2022-06-10 04:59:40 +02:00
|
|
|
// Copyright Project Harbor Authors
|
2017-04-13 12:54:58 +02:00
|
|
|
//
|
2022-06-10 04:59:40 +02:00
|
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
// you may not use this file except in compliance with the License.
|
|
|
|
// You may obtain a copy of the License at
|
2017-04-13 12:54:58 +02:00
|
|
|
//
|
2022-06-10 04:59:40 +02:00
|
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
2017-04-13 12:54:58 +02:00
|
|
|
//
|
2022-06-10 04:59:40 +02:00
|
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
// See the License for the specific language governing permissions and
|
|
|
|
// limitations under the License.
|
2016-04-11 10:43:13 +02:00
|
|
|
|
|
|
|
package main
|
|
|
|
|
|
|
|
import (
|
2021-03-01 05:02:40 +01:00
|
|
|
"context"
|
2022-01-24 12:43:30 +01:00
|
|
|
"flag"
|
2016-04-11 10:43:13 +02:00
|
|
|
"fmt"
|
2022-07-01 08:25:45 +02:00
|
|
|
"net/http"
|
2020-06-15 18:20:18 +02:00
|
|
|
"net/url"
|
2020-01-22 06:00:39 +01:00
|
|
|
"os"
|
|
|
|
"os/signal"
|
2020-06-15 18:20:18 +02:00
|
|
|
"strings"
|
2020-01-22 06:00:39 +01:00
|
|
|
"syscall"
|
|
|
|
"time"
|
|
|
|
|
2022-11-24 11:07:42 +01:00
|
|
|
"github.com/beego/beego/v2/server/web"
|
2022-07-20 05:33:08 +02:00
|
|
|
|
2018-08-23 09:02:20 +02:00
|
|
|
"github.com/goharbor/harbor/src/common/dao"
|
2020-03-11 07:40:12 +01:00
|
|
|
common_http "github.com/goharbor/harbor/src/common/http"
|
2021-08-23 09:13:06 +02:00
|
|
|
configCtl "github.com/goharbor/harbor/src/controller/config"
|
2020-03-24 13:45:45 +01:00
|
|
|
_ "github.com/goharbor/harbor/src/controller/event/handler"
|
2021-04-09 09:30:20 +02:00
|
|
|
"github.com/goharbor/harbor/src/controller/health"
|
2021-03-31 09:49:23 +02:00
|
|
|
"github.com/goharbor/harbor/src/controller/registry"
|
2022-07-01 08:25:45 +02:00
|
|
|
"github.com/goharbor/harbor/src/controller/systemartifact"
|
2018-09-12 08:38:29 +02:00
|
|
|
"github.com/goharbor/harbor/src/core/api"
|
2019-01-11 11:16:50 +01:00
|
|
|
_ "github.com/goharbor/harbor/src/core/auth/authproxy"
|
2018-09-12 08:38:29 +02:00
|
|
|
_ "github.com/goharbor/harbor/src/core/auth/db"
|
|
|
|
_ "github.com/goharbor/harbor/src/core/auth/ldap"
|
2019-09-17 03:52:34 +02:00
|
|
|
_ "github.com/goharbor/harbor/src/core/auth/oidc"
|
2018-09-12 08:38:29 +02:00
|
|
|
_ "github.com/goharbor/harbor/src/core/auth/uaa"
|
2019-06-20 13:33:23 +02:00
|
|
|
"github.com/goharbor/harbor/src/core/middlewares"
|
2018-09-12 08:38:29 +02:00
|
|
|
"github.com/goharbor/harbor/src/core/service/token"
|
2022-07-01 08:25:45 +02:00
|
|
|
"github.com/goharbor/harbor/src/core/session"
|
2020-12-08 10:40:03 +01:00
|
|
|
"github.com/goharbor/harbor/src/lib/cache"
|
|
|
|
_ "github.com/goharbor/harbor/src/lib/cache/memory" // memory cache
|
|
|
|
