mirror of https://github.com/goharbor/harbor.git
Fix: the adminserver caused regression
Remove some code related to adminserver Fix some issues by adminserver removeing Signed-off-by: Qian Deng <dengq@vmware.com>
This commit is contained in:
parent
5f80fe7b8a
commit
ab7c81dac6
29
Makefile
29
Makefile
|
@ -209,7 +209,7 @@ REGISTRYUSER=user
|
||||||
REGISTRYPASSWORD=default
|
REGISTRYPASSWORD=default
|
||||||
|
|
||||||
# cmds
|
# cmds
|
||||||
DOCKERSAVE_PARA= $(DOCKERIMAGENAME_PORTAL):$(VERSIONTAG) \
|
DOCKERSAVE_PARA=$(DOCKERIMAGENAME_PORTAL):$(VERSIONTAG) \
|
||||||
$(DOCKERIMAGENAME_CORE):$(VERSIONTAG) \
|
$(DOCKERIMAGENAME_CORE):$(VERSIONTAG) \
|
||||||
$(DOCKERIMAGENAME_LOG):$(VERSIONTAG) \
|
$(DOCKERIMAGENAME_LOG):$(VERSIONTAG) \
|
||||||
$(DOCKERIMAGENAME_DB):$(VERSIONTAG) \
|
$(DOCKERIMAGENAME_DB):$(VERSIONTAG) \
|
||||||
|
@ -219,16 +219,16 @@ DOCKERSAVE_PARA= $(DOCKERIMAGENAME_PORTAL):$(VERSIONTAG) \
|
||||||
goharbor/nginx-photon:$(NGINXVERSION) goharbor/registry-photon:$(REGISTRYVERSION)-$(VERSIONTAG)
|
goharbor/nginx-photon:$(NGINXVERSION) goharbor/registry-photon:$(REGISTRYVERSION)-$(VERSIONTAG)
|
||||||
|
|
||||||
PACKAGE_OFFLINE_PARA=-zcvf harbor-offline-installer-$(PKGVERSIONTAG).tgz \
|
PACKAGE_OFFLINE_PARA=-zcvf harbor-offline-installer-$(PKGVERSIONTAG).tgz \
|
||||||
$(HARBORPKG)/common/templates $(HARBORPKG)/$(DOCKERIMGFILE).$(VERSIONTAG).tar.gz \
|
$(HARBORPKG)/$(DOCKERIMGFILE).$(VERSIONTAG).tar.gz \
|
||||||
$(HARBORPKG)/prepare \
|
$(HARBORPKG)/prepare \
|
||||||
$(HARBORPKG)/LICENSE $(HARBORPKG)/install.sh \
|
$(HARBORPKG)/LICENSE $(HARBORPKG)/install.sh \
|
||||||
$(HARBORPKG)/harbor.yml
|
$(HARBORPKG)/harbor.yml
|
||||||
|
|
||||||
PACKAGE_ONLINE_PARA=-zcvf harbor-online-installer-$(PKGVERSIONTAG).tgz \
|
PACKAGE_ONLINE_PARA=-zcvf harbor-online-installer-$(PKGVERSIONTAG).tgz \
|
||||||
$(HARBORPKG)/common/templates $(HARBORPKG)/prepare \
|
$(HARBORPKG)/prepare \
|
||||||
$(HARBORPKG)/LICENSE \
|
$(HARBORPKG)/LICENSE \
|
||||||
$(HARBORPKG)/install.sh \
|
$(HARBORPKG)/install.sh \
|
||||||
$(HARBORPKG)/harbor.yml
|
$(HARBORPKG)/harbor.yml
|
||||||
|
|
||||||
DOCKERCOMPOSE_LIST=-f $(DOCKERCOMPOSEFILEPATH)/$(DOCKERCOMPOSEFILENAME)
|
DOCKERCOMPOSE_LIST=-f $(DOCKERCOMPOSEFILEPATH)/$(DOCKERCOMPOSEFILENAME)
|
||||||
|
|
||||||
|
@ -278,7 +278,7 @@ compile:check_environment compile_core compile_jobservice compile_registryctl co
|
||||||
|
|
||||||
prepare:
|
prepare:
|
||||||
@echo "preparing..."
|
@echo "preparing..."
