mirror of
https://github.com/goharbor/harbor.git
synced 2025-01-24 08:31:24 +01:00
The password to access clair db can be configured in harbor.cfg, skip auto-scan if clair-db is not ready
This commit is contained in:
parent
6f2ff672c4
commit
629cf29850
@ -37,4 +37,5 @@ GODEBUG=netdns=cgo
|
||||
ADMIRAL_URL=$admiral_url
|
||||
WITH_NOTARY=$with_notary
|
||||
WITH_CLAIR=$with_clair
|
||||
CLAIR_DB_PASSWORD=$pg_password
|
||||
RESET=false
|
||||
|
@ -30,6 +30,10 @@ secretkey_path = /data
|
||||
#Admiral's url, comment this attribute, or set its value to NA when Harbor is standalone
|
||||
admiral_url = NA
|
||||
|
||||
#The password of the Clair's postgres database, only effective when Harbor is deployed with Clair.
|
||||
#Please update it before deployment, subsequent update will cause Clair's API server and Harbor unable to access Clair's database.
|
||||
clair_db_password = password
|
||||
|
||||
#NOTES: The properties between BEGIN INITIAL PROPERTIES and END INITIAL PROPERTIES
|
||||
#only take effect in the first boot, the subsequent changes of these properties
|
||||
#should be performed on web ui
|
||||
|
10
make/prepare
10
make/prepare
@ -153,6 +153,7 @@ if rcp.has_option("configuration", "admiral_url"):
|
||||
admiral_url = rcp.get("configuration", "admiral_url")
|
||||
else:
|
||||
admiral_url = ""
|
||||
pg_password = rcp.get("configuration", "clair_db_password")
|
||||
secret_key = get_secret_key(secretkey_path)
|
||||
########
|
||||
|
||||
@ -225,13 +226,15 @@ render(os.path.join(templates_dir, "adminserver", "env"),
|
||||
token_expiration=token_expiration,
|
||||
admiral_url=admiral_url,
|
||||
with_notary=args.notary_mode,
|
||||
with_clair=args.clair_mode
|
||||
with_clair=args.clair_mode,
|
||||
pg_password=pg_password
|
||||
)
|
||||
|
||||
render(os.path.join(templates_dir, "ui", "env"),
|
||||
ui_conf_env,
|
||||
ui_secret=ui_secret,
|
||||
jobservice_secret=jobservice_secret,)
|
||||
jobservice_secret=jobservice_secret,
|
||||
)
|
||||
|
||||
render(os.path.join(templates_dir, "registry",
|
||||
"config.yml"),
|
||||
@ -370,11 +373,10 @@ if args.notary_mode:
|
||||
render(os.path.join(notary_temp_dir, "signer_env"), os.path.join(notary_config_dir, "signer_env"), alias = default_alias)
|
||||
|
||||
if args.clair_mode:
|
||||
pg_password = "password"
|
||||
clair_temp_dir = os.path.join(templates_dir, "clair")
|
||||
clair_config_dir = prep_conf_dir(config_dir, "clair")
|
||||
print("Copying offline data file for clair DB")
|
||||
if os.path.exists(os.path.join(clair_config_dir, "postgresql-init.d")):
|
||||
print("Copying offline data file for clair DB")
|
||||
shutil.rmtree(os.path.join(clair_config_dir, "postgresql-init.d"))
|
||||
shutil.copytree(os.path.join(clair_temp_dir, "postgresql-init.d"), os.path.join(clair_config_dir, "postgresql-init.d"))
|
||||
postgres_env = os.path.join(clair_config_dir, "postgres_env")
|
||||
|
@ -45,6 +45,7 @@ var (
|
||||
common.LDAPSearchPwd,
|
||||
common.MySQLPassword,
|
||||
common.AdminInitialPassword,
|
||||
common.ClairDBPassword,
|
||||
}
|
||||
|
||||
// all configurations need read from environment variables
|
||||
@ -120,6 +121,7 @@ var (
|
||||
env: "WITH_CLAIR",
|
||||
parse: parseStringToBool,
|
||||
},
|
||||
common.ClairDBPassword: "CLAIR_DB_PASSWORD",
|
||||
}
|
||||
|
||||
// configurations need read from environment variables
|
||||
@ -144,6 +146,7 @@ var (
|
||||
env: "WITH_CLAIR",
|
||||
parse: parseStringToBool,
|
||||
},
|
||||
common.ClairDBPassword: "CLAIR_DB_PASSWORD",
|
||||
}
|
||||
)
|
||||
|
||||
|
@ -66,6 +66,7 @@ const (
|
||||
WithNotary = "with_notary"
|
||||
WithClair = "with_clair"
|
||||
ScanAllPolicy = "scan_all_policy"
|
||||
ClairDBPassword = "clair_db_password"
|
||||
|
||||
DefaultClairEndpoint = "http://clair:6060"
|
||||
)
|
||||
|
@ -43,13 +43,13 @@ type Database interface {
|
||||
}
|
||||
|
||||
// InitClairDB ...
