mirror of
https://github.com/goharbor/harbor.git
synced 2024-12-23 09:08:26 +01:00
automate scripts for notary(signer/server) docker images bases on photon 1.0, code is not based on 0.5.0
remove the binary temp folder, just keep on binary path.
This commit is contained in:
parent
e79334a445
commit
0aac7832eb
13
make/photon/notary/binary.Dockerfile
Normal file
13
make/photon/notary/binary.Dockerfile
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
FROM golang:1.7.3
|
||||||
|
|
||||||
|
ENV NOTARY_DIR /go/src/github.com/docker/notary
|
||||||
|
ENV NOTARYPKG github.com/docker/notary
|
||||||
|
|
||||||
|
COPY . /go/src/${NOTARYPKG}
|
||||||
|
WORKDIR /go/src/${NOTARYPKG}
|
||||||
|
|
||||||
|
RUN go build -tags pkcs11 \
|
||||||
|
-ldflags "-w -X ${NOTARYPKG}/version.GitCommit=`git rev-parse --short HEAD` -X ${NOTARYPKG}/version.NotaryVersion=`cat NOTARY_VERSION`" $NOTARYPKG/cmd/notary-server
|
||||||
|
|
||||||
|
RUN go build -tags pkcs11 \
|
||||||
|
-ldflags "-w -X ${NOTARYPKG}/version.GitCommit=`git rev-parse --short HEAD` -X ${NOTARYPKG}/version.NotaryVersion=`cat NOTARY_VERSION`" $NOTARYPKG/cmd/notary-signer
|
BIN
make/photon/notary/binary/notary-server
Executable file
BIN
make/photon/notary/binary/notary-server
Executable file
Binary file not shown.
BIN
make/photon/notary/binary/notary-signer
Executable file
BIN
make/photon/notary/binary/notary-signer
Executable file
Binary file not shown.
58
make/photon/notary/builder
Executable file
58
make/photon/notary/builder
Executable file
@ -0,0 +1,58 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
set +e
|
||||||
|
|
||||||
|
echo "Usage: #./builder [notary version] [registry username] [registry password]"
|
||||||
|
if [ -z $1 ]; then
|
||||||
|
error "Please set the 'version' variable"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
if [ -z $2 ]; then
|
||||||
|
error "Please set the 'photonversion' variable"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
if [ -z $3 ]; then
|
||||||
|
error "Please set the 'username' variable"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
|
VERSION="$1"
|
||||||
|
USERNAME="$2"
|
||||||
|
PASSWORD="$3"
|
||||||
|
SIGNER_PHOTONIMAGE=vmware/notary-photon:signer-$VERSION
|
||||||
|
SERVER_PHOTONIMAGE=vmware/notary-photon:server-$VERSION
|
||||||
|
|
||||||
|
set -e
|
||||||
|
|
||||||
|
# the temp folder to store binary file...
|
||||||
|
mkdir -p binary
|
||||||
|
rm -rf binary || true
|
||||||
|
|
||||||
|
cd `dirname $0`
|
||||||
|
cur=$PWD
|
||||||
|
|
||||||
|
# the temp folder to store notary source code...
|
||||||
|
TEMP=`mktemp -d /$TMPDIR/notary.XXXXXX`
|
||||||
|
git clone -b $VERSION https://github.com/docker/notary.git $TEMP
|
||||||
|
|
||||||
|
echo 'build the notary binary bases on the golang:1.7.3...'
|
||||||
|
cp binary.Dockerfile $TEMP
|
||||||
|
cd $TEMP
|
||||||
|
docker build -f binary.Dockerfile -t notary-golang $TEMP
|
||||||
|
|
||||||
|
echo 'copy the notary binary to local...'
