mirror of
https://github.com/goharbor/harbor.git
synced 2025-01-09 17:37:44 +01:00
The password to access clair db can be configured in harbor.cfg, skip auto-scan if clair-db is not ready
This commit is contained in:
parent
6f2ff672c4
commit
629cf29850
@ -37,4 +37,5 @@ GODEBUG=netdns=cgo
|
|||||||
ADMIRAL_URL=$admiral_url
|
ADMIRAL_URL=$admiral_url
|
||||||
WITH_NOTARY=$with_notary
|
WITH_NOTARY=$with_notary
|
||||||
WITH_CLAIR=$with_clair
|
WITH_CLAIR=$with_clair
|
||||||
|
CLAIR_DB_PASSWORD=$pg_password
|
||||||
RESET=false
|
RESET=false
|
||||||
|
@ -30,6 +30,10 @@ secretkey_path = /data
|
|||||||
#Admiral's url, comment this attribute, or set its value to NA when Harbor is standalone
|
#Admiral's url, comment this attribute, or set its value to NA when Harbor is standalone
|
||||||
admiral_url = NA
|
admiral_url = NA
|
||||||
|
|
||||||
|
#The password of the Clair's postgres database, only effective when Harbor is deployed with Clair.
|
||||||
|
#Please update it before deployment, subsequent update will cause Clair's API server and Harbor unable to access Clair's database.
|
||||||
|
clair_db_password = password
|
||||||
|
|
||||||
#NOTES: The properties between BEGIN INITIAL PROPERTIES and END INITIAL PROPERTIES
|
#NOTES: The properties between BEGIN INITIAL PROPERTIES and END INITIAL PROPERTIES
|
||||||
#only take effect in the first boot, the subsequent changes of these properties
|
#only take effect in the first boot, the subsequent changes of these properties
|
||||||
#should be performed on web ui
|
#should be performed on web ui
|
||||||
|
10
make/prepare
10
make/prepare
@ -153,6 +153,7 @@ if rcp.has_option("configuration", "admiral_url"):
|
|||||||
admiral_url = rcp.get("configuration", "admiral_url")
|
admiral_url = rcp.get("configuration", "admiral_url")
|
||||||
else:
|
else:
|
||||||
admiral_url = ""
|
admiral_url = ""
|
||||||
|
pg_password = rcp.get("configuration", "clair_db_password")
|
||||||
secret_key = get_secret_key(secretkey_path)
|
secret_key = get_secret_key(secretkey_path)
|
||||||
########
|
########
|
||||||
|
|
||||||
@ -225,13 +226,15 @@ render(os.path.join(templates_dir, "adminserver", "env"),
|
|||||||
token_expiration=token_expiration,
|
token_expiration=token_expiration,
|
||||||
admiral_url=admiral_url,
|
admiral_url=admiral_url,
|
||||||
with_notary=args.notary_mode,
|
with_notary=args.notary_mode,
|
||||||
with_clair=args.clair_mode
|
with_clair=args.clair_mode,
|
||||||
|
pg_password=pg_password
|
||||||
)
|
)
|
||||||
|
|
||||||
render(os.path.join(templates_dir, "ui", "env"),
|
render(os.path.join(templates_dir, "ui", "env"),
|
||||||
ui_conf_env,
|
ui_conf_env,
|
||||||
ui_secret=ui_secret,
|
ui_secret=ui_secret,
|
||||||
jobservice_secret=jobservice_secret,)
|
jobservice_secret=jobservice_secret,
|
||||||
|
)
|
||||||
|
|
||||||
render(os.path.join(templates_dir, "registry",
|
render(os.path.join(templates_dir, "registry",
|
||||||
"config.yml"),
|
"config.yml"),
|
||||||
@ -370,11 +373,10 @@ if args.notary_mode:
|
|||||||
render(os.path.join(notary_temp_dir, "signer_env"), os.path.join(notary_config_dir, "signer_env"), alias = default_alias)
|
render(os.path.join(notary_temp_dir, "signer_env"), os.path.join(notary_config_dir, "signer_env"), alias = default_alias)
|
||||||
|
|
||||||
if args.clair_mode:
|
if args.clair_mode:
|
||||||
pg_password = "password"
|
|
||||||
