Merge pull request #1717 from reasonerjt/dev

restrict access to notary db
2017-03-23 11:01:01 +08:00 · 2017-03-23 11:01:01 +08:00 · 6d013531a7
parent 316f815315 1e90b1eab6
commit 6d013531a7
4 changed files with 9 additions and 9 deletions
--- a/8
+++ b/8
@ -84,7 +84,7 @@ NGINXVERSION=1.11.5
 PHOTONVERSION=1.0
 NOTARYVERSION=server-0.5.0
 NOTARYSIGNERVERSION=signer-0.5.0
-MARIADBVERSION=10.1.10
+MARIADBVERSION=mariadb-10.1.10
 HTTPPROXY=

 #clarity parameters
@ -302,10 +302,10 @@ package_offline: compile build modify_composefile
 	@$(DOCKERPULL) registry:$(REGISTRYVERSION)
 	@$(DOCKERPULL) nginx:$(NGINXVERSION)
 	@if [ "$(NOTARYFLAG)" = "true" ] ; then \
-		echo "pulling notary and mariadb..."; \
+		echo "pulling notary and harbor-notary-db..."; \
 		$(DOCKERPULL) vmware/notary-photon:$(NOTARYVERSION); \
 		$(DOCKERPULL) vmware/notary-photon:$(NOTARYSIGNERVERSION); \
-		$(DOCKERPULL) mariadb:$(MARIADBVERSION); \
+		$(DOCKERPULL) vmware/harbor-notary-db:$(MARIADBVERSION); \
 	fi	
 	
 	@echo "saving harbor docker image"
@ -317,7 +317,7 @@ package_offline: compile build modify_composefile
 		$(DOCKERIMAGENAME_DB):$(VERSIONTAG) \
 		$(DOCKERIMAGENAME_JOBSERVICE):$(VERSIONTAG) \
 		nginx:$(NGINXVERSION) registry:$(REGISTRYVERSION) photon:$(PHOTONVERSION) \
-		vmware/notary-photon:$(NOTARYVERSION) vmware/notary-photon:$(NOTARYSIGNERVERSION) mariadb:$(MARIADBVERSION); \
+		vmware/notary-photon:$(NOTARYVERSION) vmware/notary-photon:$(NOTARYSIGNERVERSION) vmware/harbor-notary-db:$(MARIADBVERSION); \
 	else \
 		$(DOCKERSAVE) -o $(HARBORPKG)/$(DOCKERIMGFILE).$(VERSIONTAG).tgz \
 		$(DOCKERIMAGENAME_ADMINSERVER):$(VERSIONTAG) \
--- a/make/common/templates/notary/mysql-initdb.d/initial-notaryserver.sql
+++ b/make/common/templates/notary/mysql-initdb.d/initial-notaryserver.sql
@ -1,7 +1,7 @@
 CREATE DATABASE IF NOT EXISTS `notaryserver`;

-CREATE USER "server"@"%" IDENTIFIED BY "";
+CREATE USER "server"@"notary-server.%" IDENTIFIED BY "";

 GRANT
 	ALL PRIVILEGES ON `notaryserver`.* 
-	TO "server"@"%";
+	TO "server"@"notary-server.%"
--- a/make/common/templates/notary/mysql-initdb.d/initial-notarysigner.sql
+++ b/make/common/templates/notary/mysql-initdb.d/initial-notarysigner.sql
@ -1,7 +1,7 @@
 CREATE DATABASE IF NOT EXISTS `notarysigner`;

-CREATE USER "signer"@"%" IDENTIFIED BY "";
+CREATE USER "signer"@"notary-signer.%" IDENTIFIED BY "";

 GRANT
 	ALL PRIVILEGES ON `notarysigner`.* 
-	TO "signer"@"%";
+	TO "signer"@"notary-signer.%";
--- a/make/docker-compose.notary.yml
+++ b/make/docker-compose.notary.yml
@ -47,7 +47,7 @@ services:
        syslog-address: "tcp://127.0.0.1:1514"
        tag: "notary-signer"
  notary-db:
-    image: mariadb:10.1.10
+    image: vmware/harbor-notary-db:mariadb-10.1.10
    container_name: notary-db
    networks:
      notary-mdb: