Merge pull request #64 from reasonerjt/db-role-refactor

merge with master
2024-09-20 17:15:30 +00:00 · 2016-03-30 18:18:26 +08:00 · 2016-03-30 18:18:26 +08:00 · ae58dd9eac
commit ae58dd9eac
parent 8ca1263a2f cdef3629cc
23 changed files with 395 additions and 175 deletions
--- a/Deploy/config/nginx/cert/.gitignore
+++ b/Deploy/config/nginx/cert/.gitignore
--- a/Deploy/config/nginx/nginx.https.conf
+++ b/Deploy/config/nginx/nginx.https.conf
@ -0,0 +1,85 @@
 worker_processes auto;
 events {
  worker_connections 1024;
  use epoll;
  multi_accept on;
 }
 http {
  tcp_nodelay on;
  # this is necessary for us to be able to disable request buffering in all cases
  proxy_http_version 1.1;
  upstream registry {
    server registry:5000;
  }
  upstream ui {
    server ui:80;
  }
  server {
    listen 443 ssl;
    server_name harbordomain.com;
    # SSL
    ssl_certificate /etc/nginx/cert/harbordomain.crt;
    ssl_certificate_key /etc/nginx/cert/harbordomain.key;
    # Recommendations from https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
    ssl_protocols TLSv1.1 TLSv1.2;
    ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    # disable any limits to avoid HTTP 413 for large image uploads
    client_max_body_size 0;
    # required to avoid HTTP 411: see Issue #1486 (https://github.com/docker/docker/issues/1486)
    chunked_transfer_encoding on;
    location / {
      proxy_pass http://ui/;
      proxy_set_header Host $http_host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;
      proxy_buffering off;
      proxy_request_buffering off;
    }
    location /v1/ {
      return 404;
    }
    location /v2/ {
      proxy_pass http://registry/v2/;
      proxy_set_header Host $http_host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;
      proxy_buffering off;
      proxy_request_buffering off;
    }
    location /service/ {
      proxy_pass http://ui/service/;
      proxy_set_header Host $http_host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;
      proxy_buffering off;
      proxy_request_buffering off;
    }
  }
    server {
      listen 80;
      server_name harbordomain.com;
      rewrite ^/(.*) https://$server_name$1 permanent;
  } 
 }
--- a/Deploy/docker-compose.yml
+++ b/Deploy/docker-compose.yml
@ -49,7 +49,7 @@ ui:
 proxy:
  image: library/nginx:1.9
  volumes:
-    - ./config/nginx/nginx.conf:/etc/nginx/nginx.conf
+    - ./config/nginx:/etc/nginx
  links:
    - ui
    - registry
--- a/Deploy/templates/ui/env
+++ b/Deploy/templates/ui/env
@ -8,3 +8,4 @@ HARBOR_URL=$ui_url
 AUTH_MODE=$auth_mode
 LDAP_URL=$ldap_url
 LDAP_BASE_DN=$ldap_basedn
 LOG_LEVEL=debug
--- a/README.md
+++ b/README.md
@ -1,55 +1,69 @@
-# Harbor
+# Harbor
-
+
-[![Build Status](https://travis-ci.org/vmware/harbor.svg?branch=master)](https://travis-ci.org/vmware/harbor)
+[![Build Status](https://travis-ci.org/vmware/harbor.svg?branch=master)](https://travis-ci.org/vmware/harbor)
-
+
-![alg tag](https://cloud.githubusercontent.com/assets/2390463/13484557/088a1000-e13a-11e5-87d4-a64366365bef.png)
+![alg tag](https://cloud.githubusercontent.com/assets/2390463/13484557/088a1000-e13a-11e5-87d4-a64366365bef.png)
-
+
-Project Harbor is an enterprise-class registry server. It extends the open source Docker Registry server by adding more functionalities usually required by an enterprise. Harbor is designed to be deployed in a private environment of an organization. A private registry is important for organizations who care much about security. In addition, a private registry improves productivity by eliminating the need to download images from the public network. This is very helpful to container users who do not have a good network to the Internet. For example, Harbor accelerates the progress of Chinese developers, because they no longer need to pull images from the Internet.
+> Project Harbor is initiated by VMware China R&D as a Cloud Application Accelerator (CAA) project. CAA provides a set of tools to improve the productivity of cloud developers in China and other countries. CAA includes tools like registry server, mirror server, decentralized image distributor, etc.
-
+
-### Features
+Project Harbor is an enterprise-class registry server. It extends the open source Docker Registry server by adding more functionalities usually required by an enterprise. Harbor is designed to be deployed in a private environment of an organization. A private registry is important for organizations who care much about security. In addition, a private registry improves productivity by eliminating the need to download images from the public network. This is very helpful to container users who do not have a good network to the Internet. 
-* **Role Based Access Control**: Users and docker repositories are organized via "projects", a user can have different permission for images under a namespace.
+
-* **Graphical user portal**: User can easily browse, search docker repositories, manage projects/namespaces.
+### Features
-* **AD/LDAP support**: Harbor integrates with existing AD/LDAP of the enterprise for user authentication and management.
+* **Role Based Access Control**: Users and docker repositories are organized via "projects", a user can have different permission for images under a namespace.
-* **Auditing**: All the operations to the repositories are tracked and can be used for auditing purpose.
+* **Graphical user portal**: User can easily browse, search docker repositories, manage projects/namespaces.
-* **Internationalization**: Localized for English and Chinese languages. More languages can be added.
+* **AD/LDAP support**: Harbor integrates with existing AD/LDAP of the enterprise for user authentication and management.
-* **RESTful API**: RESTful APIs are provided for most administrative operations of Harbor. The integration with other management softwares becomes easy.
+* **Auditing**: All the operations to the repositories are tracked and can be used for auditing purpose.
-
+* **Internationalization**: Localized for English and Chinese languages. More languages can be added.
-### Try it
+* **RESTful API**: RESTful APIs are provided for most administrative operations of Harbor. The integration with other management softwares becomes easy.
-Harbor is self-contained and can be easily deployed via docker-compose.  
+
-
+### Try it
-**System requirements:**  
+Harbor is self-contained and can be easily deployed via docker-compose.  
-Harbor only works with docker 1.8+ and docker-compose 1.6.0+ .
+
-The host must be connected to the Internet.
+**System requirements:**  
-
+Harbor only works with docker 1.8+ and docker-compose 1.6.0+ .
-1. Get the source code:
+The host must be connected to the Internet.
-    
+
-    ```sh
+1. Get the source code:
-    $ git clone https://github.com/vmware/harbor
+    
-    ```
+    ```sh
-2. Edit the file **Deploy/harbor.cfg**, make necessary configuration changes such as hostname, admin password and mail server. Refer to [Installation Guide](docs/installation_guide.md) for more info.  
+    $ git clone https://github.com/vmware/harbor
-
+    ```
-
+2. Edit the file **Deploy/harbor.cfg**, make necessary configuration changes such as hostname, admin password and mail server. Refer to [Installation Guide](docs/installation_guide.md) for more info.  
-3. Install Harbor by the following commands. It may take a while for the docker-compose process to finish.
+
-    ```sh
+
-    $ cd Deploy
+3. Install Harbor by the following commands. It may take a while for the docker-compose process to finish.
