Merge pull request #5640 from wy65701436/deprecate-ova

deprecate ova for harbor repository
This commit is contained in:
Daniel Jiang 2018-08-24 13:38:42 +08:00 committed by GitHub
commit 1d4f991901
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
62 changed files with 2 additions and 879 deletions

View File

@ -1,36 +0,0 @@
# Harbor OVA drone.
---
workspace:
base: /drone
path: src/github.com/vmware/harbor
pipeline:
clone:
image: plugins/git
tags: true
recursive: false
integration-test-on-pr:
image: vmware/harbor-e2e-engine:1.39
pull: true
privileged: true
environment:
BIN: bin
GOPATH: /drone
SHELL: /bin/bash
LOG_TEMP_DIR: install-logs
HARBOR_ADMIN: ${HARBOR_ADMIN}
HARBOR_PASSWORD: ${HARBOR_PASSWORD}
DHCP: ${DHCP}
PROTOCOL: ${PROTOCOL}
USER: ${USER}
PASSWORD: ${PASSWORD}
HOST: ${HOST}
DATASTORE: ${DATASTORE}
CLUSTER: ${CLUSTER}
DATACENTER: ${DATACERTER}
commands:
- tests/integration_ova.sh
when:
status: success

View File

@ -1,104 +0,0 @@
# Expand the Hard Disk of Virtual Appliance
If you install Harbor with OVA, the persistent data(such as images and database) is stored in a hard disk which is mounted on directory "/data", and the default size is 60GB. As more and more images are pushed into it, the capacity may not meet your requirements.
You can check the space on Harbor web UI by clicking on **Projects**:
![lvm](img/lvm/check_on_ui_01.png)
If your free space is running out, you can expand the size of the hard disk by the following steps:
1. Add New Hard Disk to VM
(1) Log in vSphere web client. Power off Harbor's virtual appliance.
(2) Right click on the VM and select "Edit Settings".
(3) Select "New Hard Disk", and click "OK".
![lvm](img/lvm/add_new_hard_disk.png)
We add a 10GB new hard disk to show the operations.
(4) Power on the VM.
2. Expand Hard Disk using LVM
Login from the console of the virtual appliance and run the following commands:
(1) Check the current size of "/data":
```sh
df -h /data
```
![lvm](img/lvm/size_of_data_01.png)
(2) Find the new hard disk, e.g. "/dev/sdc". Replace all "/dev/sdc" with your disk in the following commands.
```sh
fdisk -l
```
![lvm](img/lvm/find_the_new_harddisk.png)
(3) Create new physical volume:
```sh
pvcreate /dev/sdc
```
(4) Check the volume group:
```sh
vgdisplay
```
![lvm](img/lvm/vg_01.png)
(5) Expand the volume group:
```sh
vgextend data1_vg /dev/sdc
```
(6) Check the volume group again:
```sh
vgdisplay
```
![lvm](img/lvm/vg_02.png)
(7) Check the logical volume:
```sh
lvdisplay
```
![lvm](img/lvm/lv_01.png)
(8) Resize the logical volume:
```sh
lvresize -l +100%FREE /dev/data1_vg/data
```
![lvm](img/lvm/resize_lv.png)
(9) Check the logical volume again, note the change of "LV Size":
```sh
lvdisplay
```
![lvm](img/lvm/lv_02.png)
(10) Resize the file system:
```sh
resize2fs /dev/data1_vg/data
```
(11) Check the size "/data" again:
```sh
df -h /data
```
![lvm](img/lvm/size_of_data_02.png)
You can also check the size on Harbor web UI:
![lvm](img/lvm/check_on_ui.png)
After that, your disk should be expanded successfully. If you want to add more hard disks, do the steps again.

Binary file not shown.