|
||||||
@MAKEPATH=$(MAKEPATH) $(MAKEPATH)/$(PREPARECMD) $(PREPARECMD_PARA)
|
@$(MAKEPATH)/$(PREPARECMD) $(PREPARECMD_PARA)
|
||||||
|
|
||||||
build:
|
build:
|
||||||
make -f $(MAKEFILEPATH_PHOTON)/Makefile build -e DEVFLAG=$(DEVFLAG) \
|
make -f $(MAKEFILEPATH_PHOTON)/Makefile build -e DEVFLAG=$(DEVFLAG) \
|
||||||
|
@ -287,15 +287,6 @@ build:
|
||||||
-e BUILDBIN=$(BUILDBIN) -e REDISVERSION=$(REDISVERSION) -e MIGRATORVERSION=$(MIGRATORVERSION) \
|
-e BUILDBIN=$(BUILDBIN) -e REDISVERSION=$(REDISVERSION) -e MIGRATORVERSION=$(MIGRATORVERSION) \
|
||||||
-e CHARTMUSEUMVERSION=$(CHARTMUSEUMVERSION) -e DOCKERIMAGENAME_CHART_SERVER=$(DOCKERIMAGENAME_CHART_SERVER)
|
-e CHARTMUSEUMVERSION=$(CHARTMUSEUMVERSION) -e DOCKERIMAGENAME_CHART_SERVER=$(DOCKERIMAGENAME_CHART_SERVER)
|
||||||
|
|
||||||
modify_sourcefiles:
|
|
||||||
@echo "change mode of source files."
|
|
||||||
@chmod 600 $(MAKEPATH)/common/templates/notary/notary-signer.key
|
|
||||||
@chmod 600 $(MAKEPATH)/common/templates/notary/notary-signer.crt
|
|
||||||
@chmod 600 $(MAKEPATH)/common/templates/notary/notary-signer-ca.crt
|
|
||||||
@chmod 600 $(MAKEPATH)/common/templates/core/private_key.pem
|
|
||||||
@chmod 600 $(MAKEPATH)/common/templates/registry/root.crt
|
|
||||||
|
|
||||||
# install: compile ui_version build modify_sourcefiles prepare start
|
|
||||||
install: compile ui_version build prepare start
|
install: compile ui_version build prepare start
|
||||||
|
|
||||||
package_online: prepare
|
package_online: prepare
|
||||||
|
|
|
@ -1,41 +0,0 @@
|
||||||
## Settings should be set
|
|
||||||
PORT=9999
|
|
||||||
|
|
||||||
# Only support redis now. If redis is setup, then enable cache
|
|
||||||
CACHE=$cache_store
|
|
||||||
CACHE_REDIS_ADDR=$cache_redis_addr
|
|
||||||
CACHE_REDIS_PASSWORD=$cache_redis_password
|
|
||||||
CACHE_REDIS_DB=$cache_redis_db_index
|
|
||||||
|
|
||||||
# Credential for internal communication
|
|
||||||
BASIC_AUTH_USER=chart_controller
|
|
||||||
BASIC_AUTH_PASS=$core_secret
|
|
||||||
|
|
||||||
# Multiple tenants
|
|
||||||
# Must be set with 1 to support project namespace
|
|
||||||
DEPTH=1
|
|
||||||
|
|
||||||
# Backend storage driver: e.g. "local", "amazon", "google" etc.
|
|
||||||
STORAGE=$storage_driver
|
|
||||||
|
|
||||||
# Storage driver settings
|
|
||||||
$all_storage_driver_configs
|
|
||||||
|
|
||||||
## Settings with default values. Just put here for future changes
|
|
||||||
DEBUG=false
|
|
||||||
LOG_JSON=true
|
|
||||||
DISABLE_METRICS=false
|
|
||||||
DISABLE_API=false
|
|
||||||
DISABLE_STATEFILES=false
|
|
||||||
ALLOW_OVERWRITE=true
|
|
||||||
CHART_URL=
|
|
||||||
AUTH_ANONYMOUS_GET=false
|
|
||||||
TLS_CERT=
|
|
||||||
TLS_KEY=
|
|
||||||
CONTEXT_PATH=
|
|
||||||
INDEX_LIMIT=0
|
|
||||||
MAX_STORAGE_OBJECTS=0
|
|
||||||
MAX_UPLOAD_SIZE=20971520
|
|
||||||
CHART_POST_FORM_FIELD_NAME=chart
|
|
||||||
PROV_POST_FORM_FIELD_NAME=prov
|
|
||||||
|
|
|
@ -1,3 +0,0 @@
|
||||||
http_proxy=$http_proxy
|
|
||||||
https_proxy=$https_proxy
|
|
||||||
no_proxy=$no_proxy
|
|
|
@ -1,3 +0,0 @@
|
||||||
http_proxy={{http_proxy}}
|
|
||||||
https_proxy={{https_proxy}}
|
|
||||||
no_proxy={{no_proxy}}
|
|
|
@ -1,25 +0,0 @@
|
||||||
clair:
|
|
||||||
database:
|
|
||||||
type: pgsql
|
|
||||||
options:
