From 9889bdd525af6e67301adf5cb1e3e8e69cc41708 Mon Sep 17 00:00:00 2001 From: Tan Jiang Date: Tue, 18 Oct 2016 18:06:47 +0800 Subject: [PATCH] store secretkey in data volume and remove it from harbor.cfg --- Deploy/harbor.cfg | 6 ------ Deploy/prepare | 27 ++++++++++++++++++++++----- 2 files changed, 22 insertions(+), 11 deletions(-) diff --git a/Deploy/harbor.cfg b/Deploy/harbor.cfg index 2bb5b2c50..db3984603 100644 --- a/Deploy/harbor.cfg +++ b/Deploy/harbor.cfg @@ -60,11 +60,6 @@ use_compressed_js = on #Maximum number of job workers in job service max_job_workers = 3 -#Secret key for encryption/decryption of password of remote registry, its length has to be 16 chars -#**NOTE** if this changes, previously encrypted password will not be decrypted! -#Change this key before any production use. -secret_key = secretkey1234567 - #The expiration time (in minute) of token created by token service, default is 30 minutes token_expiration = 30 @@ -92,4 +87,3 @@ crt_email = example@example.com ssl_cert = /path/to/server.crt ssl_cert_key = /path/to/server.key ############# -##### diff --git a/Deploy/prepare b/Deploy/prepare index ab22bf4a0..9648c24ed 100755 --- a/Deploy/prepare +++ b/Deploy/prepare @@ -20,8 +20,6 @@ if sys.version_info[:3][0] == 3: import io as StringIO def validate(conf): - if len(conf.get("configuration", "secret_key")) != 16: - raise Exception("Error: The length of secret key has to be 16 characters!") protocol = rcp.get("configuration", "ui_url_protocol") if protocol == "https": if not rcp.has_option("configuration", "ssl_cert"): @@ -35,9 +33,27 @@ def validate(conf): if not os.path.isfile(cert_key_path): raise Exception("Error: The path for certificate key: %s is invalid" % cert_key_path) - +def get_secret_key(path): + key_file = os.path.join(path, "secretkey") + if os.path.isfile(key_file): + with open(key_file, 'r') as f: + key = f.read() + print("loaded secret key") + if len(key) != 16: + raise Exception("secret key's length has to be 16 chars, current length: %d" % len(key)) + return key + if not os.path.isdir(path): + os.makedirs(path, mode=0600) + key = ''.join(random.choice(string.ascii_letters+string.digits) for i in range(16)) + with open(key_file, 'w') as f: + f.write(key) + print("generated and saved secret key") + return key + parser = argparse.ArgumentParser() -parser.add_argument('-conf', dest='cfgfile', default = 'harbor.cfg',type=str,help="the path of Harbor configuration file") +parser.add_argument('-conf', dest='cfgfile', default='harbor.cfg',type=str,help="the path of Harbor configuration file") +parser.add_argument('--data-volume', dest='data_volume', default='/data/',type=str,help="the path of Harbor data volume, which is set in template of docker-compose.") + args = parser.parse_args() #Read configurations @@ -94,7 +110,8 @@ crt_email = rcp.get("configuration", "crt_email") max_job_workers = rcp.get("configuration", "max_job_workers") token_expiration = rcp.get("configuration", "token_expiration") verify_remote_cert = rcp.get("configuration", "verify_remote_cert") -secret_key = rcp.get("configuration", "secret_key") +#secret_key = rcp.get("configuration", "secret_key") +secret_key = get_secret_key(args.data_volume) ######## ui_secret = ''.join(random.choice(string.ascii_letters+string.digits) for i in range(16))