|
||||||
|
ID=$(docker create notary-golang)
|
||||||
|
echo $ID
|
||||||
|
cd $cur
|
||||||
|
docker cp $ID:/go/src/github.com/docker/notary/notary-server binary
|
||||||
|
docker cp $ID:/go/src/github.com/docker/notary/notary-signer binary
|
||||||
|
|
||||||
|
docker rm -f $ID
|
||||||
|
docker rmi -f notary-golang
|
||||||
|
|
||||||
|
docker build -f server.Dockerfile -t $SERVER_PHOTONIMAGE .
|
||||||
|
docker build -f signer.Dockerfile -t $SIGNER_PHOTONIMAGE .
|
||||||
|
|
||||||
|
echo 'Push image to docker hub.'
|
||||||
|
../../pushimage.sh $PHOTONIMAGE $USERNAME $PASSWORD
|
BIN
make/photon/notary/migrate
Executable file
BIN
make/photon/notary/migrate
Executable file
Binary file not shown.
8
make/photon/notary/migrations/README.md
Normal file
8
make/photon/notary/migrations/README.md
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
# Database Migrations
|
||||||
|
|
||||||
|
This directory contains database migrations for the server and signer. They
|
||||||
|
are being managed using [this tool](https://github.com/mattes/migrate).
|
||||||
|
Within each of the server and signer directories are directories for different
|
||||||
|
database backends. Notary server and signer use GORM and are therefore
|
||||||
|
capable of running on a number of different databases, however migrations
|
||||||
|
may contain syntax specific to one backend.
|
63
make/photon/notary/migrations/migrate.sh
Executable file
63
make/photon/notary/migrations/migrate.sh
Executable file
@ -0,0 +1,63 @@
|
|||||||
|
#!/usr/bin/env sh
|
||||||
|
|
||||||
|
# When run in the docker containers, the working directory
|
||||||
|
# is the root of the repo.
|
||||||
|
|
||||||
|
iter=0
|
||||||
|
|
||||||
|
case $SERVICE_NAME in
|
||||||
|
notary_server)
|
||||||
|
MIGRATIONS_PATH=${MIGRATIONS_PATH:-migrations/server/mysql}
|
||||||
|
DB_URL=${DB_URL:-mysql://server@tcp(mysql:3306)/notaryserver}
|
||||||
|
# have to poll for DB to come up
|
||||||
|
until migrate -path=$MIGRATIONS_PATH -url=$DB_URL version
|
||||||
|
do
|
||||||
|
iter=$(( iter+1 ))
|
||||||
|
if [[ $iter -gt 30 ]]; then
|
||||||
|
echo "notaryserver database failed to come up within 30 seconds"
|
||||||
|
exit 1;
|
||||||
|
fi
|
||||||
|
echo "waiting for $DB_URL to come up."
|
||||||
|
sleep 1
|
||||||
|
done
|
||||||
|
pre=$(migrate -path=$MIGRATIONS_PATH -url="${DB_URL}" version)
|
||||||
|
if migrate -path=$MIGRATIONS_PATH -url="${DB_URL}" up ; then
|
||||||
|
post=$(migrate -path=$MIGRATIONS_PATH -url="${DB_URL}" version)
|
||||||
|
if [ "$pre" != "$post" ]; then
|
||||||
|
echo "notaryserver database migrated to latest version"
|
||||||
|
else
|
||||||
|
echo "notaryserver database already at latest version"
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
echo "notaryserver database migration failed"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
;;
|
||||||
|
notary_signer)
|
||||||
|
MIGRATIONS_PATH=${MIGRATIONS_PATH:-migrations/signer/mysql}
|
||||||
|
DB_URL=${DB_URL:-mysql://signer@tcp(mysql:3306)/notarysigner}
|
||||||
|
# have to poll for DB to come up
|
||||||
|
until migrate -path=$MIGRATIONS_PATH -url=$DB_URL up version
|
||||||
|
do
|
||||||
|
iter=$(( iter+1 ))
|
||||||
|
if [[ $iter -gt 30 ]]; then
|
||||||
|
echo "notarysigner database failed to come up within 30 seconds"
|
||||||
|
exit 1;
|
||||||
|
fi
|
||||||
|
echo "waiting for $DB_URL to come up."
|
||||||
|
sleep 1
|
||||||
|
done
|
||||||
|
pre=$(migrate -path=$MIGRATIONS_PATH -url="${DB_URL}" version)
|
||||||
|
if migrate -path=$MIGRATIONS_PATH -url="${DB_URL}" up ; then
|
||||||
|
post=$(migrate -path=$MIGRATIONS_PATH -url="${DB_URL}" version)
|
||||||
|
if [ "$pre" != "$post" ]; then
|
||||||
|
echo "notarysigner database migrated to latest version"
|
||||||
|
else
|
||||||
|
echo "notarysigner database already at latest version"
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
echo "notarysigner database migration failed"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
;;
|
||||||
|
esac
|
@ -0,0 +1,24 @@
|
|||||||
|
CREATE TABLE `timestamp_keys` (
|
||||||
|
`id` int(11) NOT NULL AUTO_INCREMENT,
|
||||||
|
`created_at` timestamp NULL DEFAULT NULL,
|
||||||
|
`updated_at` timestamp NULL DEFAULT NULL,
|
||||||
|
`deleted_at` timestamp NULL DEFAULT NULL,
|
||||||
|
`gun` varchar(255) NOT NULL,
|
||||||
|
`cipher` varchar(50) NOT NULL,
|
||||||
|
`public` blob NOT NULL,
|
||||||
|
PRIMARY KEY (`id`),
|
||||||
|
UNIQUE KEY `gun` (`gun`)
|
||||||
|
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
|
||||||
|
|
||||||
|
CREATE TABLE `tuf_files` (
|
||||||
|
`id` int(11) NOT NULL AUTO_INCREMENT,
|
||||||
|
`created_at` timestamp NULL DEFAULT NULL,
|
||||||
|
`updated_at` timestamp NULL DEFAULT NULL,
|
||||||
|
`deleted_at` timestamp NULL DEFAULT NULL,
|
||||||
|
`gun` varchar(255) NOT NULL,
|
||||||
|
`role` varchar(255) NOT NULL,
|
||||||
|
`version` int(11) NOT NULL,
|
||||||
|
`data` longblob NOT NULL,
|
||||||
|
PRIMARY KEY (`id`),
|
||||||
|
UNIQUE KEY `gun` (`gun`,`role`,`version`)
|
||||||
|
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
|
@ -0,0 +1,3 @@
|
|||||||
|
ALTER TABLE `timestamp_keys` ADD COLUMN `role` VARCHAR(255) NOT NULL, DROP KEY `gun`, ADD UNIQUE KEY `gun_role` (`gun`, `role`);
|
||||||
|
|
||||||
|
UPDATE `timestamp_keys` SET `role`="timestamp";
|
@ -0,0 +1,5 @@
|
|||||||
|
ALTER TABLE `tuf_files` ADD COLUMN `sha256` CHAR(64) DEFAULT NULL, ADD INDEX `sha256` (`sha256`);
|
||||||
|
|
||||||
|
-- SHA2 function takes the column name or a string as the first parameter, and the
|
||||||
|
-- hash size as the second argument. It returns a hex string.