|
|
||||||
source: postgresql://$username:$password@$host:$port/$dbname?sslmode=disable
|
|
||||||
|
|
||||||
# Number of elements kept in the cache
|
|
||||||
# Values unlikely to change (e.g. namespaces) are cached in order to save prevent needless roundtrips to the database.
|
|
||||||
cachesize: 16384
|
|
||||||
|
|
||||||
api:
|
|
||||||
# API server port
|
|
||||||
port: 6060
|
|
||||||
healthport: 6061
|
|
||||||
|
|
||||||
# Deadline before an API request will respond with a 503
|
|
||||||
timeout: 300s
|
|
||||||
updater:
|
|
||||||
interval: ${interval}h
|
|
||||||
|
|
||||||
notifier:
|
|
||||||
attempts: 3
|
|
||||||
renotifyinterval: 2h
|
|
||||||
http:
|
|
||||||
endpoint: http://core:8080/service/notifications/clair
|
|
|
@ -1,25 +0,0 @@
|
||||||
clair:
|
|
||||||
database:
|
|
||||||
type: pgsql
|
|
||||||
options:
|
|
||||||
source: postgresql://{{username}}:{{password}}@{{host}}:{{port}}/{{dbname}}?sslmode=disable
|
|
||||||
|
|
||||||
# Number of elements kept in the cache
|
|
||||||
# Values unlikely to change (e.g. namespaces) are cached in order to save prevent needless roundtrips to the database.
|
|
||||||
cachesize: 16384
|
|
||||||
|
|
||||||
api:
|
|
||||||
# API server port
|
|
||||||
port: 6060
|
|
||||||
healthport: 6061
|
|
||||||
|
|
||||||
# Deadline before an API request will respond with a 503
|
|
||||||
timeout: 300s
|
|
||||||
updater:
|
|
||||||
interval: {{interval}}h
|
|
||||||
|
|
||||||
notifier:
|
|
||||||
attempts: 3
|
|
||||||
renotifyinterval: 2h
|
|
||||||
http:
|
|
||||||
endpoint: http://core:8080/service/notifications/clair
|
|
|
@ -1 +0,0 @@
|
||||||
POSTGRES_PASSWORD=$password
|
|
|
@ -1 +0,0 @@
|
||||||
POSTGRES_PASSWORD={{password}}
|
|
|
@ -1,7 +0,0 @@
|
||||||
This folder used to run some initial sql for clair if needed.
|
|
||||||
|
|
||||||
Just put the sql file in this directory and then start the
|
|
||||||
clair .
|
|
||||||
|
|
||||||
both .sql and .gz format supported
|
|
||||||
|
|
|
@ -1,6 +0,0 @@
|
||||||
appname = Harbor
|
|
||||||
runmode = dev
|
|
||||||
enablegzip = true
|
|
||||||
|
|
||||||
[dev]
|
|
||||||
httpport = 8080
|
|
|
@ -1,68 +0,0 @@
|
||||||
PORT=8080
|
|
||||||
LOG_LEVEL=info
|
|
||||||
EXT_ENDPOINT=$public_url
|
|
||||||
AUTH_MODE=$auth_mode
|
|
||||||
SELF_REGISTRATION=$self_registration
|
|
||||||
LDAP_URL=$ldap_url
|
|
||||||
LDAP_SEARCH_DN=$ldap_searchdn
|
|
||||||
LDAP_SEARCH_PWD=$ldap_search_pwd
|
|
||||||
LDAP_BASE_DN=$ldap_basedn
|
|
||||||
LDAP_FILTER=$ldap_filter
|
|
||||||
LDAP_UID=$ldap_uid
|
|
||||||
LDAP_SCOPE=$ldap_scope
|
|
||||||
LDAP_TIMEOUT=$ldap_timeout
|
|
||||||
LDAP_VERIFY_CERT=$ldap_verify_cert
|
|
||||||
DATABASE_TYPE=postgresql
|
|
||||||
POSTGRESQL_HOST=$db_host
|
|
||||||
POSTGRESQL_PORT=$db_port
|
|
||||||
POSTGRESQL_USERNAME=$db_user
|
|
||||||
POSTGRESQL_PASSWORD=$db_password
|
|
||||||
POSTGRESQL_DATABASE=registry
|
|
||||||
POSTGRESQL_SSLMODE=disable
|
|
||||||
LDAP_GROUP_BASEDN=$ldap_group_basedn
|
|
||||||
