mirror of
https://github.com/goharbor/harbor.git
synced 2024-11-26 20:26:13 +01:00
remove prepare file of shell version& let shell run silently
This commit is contained in:
saga92
parent
d91b33fcd0
commit
4d9d46ffc4
@ -2,45 +2,45 @@
|
||||
|
||||
#The IP address or hostname to access admin UI and registry service.
|
||||
#DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
|
||||
hostname="reg.mydomain.com"
|
||||
hostname = reg.mydomain.com
|
||||
|
||||
#The protocol for accessing the UI and token/notification service, by default it is http.
|
||||
#It can be set to https if ssl is enabled on nginx.
|
||||
ui_url_protocol="http"
|
||||
ui_url_protocol = http
|
||||
|
||||
#Email account settings for sending out password resetting emails.
|
||||
email_server="smtp.mydomain.com"
|
||||
email_server_port="25"
|
||||
email_username="sample_admin@mydomain.com"
|
||||
email_password="abc"
|
||||
email_from="admin <sample_admin@mydomain.com>"
|
||||
email_server = smtp.mydomain.com
|
||||
email_server_port = 25
|
||||
email_username = sample_admin@mydomain.com
|
||||
email_password = abc
|
||||
email_from = admin <sample_admin@mydomain.com>
|
||||
|
||||
##The password of Harbor admin, change this before any production use.
|
||||
harbor_admin_password="Harbor12345"
|
||||
harbor_admin_password = Harbor12345
|
||||
|
||||
##By default the auth mode is db_auth, i.e. the credentials are stored in a local database.
|
||||
#Set it to ldap_auth if you want to verify a user's credentials against an LDAP server.
|
||||
auth_mode="db_auth"
|
||||
auth_mode = db_auth
|
||||
|
||||
#The url for an ldap endpoint.
|
||||
ldap_url="ldaps://ldap.mydomain.com"
|
||||
ldap_url = ldaps://ldap.mydomain.com
|
||||
|
||||
#The basedn template to look up a user in LDAP and verify the user's password.
|
||||
ldap_basedn="uid=%s,ou=people,dc=mydomain,dc=com"
|
||||
ldap_basedn = uid=%s,ou=people,dc=mydomain,dc=com
|
||||
|
||||
#The password for the root user of mysql db, change this before any production use.
|
||||
db_password="root123"
|
||||
db_password = root123
|
||||
|
||||
#Turn on or off the self-registration feature
|
||||
self_registration="on"
|
||||
self_registration = on
|
||||
|
||||
#Turn on or off the custom-generate token
|
||||
customize_token="on"
|
||||
#Turn on or off the customize your certicate
|
||||
customize_crt = on
|
||||
|
||||
#token message
|
||||
crt_countryname="CN"
|
||||
crt_state="State"
|
||||
crt_name="name"
|
||||
crt_organizationname="organization name"
|
||||
crt_organizationalunitname="organizational unit name"
|
||||
#fill in your certicate message
|
||||
crt_countryname = CN
|
||||
crt_state = State
|
||||
crt_name = name
|
||||
crt_organizationname = organization name
|
||||
crt_organizationalunitname = organizational unit name
|
||||
#####
|
||||
|
||||
@ -22,25 +22,25 @@ conf.seek(0, os.SEEK_SET)
|
||||
rcp = ConfigParser.RawConfigParser()
|
||||
rcp.readfp(conf)
|
||||
|
||||
hostname = rcp.get("configuration", "hostname").strip('"')
|
||||
ui_url = rcp.get("configuration", "ui_url_protocol").strip('"') + "://" + hostname
|
||||
email_server = rcp.get("configuration", "email_server").strip('"')
|
||||
email_server_port = rcp.get("configuration", "email_server_port").strip('"')
|
||||
email_username = rcp.get("configuration", "email_username").strip('"')
|
||||
email_password = rcp.get("configuration", "email_password").strip('"')
|
||||
email_from = rcp.get("configuration", "email_from").strip('"')
|
||||
harbor_admin_password = rcp.get("configuration", "harbor_admin_password").strip('"')
|
||||
auth_mode = rcp.get("configuration", "auth_mode").strip('"')
|
||||
ldap_url = rcp.get("configuration", "ldap_url").strip('"')
|
||||
ldap_basedn = rcp.get("configuration", "ldap_basedn").strip('"')
|
||||
db_password = rcp.get("configuration", "db_password").strip('"')
|
||||
self_registration = rcp.get("configuration", "self_registration").strip('"')
|
||||
customize_token = rcp.get("configuration", "customize_token").strip('"')
|
||||
crt_countryname = rcp.get("configuration", "crt_countryname").strip('"')