Before

Width:  |  Height:  |  Size: 78 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 70 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 70 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 40 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 25 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 25 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 12 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 9.6 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 9.6 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 26 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 26 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 17 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 126 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 110 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 25 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 31 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 50 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 31 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 35 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 31 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 46 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 41 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 128 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 37 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 260 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 97 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 265 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 104 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 105 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 277 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 276 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 164 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 121 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 138 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 151 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 341 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 255 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 126 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 74 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 114 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 131 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 162 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 272 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 116 KiB

View File

@ -1,117 +0,0 @@
# Deploying Harbor from OVA
**Prerequisites**
- Download the build of the OVA installer from the **[official release](https://github.com/vmware/harbor/releases)** page.
- Import the appliance to a vCenter Server instance. Deploying the appliance directly on an ESXi host is not supported.
- The system requirements are as follows:
- vCenter Server 6.0 or 6.5.
- ESXi 6.0 or 6.5 for all hosts.
- 2 vCPUs or more.
- 8GB RAM or more.
- At least 80GB free disk space on the datastore.
- Ensure that vCenter user has the following privileges:
- Datastore > Allocate space
- Datastore > Low level file Operations
- Folder > Create Folder
- Folder > Delete Folder
- Network > Assign network
- Resource > Assign virtual machine to resource pool
- Virtual machine > Configuration > Add new disk
- Virtual Machine > Configuration > Add existing disk
- Virtual Machine > Configuration > Add or remove device
- Virtual Machine > Configuration > Change CPU count
- Virtual Machine > Configuration > Change resource
- Virtual Machine > Configuration > Memory
- Virtual Machine > Configuration > Modify device settings
- Virtual Machine > Configuration > Remove disk
- Virtual Machine > Configuration > Rename
- Virtual Machine > Configuration > Settings
- Virtual machine > Configuration > Advanced
- Virtual Machine > Interaction > Power off
- Virtual Machine > Interaction > Power on
- Virtual Machine > Inventory > Create from existing
- Virtual Machine > Inventory > Create new
- Virtual Machine > Inventory > Remove
- Virtual Machine > Provisioning > Clone virtual machine
- Virtual Machine > Provisioning > Customize
- Virtual Machine > Provisioning > Read customization specifications
- vApp > Import
- Profile-driven storage -> Profile-driven storage view
- Ensure that all vCenter Server instances and ESXi hosts in the environment in which you are deploying the appliance have network time protocol (NTP) running. Running NTP prevents problems arising from clock skew between Harbor and its clients.
- Use the Flex-based vSphere Web Client to deploy the appliance. You cannot deploy Harbor OVA file from the HTML5 vSphere Client or from the legacy Windows client.
**Procedure**
1. In the vSphere Web Client, right-click a host in the vCenter Server inventory, select **Deploy OVF template**
![Screenshot of Deploy OVF template](img/ovainstall/DeployOVFmenu.png)
2. Select template: navigate to the OVA file or input the URL of the ova file in URL field.
![Screenshot of Import ova](img/ovainstall/importova.png)
3. Follow the installer prompts to perform basic configuration of the appliance and to select the vSphere resources for it to use.
- Accept or modify the appliance name.
- Select the destination datacenter or folder:
![Screenshot of appliance name](img/ovainstall/namelocation.png)
- Select the destination host, cluster, or resource pool:
![Screenshot of resource pool](img/ovainstall/resource.png)
- Select the disk format and the destination datastore:
![Screenshot of datastore](img/ovainstall/datastore.png)
- Select the network that the appliance connects to:
![Screenshot of network](img/ovainstall/network.png)
4. On the **Customize template** page, configure Harbors SSL certificates. There are two options for SSL: auto-generated certificate and customized certificate.
- Auto-generated certificate. Leave blank the fields of CA Certificate, Server Certificate and Server Key. Go to Step 5.
- Customized certificate. If you need to customize Harbor CA Certificate, Server Certificate and Server Key, copy and paste in the content of those files into the corresponding text boxes. Remember to include all content of the files. Because the Harbor OVA is launched with Full Qualified Domain Name (FQDN), the certificate should be generated with FQDN of the host. The host should be configured with the same FQDN in Step 7.
![Screenshot of customize cert](img/ovainstall/custom_cert.png)
5. In the section of Harbor Configuration, select the Authentication Mode and set the Administrator Password. If Authentication Mode is set to ldap_auth, LDAP configuration in the next section is required. **Note:** The ldap_auth mode is for both LDAP server and Active Directory.
![Screenshot of customizing harbor](img/ovainstall/customizeharbor.png)
If the Authentication Mode is set to ldap_auth, you need to configure Harbor's LDAP settings:
- LDAP Base DN: The base DN to look up users.
- LDAP UID: The attribute to match a user, such as uid, cn, email or other attributes.
- LDAP URL: The URL for LDAP endpoint.
- Search DN: The user's DN who has the permission to search the LDAP server.
- Search DN Password: The password for search DN.
- Search Filter: The filter to search users.
- Search Scope: The scope to search users.
![Screenshot of customizing LDAP](img/ovainstall/customizeldap.png)
Refer to **[Harbor's Installation Guide](installation_guide.md)** for more information about these settings.
6. On the **Customize template** page, under **System**, set the root password for the appliance VM and the option for **Permit Root Login**.
Setting the root password for the appliance is mandatory.
- If you want to have SSH access to the Harbor appliance for troubleshooting, set **Permit Root Login** to true.
![Screenshot of customizing template system](img/ovainstall/system.png)
7. Expand **Networking Properties** and optionally configure a static IP address for the appliance VM.
- To use DHCP, leave the **Networking Properties** blank.
- If a customized SSL certificate is configured, you need to configure Domain Name the same as the FQDN of the certificate in Step 4.
![Screenshot of network detail](img/ovainstall/network2.png)
**IMPORTANT**: If you set a static IP address for the appliance, use spaces to separate DNS servers. Do not use comma separation for DNS servers.
8. When the deployment completes, refresh the current page and power on the appliance VM. It will take several minutes after powering on as it needs to load Docker images. 
![Screenshot of power on](img/ovainstall/poweron.png)
Go to the **Summary** tab of the appliance VM and note the DNS Name.
9. (Optional) If you provided a static network configuration, view the network status of the appliance.
1. In the **Summary** tab of the appliance VM, launch the VM console.
2. In the VM console, press the right arrow key.
The network status shows whether the network settings that you provided during the deployment match the settings with which the appliance is running. If there are mismatches, power off the appliance and select **Edit Settings** > **vApp Options** to correct the network settings.
10. In a browser, go to https://*<DNS Name>*. The *<DNS Name>* is noted in Step 7. When prompted, enter the username admin and the password of admin set in Step 4. 
![Screenshot of login harbor](img/ovainstall/login.png)
If everything worked properly, you should see the administration console. Refer to **[Harbor User Guide](user_guide.md)** for how to use Harbor.
![Screenshot of after login](img/ovainstall/afterlogin.png)
To migrate Harbor OVA, please refer [migrate OVA guide](migrate_ova_guide.md)
To extend the data disk in Harbor OVA, please refer [Expand the Hard Disk of Virtual Appliance](expand_hard_disk.md)
Please run "tdnf distro-sync" command from time to time to keep the OS up to date.