-    
+    ```sh
-    $ ./prepare
+    $ cd Deploy
-    Generated configuration file: ./config/ui/env
+    
-    Generated configuration file: ./config/ui/app.conf
+    $ ./prepare
-    Generated configuration file: ./config/registry/config.yml
+    Generated configuration file: ./config/ui/env
-    Generated configuration file: ./config/db/env
+    Generated configuration file: ./config/ui/app.conf
-    
+    Generated configuration file: ./config/registry/config.yml
-    $ docker-compose up
+    Generated configuration file: ./config/db/env
-    ```
+    
-If everything works fine, you can open a browser to visit the admin portal at http://yourhostname . The default administrator username and password are admin/Harbor12345 .
+    $ docker-compose up
-
+    ```
-**NOTE:**  
+If everything works fine, you can open a browser to visit the admin portal at http://your_registry_host . The default administrator username and password are admin/Harbor12345 .
-To simplify the installation process, a pre-built installation package of Harbor is provided so that you don't need to clone the source code. By using this package, you can even install Harbor onto a host that is not connected to the Internet. For details on how to download and use this installation package, please refer to [Installation Guide](docs/installation_guide.md) .
+
-
+After creating a project in the admin portal, you can login and use docker commands to push images.  The default port of Harbor registry server is 80:
-For information on how to use Harbor, please see [User Guide](docs/user_guide.md) .
+```sh
-
+$ docker login your_registry_host
-### Contribution
+$ docker push your_registry_host/myrepo/myapp
-We welcome contributions from the community.  If you wish to contribute code, we require that you first sign our [Contributor License Agreement](https://vmware.github.io/photon/assets/files/vmware_cla.pdf) and return a copy to osscontributions@vmware.com before we can merge your contribution.
+```
-
+
-### License
+**NOTE:**  
-Harbor is available under the [Apache 2 license](LICENSE).
+To simplify the installation process, a pre-built installation package of Harbor is provided so that you don't need to clone the source code. By using this package, you can even install Harbor onto a host that is not connected to the Internet. For details on how to download and use this installation package, please refer to [Installation Guide](docs/installation_guide.md) .
 For information on how to use Harbor, please see [User Guide](docs/user_guide.md) .
 ### Contribution
 We welcome contributions from the community.  If you wish to contribute code, we require that you first sign our [Contributor License Agreement](https://vmware.github.io/photon/assets/files/vmware_cla.pdf) and return a copy to osscontributions@vmware.com before we can merge your contribution.
 ### License
 Harbor is available under the [Apache 2 license](LICENSE).
 ### Partners
 <a href="https://www.shurenyun.com/" border="0" target="_blank"><img alt="DataMan" src="docs/img/dataman.png"></a>
 ### Users
 <a href="https://www.madailicai.com/" border="0" target="_blank"><img alt="MaDaiLiCai" src="docs/img/UserMaDai.jpg"></a>  <a href="http://www.slamtec.com" target="_blank" border="0"><img alt="SlamTec" src="docs/img/slamteclogo.png"></a>
--- a/api/base.go
+++ b/api/base.go
@ -17,12 +17,12 @@ package api
 import (
 	"encoding/json"
 	"log"
 	"net/http"
 	"github.com/vmware/harbor/auth"
 	"github.com/vmware/harbor/dao"
 	"github.com/vmware/harbor/models"
 	"github.com/vmware/harbor/utils/log"
 	"github.com/astaxie/beego"
 )
@ -46,7 +46,7 @@ func (b *BaseAPI) RenderError(code int, text string) {
 func (b *BaseAPI) DecodeJSONReq(v interface{}) {
 	err := json.Unmarshal(b.Ctx.Input.CopyBody(1<<32), v)
 	if err != nil {
-		beego.Error("Error while decoding the json request:", err)
+		log.Errorf("Error while decoding the json request, error: %v", err)
 		b.CustomAbort(http.StatusBadRequest, "Invalid json request")
 	}
 }
@ -56,10 +56,10 @@ func (b *BaseAPI) ValidateUser() int {
 	username, password, ok := b.Ctx.Request.BasicAuth()
 	if ok {
-		log.Printf("Requst with Basic Authentication header, username: %s", username)
+		log.Infof("Requst with Basic Authentication header, username: %s", username)
 		user, err := auth.Login(models.AuthModel{username, password})
 		if err != nil {
-			log.Printf("Error while trying to login, username: %s, error: %v", username, err)
+			log.Errorf("Error while trying to login, username: %s, error: %v", username, err)
 			user = nil
 		}
 		if user != nil {
@ -68,17 +68,17 @@ func (b *BaseAPI) ValidateUser() int {
 	}
 	sessionUserID := b.GetSession("userId")
 	if sessionUserID == nil {
-		beego.Warning("No user id in session, canceling request")
+		log.Warning("No user id in session, canceling request")
 		b.CustomAbort(http.StatusUnauthorized, "")
 	}
 	userID := sessionUserID.(int)
 	u, err := dao.GetUser(models.User{UserID: userID})
 	if err != nil {
-		beego.Error("Error occurred in GetUser:", err)
+		log.Errorf("Error occurred in GetUser, error: %v", err)
 		b.CustomAbort(http.StatusInternalServerError, "Internal error.")
 	}
 	if u == nil {
-		beego.Warning("User was deleted already, user id: ", userID, " canceling request.")
+		log.Warningf("User was deleted already, user id: %d, canceling request.", userID)
 		b.CustomAbort(http.StatusUnauthorized, "")
 	}
 	return userID
--- a/api/member.go
+++ b/api/member.go
@ -21,8 +21,7 @@ import (
 	"github.com/vmware/harbor/dao"
 	"github.com/vmware/harbor/models"
-
+	"github.com/vmware/harbor/utils/log"
 	"github.com/astaxie/beego"
 )
 // ProjectMemberAPI handles request to /api/projects/{}/members/{}
@ -43,18 +42,18 @@ type memberReq struct {
 func (pma *ProjectMemberAPI) Prepare() {
 	pid, err := strconv.ParseInt(pma.Ctx.Input.Param(":pid"), 10, 64)
 	if err != nil {
-		beego.Error("Error parsing project id:", pid, ", error:", err)
+		log.Errorf("Error parsing project id: %d, error: %v", pid, err)
 		pma.CustomAbort(http.StatusBadRequest, "invalid project Id")
 		return
 	}
 	p, err := dao.GetProjectByID(pid)
 	if err != nil {
-		beego.Error("Error occurred in GetProjectById:", err)
+		log.Errorf("Error occurred in GetProjectById, error: %v", err)
 		pma.CustomAbort(http.StatusInternalServerError, "Internal error.")
 	}
 	if p == nil {
-		beego.Warning("Project with id:", pid, "does not exist.")
