propagate more env vars

This commit is contained in:
Tan Jiang 2016-06-22 18:41:56 +08:00
parent a80e0190c6
commit 26124d366f
7 changed files with 87 additions and 49 deletions

View File

@ -38,6 +38,10 @@ self_registration = on
#Number of job workers in job service, default is 3 #Number of job workers in job service, default is 3
max_job_workers = 3 max_job_workers = 3
#Toggle on and off to tell job service wheter or not verify the ssl cert
#when it tries to access a remote registry
verify_remote_cert = on
#Turn on or off the customize your certificate for registry's token. #Turn on or off the customize your certificate for registry's token.
#If the value is on, the prepare script will generate new root cert and private key #If the value is on, the prepare script will generate new root cert and private key
#for generating token to access the image in registry. #for generating token to access the image in registry.

View File

@ -47,6 +47,7 @@ crt_organizationalunit = rcp.get("configuration", "crt_organizationalunit")
crt_commonname = rcp.get("configuration", "crt_commonname") crt_commonname = rcp.get("configuration", "crt_commonname")
crt_email = rcp.get("configuration", "crt_email") crt_email = rcp.get("configuration", "crt_email")
max_job_workers = rcp.get("configuration", "max_job_workers") max_job_workers = rcp.get("configuration", "max_job_workers")
verify_remote_cert = rcp.get("configuration", "verify_remote_cert")
######## ########
ui_secret = ''.join(random.choice(string.ascii_letters+string.digits) for i in range(16)) ui_secret = ''.join(random.choice(string.ascii_letters+string.digits) for i in range(16))
@ -122,7 +123,8 @@ render(os.path.join(templates_dir, "jobservice", "env"),
db_password=db_password, db_password=db_password,
ui_secret=ui_secret, ui_secret=ui_secret,
max_job_workers=max_job_workers, max_job_workers=max_job_workers,
ui_url=ui_url) ui_url=ui_url,
verify_remote_cert=verify_remote_cert)
def validate_crt_subj(dirty_subj): def validate_crt_subj(dirty_subj):
subj_list = [item for item in dirty_subj.strip().split("/") \ subj_list = [item for item in dirty_subj.strip().split("/") \

View File

@ -3,7 +3,10 @@ MYSQL_PORT=3306
MYSQL_USR=root MYSQL_USR=root
MYSQL_PWD=$db_password MYSQL_PWD=$db_password
UI_SECRET=$ui_secret UI_SECRET=$ui_secret
HARBOR_URL=$ui_url REGISTRY_URL=http://registry:5000
VERIFY_REMOTE_CERT=$verify_remote_cert
MAX_JOB_WORKERS=$max_job_workers MAX_JOB_WORKERS=$max_job_workers
LOG_LEVEL=debug LOG_LEVEL=debug
GODEBUG=netdns=cgo GODEBUG=netdns=cgo
EXT_ENDPOINT=$ui_url
TOKEN_URL=http://ui

View File

@ -3,10 +3,11 @@ MYSQL_PORT=3306
MYSQL_USR=root MYSQL_USR=root
MYSQL_PWD=$db_password MYSQL_PWD=$db_password
REGISTRY_URL=http://registry:5000 REGISTRY_URL=http://registry:5000
UI_URL=http://ui
CONFIG_PATH=/etc/ui/app.conf CONFIG_PATH=/etc/ui/app.conf
HARBOR_REG_URL=$hostname HARBOR_REG_URL=$hostname
HARBOR_ADMIN_PASSWORD=$harbor_admin_password HARBOR_ADMIN_PASSWORD=$harbor_admin_password
HARBOR_URL=$hostname HARBOR_URL=$ui_url
AUTH_MODE=$auth_mode AUTH_MODE=$auth_mode
LDAP_URL=$ldap_url LDAP_URL=$ldap_url
LDAP_BASE_DN=$ldap_basedn LDAP_BASE_DN=$ldap_basedn
@ -14,3 +15,5 @@ UI_SECRET=$ui_secret
SELF_REGISTRATION=$self_registration SELF_REGISTRATION=$self_registration
LOG_LEVEL=debug LOG_LEVEL=debug
GODEBUG=netdns=cgo GODEBUG=netdns=cgo
EXT_ENDPOINT=$ui_url
TOKEN_URL=http://ui

View File

@ -1,16 +1,16 @@
/* /*
Copyright (c) 2016 VMware, Inc. All Rights Reserved. Copyright (c) 2016 VMware, Inc. All Rights Reserved.
Licensed under the Apache License, Version 2.0 (the "License"); Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License. you may not use this file except in compliance with the License.
You may obtain a copy of the License at You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0 http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS, distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and See the License for the specific language governing permissions and
limitations under the License. limitations under the License.
*/ */
package api package api
@ -165,7 +165,7 @@ func getRepoList(projectID int64) ([]string, error) {
uiPwd = "Harbor12345" uiPwd = "Harbor12345"
} }
*/ */
uiURL := config.LocalHarborURL() uiURL := config.LocalUIURL()
client := &http.Client{} client := &http.Client{}
req, err := http.NewRequest("GET", uiURL+"/api/repositories?project_id="+strconv.Itoa(int(projectID)), nil) req, err := http.NewRequest("GET", uiURL+"/api/repositories?project_id="+strconv.Itoa(int(projectID)), nil)
if err != nil { if err != nil {

