Upstream/harbor
1
0
Fork 0
mirror of https://github.com/goharbor/harbor.git synced 2024-11-23 02:35:17 +01:00
Code Issues Projects Releases Wiki Activity

Merge pull request #1237 from yhua123/dev

Browse Source 
add 'secretkey_path' in harbor.cfg
This commit is contained in:
Daniel Jiang 2016-12-15 17:59:45 +08:00 committed by GitHub
commit 99ce7c0edf
3 changed files with 298 additions and 293 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
docs/installation_guide.md
View File

@ -72,6 +72,7 @@ The parameters are described below - note that at the very least, you will need
* **self_registration**: (**on** or **off**. Default is **on**) Enable / Disable the ability for a user to register themselves. When disabled, new users can only be created by the Admin user, only an admin user can create new users in Harbor. _NOTE: When **auth_mode** is set to **ldap_auth**, self-registration feature is **always** disabled, and this flag is ignored._ * **self_registration**: (**on** or **off**. Default is **on**) Enable / Disable the ability for a user to register themselves. When disabled, new users can only be created by the Admin user, only an admin user can create new users in Harbor. _NOTE: When **auth_mode** is set to **ldap_auth**, self-registration feature is **always** disabled, and this flag is ignored._
* **use_compressed_js**: (**on** or **off**. Default is **on**) For production use, turn this flag to **on**. In development mode, set it to **off** so that js files can be modified separately. * **use_compressed_js**: (**on** or **off**. Default is **on**) For production use, turn this flag to **on**. In development mode, set it to **off** so that js files can be modified separately.
* **max_job_workers**: (default value is **3**) The maximum number of replication workers in job service. For each image replication job, a worker synchronizes all tags of a repository to the remote destination. Increasing this number allows more concurrent replication jobs in the system. However, since each worker consumes a certain amount of network/CPU/IO resources, please carefully pick the value of this attribute based on the hardware resource of the host. * **max_job_workers**: (default value is **3**) The maximum number of replication workers in job service. For each image replication job, a worker synchronizes all tags of a repository to the remote destination. Increasing this number allows more concurrent replication jobs in the system. However, since each worker consumes a certain amount of network/CPU/IO resources, please carefully pick the value of this attribute based on the hardware resource of the host.
* **secretkey_path**: The path of key for encrypt or decrypt the password of a remote registry in a replication policy.
* **token_expiration**: The expiration time (in minutes) of a token created by token service, default is 30 minutes. * **token_expiration**: The expiration time (in minutes) of a token created by token service, default is 30 minutes.

4
make/harbor.cfg
View File

@ -94,4 +94,8 @@ project_creation_restriction = everyone
#The path of cert and key files for nginx, they are applied only the protocol is set to https #The path of cert and key files for nginx, they are applied only the protocol is set to https
ssl_cert = /data/cert/server.crt ssl_cert = /data/cert/server.crt
ssl_cert_key = /data/cert/server.key ssl_cert_key = /data/cert/server.key
#The path of secretkey storage
secretkey_path = /data
############# #############

6
make/prepare
View File

@ -60,7 +60,6 @@ templates_dir = os.path.join(base_dir, "common/templates")
parser = argparse.ArgumentParser() parser = argparse.ArgumentParser()
parser.add_argument('-conf', dest='cfgfile', default=base_dir+'/harbor.cfg',type=str,help="the path of Harbor configuration file") parser.add_argument('-conf', dest='cfgfile', default=base_dir+'/harbor.cfg',type=str,help="the path of Harbor configuration file")
parser.add_argument('--data-volume', dest='data_volume', default='/data/',type=str,help="the path of Harbor data volume, which is set in template of docker-compose.")
args = parser.parse_args() args = parser.parse_args()
@ -120,8 +119,8 @@ max_job_workers = rcp.get("configuration", "max_job_workers")
token_expiration = rcp.get("configuration", "token_expiration") token_expiration = rcp.get("configuration", "token_expiration")
verify_remote_cert = rcp.get("configuration", "verify_remote_cert") verify_remote_cert = rcp.get("configuration", "verify_remote_cert")
proj_cre_restriction = rcp.get("configuration", "project_creation_restriction") proj_cre_restriction = rcp.get("configuration", "project_creation_restriction")
#secret_key = rcp.get("configuration", "secret_key") secretkey_path = rcp.get("configuration", "secretkey_path")
secret_key = get_secret_key(args.data_volume) secret_key = get_secret_key(secretkey_path)
######## ########
ui_secret = ''.join(random.choice(string.ascii_letters+string.digits) for i in range(16)) ui_secret = ''.join(random.choice(string.ascii_letters+string.digits) for i in range(16))
@ -299,3 +298,4 @@ else:
FNULL.close() FNULL.close()
print("The configuration files are ready, please use docker-compose to start the service.") print("The configuration files are ready, please use docker-compose to start the service.")