_ "github.com/goharbor/harbor/src/lib/cache/redis" // redis cache
|
2021-04-09 09:30:20 +02:00
|
|
|
"github.com/goharbor/harbor/src/lib/config"
|
2020-04-02 08:08:52 +02:00
|
|
|
"github.com/goharbor/harbor/src/lib/log"
|
2020-10-18 18:16:02 +02:00
|
|
|
"github.com/goharbor/harbor/src/lib/metric"
|
2021-03-01 05:02:40 +01:00
|
|
|
"github.com/goharbor/harbor/src/lib/orm"
|
2022-07-01 08:25:45 +02:00
|
|
|
"github.com/goharbor/harbor/src/lib/retry"
|
2021-08-23 09:13:06 +02:00
|
|
|
tracelib "github.com/goharbor/harbor/src/lib/trace"
|
2020-03-16 03:20:17 +01:00
|
|
|
"github.com/goharbor/harbor/src/migration"
|
2022-07-01 08:52:47 +02:00
|
|
|
_ "github.com/goharbor/harbor/src/pkg/accessory/model/base"
|
|
|
|
_ "github.com/goharbor/harbor/src/pkg/accessory/model/cosign"
|
2022-06-10 04:59:40 +02:00
|
|
|
"github.com/goharbor/harbor/src/pkg/audit"
|
2021-11-04 08:26:38 +01:00
|
|
|
dbCfg "github.com/goharbor/harbor/src/pkg/config/db"
|
2021-09-17 00:47:01 +02:00
|
|
|
_ "github.com/goharbor/harbor/src/pkg/config/inmemory"
|
2019-08-07 14:30:26 +02:00
|
|
|
"github.com/goharbor/harbor/src/pkg/notification"
|
2020-02-22 04:05:11 +01:00
|
|
|
_ "github.com/goharbor/harbor/src/pkg/notifier/topic"
|
2021-08-23 09:13:06 +02:00
|
|
|
"github.com/goharbor/harbor/src/pkg/oidc"
|
2019-10-17 06:00:51 +02:00
|
|
|
"github.com/goharbor/harbor/src/pkg/scan"
|
|
|
|
"github.com/goharbor/harbor/src/pkg/scan/dao/scanner"
|
2021-05-14 15:02:05 +02:00
|
|
|
pkguser "github.com/goharbor/harbor/src/pkg/user"
|
2019-10-29 09:09:54 +01:00
|
|
|
"github.com/goharbor/harbor/src/pkg/version"
|
2020-01-17 09:46:17 +01:00
|
|
|
"github.com/goharbor/harbor/src/server"
|
2016-04-11 10:43:13 +02:00
|
|
|
)
|
|
|
|
|
|
|
|
const (
|
|
|
|
adminUserID = 1
|
|
|
|
)
|
|
|
|
|
2021-05-07 10:07:19 +02:00
|
|
|
func updateInitPassword(ctx context.Context, userID int, password string) error {
|
2021-05-14 15:02:05 +02:00
|
|
|
userMgr := pkguser.Mgr
|
|
|
|
user, err := userMgr.Get(ctx, userID)
|
2016-04-11 10:43:13 +02:00
|
|
|
if err != nil {
|
2021-05-12 10:53:37 +02:00
|
|
|
return fmt.Errorf("failed to get user, userID: %d %v", userID, err)
|
2016-04-11 10:43:13 +02:00
|
|
|
}
|
|
|
|
if user.Salt == "" {
|
2021-05-14 15:02:05 +02:00
|
|
|
err = userMgr.UpdatePassword(ctx, userID, password)
|
2016-04-11 10:43:13 +02:00
|
|
|
if err != nil {
|
2021-05-12 10:53:37 +02:00
|
|
|
return fmt.Errorf("failed to update user encrypted password, userID: %d, err: %v", userID, err)
|
2016-04-11 10:43:13 +02:00
|
|
|
}
|
|
|
|
|
2019-08-06 15:56:18 +02:00
|
|
|
log.Infof("User id: %d updated its encrypted password successfully.", userID)
|
2016-04-11 10:43:13 +02:00
|
|
|
} else {
|
|
|
|
log.Infof("User id: %d already has its encrypted password.", userID)
