read some configs from env

This commit is contained in:
Wenkai Yin 2017-03-01 15:26:16 +08:00
parent ac6c26d6db
commit a4cb261df9
7 changed files with 92 additions and 65 deletions

View File

@ -29,7 +29,6 @@ HARBOR_ADMIN_PASSWORD=$harbor_admin_password
PROJECT_CREATION_RESTRICTION=$project_creation_restriction
VERIFY_REMOTE_CERT=$verify_remote_cert
MAX_JOB_WORKERS=$max_job_workers
LOG_DIR=/var/log/jobs
UI_SECRET=$ui_secret
JOBSERVICE_SECRET=$jobservice_secret
TOKEN_EXPIRATION=$token_expiration

View File

@ -8,6 +8,43 @@ hostname = reg.mydomain.com
#It can be set to https if ssl is enabled on nginx.
ui_url_protocol = http
#The password for the root user of mysql db, change this before any production use.
db_password = root123
#Determine whether the UI should use compressed js files.
#For production, set it to on. For development, set it to off.
use_compressed_js = on
#Maximum number of job workers in job service
max_job_workers = 3
#Determine whether or not to generate certificate for the registry's token.
#If the value is on, the prepare script creates new root cert and private key
#for generating token to access the registry. If the value is off, a key/certificate must
#be supplied for token generation.
customize_crt = on
#Information of your organization for certificate
crt_country = CN
crt_state = State
crt_location = CN
crt_organization = organization
crt_organizationalunit = organizational unit
crt_commonname = example.com
crt_email = example@example.com
#The path of cert and key files for nginx, they are applied only the protocol is set to https
ssl_cert = /data/cert/server.crt
ssl_cert_key = /data/cert/server.key
#The path of secretkey storage
secretkey_path = /data
#NOTES: The properties between BEGIN INITIAL PROPERTIES and END INITIAL PROPERTIES
#only take effect in the first boot, the subsequent changes of these properties
#should be performed on web ui
#************************BEGIN INITIAL PROPERTIES************************
#Email account settings for sending out password resetting emails.
#Email server uses the given username and password to authenticate on TLS connections to host and act as identity.
@ -55,50 +92,19 @@ ldap_scope = 3
#Timeout (in seconds) when connecting to an LDAP Server. The default value (and most reasonable) is 5 seconds.
ldap_timeout = 5
#The password for the root user of mysql db, change this before any production use.
db_password = root123
#Turn on or off the self-registration feature
self_registration = on
#Determine whether the UI should use compressed js files.
#For production, set it to on. For development, set it to off.
use_compressed_js = on
#Maximum number of job workers in job service
max_job_workers = 3
#The expiration time (in minute) of token created by token service, default is 30 minutes
token_expiration = 30
#Determine whether the job service should verify the ssl cert when it connects to a remote registry.
#Set this flag to off when the remote registry uses a self-signed or untrusted certificate.
verify_remote_cert = on
#Determine whether or not to generate certificate for the registry's token.
#If the value is on, the prepare script creates new root cert and private key
#for generating token to access the registry. If the value is off, a key/certificate must
#be supplied for token generation.
customize_crt = on
#Information of your organization for certificate
crt_country = CN
crt_state = State
crt_location = CN
crt_organization = organization
crt_organizationalunit = organizational unit
crt_commonname = example.com
crt_email = example@example.com
#The flag to control what users have permission to create projects
#Be default everyone can create a project, set to "adminonly" such that only admin can create project.
project_creation_restriction = everyone
#The path of cert and key files for nginx, they are applied only the protocol is set to https
ssl_cert = /data/cert/server.crt
ssl_cert_key = /data/cert/server.key
#The path of secretkey storage
secretkey_path = /data
#Determine whether the job service should verify the ssl cert when it connects to a remote registry.
#Set this flag to off when the remote registry uses a self-signed or untrusted certificate.
verify_remote_cert = on
#************************BEGIN INITIAL PROPERTIES************************
#############

