Commit Graph

48 Commits

Author SHA1 Message Date
Yan
d5b85a6748
Add the registry controller httpserver, it's responsible for controlling (#5265)
docker regsitry. This version has the API to call regsitry GC with jobservice
secret. Seprates it into a standalone container as do not want to invoke two
processes in one container.

It needs to mount the registry storage into this container in order to do GC,
and needs to copy the registry binary into it.
2018-07-16 16:50:28 +08:00
Yilong Ren
15d6145f5c make/docker-compose.tpl: fix wrong mount configuration(#5208) 2018-07-04 14:12:10 +08:00
Tan Jiang
21ec4808ec Collect log of redis
Previously the log file was set to a hard coded file, but given this
redis should run in container, the update is made to have the process
output log messages to standard output, and redirect it to syslog in
docker-compose template.
2018-04-30 18:16:11 +08:00
Yan
ae257433cc
Fully migrate harbor db to postgresql (#4689)
* Merge harbor db to postgres
2018-04-27 02:27:12 -07:00
Steven Zou
250360307b Modify docker compose file template and make file to enable new job service
Fix typo in Makefile under photon

Fix version tag issue of redis container

Assign container name for redis container

Update docker compose template to enable network for redis

Remove exposed ports of redis from compose yaml tpl
2018-03-30 16:52:55 +08:00
Tan Jiang
7238efd9ae Integrate new jobservice into docker-compose template
This commit doesn't integrate redis.  No change to makefile b/c it
should work once the temporary jobservice_v2 folder is renamed to jobservice.
2018-03-22 19:48:22 +08:00
Tan Jiang
07251181b9 Remove extra-hosts from docker-compose template 2018-02-05 00:02:37 +08:00
Wenkai Yin
2221e114fa Add SELinux label for all volumes 2018-01-30 14:25:43 +08:00
Tan Jiang
5975e6b964 Add place holder for injecting UAA host
As this is for tile deployment only, so add a shortcut for tile/bosh
script to add entry in /etc/hosts inside the container.
Due to effort consideration I don't think we want to render
docker-compose in `prepare` script.
2018-01-25 13:22:43 +08:00
Tan Jiang
e02de2068a Enable configuring the CA Certificate for UAA
Enable configuring the path of root cert of UAA in harbor.cfg.  It only
takes effects if the verify_cert is set to "true" If the file does not
exist, the configuration is skipped.
The intention for this commit is to support integration with nested UAA
in PAS or PKS, we don't expect user to manually configure this value,
though he can do it if he wants.
2018-01-03 16:21:29 +08:00
wangyan
1e750a1ed4 Unify images tags and build process 2017-12-14 23:52:18 -08:00
Wenkai Yin
66b9699ac2 Improve log rotation configurability 2017-11-09 14:33:05 +08:00
root
6f335bdb1a Deprivilege harobr-log, harbor-db, registry image.
This change involves using non-root user to run the process of the
docker images.  Also made update in Dockerfile to make the containers
support "read-only" and introduce "HEALTHCHECK". Note the "read-only"
options are not enabled in docker-compose, to cover the very corner
case when user wants to update the container filesystem manually.

Remove read only option from docker-compose template by default
2017-11-02 23:35:06 -07:00
Daniel Jiang
e6874cf9f1 Merge pull request #3383 from reasonerjt/uaa-integration
Make the root CA certificate of UAA configurable
2017-10-17 12:20:22 +08:00
Tan Jiang
eab6b43d99 Make the root CA certificate of UAA should be configurable 2017-10-16 17:40:29 +08:00
Wenkai Yin
bc3d859571 make log rotate days configurable 2017-10-16 17:09:28 +08:00
Wenkai Yin
232b9ca70c update the psc token dir 2017-08-02 14:50:49 +08:00
Yan
686b477775 update registry to 2.6.2 (#2851)
rm dockerfile

update

add comments
2017-07-24 02:19:32 -07:00
Wenkai Yin
7573d59624 update token file location 2017-07-19 13:46:10 +08:00
Daniel Jiang
1ca1eddb0f Merge pull request #2676 from yixingjia/nginxonphoton
Move nginx to photon OS
2017-07-01 00:08:08 +08:00
Wenkai Yin
bdbdb383ac update 2017-06-30 16:21:55 +08:00
yixingj
fc50fd51d5 Move nginx to photon OS 2017-06-30 14:03:42 +08:00
Wenkai Yin
d6b4330cc8 create a global project manager 2017-06-30 00:08:45 +08:00
Daniel Jiang
0b02231093 Update registry img (#2330)
* update the registry image

