mirror of
https://github.com/goharbor/harbor.git
synced 2025-01-18 13:41:21 +01:00
fix bugs
This commit is contained in:
parent
c4015355ce
commit
679875e67e
@ -2,7 +2,7 @@
|
|||||||
|
|
||||||
#The IP address or hostname to access admin UI and registry service.
|
#The IP address or hostname to access admin UI and registry service.
|
||||||
#DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
|
#DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
|
||||||
hostname = reg.mydomain.com
|
hostname = localhost
|
||||||
|
|
||||||
#The protocol for accessing the UI and token/notification service, by default it is http.
|
#The protocol for accessing the UI and token/notification service, by default it is http.
|
||||||
#It can be set to https if ssl is enabled on nginx.
|
#It can be set to https if ssl is enabled on nginx.
|
||||||
@ -38,9 +38,11 @@ self_registration = on
|
|||||||
customize_crt = on
|
customize_crt = on
|
||||||
|
|
||||||
#fill in your certicate message
|
#fill in your certicate message
|
||||||
crt_countryname = CN
|
crt_country = CN
|
||||||
crt_state = State
|
crt_state = State
|
||||||
crt_name = name
|
crt_location = CN
|
||||||
crt_organizationname = organization name
|
crt_organization = organization
|
||||||
crt_organizationalunitname = organizational unit name
|
crt_organizationalunit = organizational unit
|
||||||
|
crt_commonname = example.com
|
||||||
|
crt_email = example@example.com
|
||||||
#####
|
#####
|
||||||
|
@ -36,11 +36,13 @@ ldap_basedn = rcp.get("configuration", "ldap_basedn")
|
|||||||
db_password = rcp.get("configuration", "db_password")
|
db_password = rcp.get("configuration", "db_password")
|
||||||
self_registration = rcp.get("configuration", "self_registration")
|
self_registration = rcp.get("configuration", "self_registration")
|
||||||
customize_crt = rcp.get("configuration", "customize_crt")
|
customize_crt = rcp.get("configuration", "customize_crt")
|
||||||
crt_countryname = rcp.get("configuration", "crt_countryname")
|
crt_country = rcp.get("configuration", "crt_country")
|
||||||
crt_state = rcp.get("configuration", "crt_state")
|
crt_state = rcp.get("configuration", "crt_state")
|
||||||
crt_name = rcp.get("configuration", "crt_name")
|
crt_location = rcp.get("configuration", "crt_location")
|
||||||
crt_organizationname = rcp.get("configuration", "crt_organizationname")
|
crt_organization = rcp.get("configuration", "crt_organization")
|
||||||
crt_organizationalunitname = rcp.get("configuration", "crt_organizationalunitname")
|
crt_organizationalunit = rcp.get("configuration", "crt_organizationalunit")
|
||||||
|
crt_commonname = rcp.get("configuration", "crt_commonname")
|
||||||
|
crt_email = rcp.get("configuration", "crt_email")
|
||||||
########
|
########
|
||||||
|
|
||||||
base_dir = os.path.dirname(__file__)
|
base_dir = os.path.dirname(__file__)
|
||||||
@ -103,41 +105,58 @@ render(os.path.join(templates_dir, "db", "env"),
|
|||||||
db_conf_env,
|
db_conf_env,
|
||||||
db_password=db_password)
|
db_password=db_password)
|
||||||
|
|
||||||
|
def validate_crt_subj(dirty_subj):
|
||||||
|
subj_list = [item for item in dirty_subj.strip().split("/") \
|
||||||
|
if len(item.split("=")) == 2 and len(item.split("=")[1]) > 0]
|
||||||
|
return "/" + "/".join(subj_list)
|
||||||
|
|
||||||
|
FNULL = open(os.devnull, 'w')
|
||||||
|
|
||||||
|
from functools import wraps
|
||||||
|
def stat_decorator(func):
|
||||||
|
#@wraps(func)
|
||||||
|
def check_wrapper(*args, **kwargs):
|
||||||
|
stat = func(*args, **kwargs)
|
||||||
|
message = "Generated configuration file: %s" % kwargs['path'] \
|
||||||
|
if stat == 0 else "Fail to generate %s" % kwargs['path']