LDAP_GROUP_FILTER=$ldap_group_filter
|
|
||||||
LDAP_GROUP_GID=$ldap_group_gid
|
|
||||||
LDAP_GROUP_SCOPE=$ldap_group_scope
|
|
||||||
REGISTRY_URL=$registry_url
|
|
||||||
TOKEN_SERVICE_URL=$token_service_url
|
|
||||||
EMAIL_HOST=$email_host
|
|
||||||
EMAIL_PORT=$email_port
|
|
||||||
EMAIL_USR=$email_usr
|
|
||||||
EMAIL_PWD=$email_pwd
|
|
||||||
EMAIL_SSL=$email_ssl
|
|
||||||
EMAIL_FROM=$email_from
|
|
||||||
EMAIL_IDENTITY=$email_identity
|
|
||||||
EMAIL_INSECURE=$email_insecure
|
|
||||||
HARBOR_ADMIN_PASSWORD=$harbor_admin_password
|
|
||||||
PROJECT_CREATION_RESTRICTION=$project_creation_restriction
|
|
||||||
MAX_JOB_WORKERS=$max_job_workers
|
|
||||||
CORE_SECRET=$core_secret
|
|
||||||
JOBSERVICE_SECRET=$jobservice_secret
|
|
||||||
TOKEN_EXPIRATION=$token_expiration
|
|
||||||
CFG_EXPIRATION=5
|
|
||||||
ADMIRAL_URL=$admiral_url
|
|
||||||
WITH_NOTARY=$with_notary
|
|
||||||
WITH_CLAIR=$with_clair
|
|
||||||
CLAIR_DB_PASSWORD=$clair_db_password
|
|
||||||
CLAIR_DB_HOST=$clair_db_host
|
|
||||||
CLAIR_DB_PORT=$clair_db_port
|
|
||||||
CLAIR_DB_USERNAME=$clair_db_username
|
|
||||||
CLAIR_DB=$clair_db
|
|
||||||
CLAIR_DB_SSLMODE=disable
|
|
||||||
RESET=$reload_config
|
|
||||||
UAA_ENDPOINT=$uaa_endpoint
|
|
||||||
UAA_CLIENTID=$uaa_clientid
|
|
||||||
UAA_CLIENTSECRET=$uaa_clientsecret
|
|
||||||
UAA_VERIFY_CERT=$uaa_verify_cert
|
|
||||||
CORE_URL=$core_url
|
|
||||||
JOBSERVICE_URL=$jobservice_url
|
|
||||||
CLAIR_URL=$clair_url
|
|
||||||
NOTARY_URL=$notary_url
|
|
||||||
REGISTRY_STORAGE_PROVIDER_NAME=$storage_provider_name
|
|
||||||
READ_ONLY=false
|
|
||||||
SKIP_RELOAD_ENV_PATTERN=$skip_reload_env_pattern
|
|
||||||
RELOAD_KEY=$reload_key
|
|
||||||
CHART_REPOSITORY_URL=$chart_repository_url
|
|
||||||
LDAP_GROUP_ADMIN_DN=$ldap_group_admin_dn
|
|
||||||
REGISTRY_CONTROLLER_URL=$registry_controller_url
|
|
||||||
WITH_CHARTMUSEUM=$with_chartmuseum
|
|
|
@ -1,10 +0,0 @@
|
||||||
LOG_LEVEL=info
|
|
||||||
CONFIG_PATH=/etc/core/app.conf
|
|
||||||
CORE_SECRET=$core_secret
|
|
||||||
JOBSERVICE_SECRET=$jobservice_secret
|
|
||||||
UAA_CA_ROOT=/etc/core/certificates/uaa_ca.pem
|
|
||||||
_REDIS_URL=$redis_host:$redis_port,100,$redis_password
|
|
||||||
SYNC_REGISTRY=false
|
|
||||||
CHART_CACHE_DRIVER=$chart_cache_driver
|
|
||||||
_REDIS_URL_REG=$redis_url_reg
|
|
||||||
|
|
|
@ -1,51 +0,0 @@
|
||||||
-----BEGIN RSA PRIVATE KEY-----
|
|
||||||
MIIJKAIBAAKCAgEAtpMvyv153iSmwm6TrFpUOzsIGBEDbGtOOEZMEm08D8IC2n1G
|
|
||||||
d6/XOZ5FxPAD6gIpE0EAcMojY5O0Hl4CDoyV3e/iKcBqFOgYtpogNtan7yT5J8gw
|
|
||||||
KsPbU/8nBkK75GOq56nfvq4t9GVAclIDtHbuvmlh6O2n+fxtR0M9LbuotbSBdXYU
|
|
||||||
hzXqiSsMclBvLyIk/z327VP5l0nUNOzPuKIwQjuxYKDkvq1oGy98oVlE6wl0ldh2
|
|
||||||
ZYZLGAYbVhqBVUT1Un/PYqi9Nofa2RI5n1WOkUJQp87vb+PUPFhVOdvH/oAzV6/b
|
|
||||||
9dzyhA5paDM06lj2gsg9hQWxCgbFh1x39c6pSI8hmVe6x2d4tAtSyOm3Qwz+zO2l
|
|
||||||
bPDvkY8Svh5nxUYObrNreoO8wHr8MC6TGUQLnUt/RfdVKe5fYPFl6VYqJP/L3LDn
|
|
||||||
Xj771nFq6PKiYbhBwJw3TM49gpKNS/Of70TP2m7nVlyuyMdE5T1j3xyXNkixXqqn
|
|
||||||
