diff --git a/Makefile b/Makefile index a082d42a4..ddd8788c0 100644 --- a/Makefile +++ b/Makefile @@ -209,7 +209,7 @@ REGISTRYUSER=user REGISTRYPASSWORD=default # cmds -DOCKERSAVE_PARA= $(DOCKERIMAGENAME_PORTAL):$(VERSIONTAG) \ +DOCKERSAVE_PARA=$(DOCKERIMAGENAME_PORTAL):$(VERSIONTAG) \ $(DOCKERIMAGENAME_CORE):$(VERSIONTAG) \ $(DOCKERIMAGENAME_LOG):$(VERSIONTAG) \ $(DOCKERIMAGENAME_DB):$(VERSIONTAG) \ @@ -219,16 +219,16 @@ DOCKERSAVE_PARA= $(DOCKERIMAGENAME_PORTAL):$(VERSIONTAG) \ goharbor/nginx-photon:$(NGINXVERSION) goharbor/registry-photon:$(REGISTRYVERSION)-$(VERSIONTAG) PACKAGE_OFFLINE_PARA=-zcvf harbor-offline-installer-$(PKGVERSIONTAG).tgz \ - $(HARBORPKG)/common/templates $(HARBORPKG)/$(DOCKERIMGFILE).$(VERSIONTAG).tar.gz \ - $(HARBORPKG)/prepare \ - $(HARBORPKG)/LICENSE $(HARBORPKG)/install.sh \ - $(HARBORPKG)/harbor.yml + $(HARBORPKG)/$(DOCKERIMGFILE).$(VERSIONTAG).tar.gz \ + $(HARBORPKG)/prepare \ + $(HARBORPKG)/LICENSE $(HARBORPKG)/install.sh \ + $(HARBORPKG)/harbor.yml PACKAGE_ONLINE_PARA=-zcvf harbor-online-installer-$(PKGVERSIONTAG).tgz \ - $(HARBORPKG)/common/templates $(HARBORPKG)/prepare \ - $(HARBORPKG)/LICENSE \ - $(HARBORPKG)/install.sh \ - $(HARBORPKG)/harbor.yml + $(HARBORPKG)/prepare \ + $(HARBORPKG)/LICENSE \ + $(HARBORPKG)/install.sh \ + $(HARBORPKG)/harbor.yml DOCKERCOMPOSE_LIST=-f $(DOCKERCOMPOSEFILEPATH)/$(DOCKERCOMPOSEFILENAME) @@ -278,7 +278,7 @@ compile:check_environment compile_core compile_jobservice compile_registryctl co prepare: @echo "preparing..." - @MAKEPATH=$(MAKEPATH) $(MAKEPATH)/$(PREPARECMD) $(PREPARECMD_PARA) + @$(MAKEPATH)/$(PREPARECMD) $(PREPARECMD_PARA) build: make -f $(MAKEFILEPATH_PHOTON)/Makefile build -e DEVFLAG=$(DEVFLAG) \ @@ -287,15 +287,6 @@ build: -e BUILDBIN=$(BUILDBIN) -e REDISVERSION=$(REDISVERSION) -e MIGRATORVERSION=$(MIGRATORVERSION) \ -e CHARTMUSEUMVERSION=$(CHARTMUSEUMVERSION) -e DOCKERIMAGENAME_CHART_SERVER=$(DOCKERIMAGENAME_CHART_SERVER) -modify_sourcefiles: - @echo "change mode of source files." - @chmod 600 $(MAKEPATH)/common/templates/notary/notary-signer.key - @chmod 600 $(MAKEPATH)/common/templates/notary/notary-signer.crt - @chmod 600 $(MAKEPATH)/common/templates/notary/notary-signer-ca.crt - @chmod 600 $(MAKEPATH)/common/templates/core/private_key.pem - @chmod 600 $(MAKEPATH)/common/templates/registry/root.crt - -# install: compile ui_version build modify_sourcefiles prepare start install: compile ui_version build prepare start package_online: prepare diff --git a/make/common/templates/chartserver/env b/make/common/templates/chartserver/env deleted file mode 100644 index 510f7e2f7..000000000 --- a/make/common/templates/chartserver/env +++ /dev/null @@ -1,41 +0,0 @@ -## Settings should be set -PORT=9999 - -# Only support redis now. If redis is setup, then enable cache -CACHE=$cache_store -CACHE_REDIS_ADDR=$cache_redis_addr -CACHE_REDIS_PASSWORD=$cache_redis_password -CACHE_REDIS_DB=$cache_redis_db_index - -# Credential for internal communication -BASIC_AUTH_USER=chart_controller -BASIC_AUTH_PASS=$core_secret - -# Multiple tenants -# Must be set with 1 to support project namespace -DEPTH=1 - -# Backend storage driver: e.g. "local", "amazon", "google" etc. -STORAGE=$storage_driver - -# Storage driver settings -$all_storage_driver_configs - -## Settings with default values. Just put here for future changes -DEBUG=false -LOG_JSON=true -DISABLE_METRICS=false -DISABLE_API=false -DISABLE_STATEFILES=false -ALLOW_OVERWRITE=true -CHART_URL= -AUTH_ANONYMOUS_GET=false -TLS_CERT= -TLS_KEY= -CONTEXT_PATH= -INDEX_LIMIT=0 -MAX_STORAGE_OBJECTS=0 -MAX_UPLOAD_SIZE=20971520 -CHART_POST_FORM_FIELD_NAME=chart -PROV_POST_FORM_FIELD_NAME=prov - diff --git a/make/common/templates/clair/clair_env b/make/common/templates/clair/clair_env deleted file mode 100644 index 62991299b..000000000 --- a/make/common/templates/clair/clair_env +++ /dev/null @@ -1,3 +0,0 @@ -http_proxy=$http_proxy -https_proxy=$https_proxy -no_proxy=$no_proxy diff --git a/make/common/templates/clair/clair_env.jinja b/make/common/templates/clair/clair_env.jinja deleted file mode 100644 index bf4c151bf..000000000 --- a/make/common/templates/clair/clair_env.jinja +++ /dev/null @@ -1,3 +0,0 @@ -http_proxy={{http_proxy}} -https_proxy={{https_proxy}} -no_proxy={{no_proxy}} diff --git a/make/common/templates/clair/config.yaml b/make/common/templates/clair/config.yaml deleted file mode 100644 index 2f6e6cd5d..000000000 --- a/make/common/templates/clair/config.yaml +++ /dev/null @@ -1,25 +0,0 @@ -clair: - database: - type: pgsql - options: - source: postgresql://$username:$password@$host:$port/$dbname?sslmode=disable - - # Number of elements kept in the cache - # Values unlikely to change (e.g. namespaces) are cached in order to save prevent needless roundtrips to the database. - cachesize: 16384 - - api: - # API server port - port: 6060 - healthport: 6061 - - # Deadline before an API request will respond with a 503 - timeout: 300s - updater: - interval: ${interval}h - - notifier: - attempts: 3 - renotifyinterval: 2h - http: - endpoint: http://core:8080/service/notifications/clair diff --git a/make/common/templates/clair/config.yaml.jinja b/make/common/templates/clair/config.yaml.jinja deleted file mode 100644 index f626547d8..000000000 --- a/make/common/templates/clair/config.yaml.jinja +++ /dev/null @@ -1,25 +0,0 @@ -clair: - database: - type: pgsql - options: - source: postgresql://{{username}}:{{password}}@{{host}}:{{port}}/{{dbname}}?sslmode=disable - - # Number of elements kept in the cache - # Values unlikely to change (e.g. namespaces) are cached in order to save prevent needless roundtrips to the database. - cachesize: 16384 - - api: - # API server port - port: 6060 - healthport: 6061 - - # Deadline before an API request will respond with a 503 - timeout: 300s - updater: - interval: {{interval}}h - - notifier: - attempts: 3 - renotifyinterval: 2h - http: - endpoint: http://core:8080/service/notifications/clair diff --git a/make/common/templates/clair/postgres_env b/make/common/templates/clair/postgres_env deleted file mode 100644 index 787c6df0b..000000000 --- a/make/common/templates/clair/postgres_env +++ /dev/null @@ -1 +0,0 @@ -POSTGRES_PASSWORD=$password diff --git a/make/common/templates/clair/postgres_env.jinja b/make/common/templates/clair/postgres_env.jinja deleted file mode 100644 index f38ffa89f..000000000 --- a/make/common/templates/clair/postgres_env.jinja +++ /dev/null @@ -1 +0,0 @@ -POSTGRES_PASSWORD={{password}} diff --git a/make/common/templates/clair/postgresql-init.d/README.md b/make/common/templates/clair/postgresql-init.d/README.md deleted file mode 100644 index b786ea8c6..000000000 --- a/make/common/templates/clair/postgresql-init.d/README.md +++ /dev/null @@ -1,7 +0,0 @@ -This folder used to run some initial sql for clair if needed. - -Just put the sql file in this directory and then start the -clair . - -both .sql and .gz format supported - diff --git a/make/common/templates/core/app.conf b/make/common/templates/core/app.conf deleted file mode 100644 index 6110364ca..000000000 --- a/make/common/templates/core/app.conf +++ /dev/null @@ -1,6 +0,0 @@ -appname = Harbor -runmode = dev -enablegzip = true - -[dev] -httpport = 8080 diff --git a/make/common/templates/core/config_env