read some configs from env

2025-04-20 19:40:31 +00:00 · 2017-03-01 15:26:16 +08:00 · 2017-03-01 15:26:16 +08:00 · a4cb261df9
commit a4cb261df9
parent ac6c26d6db
7 changed files with 92 additions and 65 deletions
--- a/make/common/templates/adminserver/env
+++ b/make/common/templates/adminserver/env
@ -29,7 +29,6 @@ HARBOR_ADMIN_PASSWORD=$harbor_admin_password
 PROJECT_CREATION_RESTRICTION=$project_creation_restriction
 VERIFY_REMOTE_CERT=$verify_remote_cert
 MAX_JOB_WORKERS=$max_job_workers
 LOG_DIR=/var/log/jobs
 UI_SECRET=$ui_secret
 JOBSERVICE_SECRET=$jobservice_secret
 TOKEN_EXPIRATION=$token_expiration
--- a/make/harbor.cfg
+++ b/make/harbor.cfg
@ -8,6 +8,43 @@ hostname = reg.mydomain.com
 #It can be set to https if ssl is enabled on nginx.
 ui_url_protocol = http
 #The password for the root user of mysql db, change this before any production use.
 db_password = root123
 #Determine whether the UI should use compressed js files. 
 #For production, set it to on. For development, set it to off.
 use_compressed_js = on
 #Maximum number of job workers in job service  
 max_job_workers = 3 
 #Determine whether or not to generate certificate for the registry's token.
 #If the value is on, the prepare script creates new root cert and private key 
 #for generating token to access the registry. If the value is off, a key/certificate must 
 #be supplied for token generation.
 customize_crt = on
 #Information of your organization for certificate
 crt_country = CN
 crt_state = State
 crt_location = CN
 crt_organization = organization
 crt_organizationalunit = organizational unit
 crt_commonname = example.com
 crt_email = example@example.com
 #The path of cert and key files for nginx, they are applied only the protocol is set to https
 ssl_cert = /data/cert/server.crt
 ssl_cert_key = /data/cert/server.key
 #The path of secretkey storage
 secretkey_path = /data
 #NOTES: The properties between BEGIN INITIAL PROPERTIES and END INITIAL PROPERTIES
 #only take effect in the first boot, the subsequent changes of these properties 
 #should be performed on web ui
 #************************BEGIN INITIAL PROPERTIES************************
 #Email account settings for sending out password resetting emails.
 #Email server uses the given username and password to authenticate on TLS connections to host and act as identity.
@ -55,50 +92,19 @@ ldap_scope = 3
 #Timeout (in seconds)  when connecting to an LDAP Server. The default value (and most reasonable) is 5 seconds.
 ldap_timeout = 5
 #The password for the root user of mysql db, change this before any production use.
 db_password = root123
 #Turn on or off the self-registration feature
 self_registration = on
 #Determine whether the UI should use compressed js files. 
 #For production, set it to on. For development, set it to off.
 use_compressed_js = on
 #Maximum number of job workers in job service  
 max_job_workers = 3 
 #The expiration time (in minute) of token created by token service, default is 30 minutes
 token_expiration = 30
 #Determine whether the job service should verify the ssl cert when it connects to a remote registry.
 #Set this flag to off when the remote registry uses a self-signed or untrusted certificate.
 verify_remote_cert = on
 #Determine whether or not to generate certificate for the registry's token.
 #If the value is on, the prepare script creates new root cert and private key 
 #for generating token to access the registry. If the value is off, a key/certificate must 
 #be supplied for token generation.
 customize_crt = on
 #Information of your organization for certificate
 crt_country = CN
 crt_state = State
 crt_location = CN
 crt_organization = organization
 crt_organizationalunit = organizational unit
 crt_commonname = example.com
 crt_email = example@example.com
 #The flag to control what users have permission to create projects
 #Be default everyone can create a project, set to "adminonly" such that only admin can create project.
 project_creation_restriction = everyone
-#The path of cert and key files for nginx, they are applied only the protocol is set to https
+#Determine whether the job service should verify the ssl cert when it connects to a remote registry.
-ssl_cert = /data/cert/server.crt
+#Set this flag to off when the remote registry uses a self-signed or untrusted certificate.
-ssl_cert_key = /data/cert/server.key
+verify_remote_cert = on
-
+#************************BEGIN INITIAL PROPERTIES************************
 #The path of secretkey storage
 secretkey_path = /data
 #############
--- a/src/adminserver/systemcfg/systemcfg.go
+++ b/src/adminserver/systemcfg/systemcfg.go
@ -46,8 +46,8 @@ var (
 		comcfg.AdminInitialPassword,
 	}
-	// envs are configurations need read from environment variables
+	// all configurations need read from environment variables
-	envs = map[string]interface{}{
+	allEnvs = map[string]interface{}{
 		comcfg.ExtEndpoint: "EXT_ENDPOINT",
 		comcfg.AUTHMode:    "AUTH_MODE",
 		comcfg.SelfRegistration: &parser{
@ -96,7 +96,6 @@ var (
 			env:   "TOKEN_EXPIRATION",
 			parse: parseStringToInt,
 		},
 		comcfg.JobLogDir: "LOG_DIR",
 		comcfg.UseCompressedJS: &parser{
 			env:   "USE_COMPRESSED_JS",
 			parse: parseStringToBool,
@ -116,6 +115,26 @@ var (
 		comcfg.ProjectCreationRestriction: "PROJECT_CREATION_RESTRICTION",
 		comcfg.AdminInitialPassword:       "HARBOR_ADMIN_PASSWORD",
 	}
 	// configurations need read from environment variables
 	// every time the system startup
 	repeatLoadEnvs = map[string]interface{}{
 		comcfg.ExtEndpoint:   "EXT_ENDPOINT",
 		comcfg.MySQLPassword: "MYSQL_PWD",
 		comcfg.MaxJobWorkers: &parser{
 			env:   "MAX_JOB_WORKERS",
 			parse: parseStringToInt,
 		},
 		// TODO remove this config?
