mirror of
https://github.com/goharbor/harbor.git
synced 2024-12-23 00:57:44 +01:00
read some configs from env
This commit is contained in:
parent
ac6c26d6db
commit
a4cb261df9
@ -29,7 +29,6 @@ HARBOR_ADMIN_PASSWORD=$harbor_admin_password
|
||||
PROJECT_CREATION_RESTRICTION=$project_creation_restriction
|
||||
VERIFY_REMOTE_CERT=$verify_remote_cert
|
||||
MAX_JOB_WORKERS=$max_job_workers
|
||||
LOG_DIR=/var/log/jobs
|
||||
UI_SECRET=$ui_secret
|
||||
JOBSERVICE_SECRET=$jobservice_secret
|
||||
TOKEN_EXPIRATION=$token_expiration
|
||||
|
@ -8,6 +8,43 @@ hostname = reg.mydomain.com
|
||||
#It can be set to https if ssl is enabled on nginx.
|
||||
ui_url_protocol = http
|
||||
|
||||
#The password for the root user of mysql db, change this before any production use.
|
||||
db_password = root123
|
||||
|
||||
#Determine whether the UI should use compressed js files.
|
||||
#For production, set it to on. For development, set it to off.
|
||||
use_compressed_js = on
|
||||
|
||||
#Maximum number of job workers in job service
|
||||
max_job_workers = 3
|
||||
|
||||
#Determine whether or not to generate certificate for the registry's token.
|
||||
#If the value is on, the prepare script creates new root cert and private key
|
||||
#for generating token to access the registry. If the value is off, a key/certificate must
|
||||
#be supplied for token generation.
|
||||
customize_crt = on
|
||||
|
||||
#Information of your organization for certificate
|
||||
crt_country = CN
|
||||
crt_state = State
|
||||
crt_location = CN
|
||||
crt_organization = organization
|
||||
crt_organizationalunit = organizational unit
|
||||
crt_commonname = example.com
|
||||
crt_email = example@example.com
|
||||
|
||||
#The path of cert and key files for nginx, they are applied only the protocol is set to https
|
||||
ssl_cert = /data/cert/server.crt
|
||||
ssl_cert_key = /data/cert/server.key
|
||||
|
||||
#The path of secretkey storage
|
||||
secretkey_path = /data
|
||||
|
||||
#NOTES: The properties between BEGIN INITIAL PROPERTIES and END INITIAL PROPERTIES
|
||||
#only take effect in the first boot, the subsequent changes of these properties
|
||||
#should be performed on web ui
|
||||
#************************BEGIN INITIAL PROPERTIES************************
|
||||
|
||||
#Email account settings for sending out password resetting emails.
|
||||
|
||||
#Email server uses the given username and password to authenticate on TLS connections to host and act as identity.
|
||||
@ -55,50 +92,19 @@ ldap_scope = 3
|
||||
#Timeout (in seconds) when connecting to an LDAP Server. The default value (and most reasonable) is 5 seconds.
|
||||
ldap_timeout = 5
|
||||
|
||||
#The password for the root user of mysql db, change this before any production use.
|
||||
db_password = root123
|
||||
|
||||
#Turn on or off the self-registration feature
|
||||
self_registration = on
|
||||
|
||||
#Determine whether the UI should use compressed js files.
|
||||
#For production, set it to on. For development, set it to off.
|
||||
use_compressed_js = on
|
||||
|
||||
#Maximum number of job workers in job service
|
||||
max_job_workers = 3
|
||||
|
||||
#The expiration time (in minute) of token created by token service, default is 30 minutes
|
||||
token_expiration = 30
|
||||
|
||||
#Determine whether the job service should verify the ssl cert when it connects to a remote registry.
|
||||
#Set this flag to off when the remote registry uses a self-signed or untrusted certificate.
|
||||
verify_remote_cert = on
|
||||
|
||||
#Determine whether or not to generate certificate for the registry's token.
|
||||
#If the value is on, the prepare script creates new root cert and private key
|
||||
#for generating token to access the registry. If the value is off, a key/certificate must
|
||||
#be supplied for token generation.
