mirror of
https://github.com/goharbor/harbor.git
synced 2024-12-23 00:57:44 +01:00
propagate more env vars
This commit is contained in:
parent
a80e0190c6
commit
26124d366f
@ -38,6 +38,10 @@ self_registration = on
|
|||||||
#Number of job workers in job service, default is 3
|
#Number of job workers in job service, default is 3
|
||||||
max_job_workers = 3
|
max_job_workers = 3
|
||||||
|
|
||||||
|
#Toggle on and off to tell job service wheter or not verify the ssl cert
|
||||||
|
#when it tries to access a remote registry
|
||||||
|
verify_remote_cert = on
|
||||||
|
|
||||||
#Turn on or off the customize your certificate for registry's token.
|
#Turn on or off the customize your certificate for registry's token.
|
||||||
#If the value is on, the prepare script will generate new root cert and private key
|
#If the value is on, the prepare script will generate new root cert and private key
|
||||||
#for generating token to access the image in registry.
|
#for generating token to access the image in registry.
|
||||||
|
@ -47,6 +47,7 @@ crt_organizationalunit = rcp.get("configuration", "crt_organizationalunit")
|
|||||||
crt_commonname = rcp.get("configuration", "crt_commonname")
|
crt_commonname = rcp.get("configuration", "crt_commonname")
|
||||||
crt_email = rcp.get("configuration", "crt_email")
|
crt_email = rcp.get("configuration", "crt_email")
|
||||||
max_job_workers = rcp.get("configuration", "max_job_workers")
|
max_job_workers = rcp.get("configuration", "max_job_workers")
|
||||||
|
verify_remote_cert = rcp.get("configuration", "verify_remote_cert")
|
||||||
########
|
########
|
||||||
|
|
||||||
ui_secret = ''.join(random.choice(string.ascii_letters+string.digits) for i in range(16))
|
ui_secret = ''.join(random.choice(string.ascii_letters+string.digits) for i in range(16))
|
||||||
@ -122,7 +123,8 @@ render(os.path.join(templates_dir, "jobservice", "env"),
|
|||||||
db_password=db_password,
|
db_password=db_password,
|
||||||
ui_secret=ui_secret,
|
ui_secret=ui_secret,
|
||||||
max_job_workers=max_job_workers,
|
max_job_workers=max_job_workers,
|
||||||
ui_url=ui_url)
|
ui_url=ui_url,
|
||||||
|
verify_remote_cert=verify_remote_cert)
|
||||||
|
|
||||||
def validate_crt_subj(dirty_subj):
|
def validate_crt_subj(dirty_subj):
|
||||||
subj_list = [item for item in dirty_subj.strip().split("/") \
|
subj_list = [item for item in dirty_subj.strip().split("/") \
|
||||||
|
@ -3,7 +3,10 @@ MYSQL_PORT=3306
|
|||||||
MYSQL_USR=root
|
MYSQL_USR=root
|
||||||
MYSQL_PWD=$db_password
|
MYSQL_PWD=$db_password
|
||||||
UI_SECRET=$ui_secret
|
UI_SECRET=$ui_secret
|
||||||
HARBOR_URL=$ui_url
|
REGISTRY_URL=http://registry:5000
|
||||||
|
VERIFY_REMOTE_CERT=$verify_remote_cert
|
||||||
MAX_JOB_WORKERS=$max_job_workers
|
MAX_JOB_WORKERS=$max_job_workers
|
||||||
LOG_LEVEL=debug
|
LOG_LEVEL=debug
|
||||||
GODEBUG=netdns=cgo
|
GODEBUG=netdns=cgo
|
||||||
|
EXT_ENDPOINT=$ui_url
|
||||||
|
TOKEN_URL=http://ui
|
||||||
|
@ -3,10 +3,11 @@ MYSQL_PORT=3306
|
|||||||
MYSQL_USR=root
|
MYSQL_USR=root
|
||||||
MYSQL_PWD=$db_password
|
MYSQL_PWD=$db_password
|
||||||
REGISTRY_URL=http://registry:5000
|
REGISTRY_URL=http://registry:5000
|
||||||
|
UI_URL=http://ui
|
||||||
CONFIG_PATH=/etc/ui/app.conf
|
CONFIG_PATH=/etc/ui/app.conf
|
||||||
HARBOR_REG_URL=$hostname
|
HARBOR_REG_URL=$hostname
|
||||||
HARBOR_ADMIN_PASSWORD=$harbor_admin_password
|
HARBOR_ADMIN_PASSWORD=$harbor_admin_password
|
||||||
HARBOR_URL=$hostname
|
HARBOR_URL=$ui_url
|
||||||
AUTH_MODE=$auth_mode
|
AUTH_MODE=$auth_mode
|
||||||
LDAP_URL=$ldap_url
|
LDAP_URL=$ldap_url
|
||||||
LDAP_BASE_DN=$ldap_basedn
|
LDAP_BASE_DN=$ldap_basedn
|
||||||
@ -14,3 +15,5 @@ UI_SECRET=$ui_secret
|
|||||||
SELF_REGISTRATION=$self_registration
|
SELF_REGISTRATION=$self_registration
|
||||||
LOG_LEVEL=debug
|
LOG_LEVEL=debug
|
||||||
GODEBUG=netdns=cgo
|
GODEBUG=netdns=cgo
|
||||||
|
EXT_ENDPOINT=$ui_url
|
||||||
|
TOKEN_URL=http://ui
|
||||||
|
@ -1,16 +1,16 @@
|
|||||||
/*
|
/*
|
||||||
Copyright (c) 2016 VMware, Inc. All Rights Reserved.
|
Copyright (c) 2016 VMware, Inc. All Rights Reserved.
|
||||||
Licensed under the Apache License, Version 2.0 (the "License");
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
you may not use this file except in compliance with the License.
|
you may not use this file except in compliance with the License.
|
||||||
You may obtain a copy of the License at
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
http://www.apache.org/licenses/LICENSE-2.0
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
Unless required by applicable law or agreed to in writing, software
|
Unless required by applicable law or agreed to in writing, software
|
||||||
distributed under the License is distributed on an "AS IS" BASIS,
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
See the License for the specific language governing permissions and
|
See the License for the specific language governing permissions and
|
||||||
limitations under the License.
|
limitations under the License.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
package api
|
package api
|
||||||
@ -165,7 +165,7 @@ func getRepoList(projectID int64) ([]string, error) {
|
|||||||
uiPwd = "Harbor12345"
|
uiPwd = "Harbor12345"
|
||||||
}
|
}
|
||||||
*/
|
*/
|
||||||
uiURL := config.LocalHarborURL()
|
uiURL := config.LocalUIURL()
|
||||||
client := &http.Client{}
|
client := &http.Client{}
|
||||||
req, err := http.NewRequest("GET", uiURL+"/api/repositories?project_id="+strconv.Itoa(int(projectID)), nil)
|
req, err := http.NewRequest("GET", uiURL+"/api/repositories?project_id="+strconv.Itoa(int(projectID)), nil)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -1,16 +1,16 @@
|
|||||||
/*
|
/*
|
||||||
Copyright (c) 2016 VMware, Inc. All Rights Reserved.
|
Copyright (c) 2016 VMware, Inc. All Rights Reserved.
|
||||||
Licensed under the Apache License, Version 2.0 (the "License");
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
you may not use this file except in compliance with the License.
|
you may not use this file except in compliance with the License.
|
||||||
You may obtain a copy of the License at
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
http://www.apache.org/licenses/LICENSE-2.0
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
Unless required by applicable law or agreed to in writing, software
|
Unless required by applicable law or agreed to in writing, software
|
||||||
distributed under the License is distributed on an "AS IS" BASIS,
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
See the License for the specific language governing permissions and
|
See the License for the specific language governing permissions and
|
||||||
limitations under the License.
|
limitations under the License.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
package config
|
package config
|
||||||
@ -26,9 +26,11 @@ import (
|
|||||||
const defaultMaxWorkers int = 10
|
const defaultMaxWorkers int = 10
|
||||||
|
|
||||||
var maxJobWorkers int
|
var maxJobWorkers int
|
||||||
var localURL string
|
var localUIURL string
|
||||||
|
var localRegURL string
|
||||||
var logDir string
|
var logDir string
|
||||||
var uiSecret string
|
var uiSecret string
|
||||||
|
var verifyRemoteCert string
|
||||||
|
|
||||||
func init() {
|
func init() {
|
||||||
maxWorkersEnv := os.Getenv("MAX_JOB_WORKERS")
|
maxWorkersEnv := os.Getenv("MAX_JOB_WORKERS")
|
||||||
@ -39,9 +41,14 @@ func init() {
|
|||||||
maxJobWorkers = defaultMaxWorkers
|
maxJobWorkers = defaultMaxWorkers
|
||||||
}
|
}
|
||||||
|
|
||||||
localURL = os.Getenv("HARBOR_URL")
|
localRegURL = os.Getenv("REGISTRY_URL")
|
||||||
if len(localURL) == 0 {
|
if len(localRegURL) == 0 {
|
||||||
localURL = "http://registry:5000/"
|
localRegURL = "http://registry:5000"
|
||||||
|
}
|
||||||
|
|
||||||
|
localUIURL = os.Getenv("UI_URL")
|
||||||
|
if len(localUIURL) == 0 {
|
||||||
|
localUIURL = "http://ui"
|
||||||
}
|
}
|
||||||
|
|
||||||
logDir = os.Getenv("LOG_DIR")
|
logDir = os.Getenv("LOG_DIR")
|
||||||
@ -67,8 +74,15 @@ func init() {
|
|||||||
panic("UI Secret is not set")
|
panic("UI Secret is not set")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
verifyRemoteCert = os.Getenv("VERIFY_REMOTE_CERT")
|
||||||
|
if len(verifyRemoteCert) == 0 {
|
||||||
|
verifyRemoteCert = "on"
|
||||||
|
}
|
||||||
|
|
||||||
log.Debugf("config: maxJobWorkers: %d", maxJobWorkers)
|
log.Debugf("config: maxJobWorkers: %d", maxJobWorkers)
|
||||||
log.Debugf("config: localHarborURL: %s", localURL)
|
log.Debugf("config: localUIURL: %s", localUIURL)
|
||||||
|
log.Debugf("config: localRegURL: %s", localRegURL)
|
||||||
|
log.Debugf("config: verifyRemoteCert: %s", verifyRemoteCert)
|
||||||
log.Debugf("config: logDir: %s", logDir)
|
log.Debugf("config: logDir: %s", logDir)
|
||||||
log.Debugf("config: uiSecret: ******")
|
log.Debugf("config: uiSecret: ******")
|
||||||
}
|
}
|
||||||
@ -78,9 +92,14 @@ func MaxJobWorkers() int {
|
|||||||
return maxJobWorkers
|
return maxJobWorkers
|
||||||
}
|
}
|
||||||
|
|
||||||
// LocalHarborURL returns the local registry url, job service will use this URL to pull manifest and repository.
