From 0110863d2aa916345b288611d7700e88502afbea Mon Sep 17 00:00:00 2001 From: Henry Zhang Date: Thu, 22 Sep 2016 15:12:37 +0800 Subject: [PATCH] update harbor.cfg & CHANGELOG --- CHANGELOG.md | 2 ++ Deploy/harbor.cfg | 28 +++++++++++++++------------- 2 files changed, 17 insertions(+), 13 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c874b4e75..21f1a4227 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,7 @@ ## v0.4.0 (2016-09-23) +- Database schema changed, data migration/upgrade is needed for previous version. - A project can be deleted when no images and policies are under it. - Deleted users can be recreated. - Replication policy can be deleted. @@ -22,6 +23,7 @@ ## v0.3.0 (2016-07-15) +- Database schema changed, data migration/upgrade is needed for previous version. - New UI - Image replication across multiple registry instances - Integration with registry v2.4.0 to support image deletion and garbage collection diff --git a/Deploy/harbor.cfg b/Deploy/harbor.cfg index 0726fbe73..f9f1e9552 100644 --- a/Deploy/harbor.cfg +++ b/Deploy/harbor.cfg @@ -16,7 +16,9 @@ email_password = abc email_from = admin email_ssl = false -##The password of Harbor admin, change this before any production use. +##The initial password of Harbor admin, only works for the first time when Harbor starts. +#It has no effect after the first launch of Harbor. +#Change the admin password from UI after launching Harbor. harbor_admin_password = Harbor12345 ##By default the auth mode is db_auth, i.e. the credentials are stored in a local database. @@ -26,24 +28,23 @@ auth_mode = db_auth #The url for an ldap endpoint. ldap_url = ldaps://ldap.mydomain.com -#ldap_searchdn, set the user who has the permission to search the LDAP/AD server. If your ldap/AD server does not support anonymous search, you should configure it and ldap_search_pwd. -#ldap_searchdn = cn=admin,ou=people,dc=mydomain,dc=com +#A user's DN who has the permission to search the LDAP/AD server. +#If your LDAP/AD server does not support anonymous search, you should configure this DN and ldap_search_pwd. +#ldap_searchdn = uid=searchuser,ou=people,dc=mydomain,dc=com #the password of the ldap_searchdn -#ldap_search_pwd = admin +#ldap_search_pwd = password -#The basedn template to look up a user in LDAP and verify the user's password. -#For AD server, uses this template: -#ldap_basedn = CN=%s,OU=Dept1,DC=mydomain,DC=com +#The base DN from which to look up a user in LDAP/AD ldap_basedn = ou=people,dc=mydomain,dc=com -#ldap filter, set the attribute to filter a user, you can add as many as you need, be sure the grammar is right. If needed, configure it. -#ldap_filter = objectClass=person +#Search filter for LDAP/AD, make sure the syntax of the filter is correct. +#ldap_filter = (objectClass=person) -#the exclusive attribute to distinguish a user, it can be uid or cn or mail or email or sAMAccountName, for example: ldap_uid = uid +# The attribute used in a search to match a user, it could be uid, cn, email, sAMAccountName or other attributes depending on your LDAP/AD ldap_uid = uid -#ldap_scope, set the scope to search, 1-LDAP_SCOPE_BASE, 2-LDAP_SCOPE_ONELEVEL, 3-LDAP_SCOPE_SUBTREE, default is 3 +#the scope to search for users, 1-LDAP_SCOPE_BASE, 2-LDAP_SCOPE_ONELEVEL, 3-LDAP_SCOPE_SUBTREE ldap_scope = 3 #The password for the root user of mysql db, change this before any production use. @@ -59,11 +60,12 @@ use_compressed_js = on #Maximum number of job workers in job service max_job_workers = 3 -#Secret key for encryption/decryption, its length has to be 16 chars +#Secret key for encryption/decryption of password of remote registry, its length has to be 16 chars #**NOTE** if this changes, previously encrypted password will not be decrypted! +#Change this key before any production use. secret_key = secretkey1234567 -#The expiration of token used by token service, default is 30 minutes +#The expiration time (in minute) of token created by token service, default is 30 minutes token_expiration = 30 #Determine whether the job service should verify the ssl cert when it connects to a remote registry.