 		comcfg.UseCompressedJS: &parser{
 			env:   "USE_COMPRESSED_JS",
 			parse: parseStringToBool,
 		},
 		comcfg.CfgExpiration: &parser{
 			env:   "CFG_EXPIRATION",
 			parse: parseStringToInt,
 		},
 	}
 )
 type parser struct {
@ -152,16 +171,19 @@ func Init() (err error) {
 	}
 	if cfg != nil {
-		return nil
+		if err = loadFromEnv(cfg, false); err != nil {
-	}
+			return err
-
+		}
-	log.Info("configurations read from store driver are null, initializing system from environment variables...")
+	} else {
-	cfg, err = loadFromEnv()
+		log.Info("configurations read from store driver are null, initializing system from environment variables...")
-	if err != nil {
+		cfg = make(map[string]interface{})
-		return err
+		if err = loadFromEnv(cfg, true); err != nil {
 			return err
 		}
 	}
 	//sync configurations into cfg store
 	log.Info("updating system configurations...")
 	return UpdateSystemCfg(cfg)
 }
@ -198,9 +220,13 @@ func initKeyProvider() {
 	keyProvider = comcfg.NewFileKeyProvider(path)
 }
-//load the configurations from env
+// load the configurations from allEnvs, if all is false, it just loads
-func loadFromEnv() (map[string]interface{}, error) {
+// the repeatLoadEnvs
-	cfg := map[string]interface{}{}
+func loadFromEnv(cfg map[string]interface{}, all bool) error {
 	envs := repeatLoadEnvs
 	if all {
 		envs = allEnvs
 	}
 	for k, v := range envs {
 		if str, ok := v.(string); ok {
@ -211,16 +237,16 @@ func loadFromEnv() (map[string]interface{}, error) {
 		if parser, ok := v.(*parser); ok {
 			i, err := parser.parse(os.Getenv(parser.env))
 			if err != nil {
-				return nil, err
+				return err
 			}
 			cfg[k] = i
 			continue
 		}
-		return nil, fmt.Errorf("%v is not string or parse type", v)
+		return fmt.Errorf("%v is not string or parse type", v)
 	}
-	return cfg, nil
+	return nil
 }
 // GetSystemCfg returns the system configurations
--- a/src/common/utils/test/adminserver.go
+++ b/src/common/utils/test/adminserver.go
@ -56,7 +56,6 @@ var adminServerDefaultConfig = map[string]interface{}{
 	config.MaxJobWorkers:              3,
 	config.TokenExpiration:            30,
 	config.CfgExpiration:              5,
 	config.JobLogDir:                  "/var/log/jobs",
 	config.UseCompressedJS:            true,
 	config.AdminInitialPassword:       "password",
 }
--- a/src/jobservice/config/config.go
+++ b/src/jobservice/config/config.go
@ -25,6 +25,7 @@ import (
 const (
 	defaultKeyPath string = "/etc/jobservice/key"
 	defaultLogDir  string = "/var/log/jobs"
 )
 var (
@ -119,12 +120,12 @@ func LocalRegURL() (string, error) {
 }
 // LogDir returns the absolute path to which the log file will be written
-func LogDir() (string, error) {
+func LogDir() string {
-	cfg, err := mg.Get()
+	dir := os.Getenv("LOG_DIR")
-	if err != nil {
+	if len(dir) == 0 {
-		return "", err
+		dir = defaultLogDir
 	}
-	return cfg[comcfg.JobLogDir].(string), nil
+	return dir
 }
 // SecretKey will return the secret key for encryption/decryption password in target.
--- a/src/jobservice/config/config_test.go
+++ b/src/jobservice/config/config_test.go
@ -66,8 +66,8 @@ func TestConfig(t *testing.T) {
 		t.Fatalf("failed to get registry URL: %v", err)
 	}
-	if _, err := LogDir(); err != nil {
+	if dir := LogDir(); dir != "/var/log/jobs" {
-		t.Fatalf("failed to get log directory: %v", err)
+		t.Errorf("unexpected log directory: %s != %s", dir, "/var/log/jobs")
 	}
 	if _, err := SecretKey(); err != nil {
--- a/src/jobservice/utils/logger.go
+++ b/src/jobservice/utils/logger.go
@ -65,10 +65,6 @@ func GetJobLogPath(jobID int64) (string, error) {
 		p = filepath.Join(d, p)
 	}
-	base, err := config.LogDir()
+	p = filepath.Join(config.LogDir(), p, f)
 	if err != nil {
 		return "", err
 	}
 	p = filepath.Join(base, p, f)
 	return p, nil
 }