+		log.Warningf("Project with id: %d does not exist.", pid)
 		pma.CustomAbort(http.StatusNotFound, "Project does not exist")
 	}
 	pma.project = p
@ -67,7 +66,7 @@ func (pma *ProjectMemberAPI) Prepare() {
 	} else if len(mid) > 0 {
 		memberID, err := strconv.Atoi(mid)
 		if err != nil {
-			beego.Error("Invalid member Id, error:", err)
+			log.Errorf("Invalid member Id, error: %v", err)
 			pma.CustomAbort(http.StatusBadRequest, "Invalid member id")
 		}
 		pma.memberID = memberID
@ -78,7 +77,7 @@ func (pma *ProjectMemberAPI) Prepare() {
 func (pma *ProjectMemberAPI) Get() {
 	pid := pma.project.ProjectID
 	if !checkProjectPermission(pma.currentUserID, pid) {
-		beego.Warning("Current user, user id :", pma.currentUserID, "does not have permission for project, id:", pid)
+		log.Warningf("Current user, user id: %d does not have permission for project, id: %d", pma.currentUserID, pid)
 		pma.RenderError(http.StatusForbidden, "")
 		return
 	}
@ -87,7 +86,7 @@ func (pma *ProjectMemberAPI) Get() {
 		queryUser := models.User{Username: "%" + username + "%"}
 		userList, err := dao.GetUserByProject(pid, queryUser)
 		if err != nil {
-			beego.Error("Failed to query database for member list, error:", err)
+			log.Errorf("Failed to query database for member list, error: %v", err)
 			pma.RenderError(http.StatusInternalServerError, "Internal Server Error")
 			return
 		}
@ -95,14 +94,14 @@ func (pma *ProjectMemberAPI) Get() {
 	} else { //return detail of a  member
 		roleList, err := dao.GetUserProjectRoles(pma.memberID, pid)
 		if err != nil {
-			beego.Error("Error occurred in GetUserProjectRoles:", err)
+			log.Errorf("Error occurred in GetUserProjectRoles, error: %v", err)
 			pma.CustomAbort(http.StatusInternalServerError, "Internal error.")
 		}
 		//return empty role list to indicate if a user is not a member
 		result := make(map[string]interface{})
 		user, err := dao.GetUser(models.User{UserID: pma.memberID})
 		if err != nil {
-			beego.Error("Error occurred in GetUser:", err)
+			log.Errorf("Error occurred in GetUser, error: %v", err)
 			pma.CustomAbort(http.StatusInternalServerError, "Internal error.")
 		}
 		result["user_name"] = user.Username
@ -120,10 +119,9 @@ func (pma *ProjectMemberAPI) Post() {
 	//userQuery := models.User{UserID: pma.currentUserID, RoleID: models.PROJECTADMIN}
 	rolelist, err := dao.GetUserProjectRoles(pma.currentUserID, pid)
 	if err != nil {
-		beego.Error("Error occurred in GetUserProjectRoles:", err)
+		log.Errorf("Error occurred in GetUserProjectRoles, error: %v", err)
 		pma.CustomAbort(http.StatusInternalServerError, "Internal error.")
 	}
 	hasProjectAdminRole := false
 	for _, role := range rolelist {
 		if role.RoleID == models.PROJECTADMIN {
@ -132,7 +130,7 @@ func (pma *ProjectMemberAPI) Post() {
 		}
 	}
 	if !hasProjectAdminRole {
-		beego.Warning("Current user, id:", pma.currentUserID, "does not have project admin role for project, id:", pid)
+		log.Warningf("Current user, id: %d does not have project admin role for project, id:", pma.currentUserID, pid)
 		pma.RenderError(http.StatusForbidden, "")
 		return
 	}
@ -142,17 +140,17 @@ func (pma *ProjectMemberAPI) Post() {
 	username := req.Username
 	userID := checkUserExists(username)
 	if userID <= 0 {
-		beego.Warning("User does not exist, user name:", username)
+		log.Warningf("User does not exist, user name: %s", username)
 		pma.RenderError(http.StatusNotFound, "User does not exist")
 		return
 	}
 	rolelist, err = dao.GetUserProjectRoles(userID, pid)
 	if err != nil {
-		beego.Error("Error occurred in GetUserProjectRoles:", err)
+		log.Errorf("Error occurred in GetUserProjectRoles, error: %v", err)
 		pma.CustomAbort(http.StatusInternalServerError, "Internal error.")
 	}
 	if len(rolelist) > 0 {
-		beego.Warning("user is already added to project, user id:", userID, ", project id:", pid)
+		log.Warningf("user is already added to project, user id: %d, project id: %d", userID, pid)
 		pma.RenderError(http.StatusConflict, "user is ready in project")
 		return
 	}
@ -160,7 +158,7 @@ func (pma *ProjectMemberAPI) Post() {
 	for _, rid := range req.Roles {
 		err = dao.AddProjectMember(pid, userID, int(rid))
 		if err != nil {
-			beego.Error("Failed to update DB to add project user role, project id:", pid, ", user id:", userID, ", role id:", rid)
+			log.Errorf("Failed to update DB to add project user role, project id: %d, user id: %d, role id: %d", pid, userID, rid)
 			pma.RenderError(http.StatusInternalServerError, "Failed to update data in database")
 			return
 		}
@ -174,10 +172,9 @@ func (pma *ProjectMemberAPI) Put() {
 	rolelist, err := dao.GetUserProjectRoles(pma.currentUserID, pid)
 	if err != nil {
-		beego.Error("Error occurred in GetUserProjectRoles:", err)
+		log.Errorf("Error occurred in GetUserProjectRoles, error: %v", err)
 		pma.CustomAbort(http.StatusInternalServerError, "Internal error.")
 	}
 	hasProjectAdminRole := false
 	for _, role := range rolelist {
 		if role.RoleID == models.PROJECTADMIN {
@ -187,7 +184,7 @@ func (pma *ProjectMemberAPI) Put() {
 	}
 	if !hasProjectAdminRole {
-		beego.Warning("Current user, id:", pma.currentUserID, ", does not have project admin role for project, id:", pid)
+		log.Warningf("Current user, id: %d does not have project admin role for project, id: %d", pma.currentUserID, pid)
 		pma.RenderError(http.StatusForbidden, "")
 		return
 	}
@ -195,7 +192,7 @@ func (pma *ProjectMemberAPI) Put() {
 	pma.DecodeJSONReq(&req)
 	roleList, err := dao.GetUserProjectRoles(mid, pid)
 	if len(roleList) == 0 {
-		beego.Warning("User is not in project, user id:", mid, ", project id:", pid)
+		log.Warningf("User is not in project, user id: %d, project id: %d", mid, pid)
 		pma.RenderError(http.StatusNotFound, "user not exist in project")
 		return
 	}
@ -203,7 +200,7 @@ func (pma *ProjectMemberAPI) Put() {
 	//delete user project role record for the given user
 	err = dao.DeleteProjectMember(pid, mid)
 	if err != nil {
-		beego.Error("Failed to delete project roles for user, user id:", mid, ", project id: ", pid, ", error: ", err)
+		log.Errorf("Failed to delete project roles for user, user id: %d, project id: %d, error: %v", mid, pid, err)
 		pma.RenderError(http.StatusInternalServerError, "Failed to update data in DB")
 		return
 	}
@ -211,7 +208,7 @@ func (pma *ProjectMemberAPI) Put() {
 	for _, rid := range req.Roles {
 		err = dao.AddProjectMember(pid, mid, int(rid))
 		if err != nil {
-			beego.Error("Failed to update DB to add project user role, project id:", pid, ", user id:", mid, ", role id:", rid)
+			log.Errorf("Failed to update DB to add project user role, project id: %d, user id: %d, role id: %d", pid, mid, rid)
 			pma.RenderError(http.StatusInternalServerError, "Failed to update data in database")
 			return
 		}
@ -233,13 +230,13 @@ func (pma *ProjectMemberAPI) Delete() {
 	}
 	if !hasProjectAdminRole {
-		beego.Warning("Current user, id:", pma.currentUserID, ", does not have project admin role for project, id:", pid)
+		log.Warningf("Current user, id: %d does not have project admin role for project, id: %d", pma.currentUserID, pid)
 		pma.RenderError(http.StatusForbidden, "")
 		return
 	}
 	err = dao.DeleteProjectMember(pid, mid)
 	if err != nil {
-		beego.Error("Failed to delete project roles for user, user id:", mid, ", project id:", pid, ", error:", err)
+		log.Errorf("Failed to delete project roles for user, user id: %d, project id: %d, error: %v", mid, pid, err)
 		pma.RenderError(http.StatusInternalServerError, "Failed to update data in DB")
 		return
 	}
--- a/api/project.go
+++ b/api/project.go
@ -17,16 +17,14 @@ package api
 import (
 	"fmt"
 	"log"
 	"net/http"
 	"github.com/vmware/harbor/dao"
 	"github.com/vmware/harbor/models"
 	"github.com/vmware/harbor/utils/log"
 	"strconv"
 	"time"
 	"github.com/astaxie/beego"
 )
 // ProjectAPI handles request to /api/projects/{} /api/projects/{}/logs
@ -51,12 +49,12 @@ func (p *ProjectAPI) Prepare() {
 		var err error
 		p.projectID, err = strconv.ParseInt(idStr, 10, 64)
 		if err != nil {
-			log.Printf("Error parsing project id: %s, error: %v", idStr, err)
+			log.Errorf("Error parsing project id: %s, error: %v", idStr, err)
 			p.CustomAbort(http.StatusBadRequest, "invalid project id")
 		}
 		exist, err := dao.ProjectExists(p.projectID)
 		if err != nil {
-			log.Printf("Error occurred in ProjectExists: %v", err)
+			log.Errorf("Error occurred in ProjectExists, error: %v", err)
 			p.CustomAbort(http.StatusInternalServerError, "Internal error.")
