mirror of
https://github.com/goharbor/harbor.git
synced 2024-12-23 00:57:44 +01:00
automate scripts for notary(signer/server) docker images bases on photon 1.0, code is not based on 0.5.0
remove the binary temp folder, just keep on binary path.
This commit is contained in:
parent
e79334a445
commit
0aac7832eb
13
make/photon/notary/binary.Dockerfile
Normal file
13
make/photon/notary/binary.Dockerfile
Normal file
@ -0,0 +1,13 @@
|
||||
FROM golang:1.7.3
|
||||
|
||||
ENV NOTARY_DIR /go/src/github.com/docker/notary
|
||||
ENV NOTARYPKG github.com/docker/notary
|
||||
|
||||
COPY . /go/src/${NOTARYPKG}
|
||||
WORKDIR /go/src/${NOTARYPKG}
|
||||
|
||||
RUN go build -tags pkcs11 \
|
||||
-ldflags "-w -X ${NOTARYPKG}/version.GitCommit=`git rev-parse --short HEAD` -X ${NOTARYPKG}/version.NotaryVersion=`cat NOTARY_VERSION`" $NOTARYPKG/cmd/notary-server
|
||||
|
||||
RUN go build -tags pkcs11 \
|
||||
-ldflags "-w -X ${NOTARYPKG}/version.GitCommit=`git rev-parse --short HEAD` -X ${NOTARYPKG}/version.NotaryVersion=`cat NOTARY_VERSION`" $NOTARYPKG/cmd/notary-signer
|
BIN
make/photon/notary/binary/notary-server
Executable file
BIN
make/photon/notary/binary/notary-server
Executable file
Binary file not shown.
BIN
make/photon/notary/binary/notary-signer
Executable file
BIN
make/photon/notary/binary/notary-signer
Executable file
Binary file not shown.
58
make/photon/notary/builder
Executable file
58
make/photon/notary/builder
Executable file
@ -0,0 +1,58 @@
|
||||
#!/bin/bash
|
||||
|
||||
set +e
|
||||
|
||||
echo "Usage: #./builder [notary version] [registry username] [registry password]"
|
||||
if [ -z $1 ]; then
|
||||
error "Please set the 'version' variable"
|
||||
exit 1
|
||||
fi
|
||||
if [ -z $2 ]; then
|
||||
error "Please set the 'photonversion' variable"
|
||||
exit 1
|
||||
fi
|
||||
if [ -z $3 ]; then
|
||||
error "Please set the 'username' variable"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
|
||||
VERSION="$1"
|
||||
USERNAME="$2"
|
||||
PASSWORD="$3"
|
||||
SIGNER_PHOTONIMAGE=vmware/notary-photon:signer-$VERSION
|
||||
SERVER_PHOTONIMAGE=vmware/notary-photon:server-$VERSION
|
||||
|
||||
set -e
|
||||
|
||||
# the temp folder to store binary file...
|
||||
mkdir -p binary
|
||||
rm -rf binary || true
|
||||
|
||||
cd `dirname $0`
|
||||
cur=$PWD
|
||||
|
||||
# the temp folder to store notary source code...
|
||||
TEMP=`mktemp -d /$TMPDIR/notary.XXXXXX`
|
||||
git clone -b $VERSION https://github.com/docker/notary.git $TEMP
|
||||
|
||||
echo 'build the notary binary bases on the golang:1.7.3...'
|
||||
cp binary.Dockerfile $TEMP
|
||||
cd $TEMP
|
||||
docker build -f binary.Dockerfile -t notary-golang $TEMP
|
||||
|
||||
echo 'copy the notary binary to local...'
|
||||
ID=$(docker create notary-golang)
|
||||
echo $ID
|
||||
cd $cur
|
||||
docker cp $ID:/go/src/github.com/docker/notary/notary-server binary
|
||||
docker cp $ID:/go/src/github.com/docker/notary/notary-signer binary
|
||||
|
||||
docker rm -f $ID
|
||||
docker rmi -f notary-golang
|
||||
|
||||
docker build -f server.Dockerfile -t $SERVER_PHOTONIMAGE .
|
||||
docker build -f signer.Dockerfile -t $SIGNER_PHOTONIMAGE .
|
||||
|
||||
echo 'Push image to docker hub.'
|
||||
../../pushimage.sh $PHOTONIMAGE $USERNAME $PASSWORD
|
BIN
make/photon/notary/migrate
Executable file
BIN
make/photon/notary/migrate
Executable file
Binary file not shown.
8
make/photon/notary/migrations/README.md
Normal file
8
make/photon/notary/migrations/README.md
Normal file
@ -0,0 +1,8 @@
|
||||
# Database Migrations
|
||||
|
||||
This directory contains database migrations for the server and signer. They
|
||||
are being managed using [this tool](https://github.com/mattes/migrate).
|
||||
Within each of the server and signer directories are directories for different
|
||||
database backends. Notary server and signer use GORM and are therefore
|
||||
capable of running on a number of different databases, however migrations
|
||||
may contain syntax specific to one backend.
|
63
make/photon/notary/migrations/migrate.sh
Executable file
63
make/photon/notary/migrations/migrate.sh
Executable file
@ -0,0 +1,63 @@
|
||||
#!/usr/bin/env sh
|
||||
|
||||
# When run in the docker containers, the working directory
|
||||
# is the root of the repo.
|
||||
|
||||
iter=0
|
||||
|
||||
case $SERVICE_NAME in
|
||||
notary_server)
|
||||
MIGRATIONS_PATH=${MIGRATIONS_PATH:-migrations/server/mysql}
|
||||
DB_URL=${DB_URL:-mysql://server@tcp(mysql:3306)/notaryserver}
|
||||
# have to poll for DB to come up
|
||||
until migrate -path=$MIGRATIONS_PATH -url=$DB_URL version
|
||||
do
|
||||
iter=$(( iter+1 ))
|
||||
if [[ $iter -gt 30 ]]; then
|
||||
echo "notaryserver database failed to come up within 30 seconds"
|
||||
exit 1;
|
||||
fi
|
||||
echo "waiting for $DB_URL to come up."
|
||||
sleep 1
|
||||
done
|
||||
pre=$(migrate -path=$MIGRATIONS_PATH -url="${DB_URL}" version)
|
||||
if migrate -path=$MIGRATIONS_PATH -url="${DB_URL}" up ; then
|
||||
post=$(migrate -path=$MIGRATIONS_PATH -url="${DB_URL}" version)
|
||||
if [ "$pre" != "$post" ]; then
|
||||
echo "notaryserver database migrated to latest version"
|
||||
else
|
||||
echo "notaryserver database already at latest version"
|
||||
fi
|
||||
else
|
||||
echo "notaryserver database migration failed"
|
||||
exit 1
|
||||
fi
|
||||
;;
|
||||
notary_signer)
|
||||
MIGRATIONS_PATH=${MIGRATIONS_PATH:-migrations/signer/mysql}
|
||||
DB_URL=${DB_URL:-mysql://signer@tcp(mysql:3306)/notarysigner}
|
||||
# have to poll for DB to come up
|
||||
until migrate -path=$MIGRATIONS_PATH -url=$DB_URL up version
|
||||
do
|
||||
iter=$(( iter+1 ))
|
||||
if [[ $iter -gt 30 ]]; then
|
||||
echo "notarysigner database failed to come up within 30 seconds"
|
||||
exit 1;
|
||||
fi
|
||||
echo "waiting for $DB_URL to come up."
|
||||
sleep 1
|
||||
done
|
||||
pre=$(migrate -path=$MIGRATIONS_PATH -url="${DB_URL}" version)
|
||||
if migrate -path=$MIGRATIONS_PATH -url="${DB_URL}" up ; then
|
||||
post=$(migrate -path=$MIGRATIONS_PATH -url="${DB_URL}" version)
|
||||
if [ "$pre" != "$post" ]; then
|
||||
echo "notarysigner database migrated to latest version"
|
||||
else
|
||||
echo "notarysigner database already at latest version"
|
||||
fi
|
||||
else
|
||||
echo "notarysigner database migration failed"
|
||||
exit 1
|
||||
fi
|
||||
;;
|
||||
esac
|
@ -0,0 +1,24 @@
|
||||
CREATE TABLE `timestamp_keys` (
|
||||
`id` int(11) NOT NULL AUTO_INCREMENT,
|
||||
`created_at` timestamp NULL DEFAULT NULL,
|
||||
`updated_at` timestamp NULL DEFAULT NULL,
|
||||
`deleted_at` timestamp NULL DEFAULT NULL,
|
||||
`gun` varchar(255) NOT NULL,
|
||||
`cipher` varchar(50) NOT NULL,
|
||||
`public` blob NOT NULL,
|
||||
PRIMARY KEY (`id`),
|
||||
UNIQUE KEY `gun` (`gun`)
|
||||
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
|
||||
|
||||
CREATE TABLE `tuf_files` (
|
||||
`id` int(11) NOT NULL AUTO_INCREMENT,
|
||||
`created_at` timestamp NULL DEFAULT NULL,
|
||||
`updated_at` timestamp NULL DEFAULT NULL,
|
||||
`deleted_at` timestamp NULL DEFAULT NULL,
|
||||
`gun` varchar(255) NOT NULL,
|
||||
`role` varchar(255) NOT NULL,
|
||||
`version` int(11) NOT NULL,
|
||||
`data` longblob NOT NULL,
|
||||
PRIMARY KEY (`id`),
|
||||
UNIQUE KEY `gun` (`gun`,`role`,`version`)
|
||||
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
|
@ -0,0 +1,3 @@
|
||||
ALTER TABLE `timestamp_keys` ADD COLUMN `role` VARCHAR(255) NOT NULL, DROP KEY `gun`, ADD UNIQUE KEY `gun_role` (`gun`, `role`);
|
||||
|
||||
UPDATE `timestamp_keys` SET `role`="timestamp";
|
@ -0,0 +1,5 @@
|
||||
ALTER TABLE `tuf_files` ADD COLUMN `sha256` CHAR(64) DEFAULT NULL, ADD INDEX `sha256` (`sha256`);
|
||||
|
||||
-- SHA2 function takes the column name or a string as the first parameter, and the
|
||||
-- hash size as the second argument. It returns a hex string.
