Add IPv6 support

* 127.0.0.1 to localhost
* listening net addr add ipv6 format

Signed-off-by: DQ <dengq@vmware.com>
This commit is contained in:
DQ 2021-05-13 17:16:53 +08:00 committed by Qian Deng
parent c4f4e6e7e1
commit 1b6b47f860
10 changed files with 39 additions and 34 deletions

View File

@ -20,4 +20,4 @@ ENTRYPOINT ["./docker-entrypoint.sh"]
VOLUME ["/chart_storage"]
HEALTHCHECK --interval=30s --timeout=10s --retries=3 CMD curl -sS http://127.0.0.1:9999/health || curl -k -sS https://127.0.0.1:9443/health || exit 1
HEALTHCHECK --interval=30s --timeout=10s --retries=3 CMD curl -sS http://localhost:9999/health || curl -k -sS https://localhost:9443/health || exit 1

View File

@ -2,7 +2,7 @@ ARG harbor_base_image_version
ARG harbor_base_namespace
FROM ${harbor_base_namespace}/harbor-core-base:${harbor_base_image_version}
HEALTHCHECK CMD curl --fail -s http://127.0.0.1:8080/api/v2.0/ping || curl -k --fail -s https://127.0.0.1:8443/api/v2.0/ping || exit 1
HEALTHCHECK CMD curl --fail -s http://localhost:8080/api/v2.0/ping || curl -k --fail -s https://localhost:8443/api/v2.0/ping || exit 1
COPY ./make/photon/common/install_cert.sh /harbor/
COPY ./make/photon/core/entrypoint.sh /harbor/
COPY ./make/photon/core/harbor_core /harbor/

View File

@ -19,6 +19,6 @@ USER harbor
VOLUME ["/var/log/jobs/"]
HEALTHCHECK CMD curl --fail -s http://127.0.0.1:8080/api/v1/stats || curl -sk --fail --key /etc/harbor/ssl/job_service.key --cert /etc/harbor/ssl/job_service.crt https://127.0.0.1:8443/api/v1/stats || exit 1
HEALTHCHECK CMD curl --fail -s http://localhost:8080/api/v1/stats || curl -sk --fail --key /etc/harbor/ssl/job_service.key --cert /etc/harbor/ssl/job_service.crt https://localhost:8443/api/v1/stats || exit 1
ENTRYPOINT ["/harbor/entrypoint.sh"]

View File

@ -6,7 +6,7 @@ VOLUME /var/cache/nginx /var/log/nginx /run
STOPSIGNAL SIGQUIT
HEALTHCHECK CMD curl --fail -s http://127.0.0.1:8080 || exit 1
HEALTHCHECK CMD curl --fail -s http://localhost:8080 || exit 1
USER nginx

View File

@ -38,7 +38,7 @@ VOLUME /var/cache/nginx /var/log/nginx /run
STOPSIGNAL SIGQUIT
HEALTHCHECK CMD curl --fail -s http://127.0.0.1:8080 || curl -k --fail -s https://127.0.0.1:8443 || exit 1
HEALTHCHECK CMD curl --fail -s http://localhost:8080 || curl -k --fail -s https://localhost:8443 || exit 1
USER nginx
CMD ["nginx", "-g", "daemon off;"]

View File

@ -22,6 +22,7 @@ services:
target: /etc/rsyslog.d/rsyslog_docker.conf
ports:
- 127.0.0.1:1514:10514
- ::1:1514:10514
networks:
- harbor
registry:
@ -67,7 +68,7 @@ services:
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
syslog-address: "tcp://localhost:1514"
tag: "registry"
registryctl:
image: goharbor/harbor-registryctl:{{version}}
@ -111,7 +112,7 @@ services:
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
syslog-address: "tcp://localhost:1514"
tag: "registryctl"
{% if external_database == False %}
postgresql:
@ -142,7 +143,7 @@ services:
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
syslog-address: "tcp://localhost:1514"
tag: "postgresql"
{% endif %}
core:
@ -208,7 +209,7 @@ services:
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
syslog-address: "tcp://localhost:1514"
tag: "core"
portal:
image: goharbor/harbor-portal:{{version}}
@ -241,7 +242,7 @@ services:
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
syslog-address: "tcp://localhost:1514"
tag: "portal"
jobservice:
@ -280,7 +281,7 @@ services:
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
syslog-address: "tcp://localhost:1514"
tag: "jobservice"
{% if external_redis == False %}
redis:
@ -308,7 +309,7 @@ services:
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
syslog-address: "tcp://localhost:1514"
tag: "redis"
{% endif %}
proxy:
@ -363,7 +364,7 @@ services:
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
syslog-address: "tcp://localhost:1514"
tag: "proxy"
{% if with_notary %}
notary-server:
@ -403,7 +404,7 @@ services:
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
syslog-address: "tcp://localhost:1514"
tag: "notary-server"
notary-signer:
image: goharbor/notary-signer-photon:{{notary_version}}
@ -444,7 +445,7 @@ services:
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
syslog-address: "tcp://localhost:1514"
tag: "notary-signer"
{% endif %}
{% if with_trivy %}
@ -483,7 +484,7 @@ services:
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
syslog-address: "tcp://localhost:1514"
tag: "trivy-adapter"
env_file:
./common/config/trivy-adapter/env
@ -527,7 +528,7 @@ services:
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
syslog-address: "tcp://localhost:1514"
tag: "chartmuseum"
env_file:
./common/config/chartserver/env
@ -554,7 +555,7 @@ services:
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
syslog-address: "tcp://localhost:1514"
tag: "exporter"
{% endif %}
networks:

View File

@ -11,7 +11,7 @@ RUN chown -R harbor:harbor /etc/pki/tls/certs \
&& chown harbor:harbor /home/harbor/install_cert.sh && chmod u+x /home/harbor/install_cert.sh \
&& chown harbor:harbor /usr/bin/registry_DO_NOT_USE_GC && chmod u+x /usr/bin/registry_DO_NOT_USE_GC
HEALTHCHECK CMD curl --fail -s http://127.0.0.1:5000 || curl -k --fail -s https://127.0.0.1:5443 || exit 1
HEALTHCHECK CMD curl --fail -s http://localhost:5000 || curl -k --fail -s https://localhost:5443 || exit 1
USER harbor

View File

@ -14,7 +14,7 @@ RUN chown -R harbor:harbor /etc/pki/tls/certs \
&& chown harbor:harbor /home/harbor/install_cert.sh && chmod u+x /home/harbor/install_cert.sh
HEALTHCHECK CMD curl --fail -s http://127.0.0.1:8080/api/health || curl -sk --fail --key /etc/harbor/ssl/registryctl.key --cert /etc/harbor/ssl/registryctl.crt https://127.0.0.1:8443/api/health || exit 1
HEALTHCHECK CMD curl --fail -s http://localhost:8080/api/health || curl -sk --fail --key /etc/harbor/ssl/registryctl.key --cert /etc/harbor/ssl/registryctl.crt https://localhost:8443/api/health || exit 1
VOLUME ["/var/lib/registry"]

View File

@ -16,7 +16,7 @@ RUN chown -R scanner:scanner /etc/pki/tls/certs \
&& chown scanner:scanner /home/scanner/bin/scanner-trivy && chmod u+x /home/scanner/bin/scanner-trivy \
&& chown scanner:scanner /home/scanner/install_cert.sh && chmod u+x /home/scanner/install_cert.sh
HEALTHCHECK --interval=30s --timeout=10s --retries=3 CMD curl --fail -s http://127.0.0.1:8080/probe/healthy || curl -k --fail -s https://127.0.0.1:8443/probe/healthy || exit 1
HEALTHCHECK --interval=30s --timeout=10s --retries=3 CMD curl --fail -s http://localhost:8080/probe/healthy || curl -k --fail -s https://localhost:8443/probe/healthy || exit 1
ENV TRIVY_VERSION=${trivy_version}

View File

@ -1,8 +1,12 @@
#!/usr/bin/env bash
# These certs file is only for Harbor testing.
IP='127.0.0.1'
if [ ! -z "$1" ]; then IP=$1; fi
CN='127.0.0.1'
IPV4_REGEX='((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])'
IPV6_REGEX='(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))'
TEMP_FILENAME='temp'
if [ ! -z "$1" ]; then CN=$1; fi
OPENSSLCNF=
DATA_VOL='/data'
CUR_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
@ -23,23 +27,23 @@ fi
# -x509 -days 365 -out $CUR_DIR/harbor_ca.crt -subj '/C=CN/ST=PEK/L=Bei Jing/O=VMware/CN=HarborCA'
# Generate a Certificate Signing Request
if echo $IP|grep -E '^([0-9]+\.){3}[0-9]+$' ; then
if [[ $CN =~ $IPV4_REGEX ]] || [[ $CN =~ $IPV6_REGEX ]] ; then
openssl req \
-newkey rsa:4096 -nodes -sha256 -keyout $IP.key \
-out $IP.csr -subj "/C=CN/ST=PEK/L=Bei Jing/O=VMware/CN=HarborManager"
echo subjectAltName = IP:$IP > extfile.cnf
-newkey rsa:4096 -nodes -sha256 -keyout $TEMP_FILENAME.key \
-out $TEMP_FILENAME.csr -subj "/C=CN/ST=PEK/L=Bei Jing/O=VMware/CN=HarborManager"
echo subjectAltName = IP:$CN > extfile.cnf
else
openssl req \
-newkey rsa:4096 -nodes -sha256 -keyout $IP.key \
-out $IP.csr -subj "/C=CN/ST=PEK/L=Bei Jing/O=VMware/CN=$IP"
echo subjectAltName = DNS.1:$IP > extfile.cnf
-newkey rsa:4096 -nodes -sha256 -keyout $TEMP_FILENAME.key \
-out $TEMP_FILENAME.csr -subj "/C=CN/ST=PEK/L=Bei Jing/O=VMware/CN=$CN"
echo subjectAltName = DNS.1:$CN > extfile.cnf
fi
# Generate the certificate of local registry host
openssl x509 -req -days 365 -sha256 -in $IP.csr -CA $CUR_DIR/harbor_ca.crt \
-CAkey $CUR_DIR/harbor_ca.key -CAcreateserial -extfile extfile.cnf -out $IP.crt
openssl x509 -req -days 365 -sha256 -in $TEMP_FILENAME.csr -CA $CUR_DIR/harbor_ca.crt \
-CAkey $CUR_DIR/harbor_ca.key -CAcreateserial -extfile extfile.cnf -out $TEMP_FILENAME.crt
# Copy to harbor default location
mkdir -p $DATA_VOL/cert
cp $IP.crt $DATA_VOL/cert/server.crt
cp $IP.key $DATA_VOL/cert/server.key
cp $TEMP_FILENAME.crt $DATA_VOL/cert/server.crt
cp $TEMP_FILENAME.key $DATA_VOL/cert/server.key