View File

@ -46,8 +46,8 @@ var (
comcfg.AdminInitialPassword,
}
// envs are configurations need read from environment variables
envs = map[string]interface{}{
// all configurations need read from environment variables
allEnvs = map[string]interface{}{
comcfg.ExtEndpoint: "EXT_ENDPOINT",
comcfg.AUTHMode: "AUTH_MODE",
comcfg.SelfRegistration: &parser{
@ -96,7 +96,6 @@ var (
env: "TOKEN_EXPIRATION",
parse: parseStringToInt,
},
comcfg.JobLogDir: "LOG_DIR",
comcfg.UseCompressedJS: &parser{
env: "USE_COMPRESSED_JS",
parse: parseStringToBool,
@ -116,6 +115,26 @@ var (
comcfg.ProjectCreationRestriction: "PROJECT_CREATION_RESTRICTION",
comcfg.AdminInitialPassword: "HARBOR_ADMIN_PASSWORD",
}
// configurations need read from environment variables
// every time the system startup
repeatLoadEnvs = map[string]interface{}{
comcfg.ExtEndpoint: "EXT_ENDPOINT",
comcfg.MySQLPassword: "MYSQL_PWD",
comcfg.MaxJobWorkers: &parser{
env: "MAX_JOB_WORKERS",
parse: parseStringToInt,
},
// TODO remove this config?
comcfg.UseCompressedJS: &parser{
env: "USE_COMPRESSED_JS",
parse: parseStringToBool,
},
comcfg.CfgExpiration: &parser{
env: "CFG_EXPIRATION",
parse: parseStringToInt,
},
}
)
type parser struct {
@ -152,16 +171,19 @@ func Init() (err error) {
}
if cfg != nil {
return nil
}
log.Info("configurations read from store driver are null, initializing system from environment variables...")
cfg, err = loadFromEnv()
if err != nil {
return err
if err = loadFromEnv(cfg, false); err != nil {
return err
}
} else {
log.Info("configurations read from store driver are null, initializing system from environment variables...")
cfg = make(map[string]interface{})
if err = loadFromEnv(cfg, true); err != nil {
return err
}
}
//sync configurations into cfg store
log.Info("updating system configurations...")
return UpdateSystemCfg(cfg)
}
@ -198,9 +220,13 @@ func initKeyProvider() {
keyProvider = comcfg.NewFileKeyProvider(path)
}
//load the configurations from env
func loadFromEnv() (map[string]interface{}, error) {
cfg := map[string]interface{}{}
// load the configurations from allEnvs, if all is false, it just loads
// the repeatLoadEnvs
func loadFromEnv(cfg map[string]interface{}, all bool) error {
envs := repeatLoadEnvs
if all {
envs = allEnvs
}
for k, v := range envs {
if str, ok := v.(string); ok {
@ -211,16 +237,16 @@ func loadFromEnv() (map[string]interface{}, error) {
if parser, ok := v.(*parser); ok {
i, err := parser.parse(os.Getenv(parser.env))
if err != nil {
return nil, err
return err
}
cfg[k] = i
continue
}
return nil, fmt.Errorf("%v is not string or parse type", v)
return fmt.Errorf("%v is not string or parse type", v)
}
return cfg, nil
return nil
}
// GetSystemCfg returns the system configurations

View File

@ -56,7 +56,6 @@ var adminServerDefaultConfig = map[string]interface{}{
config.MaxJobWorkers: 3,
config.TokenExpiration: 30,
config.CfgExpiration: 5,
config.JobLogDir: "/var/log/jobs",
config.UseCompressedJS: true,
config.AdminInitialPassword: "password",
}

View File

@ -25,6 +25,7 @@ import (
const (
defaultKeyPath string = "/etc/jobservice/key"
defaultLogDir string = "/var/log/jobs"
)
var (
@ -119,12 +120,12 @@ func LocalRegURL() (string, error) {
}
// LogDir returns the absolute path to which the log file will be written
func LogDir() (string, error) {
cfg, err := mg.Get()
if err != nil {
return "", err
func LogDir() string {
dir := os.Getenv("LOG_DIR")
if len(dir) == 0 {
dir = defaultLogDir
}
return cfg[comcfg.JobLogDir].(string), nil
return dir
}
// SecretKey will return the secret key for encryption/decryption password in target.

View File

@ -66,8 +66,8 @@ func TestConfig(t *testing.T) {
t.Fatalf("failed to get registry URL: %v", err)
}
if _, err := LogDir(); err != nil {
t.Fatalf("failed to get log directory: %v", err)
if dir := LogDir(); dir != "/var/log/jobs" {
t.Errorf("unexpected log directory: %s != %s", dir, "/var/log/jobs")
}
if _, err := SecretKey(); err != nil {

View File

@ -65,10 +65,6 @@ func GetJobLogPath(jobID int64) (string, error) {
p = filepath.Join(d, p)
}
base, err := config.LogDir()
if err != nil {
return "", err
}
p = filepath.Join(base, p, f)
p = filepath.Join(config.LogDir(), p, f)
return p, nil
}