|
// LocaUIURL returns the local ui url, job service will use this URL to call API hosted on ui process
|
||||||
func LocalHarborURL() string {
|
func LocalUIURL() string {
|
||||||
return localURL
|
return localUIURL
|
||||||
|
}
|
||||||
|
|
||||||
|
// LocalRegURL returns the local registry url, job service will use this URL to pull image from the registry
|
||||||
|
func LocalRegURL() string {
|
||||||
|
return localRegURL
|
||||||
}
|
}
|
||||||
|
|
||||||
// LogDir returns the absolute path to which the log file will be written
|
// LogDir returns the absolute path to which the log file will be written
|
||||||
@ -92,3 +111,8 @@ func LogDir() string {
|
|||||||
func UISecret() string {
|
func UISecret() string {
|
||||||
return uiSecret
|
return uiSecret
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// VerifyRemoteCert return the flag to tell jobservice whether or not verify the cert of remote registry
|
||||||
|
func VerifyRemoteCert() bool {
|
||||||
|
return verifyRemoteCert != "off"
|
||||||
|
}
|
||||||
|
@ -1,16 +1,16 @@
|
|||||||
/*
|
/*
|
||||||
Copyright (c) 2016 VMware, Inc. All Rights Reserved.
|
Copyright (c) 2016 VMware, Inc. All Rights Reserved.
|
||||||
Licensed under the Apache License, Version 2.0 (the "License");
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
you may not use this file except in compliance with the License.
|
you may not use this file except in compliance with the License.
|
||||||
You may obtain a copy of the License at
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
http://www.apache.org/licenses/LICENSE-2.0
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
Unless required by applicable law or agreed to in writing, software
|
Unless required by applicable law or agreed to in writing, software
|
||||||
distributed under the License is distributed on an "AS IS" BASIS,
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
See the License for the specific language governing permissions and
|
See the License for the specific language governing permissions and
|
||||||
limitations under the License.
|
limitations under the License.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
package job
|
package job
|
||||||
@ -38,6 +38,7 @@ type RepJobParm struct {
|
|||||||
Tags []string
|
Tags []string
|
||||||
Enabled int
|
Enabled int
|
||||||
Operation string
|
Operation string
|
||||||
|
Insecure bool
|
||||||
}
|
}
|
||||||
|
|
||||||
// SM is the state machine to handle job, it handles one job at a time.
|
// SM is the state machine to handle job, it handles one job at a time.
|
||||||
@ -205,11 +206,12 @@ func (sm *SM) Reset(jid int64) error {
|
|||||||
return fmt.Errorf("The policy doesn't exist in DB, policy id:%d", job.PolicyID)
|
return fmt.Errorf("The policy doesn't exist in DB, policy id:%d", job.PolicyID)
|
||||||
}
|
}
|
||||||
sm.Parms = &RepJobParm{
|
sm.Parms = &RepJobParm{
|
||||||
LocalRegURL: config.LocalHarborURL(),
|
LocalRegURL: config.LocalRegURL(),
|
||||||
Repository: job.Repository,
|
Repository: job.Repository,
|
||||||
Tags: job.TagList,
|
Tags: job.TagList,
|
||||||
Enabled: policy.Enabled,
|
Enabled: policy.Enabled,
|
||||||
Operation: job.Operation,
|
Operation: job.Operation,
|
||||||
|
Insecure: !config.VerifyRemoteCert(),
|
||||||
}
|
}
|
||||||
if policy.Enabled == 0 {
|
if policy.Enabled == 0 {
|
||||||
//worker will cancel this job
|
//worker will cancel this job
|
||||||
|
Loading…
Reference in New Issue
Block a user