From a4cb261df96374db30a94c52e63e4bfa4c06f62c Mon Sep 17 00:00:00 2001 From: Wenkai Yin Date: Wed, 1 Mar 2017 15:26:16 +0800 Subject: [PATCH] read some configs from env --- make/common/templates/adminserver/env | 1 - make/harbor.cfg | 76 ++++++++++++++------------ src/adminserver/systemcfg/systemcfg.go | 58 ++++++++++++++------ src/common/utils/test/adminserver.go | 1 - src/jobservice/config/config.go | 11 ++-- src/jobservice/config/config_test.go | 4 +- src/jobservice/utils/logger.go | 6 +- 7 files changed, 92 insertions(+), 65 deletions(-) diff --git a/make/common/templates/adminserver/env b/make/common/templates/adminserver/env index d537720f8..02039aa1d 100644 --- a/make/common/templates/adminserver/env +++ b/make/common/templates/adminserver/env @@ -29,7 +29,6 @@ HARBOR_ADMIN_PASSWORD=$harbor_admin_password PROJECT_CREATION_RESTRICTION=$project_creation_restriction VERIFY_REMOTE_CERT=$verify_remote_cert MAX_JOB_WORKERS=$max_job_workers -LOG_DIR=/var/log/jobs UI_SECRET=$ui_secret JOBSERVICE_SECRET=$jobservice_secret TOKEN_EXPIRATION=$token_expiration diff --git a/make/harbor.cfg b/make/harbor.cfg index 507533edb..03e6f5f5d 100644 --- a/make/harbor.cfg +++ b/make/harbor.cfg @@ -8,6 +8,43 @@ hostname = reg.mydomain.com #It can be set to https if ssl is enabled on nginx. ui_url_protocol = http +#The password for the root user of mysql db, change this before any production use. +db_password = root123 + +#Determine whether the UI should use compressed js files. +#For production, set it to on. For development, set it to off. +use_compressed_js = on + +#Maximum number of job workers in job service +max_job_workers = 3 + +#Determine whether or not to generate certificate for the registry's token. +#If the value is on, the prepare script creates new root cert and private key +#for generating token to access the registry. If the value is off, a key/certificate must +#be supplied for token generation. +customize_crt = on + +#Information of your organization for certificate +crt_country = CN +crt_state = State +crt_location = CN +crt_organization = organization +crt_organizationalunit = organizational unit +crt_commonname = example.com +crt_email = example@example.com + +#The path of cert and key files for nginx, they are applied only the protocol is set to https +ssl_cert = /data/cert/server.crt +ssl_cert_key = /data/cert/server.key + +#The path of secretkey storage +secretkey_path = /data + +#NOTES: The properties between BEGIN INITIAL PROPERTIES and END INITIAL PROPERTIES +#only take effect in the first boot, the subsequent changes of these properties +#should be performed on web ui +#************************BEGIN INITIAL PROPERTIES************************ + #Email account settings for sending out password resetting emails. #Email server uses the given username and password to authenticate on TLS connections to host and act as identity. @@ -55,50 +92,19 @@ ldap_scope = 3 #Timeout (in seconds) when connecting to an LDAP Server. The default value (and most reasonable) is 5 seconds. ldap_timeout = 5 -#The password for the root user of mysql db, change this before any production use. -db_password = root123 - #Turn on or off the self-registration feature self_registration = on -#Determine whether the UI should use compressed js files. -#For production, set it to on. For development, set it to off. -use_compressed_js = on - -#Maximum number of job workers in job service -max_job_workers = 3 - #The expiration time (in minute) of token created by token service, default is 30 minutes token_expiration = 30 -#Determine whether the job service should verify the ssl cert when it connects to a remote registry. -#Set this flag to off when the remote registry uses a self-signed or untrusted certificate. -verify_remote_cert = on - -#Determine whether or not to generate certificate for the registry's token. -#If the value is on, the prepare script creates new root cert and private key -#for generating token to access the registry. If the value is off, a key/certificate must -#be supplied for token generation. -customize_crt = on - -#Information of your organization for certificate -crt_country = CN -crt_state = State -crt_location = CN -crt_organization = organization -crt_organizationalunit = organizational unit -crt_commonname = example.com -crt_email = example@example.com - #The flag to control what users have permission to create projects #Be default everyone can create a project, set to "adminonly" such that only admin can create project. project_creation_restriction = everyone -#The path of cert and key files for nginx, they are applied only the protocol is set to https -ssl_cert = /data/cert/server.crt -ssl_cert_key = /data/cert/server.key - -#The path of secretkey storage -secretkey_path = /data +#Determine whether the job service should verify the ssl cert when it connects to a remote registry. +#Set this flag to off when the remote registry uses a self-signed or untrusted certificate. +verify_remote_cert = on +#************************BEGIN INITIAL PROPERTIES************************ ############# diff --git a/src/adminserver/systemcfg/systemcfg.go b/src/adminserver/systemcfg/systemcfg.go index 24d13ba84..27ebcf753 