr0El0HifR2kO2T7zK +BmpnXZjiycvc/2fNjP1s00DobnkHwFjoK+CLfI12sNum11SnYVCafc4O6bu+pMsO +eQEBIEX8X1FXWSpEYBXaGB7VVgqOb54oHg2qfoSnZzLpkiIxfvPk5U0SCvJ9gh2v +lQXgkSmtL69eK+9Fn2R9JkLnJz3vrP47/qFPTFHqplpO6O3crzbA82ZlFpd40Kaz +tDB9sk31uW+RBlIKRpMISBt4aeubD9G9femKUNswAEkOif2iXA4YMRr46C9O10HQ +0eiQP840p5DB/xwZ17lQhaaWNJpM65vWnfMGcS6BhZmS8QVltCyyJjUsMz+jgaJC +N0RUTSwtydZtfIbVx4bqjpwjPxbrhxdJP0Hho89ZnjL8w+b6RCy87o/AV1EaDwBp +VIoitsH+Zgu7ZDbU1WexemN7qHJvKT0J9vYGwaBQIQvRN1u5a5A2uKrDEt0CAwEA +AQKCAgBqBQjbcAGyAG81/6XRjbEBH6FSFPZikyqE06+TEdcg0w89yqpzgBXJoNAx +oOKHQ5fmXE0dnS5wvfBmNo4bPxbTITAbx0lMaVUySsNOl9hQ02ss26fjKyylK7Zg +1TqlK92yy5pboEvo1KUbc5f3PXchuyERT0jtmU0Oxd3iVbp2ICb4n1WnS7yvtz+k +x/VViZ7IzqXre5T/PjY/vQxZ1QkeKnhuI125cLrKImACsERFFHRJwil2aROQQYDZ +eSFExmpZD4B3DUUl62gMg40jvnCxu5wLnfst2oIoRjRNz09NB430mFIFt3/Cgd6C +BN8Jyi4fFsgVNd1vRK31K81NYbyJc+kRgVv4bl7z32eHTrUBBS852jqxRBof6esY +4j9/Egt5tVrobIlKtgHDWYvjzAWJqcZBfD2Terlu71bpxpfQTHh7ixepzVhzl1eP +YG+goQt+bBIFY3IftNP7jxK5LIsL+CPBkSdrFFZX2hbheYMlcy/FefdSYCP9mIih +yJcf/1kcUAVTmzL5J1G7J7bYqSNcLhBmu9seuzbpKq3RzWNKxl9ALd0T+pPZR5ZH +2oOFgletEofb2p34vhE7TBFZobXtgupKNbghJYKzIVnFtp02pUODgyaU8KQNINeO +gMHeUoaAPo/BNemejhy5BqJOIdQk2C7DGl2gKJP7ulp/Eed0EQKCAQEAzSQsLXc/ +Kp2y+BequL2XlpsJYhTs2fvtbUuq9oMMK3gX9s6+a5hQ5ITnXrxB9HzKAjDUWHlF +qLKBrB3X/jYjyiLQeXhTpliUXL/FGU9lfR9/btbqA3PxMZZyNYlZAStLp7/xlzHV +XrcvB9k5v3keE+GqufhXuRTs6jNAVWeyh9GWsA97FgQtJU46xXGLT1gEkS7vSa5a +fyqAatXUEL8EjnhHf5Dkp1FYiywdK31YbkaYCd/Umdezc8mauetybWjbrj3JICTp +KBfrZJQGd5ioADzll1xa4yFExDnBq2we2ugm/6jgYRJd6gO/uSZ1OkpcSFKxOB5m +hOUns5n7spLl3wKCAQEAyLtblCvJ1psn8tIYnouXl58/VQyXKGNlGsifXAuMI5tk +eyR/dJYgGjzwv4e3ys1m+4v0LSCGwAz8cSqCL9M2k1jAIDjb5i5/uvP2/fUxscjD +WdxBNhpnkdyxULv6Pc5RBGgnOZilAAJ0Ne0QoCXU7UmcdaiQzdjJLhK+Awu7+3eq ++JpR5IV8kwNesB8jYDbYCo5SQDxtPRCr6b1t4gUQq6g2krISBEyWQlPp3yRjf4fd +JRBUrN82mpxC6EFj79rPbP4TIrZXT3eki65CAi+ebC8bw3/+5V63rmuhXRtufIn6 +KgTbf7pEiXF2WAlocDgZ4spUxZbT7nyfYFtBCF1GwwKCAQAxkoUuc3uLM9KUyztR +K1efaFWrIv1da9ijKb7llSNyubGozasMWyFpJ4i1xu51Q1aZku0teBjSPFjDm+6f +GrwpU6JnSCGGuC8Z/qmFhT80LlFgGoUwUms9nWp573fXpXvBzMt3yu4R1liCIAcp +cv5GtajJCe9A5YKe0cXBHa7xzT8JyqPm3Rl/w1jGb7rHcLCh2OKwPnbV9hJUPtnh +NhfGyeAVPpFSsYChGQbvhHnDJEIHWNSKXKqb12MRfIkJUWaMw5d/sgu5yZXzlyW8 +7uHiNNUSb5ny+w4gEQjxAM6v/Zu2+jtGmeah70f8WQPJE0EbpQf4VLhXcvzWFObS +71anAoIBAGnJ7CKzzSTQEoazWQw9jz/2Sl9dSlCbyY4LC4lsAIhHffY0LwPXlsWd +NlgKg79a7xpFEQOzb7DJZ0WQ3Jmt28Zd8KtKrAGsod56csI2teD3aJT0Ml38HndN +8xkUaHaoRCRpa7q8CsFtiadd7/Qm3AfOUqnjk6UYyjYA5KkgRwrpb26jjeM8woGM +Nhvl3TP403UEuq5l6kBTh/agwcdrWfTNqy02sa4YWtxL8yaJu/JbPR4qdCXDYbir +/8r9o1imXckYQid6J5uW914yEVGrnPdxAFXRIBnsCCvhR2KVcW4rHW+FrdSr6zDw +XilZk/QIbQQMFA8qRTkb7rbOgQCSgBcCggEAPepUfUh8GcWr+y27ypwpPbiuO1l5 +4QWMpOmQT1Ft58LoP0r0f5XASUKFrYiwIYOJjoED6kh5XdWBauydui2tTYvy5mLQ +xhtRAe4KrqrHEiYopR+C6SAJQ+Q7vJ2ZlVlMCabPjMdIews0cLCtyeyi3ZRF6wf1 +mz+g0fjtBLQXveOBakDzE8zjHGo86qGFDCYKhdILl9Fmr+imH3xq51bFOgXkW0bd +FwXscmJSJZcl91MQ/Y1hPprL4F7cnwkvUwIRWzkxpyCObwVtXhrwqhGxn+7NpESN +6w3CT3mA5JfISq0KOrwrKd0PxuRPexcGyhcoaT+TEdST1m18ey9bP8E8hg== -----END RSA PRIVATE KEY----- diff --git a/Deploy/harbor.cfg b/Deploy/harbor.cfg index 90dc66540..0a5889ffa 100644 --- a/Deploy/harbor.cfg +++ b/Deploy/harbor.cfg @@ -2,35 +2,45 @@ #The IP address or hostname to access admin UI and registry service. #DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients. -hostname = reg.mydomain.com +hostname="reg.mydomain.com" #The protocol for accessing the UI and token/notification service, by default it is http. #It can be set to https if ssl is enabled on nginx. -ui_url_protocol = http +ui_url_protocol="http" #Email account settings for sending out password resetting emails. -email_server = smtp.mydomain.com -email_server_port = 25 -email_username = sample_admin@mydomain.com -email_password = abc -email_from = admin +email_server="smtp.mydomain.com" +email_server_port="25" +email_username="sample_admin@mydomain.com" +email_password="abc" +email_from="admin " ##The password of Harbor admin, change this before any production use. -harbor_admin_password= Harbor12345 +harbor_admin_password="Harbor12345" ##By default the auth mode is db_auth, i.e. the credentials are stored in a local database. #Set it to ldap_auth if you want to verify a user's credentials against an LDAP server. -auth_mode = db_auth +auth_mode="db_auth" #The url for an ldap endpoint. -ldap_url = ldaps://ldap.mydomain.com +ldap_url="ldaps://ldap.mydomain.com" #The basedn template to look up a user in LDAP and verify the user's password. -ldap_basedn = uid=%s,ou=people,dc=mydomain,dc=com +ldap_basedn="uid=%s,ou=people,dc=mydomain,dc=com" #The password for the root user of mysql db, change this before any production use. -db_password = root123 +db_password="root123" #Turn on or off the self-registration feature -self_registration = on +self_registration="on" + +#Turn on or off the custom-generate token +customize_token="on" + +#token message +crt_countryname="CN" +crt_state="State" +crt_name="name" +crt_organizationname="organization name" +crt_organizationalunitname="organizational unit name" ##### diff --git a/Deploy/prepare b/Deploy/prepare index 5571e3c20..f47bb283e 100755 --- a/Deploy/prepare +++ b/Deploy/prepare @@ -1,98 +1,133 @@ -#!/usr/bin/python -# -*- coding: utf-8 -*- -from __future__ import print_function, unicode_literals # We require Python 2.6 or later -from string import Template -import os -import sys -from io import open +#!/bin/bash +# Requires: openssl -if sys.version_info[:3][0] == 2: - import ConfigParser as ConfigParser - import StringIO as StringIO +source ./harbor.cfg -if sys.version_info[:3][0] == 3: - import configparser as ConfigParser - import io as StringIO +config_path="./config" +ui_path="./config/ui" +db_path="./config/db" +tpl_path="./templates" -#Read configurations -conf = StringIO.StringIO() -conf.write("[configuration]\n") -conf.write(open("harbor.cfg").read()) -conf.seek(0, os.SEEK_SET) -rcp = ConfigParser.RawConfigParser() -rcp.readfp(conf) +mkdir -p $tpl_path +mkdir -p $ui_path $db_path -hostname = rcp.get("configuration", "hostname") -ui_url = rcp.get("configuration", "ui_url_protocol") + "://" + hostname -email_server = rcp.get("configuration", "email_server") -email_server_port = rcp.get("configuration", "email_server_port") -email_username = rcp.get("configuration", "email_username") -email_password = rcp.get("configuration", "email_password") -email_from = rcp.get("configuration", "email_from") -harbor_admin_password = rcp.get("configuration", "harbor_admin_password") -auth_mode = rcp.get("configuration", "auth_mode") -ldap_url = rcp.get("configuration", "ldap_url") -ldap_basedn = rcp.get("configuration", "ldap_basedn") -db_password = rcp.get("configuration", "db_password") -self_registration = rcp.get("configuration", "self_registration") -######## +declare -a arr=("$ui_path/env" "$ui_path/app.conf" "$config_path/registry/config.yml" "$db_path/env") -base_dir = os.path.dirname(__file__) -config_dir = os.path.join(base_dir, "config") -templates_dir = os.path.join(base_dir, "templates") +for i in "${arr[@]}"; do + if [ -e $i ]; then + echo "Clearing the configuration file: "$i + rm $i + fi +done +echo "appname = registry +runmode = dev -ui_config_dir = os.path.join(config_dir,"ui") -if not os.path.exists(ui_config_dir): - os.makedirs(os.path.join(config_dir, "ui")) +[lang] +types = en-US|zh-CN +names = en-US|zh-CN -db_config_dir = os.path.join(config_dir, "db") -if not os.path.exists(db_config_dir): - os.makedirs(os.path.join(config_dir, "db")) +[dev] +httpport = 80 -def render(src, dest, **kw): - t = Template(open(src, 'r').read()) - with open(dest, 'w') as f: - f.write(t.substitute(**kw)) - print("Generated configuration file: %s" % dest) +[mail] +host = $email_server +port = $email_server_port +username = $email_username +password = $email_password +from = $email_from" > $ui_path/app.conf +echo "Generated configuration file: "$ui_path/app.conf -ui_conf_env = os.path.join(config_dir, "ui", "env") -ui_conf = os.path.join(config_dir, "ui", "app.conf") -registry_conf = os.path.join(config_dir, "registry", "config.yml") -db_conf_env = os.path.join(config_dir, "db", "env") +echo "MYSQL_HOST=mysql +MYSQL_PORT=3306 +MYSQL_USR=root +MYSQL_PWD=$db_password +REGISTRY_URL=http://registry:5000 +CONFIG_PATH=/etc/ui/app.conf +HARBOR_REG_URL=$hostname +HARBOR_ADMIN_PASSWORD=$harbor_admin_password +HARBOR_URL=$hostname +AUTH_MODE=$auth_mode +LDAP_URL=$ldap_url +LDAP_BASE_DN=$ldap_basedn +SELF_REGISTRATION=$self_registration +LOG_LEVEL=debug" > $ui_path/env +echo "Generated configuration file: "$ui_path/env -conf_files = [ ui_conf, ui_conf_env, registry_conf, db_conf_env ] -for f in conf_files: - if os.path.exists(f): - print("Clearing the configuration file: %s" % f) - os.remove(f) +echo "MYSQL_ROOT_PASSWORD=$db_password" > $config_path/db/env +echo "Generated configuration file: "$config_path/db/env -render(os.path.join(templates_dir, "ui", "env"), - ui_conf_env, - hostname=hostname, - db_password=db_password, - ui_url=ui_url, - auth_mode=auth_mode, - admin_pwd=harbor_admin_password, - ldap_url=ldap_url, - ldap_basedn=ldap_basedn, - self_registration=self_registration) +echo "version: 0.1 +log: + level: debug + fields: + service: registry +storage: + cache: + layerinfo: inmemory + filesystem: + rootdirectory: /storage + maintenance: + uploadpurging: + enabled: false + delete: + enabled: true +http: + addr: :5000 + secret: placeholder + debug: + addr: localhost:5001 +auth: + token: + issuer: registry-token-issuer + realm: $ui_url/service/token + rootcertbundle: /etc/registry/root.crt + service: token-service -render(os.path.join(templates_dir, "ui", "app.conf"), - ui_conf, - email_server=email_server, - email_server_port=email_server_port, - email_user_name=email_username, - email_user_password=email_password, - email_from=email_from, - ui_url=ui_url) +notifications: + endpoints: + - name: harbor + disabled: false + url: http://ui/service/notifications + timeout: 500 + threshold: 5 + backoff: 1000" > $config_path/registry/config.yml +echo "Generated configuration file: "$config_path/registry/config.yml -render(os.path.join(templates_dir, "registry", "config.yml"), - registry_conf, - ui_url=ui_url) +is_fail=0 -render(os.path.join(templates_dir, "db", "env"), - db_conf_env, - db_password=db_password) +if [ $customize_token == "on" ];then -print("The configuration files are ready, please use docker-compose to start the service.") + if [ -e $ui_path/private_key.pem ]; then + echo "clearing the origin private_key.pem in "$ui_pth + rm $ui_path/private_key.pem + fi + openssl genrsa -out $ui_path/private_key.pem 4096 + if [ -e $ui_path/private_key.pem ]; then + echo "private_key.gem has been generated in "$ui_path + else echo "generate private_key.gem fail." + is_fail=1 + fi + + if [ -e $config_path/registry/root.crt ]; then + echo "clearing the origin root.crt in "$config_path"/registry" + rm $config_path/registry/root.crt + fi + + openssl req -new -x509 -key $ui_path/private_key.pem -out $config_path/registry/root.crt -days 3650 \ + -subj "/C=$crt_countryname/ST=$crt_state/L=$crt_name/O=$crt_organizationname/OU=$crt_organizationalunitname" + if [ -e $config_path/registry/root.crt ]; then + echo "root.crt has been generated in "$config_path"/registry" + else echo "generate root.crt fail." + is_fail=1 + fi +elif [ $customize_token != "off" ]; then + echo "wrong args found in customize_token: "$customize_token + is_fail=1 +fi + +if [ $is_fail -eq 0 ];then + echo "The configuration files are ready, please use docker-compose to start the service." +else + echo "some problem occurs." +fi diff --git a/Deploy/prepare.sh b/Deploy/prepare.sh deleted file mode 100644 index 87443f5fc..000000000 --- a/Deploy/prepare.sh +++ /dev/null @@ -1,55 +0,0 @@ -# Requires: openssl - -## Configuration file of Harbor - -#The IP address or hostname to access admin UI and registry service. -#DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients. -hostname = "reg.mydomain.com" - -#The protocol for accessing the UI and token/notification service, by default it is http. -#It can be set to https if ssl is enabled on nginx. -ui_url_protocol = "http" - -#Email account settings for sending out password resetting emails. -email_server = "smtp.mydomain.com" -email_server_port = "25" -email_username = "sample_admin@mydomain.com" -email_password = "abc" -email_from = "admin " - -##The password of Harbor admin, change this before any production use. -harbor_admin_password= "Harbor12345" - -##By default the auth mode is db_auth, i.e. the credentials are stored in a local database. -#Set it to ldap_auth if you want to verify a user's credentials against an LDAP server. -auth_mode = "db_auth" - -#The url for an ldap endpoint. -ldap_url = "ldaps://ldap.mydomain.com" - -#The basedn template to look up a user in LDAP and verify the user's password. -ldap_basedn = "uid=%s,ou=people,dc=mydomain,dc=com" - -#The password for the root user of mysql db, change this before any production use. -db_password = "root123" - -#Turn on or off the self-registration feature -self_registration = "on" -##### - -config_path = "./config" -ui_path = "./config/ui" -db_path = "./config/db" -tpl_path = "./templates" - -mkdir -p $tpl_path -mkdir -p $ui_path $db_path - -declare -a arr=("$ui_path/env" "$ui_path/app.conf" "$config_path/registry/config.yml" "$db_path/env") - -for i in "${arr[@]}"; do - if -e $i; do - echo "Clearing the configuration file: "$i - rm $i - fi -done diff --git a/Deploy/private_key.pem b/Deploy/private_key.pem new file mode 100644 index 000000000..4487d35b8 --- /dev/null +++ b/Deploy/private_key.pem @@ -0,0 +1,51 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIJKgIBAAKCAgEA2Vxkww4IWVte7tUqQrCoVHhz1rETMuGH29Ix5d3MDEptVFsz +CoF2hfgHuG9sH5ZqLR9sYz+Dn0pMyAk6dhMHW3DaGua94VeV74cWus7H1zoU5UWL +Uss87DiwzNeJ4XkjO0Y+k8XDOTulTSnXMwdtTR7EWu1Qa+kcofwnqrONhzFMae8G ++rYsTnHa3QWpQkuTvZP6Vy8EaSomhEyDLx2V0ulxwi4I7Z3Mwb3hJakaK3uFMNdz +JTkgXaG9nnV2Qj/mglc7h9ApBZFOVu9n9jBM7+++5F/0TvJ24YRNMnvrAzIMeWQH +goA6WwHQaHBZ0ffEHwcpotX/GS+25lds9xFY9vvflDtckjT7Q0qTD2d1N+NghMwF +58w2+gQzoZJ3pEOH+OfX6xd0FBL4YymG1Nds50WWcX2AtxoKrVmFao/YqNqNaIU2 +hFjt8Pig+BEAqPLVoBpHvNtdhotD2EJP64dcVqta0fa8rqrbTyz2jnJH146JKzu8 +suI1+IWAWInvgk8+ujwfShT0GRGCaIVb+YGgr6OzFiZsZUnN7ufPnUAcETxrWG+G +SbNfjqixIrNHm5YtJL/ne+O+qd9IBEPu5XDyQXMy/by6FWz61E6ocSaRwcm4uSyO +Mj0JJToMClAU/VhzaDhaUOO74nojpEfJRllj8vYmPcjRv5KWWmeYYSUbascCAwEA +AQKCAgEAwxfZ3PVQaxvG1ql/2AIF5GOE3ZNsPwQM1DIS1VZBmlqHTOraojhXcKGS +FGn161gvjragq2hLtIKU7grSbT5hISLmsLSgg40Ap9Bhh2SoHDcmoC7OgY6n7QJp +NkLToAwBomdHLY2Yz1sI4HyIimXFJi5SYaaVw3WlXIMd+2pTwp9uDbscUZWHqRUq +M62sITQCtGsIjI5H8DiD/8VJDdYJLxiXIYn+O4CiUtciKZJhSdwBTThkQmnG8iOF +NaAKeCYwuJaheSJOX4/vd7pEXsU1mTpf5U121BFuwLXmMETnSKP4bFBrKSf8uMil +Dcih5gL0BkGAjoZzBGE+Ufrwc8YfSU/w9xEl0Lj1ScH1rD9t8RqZbvV/IPf1wuik +FK2NXN1uBrqbJtUuNuO9E3rguzgRExtjMwBjXgbWBN32GIJPgi2QpInOg8ApRAWe +T9koVtsQXPq5Z+prm9anRL4xEBnbor7RUL56HcGW/i5yBh6RnVhr0R/diVmYqPQQ +HO2LuLpMWjolyssQpf3uIUV/mgO8sZaLcBL0LScvtaMw2+ORy3aH7JV86pCKOmGQ +kN3gWI7fp6h2N4gAua/e1O0serm5uQ2HeDc8qH1S3Qxhph7e4GPQPsgGZcKbmtms +QVKSk2Bkaae9Qs4zrDX6sqZ3K5NwnGFyRP5cO57gr3UsCdkBSokCggEBAPj4H/rN +Yvu0aQQQBubUbpwU3/JzHBjgnxbk7XfEFfIN9bHhOJZveN9rycTr+PqqnAHkAAKf +fCW5gDGd24ZuA0oiLOrnkLVxKkS0PTuu+xoFHTTjFrxhSNafFWNUEG4Iz6lBv35K +f7veAe8DBGI+cutTc9WLA9Z2AsfJ2EYt1A3vJpIHIPFZ4zrB0xLFOxm0MMfRieXE +1uSSGor1CrhEu7AwWTyBrkRkowKaTdDmPMnDhI1XM+w1wP0X3HojOA6TY6ZTxYqU +iDU65NTg1I4pT5k7RmjnMS2wS/l63MayMJLlKMub9CU1cTFnF6GiggadkxaBOn4m +R2htbpjDlmzZuz0CggEBAN9/wyvsJiEDnEro7lMR8hXQl4qqjSylsYSLkdwVhdq9 +it2OjjBp5lA70NEAD4xMFCygJCnY+zsdqZ/RASHmrX9hpROrTK/mO+dcKoWfquYa +y8v0LScLAr9XJ2fN1ykiT9gYnNykxTpoM60cNyHH9wXHSQ8ZIyhgpL37gK36co7g +fAAORwiqasQPSzvhQdTq5H/vdoaFZGsfY8WDijq7rCblWSZY1zTwGyS713RVcZ6+ +5/C8Newj2jOXOuFxXTx4l59fmxRwsfQS8dMh/QIWrKkQmwYYGxo/UU1QUuUzi7EC +tmQ2xseXvXWaIpWzlexws3ejABO+/0BiZsINLUNF7lMCggEAQAICrsc5CH9EdH/u +VlANM+GGBd4kPh0ZqZgnmR/3iGigXyAJHVwBVmdu00rbkw5j13SXsBTypPxBAgCU +nMYR4HBS3f20zYEPneQ8zehZtEHWVW+Au+PDBzKVHBlTtAZd5ST7J2vd1R3pn1pG +OT/W6btlz2PTE8L5SgYRrVFA8GgooWhlxscWTVfhfTTp0dzqoaS0cDcgDFmnq0v+ +eotpOY3kk1K/y+OXqSaklO1seW7j2DawKa1UNX15+Iivc8fe2bc11UAEmLLQfA5l +dzsVtM5xdqzhjt6BWd2Ffyv2ov15dIdeyGYp+MqJX8vY4/yFAUcuE5qhxy5DPdEj +Dk8X/QKCAQEAq0ASJA2GCbXig+OG+U++1shF1ZJpKdSr+IuY77HuJnUlei5I9P+v +4bpzfjE1uKJyst7h1s7TcbCA0FwtKfS+6+O9wRx4Xi9jpxsP2eNF55qQnW4zSr89 +E6+MGhW2z2XjGAmD5+y40tAVCIeeFtxJgrv4VwFD1yR2FrwnFSfZr3CCkuhdtV4f +AKtXUkJ/Vs3E1+J8RwbestYSdL0dpXM3rXX+oUthWsa/hZ4IsLLnpGNTBTqxdobi +IrW2ABgFANjGFPAEu9y9/e6mLMjWPEtzcPewUTMXUT1C5qKtYcHlP3R8nLz8AuNZ +4EqCRYKdVdXlLb5PyNGIc6TyZ64BCJME0QKCAQEA2aswFkz/TBerqypNN2sH934Z +fquoCIoGofcxrgs9j+pu8QeSp25ka0UsnyvAOT6wic441JqgcSB3sqqEDLW2Dpqa +l6nT3l1QVaf78hFRprJDJq4Xv2tZWhNdslCrvJsAtYvy0flfDPS4DODfxdAXUv5N +g/Vw3hqOaXM1i+PC3Ry4QkUXFugH11rXef+1fiQEz3EMSCUx6wAtTOGzLIDnpoLu +okn40CqsvKIpWIRrTBeBAByQ71QaUK0uPbw9KvW0Eqpv0lU0I/IdAU9YO2IC7XG6 +M10Qb1uFQJkuW+O7Ix0jVmyLUYU1ebcMWLJeKekHbRmtXt4o3m9mpwKzp7Pnnw== +-----END RSA PRIVATE KEY----- From 6c65495d722943f6c7f7378b3b66796f98b6349b Mon Sep 17 00:00:00 2001 From: saga92 Date: Wed, 20 Apr 2016 10:28:15 +0800 Subject: [PATCH 14/29] add shell template --- Deploy/prepare | 70 ++-------------------------- Deploy/templates/db/env | 2 +- Deploy/templates/registry/config.yml | 4 +- Deploy/templates/ui/app.conf | 8 ++-- Deploy/templates/ui/env | 8 ++-- 5 files changed, 15 insertions(+), 77 deletions(-) diff --git a/Deploy/prepare b/Deploy/prepare index f47bb283e..8b981625f 100755 --- a/Deploy/prepare +++ b/Deploy/prepare @@ -20,78 +20,16 @@ for i in "${arr[@]}"; do fi done -echo "appname = registry -runmode = dev - -[lang] -types = en-US|zh-CN -names = en-US|zh-CN - -[dev] -httpport = 80 - -[mail] -host = $email_server -port = $email_server_port -username = $email_username -password = $email_password -from = $email_from" > $ui_path/app.conf +source $tpl_path/ui/app.conf > $ui_path/app.conf echo "Generated configuration file: "$ui_path/app.conf -echo "MYSQL_HOST=mysql -MYSQL_PORT=3306 -MYSQL_USR=root -MYSQL_PWD=$db_password -REGISTRY_URL=http://registry:5000 -CONFIG_PATH=/etc/ui/app.conf -HARBOR_REG_URL=$hostname -HARBOR_ADMIN_PASSWORD=$harbor_admin_password -HARBOR_URL=$hostname -AUTH_MODE=$auth_mode -LDAP_URL=$ldap_url -LDAP_BASE_DN=$ldap_basedn -SELF_REGISTRATION=$self_registration -LOG_LEVEL=debug" > $ui_path/env +source $tpl_path/ui/env > $ui_path/env echo "Generated configuration file: "$ui_path/env -echo "MYSQL_ROOT_PASSWORD=$db_password" > $config_path/db/env +source $tpl_path/db/env > $config_path/db/env echo "Generated configuration file: "$config_path/db/env -echo "version: 0.1 -log: - level: debug - fields: - service: registry -storage: - cache: - layerinfo: inmemory - filesystem: - rootdirectory: /storage - maintenance: - uploadpurging: - enabled: false - delete: - enabled: true -http: - addr: :5000 - secret: placeholder - debug: - addr: localhost:5001 -auth: - token: - issuer: registry-token-issuer - realm: $ui_url/service/token - rootcertbundle: /etc/registry/root.crt - service: token-service - -notifications: - endpoints: - - name: harbor - disabled: false - url: http://ui/service/notifications - timeout: 500 - threshold: 5 - backoff: 1000" > $config_path/registry/config.yml +source $tpl_path/registry/config.yml > $config_path/registry/config.yml echo "Generated configuration file: "$config_path/registry/config.yml is_fail=0 diff --git a/Deploy/templates/db/env b/Deploy/templates/db/env index 31cb6bdec..80f898590 100644 --- a/Deploy/templates/db/env +++ b/Deploy/templates/db/env @@ -1 +1 @@ -MYSQL_ROOT_PASSWORD=$db_password +echo "MYSQL_ROOT_PASSWORD=$db_password" diff --git a/Deploy/templates/registry/config.yml b/Deploy/templates/registry/config.yml index a1b19a8ed..f588d7c80 100644 --- a/Deploy/templates/registry/config.yml +++ b/Deploy/templates/registry/config.yml @@ -1,4 +1,4 @@ -version: 0.1 +echo "version: 0.1 log: level: debug fields: @@ -32,4 +32,4 @@ notifications: url: http://ui/service/notifications timeout: 500 threshold: 5 - backoff: 1000 + backoff: 1000" diff --git a/Deploy/templates/ui/app.conf b/Deploy/templates/ui/app.conf index 63dbd3451..9119fd651 100644 --- a/Deploy/templates/ui/app.conf +++ b/Deploy/templates/ui/app.conf @@ -1,4 +1,4 @@ -appname = registry +echo "appname = registry runmode = dev [lang] @@ -11,6 +11,6 @@ httpport = 80 [mail] host = $email_server port = $email_server_port -username = $email_user_name -password = $email_user_password -from = $email_from +username = $email_username +password = $email_password +from = $email_from" diff --git a/Deploy/templates/ui/env b/Deploy/templates/ui/env index e20e2bc6d..b38953819 100644 --- a/Deploy/templates/ui/env +++ b/Deploy/templates/ui/env @@ -1,14 +1,14 @@ -MYSQL_HOST=mysql +echo "MYSQL_HOST=mysql MYSQL_PORT=3306 MYSQL_USR=root MYSQL_PWD=$db_password REGISTRY_URL=http://registry:5000 CONFIG_PATH=/etc/ui/app.conf HARBOR_REG_URL=$hostname -HARBOR_ADMIN_PASSWORD=$admin_pwd -HARBOR_URL=$ui_url +HARBOR_ADMIN_PASSWORD=$harbor_admin_password +HARBOR_URL=$hostname AUTH_MODE=$auth_mode LDAP_URL=$ldap_url LDAP_BASE_DN=$ldap_basedn SELF_REGISTRATION=$self_registration -LOG_LEVEL=debug +LOG_LEVEL=debug" From b709a5de6f0c0be7d60d9f6d8a744e2a6215221b Mon Sep 17 00:00:00 2001 From: saga92 Date: Wed, 20 Apr 2016 10:34:30 +0800 Subject: [PATCH 15/29] delete customize token --- Deploy/config/registry/root.crt | 33 --------------------- Deploy/config/ui/private_key.pem | 51 -------------------------------- Deploy/private_key.pem | 51 -------------------------------- 3 files changed, 135 deletions(-) delete mode 100644 Deploy/config/registry/root.crt delete mode 100644 Deploy/config/ui/private_key.pem delete mode 100644 Deploy/private_key.pem diff --git a/Deploy/config/registry/root.crt b/Deploy/config/registry/root.crt deleted file mode 100644 index e088a9520..000000000 --- a/Deploy/config/registry/root.crt +++ /dev/null @@ -1,33 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFqTCCA5GgAwIBAgIJAL1ERoYUEaTZMA0GCSqGSIb3DQEBCwUAMGsxCzAJBgNV -BAYTAkNOMQ4wDAYDVQQIDAVTdGF0ZTENMAsGA1UEBwwEbmFtZTEaMBgGA1UECgwR -b3JnYW5pemF0aW9uIG5hbWUxITAfBgNVBAsMGG9yZ2FuaXphdGlvbmFsIHVuaXQg -bmFtZTAeFw0xNjA0MTkxNzMxMThaFw0yNjA0MTcxNzMxMThaMGsxCzAJBgNVBAYT -AkNOMQ4wDAYDVQQIDAVTdGF0ZTENMAsGA1UEBwwEbmFtZTEaMBgGA1UECgwRb3Jn -YW5pemF0aW9uIG5hbWUxITAfBgNVBAsMGG9yZ2FuaXphdGlvbmFsIHVuaXQgbmFt -ZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKDaZVJiE/jmnkBUv1xz -Oc/JNNnAkNcd1Bi9Am8wZZJlmpdZieLneNbQhyNaFVYQovdHBQ+KfXyZtz9cE1rM -+TWlgpPr1Slh5CSyTTHHASpic1rDUTuvlqctFgCXHzwiDwWH+97f+HfcPUGxdXrB -87cwWliFGSIsZKfa53cw4uNnCEcnsnk9fjT7d+eUn/PbO+tQMIPQTnu3Zc4ABjRN -rZHiN5H6zr5xq9BJdB4n0dpDtk+8ygZqZ12Y4snL3P9nzYz9bNNA6G55B8BY6Cvg -i3yNdrDbptdUp2FQmn3ODum7vqTLDnkBASBF/F9RV1kqRGAV2hge1VYKjm+eKB4N -qn6Ep2cy6ZIiMX7z5OVNEgryfYIdr5UF4JEprS+vXivvRZ9kfSZC5yc976z+O/6h -T0xR6qZaTujt3K82wPNmZRaXeNCms7QwfbJN9blvkQZSCkaTCEgbeGnrmw/RvX3p -ilDbMABJDon9olwOGDEa+OgvTtdB0NHokD/ONKeQwf8cGde5UIWmljSaTOub1p3z -BnEugYWZkvEFZbQssiY1LDM/o4GiQjdEVE0sLcnWbXyG1ceG6o6cIz8W64cXST9B -4aPPWZ4y/MPm+kQsvO6PwFdRGg8AaVSKIrbB/mYLu2Q21NVnsXpje6hybyk9Cfb2 -BsGgUCEL0TdbuWuQNriqwxLdAgMBAAGjUDBOMB0GA1UdDgQWBBTvqAlIppLW24Ds -zdEd/4oyGoCUSDAfBgNVHSMEGDAWgBTvqAlIppLW24DszdEd/4oyGoCUSDAMBgNV -HRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQAYr1jl8N5B63J6xNfjN/dtaMKl -gm/h/ghBl5EUTGSkkAOT+tkZkmSVhBTlqF7sndgkvNiaF3ds2tM6xXju28Ipemn7 -3nSYg7bFcxKJ6VDr21+8PZAoFC//oquXoeSpCU40Fl3uq0goxo2J9g6WikBbzpxd -AFlXSC9baTpQpfQavuT/2Clfu1YsaFhhtGPupNoTwkzaqgBOln9kKp7DkaVuR0Lu -x7/c+LvSGIJYwN9MKXSe1YJ4mbMVhXF6eMVwKZfbDPvgr2lkJNpCltdqd5AozunE -kc1BDvrDoRUTMnwxixxfmTa4brYlJd/WhmtBfjOrVavm3dkzT7JusPCsiFYP8xJx -uRsrhP5qHyNKnWKt+XQHicT74WbplHhn2HSKwAd/a1n1+AN79zXPNe4lUASmYu+a -6dL870qEWQ8CvCyqGOmGzZnEuVGQ1I6tRpL17wLmXQyM+VS1VjjvXOD+EYmG0qMl -k6NsleM0KxIe2E6o4Z66RlsaygoQQ1um8VRJFu64GuTWjeqOn3k6t8CkLorSsr/r -CUd9wM09YZ5H05pEdr/dmnzjIcmLfNXprdtguMndGM97vkHvcYazc0NKrNOEcY/U -+cgcf7r2d0QVcyk4KczFv4TzaEcTMIGiUemYxOjjEaMyOs0TnOdR3keimTz970N9 -foE07UI+31lH38VOeQ== ------END CERTIFICATE----- diff --git a/Deploy/config/ui/private_key.pem b/Deploy/config/ui/private_key.pem deleted file mode 100644 index 5f2bc093c..000000000 --- a/Deploy/config/ui/private_key.pem +++ /dev/null @@ -1,51 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIJJwIBAAKCAgEAoNplUmIT+OaeQFS/XHM5z8k02cCQ1x3UGL0CbzBlkmWal1mJ -4ud41tCHI1oVVhCi90cFD4p9fJm3P1wTWsz5NaWCk+vVKWHkJLJNMccBKmJzWsNR -O6+Wpy0WAJcfPCIPBYf73t/4d9w9QbF1esHztzBaWIUZIixkp9rndzDi42cIRyey -eT1+NPt355Sf89s761Awg9BOe7dlzgAGNE2tkeI3kfrOvnGr0El0HifR2kO2T7zK -BmpnXZjiycvc/2fNjP1s00DobnkHwFjoK+CLfI12sNum11SnYVCafc4O6bu+pMsO -eQEBIEX8X1FXWSpEYBXaGB7VVgqOb54oHg2qfoSnZzLpkiIxfvPk5U0SCvJ9gh2v -lQXgkSmtL69eK+9Fn2R9JkLnJz3vrP47/qFPTFHqplpO6O3crzbA82ZlFpd40Kaz -tDB9sk31uW+RBlIKRpMISBt4aeubD9G9femKUNswAEkOif2iXA4YMRr46C9O10HQ -0eiQP840p5DB/xwZ17lQhaaWNJpM65vWnfMGcS6BhZmS8QVltCyyJjUsMz+jgaJC -N0RUTSwtydZtfIbVx4bqjpwjPxbrhxdJP0Hho89ZnjL8w+b6RCy87o/AV1EaDwBp -VIoitsH+Zgu7ZDbU1WexemN7qHJvKT0J9vYGwaBQIQvRN1u5a5A2uKrDEt0CAwEA -AQKCAgBqBQjbcAGyAG81/6XRjbEBH6FSFPZikyqE06+TEdcg0w89yqpzgBXJoNAx -oOKHQ5fmXE0dnS5wvfBmNo4bPxbTITAbx0lMaVUySsNOl9hQ02ss26fjKyylK7Zg -1TqlK92yy5pboEvo1KUbc5f3PXchuyERT0jtmU0Oxd3iVbp2ICb4n1WnS7yvtz+k -x/VViZ7IzqXre5T/PjY/vQxZ1QkeKnhuI125cLrKImACsERFFHRJwil2aROQQYDZ -eSFExmpZD4B3DUUl62gMg40jvnCxu5wLnfst2oIoRjRNz09NB430mFIFt3/Cgd6C -BN8Jyi4fFsgVNd1vRK31K81NYbyJc+kRgVv4bl7z32eHTrUBBS852jqxRBof6esY -4j9/Egt5tVrobIlKtgHDWYvjzAWJqcZBfD2Terlu71bpxpfQTHh7ixepzVhzl1eP -YG+goQt+bBIFY3IftNP7jxK5LIsL+CPBkSdrFFZX2hbheYMlcy/FefdSYCP9mIih -yJcf/1kcUAVTmzL5J1G7J7bYqSNcLhBmu9seuzbpKq3RzWNKxl9ALd0T+pPZR5ZH -2oOFgletEofb2p34vhE7TBFZobXtgupKNbghJYKzIVnFtp02pUODgyaU8KQNINeO -gMHeUoaAPo/BNemejhy5BqJOIdQk2C7DGl2gKJP7ulp/Eed0EQKCAQEAzSQsLXc/ -Kp2y+BequL2XlpsJYhTs2fvtbUuq9oMMK3gX9s6+a5hQ5ITnXrxB9HzKAjDUWHlF -qLKBrB3X/jYjyiLQeXhTpliUXL/FGU9lfR9/btbqA3PxMZZyNYlZAStLp7/xlzHV -XrcvB9k5v3keE+GqufhXuRTs6jNAVWeyh9GWsA97FgQtJU46xXGLT1gEkS7vSa5a -fyqAatXUEL8EjnhHf5Dkp1FYiywdK31YbkaYCd/Umdezc8mauetybWjbrj3JICTp -KBfrZJQGd5ioADzll1xa4yFExDnBq2we2ugm/6jgYRJd6gO/uSZ1OkpcSFKxOB5m -hOUns5n7spLl3wKCAQEAyLtblCvJ1psn8tIYnouXl58/VQyXKGNlGsifXAuMI5tk -eyR/dJYgGjzwv4e3ys1m+4v0LSCGwAz8cSqCL9M2k1jAIDjb5i5/uvP2/fUxscjD -WdxBNhpnkdyxULv6Pc5RBGgnOZilAAJ0Ne0QoCXU7UmcdaiQzdjJLhK+Awu7+3eq -+JpR5IV8kwNesB8jYDbYCo5SQDxtPRCr6b1t4gUQq6g2krISBEyWQlPp3yRjf4fd -JRBUrN82mpxC6EFj79rPbP4TIrZXT3eki65CAi+ebC8bw3/+5V63rmuhXRtufIn6 -KgTbf7pEiXF2WAlocDgZ4spUxZbT7nyfYFtBCF1GwwKCAQAxkoUuc3uLM9KUyztR -K1efaFWrIv1da9ijKb7llSNyubGozasMWyFpJ4i1xu51Q1aZku0teBjSPFjDm+6f -GrwpU6JnSCGGuC8Z/qmFhT80LlFgGoUwUms9nWp573fXpXvBzMt3yu4R1liCIAcp -cv5GtajJCe9A5YKe0cXBHa7xzT8JyqPm3Rl/w1jGb7rHcLCh2OKwPnbV9hJUPtnh -NhfGyeAVPpFSsYChGQbvhHnDJEIHWNSKXKqb12MRfIkJUWaMw5d/sgu5yZXzlyW8 -7uHiNNUSb5ny+w4gEQjxAM6v/Zu2+jtGmeah70f8WQPJE0EbpQf4VLhXcvzWFObS -71anAoIBAGnJ7CKzzSTQEoazWQw9jz/2Sl9dSlCbyY4LC4lsAIhHffY0LwPXlsWd -NlgKg79a7xpFEQOzb7DJZ0WQ3Jmt28Zd8KtKrAGsod56csI2teD3aJT0Ml38HndN -8xkUaHaoRCRpa7q8CsFtiadd7/Qm3AfOUqnjk6UYyjYA5KkgRwrpb26jjeM8woGM -Nhvl3TP403UEuq5l6kBTh/agwcdrWfTNqy02sa4YWtxL8yaJu/JbPR4qdCXDYbir -/8r9o1imXckYQid6J5uW914yEVGrnPdxAFXRIBnsCCvhR2KVcW4rHW+FrdSr6zDw -XilZk/QIbQQMFA8qRTkb7rbOgQCSgBcCggEAPepUfUh8GcWr+y27ypwpPbiuO1l5 -4QWMpOmQT1Ft58LoP0r0f5XASUKFrYiwIYOJjoED6kh5XdWBauydui2tTYvy5mLQ -xhtRAe4KrqrHEiYopR+C6SAJQ+Q7vJ2ZlVlMCabPjMdIews0cLCtyeyi3ZRF6wf1 -mz+g0fjtBLQXveOBakDzE8zjHGo86qGFDCYKhdILl9Fmr+imH3xq51bFOgXkW0bd -FwXscmJSJZcl91MQ/Y1hPprL4F7cnwkvUwIRWzkxpyCObwVtXhrwqhGxn+7NpESN -6w3CT3mA5JfISq0KOrwrKd0PxuRPexcGyhcoaT+TEdST1m18ey9bP8E8hg== ------END RSA PRIVATE KEY----- diff --git a/Deploy/private_key.pem b/Deploy/private_key.pem deleted file mode 100644 index 4487d35b8..000000000 --- a/Deploy/private_key.pem +++ /dev/null @@ -1,51 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIJKgIBAAKCAgEA2Vxkww4IWVte7tUqQrCoVHhz1rETMuGH29Ix5d3MDEptVFsz -CoF2hfgHuG9sH5ZqLR9sYz+Dn0pMyAk6dhMHW3DaGua94VeV74cWus7H1zoU5UWL -Uss87DiwzNeJ4XkjO0Y+k8XDOTulTSnXMwdtTR7EWu1Qa+kcofwnqrONhzFMae8G -+rYsTnHa3QWpQkuTvZP6Vy8EaSomhEyDLx2V0ulxwi4I7Z3Mwb3hJakaK3uFMNdz -JTkgXaG9nnV2Qj/mglc7h9ApBZFOVu9n9jBM7+++5F/0TvJ24YRNMnvrAzIMeWQH -goA6WwHQaHBZ0ffEHwcpotX/GS+25lds9xFY9vvflDtckjT7Q0qTD2d1N+NghMwF -58w2+gQzoZJ3pEOH+OfX6xd0FBL4YymG1Nds50WWcX2AtxoKrVmFao/YqNqNaIU2 -hFjt8Pig+BEAqPLVoBpHvNtdhotD2EJP64dcVqta0fa8rqrbTyz2jnJH146JKzu8 -suI1+IWAWInvgk8+ujwfShT0GRGCaIVb+YGgr6OzFiZsZUnN7ufPnUAcETxrWG+G -SbNfjqixIrNHm5YtJL/ne+O+qd9IBEPu5XDyQXMy/by6FWz61E6ocSaRwcm4uSyO -Mj0JJToMClAU/VhzaDhaUOO74nojpEfJRllj8vYmPcjRv5KWWmeYYSUbascCAwEA -AQKCAgEAwxfZ3PVQaxvG1ql/2AIF5GOE3ZNsPwQM1DIS1VZBmlqHTOraojhXcKGS -FGn161gvjragq2hLtIKU7grSbT5hISLmsLSgg40Ap9Bhh2SoHDcmoC7OgY6n7QJp -NkLToAwBomdHLY2Yz1sI4HyIimXFJi5SYaaVw3WlXIMd+2pTwp9uDbscUZWHqRUq -M62sITQCtGsIjI5H8DiD/8VJDdYJLxiXIYn+O4CiUtciKZJhSdwBTThkQmnG8iOF -NaAKeCYwuJaheSJOX4/vd7pEXsU1mTpf5U121BFuwLXmMETnSKP4bFBrKSf8uMil -Dcih5gL0BkGAjoZzBGE+Ufrwc8YfSU/w9xEl0Lj1ScH1rD9t8RqZbvV/IPf1wuik -FK2NXN1uBrqbJtUuNuO9E3rguzgRExtjMwBjXgbWBN32GIJPgi2QpInOg8ApRAWe -T9koVtsQXPq5Z+prm9anRL4xEBnbor7RUL56HcGW/i5yBh6RnVhr0R/diVmYqPQQ -HO2LuLpMWjolyssQpf3uIUV/mgO8sZaLcBL0LScvtaMw2+ORy3aH7JV86pCKOmGQ -kN3gWI7fp6h2N4gAua/e1O0serm5uQ2HeDc8qH1S3Qxhph7e4GPQPsgGZcKbmtms -QVKSk2Bkaae9Qs4zrDX6sqZ3K5NwnGFyRP5cO57gr3UsCdkBSokCggEBAPj4H/rN -Yvu0aQQQBubUbpwU3/JzHBjgnxbk7XfEFfIN9bHhOJZveN9rycTr+PqqnAHkAAKf -fCW5gDGd24ZuA0oiLOrnkLVxKkS0PTuu+xoFHTTjFrxhSNafFWNUEG4Iz6lBv35K -f7veAe8DBGI+cutTc9WLA9Z2AsfJ2EYt1A3vJpIHIPFZ4zrB0xLFOxm0MMfRieXE -1uSSGor1CrhEu7AwWTyBrkRkowKaTdDmPMnDhI1XM+w1wP0X3HojOA6TY6ZTxYqU -iDU65NTg1I4pT5k7RmjnMS2wS/l63MayMJLlKMub9CU1cTFnF6GiggadkxaBOn4m -R2htbpjDlmzZuz0CggEBAN9/wyvsJiEDnEro7lMR8hXQl4qqjSylsYSLkdwVhdq9 -it2OjjBp5lA70NEAD4xMFCygJCnY+zsdqZ/RASHmrX9hpROrTK/mO+dcKoWfquYa -y8v0LScLAr9XJ2fN1ykiT9gYnNykxTpoM60cNyHH9wXHSQ8ZIyhgpL37gK36co7g -fAAORwiqasQPSzvhQdTq5H/vdoaFZGsfY8WDijq7rCblWSZY1zTwGyS713RVcZ6+ -5/C8Newj2jOXOuFxXTx4l59fmxRwsfQS8dMh/QIWrKkQmwYYGxo/UU1QUuUzi7EC -tmQ2xseXvXWaIpWzlexws3ejABO+/0BiZsINLUNF7lMCggEAQAICrsc5CH9EdH/u -VlANM+GGBd4kPh0ZqZgnmR/3iGigXyAJHVwBVmdu00rbkw5j13SXsBTypPxBAgCU -nMYR4HBS3f20zYEPneQ8zehZtEHWVW+Au+PDBzKVHBlTtAZd5ST7J2vd1R3pn1pG -OT/W6btlz2PTE8L5SgYRrVFA8GgooWhlxscWTVfhfTTp0dzqoaS0cDcgDFmnq0v+ -eotpOY3kk1K/y+OXqSaklO1seW7j2DawKa1UNX15+Iivc8fe2bc11UAEmLLQfA5l -dzsVtM5xdqzhjt6BWd2Ffyv2ov15dIdeyGYp+MqJX8vY4/yFAUcuE5qhxy5DPdEj -Dk8X/QKCAQEAq0ASJA2GCbXig+OG+U++1shF1ZJpKdSr+IuY77HuJnUlei5I9P+v -4bpzfjE1uKJyst7h1s7TcbCA0FwtKfS+6+O9wRx4Xi9jpxsP2eNF55qQnW4zSr89 -E6+MGhW2z2XjGAmD5+y40tAVCIeeFtxJgrv4VwFD1yR2FrwnFSfZr3CCkuhdtV4f -AKtXUkJ/Vs3E1+J8RwbestYSdL0dpXM3rXX+oUthWsa/hZ4IsLLnpGNTBTqxdobi -IrW2ABgFANjGFPAEu9y9/e6mLMjWPEtzcPewUTMXUT1C5qKtYcHlP3R8nLz8AuNZ -4EqCRYKdVdXlLb5PyNGIc6TyZ64BCJME0QKCAQEA2aswFkz/TBerqypNN2sH934Z -fquoCIoGofcxrgs9j+pu8QeSp25ka0UsnyvAOT6wic441JqgcSB3sqqEDLW2Dpqa -l6nT3l1QVaf78hFRprJDJq4Xv2tZWhNdslCrvJsAtYvy0flfDPS4DODfxdAXUv5N -g/Vw3hqOaXM1i+PC3Ry4QkUXFugH11rXef+1fiQEz3EMSCUx6wAtTOGzLIDnpoLu -okn40CqsvKIpWIRrTBeBAByQ71QaUK0uPbw9KvW0Eqpv0lU0I/IdAU9YO2IC7XG6 -M10Qb1uFQJkuW+O7Ix0jVmyLUYU1ebcMWLJeKekHbRmtXt4o3m9mpwKzp7Pnnw== ------END RSA PRIVATE KEY----- From 64432c3dc0a96cfd7ee0ee72604edf1fe03300e6 Mon Sep 17 00:00:00 2001 From: saga92 Date: Wed, 20 Apr 2016 10:53:14 +0800 Subject: [PATCH 16/29] add root.crt&private_key.pem --- Deploy/config/registry/root.crt | 15 +++++++++++++++ Deploy/config/ui/private_key.pem | 15 +++++++++++++++ 2 files changed, 30 insertions(+) create mode 100644 Deploy/config/registry/root.crt create mode 100644 Deploy/config/ui/private_key.pem diff --git a/Deploy/config/registry/root.crt b/Deploy/config/registry/root.crt new file mode 100644 index 000000000..326d8080a --- /dev/null +++ b/Deploy/config/registry/root.crt @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE----- +MIICWDCCAcGgAwIBAgIJAN1nLuloDeHNMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQwHhcNMTYwMTI3MDQyMDM1WhcNNDMwNjE0MDQyMDM1WjBF +MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50 +ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB +gQClak/4HO7EeLU0w/BhtVENPLOqU0AP2QjVUdg1qhNiDWVrbWx9KYHqz5Kn0n2+ +fxdZo3o7ZY5/2+hhgkKh1z6Kge9XGgune6z4fx2J/X2Se8WsGeQUTiND8ngSnsCA +NtYFwW50SbUZPtyf5XjAfKRofZem51OxbxzN3217L/ubKwIDAQABo1AwTjAdBgNV +HQ4EFgQU5EG2VrB3I6G/TudUpz+kBgQXSvYwHwYDVR0jBBgwFoAU5EG2VrB3I6G/ +TudUpz+kBgQXSvYwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOBgQAx+2eo +oOm0YNy9KQ81+7GQkKVWoPQXjAGGgZuZj8WCFepYqUSJ4q5qbuVCY8WbGcHVk2Rx +Jg1XDCmMjBgYP6S0ikezBRqSmNA3G6oFiydTKBfPs6RNalsB0C78Xk5l5+PIyd2R +jFKOKoMpkjwfeJv2j64WNGoBgqj7XRBoJ11a4g== +-----END CERTIFICATE----- diff --git a/Deploy/config/ui/private_key.pem b/Deploy/config/ui/private_key.pem new file mode 100644 index 000000000..6c68cacb3 --- /dev/null +++ b/Deploy/config/ui/private_key.pem @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXQIBAAKBgQClak/4HO7EeLU0w/BhtVENPLOqU0AP2QjVUdg1qhNiDWVrbWx9 +KYHqz5Kn0n2+fxdZo3o7ZY5/2+hhgkKh1z6Kge9XGgune6z4fx2J/X2Se8WsGeQU +TiND8ngSnsCANtYFwW50SbUZPtyf5XjAfKRofZem51OxbxzN3217L/ubKwIDAQAB +AoGBAITMMuNYJwAogCGaZHOs4yMjZoIJT9bpQMQxbsi2f9UqOA/ky0I4foqKloyQ +2k6DLbXTHqBsydgwLgGKWAAiE5xIR2bPMUNSLgjbA2eLly3aOR/0FJ5n09k2EmGg +Am7tLP+6yneXWKVi3HI3NzXriVjWK94WHGGC1b9F+n5CY/2RAkEA1d62OJUNve2k +IY6/b6T0BdssFo3VFcm22vnayEL/wcYrnRfF9Pb5wM4HUUqwVelKTouivXg60GNK +ZKYAx5CtHwJBAMYAEf5u0CQ/8URcwBuMkm0LzK4AM2x1nGs7gIxAEFhu1Z4xPjVe +MtIxuHhDhlLvD760uccmo5yE72QJ1ZrYBHUCQQCAxLZMPRpoB4QyHEOREe1G9V6H +OeBZXPk2wQcEWqqo3gt2a1DqHCXl+2aWgHTJVUxDHHngwFoRDCdHkFeZ0LcbAkAj +T8/luI2WaXD16DS6tQ9IM1qFjbOeHDuRRENgv+wqWVnvpIibq/kUU5m6mRBTqh78 +u+6F/fYf6/VluftGalAhAkAukdMtt+sksq2e7Qw2dRr5GXtXjt+Otjj0NaJENmWk +a7SgAs34EOWtbd0XGYpZFrg134MzQGbweFeEUTj++e8p +-----END RSA PRIVATE KEY----- From b5b22350d18f60b438adc749ed0631f21db939a4 Mon Sep 17 00:00:00 2001 From: Wenkai Yin Date: Wed, 20 Apr 2016 14:44:19 +0800 Subject: [PATCH 17/29] set timeout for creation of connection between UI and DB --- dao/base.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dao/base.go b/dao/base.go index 721708fc7..fe1c5a0ed 100644 --- a/dao/base.go +++ b/dao/base.go @@ -77,7 +77,7 @@ func InitDB() { var err error var c net.Conn for { - c, err = net.Dial("tcp", addr+":"+port) + c, err = net.DialTimeout("tcp", addr+":"+port, 20*time.Second) if err == nil { c.Close() ch <- 1 From d91b33fcd0e007457337c3c5b8f0d08ef82bd9b6 Mon Sep 17 00:00:00 2001 From: saga92 Date: Wed, 20 Apr 2016 15:08:21 +0800 Subject: [PATCH 18/29] add python version key generation --- Deploy/prepare.py | 78 +++++++++++++++++++++++++--------- Deploy/{prepare => prepare.sh} | 0 2 files changed, 57 insertions(+), 21 deletions(-) rename Deploy/{prepare => prepare.sh} (100%) diff --git a/Deploy/prepare.py b/Deploy/prepare.py index 5571e3c20..330c5591a 100755 --- a/Deploy/prepare.py +++ b/Deploy/prepare.py @@ -22,19 +22,25 @@ conf.seek(0, os.SEEK_SET) rcp = ConfigParser.RawConfigParser() rcp.readfp(conf) -hostname = rcp.get("configuration", "hostname") -ui_url = rcp.get("configuration", "ui_url_protocol") + "://" + hostname -email_server = rcp.get("configuration", "email_server") -email_server_port = rcp.get("configuration", "email_server_port") -email_username = rcp.get("configuration", "email_username") -email_password = rcp.get("configuration", "email_password") -email_from = rcp.get("configuration", "email_from") -harbor_admin_password = rcp.get("configuration", "harbor_admin_password") -auth_mode = rcp.get("configuration", "auth_mode") -ldap_url = rcp.get("configuration", "ldap_url") -ldap_basedn = rcp.get("configuration", "ldap_basedn") -db_password = rcp.get("configuration", "db_password") -self_registration = rcp.get("configuration", "self_registration") +hostname = rcp.get("configuration", "hostname").strip('"') +ui_url = rcp.get("configuration", "ui_url_protocol").strip('"') + "://" + hostname +email_server = rcp.get("configuration", "email_server").strip('"') +email_server_port = rcp.get("configuration", "email_server_port").strip('"') +email_username = rcp.get("configuration", "email_username").strip('"') +email_password = rcp.get("configuration", "email_password").strip('"') +email_from = rcp.get("configuration", "email_from").strip('"') +harbor_admin_password = rcp.get("configuration", "harbor_admin_password").strip('"') +auth_mode = rcp.get("configuration", "auth_mode").strip('"') +ldap_url = rcp.get("configuration", "ldap_url").strip('"') +ldap_basedn = rcp.get("configuration", "ldap_basedn").strip('"') +db_password = rcp.get("configuration", "db_password").strip('"') +self_registration = rcp.get("configuration", "self_registration").strip('"') +customize_token = rcp.get("configuration", "customize_token").strip('"') +crt_countryname = rcp.get("configuration", "crt_countryname").strip('"') +crt_state = rcp.get("configuration", "crt_state").strip('"') +crt_name = rcp.get("configuration", "crt_name").strip('"') +crt_organizationname = rcp.get("configuration", "crt_organizationname").strip('"') +crt_organizationalunitname = rcp.get("configuration", "crt_organizationalunitname").strip('"') ######## base_dir = os.path.dirname(__file__) @@ -51,7 +57,7 @@ if not os.path.exists(db_config_dir): os.makedirs(os.path.join(config_dir, "db")) def render(src, dest, **kw): - t = Template(open(src, 'r').read()) + t = Template(open(src, 'r').read().strip('echo').strip().strip('"')) with open(dest, 'w') as f: f.write(t.substitute(**kw)) print("Generated configuration file: %s" % dest) @@ -62,10 +68,12 @@ registry_conf = os.path.join(config_dir, "registry", "config.yml") db_conf_env = os.path.join(config_dir, "db", "env") conf_files = [ ui_conf, ui_conf_env, registry_conf, db_conf_env ] -for f in conf_files: - if os.path.exists(f): - print("Clearing the configuration file: %s" % f) - os.remove(f) +def rmdir(cf): + for f in cf: + if os.path.exists(f): + print("Clearing the configuration file: %s" % f) + os.remove(f) +rmdir(conf_files) render(os.path.join(templates_dir, "ui", "env"), ui_conf_env, @@ -73,7 +81,7 @@ render(os.path.join(templates_dir, "ui", "env"), db_password=db_password, ui_url=ui_url, auth_mode=auth_mode, - admin_pwd=harbor_admin_password, + harbor_admin_password=harbor_admin_password, ldap_url=ldap_url, ldap_basedn=ldap_basedn, self_registration=self_registration) @@ -82,8 +90,8 @@ render(os.path.join(templates_dir, "ui", "app.conf"), ui_conf, email_server=email_server, email_server_port=email_server_port, - email_user_name=email_username, - email_user_password=email_password, + email_username=email_username, + email_password=email_password, email_from=email_from, ui_url=ui_url) @@ -95,4 +103,32 @@ render(os.path.join(templates_dir, "db", "env"), db_conf_env, db_password=db_password) +if customize_token == 'on': + is_fail = 0 + private_key_gem = os.path.join(config_dir, "ui", "private_key.pem") + root_crt = os.path.join(config_dir, "registry", "root.crt") + token_conf_files = [ private_key_gem, root_crt ] + rmdir(token_conf_files) + import subprocess + shell_status = subprocess.call(["openssl", "genrsa", "-out", private_key_gem, "4096"]) + if shell_status == 0: + print("private_key.gem has been generated in %s/ui" % config_dir) + else: + print("gennerate private_key.gem fail.") + is_fail = 1 + subj = "/C={0}/ST={1}/L={2}/O={3}/OU={4}"\ + .format(crt_countryname, crt_state, crt_name, crt_organizationname, crt_organizationalunitname) + shell_status = subprocess.call(["openssl", "req", "-new", "-x509", "-key",\ + private_key_gem, "-out", root_crt, "-days", "3650", "-subj", subj]) + if shell_status == 0: + print("root.crt has been generated in %s/registry" % config_dir) + else: + print("gennerate root.crt fail.") + is_fail = 1 +try: + if is_fail == 1: + print("some problem occurs.") + sys.exit(1) +except Exception as e: + pass print("The configuration files are ready, please use docker-compose to start the service.") diff --git a/Deploy/prepare b/Deploy/prepare.sh similarity index 100% rename from Deploy/prepare rename to Deploy/prepare.sh From 4d9d46ffc441229dcc7d7ca491d75796b462194a Mon Sep 17 00:00:00 2001 From: saga92 Date: Wed, 20 Apr 2016 19:40:19 +0800 Subject: [PATCH 19/29] remove prepare file of shell version& let shell run silently --- Deploy/harbor.cfg | 42 ++++++------- Deploy/{prepare.py => prepare} | 91 +++++++++++++++------------- Deploy/prepare.sh | 71 ---------------------- Deploy/templates/db/env | 2 +- Deploy/templates/registry/config.yml | 4 +- Deploy/templates/ui/app.conf | 4 +- Deploy/templates/ui/env | 4 +- 7 files changed, 78 insertions(+), 140 deletions(-) rename Deploy/{prepare.py => prepare} (56%) delete mode 100755 