 		}
 		if !exist {
@ -75,14 +73,14 @@ func (p *ProjectAPI) Post() {
 	}
 	err := validateProjectReq(req)
 	if err != nil {
-		beego.Error("Invalid project request, error: ", err)
+		log.Errorf("Invalid project request, error: %v", err)
 		p.RenderError(http.StatusBadRequest, "Invalid request for creating project")
 		return
 	}
 	projectName := req.ProjectName
 	exist, err := dao.ProjectExists(projectName)
 	if err != nil {
-		beego.Error("Error happened checking project existence in db:", err, ", project name:", projectName)
+		log.Errorf("Error happened checking project existence in db, error: %v, project name: %s", err, projectName)
 	}
 	if exist {
 		p.RenderError(http.StatusConflict, "")
@ -91,7 +89,7 @@ func (p *ProjectAPI) Post() {
 	project := models.Project{OwnerID: p.userID, Name: projectName, CreationTime: time.Now(), Public: public}
 	err = dao.AddProject(project)
 	if err != nil {
-		beego.Error("Failed to add project, error: ", err)
+		log.Errorf("Failed to add project, error: %v", err)
 		p.RenderError(http.StatusInternalServerError, "Failed to add project")
 	}
 }
@ -101,7 +99,7 @@ func (p *ProjectAPI) Head() {
 	projectName := p.GetString("project_name")
 	result, err := dao.ProjectExists(projectName)
 	if err != nil {
-		beego.Error("Error while communicating with DB: ", err)
+		log.Errorf("Error while communicating with DB, error: %v", err)
 		p.RenderError(http.StatusInternalServerError, "Error while communicating with DB")
 		return
 	}
@ -123,7 +121,7 @@ func (p *ProjectAPI) Get() {
 	projectList, err := dao.QueryProject(queryProject)
 	if err != nil {
-		beego.Error("Error occurred in QueryProject:", err)
+		log.Errorf("Error occurred in QueryProject, error: %v", err)
 		p.CustomAbort(http.StatusInternalServerError, "Internal error.")
 	}
 	for i := 0; i < len(projectList); i++ {
@ -142,7 +140,7 @@ func (p *ProjectAPI) Put() {
 	projectID, err := strconv.ParseInt(p.Ctx.Input.Param(":id"), 10, 64)
 	if err != nil {
-		beego.Error("Error parsing project id:", projectID, ", error: ", err)
+		log.Errorf("Error parsing project id: %d, error: %v", projectID, err)
 		p.RenderError(http.StatusBadRequest, "invalid project id")
 		return
 	}
@ -152,13 +150,13 @@ func (p *ProjectAPI) Put() {
 		public = 1
 	}
 	if !isProjectAdmin(p.userID, projectID) {
-		beego.Warning("Current user, id:", p.userID, ", does not have project admin role for project, id:", projectID)
+		log.Warningf("Current user, id: %d does not have project admin role for project, id: %d", p.userID, projectID)
 		p.RenderError(http.StatusForbidden, "")
 		return
 	}
 	err = dao.ToggleProjectPublicity(p.projectID, public)
 	if err != nil {
-		beego.Error("Error while updating project, project id:", projectID, ", error:", err)
+		log.Errorf("Error while updating project, project id: %d, error: %v", projectID, err)
 		p.RenderError(http.StatusInternalServerError, "Failed to update project")
 	}
 }
@ -177,11 +175,11 @@ func (p *ProjectAPI) FilterAccessLog() {
 	query := models.AccessLog{ProjectID: p.projectID, Username: "%" + username + "%", Keywords: keywords, BeginTime: beginTime, BeginTimestamp: filter.BeginTimestamp, EndTime: endTime, EndTimestamp: filter.EndTimestamp}
-	log.Printf("Query AccessLog: begin: %v, end: %v, keywords: %s", query.BeginTime, query.EndTime, query.Keywords)
+	log.Infof("Query AccessLog: begin: %v, end: %v, keywords: %s", query.BeginTime, query.EndTime, query.Keywords)
 	accessLogList, err := dao.GetAccessLogs(query)
 	if err != nil {
-		log.Printf("Error occurred in GetAccessLogs: %v", err)
+		log.Errorf("Error occurred in GetAccessLogs, error: %v", err)
 		p.CustomAbort(http.StatusInternalServerError, "Internal error.")
 	}
 	p.Data["json"] = accessLogList
@ -191,7 +189,7 @@ func (p *ProjectAPI) FilterAccessLog() {
 func isProjectAdmin(userID int, pid int64) bool {
 	rolelist, err := dao.GetUserProjectRoles(userID, pid)
 	if err != nil {
-		beego.Error("Error occurred in GetUserProjectRoles:", err, ", returning false")
+		log.Errorf("Error occurred in GetUserProjectRoles, returning false, error: %v", err)
 		return false
 	}
--- a/api/repository.go
+++ b/api/repository.go
@ -25,8 +25,7 @@ import (
 	"github.com/vmware/harbor/dao"
 	"github.com/vmware/harbor/models"
 	svc_utils "github.com/vmware/harbor/service/utils"
-
+	"github.com/vmware/harbor/utils/log"
 	"github.com/astaxie/beego"
 )
 // RepositoryAPI handles request to /api/repositories /api/repositories/tags /api/repositories/manifests, the parm has to be put
@ -49,7 +48,7 @@ func (ra *RepositoryAPI) Prepare() {
 	}
 	username, ok := ra.GetSession("username").(string)
 	if !ok {
-		beego.Warning("failed to get username from session")
+		log.Warning("failed to get username from session")
 		ra.username = ""
 	} else {
 		ra.username = username
@ -60,17 +59,17 @@ func (ra *RepositoryAPI) Prepare() {
 func (ra *RepositoryAPI) Get() {
 	projectID, err0 := ra.GetInt64("project_id")
 	if err0 != nil {
-		beego.Error("Failed to get project id, error:", err0)
+		log.Errorf("Failed to get project id, error: %v", err0)
 		ra.RenderError(http.StatusBadRequest, "Invalid project id")
 		return
 	}
 	p, err := dao.GetProjectByID(projectID)
 	if err != nil {
-		beego.Error("Error occurred in GetProjectById:", err)
+		log.Errorf("Error occurred in GetProjectById, error: %v", err)
 		ra.CustomAbort(http.StatusInternalServerError, "Internal error.")