JuSMqX/3Bmm0On9KEbemwn7KRYF/bqc50+RcGUdKNcOkN6vuMVZei4GbxALnVqac
|
|
||||||
s+/UQAiQP4212UO7iZFwMaCNJ3r/b4GOlyalI1yEA4odoZov7k5zVOzHu8O6QmCj
|
|
||||||
3R5TVOudpGiUh+lumRRpNqxDgjngLljvaWU6ttyIbjnAwCjnJoppZM2lkRkCAwEA
|
|
||||||
AQKCAgAvsvCPlf2a3fR7Y6xNISRUfS22K+u7DaXX6fXB8qv4afWY45Xfex89vG35
|
|
||||||
78L2Bi55C0h0LztjrpkmPeVHq88TtrJduhl88M5UFpxH93jUb9JwZErBQX4xyb2G
|
|
||||||
UzUHjEqAT89W3+a9rR5TP74cDd59/MZJtp1mIF7keVqochi3sDsKVxkx4hIuWALe
|
|
||||||
csk5hTApRyUWCBRzRCSe1yfF0wnMpA/JcP+SGXfTcmqbNNlelo/Q/kaga59+3UmT
|
|
||||||
C0Wy41s8fIvP+MnGT2QLxkkrqYyfwrWTweqoTtuKEIHjpdnwUcoYJKfQ6jKp8aH0
|
|
||||||
STyP5UIyFOKNuFjyh6ZfoPbuT1nGW+YKlUnK4hQ9N/GE0oMoecTaHTbqM+psQvbj
|
|
||||||
6+CG/1ukA5ZTQyogNyuOApArFBQ+RRmVudPKA3JYygIhwctuB2oItsVEOEZMELCn
|
|
||||||
g2aVFAVXGfGRDXvpa8oxs3Pc6RJEp/3tON6+w7cMCx0lwN/Jk2Ie6RgTzUycT3k6
|
|
||||||
MoTQJRoO6/ZHcx3hTut/CfnrWiltyAUZOsefLuLg+Pwf9GHhOycLRI6gHfgSwdIV
|
|
||||||
S77UbbELWdscVr1EoPIasUm1uYWBBcFRTturRW+GHJ8TZX+mcWSBcWwBhp15LjEl
|
|
||||||
tJf+9U6lWMOSB2LvT+vFmR0M9q56fo7UeKFIR7mo7/GpiVu5AQKCAQEA6Qs7G9mw
|
|
||||||
N/JZOSeQO6xIQakC+sKApPyXO58fa7WQzri+l2UrLNp0DEQfZCujqDgwys6OOzR/
|
|
||||||
xg8ZKQWVoad08Ind3ZwoJgnLn6QLENOcE6PpWxA/JjnVGP4JrXCYR98cP0sf9jEI
|
|
||||||
xkR1qT50GbeqU3RDFliI4kGRvbZ8cekzuWppfQcjstSBPdvuxqAcUVmTnTw83nvD
|
|
||||||
FmBbhlLiEgI3iKtJ97UB7480ivnWnOuusduk7FO4jF3hkrOa+YRidinTCi8JBo0Y
|
|
||||||
jx4Ci3Y5x6nvwkXhKzXapd7YmPNisUc5xA7/a+W71cyC0IKUwRc/8pYWLL3R3CpR
|
|
||||||
YiV8gf6gwzOckQKCAQEAyI9CSNoAQH4zpS8B9PF8zILqEEuun8m1f5JB3hQnfWzm
|
|
||||||
7uz/zg6I0TkcCE0AJVSKPHQm1V9+TRbF9+DiOWHEYYzPmK8h63SIufaWxZPqai4E
|
|
||||||
PUj6eQWykBUVJ96n6/AW0JHRZ+WrJ5RXBqCLuY7NP6wDhORrCJjBwaGMohNpbKPS
|
|
||||||
H3QewsoxCh+CEXKdKyy+/yU/f4E89PlHapkW1/bDJ5u7puSD+KvmiDDIXSBncdOO
|
|
||||||
uFT8n+XH5IwgjdXFSDim15rQ8jD2l2xLcwKboTpx5GeRl8oB1VGm0fUbBn1dvGPG
|
|
||||||
4WfHGyrp9VNZtP160WoHr+vRVPqvHNkoeAlCfEwQCQKCAQBN1dtzLN0HgqE8TrOE
|
|
||||||
ysEDdTCykj4nXNoiJr522hi4gsndhQPLolb6NdKKQW0S5Vmekyi8K4e1nhtYMS5N
|
|
||||||
5MFRCasZtmtOcR0af87WWucZRDjPmniNCunaxBZ1YFLsRl+H4E6Xir8UgY8O7PYY
|
|
||||||
FNkFsKIrl3x4nU/RHl8oKKyG9Dyxbq4Er6dPAuMYYiezIAkGjjUCVjHNindnQM2T
|
|
||||||
GDx2IEe/PSydV6ZD+LguhyU88FCAQmI0N7L8rZJIXmgIcWW0VAterceTHYHaFK2t
|
|
||||||
u1uB9pcDOKSDnA+Z3kiLT2/CxQOYhQ2clgbnH4YRi/Nm0awsW2X5dATklAKm5GXL
|
|
||||||
bLSRAoIBAQClaNnPQdTBXBR2IN3pSZ2XAkXPKMwdxvtk+phOc6raHA4eceLL7FrU
|
|
||||||
y9gd1HvRTfcwws8gXcDKDYU62gNaNhMELWEt2QsNqS/2x7Qzwbms1sTyUpUZaSSL
|
|
||||||
BohLOKyfv4ThgdIGcXoGi6Z2tcRnRqpq4BCK8uR/05TBgN5+8amaS0ZKYLfaCW4G
|
|
||||||
nlPk1fVgHWhtAChtnYZLuKg494fKmB7+NMfAbmmVlxjrq+gkPkxyqXvk9Vrg+V8y
|
|
||||||
VIuozu0Fkouv+GRpyw4ldtCHS1hV0eEK8ow2dwmqCMygDxm58X10mYn2b2PcOTl5
|
|
||||||
9sNerUw1GNC8O66K+rGgBk4FKgXmg8kZAoIBABBcuisK250fXAfjAWXGqIMs2+Di
|
|
||||||
vqAdT041SNZEOJSGNFsLJbhd/3TtCLf29PN/YXtnvBmC37rqryTsqjSbx/YT2Jbr
|
|
||||||
Bk3jOr9JVbmcoSubXl8d/uzf7IGs91qaCgBwPZHgeH+kK13FCLexz+U9zYMZ78fF
|
|
||||||
/yO82CpoekT+rcl1jzYn43b6gIklHABQU1uCD6MMyMhJ9Op2WmbDk3X+py359jMc
|
|
||||||