View File

@ -5,8 +5,6 @@ Harbor can be installed by one of three approaches:
- **Offline installer:** Use this installer when the host does not have an Internet connection. The installer contains pre-built images so its size is larger.
- **OVA installer:** Use this installer when user have a vCenter environment, Harbor is launched after OVA deployed. Detail information please refer **[Harbor OVA install guide](install_guide_ova.md)**
All installers can be downloaded from the **[official release](https://github.com/goharbor/harbor/releases)** page.
This guide describes the steps to install and configure Harbor by using the online or offline installer. The installation processes are almost the same.

View File

@ -1,42 +0,0 @@
# Harbor OVA upgrade and database migration guide
This guide is limited to migrate a Harbor OVA instance to a next release. All Harbor data storeage settings is not manually changed after the existing Harbor OVA deployed.
**Steps to migrate Harbor OVA instances:**
1. Before migration, you need to note down these following items:
- Note down the value of db_password in /data/harbor.cfg.
- **"Networking properties"** if need to keep these settings. you can find them in **"Edit Settings"** -> **"vApp Options"**
![Screenshot of vApp Options](img/ovainstall/vappoptions.png)
2. Use pvscan command to check disks in logical volume "data1_vg". Note down all location of disk files in logical volume "data1_vg".
![Screenshot of pvscan](img/ovainstall/pvscan.png)
In the vSphere Web Client, Select **"Shut Down Guest OS"** on the existing OVA instances, then select **"Edit Settings"**, remove the **"Hard disk 2"**, uncheck **"Delete files from datastore"**. All disks in the logical volume "data1_vg" should be removed if the original logic volume have been extended.
Usually, the sda is the Hard Disk1 in the **"Edit Settings"** pannel, and the sdb is Hard Disk2 and so on.
![Screenshot of Remove Disk](img/ovainstall/removedisk.png)
3. Deploy a new Harbor OVA instances. You may use different settings or keep same settings.
| Configuration Section Name |Use Different Settings | Keep Same Settings |
|-------------------------------- | ------------------|--------------------------------------------- |
| Certificates | Leave blank to use auto-generated certificates or paste in new certificates |Replace files in /data/ca_download and /data/cert with backup files in the same path of prevous Harbor instance and restart Harbor OVA after migration |
| Harbor Configuration | N/A |Input a random administrator password to bypass the data validation, it uses previous settings after migration |
| LDAP Configuration | N/A |Leave blank, it uses previous settings after migration |
| Networking Properties | Input new settings | Input previous settings |
| System | Input new settings | Input previous settings |
4. Copy all disk files of logic volume "data1_vg" in Step 2 to the new Harbor OVA's folder in vSphere's datastore.
5. Before powering on the new Harbor OVA instances, select **"Edit Settings"**, after remove the "Hard disk 2", then click **" Existing Hard Disk"** in **"New Device"**, let it point to the disk file copied in Step 4. Please add all disk files in the same order with previous OVA instance.
6. Power on the new OVA instance, login to the console and run following commands:
```
chmod 700 /migrate_OVA.sh
/migrate_OVA.sh
```
When prompt, input the value of db_password that note down in Step 1.
7. After the script is complete, visit URL: https://*<DNS Name>* to verify the new Harbor OVA instance. the administrator's password is the same password of previous Harbor instance.

View File

@ -13,8 +13,6 @@ When upgrading your existing Habor instance to a newer version, you may need to
- You must back up your data before any data migration.
- To migrate harbor OVA, please refer [migrate OVA guide](migrate_ova_guide.md)
### Upgrading Harbor and migrating data
1. Log in to the host that Harbor runs on, stop and remove existing Harbor instance if it is still running:

View File

@ -2297,10 +2297,9 @@ paths:
description: Unexpected internal errors.
/systeminfo/getcert:
get:
summary: Get default root certificate under OVA deployment.
summary: Get default root certificate.
description: >
This endpoint is for downloading a default root certificate that only
provides for admin user under OVA deployment.
This endpoint is for downloading a default root certificate.
tags:
- Products
responses:

View File

@ -1,36 +0,0 @@
#!/bin/bash
# Copyright 2017 VMware, Inc. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
set -x
gsutil version -l
set +x
container_ip=`ip addr s eth0 |grep "inet "|awk '{print $2}' |awk -F "/" '{print $1}'`
echo $container_ip
ova_url="$(python /auto-ova/ova.py)"
echo $ova_url
## --------------------------------------------- Init Env -------------------------------------------------
# Start Xvfb for Chrome headlesss
Xvfb -ac :99 -screen 0 1280x1024x16 & export DISPLAY=:99
## --------------------------------------------- Run -------------------------------------------------
pybot -v ip:$container_ip -v ova_url:$ova_url --include OVA tests/robot-cases/Group5-OVA-install-config/5-00-OVA-BAT.robot
## --------------------------------------------- Tear Down -------------------------------------------------
rc="$?"
echo $rc
exit $rc

View File

@ -685,11 +685,3 @@ Test Case - Scan Image On Push
Go Into Repo memcached
Summary Chart Should Display latest
Close Browser
#Test Case - OVA reboot
# Reboot VM ${vm_name} ${vc_host} ${vc_user} ${vc_password}
# Wait for Harbor Ready https ${ip}
#Test Case - OVA reset
# Reset VM ${vm_name} ${vc_host} ${vc_user} ${vc_password}
# Wait for Harbor Ready https ${ip}

View File

@ -1,7 +0,0 @@
#!/bin/bash
echo "docker-compose version 1.7.1"
cd "$( dirname "${BASH_SOURCE[0]}" )"
cp ./docker-compose-Linux-x86_64 /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose

View File

@ -1,15 +0,0 @@
#!/usr/bin/env bash
tdnf install -y docker
systemctl enable docker.service
mkdir -p /var/log/harbor
echo "Downloading harbor..."
wget -O /ova.tar.gz http://10.117.5.62/ISV/appliancePackages/ova.tar.gz
echo "Downloading notice file..."
wget -O /NOTICE_Harbor_0.4.1_Beta.txt http://10.117.5.62/ISV/appliancePackages/NOTICE_Harbor_0.4.1_Beta.txt
echo "Downloading license file..."
wget -O /LICENSE_Harbor_0.4.1_Beta_100216.txt http://10.117.5.62/ISV/appliancePackages/LICENSE_Harbor_0.4.1_Beta_100216.txt

View File

@ -1,45 +0,0 @@
#!/bin/bash
outputdir=/tmp
outputfolder=harbor_logs
dir=$outputdir/$outputfolder
mkdir -p $dir
echo "Version" >> $dir/docker
docker version >> $dir/docker
printf "\n\nInfo\n" >> $dir/docker
docker info >> $dir/docker
printf "\n\nImages\n" >> $dir/docker
docker images >> $dir/docker
printf "\n\nRunning containers\n" >> $dir/docker
docker ps >> $dir/docker
docker-compose version >> $dir/docker-compose
base_dir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
cp -r $base_dir/../script $dir/
cp $base_dir/../harbor/harbor.cfg $dir/
cp -r /var/log/harbor $dir/
properties=(
email_server
email_server_port
email_username
email_password
email_from
harbor_admin_password
ldap_url
ldap_searchdn
ldap_search_pwd
ldap_basedn
db_password
)
for property in "${properties[@]}"
do
sed -i -r "s%#?$property\s*=\s*.*%$property = %" $dir/harbor.cfg
done
tar --remove-files -zcf $outputfolder.tar.gz -C $outputdir $outputfolder
echo "$outputfolder.tar.gz is generated in current directory."