|
||||
UPDATE `tuf_files` SET `sha256` = SHA2(`data`, 256);
|
@ -0,0 +1 @@
|
||||
DROP TABLE IF EXISTS `timestamp_keys`;
|
@ -0,0 +1,36 @@
|
||||
CREATE TABLE `change_category` (
|
||||
`category` VARCHAR(20) NOT NULL,
|
||||
PRIMARY KEY (`category`)
|
||||
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
|
||||
|
||||
INSERT INTO `change_category` VALUES ("update"), ("deletion");
|
||||
|
||||
CREATE TABLE `changefeed` (
|
||||
`id` int(11) NOT NULL AUTO_INCREMENT,
|
||||
`created_at` timestamp DEFAULT CURRENT_TIMESTAMP,
|
||||
`gun` varchar(255) NOT NULL,
|
||||
`version` int(11) NOT NULL,
|
||||
`sha256` CHAR(64) DEFAULT NULL,
|
||||
`category` VARCHAR(20) NOT NULL DEFAULT "update",
|
||||
PRIMARY KEY (`id`),
|
||||
FOREIGN KEY (`category`) REFERENCES `change_category` (`category`),
|
||||
INDEX `idx_changefeed_gun` (`gun`)
|
||||
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
|
||||
|
||||
INSERT INTO `changefeed` (
|
||||
`created_at`,
|
||||
`gun`,
|
||||
`version`,
|
||||
`sha256`
|
||||
) (SELECT
|
||||
`created_at`,
|
||||
`gun`,
|
||||
`version`,
|
||||
`sha256`
|
||||
FROM
|
||||
`tuf_files`
|
||||
WHERE
|
||||
`role` = "timestamp"
|
||||
ORDER BY
|
||||
`created_at` ASC
|
||||
);
|
@ -0,0 +1,16 @@
|
||||
CREATE TABLE `private_keys` (
|
||||
`id` int(11) NOT NULL AUTO_INCREMENT,
|
||||
`created_at` timestamp NULL DEFAULT NULL,
|
||||
`updated_at` timestamp NULL DEFAULT NULL,
|
||||
`deleted_at` timestamp NULL DEFAULT NULL,
|
||||
`key_id` varchar(255) NOT NULL,
|
||||
`encryption_alg` varchar(255) NOT NULL,
|
||||
`keywrap_alg` varchar(255) NOT NULL,
|
||||
`algorithm` varchar(50) NOT NULL,
|
||||
`passphrase_alias` varchar(50) NOT NULL,
|
||||
`public` blob NOT NULL,
|
||||
`private` blob NOT NULL,
|
||||
PRIMARY KEY (`id`),
|
||||
UNIQUE KEY `key_id` (`key_id`),
|
||||
UNIQUE KEY `key_id_2` (`key_id`,`algorithm`)
|
||||
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
|
@ -0,0 +1 @@
|
||||
ALTER TABLE `private_keys` ADD COLUMN `gun` VARCHAR(255) NOT NULL, ADD COLUMN `role` VARCHAR(255) NOT NULL, ADD COLUMN `last_used` DATETIME NULL DEFAULT NULL;
|
8
make/photon/notary/server.Dockerfile
Normal file
8
make/photon/notary/server.Dockerfile
Normal file
@ -0,0 +1,8 @@
|
||||
from library/photon:1.0
|
||||
|
||||
COPY ./binary/notary-server /bin/notary-server
|
||||
COPY ./migrate /bin/migrate
|
||||
COPY ./migrations/ /migrations/
|
||||
|
||||
ENV SERVICE_NAME=notary_server
|
||||
ENTRYPOINT [ "notary-server" ]
|
8
make/photon/notary/signer.Dockerfile
Normal file
8
make/photon/notary/signer.Dockerfile
Normal file
@ -0,0 +1,8 @@
|
||||
from library/photon:1.0
|
||||
|
||||
COPY ./binary/notary-signer /bin/notary-signer
|
||||
COPY ./migrate /bin/migrate
|
||||
COPY ./migrations/ /migrations/
|
||||
|
||||
ENV SERVICE_NAME=notary_signer
|
||||
ENTRYPOINT [ "notary-signer" ]
|
Loading…
Reference in New Issue
Block a user