Merge pull request #831 from hainingzhang/dev

update harbor.cfg & CHANGELOG

CHANGELOG.md

@@ -2,6 +2,7 @@
 
 ## v0.4.0 (2016-09-23)
 
+- Database schema changed, data migration/upgrade is needed for previous version.
 - A project can be deleted when no images and policies are under it.
 - Deleted users can be recreated.
 - Replication policy can be deleted.
@@ -22,6 +23,7 @@
 
 ## v0.3.0 (2016-07-15)
 
+- Database schema changed, data migration/upgrade is needed for previous version.
 - New UI
 - Image replication across multiple registry instances
 - Integration with registry v2.4.0 to support image deletion and garbage collection

Deploy/harbor.cfg

@@ -16,7 +16,9 @@ email_password = abc
 email_from = admin <sample_admin@mydomain.com>
 email_ssl = false
 
-##The password of Harbor admin, change this before any production use.
+##The initial password of Harbor admin, only works for the first time when Harbor starts. 
+#It has no effect after the first launch of Harbor.
+#Change the admin password from UI after launching Harbor.
 harbor_admin_password = Harbor12345
 
 ##By default the auth mode is db_auth, i.e. the credentials are stored in a local database.
@@ -26,24 +28,23 @@ auth_mode = db_auth
 #The url for an ldap endpoint.
 ldap_url = ldaps://ldap.mydomain.com
 
-#ldap_searchdn, set the user who has the permission to search the LDAP/AD server. If your ldap/AD server does not support anonymous search, you should configure it and ldap_search_pwd.
+#A user's DN who has the permission to search the LDAP/AD server. 
-#ldap_searchdn = cn=admin,ou=people,dc=mydomain,dc=com
+#If your LDAP/AD server does not support anonymous search, you should configure this DN and ldap_search_pwd.
+#ldap_searchdn = uid=searchuser,ou=people,dc=mydomain,dc=com
 
 #the password of the ldap_searchdn
-#ldap_search_pwd = admin
+#ldap_search_pwd = password
 
-#The basedn template to look up a user in LDAP and verify the user's password.
+#The base DN from which to look up a user in LDAP/AD
-#For AD server, uses this template:
-#ldap_basedn = CN=%s,OU=Dept1,DC=mydomain,DC=com
 ldap_basedn = ou=people,dc=mydomain,dc=com
 
-#ldap filter, set the attribute to filter a user, you can add as many as you need, be sure the grammar is right. If needed, configure it.
+#Search filter for LDAP/AD, make sure the syntax of the filter is correct.
-#ldap_filter = objectClass=person
+#ldap_filter = (objectClass=person)
 
-#the exclusive attribute to distinguish a user, it can be uid or cn or mail or email or sAMAccountName, for example: ldap_uid = uid  
+# The attribute used in a search to match a user, it could be uid, cn, email, sAMAccountName or other attributes depending on your LDAP/AD  
 ldap_uid = uid 
 
-#ldap_scope, set the scope to search, 1-LDAP_SCOPE_BASE, 2-LDAP_SCOPE_ONELEVEL, 3-LDAP_SCOPE_SUBTREE, default is 3
+#the scope to search for users, 1-LDAP_SCOPE_BASE, 2-LDAP_SCOPE_ONELEVEL, 3-LDAP_SCOPE_SUBTREE
 ldap_scope = 3 
 
 #The password for the root user of mysql db, change this before any production use.
@@ -59,11 +60,12 @@ use_compressed_js = on
 #Maximum number of job workers in job service  
 max_job_workers = 3 
 
-#Secret key for encryption/decryption, its length has to be 16 chars
+#Secret key for encryption/decryption of password of remote registry, its length has to be 16 chars
 #**NOTE** if this changes, previously encrypted password will not be decrypted!
+#Change this key before any production use.
 secret_key = secretkey1234567
 
-#The expiration of token used by token service, default is 30 minutes
+#The expiration time (in minute) of token created by token service, default is 30 minutes
 token_expiration = 30
 
 #Determine whether the job service should verify the ssl cert when it connects to a remote registry.