View File

@ -1,111 +0,0 @@
#!/bin/bash
#Shut down Harbor
function down {
base_dir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
docker-compose -f $base_dir/../harbor/docker-compose*.yml down
}
#Start Harbor
function up {
base_dir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
$base_dir/start_harbor.sh
}
#Configure Harbor
function configure {
base_dir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
$base_dir/config.sh
}
function getRegistryVersion {
registry_version=""
base_dir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
registry_version=$(sed -n -e 's|.*library/registry:||p' $base_dir/../harbor/docker-compose.yml)
if [ -z registry_version ]
then
registry_version="latest"
fi
}
#Garbage collectoin
function gc {
echo "======================= $(date)====================="
getRegistryVersion
docker run --name gc --rm --volume /data/registry:/storage \
--volume $base_dir/../harbor/common/config/registry/:/etc/registry/ \
registry:$registry_version garbage-collect /etc/registry/config.yml
echo "===================================================="
}
#Add rules to iptables
function addIptableRules {
iptables -A INPUT -p tcp --dport 5480 -j ACCEPT -w || true
#iptables -A INPUT -p tcp --dport 5488 -j ACCEPT
#iptables -A INPUT -p tcp --dport 5489 -j ACCEPT
}
#Install docker-compose
function installDockerCompose {
base_dir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
$base_dir/../deps/docker-compose-1.7.1/install.sh
}
#Load images
function load {
basedir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
docker load -i $basedir/../harbor/harbor*.tgz
}
#Configure SSH
function configSSH {
value=$(ovfenv -k permit_root_login)
if [ "$value" = "true" ]
then
v=yes
else
v=no
fi
echo "ssh: permit root login - $v"
sed -i -r s%"^PermitRootLogin .*"%"PermitRootLogin $v"% /etc/ssh/sshd_config
if [ ! -f /etc/ssh/ssh_host_rsa_key ] \
|| [ ! -f /etc/ssh/ssh_host_ecdsa_key ] \
|| [ ! -f /etc/ssh/ssh_host_ed25519_key ]
then
ssh-keygen -A
fi
systemctl restart sshd
}
#Configure attr in harbor.cfg
function configureHarborCfg {
cfg_key=$1
cfg_value=$2
basedir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
cfg_file=$basedir/../harbor/harbor.cfg
if [ -n "$cfg_key" ]
then
cfg_value=$(echo "$cfg_value" | sed -r -e 's%[\/&%]%\\&%g')
sed -i -r "s%#?$cfg_key\s*=\s*.*%$cfg_key = $cfg_value%" $cfg_file
fi
}
function pushPhoton {
set +e
getRegistryVersion
docker run -d --name photon_pusher -v /data/registry:/var/lib/registry -p 5000:5000 registry:$registry_version
docker tag photon:1.0 127.0.0.1:5000/library/photon:1.0
sleep 5
docker push 127.0.0.1:5000/library/photon:1.0
docker rm -f photon_pusher
set -e
}

