Upstream/harbor
1
0
Fork 0
mirror of https://github.com/goharbor/harbor.git synced 2025-01-03 14:37:44 +01:00
Code Issues Projects Releases Wiki Activity

Merge pull request #137 from saga92/master

Browse Source 
add customizing certificate feature into prepare file
This commit is contained in:
Daniel Jiang 2016-04-25 17:21:43 +08:00
commit 7787cbad8d
4 changed files with 89 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
Deploy/harbor.cfg
View File

@ -9,7 +9,7 @@ hostname = reg.mydomain.com
ui_url_protocol = http ui_url_protocol = http
#Email account settings for sending out password resetting emails. #Email account settings for sending out password resetting emails.
email_server = smtp.mydomain.com email_server = smtp.mydomain.com
email_server_port = 25 email_server_port = 25
email_username = sample_admin@mydomain.com email_username = sample_admin@mydomain.com
email_password = abc email_password = abc
@ -17,7 +17,7 @@ email_from = admin <sample_admin@mydomain.com>
email_ssl = false email_ssl = false
##The password of Harbor admin, change this before any production use. ##The password of Harbor admin, change this before any production use.
harbor_admin_password= Harbor12345 harbor_admin_password = Harbor12345
##By default the auth mode is db_auth, i.e. the credentials are stored in a local database. ##By default the auth mode is db_auth, i.e. the credentials are stored in a local database.
#Set it to ldap_auth if you want to verify a user's credentials against an LDAP server. #Set it to ldap_auth if you want to verify a user's credentials against an LDAP server.
@ -34,4 +34,16 @@ db_password = root123
#Turn on or off the self-registration feature #Turn on or off the self-registration feature
self_registration = on self_registration = on
#Turn on or off the customize your certicate
customize_crt = on
#fill in your certicate message
crt_country = CN
crt_state = State
crt_location = CN
crt_organization = organization
crt_organizationalunit = organizational unit
crt_commonname = example.com
crt_email = example@example.com
##### #####