b/make/common/templates/core/config_env deleted file mode 100644 index 6b04d59a6..000000000 --- a/make/common/templates/core/config_env +++ /dev/null @@ -1,68 +0,0 @@ -PORT=8080 -LOG_LEVEL=info -EXT_ENDPOINT=$public_url -AUTH_MODE=$auth_mode -SELF_REGISTRATION=$self_registration -LDAP_URL=$ldap_url -LDAP_SEARCH_DN=$ldap_searchdn -LDAP_SEARCH_PWD=$ldap_search_pwd -LDAP_BASE_DN=$ldap_basedn -LDAP_FILTER=$ldap_filter -LDAP_UID=$ldap_uid -LDAP_SCOPE=$ldap_scope -LDAP_TIMEOUT=$ldap_timeout -LDAP_VERIFY_CERT=$ldap_verify_cert -DATABASE_TYPE=postgresql -POSTGRESQL_HOST=$db_host -POSTGRESQL_PORT=$db_port -POSTGRESQL_USERNAME=$db_user -POSTGRESQL_PASSWORD=$db_password -POSTGRESQL_DATABASE=registry -POSTGRESQL_SSLMODE=disable -LDAP_GROUP_BASEDN=$ldap_group_basedn -LDAP_GROUP_FILTER=$ldap_group_filter -LDAP_GROUP_GID=$ldap_group_gid -LDAP_GROUP_SCOPE=$ldap_group_scope -REGISTRY_URL=$registry_url -TOKEN_SERVICE_URL=$token_service_url -EMAIL_HOST=$email_host -EMAIL_PORT=$email_port -EMAIL_USR=$email_usr -EMAIL_PWD=$email_pwd -EMAIL_SSL=$email_ssl -EMAIL_FROM=$email_from -EMAIL_IDENTITY=$email_identity -EMAIL_INSECURE=$email_insecure -HARBOR_ADMIN_PASSWORD=$harbor_admin_password -PROJECT_CREATION_RESTRICTION=$project_creation_restriction -MAX_JOB_WORKERS=$max_job_workers -CORE_SECRET=$core_secret -JOBSERVICE_SECRET=$jobservice_secret -TOKEN_EXPIRATION=$token_expiration -CFG_EXPIRATION=5 -ADMIRAL_URL=$admiral_url -WITH_NOTARY=$with_notary -WITH_CLAIR=$with_clair -CLAIR_DB_PASSWORD=$clair_db_password -CLAIR_DB_HOST=$clair_db_host -CLAIR_DB_PORT=$clair_db_port -CLAIR_DB_USERNAME=$clair_db_username -CLAIR_DB=$clair_db -CLAIR_DB_SSLMODE=disable -RESET=$reload_config -UAA_ENDPOINT=$uaa_endpoint -UAA_CLIENTID=$uaa_clientid -UAA_CLIENTSECRET=$uaa_clientsecret -UAA_VERIFY_CERT=$uaa_verify_cert -CORE_URL=$core_url -JOBSERVICE_URL=$jobservice_url -CLAIR_URL=$clair_url -NOTARY_URL=$notary_url -REGISTRY_STORAGE_PROVIDER_NAME=$storage_provider_name -READ_ONLY=false -SKIP_RELOAD_ENV_PATTERN=$skip_reload_env_pattern -RELOAD_KEY=$reload_key -CHART_REPOSITORY_URL=$chart_repository_url -LDAP_GROUP_ADMIN_DN=$ldap_group_admin_dn -REGISTRY_CONTROLLER_URL=$registry_controller_url -WITH_CHARTMUSEUM=$with_chartmuseum diff --git a/make/common/templates/core/env b/make/common/templates/core/env deleted file mode 100644 index f855fd148..000000000 --- a/make/common/templates/core/env +++ /dev/null @@ -1,10 +0,0 @@ -LOG_LEVEL=info -CONFIG_PATH=/etc/core/app.conf -CORE_SECRET=$core_secret -JOBSERVICE_SECRET=$jobservice_secret -UAA_CA_ROOT=/etc/core/certificates/uaa_ca.pem -_REDIS_URL=$redis_host:$redis_port,100,$redis_password -SYNC_REGISTRY=false -CHART_CACHE_DRIVER=$chart_cache_driver -_REDIS_URL_REG=$redis_url_reg - diff --git a/make/common/templates/core/private_key.pem b/make/common/templates/core/private_key.pem deleted file mode 100644 index d2dc85dd1..000000000 --- a/make/common/templates/core/private_key.pem +++ /dev/null @@ -1,51 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIJKAIBAAKCAgEAtpMvyv153iSmwm6TrFpUOzsIGBEDbGtOOEZMEm08D8IC2n1G -d6/XOZ5FxPAD6gIpE0EAcMojY5O0Hl4CDoyV3e/iKcBqFOgYtpogNtan7yT5J8gw -KsPbU/8nBkK75GOq56nfvq4t9GVAclIDtHbuvmlh6O2n+fxtR0M9LbuotbSBdXYU -hzXqiSsMclBvLyIk/z327VP5l0nUNOzPuKIwQjuxYKDkvq1oGy98oVlE6wl0ldh2 -ZYZLGAYbVhqBVUT1Un/PYqi9Nofa2RI5n1WOkUJQp87vb+PUPFhVOdvH/oAzV6/b -9dzyhA5paDM06lj2gsg9hQWxCgbFh1x39c6pSI8hmVe6x2d4tAtSyOm3Qwz+zO2l -bPDvkY8Svh5nxUYObrNreoO8wHr8MC6TGUQLnUt/RfdVKe5fYPFl6VYqJP/L3LDn -Xj771nFq6PKiYbhBwJw3TM49gpKNS/Of70TP2m7nVlyuyMdE5T1j3xyXNkixXqqn -JuSMqX/3Bmm0On9KEbemwn7KRYF/bqc50+RcGUdKNcOkN6vuMVZei4GbxALnVqac -s+/UQAiQP4212UO7iZFwMaCNJ3r/b4GOlyalI1yEA4odoZov7k5zVOzHu8O6QmCj -3R5TVOudpGiUh+lumRRpNqxDgjngLljvaWU6ttyIbjnAwCjnJoppZM2lkRkCAwEA -AQKCAgAvsvCPlf2a3fR7Y6xNISRUfS22K+u7DaXX6fXB8qv4afWY45Xfex89vG35 -78L2Bi55C0h0LztjrpkmPeVHq88TtrJduhl88M5UFpxH93jUb9JwZErBQX4xyb2G -UzUHjEqAT89W3+a9rR5TP74cDd59/MZJtp1mIF7keVqochi3sDsKVxkx4hIuWALe -csk5hTApRyUWCBRzRCSe1yfF0wnMpA/JcP+SGXfTcmqbNNlelo/Q/kaga59+3UmT -C0Wy41s8fIvP+MnGT2QLxkkrqYyfwrWTweqoTtuKEIHjpdnwUcoYJKfQ6jKp8aH0 -STyP5UIyFOKNuFjyh6ZfoPbuT1nGW+YKlUnK4hQ9N/GE0oMoecTaHTbqM+psQvbj -6+CG/1ukA5ZTQyogNyuOApArFBQ+RRmVudPKA3JYygIhwctuB2oItsVEOEZMELCn -g2aVFAVXGfGRDXvpa8oxs3Pc6RJEp/3tON6+w7cMCx0lwN/Jk2Ie6RgTzUycT3k6 -MoTQJRoO6/ZHcx3hTut/CfnrWiltyAUZOsefLuLg+Pwf9GHhOycLRI6gHfgSwdIV -S77UbbELWdscVr1EoPIasUm1uYWBBcFRTturRW+GHJ8TZX+mcWSBcWwBhp15LjEl -tJf+9U6lWMOSB2LvT+vFmR0M9q56fo7UeKFIR7mo7/GpiVu5AQKCAQEA6Qs7G9mw -N/JZOSeQO6xIQakC+sKApPyXO58fa7WQzri+l2UrLNp0DEQfZCujqDgwys6OOzR/ -xg8ZKQWVoad08Ind3ZwoJgnLn6QLENOcE6PpWxA/JjnVGP4JrXCYR98cP0sf9jEI -xkR1qT50GbeqU3RDFliI4kGRvbZ8cekzuWppfQcjstSBPdvuxqAcUVmTnTw83nvD -FmBbhlLiEgI3iKtJ97UB7480ivnWnOuusduk7FO4jF3hkrOa+YRidinTCi8JBo0Y -jx4Ci3Y5x6nvwkXhKzXapd7YmPNisUc5xA7/a+W71cyC0IKUwRc/8pYWLL3R3CpR -YiV8gf6gwzOckQKCAQEAyI9CSNoAQH4zpS8B9PF8zILqEEuun8m1f5JB3hQnfWzm -7uz/zg6I0TkcCE0AJVSKPHQm1V9+TRbF9+DiOWHEYYzPmK8h63SIufaWxZPqai4E -PUj6eQWykBUVJ96n6/AW0JHRZ+WrJ5RXBqCLuY7NP6wDhORrCJjBwaGMohNpbKPS -H3QewsoxCh+CEXKdKyy+/yU/f4E89PlHapkW1/bDJ5u7puSD+KvmiDDIXSBncdOO -uFT8n+XH5IwgjdXFSDim15rQ8jD2l2xLcwKboTpx5GeRl8oB1VGm0fUbBn1dvGPG -4WfHGyrp9VNZtP160WoHr+vRVPqvHNkoeAlCfEwQCQKCAQBN1dtzLN0HgqE8TrOE -ysEDdTCykj4nXNoiJr522hi4gsndhQPLolb6NdKKQW0S5Vmekyi8K4e1nhtYMS5N -5MFRCasZtmtOcR0af87WWucZRDjPmniNCunaxBZ1YFLsRl+H4E6Xir8UgY8O7PYY -FNkFsKIrl3x4nU/RHl8oKKyG9Dyxbq4Er6dPAuMYYiezIAkGjjUCVjHNindnQM2T -GDx2IEe/PSydV6ZD+LguhyU88FCAQmI0N7L8rZJIXmgIcWW0VAterceTHYHaFK2t -u1uB9pcDOKSDnA+Z3kiLT2/CxQOYhQ2clgbnH4YRi/Nm0awsW2X5dATklAKm5GXL -bLSRAoIBAQClaNnPQdTBXBR2IN3pSZ2XAkXPKMwdxvtk+phOc6raHA4eceLL7FrU -y9gd1HvRTfcwws8gXcDKDYU62gNaNhMELWEt2QsNqS/2x7Qzwbms1sTyUpUZaSSL -BohLOKyfv4ThgdIGcXoGi6Z2tcRnRqpq4BCK8uR/05TBgN5+8amaS0ZKYLfaCW4G -nlPk1fVgHWhtAChtnYZLuKg494fKmB7+NMfAbmmVlxjrq+gkPkxyqXvk9Vrg+V8y -VIuozu0Fkouv+GRpyw4ldtCHS1hV0eEK8ow2dwmqCMygDxm58X10mYn2b2PcOTl5 -9sNerUw1GNC8O66K+rGgBk4FKgXmg8kZAoIBABBcuisK250fXAfjAWXGqIMs2+Di -vqAdT041SNZEOJSGNFsLJbhd/3TtCLf29PN/YXtnvBmC37rqryTsqjSbx/YT2Jbr -Bk3jOr9JVbmcoSubXl8d/uzf7IGs91qaCgBwPZHgeH+kK13FCLexz+U9zYMZ78fF -/yO82CpoekT+rcl1jzYn43b6gIklHABQU1uCD6MMyMhJ9Op2WmbDk3X+py359jMc -+Cr2zfzdHAIVff2dOV3OL+ZHEWbwtnn3htKUdOmjoTJrciFx0xNZJS5Q7QYHMONj -yPqbajyhopiN01aBQpCSGF1F1uRpWeIjTrAZPbrwLl9YSYXz0AT05QeFEFk= ------END RSA PRIVATE KEY----- diff --git a/make/common/templates/db/env b/make/common/templates/db/env deleted file mode 100644 index f6cfa00c9..000000000 --- a/make/common/templates/db/env +++ /dev/null @@ -1 +0,0 @@ -POSTGRES_PASSWORD=$db_password diff --git a/make/common/templates/jobservice/config.yml b/make/common/templates/jobservice/config.yml deleted file mode 100644 index 6195ba47c..000000000 --- a/make/common/templates/jobservice/config.yml +++ /dev/null @@ -1,41 +0,0 @@ ---- -#Protocol used to serve -protocol: "http" - -#Config certification if use 'https' protocol -#https_config: -# cert: "server.crt" -# key: "server.key" - -#Server listening port -port: 8080 - -#Worker pool -worker_pool: - #Worker concurrency - workers: $max_job_workers - backend: "redis" - #Additional config if use 'redis' backend - redis_pool: - #redis://[arbitrary_username:password@]ipaddress:port/database_index - redis_url: $redis_url - namespace: "harbor_job_service_namespace" -#Loggers for the running job -job_loggers: - - name: "STD_OUTPUT" # logger backend name, only support "FILE" and "STD_OUTPUT" - level: "INFO" # INFO/DEBUG/WARNING/ERROR/FATAL - - name: "FILE" - level: "INFO" - settings: # Customized settings of logger - base_dir: "/var/log/jobs" - sweeper: - duration: 1 #days - settings: # Customized settings of sweeper - work_dir: "/var/log/jobs" - -#Loggers for the job service -loggers: - - name: "STD_OUTPUT" # Same with above - level: "INFO" -#Admin server endpoint -admin_server: "http://adminserver:8080/" diff --git a/make/common/templates/jobservice/env b/make/common/templates/jobservice/env deleted file mode 100644 index c4808aea3..000000000 --- a/make/common/templates/jobservice/env +++ /dev/null @@ -1,3 +0,0 @@ -CORE_SECRET=$core_secret -JOBSERVICE_SECRET=$jobservice_secret -CORE_URL=$core_url diff --git a/make/common/templates/log/logrotate.conf b/make/common/templates/log/logrotate.conf deleted file mode 100644 index bc63e78de..000000000 --- a/make/common/templates/log/logrotate.conf +++ /dev/null @@ -1,8 +0,0 @@ -/var/log/docker/*.log { - rotate $log_rotate_count - size $log_rotate_size - copytruncate - compress - missingok - nodateext -} \ No newline at end of file diff --git a/make/common/templates/nginx/nginx.http.conf b/make/common/templates/nginx/nginx.http.conf deleted file mode 100644 index 72b364bcb..000000000 --- a/make/common/templates/nginx/nginx.http.conf +++ /dev/null @@ -1,124 +0,0 @@ -worker_processes auto; - -events { - worker_connections 1024; - use epoll; - multi_accept on; -} - -http { - tcp_nodelay on; - - # this is necessary for us to be able to disable request buffering in all cases - proxy_http_version 1.1; - - upstream core { - server core:8080; - } - - upstream portal { - server portal:80; - } - - log_format timed_combined '$$remote_addr - ' - '"$$request" $$status $$body_bytes_sent ' - '"$$http_referer" "$$http_user_agent" ' - '$$request_time $$upstream_response_time $$pipe'; - - access_log /dev/stdout timed_combined; - - server { - listen 80; - server_tokens off; - # disable any limits to avoid HTTP 413 for large image uploads - client_max_body_size 0; - - # costumized location config file can place to /etc/nginx/etc with prefix harbor.http. and suffix .conf - include /etc/nginx/conf.d/harbor.http.*.conf; - - location / { - proxy_pass http://portal/; - proxy_set_header Host $$host; - proxy_set_header X-Real-IP $$remote_addr; - proxy_set_header X-Forwarded-For $$proxy_add_x_forwarded_for; - - # When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings. - proxy_set_header X-Forwarded-Proto $$scheme; - - proxy_buffering off; - proxy_request_buffering off; - } - - location /c/ { - proxy_pass http://core/c/; - proxy_set_header Host $$host; - proxy_set_header X-Real-IP $$remote_addr; - proxy_set_header X-Forwarded-For $$proxy_add_x_forwarded_for; - - # When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings. - proxy_set_header X-Forwarded-Proto $$scheme; - - proxy_buffering off; - proxy_request_buffering off; - } - - location /api/ { - proxy_pass http://core/api/; - proxy_set_header Host $$host; - proxy_set_header X-Real-IP $$remote_addr; - proxy_set_header X-Forwarded-For $$proxy_add_x_forwarded_for; - - # When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings. - proxy_set_header X-Forwarded-Proto $$scheme; - - proxy_buffering off; - proxy_request_buffering off; - } - - location /chartrepo/ { - proxy_pass http://core/chartrepo/; - proxy_set_header Host $$host; - proxy_set_header X-Real-IP $$remote_addr; - proxy_set_header X-Forwarded-For $$proxy_add_x_forwarded_for; - - # When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings. - proxy_set_header X-Forwarded-Proto $$scheme; - - proxy_buffering off; - proxy_request_buffering off; - } - - location /v1/ { - return 404; - } - - location /v2/ { - proxy_pass http://core/v2/; - proxy_set_header Host $$http_host; - proxy_set_header X-Real-IP $$remote_addr; - proxy_set_header X-Forwarded-For $$proxy_add_x_forwarded_for; - - # When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings. - proxy_set_header X-Forwarded-Proto $$scheme; - proxy_buffering off; - proxy_request_buffering off; - } - - location /service/ { - proxy_pass http://core/service/; - proxy_set_header Host $$host; - proxy_set_header X-Real-IP $$remote_addr; - proxy_set_header X-Forwarded-For $$proxy_add_x_forwarded_for; - - # When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings. - proxy_set_header X-Forwarded-Proto $$scheme; - - proxy_buffering off; - proxy_request_buffering off; - } - - location /service/notifications { - return 404; - } - } -} diff --git a/make/common/templates/nginx/nginx.https.conf b/make/common/templates/nginx/nginx.https.conf deleted file mode 100644 index 6b50322d5..000000000 --- a/make/common/templates/nginx/nginx.https.conf +++ /dev/null @@ -1,149 +0,0 @@ -worker_processes auto; - -events { - worker_connections 1024; - use epoll; - multi_accept on; -} - -http { - tcp_nodelay on; - include /etc/nginx/conf.d/*.upstream.conf; - - # this is necessary for us to be able to disable request buffering in all cases - proxy_http_version 1.1; - - upstream core { - server core:8080; - } - - upstream portal { - server portal:80; - } - - log_format timed_combined '$$remote_addr - ' - '"$$request" $$status $$body_bytes_sent ' - '"$$http_referer" "$$http_user_agent" ' - '$$request_time $$upstream_response_time $$pipe'; - - access_log /dev/stdout timed_combined; - - include /etc/nginx/conf.d/*.server.conf; - - server { - listen 443 ssl; -# server_name harbordomain.com; - server_tokens off; - # SSL - ssl_certificate $ssl_cert; - ssl_certificate_key $ssl_cert_key; - - # Recommendations from https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html - ssl_protocols TLSv1.1 TLSv1.2; - ssl_ciphers '!aNULL:kECDH+AESGCM:ECDH+AESGCM:RSA+AESGCM:kECDH+AES:ECDH+AES:RSA+AES:'; - ssl_prefer_server_ciphers on; - ssl_session_cache shared:SSL:10m; - - # disable any limits to avoid HTTP 413 for large image uploads - client_max_body_size 0; - - # required to avoid HTTP 411: see Issue #1486 (https://github.com/docker/docker/issues/1486) - chunked_transfer_encoding on; - - # costumized location config file can place to /etc/nginx dir with prefix harbor.https. and suffix .conf - include /etc/nginx/conf.d/harbor.https.*.conf; - - location / { - proxy_pass http://portal/; - proxy_set_header Host $$http_host; - proxy_set_header X-Real-IP $$remote_addr; - proxy_set_header X-Forwarded-For $$proxy_add_x_forwarded_for; - - # When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings. - proxy_set_header X-Forwarded-Proto $$scheme; - - # Add Secure flag when serving HTTPS - proxy_cookie_path / "/; secure"; - - proxy_buffering off; - proxy_request_buffering off; - } - - location /c/ { - proxy_pass http://core/c/; - proxy_set_header Host $$host; - proxy_set_header X-Real-IP $$remote_addr; - proxy_set_header X-Forwarded-For $$proxy_add_x_forwarded_for; - - # When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings. - proxy_set_header X-Forwarded-Proto $$scheme; - - proxy_buffering off; - proxy_request_buffering off; - } - - location /api/ { - proxy_pass http://core/api/; - proxy_set_header Host $$host; - proxy_set_header X-Real-IP $$remote_addr; - proxy_set_header X-Forwarded-For $$proxy_add_x_forwarded_for; - - # When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings. - proxy_set_header X-Forwarded-Proto $$scheme; - - proxy_buffering off; - proxy_request_buffering off; - } - - location /chartrepo/ { - proxy_pass http://core/chartrepo/; - proxy_set_header Host $$host; - proxy_set_header X-Real-IP $$remote_addr; - proxy_set_header X-Forwarded-For $$proxy_add_x_forwarded_for; - - # When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings. - proxy_set_header X-Forwarded-Proto $$scheme; - - proxy_buffering off; - proxy_request_buffering off; - } - - location /v1/ { - return 404; - } - - location /v2/ { - proxy_pass http://core/v2/; - proxy_set_header Host $$http_host; - proxy_set_header X-Real-IP $$remote_addr; - proxy_set_header X-Forwarded-For $$proxy_add_x_forwarded_for; - - # When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings. - proxy_set_header X-Forwarded-Proto $$scheme; - proxy_buffering off; - proxy_request_buffering off; - } - - location /service/ { - proxy_pass http://core/service/; - proxy_set_header Host $$http_host; - proxy_set_header X-Real-IP $$remote_addr; - proxy_set_header X-Forwarded-For $$proxy_add_x_forwarded_for; - - # When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings. - proxy_set_header X-Forwarded-Proto $$scheme; - - proxy_buffering off; - proxy_request_buffering off; - } - - location /service/notifications { - return 404; - } - } - server { - listen 80; - #server_name harbordomain.com; - return 308 https://$$host$$request_uri; - } -} diff --git a/make/common/templates/nginx/notary.server.conf b/make/common/templates/nginx/notary.server.conf deleted file mode 100644 index a409bcd6f..000000000 --- a/make/common/templates/nginx/notary.server.conf +++ /dev/null @@ -1,33 +0,0 @@ - server { - listen 4443 ssl; - server_tokens off; - # ssl - ssl_certificate $ssl_cert; - ssl_certificate_key $ssl_cert_key; - - # recommendations from https://raymii.org/s/tutorials/strong_ssl_security_on_nginx.html - ssl_protocols tlsv1.1 tlsv1.2; - ssl_ciphers '!aNULL:kECDH+AESGCM:ECDH+AESGCM:RSA+AESGCM:kECDH+AES:ECDH+AES:RSA+AES:'; - ssl_prefer_server_ciphers on; - ssl_session_cache shared:ssl:10m; - - # disable any limits to avoid http 413 for large image uploads - client_max_body_size 0; - - # required to avoid http 411: see issue #1486 (https://github.com/docker/docker/issues/1486) - chunked_transfer_encoding on; - - location /v2/ { - proxy_pass http://notary-server/v2/; - proxy_set_header Host $$http_host; - proxy_set_header X-Real-IP $$remote_addr; - proxy_set_header X-Forwarded-For $$proxy_add_x_forwarded_for; - - # When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings. - proxy_set_header X-Forwarded-Proto $$scheme; - - proxy_buffering off; - proxy_request_buffering off; - } - } - diff --git a/make/common/templates/nginx/notary.upstream.conf b/make/common/templates/nginx/notary.upstream.conf deleted file mode 100644 index ba4d60d4c..000000000 --- a/make/common/templates/nginx/notary.upstream.conf +++ /dev/null @@ -1,4 +0,0 @@ - - upstream notary-server { - server notary-server:4443; - } diff --git a/make/common/templates/notary/notary-signer-ca.crt b/make/common/templates/notary/notary-signer-ca.crt deleted file mode 100644 index c30df3cbf..000000000 --- a/make/common/templates/notary/notary-signer-ca.crt +++ /dev/null @@ -1,32 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFhjCCA26gAwIBAgIJALJdsE+BUxypMA0GCSqGSIb3DQEBCwUAMF8xCzAJBgNV -BAYTAlVTMQswCQYDVQQIDAJDQTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzEPMA0G -A1UECgwGRG9ja2VyMRowGAYDVQQDDBFOb3RhcnkgVGVzdGluZyBDQTAeFw0xNzAx -MjMwNjAzMzZaFw0yNzAxMjEwNjAzMzZaMF8xCzAJBgNVBAYTAlVTMQswCQYDVQQI -DAJDQTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzEPMA0GA1UECgwGRG9ja2VyMRow -GAYDVQQDDBFOb3RhcnkgVGVzdGluZyBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIP -ADCCAgoCggIBALIZNBcIoQDJql5w+XULXq9W3tmD47xnf+IG4u7hkDVPCT4xRG74 -LBoSuFyPUrfT+tsibMlNG6XRtSfLQdNNeQuyIuiilNXV0kXB0RR3TrhxCaKdhRU5 -oQGfpYMvbPNFB7WU/5aAiQutHH85hEMPECf1qPjq8YlUaXJLGFY3WRkW+OOBZ78U -00PqKlvC1kR/NbsV3IkMrO+vWWJQrPFusyYjQ511eQXnRtt8P0Qic0azPffQDVxC -WUe47hmdQ1AULbxQ9AZcPlMI7UFqo+/w/4hPEGJMeOWirLvHLXg4nsOwy7DfWl/n -MqLdJOC/KNfQVAQtkteeZZkkIIV1gxTPYsJqPNwkP9GdJK1A8NW1ef75v7xbQCPY -03QQonBEK7ny7b1xXGGgJzXvK9RP0UUwjt/815c4d0cgUHsy4yuvl2F44EObRshk -fjJVsN/0wrtq4QLE5ZvbeO+7to8dLcRxkmB8axhxahega7akUyY0WxZ+iSn6fzft -/xeCcs/L10V5z0kK4PbiNnooDzV4B6Dy/5oyNExw0jgpD0mzOK5aLb0tXGqFT/ZJ -9vydelBq5q4jLV7SHhHM1dBJSv1fl7vOpDlEr7LBd4YAO2BowoyGLHtLhgYybXF+ -CZ9ywPb1dIIcdK5IVeZECNHMSBuhCRZUu+aun8tRcdSgLEX7mQ/GKWELAgMBAAGj -RTBDMBIGA1UdEwEB/wQIMAYBAf8CAQEwDgYDVR0PAQH/BAQDAgFGMB0GA1UdDgQW -BBSWWbcCebeEgZlWk2/k+abh+bEFpDANBgkqhkiG9w0BAQsFAAOCAgEAQ9gA3Q4b -r2+ZJdIDoDzCNdtHQbb/d1NiUP/Na1MFo7omR3MnKGXy3dIp9IrQq6ROhlqUhDvl -pZegYhTbunTVv1KKJ+5n1hY6pG/Jr8oLY3b9i4qwDLKfQGm5PmrfwAtqbLSfY2M0 -2AZyAhCdGbqB7WpTdG1J7DzGbVVWAtS05e24Mu0qZJvpHdtl4+t89vXgJ/bPrPxF -cpAlT9DOtobTEqrXZeS937F1qNyIgyBki+7mtxkwng5cf3zQM2BJ9lSFQJOBSRDr -haMcnaPI4pknO7OfYf5W9LaS1Dx/U/NeMBfnVBd9NjUw+TMjy2MdMLUaLa9EF7Jo -Gjk+fKaTaUgO8I487wHPMeoEA4A4dEePzGrybRLfl1ZYGQ0xcgunz64n2xfQIy2y -swiyaofYlLxzHzOL0N+Y76P0ic37t9R2F5ggNhfbXhClK2h4HmdjRRRt3VkxR4AD -7OM09bEhlZby34HOlCaC0PHKwYBMjneAG3ycPN88YTMYR2/KizExe71ayNwX2KHL -ib1nOZgZT6s+YvgsZ7lRmMD4iqjuAEh5SRAcWlolVif8bAy09BkY1vwrtgV73q88 -heEbsCE1fsfk1OfH5W4yjjiSDZFRt5oTCPQWJp+2P0RJ9LCxcbf0RrCg3hg5rD9N -lVTA0dsixv5zF3wTuad9inhk9Rmlq1KoaqA= ------END CERTIFICATE----- diff --git a/make/common/templates/notary/notary-signer.crt b/make/common/templates/notary/notary-signer.crt deleted file mode 100644 index 1189dfd7b..000000000 --- a/make/common/templates/notary/notary-signer.crt +++ /dev/null @@ -1,32 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFdjCCA14CCQCeVwANSZmmiDANBgkqhkiG9w0BAQsFADCBhDELMAkGA1UEBhMC -VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVBhbG8gQWx0bzEVMBMG -A1UECgwMVk13YXJlLCBJbmMuMQ8wDQYDVQQLDAZIYXJib3IxJDAiBgNVBAMMG1Nl -bGYtc2lnbmVkIGJ5IFZNd2FyZSwgSW5jLjAeFw0xNzAzMjQwNTMyMDBaFw0yNzAz -MjIwNTMyMDBaMHUxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIw -EAYDVQQHDAlQYWxvIEFsdG8xFTATBgNVBAoMDFZNd2FyZSwgSW5jLjEPMA0GA1UE -CwwGSGFyYm9yMRUwEwYDVQQDDAxub3RhcnlzaWduZXIwggIiMA0GCSqGSIb3DQEB -AQUAA4ICDwAwggIKAoICAQC6TV2RCoH8d1g6xFvDo4FL9v+pGLe5+bu9ryjTaLbN -dH/Cmf5/8WrmgJ3vG2Ksk796J7qsVddwvQkZn6NwDm2Tm+ETMCG85yEA3jl4Kr9R -XfWHYWEavv0vsq6M+bUSSq7VJAhgk4wfx6qJBnFX2qKpODeYLHaHxU1EnIXrStNf -IqR4Eu0Xre8jAkzrDdaFy/KnX4HGgNdz413CXzBCKEuu3VJj07ZvonnTzOgoLvh8 -+PCoQ2M4OBPT9gHqUov1I8nWnrjc+HuM1BW3YIGCB5TV9x0Y7hjvkr4E38gbJURj -uDwg8jof4lMRmU/FHXFLt1ucGwNFUJdPwI7dyEKRA03Lr7htfP5sa9tmv3L93dKD -po1gW1LsfiM3Cur5jARM/hBA+eYJr12Laf9oL59r8JmweqF3zRSwGSY336XoR/Fv -/PAFs9vfKKWZp0uiRtuY9JZNRTF8trnfNf1957bND+DS2HWPmWkw4yK6CGa0s55X -adiDt4gDFvKjl68dBWZoHutY+cZy/hK1D5uqagcX1kzbr/Pzy1gsq9FBBwaTJqBu -YIAsSuzP+7NNZXoPd3rg13V93pbZr8eQN5VOQIBZK83xZEtHSJBEdUSuBOo3JS7j -/rjEnspRqOI4soFnx1vaK0TrRyzJ5KBOuGpW4u8/ZUdIq8KIE30Mj/XI/sgAPr5j -UQIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQBjqYBm/FRqyMH2hnHA0TMXY/WPufJ8 -TX10daELCAYJCEETXmUt1i7dnFxdAZXTnHENHdNYiS4nGBfqMLmODtcAamcv6Dcl -JnyQPt3QlCDPKkcHgz3y4tvDDx6M5rFWYzN9QLiWAYrunIk1R4Jj7FODrM6/NODE -0Mz1czWfsmLfX/jF80SsxnY1DCLKGgo6/RID3xTp4eIMboxCfeH2/yDA+6YPyYbV -Si4ccwo9Foq0IYU8bimPNTyBQ0N+8ajcn328ql6aazmr894Ch5pWA3Qxaa98FcKS -zokBvmmCuvCJ9HOmxKWdFEhSRS9GWxn7wg78UIlLP/8RfUrsecBJHgyhWRA7Qs3K -keiG68Zrhn456IdMxjCZXgJ7gAAe77n4Cz8sFEHAvnAg9JLNEHuEBV5H1Hb7TzET -k0lPiEY78QjutOpqHsWiagqSjlGEMqKI9c8WxXHh9030T/6NnWkdXFo+4HaEZEpp -0JryASS53B5SwLIPrn0Y2/io/kRgbglGktPt6Ex0DwW3f96lcz3me34Nw+HOYYnz -b0cz7JqJZgFXfEnykic3IwZs7m7Xrl9B/vvaVub9Fb5LQ7rIzrO7VkoILov/G41B -Pd4/kagjXDTWd+UBMvZF6YGjr+TUZi5ooi7bvQ3X6N9WNYKW4a1DOokz9janStiL -MrTKyOEOBi0Aew== ------END CERTIFICATE----- diff --git a/make/common/templates/notary/notary-signer.key b/make/common/templates/notary/notary-signer.key deleted file mode 100644 index 3973cec7b..000000000 --- a/make/common/templates/notary/notary-signer.key +++ /dev/null @@ -1,52 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQC6TV2RCoH8d1g6 -xFvDo4FL9v+pGLe5+bu9ryjTaLbNdH/Cmf5/8WrmgJ3vG2Ksk796J7qsVddwvQkZ -n6NwDm2Tm+ETMCG85yEA3jl4Kr9RXfWHYWEavv0vsq6M+bUSSq7VJAhgk4wfx6qJ -BnFX2qKpODeYLHaHxU1EnIXrStNfIqR4Eu0Xre8jAkzrDdaFy/KnX4HGgNdz413C -XzBCKEuu3VJj07ZvonnTzOgoLvh8+PCoQ2M4OBPT9gHqUov1I8nWnrjc+HuM1BW3 -YIGCB5TV9x0Y7hjvkr4E38gbJURjuDwg8jof4lMRmU/FHXFLt1ucGwNFUJdPwI7d -yEKRA03Lr7htfP5sa9tmv3L93dKDpo1gW1LsfiM3Cur5jARM/hBA+eYJr12Laf9o -L59r8JmweqF3zRSwGSY336XoR/Fv/PAFs9vfKKWZp0uiRtuY9JZNRTF8trnfNf19 -57bND+DS2HWPmWkw4yK6CGa0s55XadiDt4gDFvKjl68dBWZoHutY+cZy/hK1D5uq -agcX1kzbr/Pzy1gsq9FBBwaTJqBuYIAsSuzP+7NNZXoPd3rg13V93pbZr8eQN5VO -QIBZK83xZEtHSJBEdUSuBOo3JS7j/rjEnspRqOI4soFnx1vaK0TrRyzJ5KBOuGpW -4u8/ZUdIq8KIE30Mj/XI/sgAPr5jUQIDAQABAoICAQCqIgbFcqwcK7zWBgWrFsD3 -53u4J4t4+df6NGB7F9CAtdgKlej1XDl8gI46Em89HLwqyOdPhCD3opoR3Vg69+IX -f62+gSD+SrA4A7jFxXvryXt0g3hTHYFHssx2j39NUghxOrOvxm6bgxJ4ifqt+Uq8 -cEtM26Xu/T4/3xTpN+7pnVBHGzmLe1q8RNiLe5qhmwtgz/ZKmdSnz0YLQDRo5jWf -Xhxkb63WKrFIu4JzV9my/v9/GfMdHxD0a196ZqHLX0Buj4pQuVbS18dxLF94qIXC -FCZtYtpAxmhjOR2btJ/M1S2MBMkR3vRvSOuxHd8d/zdYys5k2WElArs1TDGGDldW -jp3FYkoygsdWTs056HM1Y9F8dV2KAWfAhEQD8mBIGVjMrCqpnyZcK6JkqVg9c7YW -IYQ2JRwsHq58FMNa3TLTvf/OClhEfSbRWAF0AhMTpnSUgP06cbJeXyzqzHdE37hv -74OBx7KNoS+PEQ3lVgbHsWoUzf3SqB1IOzLyzuEUgHqON2GKmmCNcRMBi3DuV9tw -Q8LWynNxhD8vyBkmo0kAd/FwgXrxJTGdYvxyn29I7QanCTH7o8wtjSE0jj9Qo7oC -McAYGR6oTAjrT78KhI7aZJU5nuA6ySSCJRa6et1CC+SseWknyMMJ5HTo8l7jjXJA -9hjNGGs6giOxznizf+2YAQKCAQEA9wRQk4yN402tfuicvfQBnFUtcpqctWSgGc0T -qzWJgH/W07FMUHzAvqCgsYMMaeteXOMZH7jijvtIlhYfIg5w+RJ9PSsSu680OzGN -R31+l2B/QzRAHUJ6+OVgWxAn6awU1mYLaiwVmSNWEnjAPE4XeSK708OOganI3pBQ -8zOHj+j6uV8ddG79D6FqNJHAQwpou/p+XO/BGDFgX22x4F68Z0gCQcmoyAE7ppOp -dqq3lPoDbRQ02/5cqaIA6dhmfjK2cpz4y1nUxffzY7qJjpoB/YSdR66cCNiYcJzp -fMVBXhF9Iyj/Cah1w+hc0NOy9dW15afFaLFK0zrtAzEaVxH/0QKCAQEAwRPOwSCl -XrMYXmc91TF6XbhErILHK/pIEOIMF09KNJvSjY0188Ram/pFbPRYh0cIyASmRGXL -Qq5B1Qi0vx5TCq1OCrW2yeE7zboAlnADhk1u9N8YmL6JrCKVGQO7wFD3V8uphXdM -tixNa5WvJ6eE5Vq+SVy99V5pQgb8ErrISlW4MYK7LI7DruSDuM2tHtiOcXcdTVej -1stXJZkH46RYvxxid9tRzfiB8K5ziZfLwPNf2wRyj1J4ojn5pPNhhfkjJ24LCZGt -JxwSXqdP+4x7by6x3mU+hutU/lF3jl+0edSnU0cZ6lvuq2T5YGgda/VXlv1ZFQUw -rwUXD9unU+aLgQKCAQEA9R74/pI5sthAVHFsKStb9dComtNGstI59aCF5h3oZvV1 -Lvj/q9dARWqMS9qplOoV58MMCWikmhJNw3IMTvVZsjBgyzRVEJ4aDKttcQXde0Ys -w3m0LdTsxtSHu5XapY032FHG/gLlI+Pm48mjqbQsou6OyOOEJLNhO0qmqc/2tB4T -v6PdTM9enAYnqCcCTQSlTfSTNJJOYT2OTuRB4U7hUvQoGTSOInrmwLRDNBjQuCso -/zNQCQbu2P6EPYmam5yjZDTUxqZL+G/GvK49Fp9JXlQc5ycke7rD+uwa3s+3wCtG -rH9gJitfQZrxj+Cj9EOwj0bfJLbac6ZD0CkH5GNeIQKCAQBdoGFOPapzdZ2HicDu -NQQFlmmWzgQPS1rO9Q6v7v8o67b6dVOIVdsqb/5ii0qyrruPYtHNsR8TwrShvYsI -cogKUWfawatV0ibR6DSIvuC2q632iIjA6QSRuGNcsfbFl32Z0WTvF57XaDxSw08g -h5dmMM69fH+REKsyHXj3DCQ8B70+JQrm3IP/t0g4wWQF5TWNyBkpfCoy6n/j94Vf -2j4+zmDhhjTxEGTSdYYJXtarRllhN5Ll9TQSVtK8LllIQjvNzwsDJOU2ZeJyi+e5 -L7Jbg+U01xuvCUc52/+Bxt8ZhQlu1Le4ccQW0Ows19AMnfhPe6NLEi09cdZxFi7Z -/J4BAoIBABCzkBDFxZdfWYt69VBt9PSG8eJ6avny3hXCtKaHIQb+aD5nKjRP0DVh -gyutCo6RasMEc6D1tJGyR/Xvhm64q4JPb5UbSaRQiVYKdgRtMM9pZeBkcBtNs18K -yMx5ajgYorrbi86hXHX7q+JYP8MCbcqqAUSl/Hi8nPxc1foTiCNDf4kGoHvXmoxt -0tA65tFFQhEA6KBn68SDkyTsl/zb5Sx0GJY4kZkOeF3GaxPFX12skgXv95GJUskX -88RJsH4Qqqtzbzj8R241BH8OrcOoyELc6xPioEqUHKVxSIf2ylITbj0UQHd2u0mN -tajKl+aoc+CDxUYbilzhhKetWWF/cJY= ------END PRIVATE KEY----- diff --git a/make/common/templates/notary/server-config.json b/make/common/templates/notary/server-config.json deleted file mode 100644 index faf06584c..000000000 --- a/make/common/templates/notary/server-config.json +++ /dev/null @@ -1,28 +0,0 @@ -{ - "server": { - "http_addr": ":4443" - }, - "trust_service": { - "type": "remote", - "hostname": "notarysigner", - "port": "7899", - "tls_ca_file": "./notary-signer-ca.crt", - "key_algorithm": "ecdsa" - }, - "logging": { - "level": "debug" - }, - "storage": { - "backend": "mysql", - "db_url": "server@tcp(mysql:3306)/notaryserver?parseTime=True" - }, - "auth": { - "type": "token", - "options": { - "realm": "$token_endpoint/service/token", - "service": "harbor-notary", - "issuer": "harbor-token-issuer", - "rootcertbundle": "/etc/notary/root.crt" - } - } -} diff --git a/make/common/templates/notary/server-config.postgres.json b/make/common/templates/notary/server-config.postgres.json deleted file mode 100644 index 310032f65..000000000 --- a/make/common/templates/notary/server-config.postgres.json +++ /dev/null @@ -1,28 +0,0 @@ -{ - "server": { - "http_addr": ":4443" - }, - "trust_service": { - "type": "remote", - "hostname": "notarysigner", - "port": "7899", - "tls_ca_file": "./notary-signer-ca.crt", - "key_algorithm": "ecdsa" - }, - "logging": { - "level": "debug" - }, - "storage": { - "backend": "postgres", - "db_url": "postgres://server:password@postgresql:5432/notaryserver?sslmode=disable" - }, - "auth": { - "type": "token", - "options": { - "realm": "$token_endpoint/service/token", - "service": "harbor-notary", - "issuer": "harbor-token-issuer", - "rootcertbundle": "/etc/notary/root.crt" - } - } -} \ No newline at end of file diff --git a/make/common/templates/notary/server_env b/make/common/templates/notary/server_env deleted file mode 100644 index 964c00d06..000000000 --- a/make/common/templates/notary/server_env +++ /dev/null @@ -1,2 +0,0 @@ -MIGRATIONS_PATH=migrations/server/postgresql -DB_URL=postgres://server:password@postgresql:5432/notaryserver?sslmode=disable diff --git a/make/common/templates/notary/signer-config.json b/make/common/templates/notary/signer-config.json deleted file mode 100644 index 80c095488..000000000 --- a/make/common/templates/notary/signer-config.json +++ /dev/null @@ -1,15 +0,0 @@ -{ - "server": { - "grpc_addr": ":7899", - "tls_cert_file": "./notary-signer.crt", - "tls_key_file": "./notary-signer.key" - }, - "logging": { - "level": "debug" - }, - "storage": { - "backend": "mysql", - "db_url": "signer@tcp(mysql:3306)/notarysigner?parseTime=True", - "default_alias":"defaultalias" - } -} diff --git a/make/common/templates/notary/signer-config.postgres.json b/make/common/templates/notary/signer-config.postgres.json deleted file mode 100644 index 6c5189c63..000000000 --- a/make/common/templates/notary/signer-config.postgres.json +++ /dev/null @@ -1,15 +0,0 @@ -{ - "server": { - "grpc_addr": ":7899", - "tls_cert_file": "./notary-signer.crt", - "tls_key_file": "./notary-signer.key" - }, - "logging": { - "level": "debug" - }, - "storage": { - "backend": "postgres", - "db_url": "postgres://signer:password@postgresql:5432/notarysigner?sslmode=disable", - "default_alias":"defaultalias" - } -} \ No newline at end of file diff --git a/make/common/templates/notary/signer_env b/make/common/templates/notary/signer_env deleted file mode 100644 index 336fe9c36..000000000 --- a/make/common/templates/notary/signer_env +++ /dev/null @@ -1,3 +0,0 @@ -NOTARY_SIGNER_DEFAULTALIAS=$alias -MIGRATIONS_PATH=migrations/signer/postgresql -DB_URL=postgres://signer:password@postgresql:5432/notarysigner?sslmode=disable diff --git a/make/common/templates/registry/config.yml b/make/common/templates/registry/config.yml deleted file mode 100644 index 282eeb671..000000000 --- a/make/common/templates/registry/config.yml +++ /dev/null @@ -1,39 +0,0 @@ -version: 0.1 -log: - level: info - fields: - service: registry -storage: - cache: - layerinfo: redis - $storage_provider_info - maintenance: - uploadpurging: - enabled: false - delete: - enabled: true -redis: - addr: $redis_host:$redis_port - password: $redis_password - db: $redis_db_index_reg -http: - addr: :5000 - secret: placeholder - debug: - addr: localhost:5001 -auth: - token: - issuer: harbor-token-issuer - realm: $public_url/service/token - rootcertbundle: /etc/registry/root.crt - service: harbor-registry -validation: - disabled: true -notifications: - endpoints: - - name: harbor - disabled: false - url: $core_url/service/notifications - timeout: 3000ms - threshold: 5 - backoff: 1s diff --git a/make/common/templates/registry/root.crt b/make/common/templates/registry/root.crt deleted file mode 100644 index c31b27de6..000000000 --- a/make/common/templates/registry/root.crt +++ /dev/null @@ -1,35 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIGBzCCA++gAwIBAgIJAKB8CNqCxhr7MA0GCSqGSIb3DQEBCwUAMIGZMQswCQYD -VQQGEwJDTjEOMAwGA1UECAwFU3RhdGUxCzAJBgNVBAcMAkNOMRUwEwYDVQQKDAxv -cmdhbml6YXRpb24xHDAaBgNVBAsME29yZ2FuaXphdGlvbmFsIHVuaXQxFDASBgNV -BAMMC2V4YW1wbGUuY29tMSIwIAYJKoZIhvcNAQkBFhNleGFtcGxlQGV4YW1wbGUu -Y29tMB4XDTE2MDUxNjAyNDY1NVoXDTI2MDUxNDAyNDY1NVowgZkxCzAJBgNVBAYT -AkNOMQ4wDAYDVQQIDAVTdGF0ZTELMAkGA1UEBwwCQ04xFTATBgNVBAoMDG9yZ2Fu -aXphdGlvbjEcMBoGA1UECwwTb3JnYW5pemF0aW9uYWwgdW5pdDEUMBIGA1UEAwwL -ZXhhbXBsZS5jb20xIjAgBgkqhkiG9w0BCQEWE2V4YW1wbGVAZXhhbXBsZS5jb20w -ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC2ky/K/XneJKbCbpOsWlQ7 -OwgYEQNsa044RkwSbTwPwgLafUZ3r9c5nkXE8APqAikTQQBwyiNjk7QeXgIOjJXd -7+IpwGoU6Bi2miA21qfvJPknyDAqw9tT/ycGQrvkY6rnqd++ri30ZUByUgO0du6+ -aWHo7af5/G1HQz0tu6i1tIF1dhSHNeqJKwxyUG8vIiT/PfbtU/mXSdQ07M+4ojBC -O7FgoOS+rWgbL3yhWUTrCXSV2HZlhksYBhtWGoFVRPVSf89iqL02h9rZEjmfVY6R -QlCnzu9v49Q8WFU528f+gDNXr9v13PKEDmloMzTqWPaCyD2FBbEKBsWHXHf1zqlI -jyGZV7rHZ3i0C1LI6bdDDP7M7aVs8O+RjxK+HmfFRg5us2t6g7zAevwwLpMZRAud -S39F91Up7l9g8WXpViok/8vcsOdePvvWcWro8qJhuEHAnDdMzj2Cko1L85/vRM/a -budWXK7Ix0TlPWPfHJc2SLFeqqcm5Iypf/cGabQ6f0oRt6bCfspFgX9upznT5FwZ -R0o1w6Q3q+4xVl6LgZvEAudWppyz79RACJA/jbXZQ7uJkXAxoI0nev9vgY6XJqUj -XIQDih2hmi/uTnNU7Me7w7pCYKPdHlNU652kaJSH6W6ZFGk2rEOCOeAuWO9pZTq2 -3IhuOcDAKOcmimlkzaWRGQIDAQABo1AwTjAdBgNVHQ4EFgQUPJF++WMsv1OJvf7F -oCew37JTnfQwHwYDVR0jBBgwFoAUPJF++WMsv1OJvf7FoCew37JTnfQwDAYDVR0T -BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAb5LvqukMxWd5Zajbh3orfYsXmhWn -UWiwG176+bd3b5xMlG9iLd4vQ11lTZoIhFOfprRQzbizQ8BzR2JBQckpLcy+5hyA -D3M9vLL37OwA0wT6kxFnd6LtlFaH5gG++huw2ts2PDXFz0jqw+0YE/R8ov2+YdaZ -aPSEMunmAuEY1TbYWzz4u6PxycxhQzDQ34ZmJZ34Elvw1NYMfPMGTKp34PsxIcgT -ao5jqb9RMU6JAumfXrOvXRjjl573vX2hgMZzEU6OF2/+uyg95chn6nO1GUQrT2+F -/1xIqfHfFCm8+jujSDgqfBtGI+2C7No+Dq8LEyEINZe6wSQ81+ryt5jy5SZmAsnj -V4OsSIwlpR5fLUwrFStVoUWHEKl1DflkYki/cAC1TL0Om+ldJ219kcOnaXDNaq66 -3I75BvRY7/88MYLl4Fgt7sn05Mn3uNPrCrci8d0R1tlXIcwMdCowIHeZdWHX43f7 -NsVk/7VSOxJ343csgaQc+3WxEFK0tBxGO6GP+Xj0XmdVGLhalVBsEhPjnmx+Yyrn -oMsTA1Yrs88C8ItQn7zuO/30eKNGTnby0gptHiS6sa/c3O083Mpi8y33GPVZDvBl -l9PfSZT8LG7SvpjsdgdNZlyFvTY4vsB+Vd5Howh7gXYPVXdCs4k7HMyo7zvzliZS -ekCw9NGLoNqQqnA= ------END CERTIFICATE----- diff --git a/make/common/templates/registryctl/config.yml b/make/common/templates/registryctl/config.yml deleted file mode 100644 index 7b2a1d910..000000000 --- a/make/common/templates/registryctl/config.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -protocol: "http" -port: 8080 -log_level: "INFO" - -#https_config: -# cert: "server.crt" -# key: "server.key" \ No newline at end of file diff --git a/make/common/templates/registryctl/env b/make/common/templates/registryctl/env deleted file mode 100644 index 8fb7a92a1..000000000 --- a/make/common/templates/registryctl/env +++ /dev/null @@ -1,3 +0,0 @@ -CORE_SECRET=$core_secret -JOBSERVICE_SECRET=$jobservice_secret - diff --git a/make/harbor.yml b/make/harbor.yml index 9db7462d1..40b06b182 100644 --- a/make/harbor.yml +++ b/make/harbor.yml @@ -12,7 +12,7 @@ hostname: reg.mydomain.com ui_url_protocol: https #Maximum number of job workers in job service -max_job_workers: 10 +max_job_workers: 10 #Determine whether or not to generate certificate for the registry's token. #If the value is on, the prepare script creates new root cert and private key @@ -55,20 +55,6 @@ no_proxy: 127.0.0.1,localhost,core,registry #************************BEGIN INITIAL PROPERTIES************************ -#Email account settings for sending out password resetting emails. - -#Email server uses the given username and password to authenticate on TLS connections to host and act as identity. -#Identity left blank to act as username. -email_identity: - -email_server: smtp.mydomain.com -email_server_port: 25 -email_username: sample_admin@mydomain.com -email_password: abc -email_from: admin -email_ssl: false -email_insecure: false - ##The initial password of Harbor admin, only works for the first time when Harbor starts. #It has no effect after the first launch of Harbor. #Change the admin password from UI after launching Harbor. @@ -78,52 +64,14 @@ harbor_admin_password: Harbor12345 #Set it to ldap_auth if you want to verify a user's credentials against an LDAP server. auth_mode: db_auth -#The url for an ldap endpoint. -ldap_url: ldaps://ldap.mydomain.com - #A user's DN who has the permission to search the LDAP/AD server. -#If your LDAP/AD server does not support anonymous search, you should configure this DN and ldap_search_pwd. -#ldap_searchdn: uid=searchuser,ou=people,dc=mydomain,dc=com - -#the password of the ldap_searchdn -#ldap_search_pwd: password #The base DN from which to look up a user in LDAP/AD ldap_basedn: ou=people,dc=mydomain,dc=com -#Search filter for LDAP/AD, make sure the syntax of the filter is correct. -#ldap_filter = (objectClass=person) - -# The attribute used in a search to match a user, it could be uid, cn, email, sAMAccountName or other attributes depending on your LDAP/AD -ldap_uid: uid - -#the scope to search for users, 0-LDAP_SCOPE_BASE, 1-LDAP_SCOPE_ONELEVEL, 2-LDAP_SCOPE_SUBTREE -ldap_scope: 2 - -#Timeout (in seconds) when connecting to an LDAP Server. The default value (and most reasonable) is 5 seconds. -ldap_timeout: 5 - -#Verify certificate from LDAP server -ldap_verify_cert: true - -#The base dn from which to lookup a group in LDAP/AD -ldap_group_basedn: ou=group,dc=mydomain,dc=com - -#filter to search LDAP/AD group -ldap_group_filter: objectclass=group - #The attribute used to name a LDAP/AD group, it could be cn, name ldap_group_gid: cn -#The scope to search for ldap groups. 