harbor/make/prepare

273 lines
11 KiB
Plaintext
Raw Normal View History

2016-02-01 12:59:10 +01:00
#!/usr/bin/python
2016-04-15 11:23:40 +02:00
# -*- coding: utf-8 -*-
from __future__ import print_function, unicode_literals # We require Python 2.6 or later
2016-02-01 12:59:10 +01:00
from string import Template
import random
import string
2016-04-15 11:23:40 +02:00
import os
2016-04-18 10:01:44 +02:00
import sys
import argparse
import subprocess
2016-10-14 11:13:15 +02:00
import shutil
2016-04-15 11:23:40 +02:00
from io import open
2016-04-18 10:01:44 +02:00
if sys.version_info[:3][0] == 2:
2016-04-15 11:23:40 +02:00
import ConfigParser as ConfigParser
import StringIO as StringIO
2016-04-18 10:01:44 +02:00
if sys.version_info[:3][0] == 3:
2016-04-15 11:23:40 +02:00
import configparser as ConfigParser
import io as StringIO
def validate(conf):
2016-10-14 11:13:15 +02:00
protocol = rcp.get("configuration", "ui_url_protocol")
if protocol == "https":
if not rcp.has_option("configuration", "ssl_cert"):
raise Exception("Error: The protocol is https but attribute ssl_cert is not set")
cert_path = rcp.get("configuration", "ssl_cert")
if not os.path.isfile(cert_path):
raise Exception("Error: The path for certificate: %s is invalid" % cert_path)
if not rcp.has_option("configuration", "ssl_cert_key"):
raise Exception("Error: The protocol is https but attribute ssl_cert_key is not set")
cert_key_path = rcp.get("configuration", "ssl_cert_key")
if not os.path.isfile(cert_key_path):
raise Exception("Error: The path for certificate key: %s is invalid" % cert_key_path)
def get_secret_key(path):
key_file = os.path.join(path, "secretkey")
if os.path.isfile(key_file):
with open(key_file, 'r') as f:
key = f.read()
print("loaded secret key")
if len(key) != 16:
raise Exception("secret key's length has to be 16 chars, current length: %d" % len(key))
return key
if not os.path.isdir(path):
os.makedirs(path, mode=0600)
key = ''.join(random.choice(string.ascii_letters+string.digits) for i in range(16))
with open(key_file, 'w') as f:
f.write(key)
print("generated and saved secret key")
return key
2016-10-19 08:32:00 +02:00
base_dir = os.path.dirname(__file__)
config_dir = os.path.join(base_dir, "common/config")
templates_dir = os.path.join(base_dir, "common/templates")
parser = argparse.ArgumentParser()
2016-10-19 08:32:00 +02:00
parser.add_argument('-conf', dest='cfgfile', default=base_dir+'/harbor.cfg',type=str,help="the path of Harbor configuration file")
parser.add_argument('--data-volume', dest='data_volume', default='/data/',type=str,help="the path of Harbor data volume, which is set in template of docker-compose.")
args = parser.parse_args()
#Read configurations
conf = StringIO.StringIO()
conf.write("[configuration]\n")
conf.write(open(args.cfgfile).read())
conf.seek(0, os.SEEK_SET)
2016-04-15 11:23:40 +02:00
rcp = ConfigParser.RawConfigParser()
rcp.readfp(conf)
validate(rcp)
2016-04-15 11:23:40 +02:00
hostname = rcp.get("configuration", "hostname")
2016-10-14 11:13:15 +02:00
protocol = rcp.get("configuration", "ui_url_protocol")
ui_url = protocol + "://" + hostname
2016-04-15 11:23:40 +02:00
email_server = rcp.get("configuration", "email_server")
email_server_port = rcp.get("configuration", "email_server_port")
email_username = rcp.get("configuration", "email_username")
email_password = rcp.get("configuration", "email_password")
email_from = rcp.get("configuration", "email_from")
email_ssl = rcp.get("configuration", "email_ssl")
2016-04-15 11:23:40 +02:00
harbor_admin_password = rcp.get("configuration", "harbor_admin_password")
auth_mode = rcp.get("configuration", "auth_mode")
ldap_url = rcp.get("configuration", "ldap_url")
2016-08-18 12:31:41 +02:00
# this two options are either both set or unset
if rcp.has_option("configuration", "ldap_searchdn"):
ldap_searchdn = rcp.get("configuration", "ldap_searchdn")
