Commit Graph

101 Commits

Author SHA1 Message Date
root
6f335bdb1a Deprivilege harobr-log, harbor-db, registry image.
This change involves using non-root user to run the process of the
docker images.  Also made update in Dockerfile to make the containers
support "read-only" and introduce "HEALTHCHECK". Note the "read-only"
options are not enabled in docker-compose, to cover the very corner
case when user wants to update the container filesystem manually.

Remove read only option from docker-compose template by default
2017-11-02 23:35:06 -07:00
Daniel Jiang
6a9dc8a133
Merge pull request #3495 from ywk253100/171031_config
Add email_insecure and delete verify_remote_cert configuration item from harbor.cfg
2017-11-02 17:47:48 +08:00
Wenkai Yin
f3a4cecdcb Add email_insecure and delete verify_remote_cert configuration item from harbor.cfg 2017-10-31 13:51:49 +08:00
Wenkai Yin
0ddca31355 Add column id to table project_metadagta as the primary key 2017-10-30 17:37:25 +08:00
Tan Jiang
5b12747761 Fix the bug to change permission of bootstrap scripts 2017-10-27 14:10:48 +08:00
Tan Jiang
2cedfff4b3 Rebuild Harbor DB docker image on top of Maria DB
This change reworked the vmware/harbor-db image to build it on top of
vmware/mariadb-photon.
Also made minor change in the entrypoint script of mariadb image to
execute upgrade script during bootstrap, and fix a file permission
issue in the bootstrap scripts.
2017-10-26 12:27:09 +08:00
Daniel Jiang
bda38bd72e Merge pull request #3451 from reasonerjt/commit-message
Provide a template for git commit messages
2017-10-24 19:20:08 +08:00
Tan Jiang
aa84090587 Provide a template for git commit messages
Also removed some comment in the entrypoint script.
2017-10-24 17:54:06 +08:00
yixingjia
160c716d83 Merge pull request #3423 from yixingjia/ossrsyslog
Update OSS in rsyslog images
2017-10-23 21:11:51 -07:00
yixingj
20929350b1 Update OSS in rsyslog images
1> change to new photon base images
2> update OSS to latest
2017-10-23 16:37:28 +08:00
Daniel Jiang
cf5bcbebb9 Merge pull request #3415 from reasonerjt/mariadb-on-photon
Provide Dockerfile and artifacts for building mariadb on photon OS.
2017-10-23 12:19:04 +08:00
yixingj
535e7cadd5 Update OSS in rsyslog images
1> change to new photon base images
2> update OSS to latest
2017-10-23 12:02:22 +08:00
Wenkai Yin
2156750b04 Move certificate verification to target level
The certificate verification is on system level before this commit. Moving it
to target level makes the configuration more flexible for different targets.
2017-10-20 15:36:56 +08:00
Tan Jiang
1871011a5d Provide Dockerfile and artifacts for building mariadb on photon OS.
Also update the docker-compose template such that the notary db instance
will be provisioned via the mariadb-photon image.
2017-10-20 14:41:36 +08:00
Wenkai Yin
66b2d0d3f3 Apply project level policies to standalone Harbor
The following features are only enabled in integration mode, this commit moves
these to standalone Harbor:
 - Content trust policy: only signed images can be pulled
 - Vulnerability policy: only images whose severity is below the threshold can be pulled
 - Automatic scan policy: automatic scan pushed images
2017-10-19 17:33:28 +08:00
yixingjia
95743f9a81 Merge pull request #3373 from yixingjia/updatenginx
Update nginx images OSS to latest
2017-10-17 22:13:11 -07:00
Daniel Jiang
e6874cf9f1 Merge pull request #3383 from reasonerjt/uaa-integration
Make the root CA certificate of UAA configurable
2017-10-17 12:20:22 +08:00
Daniel Jiang
b5551af27f Merge pull request #3382 from ywk253100/171013_rotate
Make log rotate days configurable
2017-10-17 11:22:46 +08:00
Tan Jiang
eab6b43d99 Make the root CA certificate of UAA should be configurable 2017-10-16 17:40:29 +08:00
Wenkai Yin
bc3d859571 make log rotate days configurable 2017-10-16 17:09:28 +08:00
yixingj
28b60bd197 Update nginx images OSS to latest
1>update nginx images OSS to latest
2>Fix nginx version issue
2017-10-13 15:25:19 +08:00
yixingj
3dc0f65fb3 Update OSS in postgresql image
1> update OSS in postgresql image
2> update postgresql to 9.6.5
2017-10-12 17:08:47 +08:00
Tan Jiang
51286d9baa Provide UAA authenticator for password based authentication. 2017-10-07 00:16:53 +08:00
Wenkai Yin
e495357d98 implement the default project metadata manager 2017-09-28 16:17:51 +08:00
yixingj
357004fbf1 Make Harbor database configurable 2017-09-25 13:29:49 +08:00
yixingj
026e8e7f95 disable nginx buffer
When host in low disk status, enable the buffer will cause upload error.
2017-09-01 18:44:13 +08:00
yixingjia
8f34945d4b Merge pull request #3112 from yixingjia/nginx_temp_path
Try to fix some wired permission error
2017-08-25 20:32:56 -07:00
yixingj
362bf1a83e Try to fix some wired permission error 2017-08-24 15:42:20 +08:00
Tan Jiang
c1bbcb5bab update the interval of clair updater to 12 hours, and update the interval for scan all to 2 hours 2017-08-21 13:45:23 +08:00
Wenkai Yin
7296bdc131 increase length of username in database to 256 2017-08-17 15:24:34 +08:00
Tan Jiang
885ddfddd0 enable buffer on nginx 2017-08-04 21:22:22 +08:00
Daniel Jiang
5c8be3502c Merge pull request #2697 from yixingjia/rsyslog
Prepare rsyslog docker based on photon
2017-07-19 18:08:05 +08:00
Tan Jiang
629cf29850 The password to access clair db can be configured in harbor.cfg, skip auto-scan if clair-db is not ready 2017-07-17 15:25:47 +08:00
Tan Jiang
e1e975096c add int id for scan overview and revoke the change in beego 2017-07-09 12:37:08 +08:00
Daniel Jiang
b96770b90a Merge pull request #2693 from reasonerjt/clair-notification
Clair notification handler
2017-07-05 20:18:34 +08:00
Yan
d849c36e3f Merge pull request #2570 from samifruit514/master
Allow 255 chars for Realname
2017-07-05 03:17:57 -07:00
Tan Jiang
8b31715b34 provide Clair notification handler
update the timestamp in DB, when handling the notification
2017-07-05 15:35:53 +08:00
yixingj
3d5cd32ee8 Base dockerfile for rsyslog 2017-07-04 17:57:37 +08:00
Yan
2638e3dc7d Merge pull request #2682 from wy65701436/db-migrate
1.2.0 DB migrator
2017-07-03 22:51:31 -07:00
wangyan
c986c33a6c 1.2.0 DB migration
update

