diff --git a/.travis.yml b/.travis.yml index fc1e3c3f94..d35e317755 100644 --- a/.travis.yml +++ b/.travis.yml @@ -19,7 +19,7 @@ env: MYSQL_PWD: root123 MYSQL_DATABASE: registry SQLITE_FILE: /tmp/registry.db - ADMIN_SERVER_URL: http://127.0.0.1:8888 + ADMINSERVER_URL: http://127.0.0.1:8888 DOCKER_COMPOSE_VERSION: 1.7.1 HARBOR_ADMIN: admin HARBOR_ADMIN_PASSWD: Harbor12345 diff --git a/make/common/nginx/Dockerfile b/make/common/nginx/Dockerfile index 1c63a5e3df..1c85bb5e68 100644 --- a/make/common/nginx/Dockerfile +++ b/make/common/nginx/Dockerfile @@ -4,10 +4,10 @@ RUN tdnf distro-sync -y || echo \ && tdnf install -y nginx \ && ln -sf /dev/stdout /var/log/nginx/access.log \ && ln -sf /dev/stderr /var/log/nginx/error.log \ - && mkdir -p /var/run \ && tdnf clean all EXPOSE 80 +VOLUME /var/cache/nginx /var/log/nginx /run STOPSIGNAL SIGQUIT CMD ["nginx", "-g", "daemon off;"] diff --git a/make/common/templates/adminserver/env b/make/common/templates/adminserver/env index a1b21104be..0b7c555bc5 100644 --- a/make/common/templates/adminserver/env +++ b/make/common/templates/adminserver/env @@ -1,3 +1,4 @@ +PORT=8080 LOG_LEVEL=debug EXT_ENDPOINT=$ui_url AUTH_MODE=$auth_mode @@ -42,5 +43,5 @@ RESET=false UAA_ENDPOINT=$uaa_endpoint UAA_CLIENTID=$uaa_clientid UAA_CLIENTSECRET=$uaa_clientsecret -UI_URL=http://ui -JOBSERVICE_URL=http://jobservice +UI_URL=http://ui:8080 +JOBSERVICE_URL=http://jobservice:8080 diff --git a/make/common/templates/clair/config.yaml b/make/common/templates/clair/config.yaml index b8f23748bf..c09dd25850 100644 --- a/make/common/templates/clair/config.yaml +++ b/make/common/templates/clair/config.yaml @@ -22,4 +22,4 @@ clair: attempts: 3 renotifyinterval: 2h http: - endpoint: http://ui/service/notifications/clair + endpoint: http://ui:8080/service/notifications/clair diff --git a/make/common/templates/jobservice/app.conf b/make/common/templates/jobservice/app.conf index 21439a8e16..d238cbf6e3 100644 --- a/make/common/templates/jobservice/app.conf +++ b/make/common/templates/jobservice/app.conf @@ -2,4 +2,4 @@ appname = jobservice runmode = dev [dev] -httpport = 80 +httpport = 8080 diff --git a/make/common/templates/jobservice/env b/make/common/templates/jobservice/env index c5e37fc0f1..e5ccac91eb 100644 --- a/make/common/templates/jobservice/env +++ b/make/common/templates/jobservice/env @@ -2,4 +2,5 @@ LOG_LEVEL=debug CONFIG_PATH=/etc/jobservice/app.conf UI_SECRET=$ui_secret JOBSERVICE_SECRET=$jobservice_secret +ADMINSERVER_URL=http://adminserver:8080 GODEBUG=netdns=cgo diff --git a/make/common/templates/nginx/nginx.http.conf b/make/common/templates/nginx/nginx.http.conf index 820544ca3f..9e4123a9de 100644 --- a/make/common/templates/nginx/nginx.http.conf +++ b/make/common/templates/nginx/nginx.http.conf @@ -18,7 +18,7 @@ http { } upstream ui { - server ui:80; + server ui:8080; } log_format timed_combined '$$remote_addr - ' diff --git a/make/common/templates/nginx/nginx.https.conf b/make/common/templates/nginx/nginx.https.conf index 703e41c9d3..d0b295b7aa 100644 --- a/make/common/templates/nginx/nginx.https.conf +++ b/make/common/templates/nginx/nginx.https.conf @@ -18,7 +18,7 @@ http { } upstream ui { - server ui:80; + server ui:8080; } log_format timed_combined '$$remote_addr - ' diff --git a/make/common/templates/registry/config.yml b/make/common/templates/registry/config.yml index 9049c6fa94..72c0db59ee 100644 --- a/make/common/templates/registry/config.yml +++ b/make/common/templates/registry/config.yml @@ -29,7 +29,7 @@ notifications: endpoints: - name: harbor disabled: false - url: http://ui/service/notifications + url: http://ui:8080/service/notifications timeout: 3000ms threshold: 5 backoff: 1s diff --git a/make/common/templates/ui/app.conf b/make/common/templates/ui/app.conf index 8e8f199b7a..6110364ca0 100644 --- a/make/common/templates/ui/app.conf +++ b/make/common/templates/ui/app.conf @@ -3,4 +3,4 @@ runmode = dev enablegzip = true [dev] -httpport = 80 +httpport = 8080 diff --git a/make/common/templates/ui/env b/make/common/templates/ui/env index d87c931059..1fffc2db1e 100644 --- a/make/common/templates/ui/env +++ b/make/common/templates/ui/env @@ -3,4 +3,5 @@ CONFIG_PATH=/etc/ui/app.conf UI_SECRET=$ui_secret JOBSERVICE_SECRET=$jobservice_secret GODEBUG=netdns=cgo +ADMINSERVER_URL=http://adminserver:8080 UAA_CA_ROOT=/etc/ui/certificates/uaa_ca.pem diff --git a/make/photon/adminserver/Dockerfile b/make/photon/adminserver/Dockerfile index 9028ce526b..898881411e 100644 --- a/make/photon/adminserver/Dockerfile +++ b/make/photon/adminserver/Dockerfile @@ -2,10 +2,13 @@ FROM vmware/photon:1.0 RUN tdnf erase vim -y \ && tdnf distro-sync -y || echo \ + && tdnf install -y sudo \ && tdnf clean all \ + && groupadd -r -g 10000 harbor && useradd --no-log-init -r -g 10000 -u 10000 harbor \ && mkdir /harbor/ -COPY ./make/dev/adminserver/harbor_adminserver /harbor/ +COPY ./make/dev/adminserver/harbor_adminserver ./make/photon/adminserver/start.sh /harbor/ +HEALTHCHECK CMD curl -s -o /dev/null -w "%{http_code}" 127.0.0.1:8080/api/configurations|grep 401 -RUN chmod u+x /harbor/harbor_adminserver +RUN chmod u+x /harbor/harbor_adminserver /harbor/start.sh WORKDIR /harbor/ -ENTRYPOINT ["/harbor/harbor_adminserver"] +ENTRYPOINT ["/harbor/start.sh"] diff --git a/make/photon/adminserver/start.sh b/make/photon/adminserver/start.sh new file mode 100644 index 0000000000..c4d9c4d8e5 --- /dev/null +++ b/make/photon/adminserver/start.sh @@ -0,0 +1,5 @@ +#!/bin/sh +if [ -d /etc/adminserver ]; then + chown -R 10000:10000 /etc/adminserver +fi +sudo -E -u \#10000 "/harbor/harbor_adminserver" diff --git a/make/photon/jobservice/Dockerfile b/make/photon/jobservice/Dockerfile index 2db2838939..ee3d353f7b 100644 --- a/make/photon/jobservice/Dockerfile +++ b/make/photon/jobservice/Dockerfile @@ -2,9 +2,13 @@ FROM vmware/photon:1.0 RUN mkdir /harbor/ \ && tdnf distro-sync -y || echo \ - && tdnf clean all -COPY ./make/dev/jobservice/harbor_jobservice /harbor/ + && tdnf install sudo -y \ + && tdnf clean all \ + && groupadd -r -g 10000 harbor && useradd --no-log-init -r -g 10000 -u 10000 harbor +HEALTHCHECK CMD curl -s -o /dev/null -w "%{http_code}" http://127.0.0.1:8080/api/jobs/replication/1/log|grep 401 -RUN chmod u+x /harbor/harbor_jobservice +COPY ./make/photon/jobservice/start.sh ./make/dev/jobservice/harbor_jobservice /harbor/ + +RUN chmod u+x /harbor/harbor_jobservice /harbor/start.sh WORKDIR /harbor/ -ENTRYPOINT ["/harbor/harbor_jobservice"] +ENTRYPOINT ["/harbor/start.sh"] diff --git a/make/photon/jobservice/start.sh b/make/photon/jobservice/start.sh new file mode 100644 index 0000000000..3fc4a6199b --- /dev/null +++ b/make/photon/jobservice/start.sh @@ -0,0 +1,9 @@ +#!/bin/sh +if [ -d /etc/jobservice/ ]; then + chown -R 10000:10000 /etc/jobservice/ +fi +if [ -d /var/log/jobs ]; then + chown -R 10000:10000 /var/log/jobs/ +fi +sudo -E -u \#10000 "/harbor/harbor_jobservice" + diff --git a/make/photon/ui/Dockerfile b/make/photon/ui/Dockerfile index 3d0050336c..aab6038eee 100644 --- a/make/photon/ui/Dockerfile +++ b/make/photon/ui/Dockerfile @@ -2,16 +2,17 @@ FROM vmware/photon:1.0 RUN tdnf distro-sync -y \ && tdnf erase vim -y \ + && tdnf install sudo -y \ && tdnf clean all \ + && groupadd -r -g 10000 harbor && useradd --no-log-init -r -g 10000 -u 10000 harbor \ && mkdir /harbor/ -COPY ./make/dev/ui/harbor_ui /harbor/ +HEALTHCHECK CMD curl -s -o /dev/null -w "%{http_code}" 127.0.0.1:8080/api/systeminfo|grep 200 +COPY ./make/dev/ui/harbor_ui ./src/favicon.ico ./make/photon/ui/start.sh ./VERSION /harbor/ COPY ./src/ui/views /harbor/views COPY ./src/ui/static /harbor/static -COPY ./src/favicon.ico /harbor/favicon.ico -COPY ./VERSION /harbor/VERSION -RUN chmod u+x /harbor/harbor_ui - +RUN chmod u+x /harbor/start.sh /harbor/harbor_ui WORKDIR /harbor/ -ENTRYPOINT ["/harbor/harbor_ui"] + +ENTRYPOINT ["/harbor/start.sh"] diff --git a/make/photon/ui/start.sh b/make/photon/ui/start.sh new file mode 100644 index 0000000000..6acfe61ec8 --- /dev/null +++ b/make/photon/ui/start.sh @@ -0,0 +1,6 @@ +#!/bin/sh +if [ -d /etc/ui/ ]; then + chown -R 10000:10000 /etc/ui/ +fi +sudo -E -u \#10000 "/harbor/harbor_ui" + diff --git a/src/common/utils/ldap/ldap_test.go b/src/common/utils/ldap/ldap_test.go index a0a58902c1..9dae96da75 100644 --- a/src/common/utils/ldap/ldap_test.go +++ b/src/common/utils/ldap/ldap_test.go @@ -72,8 +72,8 @@ func TestMain(t *testing.T) { } defer server.Close() - if err := os.Setenv("ADMIN_SERVER_URL", server.URL); err != nil { - t.Fatalf("failed to set env %s: %v", "ADMIN_SERVER_URL", err) + if err := os.Setenv("ADMINSERVER_URL", server.URL); err != nil { + t.Fatalf("failed to set env %s: %v", "ADMINSERVER_URL", err) } secretKeyPath := "/tmp/secretkey" diff --git a/src/common/utils/notary/helper.go b/src/common/utils/notary/helper.go index 772ba20619..63f9ae1cc6 100644 --- a/src/common/utils/notary/helper.go +++ b/src/common/utils/notary/helper.go @@ -36,7 +36,7 @@ import ( ) var ( - notaryCachePath = "/root/notary" + notaryCachePath = "/etc/ui/notary-cache" trustPin trustpinning.TrustPinConfig mockRetriever notary.PassRetriever ) diff --git