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2021-08-27 18:24:14 +02:00
|
|
|
func gracefulShutdown(closing, done chan struct{}, shutdowns ...func()) {
|
2019-01-28 09:39:07 +01:00
|
|
|
signals := make(chan os.Signal, 1)
|
|
|
|
signal.Notify(signals, syscall.SIGINT, syscall.SIGTERM, syscall.SIGQUIT)
|
|
|
|
log.Infof("capture system signal %s, to close \"closing\" channel", <-signals)
|
|
|
|
close(closing)
|
2021-08-27 18:24:14 +02:00
|
|
|
shutdownChan := make(chan struct{}, 1)
|
|
|
|
go func() {
|
|
|
|
for _, s := range shutdowns {
|
|
|
|
s()
|
|
|
|
}
|
|
|
|
<-done
|
2019-08-22 10:11:37 +02:00
|
|
|
log.Infof("Goroutines exited normally")
|
2021-08-27 18:24:14 +02:00
|
|
|
shutdownChan <- struct{}{}
|
|
|
|
}()
|
|
|
|
select {
|
|
|
|
case <-shutdownChan:
|
|
|
|
log.Infof("all shutdown jobs done")
|
2019-08-22 10:11:37 +02:00
|
|
|
case <-time.After(time.Second * 3):
|
|
|
|
log.Infof("Timeout waiting goroutines to exit")
|
|
|
|
}
|
2021-08-27 18:24:14 +02:00
|
|
|
|
2019-08-22 10:11:37 +02:00
|
|
|
os.Exit(0)
|
2019-01-28 09:39:07 +01:00
|
|
|
}
|
|
|
|
|
2016-04-11 10:43:13 +02:00
|
|
|
func main() {
|
2022-01-24 12:43:30 +01:00
|
|
|
runMode := flag.String("mode", "normal", "The harbor-core container run mode, it could be normal, migrate or skip-migrate, default is normal")
|
|
|
|
flag.Parse()
|
|
|
|
|
2022-11-24 11:07:42 +01:00
|
|
|
web.BConfig.WebConfig.Session.SessionOn = true
|
|
|
|
web.BConfig.WebConfig.Session.SessionName = config.SessionCookieName
|
|
|
|
web.BConfig.MaxMemory = 1 << 35 // (32GB)
|
|
|
|
web.BConfig.MaxUploadSize = 1 << 35 // (32GB)
|
2019-08-22 10:11:37 +02:00
|
|
|
|
2020-06-15 18:20:18 +02:00
|
|
|
redisURL := os.Getenv("_REDIS_URL_CORE")
|
2016-07-27 14:12:53 +02:00
|
|
|
if len(redisURL) > 0 {
|
2020-06-15 18:20:18 +02:00
|
|
|
u, err := url.Parse(redisURL)
|
|
|
|
if err != nil {
|
2022-03-17 07:53:20 +01:00
|
|
|
panic("bad _REDIS_URL")
|
2020-06-15 18:20:18 +02:00
|
|
|
}
|
|
|
|
|
2022-11-24 11:07:42 +01:00
|
|
|
web.BConfig.WebConfig.Session.SessionProvider = session.HarborProviderName
|
|
|
|
web.BConfig.WebConfig.Session.SessionProviderConfig = redisURL
|
2020-12-08 10:40:03 +01:00
|
|
|
|
|
|
|
log.Info("initializing cache ...")
|
|
|
|
if err := cache.Initialize(u.Scheme, redisURL); err != nil {
|
|
|
|
log.Fatalf("failed to initialize cache: %v", err)
|
|
|
|
}
|
2021-11-04 08:26:38 +01:00
|
|
|
// when config/db init function is called, the cache is not ready,
|
|
|
|
// enable config cache explicitly when the cache is ready
|
|
|
|
dbCfg.EnableConfigCache()
|
2016-07-27 14:12:53 +02:00
|
|
|
}
|
2022-11-24 11:07:42 +01:00
|
|
|
web.AddTemplateExt("htm")
|
2016-09-13 11:41:32 +02:00
|
|
|
|
2016-12-30 11:04:01 +01:00
|
|
|
log.Info("initializing configurations...")