update
2017-06-30 03:01:56 -07:00
yixingj
fc50fd51d5 Move nginx to photon OS 2017-06-30 14:03:42 +08:00
yixingjia
b79b80c6ee Merge pull request #2657 from yixingjia/clairofflinedata
Support include offline data on clair startup
2017-06-28 18:01:34 +08:00
yixingj
a23c6ee8c6 Support include offline data on clair startup 2017-06-28 15:45:16 +08:00
yixingj
27670742b4 Change version fromat and add init db sql directory 2017-06-26 15:31:34 +08:00
yixingj
e0af9c036f Update clair postgresql to use photon os 2017-06-26 10:56:29 +08:00
Archambault, Samuel
18cea61121 Allow 255 chars for Realname 2017-06-19 13:54:21 -04:00
Tan Jiang
15384317e0 add with_clair flag in systeminfo 2017-06-15 16:15:46 +08:00
Tan Jiang
ae2d868fd4 handlers for image scan, store results overview in DB 2017-06-13 23:37:54 +08:00
Daniel Jiang
42984fe1c9 refactory for scan job service (#2459)
* refactory for scan job service and implement ScanJob.
2017-06-08 15:04:23 +08:00
Daniel Jiang
5892ef29c2 Merge pull request #2291 from reasonerjt/vulscan-job-refactory
add scan job table and dao functions
2017-05-12 02:45:55 -04:00