ldap_search_pwd = rcp.get("configuration", "ldap_search_pwd")
else:
ldap_searchdn = ""
ldap_search_pwd = ""
2016-04-15 11:23:40 +02:00
ldap_basedn = rcp.get("configuration", "ldap_basedn")
2016-08-18 12:31:41 +02:00
# ldap_filter is null by default
if rcp.has_option("configuration", "ldap_filter"):
ldap_filter = rcp.get("configuration", "ldap_filter")
else:
ldap_filter = ""
ldap_uid = rcp.get("configuration", "ldap_uid")
ldap_scope = rcp.get("configuration", "ldap_scope")
2016-04-15 11:23:40 +02:00
db_password = rcp.get("configuration", "db_password")
self_registration = rcp.get("configuration", "self_registration")
use_compressed_js = rcp.get("configuration", "use_compressed_js")
2016-10-14 11:13:15 +02:00
if protocol == "https":
cert_path = rcp.get("configuration", "ssl_cert")
cert_key_path = rcp.get("configuration", "ssl_cert_key")
customize_crt = rcp.get("configuration", "customize_crt")
2016-04-25 10:08:16 +02:00
crt_country = rcp.get("configuration", "crt_country")
crt_state = rcp.get("configuration", "crt_state")
2016-04-25 10:08:16 +02:00
crt_location = rcp.get("configuration", "crt_location")
crt_organization = rcp.get("configuration", "crt_organization")
crt_organizationalunit = rcp.get("configuration", "crt_organizationalunit")
crt_commonname = rcp.get("configuration", "crt_commonname")
crt_email = rcp.get("configuration", "crt_email")
max_job_workers = rcp.get("configuration", "max_job_workers")
2016-08-08 05:21:48 +02:00
token_expiration = rcp.get("configuration", "token_expiration")
2016-06-22 12:41:56 +02:00
verify_remote_cert = rcp.get("configuration", "verify_remote_cert")
#secret_key = rcp.get("configuration", "secret_key")
secret_key = get_secret_key(args.data_volume)
########
ui_secret = ''.join(random.choice(string.ascii_letters+string.digits) for i in range(16))
2016-02-01 12:59:10 +01:00
ui_config_dir = os.path.join(config_dir,"ui")
if not os.path.exists(ui_config_dir):
os.makedirs(os.path.join(config_dir, "ui"))
db_config_dir = os.path.join(config_dir, "db")
if not os.path.exists(db_config_dir):
os.makedirs(os.path.join(config_dir, "db"))
job_config_dir = os.path.join(config_dir, "jobservice")
if not os.path.exists(job_config_dir):
os.makedirs(job_config_dir)
2016-02-01 12:59:10 +01:00
def render(src, dest, **kw):
t = Template(open(src, 'r').read())
with open(dest, 'w') as f:
f.write(t.substitute(**kw))
2016-04-15 11:23:40 +02:00
print("Generated configuration file: %s" % dest)
2016-02-01 12:59:10 +01:00
ui_conf_env = os.path.join(config_dir, "ui", "env")
2016-04-15 11:23:40 +02:00
ui_conf = os.path.join(config_dir, "ui", "app.conf")
2016-02-01 12:59:10 +01:00
registry_conf = os.path.join(config_dir, "registry", "config.yml")
db_conf_env = os.path.join(config_dir, "db", "env")
job_conf_env = os.path.join(config_dir, "jobservice", "env")
2016-10-14 11:13:15 +02:00
nginx_conf = os.path.join(config_dir, "nginx", "nginx.conf")
cert_dir = os.path.join(config_dir, "nginx", "cert")
conf_files = [ ui_conf, ui_conf_env, registry_conf, db_conf_env, job_conf_env, nginx_conf, cert_dir ]
2016-04-20 09:08:21 +02:00
def rmdir(cf):
for f in cf:
2016-10-14 11:13:15 +02:00
if os.path.isdir(f):
rmdir(map(lambda x: os.path.join(f,x), os.listdir(f)))
elif os.path.exists(f) and os.path.basename(f) != ".gitignore":
print("Clearing the configuration file: %s" % f)
os.remove(f)
2016-04-20 09:08:21 +02:00
rmdir(conf_files)
2016-02-01 12:59:10 +01:00
2016-10-14 11:13:15 +02:00
if protocol == "https":
target_cert_path = os.path.join(cert_dir, os.path.basename(cert_path))
shutil.copy2(cert_path,target_cert_path)
target_cert_key_path = os.path.join(cert_dir, os.path.basename(cert_key_path))
shutil.copy2(cert_key_path,target_cert_key_path)
render(os.path.join(templates_dir, "nginx", "nginx.https.conf"),
nginx_conf,