|
2019-11-28 09:53:05 +01:00
|
|
|
config.Init()
|
2016-12-30 11:04:01 +01:00
|
|
|
log.Info("configurations initialization completed")
|
2020-10-18 18:16:02 +02:00
|
|
|
metricCfg := config.Metric()
|
|
|
|
if metricCfg.Enabled {
|
|
|
|
metric.RegisterCollectors()
|
|
|
|
go metric.ServeProm(metricCfg.Path, metricCfg.Port)
|
|
|
|
}
|
2021-08-23 09:13:06 +02:00
|
|
|
ctx := context.Background()
|
2021-09-17 00:47:01 +02:00
|
|
|
config.InitTraceConfig(ctx)
|
2021-08-27 18:24:14 +02:00
|
|
|
shutdownTracerProvider := tracelib.InitGlobalTracer(ctx)
|
2017-02-26 12:53:13 +01:00
|
|
|
token.InitCreators()
|
2016-12-30 11:04:01 +01:00
|
|
|
database, err := config.Database()
|
|
|
|
if err != nil {
|
|
|
|
log.Fatalf("failed to get database configuration: %v", err)
|
|
|
|
}
|
2020-02-24 12:50:02 +01:00
|
|
|
if err := dao.InitDatabase(database); err != nil {
|
2016-12-30 11:04:01 +01:00
|
|
|
log.Fatalf("failed to initialize database: %v", err)
|
|
|
|
}
|
2022-01-24 12:43:30 +01:00
|
|
|
if strings.EqualFold(*runMode, "migrate") {
|
|
|
|
// Used by Harbor helm preinstall, preupgrade hook container
|
|
|
|
if err = migration.Migrate(database); err != nil {
|
|
|
|
log.Fatalf("failed to migrate the database, error: %v", err)
|
|
|
|
}
|
|
|
|
log.Info("the database migrate success")
|
|
|
|
os.Exit(0)
|
|
|
|
} else if strings.EqualFold(*runMode, "skip-migrate") {
|
|
|
|
log.Info("skip the database migrate")
|
|
|
|
} else {
|
|
|
|
// Run migrator as normal
|
|
|
|
if err = migration.Migrate(database); err != nil {
|
|
|
|
log.Fatalf("failed to migrate the database, error: %v", err)
|
|
|
|
}
|
2022-10-31 03:45:05 +01:00
|
|
|
|
|
|
|
log.Info("The database has been migrated successfully")
|
2020-02-24 12:50:02 +01:00
|
|
|
}
|
2022-01-24 12:43:30 +01:00
|
|
|
|
2021-08-23 09:13:06 +02:00
|
|
|
ctx = orm.Clone(ctx)
|
2021-04-16 09:13:35 +02:00
|
|
|
if err := config.Load(ctx); err != nil {
|
2019-01-09 10:40:27 +01:00
|
|
|
log.Fatalf("failed to load config: %v", err)
|
|
|
|
}
|
2021-04-16 09:13:35 +02:00
|
|
|
if err := configCtl.Ctl.OverwriteConfig(ctx); err != nil {
|
|
|
|
log.Fatalf("failed to init config from CONFIG_OVERWRITE_JSON, error %v", err)
|
|
|
|
}
|
2016-12-30 11:04:01 +01:00
|
|
|
password, err := config.InitialAdminPassword()
|
|
|
|
if err != nil {
|
2019-08-06 15:56:18 +02:00
|
|
|
log.Fatalf("failed to get admin's initial password: %v", err)
|
2016-12-30 11:04:01 +01:00
|
|
|
}
|
2021-05-07 10:07:19 +02:00
|
|
|
if err := updateInitPassword(ctx, adminUserID, password); err != nil {
|
2016-04-11 10:43:13 +02:00
|
|
|
log.Error(err)
|
|
|
|
}
|
2017-04-26 09:28:13 +02:00
|
|
|
|
2018-09-05 10:16:31 +02:00
|
|
|
// Init API handler
|
2018-07-19 17:50:25 +02:00
|
|
|
if err := api.Init(); err != nil {
|
|
|
|
log.Fatalf("Failed to initialize API handlers with error: %s", err.Error())
|
|
|
|
}
|
|
|
|
|
2021-04-09 09:30:20 +02:00
|
|
|
health.RegisterHealthCheckers()
|
2021-03-01 05:02:40 +01:00
|
|
|
registerScanners(orm.Context())
|
2017-07-06 18:38:38 +02:00
|
|
|
|
2019-04-04 16:17:29 +02:00
|
|
|
closing := make(chan struct{})
|
2019-08-22 10:11:37 +02:00
|
|
|
done := make(chan struct{})
|
2021-08-27 18:24:14 +02:00
|
|
|
go gracefulShutdown(closing, done, shutdownTracerProvider)
|
2021-03-31 09:49:23 +02:00
|
|
|
// Start health checker for registries
|
|
|
|
go registry.Ctl.StartRegularHealthCheck(orm.Context(), closing, done)
|
2022-06-10 04:59:40 +02:00
|
|
|
// Init audit log
|
|
|
|
auditEP := config.AuditLogForwardEndpoint(ctx)
|
|
|
|
audit.LogMgr.Init(ctx, auditEP)
|
2019-01-28 09:39:07 +01:00
|
|
|
|
2019-08-07 14:30:26 +02:00
|
|
|
log.Info("initializing notification...")