 	}
 	if p == nil {
-		beego.Warning("Project with Id:", projectID, ", does not exist")
+		log.Warningf("Project with Id: %d does not exist", projectID)
 		ra.RenderError(http.StatusNotFound, "")
 		return
 	}
@ -80,7 +79,7 @@ func (ra *RepositoryAPI) Get() {
 	}
 	repoList, err := svc_utils.GetRepoFromCache()
 	if err != nil {
-		beego.Error("Failed to get repo from cache, error:", err)
+		log.Errorf("Failed to get repo from cache, error: %v", err)
 		ra.RenderError(http.StatusInternalServerError, "internal sever error")
 	}
 	projectName := p.Name
@ -131,7 +130,7 @@ func (ra *RepositoryAPI) GetTags() {
 	repoName := ra.GetString("repo_name")
 	result, err := svc_utils.RegistryAPIGet(svc_utils.BuildRegistryURL(repoName, "tags", "list"), ra.username)
 	if err != nil {
-		beego.Error("Failed to get repo tags, repo name:", repoName, ", error: ", err)
+		log.Errorf("Failed to get repo tags, repo name: %s, error: %v", repoName, err)
 		ra.RenderError(http.StatusInternalServerError, "Failed to get repo tags")
 	} else {
 		t := tag{}
@ -151,14 +150,14 @@ func (ra *RepositoryAPI) GetManifests() {
 	result, err := svc_utils.RegistryAPIGet(svc_utils.BuildRegistryURL(repoName, "manifests", tag), ra.username)
 	if err != nil {
-		beego.Error("Failed to get manifests for repo, repo name:", repoName, ", tag:", tag, ", error:", err)
+		log.Errorf("Failed to get manifests for repo, repo name: %s, tag: %s, error: %v", repoName, tag, err)
 		ra.RenderError(http.StatusInternalServerError, "Internal Server Error")
 		return
 	}
 	mani := manifest{}
 	err = json.Unmarshal(result, &mani)
 	if err != nil {
-		beego.Error("Failed to decode json from response for manifests, repo name:", repoName, ", tag:", tag, ", error:", err)
+		log.Errorf("Failed to decode json from response for manifests, repo name: %s, tag: %s, error: %v", repoName, tag, err)
 		ra.RenderError(http.StatusInternalServerError, "Internal Server Error")
 		return
 	}
@ -166,7 +165,7 @@ func (ra *RepositoryAPI) GetManifests() {
 	err = json.Unmarshal([]byte(v1Compatibility), &item)
 	if err != nil {
-		beego.Error("Failed to decode V1 field for repo, repo name:", repoName, ", tag:", tag, ", error:", err)
+		log.Errorf("Failed to decode V1 field for repo, repo name: %s, tag: %s, error: %v", repoName, tag, err)
 		ra.RenderError(http.StatusInternalServerError, "Internal Server Error")
 		return
 	}
--- a/api/search.go
+++ b/api/search.go
@ -24,8 +24,7 @@ import (
 	"github.com/vmware/harbor/models"
 	svc_utils "github.com/vmware/harbor/service/utils"
 	"github.com/vmware/harbor/utils"
-
+	"github.com/vmware/harbor/utils/log"
 	"github.com/astaxie/beego"
 )
 // SearchAPI handles requesst to /api/search
@ -47,7 +46,7 @@ func (n *SearchAPI) Get() {
 	keyword := n.GetString("q")
 	projects, err := dao.QueryRelevantProjects(userID)
 	if err != nil {
-		beego.Error("Failed to get projects of user id:", userID, ", error:", err)
+		log.Errorf("Failed to get projects of user id: %d, error: %v", userID, err)
 		n.CustomAbort(http.StatusInternalServerError, "Failed to get project search result")
 	}
 	projectSorter := &utils.ProjectSorter{Projects: projects}
@ -69,7 +68,7 @@ func (n *SearchAPI) Get() {
 	repositories, err2 := svc_utils.GetRepoFromCache()
 	if err2 != nil {
-		beego.Error("Failed to get repos from cache, error :", err2)
+		log.Errorf("Failed to get repos from cache, error: %v", err2)
 		n.CustomAbort(http.StatusInternalServerError, "Failed to get repositories search result")
 	}
 	sort.Strings(repositories)
--- a/api/user.go
+++ b/api/user.go
@ -21,8 +21,7 @@ import (
 	"github.com/vmware/harbor/dao"
 	"github.com/vmware/harbor/models"
-
+	"github.com/vmware/harbor/utils/log"
 	"github.com/astaxie/beego"
 )
 // UserAPI handles request to /api/users/{}
@ -43,17 +42,17 @@ func (ua *UserAPI) Prepare() {
 		var err error
 		ua.userID, err = strconv.Atoi(id)
 		if err != nil {
-			beego.Error("Invalid user id, error:", err)
+			log.Errorf("Invalid user id, error: %v", err)
 			ua.CustomAbort(http.StatusBadRequest, "Invalid user Id")
 		}
 		userQuery := models.User{UserID: ua.userID}
 		u, err := dao.GetUser(userQuery)
 		if err != nil {
-			beego.Error("Error occurred in GetUser:", err)
+			log.Errorf("Error occurred in GetUser, error: %v", err)
 			ua.CustomAbort(http.StatusInternalServerError, "Internal error.")
 		}
 		if u == nil {
-			beego.Error("User with Id:", ua.userID, "does not exist")
+			log.Errorf("User with Id: %d does not exist", ua.userID)
 			ua.CustomAbort(http.StatusNotFound, "")
 		}
 	}
@ -63,13 +62,13 @@ func (ua *UserAPI) Prepare() {
 func (ua *UserAPI) Get() {
 	exist, err := dao.IsAdminRole(ua.currentUserID)
 	if err != nil {
-		beego.Error("Error occurred in IsAdminRole:", err)
+		log.Errorf("Error occurred in IsAdminRole, error: %v", err)
 		ua.CustomAbort(http.StatusInternalServerError, "Internal error.")
 	}
 	if ua.userID == 0 { //list users
 		if !exist {
-			beego.Error("Current user, id:", ua.currentUserID, ", does not have admin role, can not list users")
+			log.Errorf("Current user, id: %d does not have admin role, can not list users", ua.currentUserID)
 			ua.RenderError(http.StatusForbidden, "User does not have admin role")
 			return
 		}
@ -80,7 +79,7 @@ func (ua *UserAPI) Get() {
 		}
 		userList, err := dao.ListUsers(userQuery)
 		if err != nil {
-			beego.Error("Failed to get data from database, error:", err)
+			log.Errorf("Failed to get data from database, error: %v", err)
 			ua.RenderError(http.StatusInternalServerError, "Failed to query from database")
 			return
 		}
@ -90,12 +89,12 @@ func (ua *UserAPI) Get() {
 		userQuery := models.User{UserID: ua.userID}
 		u, err := dao.GetUser(userQuery)
 		if err != nil {
-			beego.Error("Error occurred in GetUser:", err)
+			log.Errorf("Error occurred in GetUser, error: %v", err)
 			ua.CustomAbort(http.StatusInternalServerError, "Internal error.")