+Cr2zfzdHAIVff2dOV3OL+ZHEWbwtnn3htKUdOmjoTJrciFx0xNZJS5Q7QYHMONj
|
|
||||||
yPqbajyhopiN01aBQpCSGF1F1uRpWeIjTrAZPbrwLl9YSYXz0AT05QeFEFk=
|
|
||||||
-----END RSA PRIVATE KEY-----
|
|
|
@ -1 +0,0 @@
|
||||||
POSTGRES_PASSWORD=$db_password
|
|
|
@ -1,41 +0,0 @@
|
||||||
---
|
|
||||||
#Protocol used to serve
|
|
||||||
protocol: "http"
|
|
||||||
|
|
||||||
#Config certification if use 'https' protocol
|
|
||||||
#https_config:
|
|
||||||
# cert: "server.crt"
|
|
||||||
# key: "server.key"
|
|
||||||
|
|
||||||
#Server listening port
|
|
||||||
port: 8080
|
|
||||||
|
|
||||||
#Worker pool
|
|
||||||
worker_pool:
|
|
||||||
#Worker concurrency
|
|
||||||
workers: $max_job_workers
|
|
||||||
backend: "redis"
|
|
||||||
#Additional config if use 'redis' backend
|
|
||||||
redis_pool:
|
|
||||||
#redis://[arbitrary_username:password@]ipaddress:port/database_index
|
|
||||||
redis_url: $redis_url
|
|
||||||
namespace: "harbor_job_service_namespace"
|
|
||||||
#Loggers for the running job
|
|
||||||
job_loggers:
|
|
||||||
- name: "STD_OUTPUT" # logger backend name, only support "FILE" and "STD_OUTPUT"
|
|
||||||
level: "INFO" # INFO/DEBUG/WARNING/ERROR/FATAL
|
|
||||||
- name: "FILE"
|
|
||||||
level: "INFO"
|
|
||||||
settings: # Customized settings of logger
|
|
||||||
base_dir: "/var/log/jobs"
|
|
||||||
sweeper:
|
|
||||||
duration: 1 #days
|
|
||||||
settings: # Customized settings of sweeper
|
|
||||||
work_dir: "/var/log/jobs"
|
|
||||||
|
|
||||||
#Loggers for the job service
|
|
||||||
loggers:
|
|
||||||
- name: "STD_OUTPUT" # Same with above
|
|
||||||
level: "INFO"
|
|
||||||
#Admin server endpoint
|
|
||||||
admin_server: "http://adminserver:8080/"
|
|
|
@ -1,3 +0,0 @@
|
||||||
CORE_SECRET=$core_secret
|
|
||||||
JOBSERVICE_SECRET=$jobservice_secret
|
|
||||||
CORE_URL=$core_url
|
|
|
@ -1,8 +0,0 @@
|
||||||
/var/log/docker/*.log {
|
|
||||||
rotate $log_rotate_count
|
|
||||||
size $log_rotate_size
|
|
||||||
copytruncate
|
|
||||||
compress
|
|
||||||
missingok
|
|
||||||
nodateext
|
|
||||||
}
|
|
|
@ -1,124 +0,0 @@
|
||||||
worker_processes auto;
|
|
||||||
|
|
||||||
events {
|
|
||||||
worker_connections 1024;
|
|
||||||
use epoll;
|
|
||||||
multi_accept on;
|
|
||||||
}
|
|
||||||
|
|
||||||
http {
|
|
||||||
tcp_nodelay on;
|
|
||||||
|
|
||||||
# this is necessary for us to be able to disable request buffering in all cases
|
|
||||||
proxy_http_version 1.1;
|
|
||||||
|
|
||||||
upstream core {
|
|
||||||
server core:8080;
|
|
||||||
}
|
|
||||||
|
|
||||||
upstream portal {
|
|
||||||
server portal:80;
|
|
||||||
}
|
|
||||||
|
|
||||||
log_format timed_combined '$$remote_addr - '
|
|
||||||
'"$$request" $$status $$body_bytes_sent '
|
|
||||||
'"$$http_referer" "$$http_user_agent" '
|
|
||||||
'$$request_time $$upstream_response_time $$pipe';
|
|
||||||
|
|
||||||
access_log /dev/stdout timed_combined;
|
|
||||||
|
|
||||||
server {
|
|
||||||
listen 80;
|
|
||||||
server_tokens off;
|
|
||||||
# disable any limits to avoid HTTP 413 for large image uploads
|