|
||||||
|
print(message)
|
||||||
|
if stat != 0:
|
||||||
|
sys.exit(1)
|
||||||
|
return check_wrapper
|
||||||
|
|
||||||
|
@stat_decorator
|
||||||
|
def check_private_key_stat(*args, **kwargs):
|
||||||
|
return subprocess.call(["openssl", "genrsa", "-out", kwargs['path'], "4096"],\
|
||||||
|
stdout=FNULL, stderr=subprocess.STDOUT)
|
||||||
|
|
||||||
|
@stat_decorator
|
||||||
|
def check_certificate_stat(*args, **kwargs):
|
||||||
|
dirty_subj = "/C={0}/ST={1}/L={2}/O={3}/OU={4}/CN={5}/emailAddress={6}"\
|
||||||
|
.format(crt_country, crt_state, crt_location, crt_organization,\
|
||||||
|
crt_organizationalunit, crt_commonname, crt_email)
|
||||||
|
subj = validate_crt_subj(dirty_subj)
|
||||||
|
return subprocess.call(["openssl", "req", "-new", "-x509", "-key",\
|
||||||
|
private_key_pem, "-out", root_crt, "-days", "3650", "-subj", subj], \
|
||||||
|
stdout=FNULL, stderr=subprocess.STDOUT)
|
||||||
|
|
||||||
|
def openssl_is_installed(stat):
|
||||||
|
if stat == 0:
|
||||||
|
return True
|
||||||
|
else:
|
||||||
|
print("Cannot find openssl installed in this computer\nUse default SSL certificate file")
|
||||||
|
return False
|
||||||
|
|
||||||
if customize_crt == 'on':
|
if customize_crt == 'on':
|
||||||
import subprocess
|
import subprocess
|
||||||
is_fail = False
|
shell_stat = subprocess.check_call(["which", "openssl"], stdout=FNULL, stderr=subprocess.STDOUT)
|
||||||
FNULL = open(os.devnull, 'w')
|
if openssl_is_installed(shell_stat):
|
||||||
shell_status = subprocess.check_call(["which", "openssl"], stdout=FNULL, stderr=subprocess.STDOUT)
|
|
||||||
if shell_status == 1:
|
|
||||||
print("cannot find openssl installed in this computer.")
|
|
||||||
is_fail = True
|
|
||||||
else:
|
|
||||||
private_key_pem = os.path.join(config_dir, "ui", "private_key.pem")
|
private_key_pem = os.path.join(config_dir, "ui", "private_key.pem")
|
||||||
root_crt = os.path.join(config_dir, "registry", "root.crt")
|
root_crt = os.path.join(config_dir, "registry", "root.crt")
|
||||||
crt_conf_files = [ private_key_pem, root_crt ]
|
crt_conf_files = [ private_key_pem, root_crt ]
|
||||||
rmdir(crt_conf_files)
|
rmdir(crt_conf_files)
|
||||||
shell_status = subprocess.call(["openssl", "genrsa", "-out", private_key_pem, "4096"],\
|
|
||||||
stdout=FNULL, stderr=subprocess.STDOUT)
|
check_private_key_stat(path=private_key_pem)
|
||||||
if shell_status == 0:
|
check_certificate_stat(path=root_crt)
|
||||||
print("private_key.pem has been generated in %s/ui" % config_dir)
|
|
||||||
else:
|
FNULL.close()
|
||||||
print("gennerate private_key.pem fail.")
|
|
||||||
is_fail = True
|
|
||||||
subj = "/C={0}/ST={1}/L={2}/O={3}/OU={4}"\
|
|
||||||
.format(crt_countryname, crt_state, crt_name, crt_organizationname, crt_organizationalunitname)
|
|
||||||
shell_status = subprocess.call(["openssl", "req", "-new", "-x509", "-key",\
|
|
||||||
private_key_pem, "-out", root_crt, "-days", "3650", "-subj", subj], \
|
|
||||||
stdout=FNULL, stderr=subprocess.STDOUT)
|
|
||||||
if shell_status == 0:
|
|
||||||
print("root.crt has been generated in %s/registry" % config_dir)
|
|
||||||
else:
|
|
||||||
print("gennerate root.crt fail.")
|
|
||||||
is_fail = True
|
|
||||||
FNULL.close()
|
|
||||||
try:
|
|
||||||
if is_fail is True:
|
|
||||||
print("some problems occur.")
|
|
||||||
sys.exit(1)
|
|
||||||
except Exception as e:
|
|
||||||
pass
|
|
||||||
print("The configuration files are ready, please use docker-compose to start the service.")
|
print("The configuration files are ready, please use docker-compose to start the service.")
|
||||||
|
Loading…
Reference in New Issue
Block a user