Upstream/harbor
1
0
Fork 0
mirror of https://github.com/goharbor/harbor.git synced 2025-02-18 12:51:27 +01:00
Code Issues Projects Releases Wiki Activity

store secretkey in data volume and remove it from harbor.cfg

Browse Source
This commit is contained in:
Tan Jiang 2016-10-18 18:06:47 +08:00
parent 6b8d400c12
commit 9889bdd525
2 changed files with 22 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
Deploy/harbor.cfg
View File

@ -60,11 +60,6 @@ use_compressed_js = on
#Maximum number of job workers in job service #Maximum number of job workers in job service
max_job_workers = 3 max_job_workers = 3
#Secret key for encryption/decryption of password of remote registry, its length has to be 16 chars
#**NOTE** if this changes, previously encrypted password will not be decrypted!
#Change this key before any production use.
secret_key = secretkey1234567
#The expiration time (in minute) of token created by token service, default is 30 minutes #The expiration time (in minute) of token created by token service, default is 30 minutes
token_expiration = 30 token_expiration = 30
@ -92,4 +87,3 @@ crt_email = example@example.com
ssl_cert = /path/to/server.crt ssl_cert = /path/to/server.crt
ssl_cert_key = /path/to/server.key ssl_cert_key = /path/to/server.key
############# #############
#####

27
Deploy/prepare
View File

@ -20,8 +20,6 @@ if sys.version_info[:3][0] == 3:
import io as StringIO import io as StringIO
def validate(conf): def validate(conf):
if len(conf.get("configuration", "secret_key")) != 16:
raise Exception("Error: The length of secret key has to be 16 characters!")
protocol = rcp.get("configuration", "ui_url_protocol") protocol = rcp.get("configuration", "ui_url_protocol")
if protocol == "https": if protocol == "https":
if not rcp.has_option("configuration", "ssl_cert"): if not rcp.has_option("configuration", "ssl_cert"):
@ -35,9 +33,27 @@ def validate(conf):
if not os.path.isfile(cert_key_path): if not os.path.isfile(cert_key_path):
raise Exception("Error: The path for certificate key: %s is invalid" % cert_key_path) raise Exception("Error: The path for certificate key: %s is invalid" % cert_key_path)
def get_secret_key(path):
key_file = os.path.join(path, "secretkey")
if os.path.isfile(key_file):
with open(key_file, 'r') as f:
key = f.read()
print("loaded secret key")
if len(key) != 16:
raise Exception("secret key's length has to be 16 chars, current length: %d" % len(key))
return key
if not os.path.isdir(path):
os.makedirs(path, mode=0600)
key = ''.join(random.choice(string.ascii_letters+string.digits) for i in range(16))
with open(key_file, 'w') as f:
f.write(key)
print("generated and saved secret key")
return key
parser = argparse.ArgumentParser() parser = argparse.ArgumentParser()
parser.add_argument('-conf', dest='cfgfile', default = 'harbor.cfg',type=str,help="the path of Harbor configuration file") parser.add_argument('-conf', dest='cfgfile', default='harbor.cfg',type=str,help="the path of Harbor configuration file")
parser.add_argument('--data-volume', dest='data_volume', default='/data/',type=str,help="the path of Harbor data volume, which is set in template of docker-compose.")
args = parser.parse_args() args = parser.parse_args()
#Read configurations #Read configurations
@ -94,7 +110,8 @@ crt_email = rcp.get("configuration", "crt_email")
max_job_workers = rcp.get("configuration", "max_job_workers") max_job_workers = rcp.get("configuration", "max_job_workers")
token_expiration = rcp.get("configuration", "token_expiration") token_expiration = rcp.get("configuration", "token_expiration")
verify_remote_cert = rcp.get("configuration", "verify_remote_cert") verify_remote_cert = rcp.get("configuration", "verify_remote_cert")
secret_key = rcp.get("configuration", "secret_key") #secret_key = rcp.get("configuration", "secret_key")
secret_key = get_secret_key(args.data_volume)
######## ########
ui_secret = ''.join(random.choice(string.ascii_letters+string.digits) for i in range(16)) ui_secret = ''.join(random.choice(string.ascii_letters+string.digits) for i in range(16))