|
||||
customize_crt = on
|
||||
|
||||
#Information of your organization for certificate
|
||||
crt_country = CN
|
||||
crt_state = State
|
||||
crt_location = CN
|
||||
crt_organization = organization
|
||||
crt_organizationalunit = organizational unit
|
||||
crt_commonname = example.com
|
||||
crt_email = example@example.com
|
||||
|
||||
#The flag to control what users have permission to create projects
|
||||
#Be default everyone can create a project, set to "adminonly" such that only admin can create project.
|
||||
project_creation_restriction = everyone
|
||||
|
||||
#The path of cert and key files for nginx, they are applied only the protocol is set to https
|
||||
ssl_cert = /data/cert/server.crt
|
||||
ssl_cert_key = /data/cert/server.key
|
||||
|
||||
#The path of secretkey storage
|
||||
secretkey_path = /data
|
||||
#Determine whether the job service should verify the ssl cert when it connects to a remote registry.
|
||||
#Set this flag to off when the remote registry uses a self-signed or untrusted certificate.
|
||||
verify_remote_cert = on
|
||||
#************************BEGIN INITIAL PROPERTIES************************
|
||||
#############
|
||||
|
||||
|
@ -46,8 +46,8 @@ var (
|
||||
comcfg.AdminInitialPassword,
|
||||
}
|
||||
|
||||
// envs are configurations need read from environment variables
|
||||
envs = map[string]interface{}{
|
||||
// all configurations need read from environment variables
|
||||
allEnvs = map[string]interface{}{
|
||||
comcfg.ExtEndpoint: "EXT_ENDPOINT",
|
||||
comcfg.AUTHMode: "AUTH_MODE",
|
||||
comcfg.SelfRegistration: &parser{
|
||||
@ -96,7 +96,6 @@ var (
|
||||
env: "TOKEN_EXPIRATION",
|
||||
parse: parseStringToInt,
|
||||
},
|
||||
comcfg.JobLogDir: "LOG_DIR",
|
||||
comcfg.UseCompressedJS: &parser{
|
||||
env: "USE_COMPRESSED_JS",
|
||||
parse: parseStringToBool,
|
||||
@ -116,6 +115,26 @@ var (
|
||||
comcfg.ProjectCreationRestriction: "PROJECT_CREATION_RESTRICTION",
|
||||
comcfg.AdminInitialPassword: "HARBOR_ADMIN_PASSWORD",
|
||||
}
|
||||
|
||||
// configurations need read from environment variables
|
||||
// every time the system startup
|
||||
repeatLoadEnvs = map[string]interface{}{
|
||||
comcfg.ExtEndpoint: "EXT_ENDPOINT",
|
||||
comcfg.MySQLPassword: "MYSQL_PWD",
|
||||
comcfg.MaxJobWorkers: &parser{
|
||||
env: "MAX_JOB_WORKERS",
|
||||
parse: parseStringToInt,
|
||||
},
|
||||
// TODO remove this config?
|
||||
comcfg.UseCompressedJS: &parser{
|
||||
env: "USE_COMPRESSED_JS",
|
||||
parse: parseStringToBool,
|
||||
},
|
||||
comcfg.CfgExpiration: &parser{
|
||||
env: "CFG_EXPIRATION",
|
||||
parse: parseStringToInt,
|
||||
},
|
||||
}
|
||||
)
|
||||
|
||||
type parser struct {
|
||||
@ -152,16 +171,19 @@ func Init() (err error) {
|
||||
}
|
||||
|
||||
if cfg != nil {
|
||||
return nil
|
||||
}
|
||||
|
||||
log.Info("configurations read from store driver are null, initializing system from environment variables...")
|
||||
cfg, err = loadFromEnv()
|
||||
if err != nil {
|
||||
return err
|
||||
if err = loadFromEnv(cfg, false); err != nil {
|
||||
return err
|
||||
}
|
||||
} else {
|
||||
log.Info("configurations read from store driver are null, initializing system from environment variables...")
