From 90be98bc5d22835fc66ec267f7df81f7baefecbd Mon Sep 17 00:00:00 2001 From: yhua Date: Mon, 12 Dec 2016 12:39:11 +0800 Subject: [PATCH] add 'data_volume' in harbor.cfg --- docs/installation_guide.md | 2 +- make/harbor.cfg | 4 ++++ make/prepare | 6 +++--- 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/docs/installation_guide.md b/docs/installation_guide.md index a391067ae..70b1d4ecf 100644 --- a/docs/installation_guide.md +++ b/docs/installation_guide.md @@ -72,7 +72,7 @@ The parameters are described below - note that at the very least, you will need * **self_registration**: (**on** or **off**. Default is **on**) Enable / Disable the ability for a user to register themselves. When disabled, new users can only be created by the Admin user, only an admin user can create new users in Harbor. _NOTE: When **auth_mode** is set to **ldap_auth**, self-registration feature is **always** disabled, and this flag is ignored._ * **use_compressed_js**: (**on** or **off**. Default is **on**) For production use, turn this flag to **on**. In development mode, set it to **off** so that js files can be modified separately. * **max_job_workers**: (default value is **3**) The maximum number of replication workers in job service. For each image replication job, a worker synchronizes all tags of a repository to the remote destination. Increasing this number allows more concurrent replication jobs in the system. However, since each worker consumes a certain amount of network/CPU/IO resources, please carefully pick the value of this attribute based on the hardware resource of the host. -* **secret_key**: The key to encrypt or decrypt the password of a remote registry in a replication policy, its length has to be 16 characters. Change this key before any production use. *NOTE: After changing this key, previously encrypted password of a policy can not be decrypted.* +* **secretkey_path**: The path of key for encrypt or decrypt the password of a remote registry in a replication policy. * **token_expiration**: The expiration time (in minutes) of a token created by token service, default is 30 minutes. diff --git a/make/harbor.cfg b/make/harbor.cfg index d5475339c..8b8c6cd37 100644 --- a/make/harbor.cfg +++ b/make/harbor.cfg @@ -94,4 +94,8 @@ project_creation_restriction = everyone #The path of cert and key files for nginx, they are applied only the protocol is set to https ssl_cert = /data/cert/server.crt ssl_cert_key = /data/cert/server.key + +#The path of secretkey storage +secretkey_path = /data ############# + diff --git a/make/prepare b/make/prepare index 4e777ce0e..5e1b6b311 100755 --- a/make/prepare +++ b/make/prepare @@ -60,7 +60,6 @@ templates_dir = os.path.join(base_dir, "common/templates") parser = argparse.ArgumentParser() parser.add_argument('-conf', dest='cfgfile', default=base_dir+'/harbor.cfg',type=str,help="the path of Harbor configuration file") -parser.add_argument('--data-volume', dest='data_volume', default='/data/',type=str,help="the path of Harbor data volume, which is set in template of docker-compose.") args = parser.parse_args() @@ -120,8 +119,8 @@ max_job_workers = rcp.get("configuration", "max_job_workers") token_expiration = rcp.get("configuration", "token_expiration") verify_remote_cert = rcp.get("configuration", "verify_remote_cert") proj_cre_restriction = rcp.get("configuration", "project_creation_restriction") -#secret_key = rcp.get("configuration", "secret_key") -secret_key = get_secret_key(args.data_volume) +secretkey_path = rcp.get("configuration", "secretkey_path") +secret_key = get_secret_key(secretkey_path) ######## ui_secret = ''.join(random.choice(string.ascii_letters+string.digits) for i in range(16)) @@ -299,3 +298,4 @@ else: FNULL.close() print("The configuration files are ready, please use docker-compose to start the service.") +