clair_temp_dir = os.path.join(templates_dir, "clair")
|
clair_temp_dir = os.path.join(templates_dir, "clair")
|
||||||
clair_config_dir = prep_conf_dir(config_dir, "clair")
|
clair_config_dir = prep_conf_dir(config_dir, "clair")
|
||||||
print("Copying offline data file for clair DB")
|
|
||||||
if os.path.exists(os.path.join(clair_config_dir, "postgresql-init.d")):
|
if os.path.exists(os.path.join(clair_config_dir, "postgresql-init.d")):
|
||||||
|
print("Copying offline data file for clair DB")
|
||||||
shutil.rmtree(os.path.join(clair_config_dir, "postgresql-init.d"))
|
shutil.rmtree(os.path.join(clair_config_dir, "postgresql-init.d"))
|
||||||
shutil.copytree(os.path.join(clair_temp_dir, "postgresql-init.d"), os.path.join(clair_config_dir, "postgresql-init.d"))
|
shutil.copytree(os.path.join(clair_temp_dir, "postgresql-init.d"), os.path.join(clair_config_dir, "postgresql-init.d"))
|
||||||
postgres_env = os.path.join(clair_config_dir, "postgres_env")
|
postgres_env = os.path.join(clair_config_dir, "postgres_env")
|
||||||
|
@ -45,6 +45,7 @@ var (
|
|||||||
common.LDAPSearchPwd,
|
common.LDAPSearchPwd,
|
||||||
common.MySQLPassword,
|
common.MySQLPassword,
|
||||||
common.AdminInitialPassword,
|
common.AdminInitialPassword,
|
||||||
|
common.ClairDBPassword,
|
||||||
}
|
}
|
||||||
|
|
||||||
// all configurations need read from environment variables
|
// all configurations need read from environment variables
|
||||||
@ -120,6 +121,7 @@ var (
|
|||||||
env: "WITH_CLAIR",
|
env: "WITH_CLAIR",
|
||||||
parse: parseStringToBool,
|
parse: parseStringToBool,
|
||||||
},
|
},
|
||||||
|
common.ClairDBPassword: "CLAIR_DB_PASSWORD",
|
||||||
}
|
}
|
||||||
|
|
||||||
// configurations need read from environment variables
|
// configurations need read from environment variables
|
||||||
@ -144,6 +146,7 @@ var (
|
|||||||
env: "WITH_CLAIR",
|
env: "WITH_CLAIR",
|
||||||
parse: parseStringToBool,
|
parse: parseStringToBool,
|
||||||
},
|
},
|
||||||
|
common.ClairDBPassword: "CLAIR_DB_PASSWORD",
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -66,6 +66,7 @@ const (
|
|||||||
WithNotary = "with_notary"
|
WithNotary = "with_notary"
|
||||||
WithClair = "with_clair"
|
WithClair = "with_clair"
|
||||||
ScanAllPolicy = "scan_all_policy"
|
ScanAllPolicy = "scan_all_policy"
|
||||||
|
ClairDBPassword = "clair_db_password"
|
||||||
|
|
||||||
DefaultClairEndpoint = "http://clair:6060"
|
DefaultClairEndpoint = "http://clair:6060"
|
||||||
)
|
)
|
||||||
|
@ -43,13 +43,13 @@ type Database interface {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// InitClairDB ...
|
// InitClairDB ...
|
||||||
func InitClairDB() error {
|
func InitClairDB(password string) error {
|
||||||
//TODO: Read from env vars.
|
//Except for password other information will not be configurable, so keep it hard coded for 1.2.0.
|
||||||
p := &pgsql{
|
p := &pgsql{
|
||||||
host: "postgres",
|
host: "postgres",
|
||||||
port: 5432,
|
port: 5432,
|
||||||
usr: "postgres",
|
usr: "postgres",
|
||||||
pwd: "password",
|
pwd: password,
|
||||||
database: "postgres",
|
database: "postgres",
|
||||||
sslmode: false,
|
sslmode: false,
|
||||||
}
|
}
|
||||||
|
@ -358,12 +358,20 @@ func ClairEndpoint() string {
|
|||||||
return common.DefaultClairEndpoint
|
return common.DefaultClairEndpoint
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// ClairDBPassword returns the password for accessing Clair's DB.