|
||||||
client_max_body_size 0;
|
|
||||||
|
|
||||||
# costumized location config file can place to /etc/nginx/etc with prefix harbor.http. and suffix .conf
|
|
||||||
include /etc/nginx/conf.d/harbor.http.*.conf;
|
|
||||||
|
|
||||||
location / {
|
|
||||||
proxy_pass http://portal/;
|
|
||||||
proxy_set_header Host $$host;
|
|
||||||
proxy_set_header X-Real-IP $$remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-For $$proxy_add_x_forwarded_for;
|
|
||||||
|
|
||||||
# When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings.
|
|
||||||
proxy_set_header X-Forwarded-Proto $$scheme;
|
|
||||||
|
|
||||||
proxy_buffering off;
|
|
||||||
proxy_request_buffering off;
|
|
||||||
}
|
|
||||||
|
|
||||||
location /c/ {
|
|
||||||
proxy_pass http://core/c/;
|
|
||||||
proxy_set_header Host $$host;
|
|
||||||
proxy_set_header X-Real-IP $$remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-For $$proxy_add_x_forwarded_for;
|
|
||||||
|
|
||||||
# When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings.
|
|
||||||
proxy_set_header X-Forwarded-Proto $$scheme;
|
|
||||||
|
|
||||||
proxy_buffering off;
|
|
||||||
proxy_request_buffering off;
|
|
||||||
}
|
|
||||||
|
|
||||||
location /api/ {
|
|
||||||
proxy_pass http://core/api/;
|
|
||||||
proxy_set_header Host $$host;
|
|
||||||
proxy_set_header X-Real-IP $$remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-For $$proxy_add_x_forwarded_for;
|
|
||||||
|
|
||||||
# When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings.
|
|
||||||
proxy_set_header X-Forwarded-Proto $$scheme;
|
|
||||||
|
|
||||||
proxy_buffering off;
|
|
||||||
proxy_request_buffering off;
|
|
||||||
}
|
|
||||||
|
|
||||||
location /chartrepo/ {
|
|
||||||
proxy_pass http://core/chartrepo/;
|
|
||||||
proxy_set_header Host $$host;
|
|
||||||
proxy_set_header X-Real-IP $$remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-For $$proxy_add_x_forwarded_for;
|
|
||||||
|
|
||||||
# When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings.
|
|
||||||
proxy_set_header X-Forwarded-Proto $$scheme;
|
|
||||||
|
|
||||||
proxy_buffering off;
|
|
||||||
proxy_request_buffering off;
|
|
||||||
}
|
|
||||||
|
|
||||||
location /v1/ {
|
|
||||||
return 404;
|
|
||||||
}
|
|
||||||
|
|
||||||
location /v2/ {
|
|
||||||
proxy_pass http://core/v2/;
|
|
||||||
proxy_set_header Host $$http_host;
|
|
||||||
proxy_set_header X-Real-IP $$remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-For $$proxy_add_x_forwarded_for;
|
|
||||||
|
|
||||||
# When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings.
|
|
||||||
proxy_set_header X-Forwarded-Proto $$scheme;
|
|
||||||
proxy_buffering off;
|
|
||||||
proxy_request_buffering off;
|
|
||||||
}
|
|
||||||
|
|
||||||
location /service/ {
|
|
||||||
proxy_pass http://core/service/;
|
|
||||||
proxy_set_header Host $$host;
|
|
||||||
proxy_set_header X-Real-IP $$remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-For $$proxy_add_x_forwarded_for;