* update other yml files and docs to reflect image update
2017-05-19 00:19:27 -07:00
Tan Jiang
965c7a5e70 reference the patched nginx image 2017-04-07 15:07:46 +08:00
Wenkai Yin
e60fd0530f mount config to another dir, fix #1939 2017-04-07 09:14:41 +08:00
wy65701436
f6c4137af1 fix issue 1916 2017-04-05 22:53:09 -07:00
Daniel Jiang
7d6d641827 Merge branch 'master' into dev 2017-04-05 17:01:27 +08:00
Wenkai Yin
ee2a6748c0 mount ca dir to container, fix #1829 2017-03-30 12:50:20 +08:00
Tan Jiang
a33f4151e2 merge with dev branch 2017-03-24 14:40:34 +08:00
Tan Jiang
980101eab5 package vmware/registry into offline package 2017-03-23 12:36:36 +08:00
Tan Jiang
44cd3ec85b update make file and docker compose template 2017-03-22 20:56:08 +08:00
Tan Jiang
f9180c0c96 rebuild registry image on photon 2017-03-22 20:27:15 +08:00
Wenkai Yin
383997f785 read capacity from adminserver 2017-03-21 16:28:24 +08:00
Wenkai Yin
108aa21499 upgrade registry to 2.6.0 2017-03-16 13:44:16 +08:00
Aron Parsons
8ab45d439b label volumes for SELinux
allow Harbor to run when dockerd is running with --selinux-enabled

example AVC denials:
type=AVC msg=audit(1488384855.681:154671): avc:  denied  { read } for  pid=454 comm="registry" name="config.yml" dev="dm-8" ino=12583048 scontext=system_u:system_r:svirt_lxc_net_t:s0:c298,c958 tcontext=system_u:object_r:default_t:s0 tclass=file
type=AVC msg=audit(1488384855.681:154671): avc:  denied  { open } for  pid=454 comm="registry" path="/etc/registry/config.yml" dev="dm-8" ino=12583048 scontext=system_u:system_r:svirt_lxc_net_t:s0:c298,c958 tcontext=system_u:object_r:default_t:s0 tclass=file
type=AVC msg=audit(1488384855.687:154672): avc:  denied  { append } for  pid=350 comm=72733A6D61696E20513A526567 name="registry.log" dev="dm-5" ino=4315920 scontext=system_u:system_r:svirt_lxc_net_t:s0:c599,c800 tcontext=system_u:object_r:default_t:s0 tclass=file
type=AVC msg=audit(1488384856.895:154702): avc:  denied  { remove_name } for  pid=708 comm="mysqld" name="4691d4d62464.lower-test" dev="dm-12" ino=402656159 scontext=system_u:system_r:svirt_lxc_net_t:s0:c149,c797 tcontext=system_u:object_r:default_t:s0 tclass=dir
type=AVC msg=audit(1488384856.926:154703): avc:  denied  { lock } for  pid=708 comm="mysqld" path="/var/lib/mysql/ibdata1" dev="dm-12" ino=402656097 scontext=system_u:system_r:svirt_lxc_net_t:s0:c149,c797 tcontext=system_u:object_r:default_t:s0 tclass=file
type=AVC msg=audit(1488384857.958:154736): avc:  denied  { open } for  pid=924 comm="harbor_jobservi" path="/etc/jobservice/app.conf" dev="dm-8" ino=142 scontext=system_u:system_r:svirt_lxc_net_t:s0:c102,c158 tcontext=system_u:object_r:default_t:s0 tclass=file
type=AVC msg=audit(1488384858.089:154737): avc:  denied  { read } for  pid=1017 comm="nginx" name="nginx.conf" dev="dm-8" ino=4194445 scontext=system_u:system_r:svirt_lxc_net_t:s0:c847,c996 tcontext=system_u:object_r:default_t:s0 tclass=file
type=AVC msg=audit(1488384858.089:154737): avc:  denied  { open } for  pid=1017 comm="nginx" path="/etc/nginx/nginx.conf" dev="dm-8" ino=4194445 scontext=system_u:system_r:svirt_lxc_net_t:s0:c847,c996 tcontext=system_u:object_r:default_t:s0 tclass=file
2017-03-03 14:13:39 -05:00
yhua
9f18c8458b fix #1332 2017-02-27 18:52:22 +08:00
Wenkai Yin
9f3f48be59 add harbor network to adminserver 2017-02-24 14:35:11 +08:00
Wenkai Yin
414e8a8bcf Merge remote-tracking branch 'upstream/dev' into 170224_merge_config
Conflicts:
	make/docker-compose.tpl
	src/ui/service/token/authutils.go
2017-02-24 13:52:19 +08:00
Wenkai Yin
40eb6bb7d3 encrypt passwords enhancement 2017-02-22 16:59:28 +08:00
Wenkai Yin
390f89ee0a encrypt passwords and secret 2017-02-17 18:23:21 +08:00
Daniel Jiang
a17cd5bcfe add a default network for containers in harbor (#1384)
LGTM
2017-02-16 14:51:21 +08:00
Wenkai Yin
b62a958250 configure harbor 2017-01-12 17:15:32 +08:00
yhua
0249f2181a update registry from 2.5.0 to 2.5.1 2016-12-15 16:50:50 +08:00
kunw
55b98f9abd Merge remote-tracking branch 'upstream/dev' into dev-volume-info 2016-11-09 14:53:26 +08:00
Wenkai Yin
4fcfffeb47 upgrade nginx to 1.11.5 2016-11-02 15:49:28 +08:00
kunw
560b41b5e6 Merge remote-tracking branch 'upstream/dev' into dev-volume-info 2016-11-02 12:46:57 +08:00
yhua
03e2a3ee56 remove tag in docker-compose.yml 2016-10-26 13:09:12 +08:00