|
||||||
|
func ClairDBPassword() (string, error) {
|
||||||
|
cfg, err := mg.Get()
|
||||||
|
if err != nil {
|
||||||
|
return "", err
|
||||||
|
}
|
||||||
|
return cfg[common.ClairDBPassword].(string), nil
|
||||||
|
}
|
||||||
|
|
||||||
// AdmiralEndpoint returns the URL of admiral, if Harbor is not deployed with admiral it should return an empty string.
|
// AdmiralEndpoint returns the URL of admiral, if Harbor is not deployed with admiral it should return an empty string.
|
||||||
func AdmiralEndpoint() string {
|
func AdmiralEndpoint() string {
|
||||||
cfg, err := mg.Get()
|
cfg, err := mg.Get()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Errorf("Failed to get configuration, will return empty string as admiral's endpoint, error: %v", err)
|
log.Errorf("Failed to get configuration, will return empty string as admiral's endpoint, error: %v", err)
|
||||||
|
|
||||||
return ""
|
return ""
|
||||||
}
|
}
|
||||||
if e, ok := cfg[common.AdmiralEndpoint].(string); !ok || e == "NA" {
|
if e, ok := cfg[common.AdmiralEndpoint].(string); !ok || e == "NA" {
|
||||||
|
@ -92,7 +92,11 @@ func main() {
|
|||||||
log.Fatalf("failed to initialize database: %v", err)
|
log.Fatalf("failed to initialize database: %v", err)
|
||||||
}
|
}
|
||||||
if config.WithClair() {
|
if config.WithClair() {
|
||||||
if err := dao.InitClairDB(); err != nil {
|
clairDBPassword, err := config.ClairDBPassword()
|
||||||
|
if err != nil {
|
||||||
|
log.Fatalf("failed to load clair database information: %v", err)
|
||||||
|
}
|
||||||
|
if err := dao.InitClairDB(clairDBPassword); err != nil {
|
||||||
log.Fatalf("failed to initialize clair database: %v", err)
|
log.Fatalf("failed to initialize clair database: %v", err)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -22,6 +22,7 @@ import (
|
|||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/vmware/harbor/src/common/dao"
|
"github.com/vmware/harbor/src/common/dao"
|
||||||
|
clairdao "github.com/vmware/harbor/src/common/dao/clair"
|
||||||
"github.com/vmware/harbor/src/common/models"
|
"github.com/vmware/harbor/src/common/models"
|
||||||
"github.com/vmware/harbor/src/common/utils"
|
"github.com/vmware/harbor/src/common/utils"
|
||||||
"github.com/vmware/harbor/src/common/utils/log"
|
"github.com/vmware/harbor/src/common/utils/log"
|
||||||
@ -105,8 +106,14 @@ func (n *NotificationHandler) Post() {
|
|||||||
}()
|
}()
|
||||||
|
|
||||||
go api.TriggerReplicationByRepository(pro.ProjectID, repository, []string{tag}, models.RepOpTransfer)
|
go api.TriggerReplicationByRepository(pro.ProjectID, repository, []string{tag}, models.RepOpTransfer)
|
||||||
|
|
||||||
if autoScanEnabled(project) {
|
if autoScanEnabled(project) {
|
||||||
if err := uiutils.TriggerImageScan(repository, tag); err != nil {
|
last, err := clairdao.GetLastUpdate()
|
||||||
|
if err != nil {
|
||||||
|
log.Errorf("Failed to get last update from Clair DB, error: %v, the auto scan will be skipped.", err)
|
||||||
|
} else if last == 0 {
|
||||||
|
log.Infof("The Vulnerability data is not ready in Clair DB, the auto scan will be skipped.", err)
|
||||||
|
} else if err := uiutils.TriggerImageScan(repository, tag); err != nil {
|
||||||
log.Warningf("Failed to scan image, repository: %s, tag: %s, error: %v", repository, tag, err)
|
log.Warningf("Failed to scan image, repository: %s, tag: %s, error: %v", repository, tag, err)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user