From b7340ebbce98a73403ca0b413b453a6489e59142 Mon Sep 17 00:00:00 2001 From: wy65701436 Date: Mon, 27 Mar 2017 03:57:01 -0700 Subject: [PATCH] add ove upgrade script --- tools/ova/script/harbor_0_6_0_template | 103 ++++++++++++++++++++++ tools/ova/script/upgrade | 117 +++++++++++++++++++++++++ 2 files changed, 220 insertions(+) create mode 100644 tools/ova/script/harbor_0_6_0_template create mode 100755 tools/ova/script/upgrade diff --git a/tools/ova/script/harbor_0_6_0_template b/tools/ova/script/harbor_0_6_0_template new file mode 100644 index 000000000..fd246a26a --- /dev/null +++ b/tools/ova/script/harbor_0_6_0_template @@ -0,0 +1,103 @@ +## Configuration file of Harbor + +#The IP address or hostname to access admin UI and registry service. +#DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients. +hostname = $hostname + +#The protocol for accessing the UI and token/notification service, by default it is http. +#It can be set to https if ssl is enabled on nginx. +ui_url_protocol = $ui_url_protocol + +#The password for the root user of mysql db, change this before any production use. +db_password = $db_password + +#Determine whether the UI should use compressed js files. +#For production, set it to on. For development, set it to off. +use_compressed_js = $use_compressed_js + +#Maximum number of job workers in job service +max_job_workers = $max_job_workers + +#Determine whether or not to generate certificate for the registry's token. +#If the value is on, the prepare script creates new root cert and private key +#for generating token to access the registry. If the value is off the default key/cert will be used. +#This flag also controls the creation of the notary signer's cert. +customize_crt = $customize_crt + +#The path of cert and key files for nginx, they are applied only the protocol is set to https +ssl_cert = $ssl_cert +ssl_cert_key = $ssl_cert_key + +#The path of secretkey storage +secretkey_path = /data + +#Admiral's url, comment this attribute, or set its value to to NA when Harbor is standalone +admiral_url = NA + +#NOTES: The properties between BEGIN INITIAL PROPERTIES and END INITIAL PROPERTIES +#only take effect in the first boot, the subsequent changes of these properties +#should be performed on web ui +#************************BEGIN INITIAL PROPERTIES************************ + +#Email account settings for sending out password resetting emails. + +#Email server uses the given username and password to authenticate on TLS connections to host and act as identity. +#Identity left blank to act as username. +email_identity = $email_identity + +email_server = $email_server +email_server_port = $email_server_port +email_username = $email_username +email_password = $email_password +email_from = $email_from +email_ssl = $email_ssl + +##The initial password of Harbor admin, only works for the first time when Harbor starts. +#It has no effect after the first launch of Harbor. +#Change the admin password from UI after launching Harbor. +harbor_admin_password = $harbor_admin_password + +##By default the auth mode is db_auth, i.e. the credentials are stored in a local database. +#Set it to ldap_auth if you want to verify a user's credentials against an LDAP server. +auth_mode = $auth_mode + +#The url for an ldap endpoint. +ldap_url = $ldap_url + +#A user's DN who has the permission to search the LDAP/AD server. +#If your LDAP/AD server does not support anonymous search, you should configure this DN and ldap_search_pwd. +#ldap_searchdn = uid=searchuser,ou=people,dc=mydomain,dc=com + +#the password of the ldap_searchdn +#ldap_search_pwd = password + +#The base DN from which to look up a user in LDAP/AD +ldap_basedn = $ldap_basedn + +#Search filter for LDAP/AD, make sure the syntax of the filter is correct. +#ldap_filter = (objectClass=person) + +# The attribute used in a search to match a user, it could be uid, cn, email, sAMAccountName or other attributes depending on your LDAP/AD +ldap_uid = $ldap_uid + +#the scope to search for users, 1-LDAP_SCOPE_BASE, 2-LDAP_SCOPE_ONELEVEL, 3-LDAP_SCOPE_SUBTREE +ldap_scope = $ldap_scope + +#Timeout (in seconds) when connecting to an LDAP Server. The default value (and most reasonable) is 5 seconds. +ldap_timeout = 5 + +#Turn on or off the self-registration feature +self_registration = $self_registration + +#The expiration time (in minute) of token created by token service, default is 30 minutes +token_expiration = $token_expiration + +#The flag to control what users have permission to create projects +#Be default everyone can create a project, set to "adminonly" such that only admin can create project. +project_creation_restriction = $project_creation_restriction + +#Determine whether the job service should verify the ssl cert when it connects