Fix issues related with chart storage

- inject custom CA bundle into chart repo
- update prepare script to inject credentials

Signed-off-by: Steven Zou <szou@vmware.com>
This commit is contained in:
Steven Zou 2018-08-27 16:18:07 +08:00
parent 141f6056e7
commit 43ecf62c25
4 changed files with 54 additions and 3 deletions

View File

@ -20,6 +20,7 @@ services:
- redis
volumes:
- /data/chart_storage:/chart_storage:z
- ./common/config/chartserver:/etc/chartserver:z
logging:
driver: "syslog"
options:

View File

@ -186,14 +186,16 @@ uaa_verify_cert = true
uaa_ca_cert = /path/to/ca.pem
### Docker Registry setting ###
### Harbor Storage settings ###
#Please be aware that the following storage settings will be applied to both docker registry and helm chart repository.
#registry_storage_provider can be: filesystem, s3, gcs, azure, etc.
registry_storage_provider_name = filesystem
#registry_storage_provider_config is a comma separated "key: value" pairs, e.g. "key1: value, key2: value2".
#To avoid duplicated configurations, both docker registry and chart repository follow the same storage configuration specifications of docker registry.
#Refer to https://docs.docker.com/registry/configuration/#storage for all available configuration.
registry_storage_provider_config =
#registry_custom_ca_bundle is the path to the custom root ca certificate, which will be injected into the truststore
#of registry's container. This is usually needed when the user hosts a internal storage with self signed certificate.
#of registry's and chart repository's containers. This is usually needed when the user hosts a internal storage with self signed certificate.
registry_custom_ca_bundle =
#If reload_config=true, all settings which present in harbor.cfg take effect after prepare and restart harbor, it overwrites exsiting settings.

View File

@ -7,6 +7,22 @@ if [ -d /chart_storage ]; then
chown 10000:10000 -R /chart_storage
fi
# Start the server process
#Config the custom ca bundle
if [ -f /etc/chartserver/custom-ca-bundle.crt ]; then
if grep -q "Photon" /etc/lsb-release; then
if [ ! -f /etc/pki/tls/certs/ca-bundle.crt.original ]; then
cp /etc/pki/tls/certs/ca-bundle.crt /etc/pki/tls/certs/ca-bundle.crt.original
fi
echo "Appending custom ca bundle ..."
cp /etc/pki/tls/certs/ca-bundle.crt.original /etc/pki/tls/certs/ca-bundle.crt
cat /etc/chartserver/custom-ca-bundle.crt >> /etc/pki/tls/certs/ca-bundle.crt
echo "Done."
else
echo "Current OS is not Photon, skip appending ca bundle"
fi
fi
#Start the server process
sudo -E -H -u \#10000 sh -c "/chartserver/chartm" #Parameters are set by ENV
set +e