ssl_cert = os.path.join("/etc/nginx/cert", os.path.basename(target_cert_path)),
ssl_cert_key = os.path.join("/etc/nginx/cert", os.path.basename(target_cert_key_path)))
else:
render(os.path.join(templates_dir, "nginx", "nginx.http.conf"),
nginx_conf)
2016-02-01 12:59:10 +01:00
render(os.path.join(templates_dir, "ui", "env"),
ui_conf_env,
hostname=hostname,
db_password=db_password,
2016-02-01 12:59:10 +01:00
ui_url=ui_url,
auth_mode=auth_mode,
2016-04-20 09:08:21 +02:00
harbor_admin_password=harbor_admin_password,
2016-02-01 12:59:10 +01:00
ldap_url=ldap_url,
2016-08-18 12:31:41 +02:00
ldap_searchdn =ldap_searchdn,
ldap_search_pwd =ldap_search_pwd,
ldap_basedn=ldap_basedn,
2016-08-18 12:31:41 +02:00
ldap_filter=ldap_filter,
ldap_uid=ldap_uid,
ldap_scope=ldap_scope,
self_registration=self_registration,
use_compressed_js=use_compressed_js,
2016-06-29 12:09:47 +02:00
ui_secret=ui_secret,
secret_key=secret_key,
2016-08-08 05:21:48 +02:00
verify_remote_cert=verify_remote_cert,
token_expiration=token_expiration)
2016-02-01 12:59:10 +01:00
render(os.path.join(templates_dir, "ui", "app.conf"),
ui_conf,
email_server=email_server,
email_server_port=email_server_port,
2016-04-20 09:08:21 +02:00
email_username=email_username,
email_password=email_password,
2016-02-01 12:59:10 +01:00
email_from=email_from,
email_ssl=email_ssl,
2016-02-01 12:59:10 +01:00
ui_url=ui_url)
render(os.path.join(templates_dir, "registry", "config.yml"),
registry_conf,
ui_url=ui_url)
render(os.path.join(templates_dir, "db", "env"),
db_conf_env,
db_password=db_password)
render(os.path.join(templates_dir, "jobservice", "env"),
job_conf_env,
db_password=db_password,
ui_secret=ui_secret,
max_job_workers=max_job_workers,
secret_key=secret_key,
2016-06-22 12:41:56 +02:00
ui_url=ui_url,
verify_remote_cert=verify_remote_cert)
2016-04-25 10:08:16 +02:00
def validate_crt_subj(dirty_subj):
subj_list = [item for item in dirty_subj.strip().split("/") \
if len(item.split("=")) == 2 and len(item.split("=")[1]) > 0]
return "/" + "/".join(subj_list)
FNULL = open(os.devnull, 'w')
from functools import wraps
def stat_decorator(func):
2016-05-09 12:50:04 +02:00
@wraps(func)
2016-04-25 10:08:16 +02:00
def check_wrapper(*args, **kwargs):
stat = func(*args, **kwargs)
message = "Generated configuration file: %s" % kwargs['path'] \
if stat == 0 else "Fail to generate %s" % kwargs['path']
print(message)
if stat != 0:
sys.exit(1)
return check_wrapper
@stat_decorator
def check_private_key_stat(*args, **kwargs):
return subprocess.call(["openssl", "genrsa", "-out", kwargs['path'], "4096"],\
stdout=FNULL, stderr=subprocess.STDOUT)
@stat_decorator
def check_certificate_stat(*args, **kwargs):
dirty_subj = "/C={0}/ST={1}/L={2}/O={3}/OU={4}/CN={5}/emailAddress={6}"\
.format(crt_country, crt_state, crt_location, crt_organization,\
crt_organizationalunit, crt_commonname, crt_email)
subj = validate_crt_subj(dirty_subj)
return subprocess.call(["openssl", "req", "-new", "-x509", "-key",\
private_key_pem, "-out", root_crt, "-days", "3650", "-subj", subj], \
stdout=FNULL, stderr=subprocess.STDOUT)
def openssl_is_installed(stat):
if stat == 0:
return True
else:
print("Cannot find openssl installed in this computer\nUse default SSL certificate file")
return False
if customize_crt == 'on':
2016-04-25 10:08:16 +02:00
shell_stat = subprocess.check_call(["which", "openssl"], stdout=FNULL, stderr=subprocess.STDOUT)
if openssl_is_installed(shell_stat):
private_key_pem = os.path.join(config_dir, "ui", "private_key.pem")
root_crt = os.path.join(config_dir, "registry", "root.crt")
crt_conf_files = [ private_key_pem, root_crt ]
rmdir(crt_conf_files)
2016-04-25 10:08:16 +02:00
check_private_key_stat(path=private_key_pem)
check_certificate_stat(path=root_crt)
FNULL.close()
2016-04-15 11:23:40 +02:00
print("The configuration files are ready, please use docker-compose to start the service.")