View File

@ -1,16 +1,16 @@
/* /*
Copyright (c) 2016 VMware, Inc. All Rights Reserved. Copyright (c) 2016 VMware, Inc. All Rights Reserved.
Licensed under the Apache License, Version 2.0 (the "License"); Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License. you may not use this file except in compliance with the License.
You may obtain a copy of the License at You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0 http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS, distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and See the License for the specific language governing permissions and
limitations under the License. limitations under the License.
*/ */
package config package config
@ -26,9 +26,11 @@ import (
const defaultMaxWorkers int = 10 const defaultMaxWorkers int = 10
var maxJobWorkers int var maxJobWorkers int
var localURL string var localUIURL string
var localRegURL string
var logDir string var logDir string
var uiSecret string var uiSecret string
var verifyRemoteCert string
func init() { func init() {
maxWorkersEnv := os.Getenv("MAX_JOB_WORKERS") maxWorkersEnv := os.Getenv("MAX_JOB_WORKERS")
@ -39,9 +41,14 @@ func init() {
maxJobWorkers = defaultMaxWorkers maxJobWorkers = defaultMaxWorkers
} }
localURL = os.Getenv("HARBOR_URL") localRegURL = os.Getenv("REGISTRY_URL")
if len(localURL) == 0 { if len(localRegURL) == 0 {
localURL = "http://registry:5000/" localRegURL = "http://registry:5000"
}
localUIURL = os.Getenv("UI_URL")
if len(localUIURL) == 0 {
localUIURL = "http://ui"
} }
logDir = os.Getenv("LOG_DIR") logDir = os.Getenv("LOG_DIR")
@ -67,8 +74,15 @@ func init() {
panic("UI Secret is not set") panic("UI Secret is not set")
} }
verifyRemoteCert = os.Getenv("VERIFY_REMOTE_CERT")
if len(verifyRemoteCert) == 0 {
verifyRemoteCert = "on"
}
log.Debugf("config: maxJobWorkers: %d", maxJobWorkers) log.Debugf("config: maxJobWorkers: %d", maxJobWorkers)
log.Debugf("config: localHarborURL: %s", localURL) log.Debugf("config: localUIURL: %s", localUIURL)
log.Debugf("config: localRegURL: %s", localRegURL)
log.Debugf("config: verifyRemoteCert: %s", verifyRemoteCert)
log.Debugf("config: logDir: %s", logDir) log.Debugf("config: logDir: %s", logDir)
log.Debugf("config: uiSecret: ******") log.Debugf("config: uiSecret: ******")
} }
@ -78,9 +92,14 @@ func MaxJobWorkers() int {
return maxJobWorkers return maxJobWorkers
} }
// LocalHarborURL returns the local registry url, job service will use this URL to pull manifest and repository. // LocaUIURL returns the local ui url, job service will use this URL to call API hosted on ui process
func LocalHarborURL() string { func LocalUIURL() string {
return localURL return localUIURL
}
// LocalRegURL returns the local registry url, job service will use this URL to pull image from the registry
func LocalRegURL() string {
return localRegURL
} }
// LogDir returns the absolute path to which the log file will be written // LogDir returns the absolute path to which the log file will be written
@ -92,3 +111,8 @@ func LogDir() string {
func UISecret() string { func UISecret() string {
return uiSecret return uiSecret
} }
// VerifyRemoteCert return the flag to tell jobservice whether or not verify the cert of remote registry
func VerifyRemoteCert() bool {
return verifyRemoteCert != "off"
}

View File

@ -1,16 +1,16 @@
/* /*
Copyright (c) 2016 VMware, Inc. All Rights Reserved. Copyright (c) 2016 VMware, Inc. All Rights Reserved.
Licensed under the Apache License, Version 2.0 (the "License"); Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License. you may not use this file except in compliance with the License.
You may obtain a copy of the License at You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0 http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS, distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and See the License for the specific language governing permissions and
limitations under the License. limitations under the License.
*/ */
package job package job
@ -38,6 +38,7 @@ type RepJobParm struct {
Tags []string Tags []string
Enabled int Enabled int
Operation string Operation string
Insecure bool
} }
// SM is the state machine to handle job, it handles one job at a time. // SM is the state machine to handle job, it handles one job at a time.
@ -205,11 +206,12 @@ func (sm *SM) Reset(jid int64) error {
return fmt.Errorf("The policy doesn't exist in DB, policy id:%d", job.PolicyID) return fmt.Errorf("The policy doesn't exist in DB, policy id:%d", job.PolicyID)
} }
sm.Parms = &RepJobParm{ sm.Parms = &RepJobParm{
LocalRegURL: config.LocalHarborURL(), LocalRegURL: config.LocalRegURL(),
Repository: job.Repository, Repository: job.Repository,
Tags: job.TagList, Tags: job.TagList,
Enabled: policy.Enabled, Enabled: policy.Enabled,
Operation: job.Operation, Operation: job.Operation,
Insecure: !config.VerifyRemoteCert(),
} }
if policy.Enabled == 0 { if policy.Enabled == 0 {
//worker will cancel this job //worker will cancel this job