View File

@ -479,6 +479,14 @@ if storage_provider_name == "filesystem":
# generate storage configuration section in yaml format
storage_provider_conf_list = [storage_provider_name + ':']
for c in storage_provider_config.split(","):
kvs = c.split(": ")
if len(kvs) == 2:
if kvs[0].strip() == "keyfile":
srcKeyFile = kvs[1].strip()
if os.path.isfile(srcKeyFile):
shutil.copyfile(srcKeyFile, os.path.join(registry_config_dir, "gcs.key"))
storage_provider_conf_list.append("keyfile: %s" % "/etc/registry/gcs.key")
continue
storage_provider_conf_list.append(c.strip())
storage_provider_info = ('\n' + ' ' * 4).join(storage_provider_conf_list)
render(os.path.join(templates_dir, "registry", registry_config_file),
@ -695,6 +703,11 @@ if args.chart_mode:
print ("Create config folder: %s" % chartm_config_dir)
os.makedirs(chartm_config_dir)
# handle custom ca bundle
if len(registry_custom_ca_bundle_path) > 0 and os.path.isfile(registry_custom_ca_bundle_path):
shutil.copyfile(registry_custom_ca_bundle_path, os.path.join(chartm_config_dir, "custom-ca-bundle.crt"))
print("Copied custom ca bundle: %s" % os.path.join(chartm_config_dir, "custom-ca-bundle.crt"))
# process redis info
cache_store = "redis"
cache_redis_password = redis_password
@ -726,15 +739,25 @@ if args.chart_mode:
storage_provider_config_options.append("STORAGE_AMAZON_PREFIX=%s" % storgae_provider_confg_map.get("rootdirectory", ""))
storage_provider_config_options.append("STORAGE_AMAZON_REGION=%s" % storgae_provider_confg_map.get("region", ""))
storage_provider_config_options.append("STORAGE_AMAZON_ENDPOINT=%s" % storgae_provider_confg_map.get("regionendpoint", ""))
storage_provider_config_options.append("AWS_ACCESS_KEY_ID=%s" % storgae_provider_confg_map.get("accesskey", ""))
storage_provider_config_options.append("AWS_SECRET_ACCESS_KEY=%s" % storgae_provider_confg_map.get("secretkey", ""))
elif storage_provider_name == "gcs":
# google cloud storage
storage_driver = "google"
storage_provider_config_options.append("STORAGE_GOOGLE_BUCKET=%s" % storgae_provider_confg_map.get("bucket", ""))
storage_provider_config_options.append("STORAGE_GOOGLE_PREFIX=%s" % storgae_provider_confg_map.get("rootdirectory", ""))
keyFileOnHost = storgae_provider_confg_map.get("keyfile", "")
if os.path.isfile(keyFileOnHost):
shutil.copyfile(keyFileOnHost, os.path.join(chartm_config_dir, "gcs.key"))
targetKeyFile = "/etc/chartserver/gcs.key"
storage_provider_config_options.append("GOOGLE_APPLICATION_CREDENTIALS=%s" % targetKeyFile)
elif storage_provider_name == "azure":
# azure storage
storage_driver = "microsoft"
storage_provider_config_options.append("STORAGE_MICROSOFT_CONTAINER=%s" % storgae_provider_confg_map.get("container", ""))
storage_provider_config_options.append("AZURE_STORAGE_ACCOUNT=%s" % storgae_provider_confg_map.get("accountname", ""))
storage_provider_config_options.append("AZURE_STORAGE_ACCESS_KEY=%s" % storgae_provider_confg_map.get("accountkey", ""))
storage_provider_config_options.append("STORAGE_MICROSOFT_PREFIX=/azure/harbor/charts")
elif storage_provider_name == "swift":
# open stack swift
@ -742,12 +765,21 @@ if args.chart_mode:
storage_provider_config_options.append("STORAGE_OPENSTACK_CONTAINER=%s" % storgae_provider_confg_map.get("container", ""))
storage_provider_config_options.append("STORAGE_OPENSTACK_PREFIX=%s" % storgae_provider_confg_map.get("rootdirectory", ""))
storage_provider_config_options.append("STORAGE_OPENSTACK_REGION=%s" % storgae_provider_confg_map.get("region", ""))
storage_provider_config_options.append("OS_AUTH_URL=%s" % storgae_provider_confg_map.get("authurl", ""))
storage_provider_config_options.append("OS_USERNAME=%s" % storgae_provider_confg_map.get("username", ""))
storage_provider_config_options.append("OS_PASSWORD=%s" % storgae_provider_confg_map.get("password", ""))
storage_provider_config_options.append("OS_PROJECT_ID=%s" % storgae_provider_confg_map.get("tenantid", ""))
storage_provider_config_options.append("OS_PROJECT_NAME=%s" % storgae_provider_confg_map.get("tenant", ""))
storage_provider_config_options.append("OS_DOMAIN_ID=%s" % storgae_provider_confg_map.get("domainid", ""))
storage_provider_config_options.append("OS_DOMAIN_NAME=%s" % storgae_provider_confg_map.get("domain", ""))
elif storage_provider_name == "oss":
# aliyun OSS
storage_driver = "alibaba"
storage_provider_config_options.append("STORAGE_ALIBABA_BUCKET=%s" % storgae_provider_confg_map.get("bucket", ""))
storage_provider_config_options.append("STORAGE_ALIBABA_PREFIX=%s" % storgae_provider_confg_map.get("rootdirectory", ""))
storage_provider_config_options.append("STORAGE_ALIBABA_ENDPOINT=%s" % storgae_provider_confg_map.get("endpoint", ""))
storage_provider_config_options.append("ALIBABA_CLOUD_ACCESS_KEY_ID=%s" % storgae_provider_confg_map.get("accesskeyid", ""))
storage_provider_config_options.append("ALIBABA_CLOUD_ACCESS_KEY_SECRET=%s" % storgae_provider_confg_map.get("accesskeysecret", ""))
else:
# use local file system
storage_provider_config_options.append("STORAGE_LOCAL_ROOTDIR=/chart_storage")