100644 --- a/src/adminserver/systemcfg/systemcfg.go +++ b/src/adminserver/systemcfg/systemcfg.go @@ -46,8 +46,8 @@ var ( comcfg.AdminInitialPassword, } - // envs are configurations need read from environment variables - envs = map[string]interface{}{ + // all configurations need read from environment variables + allEnvs = map[string]interface{}{ comcfg.ExtEndpoint: "EXT_ENDPOINT", comcfg.AUTHMode: "AUTH_MODE", comcfg.SelfRegistration: &parser{ @@ -96,7 +96,6 @@ var ( env: "TOKEN_EXPIRATION", parse: parseStringToInt, }, - comcfg.JobLogDir: "LOG_DIR", comcfg.UseCompressedJS: &parser{ env: "USE_COMPRESSED_JS", parse: parseStringToBool, @@ -116,6 +115,26 @@ var ( comcfg.ProjectCreationRestriction: "PROJECT_CREATION_RESTRICTION", comcfg.AdminInitialPassword: "HARBOR_ADMIN_PASSWORD", } + + // configurations need read from environment variables + // every time the system startup + repeatLoadEnvs = map[string]interface{}{ + comcfg.ExtEndpoint: "EXT_ENDPOINT", + comcfg.MySQLPassword: "MYSQL_PWD", + comcfg.MaxJobWorkers: &parser{ + env: "MAX_JOB_WORKERS", + parse: parseStringToInt, + }, + // TODO remove this config? + comcfg.UseCompressedJS: &parser{ + env: "USE_COMPRESSED_JS", + parse: parseStringToBool, + }, + comcfg.CfgExpiration: &parser{ + env: "CFG_EXPIRATION", + parse: parseStringToInt, + }, + } ) type parser struct { @@ -152,16 +171,19 @@ func Init() (err error) { } if cfg != nil { - return nil - } - - log.Info("configurations read from store driver are null, initializing system from environment variables...") - cfg, err = loadFromEnv() - if err != nil { - return err + if err = loadFromEnv(cfg, false); err != nil { + return err + } + } else { + log.Info("configurations read from store driver are null, initializing system from environment variables...") + cfg = make(map[string]interface{}) + if err = loadFromEnv(cfg, true); err != nil { + return err + } } //sync configurations into cfg store + log.Info("updating system configurations...") return UpdateSystemCfg(cfg) } @@ -198,9 +220,13 @@ func initKeyProvider() { keyProvider = comcfg.NewFileKeyProvider(path) } -//load the configurations from env -func loadFromEnv() (map[string]interface{}, error) { - cfg := map[string]interface{}{} +// load the configurations from allEnvs, if all is false, it just loads +// the repeatLoadEnvs +func loadFromEnv(cfg map[string]interface{}, all bool) error { + envs := repeatLoadEnvs + if all { + envs = allEnvs + } for k, v := range envs { if str, ok := v.(string); ok { @@ -211,16 +237,16 @@ func loadFromEnv() (map[string]interface{}, error) { if parser, ok := v.(*parser); ok { i, err := parser.parse(os.Getenv(parser.env)) if err != nil { - return nil, err + return err } cfg[k] = i continue } - return nil, fmt.Errorf("%v is not string or parse type", v) + return fmt.Errorf("%v is not string or parse type", v) } - return cfg, nil + return nil } // GetSystemCfg returns the system configurations diff --git a/src/common/utils/test/adminserver.go b/src/common/utils/test/adminserver.go index b48f7b589..9d772ee38 100644 --- a/src/common/utils/test/adminserver.go +++ b/src/common/utils/test/adminserver.go @@ -56,7 +56,6 @@ var adminServerDefaultConfig = map[string]interface{}{ config.MaxJobWorkers: 3, config.TokenExpiration: 30, config.CfgExpiration: 5, - config.JobLogDir: "/var/log/jobs", config.UseCompressedJS: true, config.AdminInitialPassword: "password", } diff --git a/src/jobservice/config/config.go b/src/jobservice/config/config.go index c58f20b78..d93871bf7 100644 --- a/src/jobservice/config/config.go +++ b/src/jobservice/config/config.go @@ -25,6 +25,7 @@ import ( const ( defaultKeyPath string = "/etc/jobservice/key" + defaultLogDir string = "/var/log/jobs" ) var ( @@ -119,12 +120,12 @@ func LocalRegURL() (string, error) { } // LogDir returns the absolute path to which the log file will be written -func LogDir() (string, error) { - cfg, err := mg.Get() - if err != nil { - return "", err +func LogDir() string { + dir := os.Getenv("LOG_DIR") + if len(dir) == 0 { + dir = defaultLogDir } - return cfg[comcfg.JobLogDir].(string), nil + return dir } // SecretKey will return the secret key for encryption/decryption password in target. diff --git a/src/jobservice/config/config_test.go b/src/jobservice/config/config_test.go index 556386020..cfa57920d 100644 --- a/src/jobservice/config/config_test.go +++ b/src/jobservice/config/config_test.go @@ -66,8 +66,8 @@ func TestConfig(t *testing.T) { t.Fatalf("failed to get registry URL: %v", err) } - if _, err := LogDir(); err != nil { - t.Fatalf("failed to get log directory: %v", err) + if dir := LogDir(); dir != "/var/log/jobs" { + t.Errorf("unexpected log directory: %s != %s", dir, "/var/log/jobs") } if _, err := SecretKey(); err != nil { diff --git a/src/jobservice/utils/logger.go b/src/jobservice/utils/logger.go index 7b3b164f4..117801dd5 100644 --- a/src/jobservice/utils/logger.go +++ b/src/jobservice/utils/logger.go @@ -65,10 +65,6 @@ func GetJobLogPath(jobID int64) (string, error) { p = filepath.Join(d, p) } - base, err := config.LogDir() - if err != nil { - return "", err - } - p = filepath.Join(base, p, f) + p = filepath.Join(config.LogDir(), p, f) return p, nil }