 		}
 		ua.Data["json"] = u
 	} else {
-		beego.Error("Current user, id:", ua.currentUserID, "does not have admin role, can not view other user's detail")
+		log.Errorf("Current user, id: %d does not have admin role, can not view other user's detail", ua.currentUserID)
 		ua.RenderError(http.StatusForbidden, "User does not have admin role")
 		return
 	}
@ -106,11 +105,11 @@ func (ua *UserAPI) Get() {
 func (ua *UserAPI) Put() { //currently only for toggle admin, so no request body
 	exist, err := dao.IsAdminRole(ua.currentUserID)
 	if err != nil {
-		beego.Error("Error occurred in IsAdminRole:", err)
+		log.Errorf("Error occurred in IsAdminRole, error: %v", err)
 		ua.CustomAbort(http.StatusInternalServerError, "Internal error.")
 	}
 	if !exist {
-		beego.Warning("current user, id:", ua.currentUserID, ", does not have admin role, can not update other user's role")
+		log.Warningf("current user, id: %d does not have admin role, can not update other user's role", ua.currentUserID)
 		ua.RenderError(http.StatusForbidden, "User does not have admin role")
 		return
 	}
@ -122,17 +121,17 @@ func (ua *UserAPI) Put() { //currently only for toggle admin, so no request body
 func (ua *UserAPI) Delete() {
 	exist, err := dao.IsAdminRole(ua.currentUserID)
 	if err != nil {
-		beego.Error("Error occurred in IsAdminRole:", err)
+		log.Errorf("Error occurred in IsAdminRole, error: %v", err)
 		ua.CustomAbort(http.StatusInternalServerError, "Internal error.")
 	}
 	if !exist {
-		beego.Warning("current user, id:", ua.currentUserID, ", does not have admin role, can not remove user")
+		log.Warningf("current user, id: %d does not have admin role, can not remove user", ua.currentUserID)
 		ua.RenderError(http.StatusForbidden, "User does not have admin role")
 		return
 	}
 	err = dao.DeleteUser(ua.userID)
 	if err != nil {
-		beego.Error("Failed to delete data from database, error:", err)
+		log.Errorf("Failed to delete data from database, error: %v", err)
 		ua.RenderError(http.StatusInternalServerError, "Failed to delete User")
 		return
 	}
--- a/api/utils.go
+++ b/api/utils.go
@ -18,14 +18,13 @@ package api
 import (
 	"github.com/vmware/harbor/dao"
 	"github.com/vmware/harbor/models"
-
+	"github.com/vmware/harbor/utils/log"
 	"github.com/astaxie/beego"
 )
 func checkProjectPermission(userID int, projectID int64) bool {
 	exist, err := dao.IsAdminRole(userID)
 	if err != nil {
-		beego.Error("Error occurred in IsAdminRole:", err)
+		log.Errorf("Error occurred in IsAdminRole, error: %v", err)
 		return false
 	}
 	if exist {
@ -33,7 +32,7 @@ func checkProjectPermission(userID int, projectID int64) bool {
 	}
 	roleList, err := dao.GetUserProjectRoles(userID, projectID)
 	if err != nil {
-		beego.Error("Error occurred in GetUserProjectRoles:", err)
+		log.Errorf("Error occurred in GetUserProjectRoles, error: %v", err)
 		return false
 	}
 	return len(roleList) > 0
@ -42,7 +41,7 @@ func checkProjectPermission(userID int, projectID int64) bool {
 func checkUserExists(name string) int {
 	u, err := dao.GetUser(models.User{Username: name})
 	if err != nil {
-		beego.Error("Error occurred in GetUser:", err)
+		log.Errorf("Error occurred in GetUser, error: %v", err)
 		return 0
 	}
 	if u != nil {
--- a/auth/authenticator.go
+++ b/auth/authenticator.go
@ -17,12 +17,11 @@ package auth
 import (
 	"fmt"
 	"log"
 	"os"
-	"github.com/vmware/harbor/models"
+	"github.com/vmware/harbor/utils/log"
-	"github.com/astaxie/beego"
+	"github.com/vmware/harbor/models"
 )
 // Authenticator provides interface to authenticate user credentials.
@ -37,7 +36,7 @@ var registry = make(map[string]Authenticator)
 // Register add different authenticators to registry map.
 func Register(name string, authenticator Authenticator) {
 	if _, dup := registry[name]; dup {
-		log.Printf("authenticator: %s has been registered", name)
+		log.Infof("authenticator: %s has been registered", name)
 		return
 	}
 	registry[name] = authenticator
@ -50,7 +49,7 @@ func Login(m models.AuthModel) (*models.User, error) {
 	if authMode == "" || m.Principal == "admin" {
 		authMode = "db_auth"
 	}
-	beego.Debug("Current AUTH_MODE is ", authMode)
+	log.Debug("Current AUTH_MODE is ", authMode)
 	authenticator, ok := registry[authMode]
 	if !ok {
--- a/auth/ldap/ldap.go
+++ b/auth/ldap/ldap.go
@ -18,15 +18,15 @@ package ldap
 import (
 	"errors"
 	"fmt"
 	"log"
 	"os"
 	"strings"
 	"github.com/vmware/harbor/utils/log"
 	"github.com/vmware/harbor/auth"
 	"github.com/vmware/harbor/dao"
 	"github.com/vmware/harbor/models"
 	"github.com/astaxie/beego"
 	"github.com/mqu/openldap"
 )
@ -44,7 +44,7 @@ func (l *Auth) Authenticate(m models.AuthModel) (*models.User, error) {
 	if ldapURL == "" {
 		return nil, errors.New("Can not get any available LDAP_URL.")
 	}
-	beego.Debug("ldapURL:", ldapURL)
+	log.Debug("ldapURL:", ldapURL)
 	p := m.Principal
 	for _, c := range metaChars {
@ -66,7 +66,7 @@ func (l *Auth) Authenticate(m models.AuthModel) (*models.User, error) {
 	}
 	baseDn := fmt.Sprintf(ldapBaseDn, m.Principal)
-	beego.Debug("baseDn:", baseDn)
+	log.Debug("baseDn:", baseDn)
 	err = ldap.Bind(baseDn, m.Password)
 	if err != nil {
@ -83,7 +83,7 @@ func (l *Auth) Authenticate(m models.AuthModel) (*models.User, error) {
 		return nil, err
 	}
 	if len(result.Entries()) != 1 {
-		log.Printf("Found more than one entry.")