a/src/common/utils/notary/helper_test.go b/src/common/utils/notary/helper_test.go index ee8065e013..2a898e8e70 100644 --- a/src/common/utils/notary/helper_test.go +++ b/src/common/utils/notary/helper_test.go @@ -47,7 +47,7 @@ func TestMain(m *testing.M) { panic(err) } defer adminServer.Close() - if err := os.Setenv("ADMIN_SERVER_URL", adminServer.URL); err != nil { + if err := os.Setenv("ADMINSERVER_URL", adminServer.URL); err != nil { panic(err) } if err := config.Init(); err != nil { diff --git a/src/jobservice/config/config.go b/src/jobservice/config/config.go index 1d82393a1b..674cd058da 100644 --- a/src/jobservice/config/config.go +++ b/src/jobservice/config/config.go @@ -45,7 +45,7 @@ func Init() error { //init key provider initKeyProvider() - adminServerURL := os.Getenv("ADMIN_SERVER_URL") + adminServerURL := os.Getenv("ADMINSERVER_URL") if len(adminServerURL) == 0 { adminServerURL = "http://adminserver" } @@ -163,7 +163,7 @@ func ExtEndpoint() (string, error) { // InternalTokenServiceEndpoint ... func InternalTokenServiceEndpoint() string { - return "http://ui/service/token" + return LocalUIURL() + "/service/token" } // ClairEndpoint returns the end point of clair instance, by default it's the one deployed within Harbor. diff --git a/src/jobservice/config/config_test.go b/src/jobservice/config/config_test.go index 746096d0a2..0f5743a6c1 100644 --- a/src/jobservice/config/config_test.go +++ b/src/jobservice/config/config_test.go @@ -30,8 +30,8 @@ func TestConfig(t *testing.T) { } defer server.Close() - if err := os.Setenv("ADMIN_SERVER_URL", server.URL); err != nil { - t.Fatalf("failed to set env %s: %v", "ADMIN_SERVER_URL", err) + if err := os.Setenv("ADMINSERVER_URL", server.URL); err != nil { + t.Fatalf("failed to set env %s: %v", "ADMINSERVER_URL", err) } secretKeyPath := "/tmp/secretkey" diff --git a/src/jobservice/job/job_test.go b/src/jobservice/job/job_test.go index 2fcc3e8440..ab52c9487a 100644 --- a/src/jobservice/job/job_test.go +++ b/src/jobservice/job/job_test.go @@ -55,8 +55,8 @@ func TestMain(m *testing.M) { log.Fatalf("failed to create a mock admin server: %v", err) } defer server.Close() - if err := os.Setenv("ADMIN_SERVER_URL", server.URL); err != nil { - log.Fatalf("failed to set env %s: %v", "ADMIN_SERVER_URL", err) + if err := os.Setenv("ADMINSERVER_URL", server.URL); err != nil { + log.Fatalf("failed to set env %s: %v", "ADMINSERVER_URL", err) } secretKeyPath := "/tmp/secretkey" _, err = test.GenerateKey(secretKeyPath) diff --git a/src/ui/auth/ldap/ldap_test.go b/src/ui/auth/ldap/ldap_test.go index 6563f4f687..fdbda990a0 100644 --- a/src/ui/auth/ldap/ldap_test.go +++ b/src/ui/auth/ldap/ldap_test.go @@ -71,8 +71,8 @@ func TestMain(t *testing.T) { } defer server.Close() - if err := os.Setenv("ADMIN_SERVER_URL", server.URL); err != nil { - t.Fatalf("failed to set env %s: %v", "ADMIN_SERVER_URL", err) + if err := os.Setenv("ADMINSERVER_URL", server.URL); err != nil { + t.Fatalf("failed to set env %s: %v", "ADMINSERVER_URL", err) } secretKeyPath := "/tmp/secretkey" diff --git a/src/ui/auth/uaa/uaa_test.go b/src/ui/auth/uaa/uaa_test.go index f79c1434d8..629d8bd773 100644 --- a/src/ui/auth/uaa/uaa_test.go +++ b/src/ui/auth/uaa/uaa_test.go @@ -33,8 +33,8 @@ func TestGetClient(t *testing.T) { } defer server.Close() - if err := os.Setenv("ADMIN_SERVER_URL", server.URL); err != nil { - t.Fatalf("failed to set env %s: %v", "ADMIN_SERVER_URL", err) + if err := os.Setenv("ADMINSERVER_URL", server.URL); err != nil { + t.Fatalf("failed to set env %s: %v", "ADMINSERVER_URL", err) } err = config.Init() if err != nil { diff --git a/src/ui/config/config.go b/src/ui/config/config.go index 4bb25e09fd..8d3d9c8bfe 100644 --- a/src/ui/config/config.go +++ b/src/ui/config/config.go @@ -62,7 +62,7 @@ func Init() error { //init key provider initKeyProvider() - adminServerURL := os.Getenv("ADMIN_SERVER_URL") + adminServerURL := os.Getenv("ADMINSERVER_URL") if len(adminServerURL) == 0 { adminServerURL = "http://adminserver" } diff --git a/src/ui/config/config_test.go b/src/ui/config/config_test.go index 8788b3f84b..60d0d86092 100644 --- a/src/ui/config/config_test.go +++ b/src/ui/config/config_test.go @@ -29,8 +29,8 @@ func TestConfig(t *testing.T) { } defer server.Close() - if err := os.Setenv("ADMIN_SERVER_URL", server.URL); err != nil { - t.Fatalf("failed to set env %s: %v", "ADMIN_SERVER_URL", err) + if err := os.Setenv("ADMINSERVER_URL", server.URL); err != nil { + t.Fatalf("failed to set env %s: %v", "ADMINSERVER_URL", err) } secretKeyPath := "/tmp/secretkey" diff --git a/src/ui/proxy/interceptor_test.go b/src/ui/proxy/interceptor_test.go index dda580cfae..0a5756c786 100644 --- a/src/ui/proxy/interceptor_test.go +++ b/src/ui/proxy/interceptor_test.go @@ -40,7 +40,7 @@ func TestMain(m *testing.M) { panic(err) } defer adminServer.Close() - if err := os.Setenv("ADMIN_SERVER_URL", adminServer.URL); err != nil { + if err := os.Setenv("ADMINSERVER_URL", adminServer.URL); err != nil { panic(err) } if err := config.Init(); err != nil { @@ -129,7 +129,7 @@ func TestPMSPolicyChecker(t *testing.T) { panic(err) } defer adminServer.Close() - if err := os.Setenv("ADMIN_SERVER_URL", adminServer.URL); err != nil { + if err := os.Setenv("ADMINSERVER_URL", adminServer.URL); err != nil { panic(err) } if err := config.Init(); err != nil { diff --git a/src/ui/service/token/token_test.go b/src/ui/service/token/token_test.go index 7410b506f0..2ef32dbe95 100644 --- a/src/ui/service/token/token_test.go +++ b/src/ui/service/token/token_test.go @@ -41,7 +41,7 @@ func TestMain(m *testing.M) { } defer server.Close() - if err := os.Setenv("ADMIN_SERVER_URL", server.URL); err != nil { + if err := os.Setenv("ADMINSERVER_URL", server.URL); err != nil { panic(err) } if err := config.Init(); err != nil { diff --git a/tests/docker-compose.test.yml b/tests/docker-compose.test.yml index cf5c3c6dc3..80a41289ba 100644 --- a/tests/docker-compose.test.yml +++ b/tests/docker-compose.test.yml @@ -33,4 +33,4 @@ services: - /data/secretkey:/etc/adminserver/key - /data/:/data/ ports: - - 8888:80 + - 8888:8080