Merge pull request #137 from saga92/master

add customizing certificate feature into prepare file

Deploy/harbor.cfg

@@ -9,7 +9,7 @@ hostname = reg.mydomain.com
 ui_url_protocol = http
 
 #Email account settings for sending out password resetting emails.
-email_server = smtp.mydomain.com 
+email_server = smtp.mydomain.com
 email_server_port = 25
 email_username = sample_admin@mydomain.com
 email_password = abc
@@ -17,7 +17,7 @@ email_from = admin <sample_admin@mydomain.com>
 email_ssl = false
 
 ##The password of Harbor admin, change this before any production use.
-harbor_admin_password= Harbor12345
+harbor_admin_password = Harbor12345
 
 ##By default the auth mode is db_auth, i.e. the credentials are stored in a local database.
 #Set it to ldap_auth if you want to verify a user's credentials against an LDAP server.
@@ -34,4 +34,16 @@ db_password = root123
 
 #Turn on or off the self-registration feature
 self_registration = on
+
+#Turn on or off the customize your certicate
+customize_crt = on
+
+#fill in your certicate message
+crt_country = CN
+crt_state = State
+crt_location = CN
+crt_organization = organization
+crt_organizationalunit = organizational unit
+crt_commonname = example.com
+crt_email = example@example.com
 #####

Deploy/prepare

@@ -36,6 +36,14 @@ ldap_url = rcp.get("configuration", "ldap_url")
 ldap_basedn = rcp.get("configuration", "ldap_basedn")
 db_password = rcp.get("configuration", "db_password")
 self_registration = rcp.get("configuration", "self_registration")
+customize_crt = rcp.get("configuration", "customize_crt")
+crt_country = rcp.get("configuration", "crt_country")
+crt_state = rcp.get("configuration", "crt_state")
+crt_location = rcp.get("configuration", "crt_location")
+crt_organization = rcp.get("configuration", "crt_organization")
+crt_organizationalunit = rcp.get("configuration", "crt_organizationalunit")
+crt_commonname = rcp.get("configuration", "crt_commonname")
+crt_email = rcp.get("configuration", "crt_email")
 ########
 
 base_dir = os.path.dirname(__file__)
@@ -63,10 +71,12 @@ registry_conf = os.path.join(config_dir, "registry", "config.yml")
 db_conf_env = os.path.join(config_dir, "db", "env")
 
 conf_files = [ ui_conf, ui_conf_env, registry_conf, db_conf_env ]
-for f in conf_files:
-    if os.path.exists(f):
-        print("Clearing the configuration file: %s" % f)
-        os.remove(f)
+def rmdir(cf):
+    for f in cf:
+        if os.path.exists(f):
+            print("Clearing the configuration file: %s" % f)
+            os.remove(f)
+rmdir(conf_files)
 
 render(os.path.join(templates_dir, "ui", "env"),
         ui_conf_env,
@@ -74,7 +84,7 @@ render(os.path.join(templates_dir, "ui", "env"),
         db_password=db_password,
         ui_url=ui_url,
         auth_mode=auth_mode,
-        admin_pwd=harbor_admin_password,
+        harbor_admin_password=harbor_admin_password,
         ldap_url=ldap_url,
         ldap_basedn=ldap_basedn,
 	self_registration=self_registration)
@@ -83,8 +93,8 @@ render(os.path.join(templates_dir, "ui", "app.conf"),
         ui_conf,
         email_server=email_server,
         email_server_port=email_server_port,
-        email_user_name=email_username,
-        email_user_password=email_password,
+        email_username=email_username,
+        email_password=email_password,
         email_from=email_from,
         email_ssl=email_ssl,
         ui_url=ui_url)
@@ -97,4 +107,58 @@ render(os.path.join(templates_dir, "db", "env"),
         db_conf_env,
         db_password=db_password)
 
+def validate_crt_subj(dirty_subj):
+    subj_list = [item for item in dirty_subj.strip().split("/") \
+        if len(item.split("=")) == 2 and len(item.split("=")[1]) > 0]
+    return "/" + "/".join(subj_list)
+
+FNULL = open(os.devnull, 'w')
+
+from functools import wraps
+def stat_decorator(func):
+    #@wraps(func)
+    def check_wrapper(*args, **kwargs):
+        stat = func(*args, **kwargs)
+        message = "Generated configuration file: %s" % kwargs['path'] \
+                if stat == 0 else "Fail to generate %s" % kwargs['path']
+        print(message)
+        if stat != 0:
+            sys.exit(1)
+    return check_wrapper
+
+@stat_decorator
+def check_private_key_stat(*args, **kwargs):
+    return subprocess.call(["openssl", "genrsa", "-out", kwargs['path'], "4096"],\
+        stdout=FNULL, stderr=subprocess.STDOUT)
+
+@stat_decorator
+def check_certificate_stat(*args, **kwargs):
+    dirty_subj = "/C={0}/ST={1}/L={2}/O={3}/OU={4}/CN={5}/emailAddress={6}"\
+        .format(crt_country, crt_state, crt_location, crt_organization,\
+        crt_organizationalunit, crt_commonname, crt_email)
+    subj = validate_crt_subj(dirty_subj)
+    return subprocess.call(["openssl", "req", "-new", "-x509", "-key",\
+        private_key_pem, "-out", root_crt, "-days", "3650", "-subj", subj], \
+        stdout=FNULL, stderr=subprocess.STDOUT)
+
+def openssl_is_installed(stat):
+    if stat == 0:
+        return True
+    else:
+        print("Cannot find openssl installed in this computer\nUse default SSL certificate file")
+        return False
+
+if customize_crt == 'on':
+    import subprocess
+    shell_stat = subprocess.check_call(["which", "openssl"], stdout=FNULL, stderr=subprocess.STDOUT)
+    if openssl_is_installed(shell_stat):
+        private_key_pem = os.path.join(config_dir, "ui", "private_key.pem")
+        root_crt = os.path.join(config_dir, "registry", "root.crt")
+        crt_conf_files = [ private_key_pem, root_crt ]
+        rmdir(crt_conf_files)
+
+        check_private_key_stat(path=private_key_pem)
+        check_certificate_stat(path=root_crt)
+
+FNULL.close()
 print("The configuration files are ready, please use docker-compose to start the service.")

Deploy/templates/ui/app.conf

@@ -11,7 +11,7 @@ httpport = 80
 [mail]
 host = $email_server
 port = $email_server_port
-username = $email_user_name
-password = $email_user_password
+username = $email_username
+password = $email_password
 from = $email_from
 ssl = $email_ssl

Deploy/templates/ui/env

@@ -5,8 +5,8 @@ MYSQL_PWD=$db_password
 REGISTRY_URL=http://registry:5000
 CONFIG_PATH=/etc/ui/app.conf
 HARBOR_REG_URL=$hostname
-HARBOR_ADMIN_PASSWORD=$admin_pwd
-HARBOR_URL=$ui_url
+HARBOR_ADMIN_PASSWORD=$harbor_admin_password
+HARBOR_URL=$hostname
 AUTH_MODE=$auth_mode
 LDAP_URL=$ldap_url
 LDAP_BASE_DN=$ldap_basedn