|
||||
crt_state = rcp.get("configuration", "crt_state").strip('"')
|
||||
crt_name = rcp.get("configuration", "crt_name").strip('"')
|
||||
crt_organizationname = rcp.get("configuration", "crt_organizationname").strip('"')
|
||||
crt_organizationalunitname = rcp.get("configuration", "crt_organizationalunitname").strip('"')
|
||||
hostname = rcp.get("configuration", "hostname")
|
||||
ui_url = rcp.get("configuration", "ui_url_protocol") + "://" + hostname
|
||||
email_server = rcp.get("configuration", "email_server")
|
||||
email_server_port = rcp.get("configuration", "email_server_port")
|
||||
email_username = rcp.get("configuration", "email_username")
|
||||
email_password = rcp.get("configuration", "email_password")
|
||||
email_from = rcp.get("configuration", "email_from")
|
||||
harbor_admin_password = rcp.get("configuration", "harbor_admin_password")
|
||||
auth_mode = rcp.get("configuration", "auth_mode")
|
||||
ldap_url = rcp.get("configuration", "ldap_url")
|
||||
ldap_basedn = rcp.get("configuration", "ldap_basedn")
|
||||
db_password = rcp.get("configuration", "db_password")
|
||||
self_registration = rcp.get("configuration", "self_registration")
|
||||
customize_crt = rcp.get("configuration", "customize_crt")
|
||||
crt_countryname = rcp.get("configuration", "crt_countryname")
|
||||
crt_state = rcp.get("configuration", "crt_state")
|
||||
crt_name = rcp.get("configuration", "crt_name")
|
||||
crt_organizationname = rcp.get("configuration", "crt_organizationname")
|
||||
crt_organizationalunitname = rcp.get("configuration", "crt_organizationalunitname")
|
||||
########
|
||||
|
||||
base_dir = os.path.dirname(__file__)
|
||||
@ -103,31 +103,40 @@ render(os.path.join(templates_dir, "db", "env"),
|
||||
db_conf_env,
|
||||
db_password=db_password)
|
||||
|
||||
if customize_token == 'on':
|
||||
is_fail = 0
|
||||
private_key_gem = os.path.join(config_dir, "ui", "private_key.pem")
|
||||
root_crt = os.path.join(config_dir, "registry", "root.crt")
|
||||
token_conf_files = [ private_key_gem, root_crt ]
|
||||
rmdir(token_conf_files)
|
||||
if customize_crt == 'on':
|
||||
import subprocess
|
||||
shell_status = subprocess.call(["openssl", "genrsa", "-out", private_key_gem, "4096"])
|
||||
if shell_status == 0:
|
||||
print("private_key.gem has been generated in %s/ui" % config_dir)
|
||||
is_fail = False
|
||||
FNULL = open(os.devnull, 'w')
|
||||
shell_status = subprocess.check_call(["which", "openssl"], stdout=FNULL, stderr=subprocess.STDOUT)
|
||||
if shell_status == 1:
|
||||
print("cannot find openssl installed in this computer.")
|
||||
is_fail = True
|
||||
else:
|
||||
print("gennerate private_key.gem fail.")
|
||||
is_fail = 1
|
||||
private_key_pem = os.path.join(config_dir, "ui", "private_key.pem")
|
||||
root_crt = os.path.join(config_dir, "registry", "root.crt")
|
||||
crt_conf_files = [ private_key_pem, root_crt ]
|
||||
rmdir(crt_conf_files)
|
||||
shell_status = subprocess.call(["openssl", "genrsa", "-out", private_key_pem, "4096"],\
|
||||
stdout=FNULL, stderr=subprocess.STDOUT)
|
||||
if shell_status == 0:
|
||||
print("private_key.pem has been generated in %s/ui" % config_dir)
|
||||
else:
|
||||
print("gennerate private_key.pem fail.")
|
||||
is_fail = True
|
||||
subj = "/C={0}/ST={1}/L={2}/O={3}/OU={4}"\
|
||||
.format(crt_countryname, crt_state, crt_name, crt_organizationname, crt_organizationalunitname)
|
||||
shell_status = subprocess.call(["openssl", "req", "-new", "-x509", "-key",\
|
||||
private_key_gem, "-out", root_crt, "-days", "3650", "-subj", subj])
|
||||
private_key_pem, "-out", root_crt, "-days", "3650", "-subj", subj], \
|
||||
stdout=FNULL, stderr=subprocess.STDOUT)
|
||||
if shell_status == 0:
|
||||
print("root.crt has been generated in %s/registry" % config_dir)
|
||||
else:
|
||||
print("gennerate root.crt fail.")
|
||||
is_fail = 1
|
||||
is_fail = True
|
||||
FNULL.close()
|
||||
try:
|
||||
if is_fail == 1:
|
||||
print("some problem occurs.")
|
||||
if is_fail is True:
|
||||
print("some problems occur.")
|
||||
sys.exit(1)
|
||||
except Exception as e:
|
||||
pass
|
||||
@ -1,71 +0,0 @@
|
||||
#!/bin/bash
|
||||
# Requires: openssl
|
||||
|
||||
source ./harbor.cfg
|
||||
|
||||
config_path="./config"
|
||||
ui_path="./config/ui"
|
||||
db_path="./config/db"
|
||||
tpl_path="./templates"
|
||||
|
||||
mkdir -p $tpl_path
|
||||
mkdir -p $ui_path $db_path
|
||||
|
||||
declare -a arr=("$ui_path/env" "$ui_path/app.conf" "$config_path/registry/config.yml" "$db_path/env")
|
||||
|
||||
for i in "${arr[@]}"; do
|
||||
if [ -e $i ]; then
|
||||
echo "Clearing the configuration file: "$i
|
||||
rm $i
|
||||
fi
|
||||
done
|
||||
|
||||
source $tpl_path/ui/app.conf > $ui_path/app.conf
|
||||
echo "Generated configuration file: "$ui_path/app.conf
|
||||
|
||||
source $tpl_path/ui/env > $ui_path/env
|
||||
echo "Generated configuration file: "$ui_path/env
|
||||
|
||||
source $tpl_path/db/env > $config_path/db/env
|
||||
echo "Generated configuration file: "$config_path/db/env
|
||||
|
||||
source $tpl_path/registry/config.yml > $config_path/registry/config.yml
|
||||
echo "Generated configuration file: "$config_path/registry/config.yml
|
||||
|
||||
is_fail=0
|
||||
|
||||
if [ $customize_token == "on" ];then
|
||||
|
||||
if [ -e $ui_path/private_key.pem ]; then
|
||||
echo "clearing the origin private_key.pem in "$ui_pth
|
||||
rm $ui_path/private_key.pem
|
||||
fi
|
||||
openssl genrsa -out $ui_path/private_key.pem 4096
|
||||
if [ -e $ui_path/private_key.pem ]; then
|
||||
echo "private_key.gem has been generated in "$ui_path
|
||||
else echo "generate private_key.gem fail."
|
||||
is_fail=1
|
||||
fi
|
||||
|
||||
if [ -e $config_path/registry/root.crt ]; then
|
||||
echo "clearing the origin root.crt in "$config_path"/registry"
|
||||
rm $config_path/registry/root.crt
|
||||
fi
|
||||
|
||||
openssl req -new -x509 -key $ui_path/private_key.pem -out $config_path/registry/root.crt -days 3650 \
|
||||
-subj "/C=$crt_countryname/ST=$crt_state/L=$crt_name/O=$crt_organizationname/OU=$crt_organizationalunitname"
|
||||
if [ -e $config_path/registry/root.crt ]; then
|
||||
echo "root.crt has been generated in "$config_path"/registry"
|
||||
else echo "generate root.crt fail."
|
||||
is_fail=1
|
||||
fi
|
||||
elif [ $customize_token != "off" ]; then
|
||||
echo "wrong args found in customize_token: "$customize_token
|
||||
is_fail=1
|
||||
fi
|
||||
|
||||
if [ $is_fail -eq 0 ];then
|
||||
echo "The configuration files are ready, please use docker-compose to start the service."
|
||||
else
|
||||
echo "some problem occurs."
|
||||
fi
|
||||
@ -1 +1 @@
|
||||
echo "MYSQL_ROOT_PASSWORD=$db_password"
|
||||
MYSQL_ROOT_PASSWORD=$db_password
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
echo "version: 0.1
|
||||
version: 0.1
|
||||
log:
|
||||
level: debug
|
||||
fields:
|
||||
@ -32,4 +32,4 @@ notifications:
|
||||
url: http://ui/service/notifications
|
||||
timeout: 500
|
||||
threshold: 5
|
||||
backoff: 1000"
|
||||
backoff: 1000
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
echo "appname = registry
|
||||
appname = registry
|
||||
runmode = dev
|
||||
|
||||
[lang]
|
||||
@ -13,4 +13,4 @@ host = $email_server
|
||||
port = $email_server_port
|
||||
username = $email_username
|
||||
password = $email_password
|
||||
from = $email_from"
|
||||
from = $email_from
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
echo "MYSQL_HOST=mysql
|
||||
MYSQL_HOST=mysql
|
||||
MYSQL_PORT=3306
|
||||
MYSQL_USR=root
|
||||
MYSQL_PWD=$db_password
|
||||
@ -11,4 +11,4 @@ AUTH_MODE=$auth_mode
|
||||
LDAP_URL=$ldap_url
|
||||
LDAP_BASE_DN=$ldap_basedn
|
||||
SELF_REGISTRATION=$self_registration
|
||||
LOG_LEVEL=debug"
|
||||
LOG_LEVEL=debug
|
||||
|
||||
Loading…
Reference in New Issue
Block a user