+		log.Warningf("Found more than one entry.")
 		return nil, nil
 	}
 	en := result.Entries()[0]
@ -100,7 +100,7 @@ func (l *Auth) Authenticate(m models.AuthModel) (*models.User, error) {
 		}
 	}
-	beego.Debug("username:", u.Username, ",email:", u.Email, ",realname:", u.Realname)
+	log.Debug("username:", u.Username, ",email:", u.Email, ",realname:", u.Realname)
 	exist, err := dao.UserExists(u, "username")
 	if err != nil {
--- a/docs/configure_https.md
+++ b/docs/configure_https.md
@ -0,0 +1,123 @@
 #Configure Harbor with HTTPS Access 
 Because Harbor does not ship with any certificates, it uses HTTP by default to serve registry requests. This makes it relatively simple to configure. However, it is highly recommended that security be enabled for any production environment. Harbor has an Nginx instance as a reverse proxy for all services, you can configure Nginx to enable https.
 ##Get a certificate
 Assuming that your registry’s **hostname** is **reg.yourdomain.com**, and that its DNS record points to the host where you are running Harbor, you first should get a certificate from a CA. The certificate usually contains a .crt file and a .key file, for example, **yourdomain.com.crt** and **yourdomain.com.key**.
 In a test or development environment, you may choose to use a self-signed certificate instead of the one from a CA. The below commands generate your own certificate:
 1) Create your own CA certificate:
 ```
  openssl req \
    -newkey rsa:4096 -nodes -sha256 -keyout ca.key \
    -x509 -days 365 -out ca.crt
 ```
 2) Generate a Certificate Signing Request, be sure to use **reg.yourdomain.com** as the CN (Common Name):
 ```
  openssl req \
    -newkey rsa:4096 -nodes -sha256 -keyout yourdomain.com.key \
    -out yourdomain.com.csr
 ```
 3) Generate the certificate of your registry host
 You need to configure openssl first. On Ubuntu, the config file locates at /etc/ssl/openssl.cnf. Refer to openssl document for more information. The default CA directory of openssl is called demoCA. Let’s creates necessary directories and files:
 ```
  mkdir demoCA
  cd demoCA
  touch index.txt
  echo '01' > serial
  cd ..
 ```
 Then run this command to generate the certificate of your registry host:
 ```
  openssl ca -in yourdomain.com.csr -out yourdomain.com.crt -cert ca.crt -keyfile ca.key –outdir .
 ```
 ##Configuration of Nginx
 After obtaining the **yourdomain.com.crt** and **yourdomain.com.key** files, change the directory to Deploy/config/nginx in Harbor project.
 ```
  cd Deploy/config/nginx
 ```
 Create a new directory “cert/” if it does not exist. Then copy **yourdomain.com.crt** and **yourdomain.com.key** to cert/.
 Rename the existing configuration file of Nginx:
 ```
  mv nginx.conf nginx.conf.bak
 ```
 Copy the template **nginx.https.conf** as the new configuration file:
 ```
  cp nginx.https.conf nginx.conf
 ```
 Edit the file nginx.conf and replace two occurrences of **server name** harbordomain.com to your own host name: reg.yourdomain.com .
 ```
  server {
    listen 443 ssl;
    server_name harbordomain.com;
 …
    server {
      listen 80;
      server_name harbordomain.com;
      rewrite ^/(.*) https://$server_name$1 permanent;
 ```
 Then look for the SSL section to make sure the files of your certificates match the names in the config file. Do not change the path of the files.
 ```
 …
    # SSL
    ssl_certificate /etc/nginx/cert/yourdomain.com.crt;
    ssl_certificate_key /etc/nginx/cert/yourdomain.com.key;
 ```
 Save your changes in nginx.conf.
 ##Installation of Harbor
 Next, edit the file Deploy/harbor.cfg , update the hostname and the protocol:
 ```
  #set hostname
  hostname = reg.yourdomain.com
  #set ui_url_protocol
  ui_url_protocol = https
 ```
 Generate configuration files for Harbor:
 ```
 ./prepare
 ```
 If Harbor is already running, stop and remove the existing instance. Your image data remain in the file system
 ```
  docker-compose stop
  docker-compose rm
 ```
 Finally, restart Harbor:
 ```
  docker-compose up –d
 ```
 After setting up HTTPS for Harbor, you can verify it by the follow steps:
 1. Open a browser and enter the address: https://reg.yourdomain.com . It should display the user interface of Harbor.
 2. On a machine with Docker daemon, make sure the option “--insecure-registry” does not present, run any docker command to verify the setup, e.g. 
 ```
  docker login reg.yourdomain.com
 ```
 ##Troubleshooting
 1.` `You may get an intermediate certificate from a certificate issuer. In this case, you should merge the intermediate certificate with your own certificate to create a certificate bundle. You can achieve this by the below command:
 ```
  cat intermediate-certificate.pem >> yourdomain.com.crt 
 ```
 2.` `On some systems where docker daemon runs, you may need to trust the certificate at OS level.  
  On Ubuntu, this can be done by below commands:
 ```
  cp youdomain.com.crt /usr/local/share/ca-certificates/reg.yourdomain.com.crt
  update-ca-certificates
 ```  
  On Red Hat (CentOS etc), the commands are:
 ```
  cp yourdomain.com.crt /etc/pki/ca-trust/source/anchors/reg.yourdomain.com.crt
  update-ca-trust
--- a/docs/img/UserMaDai.jpg
+++ b/docs/img/UserMaDai.jpg
--- a/docs/img/dataman.png
+++ b/docs/img/dataman.png
--- a/docs/img/slamteclogo.png
+++ b/docs/img/slamteclogo.png
--- a/service/notification.go
+++ b/service/notification.go
@ -23,6 +23,7 @@ import (
 	"github.com/vmware/harbor/dao"
 	"github.com/vmware/harbor/models"
 	svc_utils "github.com/vmware/harbor/service/utils"
 	"github.com/vmware/harbor/utils/log"
 	"github.com/astaxie/beego"
 )
@ -37,12 +38,12 @@ const manifestPattern = `^application/vnd.docker.distribution.manifest.v\d\+json
 // Post handles POST request, and records audit log or refreshes cache based on event.