|
||||
cfg = make(map[string]interface{})
|
||||
if err = loadFromEnv(cfg, true); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
//sync configurations into cfg store
|
||||
log.Info("updating system configurations...")
|
||||
return UpdateSystemCfg(cfg)
|
||||
}
|
||||
|
||||
@ -198,9 +220,13 @@ func initKeyProvider() {
|
||||
keyProvider = comcfg.NewFileKeyProvider(path)
|
||||
}
|
||||
|
||||
//load the configurations from env
|
||||
func loadFromEnv() (map[string]interface{}, error) {
|
||||
cfg := map[string]interface{}{}
|
||||
// load the configurations from allEnvs, if all is false, it just loads
|
||||
// the repeatLoadEnvs
|
||||
func loadFromEnv(cfg map[string]interface{}, all bool) error {
|
||||
envs := repeatLoadEnvs
|
||||
if all {
|
||||
envs = allEnvs
|
||||
}
|
||||
|
||||
for k, v := range envs {
|
||||
if str, ok := v.(string); ok {
|
||||
@ -211,16 +237,16 @@ func loadFromEnv() (map[string]interface{}, error) {
|
||||
if parser, ok := v.(*parser); ok {
|
||||
i, err := parser.parse(os.Getenv(parser.env))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
return err
|
||||
}
|
||||
cfg[k] = i
|
||||
continue
|
||||
}
|
||||
|
||||
return nil, fmt.Errorf("%v is not string or parse type", v)
|
||||
return fmt.Errorf("%v is not string or parse type", v)
|
||||
}
|
||||
|
||||
return cfg, nil
|
||||
return nil
|
||||
}
|
||||
|
||||
// GetSystemCfg returns the system configurations
|
||||
|
@ -56,7 +56,6 @@ var adminServerDefaultConfig = map[string]interface{}{
|
||||
config.MaxJobWorkers: 3,
|
||||
config.TokenExpiration: 30,
|
||||
config.CfgExpiration: 5,
|
||||
config.JobLogDir: "/var/log/jobs",
|
||||
config.UseCompressedJS: true,
|
||||
config.AdminInitialPassword: "password",
|
||||
}
|
||||
|
@ -25,6 +25,7 @@ import (
|
||||
|
||||
const (
|
||||
defaultKeyPath string = "/etc/jobservice/key"
|
||||
defaultLogDir string = "/var/log/jobs"
|
||||
)
|
||||
|
||||
var (
|
||||
@ -119,12 +120,12 @@ func LocalRegURL() (string, error) {
|
||||
}
|
||||
|
||||
// LogDir returns the absolute path to which the log file will be written
|
||||
func LogDir() (string, error) {
|
||||
cfg, err := mg.Get()
|
||||
if err != nil {
|
||||
return "", err
|
||||
func LogDir() string {
|
||||
dir := os.Getenv("LOG_DIR")
|
||||
if len(dir) == 0 {
|
||||
dir = defaultLogDir
|
||||
}
|
||||
return cfg[comcfg.JobLogDir].(string), nil
|
||||
return dir
|
||||
}
|
||||
|
||||
// SecretKey will return the secret key for encryption/decryption password in target.
|
||||
|
@ -66,8 +66,8 @@ func TestConfig(t *testing.T) {
|
||||
t.Fatalf("failed to get registry URL: %v", err)
|
||||
}
|
||||
|
||||
if _, err := LogDir(); err != nil {
|
||||
t.Fatalf("failed to get log directory: %v", err)
|
||||
if dir := LogDir(); dir != "/var/log/jobs" {
|
||||
t.Errorf("unexpected log directory: %s != %s", dir, "/var/log/jobs")
|
||||
}
|
||||
|
||||
if _, err := SecretKey(); err != nil {
|
||||
|
@ -65,10 +65,6 @@ func GetJobLogPath(jobID int64) (string, error) {
|
||||
|
||||
p = filepath.Join(d, p)
|
||||
}
|
||||
base, err := config.LogDir()
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
p = filepath.Join(base, p, f)
|
||||
p = filepath.Join(config.LogDir(), p, f)
|
||||
return p, nil
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user