Deploy/prepare.sh diff --git a/Deploy/harbor.cfg b/Deploy/harbor.cfg index 0a5889ffa..7c26c3dfd 100644 --- a/Deploy/harbor.cfg +++ b/Deploy/harbor.cfg @@ -2,45 +2,45 @@ #The IP address or hostname to access admin UI and registry service. #DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients. -hostname="reg.mydomain.com" +hostname = reg.mydomain.com #The protocol for accessing the UI and token/notification service, by default it is http. #It can be set to https if ssl is enabled on nginx. -ui_url_protocol="http" +ui_url_protocol = http #Email account settings for sending out password resetting emails. -email_server="smtp.mydomain.com" -email_server_port="25" -email_username="sample_admin@mydomain.com" -email_password="abc" -email_from="admin " +email_server = smtp.mydomain.com +email_server_port = 25 +email_username = sample_admin@mydomain.com +email_password = abc +email_from = admin ##The password of Harbor admin, change this before any production use. -harbor_admin_password="Harbor12345" +harbor_admin_password = Harbor12345 ##By default the auth mode is db_auth, i.e. the credentials are stored in a local database. #Set it to ldap_auth if you want to verify a user's credentials against an LDAP server. -auth_mode="db_auth" +auth_mode = db_auth #The url for an ldap endpoint. -ldap_url="ldaps://ldap.mydomain.com" +ldap_url = ldaps://ldap.mydomain.com #The basedn template to look up a user in LDAP and verify the user's password. -ldap_basedn="uid=%s,ou=people,dc=mydomain,dc=com" +ldap_basedn = uid=%s,ou=people,dc=mydomain,dc=com #The password for the root user of mysql db, change this before any production use. -db_password="root123" +db_password = root123 #Turn on or off the self-registration feature -self_registration="on" +self_registration = on -#Turn on or off the custom-generate token -customize_token="on" +#Turn on or off the customize your certicate +customize_crt = on -#token message -crt_countryname="CN" -crt_state="State" -crt_name="name" -crt_organizationname="organization name" -crt_organizationalunitname="organizational unit name" +#fill in your certicate message +crt_countryname = CN +crt_state = State +crt_name = name +crt_organizationname = organization name +crt_organizationalunitname = organizational unit name ##### diff --git a/Deploy/prepare.py b/Deploy/prepare similarity index 56% rename from Deploy/prepare.py rename to Deploy/prepare index 330c5591a..c3c917c52 100755 --- a/Deploy/prepare.py +++ b/Deploy/prepare @@ -22,25 +22,25 @@ conf.seek(0, os.SEEK_SET) rcp = ConfigParser.RawConfigParser() rcp.readfp(conf) -hostname = rcp.get("configuration", "hostname").strip('"') -ui_url = rcp.get("configuration", "ui_url_protocol").strip('"') + "://" + hostname -email_server = rcp.get("configuration", "email_server").strip('"') -email_server_port = rcp.get("configuration", "email_server_port").strip('"') -email_username = rcp.get("configuration", "email_username").strip('"') -email_password = rcp.get("configuration", "email_password").strip('"') -email_from = rcp.get("configuration", "email_from").strip('"') -harbor_admin_password = rcp.get("configuration", "harbor_admin_password").strip('"') -auth_mode = rcp.get("configuration", "auth_mode").strip('"') -ldap_url = rcp.get("configuration", "ldap_url").strip('"') -ldap_basedn = rcp.get("configuration", "ldap_basedn").strip('"') -db_password = rcp.get("configuration", "db_password").strip('"') -self_registration = rcp.get("configuration", "self_registration").strip('"') -customize_token = rcp.get("configuration", "customize_token").strip('"') -crt_countryname = rcp.get("configuration", "crt_countryname").strip('"') -crt_state = rcp.get("configuration", "crt_state").strip('"') -crt_name = rcp.get("configuration", "crt_name").strip('"') -crt_organizationname = rcp.get("configuration", "crt_organizationname").strip('"') -crt_organizationalunitname = rcp.get("configuration", "crt_organizationalunitname").strip('"') +hostname = rcp.get("configuration", "hostname") +ui_url = rcp.get("configuration", "ui_url_protocol") + "://" + hostname +email_server = rcp.get("configuration", "email_server") +email_server_port = rcp.get("configuration", "email_server_port") +email_username = rcp.get("configuration", "email_username") +email_password = rcp.get("configuration", "email_password") +email_from = rcp.get("configuration", "email_from") +harbor_admin_password = rcp.get("configuration", "harbor_admin_password") +auth_mode = rcp.get("configuration", "auth_mode") +ldap_url = rcp.get("configuration", "ldap_url") +ldap_basedn = rcp.get("configuration", "ldap_basedn") +db_password = rcp.get("configuration", "db_password") +self_registration = rcp.get("configuration", "self_registration") +customize_crt = rcp.get("configuration", "customize_crt") +crt_countryname = rcp.get("configuration", "crt_countryname") +crt_state = rcp.get("configuration", "crt_state") +crt_name = rcp.get("configuration", "crt_name") +crt_organizationname = rcp.get("configuration", "crt_organizationname") +crt_organizationalunitname = rcp.get("configuration", "crt_organizationalunitname") ######## base_dir = os.path.dirname(__file__) @@ -103,31 +103,40 @@ render(os.path.join(templates_dir, "db", "env"), db_conf_env, db_password=db_password) -if customize_token == 'on': - is_fail = 0 - private_key_gem = os.path.join(config_dir, "ui", "private_key.pem") - root_crt = os.path.join(config_dir, "registry", "root.crt") - token_conf_files = [ private_key_gem, root_crt ] - rmdir(token_conf_files) +if customize_crt == 'on': import subprocess - shell_status = subprocess.call(["openssl", "genrsa", "-out", private_key_gem, "4096"]) - if shell_status == 0: - print("private_key.gem has been generated in %s/ui" % config_dir) + is_fail = False + FNULL = open(os.devnull, 'w') + shell_status = subprocess.check_call(["which", "openssl"], stdout=FNULL, stderr=subprocess.STDOUT) + if shell_status == 1: + print("cannot find openssl installed in this computer.") + is_fail = True else: - print("gennerate private_key.gem fail.") - is_fail = 1 - subj = "/C={0}/ST={1}/L={2}/O={3}/OU={4}"\ - .format(crt_countryname, crt_state, crt_name, crt_organizationname, crt_organizationalunitname) - shell_status = subprocess.call(["openssl", "req", "-new", "-x509", "-key",\ - private_key_gem, "-out", root_crt, "-days", "3650", "-subj", subj]) - if shell_status == 0: - print("root.crt has been generated in %s/registry" % config_dir) - else: - print("gennerate root.crt fail.") - is_fail = 1 + private_key_pem = os.path.join(config_dir, "ui", "private_key.pem") + root_crt = os.path.join(config_dir, "registry", "root.crt") + crt_conf_files = [ private_key_pem, root_crt ] + rmdir(crt_conf_files) + shell_status = subprocess.call(["openssl", "genrsa", "-out", private_key_pem, "4096"],\ + stdout=FNULL, stderr=subprocess.STDOUT) + if shell_status == 0: + print("private_key.pem has been generated in %s/ui" % config_dir) + else: + print("gennerate private_key.pem fail.") + is_fail = True + subj = "/C={0}/ST={1}/L={2}/O={3}/OU={4}"\ + .format(crt_countryname, crt_state, crt_name, crt_organizationname, crt_organizationalunitname) + shell_status = subprocess.call(["openssl", "req", "-new", "-x509", "-key",\ + private_key_pem, "-out", root_crt, "-days", "3650", "-subj", subj], \ + stdout=FNULL, stderr=subprocess.STDOUT) + if shell_status == 0: + print("root.crt has been generated in %s/registry" % config_dir) + else: + print("gennerate root.crt fail.") + is_fail = True + FNULL.close() try: - if is_fail == 1: - print("some problem occurs.") + if is_fail is True: + print("some problems occur.") sys.exit(1) except Exception as e: pass diff --git a/Deploy/prepare.sh b/Deploy/prepare.sh deleted file mode 100755 index 8b981625f..000000000 --- a/Deploy/prepare.sh +++ /dev/null @@ -1,71 +0,0 @@ -#!/bin/bash -# Requires: openssl - -source ./harbor.cfg - -config_path="./config" -ui_path="./config/ui" -db_path="./config/db" -tpl_path="./templates" - -mkdir -p $tpl_path -mkdir -p $ui_path $db_path - -declare -a arr=("$ui_path/env" "$ui_path/app.conf" "$config_path/registry/config.yml" "$db_path/env") - -for i in "${arr[@]}"; do - if [ -e $i ]; then - echo "Clearing the configuration file: "$i - rm $i - fi -done - -source $tpl_path/ui/app.conf > $ui_path/app.conf -echo "Generated configuration file: "$ui_path/app.conf - -source $tpl_path/ui/env > $ui_path/env -echo "Generated configuration file: "$ui_path/env - -source $tpl_path/db/env > $config_path/db/env -echo "Generated configuration file: "$config_path/db/env - -source $tpl_path/registry/config.yml > $config_path/registry/config.yml -echo "Generated configuration file: "$config_path/registry/config.yml - -is_fail=0 - -if [ $customize_token == "on" ];then - - if [ -e $ui_path/private_key.pem ]; then - echo "clearing the origin private_key.pem in "$ui_pth - rm $ui_path/private_key.pem - fi - openssl genrsa -out $ui_path/private_key.pem 4096 - if [ -e $ui_path/private_key.pem ]; then - echo "private_key.gem has been generated in "$ui_path - else echo "generate private_key.gem fail." - is_fail=1 - fi - - if [ -e $config_path/registry/root.crt ]; then - echo "clearing the origin root.crt in "$config_path"/registry" - rm $config_path/registry/root.crt - fi - - openssl req -new -x509 -key $ui_path/private_key.pem -out $config_path/registry/root.crt -days 3650 \ - -subj "/C=$crt_countryname/ST=$crt_state/L=$crt_name/O=$crt_organizationname/OU=$crt_organizationalunitname" - if [ -e $config_path/registry/root.crt ]; then - echo "root.crt has been generated in "$config_path"/registry" - else echo "generate root.crt fail." - is_fail=1 - fi -elif [ $customize_token != "off" ]; then - echo "wrong args found in customize_token: "$customize_token - is_fail=1 -fi - -if [ $is_fail -eq 0 ];then - echo "The configuration files are ready, please use docker-compose to start the service." -else - echo "some problem occurs." -fi diff --git a/Deploy/templates/db/env b/Deploy/templates/db/env index 80f898590..31cb6bdec 100644 --- a/Deploy/templates/db/env +++ b/Deploy/templates/db/env @@ -1 +1 @@ -echo "MYSQL_ROOT_PASSWORD=$db_password" +MYSQL_ROOT_PASSWORD=$db_password diff --git a/Deploy/templates/registry/config.yml b/Deploy/templates/registry/config.yml index f588d7c80..a1b19a8ed 100644 --- a/Deploy/templates/registry/config.yml +++ b/Deploy/templates/registry/config.yml @@ -1,4 +1,4 @@ -echo "version: 0.1 +version: 0.1 log: level: debug fields: @@ -32,4 +32,4 @@ notifications: url: http://ui/service/notifications timeout: 500 threshold: 5 - backoff: 1000" + backoff: 1000 diff --git a/Deploy/templates/ui/app.conf b/Deploy/templates/ui/app.conf index 9119fd651..090560ab3 100644 --- a/Deploy/templates/ui/app.conf +++ b/Deploy/templates/ui/app.conf @@ -1,4 +1,4 @@ -echo "appname = registry +appname = registry runmode = dev [lang] @@ -13,4 +13,4 @@ host = $email_server port = $email_server_port username = $email_username password = $email_password -from = $email_from" +from = $email_from diff --git a/Deploy/templates/ui/env b/Deploy/templates/ui/env index b38953819..383e5f15a 100644 --- a/Deploy/templates/ui/env +++ b/Deploy/templates/ui/env @@ -1,4 +1,4 @@ -echo "MYSQL_HOST=mysql +MYSQL_HOST=mysql MYSQL_PORT=3306 MYSQL_USR=root MYSQL_PWD=$db_password @@ -11,4 +11,4 @@ AUTH_MODE=$auth_mode LDAP_URL=$ldap_url LDAP_BASE_DN=$ldap_basedn SELF_REGISTRATION=$self_registration -LOG_LEVEL=debug" +LOG_LEVEL=debug From c4015355ce73bb7f8fb81f9d31e00ee1189cf49a Mon Sep 17 00:00:00 2001 From: saga92 Date: Wed, 20 Apr 2016 19:58:43 +0800 Subject: [PATCH 20/29] delete deprecated method --- Deploy/prepare | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Deploy/prepare b/Deploy/prepare index c3c917c52..4c1ce813e 100755 --- a/Deploy/prepare +++ b/Deploy/prepare @@ -57,7 +57,7 @@ if not os.path.exists(db_config_dir): os.makedirs(os.path.join(config_dir, "db")) def render(src, dest, **kw): - t = Template(open(src, 'r').read().strip('echo').strip().strip('"')) + t = Template(open(src, 'r').read()) with open(dest, 'w') as f: f.write(t.substitute(**kw)) print("Generated configuration file: %s" % dest) From 0bcb65f69a361d112da8cf14780a920351fd448d Mon Sep 17 00:00:00 2001 From: wy65701436 Date: Wed, 20 Apr 2016 22:27:47 -0700 Subject: [PATCH 21/29] update changepassword to /api/users/:id/password --- api/user.go | 48 ++++++++++++++++++++++++++ controllers/password.go | 41 ---------------------- static/resources/js/change-password.js | 42 +++++++++++----------- ui/router.go | 2 +- 4 files changed, 70 insertions(+), 63 deletions(-) diff --git a/api/user.go b/api/user.go index 58aa29ec3..1f4882e1c 100644 --- a/api/user.go +++ b/api/user.go @@ -36,6 +36,11 @@ type UserAPI struct { AuthMode string } +type passwordReq struct { + OldPassword string `json:"old_password"` + NewPassword string `json:"new_password"` +} + // Prepare validates the URL and parms func (ua *UserAPI) Prepare() { @@ -177,3 +182,46 @@ func (ua *UserAPI) Delete() { return } } + +// ChangePassword handles PUT to /api/users/{}/password +func (ua *UserAPI) ChangePassword() { + + if !(ua.AuthMode == "db_auth") { + ua.CustomAbort(http.StatusForbidden, "") + } + + if !ua.IsAdmin { + if ua.userID != ua.currentUserID { + log.Error("Guests can only change their own account.") + ua.CustomAbort(http.StatusForbidden, "Guests can only change their own account.") + } + } + + var req passwordReq + ua.DecodeJSONReq(&req) + if req.OldPassword == "" { + log.Error("Old password is blank") + ua.CustomAbort(http.StatusBadRequest, "Old password is blank") + } + + queryUser := models.User{UserID: ua.userID, Password: req.OldPassword} + user, err := dao.CheckUserPassword(queryUser) + if err != nil { + log.Errorf("Error occurred in CheckUserPassword: %v", err) + ua.CustomAbort(http.StatusInternalServerError, "Internal error.") + } + if user == nil { + log.Warning("Password input is not correct") + ua.CustomAbort(http.StatusForbidden, "old_password_is_not_correct") + } + + if req.NewPassword == "" { + ua.CustomAbort(http.StatusBadRequest, "please_input_new_password") + } + updateUser := models.User{UserID: ua.userID, Password: req.NewPassword, Salt: user.Salt} + err = dao.ChangeUserPassword(updateUser, req.OldPassword) + if err != nil { + log.Errorf("Error occurred in ChangeUserPassword: %v", err) + ua.CustomAbort(http.StatusInternalServerError, "Internal error.") + } +} diff --git a/controllers/password.go b/controllers/password.go index 3d569b6d9..210e5cf9f 100644 --- a/controllers/password.go +++ b/controllers/password.go @@ -46,47 +46,6 @@ func (cpc *ChangePasswordController) Get() { cpc.ForwardTo("page_title_change_password", "change-password") } -// UpdatePassword handles UI request to update user's password, it only works when the auth mode is db_auth. -func (cc *CommonController) UpdatePassword() { - - sessionUserID := cc.GetSession("userId") - - if sessionUserID == nil { - log.Warning("User does not login.") - cc.CustomAbort(http.StatusUnauthorized, "please_login_first") - } - - oldPassword := cc.GetString("old_password") - if oldPassword == "" { - log.Error("Old password is blank") - cc.CustomAbort(http.StatusBadRequest, "Old password is blank") - } - - queryUser := models.User{UserID: sessionUserID.(int), Password: oldPassword} - user, err := dao.CheckUserPassword(queryUser) - if err != nil { - log.Errorf("Error occurred in CheckUserPassword: %v", err) - cc.CustomAbort(http.StatusInternalServerError, "Internal error.") - } - - if user == nil { - log.Warning("Password input is not correct") - cc.CustomAbort(http.StatusForbidden, "old_password_is_not_correct") - } - - password := cc.GetString("password") - if password != "" { - updateUser := models.User{UserID: sessionUserID.(int), Password: password, Salt: user.Salt} - err = dao.ChangeUserPassword(updateUser, oldPassword) - if err != nil { - log.Errorf("Error occurred in ChangeUserPassword: %v", err) - cc.CustomAbort(http.StatusInternalServerError, "Internal error.") - } - } else { - cc.CustomAbort(http.StatusBadRequest, "please_input_new_password") - } -} - // ForgotPasswordController handles request to /forgotPassword type ForgotPasswordController struct { BaseController diff --git a/static/resources/js/change-password.js b/static/resources/js/change-password.js index a09e298b3..4c8c2efdc 100644 --- a/static/resources/js/change-password.js +++ b/static/resources/js/change-password.js @@ -56,16 +56,18 @@ jQuery(function(){ validateOptions.Validate(function(){ var oldPassword = $("#OldPassword").val(); var password = $("#Password").val(); - $.ajax({ - "url": "/updatePassword", - "type": "post", - "data": {"old_password": oldPassword, "password" : password}, - "beforeSend": function(e){ + new AjaxUtil({ + url: "/api/users/current/password", + type: "put", + data: {"old_password": oldPassword, "new_password" : password}, + beforeSend: function(e){ unbindEnterKey(); $("h1").append(spinner.el); $("#btnSubmit").prop("disabled", true); }, - "success": function(data, status, xhr){ + complete: function(xhr, status){ + spinner.stop(); + $("#btnSubmit").prop("disabled", false); if(xhr && xhr.status == 200){ $("#dlgModal") .dialogModal({ @@ -77,22 +79,20 @@ jQuery(function(){ }); } }, - "error": function(jqXhr, status, error){ - $("#dlgModal") - .dialogModal({ - "title": i18n.getMessage("title_change_password"), - "content": i18n.getMessage(jqXhr.responseText), - "callback": function(){ - bindEnterKey(); - return; - } - }); - }, - "complete": function(){ - spinner.stop(); - $("#btnSubmit").prop("disabled", false); + error: function(jqXhr, status, error){ + if(jqXhr && jqXhr.responseText.length){ + $("#dlgModal") + .dialogModal({ + "title": i18n.getMessage("title_change_password"), + "content": i18n.getMessage(jqXhr.responseText), + "callback": function(){ + bindEnterKey(); + return; + } + }); + } } - }); + }).exec(); }); }); }); \ No newline at end of file diff --git a/ui/router.go b/ui/router.go index fe3ee5d8f..401745410 100644 --- a/ui/router.go +++ b/ui/router.go @@ -36,7 +36,6 @@ func initRouters() { beego.Router("/userExists", &controllers.CommonController{}, "post:UserExists") beego.Router("/reset", &controllers.CommonController{}, "post:ResetPassword") beego.Router("/sendEmail", &controllers.CommonController{}, "get:SendEmail") - beego.Router("/updatePassword", &controllers.CommonController{}, "post:UpdatePassword") beego.Router("/", &controllers.IndexController{}) beego.Router("/signIn", &controllers.SignInController{}) @@ -58,6 +57,7 @@ func initRouters() { beego.Router("/api/projects/:id/logs/filter", &api.ProjectAPI{}, "post:FilterAccessLog") beego.Router("/api/users", &api.UserAPI{}) beego.Router("/api/users/?:id", &api.UserAPI{}) + beego.Router("/api/users/:id/password", &api.UserAPI{}, "put:ChangePassword") beego.Router("/api/repositories", &api.RepositoryAPI{}) beego.Router("/api/repositories/tags", &api.RepositoryAPI{}, "get:GetTags") beego.Router("/api/repositories/manifests", &api.RepositoryAPI{}, "get:GetManifests") From e34837639e5ec61415301ca87a912a5b2b7fbecf Mon Sep 17 00:00:00 2001 From: Tan Jiang Date: Thu, 21 Apr 2016 15:12:57 +0800 Subject: [PATCH 22/29] move doc for k8s deployment to docs folder --- README.md | 2 +- kubernetes_deployment.md => docs/kubernetes_deployment.md | 0 2 files changed, 1 insertion(+), 1 deletion(-) rename kubernetes_deployment.md => docs/kubernetes_deployment.md (100%) diff --git a/README.md b/README.md index c7b4e2b06..fe5b249d0 100644 --- a/README.md +++ b/README.md @@ -58,7 +58,7 @@ To simplify the installation process, a pre-built installation package of Harbor For information on how to use Harbor, please see [User Guide](docs/user_guide.md) . ### Deploy harbor on Kubernetes -Detailed instruction about deploying harbor on Kubernetes is described [here](https://github.com/vmware/harbor/blob/master/kubernetes_deployment.md). +Detailed instruction about deploying harbor on Kubernetes is described [here](docs/kubernetes_deployment.md). ### Contribution We welcome contributions from the community. If you wish to contribute code and you have not signed our contributor license agreement (CLA), our bot will update the issue when you open a pull request. For any questions about the CLA process, please refer to our [FAQ](https://cla.vmware.com/faq). diff --git a/kubernetes_deployment.md b/docs/kubernetes_deployment.md similarity index 100% rename from kubernetes_deployment.md rename to docs/kubernetes_deployment.md From 553bd57e3ad8c8f75d2577a455bb2d942fa7ade7 Mon Sep 17 00:00:00 2001 From: Tan Jiang Date: Thu, 21 Apr 2016 15:15:28 +0800 Subject: [PATCH 23/29] harbor -> Harbor --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index fe5b249d0..9f66f175a 100644 --- a/README.md +++ b/README.md @@ -57,8 +57,8 @@ To simplify the installation process, a pre-built installation package of Harbor For information on how to use Harbor, please see [User Guide](docs/user_guide.md) . -### Deploy harbor on Kubernetes -Detailed instruction about deploying harbor on Kubernetes is described [here](docs/kubernetes_deployment.md). +### Deploy Harbor on Kubernetes +Detailed instruction about deploying Harbor on Kubernetes is described [here](docs/kubernetes_deployment.md). ### Contribution We welcome contributions from the community. If you wish to contribute code and you have not signed our contributor license agreement (CLA), our bot will update the issue when you open a pull request. For any questions about the CLA process, please refer to our [FAQ](https://cla.vmware.com/faq). From c12f018a855486cce2bde10650392640959a26cf Mon Sep 17 00:00:00 2001 From: Tan Jiang Date: Fri, 22 Apr 2016 15:04:29 +0800 Subject: [PATCH 24/29] provide issue template --- .github/ISSUE_TEMPLATE | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 .github/ISSUE_TEMPLATE diff --git a/.github/ISSUE_TEMPLATE b/.github/ISSUE_TEMPLATE new file mode 100644 index 000000000..d1fb00f91 --- /dev/null +++ b/.github/ISSUE_TEMPLATE @@ -0,0 +1,5 @@ +If you are reporting a problem, please make sure the following information are provided: +1)Version of docker engine and docker-compose +2)Config files of harbor, you can get them by packaging "Deploy/config" directory +3)Log files, you can get them by package the /var/log/harbor/ + From c818b63183ab77c43ad9fbdc1c444eed9461b84d Mon Sep 17 00:00:00 2001 From: xiahaoshawn Date: Fri, 22 Apr 2016 15:12:08 +0800 Subject: [PATCH 25/29] document Nginx config when set uo Harbor behind other proxy --- Deploy/config/nginx/nginx.conf | 9 +++++++++ Deploy/config/nginx/nginx.https.conf | 12 ++++++------ docs/configure_https.md | 9 +-------- docs/installation_guide.md | 6 +++++- 4 files changed, 21 insertions(+), 15 deletions(-) diff --git a/Deploy/config/nginx/nginx.conf b/Deploy/config/nginx/nginx.conf index 8168137ea..8f3430e48 100644 --- a/Deploy/config/nginx/nginx.conf +++ b/Deploy/config/nginx/nginx.conf @@ -33,7 +33,10 @@ http { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + # When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings. proxy_set_header X-Forwarded-Proto $scheme; + proxy_buffering off; proxy_request_buffering off; } @@ -47,7 +50,10 @@ http { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + # When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings. proxy_set_header X-Forwarded-Proto $scheme; + proxy_buffering off; proxy_request_buffering off; @@ -58,7 +64,10 @@ http { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + # When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings. proxy_set_header X-Forwarded-Proto $scheme; + proxy_buffering off; proxy_request_buffering off; } diff --git a/Deploy/config/nginx/nginx.https.conf b/Deploy/config/nginx/nginx.https.conf index 71d7d25ab..c802943c1 100644 --- a/Deploy/config/nginx/nginx.https.conf +++ b/Deploy/config/nginx/nginx.https.conf @@ -45,10 +45,10 @@ http { location / { proxy_pass http://ui/; proxy_set_header Host $http_host; - - # Remove the following three lines if setting up harbor behind an nginx proxy or Elastic Load Balancing. proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + # When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings. proxy_set_header X-Forwarded-Proto $scheme; proxy_buffering off; @@ -62,10 +62,10 @@ http { location /v2/ { proxy_pass http://registry/v2/; proxy_set_header Host $http_host; - - # Remove the following three lines if setting up harbor behind an nginx proxy or Elastic Load Balancing. proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + # When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings. proxy_set_header X-Forwarded-Proto $scheme; proxy_buffering off; @@ -76,10 +76,10 @@ http { location /service/ { proxy_pass http://ui/service/; proxy_set_header Host $http_host; - - # Remove the following three lines if setting up harbor behind an nginx proxy or Elastic Load Balancing. proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + # When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings. proxy_set_header X-Forwarded-Proto $scheme; proxy_buffering off; diff --git a/docs/configure_https.md b/docs/configure_https.md index 72382a549..7eed8db8b 100644 --- a/docs/configure_https.md +++ b/docs/configure_https.md @@ -124,11 +124,4 @@ After setting up HTTPS for Harbor, you can verify it by the follow steps: cp yourdomain.com.crt /etc/pki/ca-trust/source/anchors/reg.yourdomain.com.crt update-ca-trust ``` - -3. If setting up harbor behind an nginx proxy or elastic load balancing, harbor nginx will reset the values of x-fowarded-XXX headers from first layer nginx or elastic load balancing, and the requests will not be routed properly. -In this situation remove the following lines in "location /", "location /v2/" and "location /service/" sections. - ``` - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - ``` + \ No newline at end of file diff --git a/docs/installation_guide.md b/docs/installation_guide.md index 56d0c5152..ab9e78df5 100644 --- a/docs/installation_guide.md +++ b/docs/installation_guide.md @@ -203,4 +203,8 @@ $ rm -r /data/registry [Docker Compose command-line reference](https://docs.docker.com/compose/reference/) describes the usage information for the docker-compose subcommands. ### Persistent data and log files -By default, the data of database and image files in the registry are persisted in the directory **/data/** of the target machine. When Harbor's containers are removed and recreated, the data remain unchanged. Harbor leverages rsyslog to collect the logs of each container, by default the log files are stored in the directory **/var/log/harbor/** on Harbor's host. +By default, the data of database and image files in the registry are persisted in the directory **/data/** of the target machine. When Harbor's containers are removed and recreated, the data remain unchanged. Harbor leverages rsyslog to collect the logs of each container, by default the log files are stored in the directory **/var/log/harbor/** on Harbor's host. + +##Troubleshooting +1.When setting up Harbor behind another nginx proxy or elastic load balancing, remove the below line if the proxy already has similar settings. Be sure to remove the line under these 3 sections: "location /", "location /v2/" and "location /service/". +proxy_set_header X-Forwarded-Proto $scheme; From 5e222f7a9786a658addb396036f5a2ab16c780f3 Mon Sep 17 00:00:00 2001 From: Xia Hao Date: Fri, 22 Apr 2016 15:17:43 +0800 Subject: [PATCH 26/29] Update installation_guide.md --- docs/installation_guide.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/installation_guide.md b/docs/installation_guide.md index ab9e78df5..15b5c8c7e 100644 --- a/docs/installation_guide.md +++ b/docs/installation_guide.md @@ -207,4 +207,6 @@ By default, the data of database and image files in the registry are persisted i ##Troubleshooting 1.When setting up Harbor behind another nginx proxy or elastic load balancing, remove the below line if the proxy already has similar settings. Be sure to remove the line under these 3 sections: "location /", "location /v2/" and "location /service/". +``` proxy_set_header X-Forwarded-Proto $scheme; +``` From c29541013bf118a51a79ad70863c7073bbe534d3 Mon Sep 17 00:00:00 2001 From: Allen Heavey Date: Thu, 21 Apr 2016 13:03:12 +0800 Subject: [PATCH 27/29] fix #107, add ssl support for send email --- Deploy/harbor.cfg | 1 + Deploy/prepare | 2 + Deploy/templates/ui/app.conf | 1 + docs/installation_guide.md | 3 +- utils/mail.go | 73 ++++++++++++++++++++++++++++++++++-- 5 files changed, 75 insertions(+), 5 deletions(-) diff --git a/Deploy/harbor.cfg b/Deploy/harbor.cfg index 90dc66540..4928f30cd 100644 --- a/Deploy/harbor.cfg +++ b/Deploy/harbor.cfg @@ -14,6 +14,7 @@ email_server_port = 25 email_username = sample_admin@mydomain.com email_password = abc email_from = admin +email_ssl = false ##The password of Harbor admin, change this before any production use. harbor_admin_password= Harbor12345 diff --git a/Deploy/prepare b/Deploy/prepare index 5571e3c20..60ac3a425 100755 --- a/Deploy/prepare +++ b/Deploy/prepare @@ -29,6 +29,7 @@ email_server_port = rcp.get("configuration", "email_server_port") email_username = rcp.get("configuration", "email_username") email_password = rcp.get("configuration", "email_password") email_from = rcp.get("configuration", "email_from") +email_ssl = rcp.get("configuration", "email_ssl") harbor_admin_password = rcp.get("configuration", "harbor_admin_password") auth_mode = rcp.get("configuration", "auth_mode") ldap_url = rcp.get("configuration", "ldap_url") @@ -85,6 +86,7 @@ render(os.path.join(templates_dir, "ui", "app.conf"), email_user_name=email_username, email_user_password=email_password, email_from=email_from, + email_ssl=email_ssl, ui_url=ui_url) render(os.path.join(templates_dir, "registry", "config.yml"), diff --git a/Deploy/templates/ui/app.conf b/Deploy/templates/ui/app.conf index 63dbd3451..99c60f77b 100644 --- a/Deploy/templates/ui/app.conf +++ b/Deploy/templates/ui/app.conf @@ -14,3 +14,4 @@ port = $email_server_port username = $email_user_name password = $email_user_password from = $email_from +ssl = $email_ssl diff --git a/docs/installation_guide.md b/docs/installation_guide.md index 56d0c5152..f030db422 100644 --- a/docs/installation_guide.md +++ b/docs/installation_guide.md @@ -29,12 +29,13 @@ At