|
||||||
|
UPDATE `tuf_files` SET `sha256` = SHA2(`data`, 256);
|
@ -0,0 +1 @@
|
|||||||
|
DROP TABLE IF EXISTS `timestamp_keys`;
|
@ -0,0 +1,36 @@
|
|||||||
|
CREATE TABLE `change_category` (
|
||||||
|
`category` VARCHAR(20) NOT NULL,
|
||||||
|
PRIMARY KEY (`category`)
|
||||||
|
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
|
||||||
|
|
||||||
|
INSERT INTO `change_category` VALUES ("update"), ("deletion");
|
||||||
|
|
||||||
|
CREATE TABLE `changefeed` (
|
||||||
|
`id` int(11) NOT NULL AUTO_INCREMENT,
|
||||||
|
`created_at` timestamp DEFAULT CURRENT_TIMESTAMP,
|
||||||
|
`gun` varchar(255) NOT NULL,
|
||||||
|
`version` int(11) NOT NULL,
|
||||||
|
`sha256` CHAR(64) DEFAULT NULL,
|
||||||
|
`category` VARCHAR(20) NOT NULL DEFAULT "update",
|
||||||
|
PRIMARY KEY (`id`),
|
||||||
|
FOREIGN KEY (`category`) REFERENCES `change_category` (`category`),
|
||||||
|
INDEX `idx_changefeed_gun` (`gun`)
|
||||||
|
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
|
||||||
|
|
||||||
|
INSERT INTO `changefeed` (
|
||||||
|
`created_at`,
|
||||||
|
`gun`,
|
||||||
|
`version`,
|
||||||
|
`sha256`
|
||||||
|
) (SELECT
|
||||||
|
`created_at`,
|
||||||
|
`gun`,
|
||||||
|
`version`,
|
||||||
|
`sha256`
|
||||||
|
FROM
|
||||||
|
`tuf_files`
|
||||||
|
WHERE
|
||||||
|
`role` = "timestamp"
|
||||||
|
ORDER BY
|
||||||
|
`created_at` ASC
|
||||||
|
);
|
@ -0,0 +1,16 @@
|
|||||||
|
CREATE TABLE `private_keys` (
|
||||||
|
`id` int(11) NOT NULL AUTO_INCREMENT,
|
||||||
|
`created_at` timestamp NULL DEFAULT NULL,
|
||||||
|
`updated_at` timestamp NULL DEFAULT NULL,
|
||||||
|
`deleted_at` timestamp NULL DEFAULT NULL,
|
||||||
|
`key_id` varchar(255) NOT NULL,
|
||||||
|
`encryption_alg` varchar(255) NOT NULL,
|
||||||
|
`keywrap_alg` varchar(255) NOT NULL,
|
||||||
|
`algorithm` varchar(50) NOT NULL,
|
||||||
|
`passphrase_alias` varchar(50) NOT NULL,
|
||||||
|
`public` blob NOT NULL,
|
||||||
|
`private` blob NOT NULL,
|
||||||
|
PRIMARY KEY (`id`),
|
||||||
|
UNIQUE KEY `key_id` (`key_id`),
|
||||||
|
UNIQUE KEY `key_id_2` (`key_id`,`algorithm`)
|
||||||
|
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
|
@ -0,0 +1 @@
|
|||||||
|
ALTER TABLE `private_keys` ADD COLUMN `gun` VARCHAR(255) NOT NULL, ADD COLUMN `role` VARCHAR(255) NOT NULL, ADD COLUMN `last_used` DATETIME NULL DEFAULT NULL;
|
8
make/photon/notary/server.Dockerfile
Normal file
8
make/photon/notary/server.Dockerfile
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
from library/photon:1.0
|
||||||
|
|
||||||
|
COPY ./binary/notary-server /bin/notary-server
|
||||||
|
COPY ./migrate /bin/migrate
|
||||||
|
COPY ./migrations/ /migrations/
|
||||||
|
|
||||||
|
ENV SERVICE_NAME=notary_server
|
||||||
|
ENTRYPOINT [ "notary-server" ]
|
8
make/photon/notary/signer.Dockerfile
Normal file
8
make/photon/notary/signer.Dockerfile
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
from library/photon:1.0
|
||||||
|
|
||||||
|
COPY ./binary/notary-signer /bin/notary-signer
|
||||||
|
COPY ./migrate /bin/migrate
|
||||||
|
COPY ./migrations/ /migrations/
|
||||||
|
|
||||||
|
ENV SERVICE_NAME=notary_signer
|
||||||
|
ENTRYPOINT [ "notary-signer" ]
|
Loading…
Reference in New Issue
Block a user