0-LDAP_SCOPE_BASE, 1-LDAP_SCOPE_ONELEVEL, 2-LDAP_SCOPE_SUBTREE -ldap_group_scope: 2 - -#Turn on or off the self-registration feature -self_registration: on - -#The expiration time (in minute) of token created by token service, default is 30 minutes -token_expiration: 30 - #The flag to control what users have permission to create projects #The default value "everyone" allows everyone to creates a project. #Set to "adminonly" so that only admin user can create project. @@ -184,14 +132,6 @@ clair_updaters_interval: 12 ##########End of Clair DB configuration############ -#The following attributes only need to be set when auth mode is uaa_auth -uaa_endpoint: uaa.mydomain.org -uaa_clientid: id -uaa_clientsecret: secret -uaa_verify_cert: true -uaa_ca_cert: /path/to/ca.pem - - ### Harbor Storage settings ### #Please be aware that the following storage settings will be applied to both docker registry and helm chart repository. #registry_storage_provider can be: filesystem, s3, gcs, azure, etc. diff --git a/make/photon/chartserver/builder b/make/photon/chartserver/builder index ea7142075..c1fb5f09a 100755 --- a/make/photon/chartserver/builder +++ b/make/photon/chartserver/builder @@ -4,7 +4,7 @@ set +e usage(){ echo "Usage: builder " - echo "e.g: builder golang:1.11.2 github.com/helm/chartmuseum v0.7.1 cmd/chartmuseum chartm" + echo "e.g: builder golang:1.11.2 github.com/helm/chartmuseum v0.8.1 cmd/chartmuseum chartm" exit 1 } diff --git a/make/photon/prepare/main.py b/make/photon/prepare/main.py index 755dac729..9f67c1659 100644 --- a/make/photon/prepare/main.py +++ b/make/photon/prepare/main.py @@ -1,6 +1,5 @@ import click -from utils.admin_server import prepare_adminserver from utils.misc import delfile from utils.configs import validate, parse_yaml_config from utils.cert import prepare_ca, SSL_CERT_KEY_PATH, SSL_CERT_PATH, get_secret_key @@ -16,7 +15,7 @@ from utils.clair import prepare_clair from utils.chart import prepare_chartmuseum from utils.docker_compose import prepare_docker_compose from utils.nginx import prepare_nginx, nginx_confd_dir -from g import (config_dir, private_key_pem_template, config_file_path, core_cert_dir, private_key_pem, +from g import (config_dir, private_key_pem_template, config_file_path, core_cert_dir, private_key_pem, root_crt, root_cert_path_template, registry_custom_ca_bundle_config) # Main function @@ -33,8 +32,7 @@ def main(conf, with_notary, with_clair, with_chartmuseum): prepare_log_configs(config_dict) prepare_nginx(config_dict) - prepare_adminserver(config_dict, with_notary=with_notary, with_clair=with_clair, with_chartmuseum=with_chartmuseum) - prepare_core(config_dict) + prepare_core(config_dict, with_notary=with_notary, with_clair=with_clair, with_chartmuseum=with_chartmuseum) prepare_registry(config_dict) prepare_registry_ctl(config_dict) prepare_db(config_dict) diff --git a/make/photon/prepare/templates/adminserver/env.jinja b/make/photon/prepare/templates/core/config_env.jinja similarity index 100% rename from make/photon/prepare/templates/adminserver/env.jinja rename to make/photon/prepare/templates/core/config_env.jinja diff --git a/make/photon/prepare/templates/core/env.jinja b/make/photon/prepare/templates/core/env.jinja index 710b5d129..e468519cc 100644 --- a/make/photon/prepare/templates/core/env.jinja +++ b/make/photon/prepare/templates/core/env.jinja @@ -2,7 +2,6 @@ LOG_LEVEL=info CONFIG_PATH=/etc/core/app.conf CORE_SECRET={{core_secret}} JOBSERVICE_SECRET={{jobservice_secret}} -ADMINSERVER_URL={{adminserver_url}} UAA_CA_ROOT=/etc/core/certificates/uaa_ca.pem _REDIS_URL={{redis_host}}:{{redis_port}},100,{{redis_password}} SYNC_REGISTRY=false diff --git a/make/photon/prepare/templates/docker_compose/docker-compose.yml.jinja b/make/photon/prepare/templates/docker_compose/docker-compose.yml.jinja index 1a73dac6b..829b24c4b 100644 --- a/make/photon/prepare/templates/docker_compose/docker-compose.yml.jinja +++ b/make/photon/prepare/templates/docker_compose/docker-compose.yml.jinja @@ -2,9 +2,16 @@ version: '2' services: log: image: goharbor/harbor-log:{{version}} - container_name: harbor-log + container_name: harbor-log restart: always dns_search: . + cap_drop: + - ALL + cap_add: + - CHOWN + - DAC_OVERRIDE + - SETGID + - SETUID volumes: - {{log_location}}/:/var/log/docker/:z - ./common/config/log/:/etc/logrotate.d/:z @@ -16,6 +23,12 @@ services: image: goharbor/registry-photon:{{reg_version}} container_name: registry restart: always + cap_drop: + - ALL + cap_add: + - CHOWN + - SETGID + - SETUID volumes: - {{data_volume}}/registry:/storage:z - ./common/config/registry/:/etc/registry/:z @@ -39,6 +52,12 @@ services: env_file: - ./common/config/registryctl/env restart: always + cap_drop: + - ALL + cap_add: + - CHOWN + - SETGID + - SETUID volumes: - {{data_volume}}/registry:/storage:z - ./common/config/registry/:/etc/registry/:z @@ -57,6 +76,13 @@ services: image: goharbor/harbor-db:{{version}} container_name: harbor-db restart: always + cap_drop: + - ALL + cap_add: + - CHOWN + - DAC_OVERRIDE + - SETGID + - SETUID volumes: - {{data_volume}}/database:/var/lib/postgresql/data:z networks: @@ -81,32 +107,18 @@ services: options: syslog-address: "tcp://127.0.0.1:1514" tag: "postgresql" - adminserver: - image: goharbor/harbor-adminserver:{{version}} - container_name: harbor-adminserver - env_file: - - ./common/config/adminserver/env - restart: always - volumes: - - {{data_volume}}/config/:/etc/adminserver/config/:z - - {{secretkey_path}}/secretkey:/etc/adminserver/key:z - - {{data_volume}}/:/data/:z - networks: - - harbor - dns_search: . - depends_on: - - log - logging: - driver: "syslog" - options: - syslog-address: "tcp://127.0.0.1:1514" - tag: "adminserver" core: image: goharbor/harbor-core:{{version}} container_name: harbor-core env_file: - ./common/config/core/env + - ./common/config/core/config_env restart: always + cap_drop: + - ALL + cap_add: + - SETGID + - SETUID volumes: - ./common/config/core/app.conf:/etc/core/app.conf:z - ./common/config/core/private_key.pem:/etc/core/private_key.pem:z @@ -133,7 +145,6 @@ services: dns_search: . depends_on: - log - - adminserver - registry logging: driver: "syslog" @@ -144,6 +155,13 @@ services: image: goharbor/harbor-portal:{{version}} container_name: harbor-portal restart: always + cap_drop: + - ALL + cap_add: + - CHOWN + - SETGID + - SETUID + - NET_BIND_SERVICE networks: - harbor dns_search: . @@ -162,6 +180,12 @@ services: env_file: - ./common/config/jobservice/env restart: always + cap_drop: + - ALL + cap_add: + - CHOWN + - SETGID + - SETUID volumes: - {{data_volume}}/job_logs:/var/log/jobs:z - ./common/config/jobservice/config.yml:/etc/jobservice/config.yml:z @@ -174,7 +198,6 @@ services: depends_on: - redis - core - - adminserver logging: driver: "syslog" options: @@ -184,6 +207,12 @@ services: image: goharbor/redis-photon:{{redis_version}} container_name: redis restart: always + cap_drop: + - ALL + cap_add: + - CHOWN + - SETGID + - SETUID volumes: - {{data_volume}}/redis:/var/lib/redis networks: @@ -205,6 +234,13 @@ services: image: goharbor/nginx-photon:{{redis_version}} container_name: nginx restart: always + cap_drop: + - ALL + cap_add: + - CHOWN + - SETGID + - SETUID + - NET_BIND_SERVICE volumes: - ./common/config/nginx:/etc/nginx:z - {{cert_key_path}}:/etc/nginx/cert/server.key