minimum, you need to change the **hostname** attribute in **harbor.cfg**. The **hostname**: The hostname for a user to access the user interface and the registry service. It should be the IP address or the fully qualified domain name (FQDN) of your target machine, for example 192.168.1.10 or reg.yourdomain.com . Do NOT use localhost or 127.0.0.1 for the hostname because the registry service needs to be accessed by external clients. **ui_url_protocol**: The protocol for accessing the user interface and the token/notification service, by default it is http. To set up the https protocol, refer to [Configuring Harbor with HTTPS Access](configure_https.md). -**Email settings**: the following 5 attributes are used to send an email to reset a user's password, they are not mandatory unless the password reset function is needed in Harbor. +**Email settings**: the following 6 attributes are used to send an email to reset a user's password, they are not mandatory unless the password reset function is needed in Harbor. By default SSL connection is not enabled, if your smtp server(such as exmail.qq.com) requires SSL connection and doesn't support STARTTLS, then you should enable it by set **email_ssl = true**. * email_server = smtp.mydomain.com * email_server_port = 25 * email_username = sample_admin@mydomain.com * email_password = abc * email_from = admin +* email_ssl = false **harbor_admin_password**: The password for the administrator of Harbor, by default the password is Harbor12345, the user name is admin. **auth_mode**: The authentication mode of Harbor. By default it is *db_auth*, i.e. the credentials are stored in a database. Please set it to *ldap_auth* if you want to verify user's credentials against an LDAP server. diff --git a/utils/mail.go b/utils/mail.go index 8dca9f413..fc2843e2c 100644 --- a/utils/mail.go +++ b/utils/mail.go @@ -17,6 +17,8 @@ package utils import ( "bytes" + "crypto/tls" + "strings" "net/smtp" "text/template" @@ -39,6 +41,7 @@ type MailConfig struct { Port string Username string Password string + TLS bool } var mc MailConfig @@ -58,10 +61,66 @@ func (m Mail) SendMail() error { if err != nil { return err } - return smtp. - SendMail(mc.Host+":"+mc.Port, - smtp.PlainAuth(mc.Identity, mc.Username, mc.Password, mc.Host), - m.From, m.To, mailContent.Bytes()) + content := mailContent.Bytes() + + auth := smtp.PlainAuth(mc.Identity, mc.Username, mc.Password, mc.Host) + if mc.TLS { + err = sendMailWithTLS(m, auth, content) + } else { + err = sendMail(m, auth, content) + } + + return err +} + +func sendMail(m Mail, auth smtp.Auth, content []byte) error { + return smtp.SendMail(mc.Host+":"+mc.Port, auth, m.From, m.To, content) +} + +func sendMailWithTLS(m Mail, auth smtp.Auth, content []byte) error { + conn, err := tls.Dial("tcp", mc.Host+":"+mc.Port, nil) + if err != nil { + return err + } + + client, err := smtp.NewClient(conn, mc.Host) + if err != nil { + return err + } + defer client.Close() + + if ok, _ := client.Extension("AUTH"); ok { + if err = client.Auth(auth); err != nil { + return err + } + } + + if err = client.Mail(m.From); err != nil { + return err + } + + for _, to := range m.To { + if err = client.Rcpt(to); err != nil { + return err + } + } + + w, err := client.Data() + if err != nil { + return err + } + + _, err = w.Write(content) + if err != nil { + return err + } + + err = w.Close() + if err != nil { + return err + } + + return client.Quit() } func loadConfig() { @@ -69,11 +128,17 @@ func loadConfig() { if err != nil { panic(err) } + + var useTLS = false + if config["ssl"] != "" && strings.ToLower(config["ssl"]) == "true" { + useTLS = true + } mc = MailConfig{ Identity: "Mail Config", Host: config["host"], Port: config["port"], Username: config["username"], Password: config["password"], + TLS: useTLS, } } From 679875e67eb896025a63ccf0acd6b70af3d00c1b Mon Sep 17 00:00:00 2001 From: saga92 Date: Mon, 25 Apr 2016 16:08:16 +0800 Subject: [PATCH 28/29] fix bugs --- Deploy/harbor.cfg | 12 ++++--- Deploy/prepare | 89 ++++++++++++++++++++++++++++------------------- 2 files changed, 61 insertions(+), 40 deletions(-) diff --git a/Deploy/harbor.cfg b/Deploy/harbor.cfg index 7c26c3dfd..20ec7a561 100644 --- a/Deploy/harbor.cfg +++ b/Deploy/harbor.cfg @@ -2,7 +2,7 @@ #The IP address or hostname to access admin UI and registry service. #DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients. -hostname = reg.mydomain.com +hostname = localhost #The protocol for accessing the UI and token/notification service, by default it is http. #It can be set to https if ssl is enabled on nginx. @@ -38,9 +38,11 @@ self_registration = on customize_crt = on #fill in your certicate message -crt_countryname = CN +crt_country = CN crt_state = State -crt_name = name -crt_organizationname = organization name -crt_organizationalunitname = organizational unit name +crt_location = CN +crt_organization = organization +crt_organizationalunit = organizational unit +crt_commonname = example.com +crt_email = example@example.com ##### diff --git a/Deploy/prepare b/Deploy/prepare index 4c1ce813e..97c9304f8 100755 --- a/Deploy/prepare +++ b/Deploy/prepare @@ -36,11 +36,13 @@ ldap_basedn = rcp.get("configuration", "ldap_basedn") db_password = rcp.get("configuration", "db_password") self_registration = rcp.get("configuration", "self_registration") customize_crt = rcp.get("configuration", "customize_crt") -crt_countryname = rcp.get("configuration", "crt_countryname") +crt_country = rcp.get("configuration", "crt_country") crt_state = rcp.get("configuration", "crt_state") -crt_name = rcp.get("configuration", "crt_name") -crt_organizationname = rcp.get("configuration", "crt_organizationname") -crt_organizationalunitname = rcp.get("configuration", "crt_organizationalunitname") +crt_location = rcp.get("configuration", "crt_location") +crt_organization = rcp.get("configuration", "crt_organization") +crt_organizationalunit = rcp.get("configuration", "crt_organizationalunit") +crt_commonname = rcp.get("configuration", "crt_commonname") +crt_email = rcp.get("configuration", "crt_email") ######## base_dir = os.path.dirname(__file__) @@ -103,41 +105,58 @@ render(os.path.join(templates_dir, "db", "env"), db_conf_env, db_password=db_password) +def validate_crt_subj(dirty_subj): + subj_list = [item for item in dirty_subj.strip().split("/") \ + if len(item.split("=")) == 2 and len(item.split("=")[1]) > 0] + return "/" + "/".join(subj_list) + +FNULL = open(os.devnull, 'w') + +from functools import wraps +def stat_decorator(func): + #@wraps(func) + def check_wrapper(*args, **kwargs): + stat = func(*args, **kwargs) + message = "Generated configuration file: %s" % kwargs['path'] \ + if stat == 0 else "Fail to generate %s" % kwargs['path'] + print(message) + if stat != 0: + sys.exit(1) + return check_wrapper + +@stat_decorator +def check_private_key_stat(*args, **kwargs): + return subprocess.call(["openssl", "genrsa", "-out", kwargs['path'], "4096"],\ + stdout=FNULL, stderr=subprocess.STDOUT) + +@stat_decorator +def check_certificate_stat(*args, **kwargs): + dirty_subj = "/C={0}/ST={1}/L={2}/O={3}/OU={4}/CN={5}/emailAddress={6}"\ + .format(crt_country, crt_state, crt_location, crt_organization,\ + crt_organizationalunit, crt_commonname, crt_email) + subj = validate_crt_subj(dirty_subj) + return subprocess.call(["openssl", "req", "-new", "-x509", "-key",\ + private_key_pem, "-out", root_crt, "-days", "3650", "-subj", subj], \ + stdout=FNULL, stderr=subprocess.STDOUT) + +def openssl_is_installed(stat): + if stat == 0: + return True + else: + print("Cannot find openssl installed in this computer\nUse default SSL certificate file") + return False + if customize_crt == 'on': import subprocess - is_fail = False - FNULL = open(os.devnull, 'w') - shell_status = subprocess.check_call(["which", "openssl"], stdout=FNULL, stderr=subprocess.STDOUT) - if shell_status == 1: - print("cannot find openssl installed in this computer.") - is_fail = True - else: + shell_stat = subprocess.check_call(["which", "openssl"], stdout=FNULL, stderr=subprocess.STDOUT) + if openssl_is_installed(shell_stat): private_key_pem = os.path.join(config_dir, "ui", "private_key.pem") root_crt = os.path.join(config_dir, "registry", "root.crt") crt_conf_files = [ private_key_pem, root_crt ] rmdir(crt_conf_files) - shell_status = subprocess.call(["openssl", "genrsa", "-out", private_key_pem, "4096"],\ - stdout=FNULL, stderr=subprocess.STDOUT) - if shell_status == 0: - print("private_key.pem has been generated in %s/ui" % config_dir) - else: - print("gennerate private_key.pem fail.") - is_fail = True - subj = "/C={0}/ST={1}/L={2}/O={3}/OU={4}"\ - .format(crt_countryname, crt_state, crt_name, crt_organizationname, crt_organizationalunitname) - shell_status = subprocess.call(["openssl", "req", "-new", "-x509", "-key",\ - private_key_pem, "-out", root_crt, "-days", "3650", "-subj", subj], \ - stdout=FNULL, stderr=subprocess.STDOUT) - if shell_status == 0: - print("root.crt has been generated in %s/registry" % config_dir) - else: - print("gennerate root.crt fail.") - is_fail = True - FNULL.close() -try: - if is_fail is True: - print("some problems occur.") - sys.exit(1) -except Exception as e: - pass + + check_private_key_stat(path=private_key_pem) + check_certificate_stat(path=root_crt) + +FNULL.close() print("The configuration files are ready, please use docker-compose to start the service.") From 3a5a0ca929e65a99ae8ecc2602682695d9fa03b4 Mon Sep 17 00:00:00 2001 From: saga92 Date: Mon, 25 Apr 2016 16:18:50 +0800 Subject: [PATCH 29/29] fix cfg --- Deploy/harbor.cfg | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Deploy/harbor.cfg b/Deploy/harbor.cfg index 20ec7a561..411d58c9d 100644 --- a/Deploy/harbor.cfg +++ b/Deploy/harbor.cfg @@ -2,7 +2,7 @@ #The IP address or hostname to access admin UI and registry service. #DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients. -hostname = localhost +hostname = reg.mydomain.com #The protocol for accessing the UI and token/notification service, by default it is http. #It can be set to https if ssl is enabled on nginx.