View File

@ -1,195 +0,0 @@
#!/bin/bash
set -e
attrs=(
ldap_url
ldap_searchdn
ldap_search_pwd
ldap_basedn
ldap_uid
email_server
email_server_port
email_username
email_password
email_from
email_ssl
verify_remote_cert
self_registration
)
cert_dir=/data/cert
mkdir -p $cert_dir
cert=$cert_dir/server.crt
key=$cert_dir/server.key
csr=$cert_dir/server.csr
ca_cert=$cert_dir/ca.crt
ca_key=$cert_dir/ca.key
ext=$cert_dir/extfile.cnf
ca_download_dir=/data/ca_download
mkdir -p $ca_download_dir
rm -rf $ca_download_dir/*
hostname=""
ip_addr=""
base_dir="$( cd "$( dirname "${BASH_SOURCE[0]}" )/../" && pwd )"
source $base_dir/script/common.sh
flag=$base_dir/cert_gen_type
#The location of harbor.cfg
cfg=$base_dir/harbor/harbor.cfg
#Format cert file
function formatCert {
content=$1
file=$2
echo $content | sed -r "s/ /\n/g" | sed -r "/-+$/d" | sed -r "s/^(-+).*/& CERTIFICATE\1/g" > $file
}
#Format key file
function formatKey {
content=$1
file=$2
echo $content | sed -r "s/ /\n/g" | sed -r "/^PRIVATE$/d"| sed -r "/-+$/d" | sed -r "s/^(-+).*/& PRIVATE KEY\1/g" > $file
}
function genCert {
if [ ! -e $ca_cert ] || [ ! -e $ca_key ]
then
openssl req -newkey rsa:4096 -nodes -sha256 -keyout $ca_key \
-x509 -days 365 -out $ca_cert -subj \
"/C=US/ST=California/L=Palo Alto/O=VMware, Inc./OU=Harbor/CN=Self-signed by VMware, Inc."
fi
openssl req -newkey rsa:4096 -nodes -sha256 -keyout $key \
-out $csr -subj \
"/C=US/ST=California/L=Palo Alto/O=VMware/OU=Harbor/CN=$hostname"
echo "Add subjectAltName = IP: $ip_addr to certificate"
echo subjectAltName = IP:$ip_addr > $ext
openssl x509 -req -days 365 -in $csr -CA $ca_cert -CAkey $ca_key -CAcreateserial -extfile $ext -out $cert
echo "self-signed" > $flag
echo "Copy CA certificate to $ca_download_dir"
cp $ca_cert $ca_download_dir/
}
function secure {
echo "Read attribute using ovfenv: [ ssl_cert ]"
ssl_cert=$(ovfenv -k ssl_cert)
echo "Read attribute using ovfenv: [ ssl_cert_key ]"
ssl_cert_key=$(ovfenv -k ssl_cert_key)
if [ -n "$ssl_cert" ] && [ -n "$ssl_cert_key" ]
then
echo "ssl_cert and ssl_cert_key are both set, using customized certificate"
formatCert "$ssl_cert" $cert
formatKey "$ssl_cert_key" $key
echo "customized" > $flag
return
fi
if [ ! -e $ca_cert ] || [ ! -e $cert ] || [ ! -e $key ]
then
echo "CA, Certificate or key file does not exist, will generate a self-signed certificate"
genCert
return
fi
if [ ! -e $flag ]
then
echo "The file which records the way generating certificate does not exist, will generate a new self-signed certificate"
genCert
return
fi
if [ ! $(cat $flag) = "self-signed" ]
then
echo "The way generating certificate changed, will generate a new self-signed certificate"
genCert
return
fi
cn=$(openssl x509 -noout -subject -in $cert | sed -n '/^subject/s/^.*CN=//p') || true
if [ "$hostname" != "$cn" ]
then
echo "Common name changed: $cn -> $hostname , will generate a new self-signed certificate"
genCert
return
fi
ip_in_cert=$(openssl x509 -noout -text -in $cert | sed -n '/IP Address:/s/.*IP Address://p') || true
if [ "$ip_addr" != "$ip_in_cert" ]
then
echo "IP changed: $ip_in_cert -> $ip_addr , will generate a new self-signed certificate"
genCert
return
fi
echo "Use the existing CA, certificate and key file"
echo "Copy CA certificate to $ca_download_dir"
cp $ca_cert $ca_download_dir/
}
function detectHostname {
hostname=$(hostname --fqdn) || true
if [ -n $hostname ]
then
if [ "$hostname" = "localhost.localdom" ]
then
hostname=""
return
fi
echo "Get hostname from command 'hostname --fqdn': $hostname"
return
fi
}
#Modify hostname
detectHostname
ip_addr=$(ip addr show eth0|grep "inet "|tr -s ' '|cut -d ' ' -f 3|cut -d '/' -f 1)
if [ -z "$hostname" ]
then
echo "Hostname is null, set it to IP"
hostname=$ip_addr
fi
if [ -n "$hostname" ]
then
echo "Hostname: $hostname"
configureHarborCfg "hostname" "$hostname"
else
echo "Failed to get the hostname"
exit 1
fi
#Handle http/https
echo "Read attribute using ovfenv: [ protocol ]"
protocol=$(ovfenv -k protocol)
if [ -z $protocol ]
then
protocol=https
fi
echo "Protocol: $protocol"
configureHarborCfg ui_url_protocol $protocol
if [ $protocol = "https" ]
then
secure
fi
for attr in "${attrs[@]}"
do
echo "Read attribute using ovfenv: [ $attr ]"
value=$(ovfenv -k $attr)
#if [ "$attr" = ldap_search_pwd ] \
# || [ "$attr" = email_password ]
#then
# bs=$(echo $value | base64)
# value={base64}$bs
#fi
configureHarborCfg "$attr" "$value"
done