diff --git a/make/photon/prepare/templates/registry/config.yml.jinja b/make/photon/prepare/templates/registry/config.yml.jinja index e2b5ec033..9d649d565 100644 --- a/make/photon/prepare/templates/registry/config.yml.jinja +++ b/make/photon/prepare/templates/registry/config.yml.jinja @@ -27,6 +27,8 @@ auth: realm: {{public_url}}/service/token rootcertbundle: /etc/registry/root.crt service: harbor-registry +validation: + disabled: true notifications: endpoints: - name: harbor diff --git a/make/photon/prepare/utils/admin_server.py b/make/photon/prepare/utils/admin_server.py deleted file mode 100644 index 62110390e..000000000 --- a/make/photon/prepare/utils/admin_server.py +++ /dev/null @@ -1,30 +0,0 @@ -import os - -from g import config_dir, templates_dir -from utils.misc import prepare_config_dir, generate_random_string -from utils.jinja import render_jinja - -adminserver_config_dir = os.path.join(config_dir, 'adminserver') -adminserver_env_template = os.path.join(templates_dir, "adminserver", "env.jinja") -adminserver_conf_env = os.path.join(config_dir, "adminserver", "env") - -def prepare_adminserver(config_dict, with_notary, with_clair, with_chartmuseum): - prepare_adminserver_config_dir() - render_adminserver(config_dict, with_notary, with_clair, with_chartmuseum) - -def prepare_adminserver_config_dir(): - prepare_config_dir(adminserver_config_dir) - -def render_adminserver(config_dict, with_notary, with_clair, with_chartmuseum): - # Use reload_key to avoid reload config after restart harbor - reload_key = generate_random_string(6) if config_dict['reload_config'] == "true" else "" - - render_jinja( - adminserver_env_template, - adminserver_conf_env, - with_notary=with_notary, - with_clair=with_clair, - with_chartmuseum=with_chartmuseum, - reload_key=reload_key, - **config_dict - ) \ No newline at end of file diff --git a/make/photon/prepare/utils/configs.py b/make/photon/prepare/utils/configs.py index 874ec6aa7..8c0681590 100644 --- a/make/photon/prepare/utils/configs.py +++ b/make/photon/prepare/utils/configs.py @@ -208,7 +208,7 @@ def parse_yaml_config(config_file_path): ''' with open(config_file_path) as f: - configs = yaml.load(f) + configs = yaml.safe_load(f) config_dict = {} config_dict['adminserver_url'] = "http://adminserver:8080" diff --git a/make/photon/prepare/utils/core.py b/make/photon/prepare/utils/core.py index 9d5457c03..ecf9edfd8 100644 --- a/make/photon/prepare/utils/core.py +++ b/make/photon/prepare/utils/core.py @@ -1,7 +1,7 @@ import shutil, os from g import config_dir, templates_dir -from utils.misc import prepare_config_dir +from utils.misc import prepare_config_dir, generate_random_string from utils.jinja import render_jinja core_config_dir = os.path.join(config_dir, "core", "certificates") @@ -10,14 +10,20 @@ core_conf_env = os.path.join(config_dir, "core", "env") core_conf_template_path = os.path.join(templates_dir, "core", "app.conf.jinja") core_conf = os.path.join(config_dir, "core", "app.conf") -def prepare_core(config_dict): +core_config_env_template = os.path.join(templates_dir, "core", "config_env.jinja") +core_config_env = os.path.join(config_dir, "core", "config_env") + +def prepare_core(config_dict, with_notary, with_clair, with_chartmuseum): prepare_core_config_dir() # Render Core # set cache for chart repo server # default set 'memory' mode, if redis is configured then set to 'redis' - chart_cache_driver = "memory" if len(config_dict['redis_host']) > 0: chart_cache_driver = "redis" + else: + chart_cache_driver = "memory" + + render_config_env(config_dict, with_notary, with_clair, with_chartmuseum) render_jinja( core_env_template_path, @@ -33,4 +39,18 @@ def prepare_core_config_dir(): def copy_core_config(core_templates_path, core_config_path): shutil.copyfile(core_templates_path, core_config_path) - print("Generated configuration file: %s" % core_config_path) \ No newline at end of file + print("Generated configuration file: %s" % core_config_path) + +def render_config_env(config_dict, with_notary, with_clair, with_chartmuseum): + # Use reload_key to avoid reload config after restart harbor + reload_key = generate_random_string(6) if config_dict['reload_config'] == "true" else "" + + render_jinja( + core_config_env_template, + core_config_env, + with_notary=with_notary, + with_clair=with_clair, + with_chartmuseum=with_chartmuseum, + reload_key=reload_key, + **config_dict + ) \ No newline at end of file diff --git a/make/photon/prepare/utils/docker_compose.py b/make/photon/prepare/utils/docker_compose.py index fa59a7609..be86575d2 100644 --- a/make/photon/prepare/utils/docker_compose.py +++ b/make/photon/prepare/utils/docker_compose.py @@ -9,7 +9,7 @@ VERSION_TAG = 'dev' REGISTRY_VERSION = 'v2.7.1' NOTARY_VERSION = 'v0.6.1-v1.7.1' CLAIR_VERSION = 'v2.0.7-dev' -CHARTMUSEUM_VERSION = 'v0.7.1-dev' +CHARTMUSEUM_VERSION = 'v0.8.1-dev' CLAIR_DB_VERSION = VERSION_TAG MIGRATOR_VERSION = VERSION_TAG REDIS_VERSION = VERSION_TAG diff --git a/make/photon/prepare/utils/jinja.py b/make/photon/prepare/utils/jinja.py index 64448c5b7..da7c0e78c 100644 --- a/make/photon/prepare/utils/jinja.py +++ b/make/photon/prepare/utils/jinja.py @@ -1,5 +1,4 @@ -from jinja2 import Environment, FileSystemLoader, select_autoescape -from g import templates_dir +from jinja2 import Environment, FileSystemLoader from .misc import mark_file jinja_env = Environment(loader=FileSystemLoader('/'), trim_blocks=True) diff --git a/make/photon/prepare/utils/jobservice.py b/make/photon/prepare/utils/jobservice.py index a43dbf1e8..492e1846a 100644 --- a/make/photon/prepare/utils/jobservice.py +++ b/make/photon/prepare/utils/jobservice.py @@ -1,7 +1,7 @@ import os from g import config_dir, DEFAULT_GID, DEFAULT_UID, templates_dir -from utils.misc import prepare_config_dir, mark_file +from utils.misc import prepare_config_dir from utils.jinja import render_jinja job_config_dir = os.path.join(config_dir, "jobservice") diff --git a/make/photon/prepare/utils/notary.py b/make/photon/prepare/utils/notary.py index 5afadf99c..934deb832 100644 --- a/make/photon/prepare/utils/notary.py +++ b/make/photon/prepare/utils/notary.py @@ -68,7 +68,7 @@ def prepare_env_notary(customize_crt, nginx_config_dir): # print("Copying sql file for notary DB") # if os.path.exists(os.path.join(notary_config_dir, "postgresql-initdb.d")): # shutil.rmtree(os.path.join(notary_config_dir, "postgresql-initdb.d")) - # shutil.copytree(os.path.join(notary_temp_dir, "postgresql-initdb.d"), os.path.join(notary_config_dir, "postgresql-initdb.d")) + # shutil.copytree(os.path.join(notary_temp_dir, "postgresql-initdb.d"), os.path.join(notary_config_dir, "postgresql-initdb.d")) def prepare_notary(config_dict, nginx_config_dir, ssl_cert_path, ssl_cert_key_path): @@ -78,7 +78,7 @@ def prepare_notary(config_dict, nginx_config_dir, ssl_cert_path, ssl_cert_key_pa render_jinja( notary_signer_pg_template, notary_signer_pg_config, - uid=DEFAULT_UID, + uid=DEFAULT_UID, gid=DEFAULT_GID ) diff --git a/tests/testprepare.sh b/tests/testprepare.sh index 66e43af3c..a8aecc12f 100755 --- a/tests/testprepare.sh +++ b/tests/testprepare.sh @@ -14,4 +14,8 @@ else fi echo "server ip is "$IP +echo "Current path is" +pwd +cat make/common/config/core/config_env + chmod 777 /data/