 func (n *NotificationHandler) Post() {
 	var notification models.Notification
-	//	log.Printf("Notification Handler triggered!\n")
+	//	log.Info("Notification Handler triggered!\n")
-	//	log.Printf("request body in string: %s", string(n.Ctx.Input.CopyBody()))
+	//	log.Infof("request body in string: %s", string(n.Ctx.Input.CopyBody()))
 	err := json.Unmarshal(n.Ctx.Input.CopyBody(1<<32), &notification)
 	if err != nil {
-		beego.Error("error while decoding json: ", err)
+		log.Errorf("error while decoding json: %v", err)
 		return
 	}
 	var username, action, repo, project string
@ -50,7 +51,7 @@ func (n *NotificationHandler) Post() {
 	for _, e := range notification.Events {
 		matched, err = regexp.MatchString(manifestPattern, e.Target.MediaType)
 		if err != nil {
-			beego.Error("Failed to match the media type against pattern, error: ", err)
+			log.Errorf("Failed to match the media type against pattern, error: %v", err)
 			matched = false
 		}
 		if matched && strings.HasPrefix(e.Request.UserAgent, "docker") {
@ -68,7 +69,7 @@ func (n *NotificationHandler) Post() {
 				go func() {
 					err2 := svc_utils.RefreshCatalogCache()
 					if err2 != nil {
-						beego.Error("Error happens when refreshing cache:", err2)
+						log.Errorf("Error happens when refreshing cache: %v", err2)
 					}
 				}()
 			}
--- a/service/token.go
+++ b/service/token.go
@ -16,12 +16,12 @@
 package service
 import (
 	"log"
 	"net/http"
 	"github.com/vmware/harbor/auth"
 	"github.com/vmware/harbor/models"
 	svc_utils "github.com/vmware/harbor/service/utils"
 	"github.com/vmware/harbor/utils/log"
 	"github.com/astaxie/beego"
 	"github.com/docker/distribution/registry/auth/token"
@ -38,14 +38,14 @@ type TokenHandler struct {
 func (a *TokenHandler) Get() {
 	request := a.Ctx.Request
-	log.Println("request url: " + request.URL.String())
+	log.Infof("request url: %v", request.URL.String())
 	username, password, _ := request.BasicAuth()
 	authenticated := authenticate(username, password)
 	service := a.GetString("service")
 	scope := a.GetString("scope")
 	if len(scope) == 0 && !authenticated {
-		log.Printf("login request with invalid credentials")
+		log.Info("login request with invalid credentials")
 		a.CustomAbort(http.StatusUnauthorized, "")
 	}
 	access := svc_utils.GetResourceActions(scope)
@ -60,7 +60,7 @@ func (a *TokenHandler) serveToken(username, service string, access []*token.Reso
 	//create token
 	rawToken, err := svc_utils.MakeToken(username, service, access)
 	if err != nil {
-		log.Printf("Failed to make token, error: %v", err)
+		log.Errorf("Failed to make token, error: %v", err)
 		writer.WriteHeader(http.StatusInternalServerError)
 		return
 	}
@ -73,7 +73,7 @@ func (a *TokenHandler) serveToken(username, service string, access []*token.Reso
 func authenticate(principal, password string) bool {
 	user, err := auth.Login(models.AuthModel{principal, password})
 	if err != nil {
-		log.Printf("Error occurred in UserLogin: %v", err)
+		log.Errorf("Error occurred in UserLogin: %v", err)
 		return false
 	}
 	if user == nil {
--- a/service/utils/authutils.go
+++ b/service/utils/authutils.go
@ -21,11 +21,11 @@ import (
 	"encoding/base64"
 	"encoding/json"
 	"fmt"
 	"log"
 	"strings"
 	"time"
 	"github.com/vmware/harbor/dao"
 	"github.com/vmware/harbor/utils/log"
 	"github.com/docker/distribution/registry/auth/token"
 	"github.com/docker/libtrust"
@ -71,19 +71,19 @@ func FilterAccess(username string, authenticated bool, a *token.ResourceActions)
 				if username == "admin" {
 					exist, err := dao.ProjectExists(projectName)
 					if err != nil {
-						log.Printf("Error occurred in CheckExistProject: %v", err)
+						log.Errorf("Error occurred in CheckExistProject: %v", err)
 						return
 					}
 					if exist {
 						permission = "RW"
 					} else {
 						permission = ""
-						log.Printf("project %s does not exist, set empty permission for admin", projectName)
+						log.Infof("project %s does not exist, set empty permission for admin\n", projectName)
 					}
 				} else {
 					permission, err = dao.GetPermission(username, projectName)
 					if err != nil {
-						log.Printf("Error occurred in GetPermission: %v", err)
+						log.Errorf("Error occurred in GetPermission: %v", err)
 						return
 					}
 				}
@ -96,7 +96,7 @@ func FilterAccess(username string, authenticated bool, a *token.ResourceActions)
 			}
 		}
 	}
-	log.Printf("current access, type: %s, name:%s, actions:%v \n", a.Type, a.Name, a.Actions)
+	log.Infof("current access, type: %s, name:%s, actions:%v \n", a.Type, a.Name, a.Actions)
 }
 // GenTokenForUI is for the UI process to call, so it won't establish a https connection from UI to proxy.
--- a/service/utils/cache.go
+++ b/service/utils/cache.go
@ -20,8 +20,7 @@ import (
 	"time"
 	"github.com/vmware/harbor/models"
-
+	"github.com/vmware/harbor/utils/log"
 	"github.com/astaxie/beego"
 	"github.com/astaxie/beego/cache"
 )
@ -35,7 +34,7 @@ func init() {
 	var err error
 	Cache, err = cache.NewCache("memory", `{"interval":720}`)
 	if err != nil {
-		beego.Error("Failed to initialize cache, error:", err)
+		log.Errorf("Failed to initialize cache, error:%v", err)
 	}
 }
--- a/service/utils/registryutils.go
+++ b/service/utils/registryutils.go
@ -19,10 +19,11 @@ import (
 	"errors"
 	"fmt"
 	"io/ioutil"
 	"log"
 	"net/http"
 	"os"
 	"strings"
 	"github.com/vmware/harbor/utils/log"
 )
 // BuildRegistryURL ...
@ -34,7 +35,7 @@ func BuildRegistryURL(segments ...string) string {
 	url := registryURL + "/v2"
 	for _, s := range segments {
 		if s == "v2" {
-			log.Printf("unnecessary v2 in %v", segments)
+			log.Debugf("unnecessary v2 in %v", segments)
 			continue
 		}
 		url += "/" + s
@ -45,6 +46,8 @@ func BuildRegistryURL(segments ...string) string {
 // RegistryAPIGet triggers GET request to the URL which is the endpoint of registry and returns the response body.
 // It will attach a valid jwt token to the request if registry requires.
 func RegistryAPIGet(url, username string) ([]byte, error) {
 	log.Debugf("Registry API url: %s", url)
 	response, err := http.Get(url)
 	if err != nil {
 		return nil, err
@ -58,8 +61,8 @@ func RegistryAPIGet(url, username string) ([]byte, error) {
 		return result, nil
 	} else if response.StatusCode == http.StatusUnauthorized {
 		authenticate := response.Header.Get("WWW-Authenticate")
 		log.Debugf("authenticate header: %s", authenticate)
 		str := strings.Split(authenticate, " ")[1]
 		log.Println("url: " + url)
 		var service string
 		var scope string
 		strs := strings.Split(str, ",")
@ -70,8 +73,12 @@ func RegistryAPIGet(url, username string) ([]byte, error) {
 				scope = s
 			}
 		}
-		service = strings.Split(service, "\"")[1]
+		if arr := strings.Split(service, "\""); len(arr) > 1 {
-		scope = strings.Split(scope, "\"")[1]
+			service = arr[1]
 		}
 		if arr := strings.Split(scope, "\""); len(arr) > 1 {
 			scope = arr[1]
 		}
 		token, err := GenTokenForUI(username, service, scope)
 		if err != nil {
 			return nil, err
@ -83,7 +90,7 @@ func RegistryAPIGet(url, username string) ([]byte, error) {
 		request.Header.Add("Authorization", "Bearer "+token)
 		client := &http.Client{}
 		client.CheckRedirect = func(req *http.Request, via []*http.Request) error {
-			//	log.Printf("via length: %d\n", len(via))
+			//	log.Infof("via length: %d\n", len(via))
 			if len(via) >= 10 {
 				return fmt.Errorf("too many redirects")
 			}
@ -100,7 +107,7 @@ func RegistryAPIGet(url, username string) ([]byte, error) {
 		}
 		if response.StatusCode != http.StatusOK {
 			errMsg := fmt.Sprintf("Unexpected return code from registry: %d", response.StatusCode)
-			log.Printf(errMsg)
+			log.Error(errMsg)
 			return nil, fmt.Errorf(errMsg)
 		}
 		result, err = ioutil.ReadAll(response.Body)