to a remote registry. +#Set this flag to off when the remote registry uses a self-signed or untrusted certificate. +verify_remote_cert = $verify_remote_cert +#************************BEGIN INITIAL PROPERTIES************************ +############# diff --git a/tools/ova/script/upgrade b/tools/ova/script/upgrade new file mode 100755 index 000000000..f24be9b7d --- /dev/null +++ b/tools/ova/script/upgrade @@ -0,0 +1,117 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +from string import Template +import string +import os +import sys +import argparse +from io import open + +if sys.version_info[:3][0] == 2: + import ConfigParser as ConfigParser + import StringIO as StringIO + +if sys.version_info[:3][0] == 3: + import configparser as ConfigParser + import io as StringIO + +parser = argparse.ArgumentParser() +parser.add_argument('--source-loc', dest='source_loc', type=str,help="the path of Harbor 0.5.0 configuration file") +parser.add_argument('--source-version', dest='source_ver', type=str,help="the Harbor instance is to be deployed with notary") +parser.add_argument('--target-loc', dest='target_loc', type=str,help="the path of Harbor 0.6.0 configuration file") +parser.add_argument('--target-version', dest='target_ver', type=str, help="the Harbor instance is to be deployed with notary") +upgrade_args = parser.parse_args() + +# NOTE: the script only support to upgrade from 0.5.0.to 0.6.0. +def validate(): + if upgrade_args.source_ver == '0.5.0' and upgrade_args.target_ver == '0.6.0': + return + raise Exception("Unable to support upgrade from %s to %s" % (upgrade_args.source_ver, upgrade_args.target_ver)) + +validate() + +conf = StringIO.StringIO() +conf.write("[configuration]\n") +conf.write(open(upgrade_args.source_loc).read()) +conf.seek(0, os.SEEK_SET) +rcp = ConfigParser.RawConfigParser() +rcp.readfp(conf) + +hostname = rcp.get("configuration", "hostname") +ui_url_protocol = rcp.get("configuration", "ui_url_protocol") +email_identity = rcp.get("configuration", "email_identity") +email_server = rcp.get("configuration", "email_server") +email_server_port = rcp.get("configuration", "email_server_port") +email_username = rcp.get("configuration", "email_username") +email_password = rcp.get("configuration", "email_password") +email_from = rcp.get("configuration", "email_from") +email_ssl = rcp.get("configuration", "email_ssl") +harbor_admin_password = rcp.get("configuration", "harbor_admin_password") +auth_mode = rcp.get("configuration", "auth_mode") +ldap_url = rcp.get("configuration", "ldap_url") +ldap_basedn = rcp.get("configuration", "ldap_basedn") +ldap_uid = rcp.get("configuration", "ldap_uid") +ldap_scope = rcp.get("configuration", "ldap_scope") +db_password = rcp.get("configuration", "db_password") +self_registration = rcp.get("configuration", "self_registration") +use_compressed_js = rcp.get("configuration", "use_compressed_js") +max_job_workers = rcp.get("configuration", "max_job_workers") +token_expiration = rcp.get("configuration", "token_expiration") +verify_remote_cert = rcp.get("configuration", "verify_remote_cert") +customize_crt = rcp.get("configuration", "customize_crt") +project_creation_restriction = rcp.get("configuration", "project_creation_restriction") +ssl_cert = rcp.get("configuration", "ssl_cert") +ssl_cert_key = rcp.get("configuration", "ssl_cert_key") + +def delfile(src): + if os.path.isfile(src): + try: + os.remove(src) + print("Clearing the configuration file: %s" % src) + except: + pass + elif os.path.isdir(src): + for item in os.listdir(src): + itemsrc=os.path.join(src,item) + delfile(itemsrc) + +def render(src, dest, **kw): + t = Template(open(src, 'r').read()) + with open(dest, 'w') as f: + f.write(t.substitute(**kw)) + print("Generated configuration file: %s" % dest) + +delfile(upgrade_args.target_loc) + +base_dir = os.path.dirname(__file__) +config_template = os.path.join(base_dir, "harbor_0_6_0_template") + +render(config_template, + upgrade_args.target_loc, + hostname=hostname, + ui_url_protocol=ui_url_protocol, + db_password=db_password, + use_compressed_js=use_compressed_js, + max_job_workers=max_job_workers, + customize_crt=customize_crt, + ssl_cert=ssl_cert, + ssl_cert_key=ssl_cert_key, + admiral_url='', + email_identity=email_identity, + email_server=email_server, + email_server_port=email_server_port, + email_username=email_username, + email_password=email_password, + email_from=email_from, + email_ssl=email_ssl, + harbor_admin_password=harbor_admin_password, + auth_mode=auth_mode, + ldap_url=ldap_url, + ldap_basedn=ldap_basedn, + ldap_uid=ldap_uid, + ldap_scope=ldap_scope, + self_registration=self_registration, + token_expiration=token_expiration, + project_creation_restriction=project_creation_restriction, + verify_remote_cert=verify_remote_cert + )