View File

@ -1,53 +0,0 @@
#!/bin/bash
set -e
echo "======================= $(date)====================="
export PATH=$PATH:/usr/local/bin
base_dir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
source $base_dir/common.sh
#Reset root password
value=$(ovfenv -k root_pwd)
if [ -n "$value" ]
then
echo "Resetting root password..."
printf "%s\n%s\n" "$value" "$value" | passwd root
fi
#configure SSH
configSSH
echo "Adding rules to iptables..."
addIptableRules
echo "Installing docker compose..."
installDockerCompose
echo "Starting docker service..."
systemctl start docker
echo "Uncompress Harbor offline instaler tar..."
tar -zxvf $base_dir/../harbor-offline-installer*.tgz -C $base_dir/../
echo "Loading images..."
load
echo "Pushing photon to project library..."
pushPhoton
echo "Configuring Harbor..."
chmod 600 $base_dir/../harbor/harbor.cfg
$base_dir/firstboot_config.sh
#Start Harbor
echo "Starting Harbor..."
up
echo "Removing unneeded installation packages..."
rm $base_dir/../harbor-offline-installer*.tgz
rm $base_dir/../harbor/harbor*.tgz
echo "===================================================="

View File

@ -1,32 +0,0 @@
#!/bin/bash
set -e
base_dir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
source $base_dir/common.sh
#Configure authentication mode
echo "Read attribute using ovfenv: [ auth_mode ]"
auth_mode=$(ovfenv -k auth_mode)
if [ -n "$auth_mode" ]
then
configureHarborCfg "auth_mode" "$auth_mode"
fi
#Configure password of Harbor administrator
echo "Read attribute using ovfenv: [ harbor_admin_password ]"
adm_pwd=$(ovfenv -k harbor_admin_password)
if [ -n "$adm_pwd" ]
then
configureHarborCfg "harbor_admin_password" "$adm_pwd"
fi
#Configure password of database
echo "Read attribute using ovfenv: [ db_password ]"
db_pwd=$(ovfenv -k db_password)
if [ -n "$db_pwd" ]
then
configureHarborCfg "db_password" "$db_pwd"
fi
#Configure other attrs
configure

View File

@ -1,31 +0,0 @@
#!/bin/bash
set -e
workdir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
cd $workdir/../harbor
echo "[Step 1]: preparing environment ..."
./prepare
echo "[Step 2]: starting Harbor ..."
docker-compose -f docker-compose*.yml up -d
protocol=http
hostname=reg.mydomain.com
if [[ $(cat ./harbor.cfg) =~ ui_url_protocol[[:blank:]]*=[[:blank:]]*(https?) ]]
then
protocol=${BASH_REMATCH[1]}
fi
if [[ $(grep 'hostname[[:blank:]]*=' ./harbor.cfg) =~ hostname[[:blank:]]*=[[:blank:]]*(.*) ]]
then
hostname=${BASH_REMATCH[1]}
fi
echo $"
----Harbor has been installed and started successfully.----
Now you should be able to visit the admin portal at ${protocol}://${hostname}.
For more details, please visit https://github.com/vmware/harbor .
"

View File

@ -1,40 +0,0 @@
#!/bin/bash
set -e
echo "======================= $(date)====================="
export PATH=$PATH:/usr/local/bin
base_dir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
source $base_dir/common.sh
#configure SSH
configSSH
echo "Adding rules to iptables..."
addIptableRules
#Stop Harbor
echo "Shutting down Harbor..."
down || true
#Garbage collection
value=$(ovfenv -k gc_enabled)
if [ "$value" = "true" ]
then
echo "GC enabled, starting garbage collection..."
#If the registry contains no images, the gc will fail.
#So append a true to avoid failure.
gc 2>&1 >> /var/log/harbor/gc.log || true
else
echo "GC disabled, skip garbage collection"
fi
#Configure Harbor
echo "Configuring Harbor..."
configure
#Start Harbor
echo "Starting Harbor..."
up
echo "===================================================="