Upstream/harbor
1
0
Fork 0
mirror of https://github.com/goharbor/harbor.git synced 2024-11-28 21:25:55 +01:00
Code Issues Projects Releases Wiki Activity

Fix permission issue on VIC appliance

Browse Source 
The job logs directory's permission is not changed by prepare script
because the everything is moved from /data to /storage/data on VIC
appliance.  This commit will make sure both cases the directory is
readable by user 10000:10000.
This PR also makes sure the config json of notary signer has 0644
permission.
This commit is contained in:
Tan Jiang 2018-05-06 22:02:19 +08:00
parent 86dddf444a
commit 5ff07cf619
1 changed files with 12 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
make/prepare
View File

@ -20,7 +20,6 @@ if sys.version_info[:3][0] == 3:
import io as StringIO import io as StringIO
DATA_VOL = "/data" DATA_VOL = "/data"
JOB_LOG_DIR = os.path.join(DATA_VOL, "job_logs")
def validate(conf, args): def validate(conf, args):
if args.ha_mode: if args.ha_mode:
@ -182,10 +181,6 @@ def delfile(src):
itemsrc=os.path.join(src,item) itemsrc=os.path.join(src,item)
delfile(itemsrc) delfile(itemsrc)
if not os.path.exists(JOB_LOG_DIR):
os.makedirs(JOB_LOG_DIR)
mark_file(JOB_LOG_DIR, mode=0o755)
parser = argparse.ArgumentParser() parser = argparse.ArgumentParser()
parser.add_argument('--conf', dest='cfgfile', default=base_dir+'/harbor.cfg',type=str,help="the path of Harbor configuration file") parser.add_argument('--conf', dest='cfgfile', default=base_dir+'/harbor.cfg',type=str,help="the path of Harbor configuration file")
parser.add_argument('--with-notary', dest='notary_mode', default=False, action='store_true', help="the Harbor instance is to be deployed with notary") parser.add_argument('--with-notary', dest='notary_mode', default=False, action='store_true', help="the Harbor instance is to be deployed with notary")
@ -319,6 +314,14 @@ jobservice_url = "http://jobservice:8080"
clair_url = "http://clair:6060" clair_url = "http://clair:6060"
notary_url = "http://notary-server:4443" notary_url = "http://notary-server:4443"
if len(admiral_url) != 0 and admiral_url != "NA":
#VIC overwrites the data volume path, which by default should be same as the value of secretkey_path
DATA_VOL = secretkey_path
JOB_LOG_DIR = os.path.join(DATA_VOL, "job_logs")
if not os.path.exists(JOB_LOG_DIR):
os.makedirs(JOB_LOG_DIR)
mark_file(JOB_LOG_DIR, mode=0o755)
if protocol == "https": if protocol == "https":
target_cert_path = os.path.join(cert_dir, os.path.basename(cert_path)) target_cert_path = os.path.join(cert_dir, os.path.basename(cert_path))
if not os.path.exists(cert_dir): if not os.path.exists(cert_dir):
@ -553,7 +556,9 @@ if args.notary_mode:
mark_file(os.path.join(notary_config_dir, "notary-signer-ca.crt")) mark_file(os.path.join(notary_config_dir, "notary-signer-ca.crt"))
mark_file(os.path.join(notary_config_dir, "root.crt")) mark_file(os.path.join(notary_config_dir, "root.crt"))
print("Copying notary signer configuration file") print("Copying notary signer configuration file")
shutil.copy2(os.path.join(notary_temp_dir, "signer-config.postgres.json"), notary_config_dir) #Call render instead of copy so the umask will take effect to mark the file as 0644
render(os.path.join(notary_temp_dir, "signer-config.postgres.json"),
os.path.join(notary_config_dir, "signer-config.postgres.json"))
render(os.path.join(notary_temp_dir, "server-config.postgres.json"), render(os.path.join(notary_temp_dir, "server-config.postgres.json"),
os.path.join(notary_config_dir, "server-config.postgres.json"), os.path.join(notary_config_dir, "server-config.postgres.json"),
token_endpoint=public_url) token_endpoint=public_url)