78
Deploy/prepare
View File

@ -36,6 +36,14 @@ ldap_url = rcp.get("configuration", "ldap_url")
ldap_basedn = rcp.get("configuration", "ldap_basedn") ldap_basedn = rcp.get("configuration", "ldap_basedn")
db_password = rcp.get("configuration", "db_password") db_password = rcp.get("configuration", "db_password")
self_registration = rcp.get("configuration", "self_registration") self_registration = rcp.get("configuration", "self_registration")
customize_crt = rcp.get("configuration", "customize_crt")
crt_country = rcp.get("configuration", "crt_country")
crt_state = rcp.get("configuration", "crt_state")
crt_location = rcp.get("configuration", "crt_location")
crt_organization = rcp.get("configuration", "crt_organization")
crt_organizationalunit = rcp.get("configuration", "crt_organizationalunit")
crt_commonname = rcp.get("configuration", "crt_commonname")
crt_email = rcp.get("configuration", "crt_email")
######## ########
base_dir = os.path.dirname(__file__) base_dir = os.path.dirname(__file__)
@ -63,10 +71,12 @@ registry_conf = os.path.join(config_dir, "registry", "config.yml")
db_conf_env = os.path.join(config_dir, "db", "env") db_conf_env = os.path.join(config_dir, "db", "env")
conf_files = [ ui_conf, ui_conf_env, registry_conf, db_conf_env ] conf_files = [ ui_conf, ui_conf_env, registry_conf, db_conf_env ]
for f in conf_files: def rmdir(cf):
if os.path.exists(f): for f in cf:
print("Clearing the configuration file: %s" % f) if os.path.exists(f):
os.remove(f) print("Clearing the configuration file: %s" % f)
os.remove(f)
rmdir(conf_files)
render(os.path.join(templates_dir, "ui", "env"), render(os.path.join(templates_dir, "ui", "env"),
ui_conf_env, ui_conf_env,
@ -74,7 +84,7 @@ render(os.path.join(templates_dir, "ui", "env"),
db_password=db_password, db_password=db_password,
ui_url=ui_url, ui_url=ui_url,
auth_mode=auth_mode, auth_mode=auth_mode,
admin_pwd=harbor_admin_password, harbor_admin_password=harbor_admin_password,
ldap_url=ldap_url, ldap_url=ldap_url,
ldap_basedn=ldap_basedn, ldap_basedn=ldap_basedn,
self_registration=self_registration) self_registration=self_registration)
@ -83,8 +93,8 @@ render(os.path.join(templates_dir, "ui", "app.conf"),
ui_conf, ui_conf,
email_server=email_server, email_server=email_server,
email_server_port=email_server_port, email_server_port=email_server_port,
email_user_name=email_username, email_username=email_username,
email_user_password=email_password, email_password=email_password,
email_from=email_from, email_from=email_from,
email_ssl=email_ssl, email_ssl=email_ssl,
ui_url=ui_url) ui_url=ui_url)
@ -97,4 +107,58 @@ render(os.path.join(templates_dir, "db", "env"),
db_conf_env, db_conf_env,
db_password=db_password) db_password=db_password)
def validate_crt_subj(dirty_subj):
subj_list = [item for item in dirty_subj.strip().split("/") \
if len(item.split("=")) == 2 and len(item.split("=")[1]) > 0]
return "/" + "/".join(subj_list)
FNULL = open(os.devnull, 'w')
from functools import wraps
def stat_decorator(func):
#@wraps(func)
def check_wrapper(*args, **kwargs):
stat = func(*args, **kwargs)
message = "Generated configuration file: %s" % kwargs['path'] \
if stat == 0 else "Fail to generate %s" % kwargs['path']
print(message)
if stat != 0:
sys.exit(1)
return check_wrapper
@stat_decorator
def check_private_key_stat(*args, **kwargs):
return subprocess.call(["openssl", "genrsa", "-out", kwargs['path'], "4096"],\
stdout=FNULL, stderr=subprocess.STDOUT)
@stat_decorator
def check_certificate_stat(*args, **kwargs):
dirty_subj = "/C={0}/ST={1}/L={2}/O={3}/OU={4}/CN={5}/emailAddress={6}"\
.format(crt_country, crt_state, crt_location, crt_organization,\
crt_organizationalunit, crt_commonname, crt_email)
subj = validate_crt_subj(dirty_subj)
return subprocess.call(["openssl", "req", "-new", "-x509", "-key",\
private_key_pem, "-out", root_crt, "-days", "3650", "-subj", subj], \
stdout=FNULL, stderr=subprocess.STDOUT)
def openssl_is_installed(stat):
if stat == 0:
return True
else:
print("Cannot find openssl installed in this computer\nUse default SSL certificate file")
return False
if customize_crt == 'on':
import subprocess
shell_stat = subprocess.check_call(["which", "openssl"], stdout=FNULL, stderr=subprocess.STDOUT)
if openssl_is_installed(shell_stat):
private_key_pem = os.path.join(config_dir, "ui", "private_key.pem")
root_crt = os.path.join(config_dir, "registry", "root.crt")
crt_conf_files = [ private_key_pem, root_crt ]
rmdir(crt_conf_files)
check_private_key_stat(path=private_key_pem)
check_certificate_stat(path=root_crt)
FNULL.close()
print("The configuration files are ready, please use docker-compose to start the service.") print("The configuration files are ready, please use docker-compose to start the service.")

4
Deploy/templates/ui/app.conf
View File

@ -11,7 +11,7 @@ httpport = 80
[mail] [mail]
host = $email_server host = $email_server
port = $email_server_port port = $email_server_port
username = $email_user_name username = $email_username
password = $email_user_password password = $email_password
from = $email_from from = $email_from
ssl = $email_ssl ssl = $email_ssl

4
Deploy/templates/ui/env
View File

@ -5,8 +5,8 @@ MYSQL_PWD=$db_password
REGISTRY_URL=http://registry:5000 REGISTRY_URL=http://registry:5000
CONFIG_PATH=/etc/ui/app.conf CONFIG_PATH=/etc/ui/app.conf
HARBOR_REG_URL=$hostname HARBOR_REG_URL=$hostname
HARBOR_ADMIN_PASSWORD=$admin_pwd HARBOR_ADMIN_PASSWORD=$harbor_admin_password
HARBOR_URL=$ui_url HARBOR_URL=$hostname
AUTH_MODE=$auth_mode AUTH_MODE=$auth_mode
LDAP_URL=$ldap_url LDAP_URL=$ldap_url
LDAP_BASE_DN=$ldap_basedn LDAP_BASE_DN=$ldap_basedn