|
|
|
|
notification.Init()
|
|
|
|
|
2020-01-17 09:46:17 +01:00
|
|
|
server.RegisterRoutes()
|
2018-07-13 05:15:41 +02:00
|
|
|
|
2020-03-11 07:40:12 +01:00
|
|
|
if common_http.InternalTLSEnabled() {
|
2020-02-11 07:03:04 +01:00
|
|
|
log.Info("internal TLS enabled, Init TLS ...")
|
|
|
|
iTLSKeyPath := os.Getenv("INTERNAL_TLS_KEY_PATH")
|
|
|
|
iTLSCertPath := os.Getenv("INTERNAL_TLS_CERT_PATH")
|
|
|
|
|
2020-03-11 07:40:12 +01:00
|
|
|
log.Infof("load client key: %s client cert: %s", iTLSKeyPath, iTLSCertPath)
|
2022-11-24 11:07:42 +01:00
|
|
|
web.BConfig.Listen.EnableHTTP = false
|
|
|
|
web.BConfig.Listen.EnableHTTPS = true
|
|
|
|
web.BConfig.Listen.HTTPSPort = 8443
|
|
|
|
web.BConfig.Listen.HTTPSKeyFile = iTLSKeyPath
|
|
|
|
web.BConfig.Listen.HTTPSCertFile = iTLSCertPath
|
|
|
|
web.BeeApp.Server.TLSConfig = common_http.NewServerTLSConfig()
|
2020-02-11 07:03:04 +01:00
|
|
|
}
|
2019-10-29 09:09:54 +01:00
|
|
|
|
2020-02-11 07:03:04 +01:00
|
|
|
log.Infof("Version: %s, Git commit: %s", version.ReleaseVersion, version.GitCommit)
|
2021-07-11 15:49:42 +02:00
|
|
|
|
|
|
|
log.Info("Fix empty subiss for meta info data.")
|
2022-06-07 11:00:36 +02:00
|
|
|
_, err = oidc.FixEmptySubIss(orm.Context())
|
|
|
|
if err != nil {
|
|
|
|
log.Warningf("oidc.FixEmptySubIss() errors out, error: %v", err)
|
|
|
|
}
|
2022-07-01 08:25:45 +02:00
|
|
|
// Scheduling of system artifact depends on the jobservice, where gorountine is used to avoid the circular
|
|
|
|
// dependencies between core and jobservice.
|
|
|
|
go func() {
|
|
|
|
url := config.InternalJobServiceURL() + "/api/v1/stats"
|
|
|
|
checker := health.HTTPStatusCodeHealthChecker(http.MethodGet, url, nil, 60*time.Second, http.StatusOK)
|
|
|
|
options := []retry.Option{
|
|
|
|
retry.InitialInterval(time.Millisecond * 500),
|
|
|
|
retry.MaxInterval(time.Second * 10),
|
|
|
|
retry.Timeout(time.Minute),
|
|
|
|
retry.Callback(func(err error, sleep time.Duration) {
|
|
|
|
log.Debugf("failed to ping %s, retry after %s : %v", url, sleep, err)
|
|
|
|
}),
|
|
|
|
}
|
|
|
|
if err := retry.Retry(checker.Check, options...); err != nil {
|
|
|
|
log.Errorf("failed to check the jobservice health status: timeout, error: %v", err)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
systemartifact.ScheduleCleanupTask(ctx)
|
|
|
|
}()
|
2022-11-24 11:07:42 +01:00
|
|
|
web.RunWithMiddleWares("", middlewares.MiddleWares()...)
|
2016-04-11 10:43:13 +02:00
|
|
|
}
|
2020-02-18 12:46:51 +01:00
|
|
|
|
2020-04-15 04:25:52 +02:00
|
|
|
const (
|
|
|
|
trivyScanner = "Trivy"
|
|
|
|
)
|
|
|
|
|
2021-03-01 05:02:40 +01:00
|
|
|
func registerScanners(ctx context.Context) {
|
2020-02-18 17:31:26 +01:00
|
|
|
wantedScanners := make([]scanner.Registration, 0)
|
2020-04-15 04:25:52 +02:00
|
|
|
uninstallScannerNames := make([]string, 0)
|
2020-02-18 12:46:51 +01:00
|
|
|
|
|
|
|
if config.WithTrivy() {
|
2020-02-18 17:31:26 +01:00
|
|
|
log.Info("Registering Trivy scanner")
|
|
|
|
wantedScanners = append(wantedScanners, scanner.Registration{
|
2020-04-15 04:25:52 +02:00
|
|
|
Name: trivyScanner,
|
2020-02-18 12:46:51 +01:00
|
|
|
Description: "The Trivy scanner adapter",
|
|
|
|
URL: config.TrivyAdapterURL(),
|
|
|
|
UseInternalAddr: true,
|
|
|
|
Immutable: true,
|
2020-02-18 17:31:26 +01:00
|
|
|
})
|
2020-02-18 12:46:51 +01:00
|
|
|
} else {
|
2020-02-18 17:31:26 +01:00
|
|
|
log.Info("Removing Trivy scanner")
|
2020-04-15 04:25:52 +02:00
|
|
|
uninstallScannerNames = append(uninstallScannerNames, trivyScanner)
|
2020-02-18 12:46:51 +01:00
|
|
|
}
|
|
|
|
|
2021-03-01 05:02:40 +01:00
|
|
|
if err := scan.RemoveImmutableScanners(ctx, uninstallScannerNames); err != nil {
|
2020-09-03 05:11:16 +02:00
|
|
|
log.Warningf("failed to remove scanners: %v", err)
|
|
|
|
}
|
|
|
|
|
2021-03-01 05:02:40 +01:00
|
|
|
if err := scan.EnsureScanners(ctx, wantedScanners); err != nil {
|
2020-02-18 17:31:26 +01:00
|
|
|
log.Fatalf("failed to register scanners: %v", err)
|
|
|
|
}
|
|
|
|
|
2020-04-15 04:25:52 +02:00
|
|
|
if defaultScannerName := getDefaultScannerName(); defaultScannerName != "" {
|
|
|
|
log.Infof("Setting %s as default scanner", defaultScannerName)
|
2021-03-01 05:02:40 +01:00
|
|
|
if err := scan.EnsureDefaultScanner(ctx, defaultScannerName); err != nil {
|
2020-02-18 17:31:26 +01:00
|
|
|
log.Fatalf("failed to set default scanner: %v", err)
|
|
|
|
}
|
|
|
|
}
|
2020-02-18 12:46:51 +01:00
|
|
|
}
|
2020-02-18 17:31:26 +01:00
|
|
|
|
2020-04-15 04:25:52 +02:00
|
|
|
func getDefaultScannerName() string {
|
2020-02-18 17:31:26 +01:00
|
|
|
if config.WithTrivy() {
|
2020-04-15 04:25:52 +02:00
|
|
|
return trivyScanner
|
2020-02-18 17:31:26 +01:00
|
|
|
}
|
|
|
|
return ""
|
|
|
|
}
|