|
||||
func InitClairDB() error {
|
||||
//TODO: Read from env vars.
|
||||
func InitClairDB(password string) error {
|
||||
//Except for password other information will not be configurable, so keep it hard coded for 1.2.0.
|
||||
p := &pgsql{
|
||||
host: "postgres",
|
||||
port: 5432,
|
||||
usr: "postgres",
|
||||
pwd: "password",
|
||||
pwd: password,
|
||||
database: "postgres",
|
||||
sslmode: false,
|
||||
}
|
||||
|
@ -358,12 +358,20 @@ func ClairEndpoint() string {
|
||||
return common.DefaultClairEndpoint
|
||||
}
|
||||
|
||||
// ClairDBPassword returns the password for accessing Clair's DB.
|
||||
func ClairDBPassword() (string, error) {
|
||||
cfg, err := mg.Get()
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
return cfg[common.ClairDBPassword].(string), nil
|
||||
}
|
||||
|
||||
// AdmiralEndpoint returns the URL of admiral, if Harbor is not deployed with admiral it should return an empty string.
|
||||
func AdmiralEndpoint() string {
|
||||
cfg, err := mg.Get()
|
||||
if err != nil {
|
||||
log.Errorf("Failed to get configuration, will return empty string as admiral's endpoint, error: %v", err)
|
||||
|
||||
return ""
|
||||
}
|
||||
if e, ok := cfg[common.AdmiralEndpoint].(string); !ok || e == "NA" {
|
||||
|
@ -92,7 +92,11 @@ func main() {
|
||||
log.Fatalf("failed to initialize database: %v", err)
|
||||
}
|
||||
if config.WithClair() {
|
||||
if err := dao.InitClairDB(); err != nil {
|
||||
clairDBPassword, err := config.ClairDBPassword()
|
||||
if err != nil {
|
||||
log.Fatalf("failed to load clair database information: %v", err)
|
||||
}
|
||||
if err := dao.InitClairDB(clairDBPassword); err != nil {
|
||||
log.Fatalf("failed to initialize clair database: %v", err)
|
||||
}
|
||||
}
|
||||
|
@ -22,6 +22,7 @@ import (
|
||||
"time"
|
||||
|
||||
"github.com/vmware/harbor/src/common/dao"
|
||||
clairdao "github.com/vmware/harbor/src/common/dao/clair"
|
||||
"github.com/vmware/harbor/src/common/models"
|
||||
"github.com/vmware/harbor/src/common/utils"
|
||||
"github.com/vmware/harbor/src/common/utils/log"
|
||||
@ -105,8 +106,14 @@ func (n *NotificationHandler) Post() {
|
||||
}()
|
||||
|
||||
go api.TriggerReplicationByRepository(pro.ProjectID, repository, []string{tag}, models.RepOpTransfer)
|
||||
|
||||
if autoScanEnabled(project) {
|
||||
if err := uiutils.TriggerImageScan(repository, tag); err != nil {
|
||||
last, err := clairdao.GetLastUpdate()
|
||||
if err != nil {
|
||||
log.Errorf("Failed to get last update from Clair DB, error: %v, the auto scan will be skipped.", err)
|
||||
} else if last == 0 {
|
||||
log.Infof("The Vulnerability data is not ready in Clair DB, the auto scan will be skipped.", err)
|
||||
} else if err := uiutils.TriggerImageScan(repository, tag); err != nil {
|
||||
log.Warningf("Failed to scan image, repository: %s, tag: %s, error: %v", repository, tag, err)
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user