|
|
||||||
|
|
||||||
# When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings.
|
|
||||||
proxy_set_header X-Forwarded-Proto $$scheme;
|
|
||||||
|
|
||||||
proxy_buffering off;
|
|
||||||
proxy_request_buffering off;
|
|
||||||
}
|
|
||||||
|
|
||||||
location /service/notifications {
|
|
||||||
return 404;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,149 +0,0 @@
|
||||||
worker_processes auto;
|
|
||||||
|
|
||||||
events {
|
|
||||||
worker_connections 1024;
|
|
||||||
use epoll;
|
|
||||||
multi_accept on;
|
|
||||||
}
|
|
||||||
|
|
||||||
http {
|
|
||||||
tcp_nodelay on;
|
|
||||||
include /etc/nginx/conf.d/*.upstream.conf;
|
|
||||||
|
|
||||||
# this is necessary for us to be able to disable request buffering in all cases
|
|
||||||
proxy_http_version 1.1;
|
|
||||||
|
|
||||||
upstream core {
|
|
||||||
server core:8080;
|
|
||||||
}
|
|
||||||
|
|
||||||
upstream portal {
|
|
||||||
server portal:80;
|
|
||||||
}
|
|
||||||
|
|
||||||
log_format timed_combined '$$remote_addr - '
|
|
||||||
'"$$request" $$status $$body_bytes_sent '
|
|
||||||
'"$$http_referer" "$$http_user_agent" '
|
|
||||||
'$$request_time $$upstream_response_time $$pipe';
|
|
||||||
|
|
||||||
access_log /dev/stdout timed_combined;
|
|
||||||
|
|
||||||
include /etc/nginx/conf.d/*.server.conf;
|
|
||||||
|
|
||||||
server {
|
|
||||||
listen 443 ssl;
|
|
||||||
# server_name harbordomain.com;
|
|
||||||
server_tokens off;
|
|
||||||
# SSL
|
|
||||||
ssl_certificate $ssl_cert;
|
|
||||||
ssl_certificate_key $ssl_cert_key;
|
|
||||||
|
|
||||||
# Recommendations from https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
|
|
||||||
ssl_protocols TLSv1.1 TLSv1.2;
|
|
||||||
ssl_ciphers '!aNULL:kECDH+AESGCM:ECDH+AESGCM:RSA+AESGCM:kECDH+AES:ECDH+AES:RSA+AES:';
|
|
||||||
ssl_prefer_server_ciphers on;
|
|
||||||
ssl_session_cache shared:SSL:10m;
|
|
||||||
|
|
||||||
# disable any limits to avoid HTTP 413 for large image uploads
|
|
||||||
client_max_body_size 0;
|
|
||||||
|
|
||||||
# required to avoid HTTP 411: see Issue #1486 (https://github.com/docker/docker/issues/1486)
|
|
||||||
chunked_transfer_encoding on;
|
|
||||||
|
|
||||||
# costumized location config file can place to /etc/nginx dir with prefix harbor.https. and suffix .conf
|
|
||||||
include /etc/nginx/conf.d/harbor.https.*.conf;
|
|
||||||
|
|
||||||
location / {
|
|
||||||
proxy_pass http://portal/;
|
|
||||||
proxy_set_header Host $$http_host;
|
|
||||||
proxy_set_header X-Real-IP $$remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-For $$proxy_add_x_forwarded_for;
|
|
||||||
|
|
||||||
# When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings.
|
|
||||||
proxy_set_header X-Forwarded-Proto $$scheme;
|
|
||||||
|
|
||||||
# Add Secure flag when serving HTTPS
|
|
||||||
proxy_cookie_path / "/; secure";
|
|
||||||
|
|
||||||
proxy_buffering off;
|
|
||||||
proxy_request_buffering off;
|
|
||||||
}
|
|
||||||
|
|
||||||
location /c/ {
|
|
||||||
proxy_pass http://core/c/;
|
|
||||||
proxy_set_header Host $$host;
|
|
||||||
proxy_set_header X-Real-IP $$remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-For $$proxy_add_x_forwarded_for;
|
|
||||||
|
|
||||||
# When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings.
|
|
||||||
proxy_set_header X-Forwarded-Proto $$scheme;
|
|
||||||
|
|
||||||
proxy_buffering off;
|
|
||||||
proxy_request_buffering off;
|
|
||||||
}
|
|
||||||
|
|
||||||
location /api/ {
|
|
||||||
proxy_pass http://core/api/;
|
|
||||||
proxy_set_header Host $$host;
|
|
||||||
proxy_set_header X-Real-IP $$remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-For $$proxy_add_x_forwarded_for;
|
|
||||||
|
|
||||||
# When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings.
|
|
||||||
proxy_set_header X-Forwarded-Proto $$scheme;
|
|
||||||
|
|
||||||
proxy_buffering off;
|
|
||||||
proxy_request_buffering off;
|
|
||||||
}
|
|
||||||
|
|
||||||
location /chartrepo/ {
|
|
||||||
proxy_pass http://core/chartrepo/;
|
|
||||||
proxy_set_header Host $$host;
|
|
||||||
proxy_set_header X-Real-IP $$remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-For $$proxy_add_x_forwarded_for;
|
|
||||||
|
|
||||||
# When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings.
|
|
||||||
proxy_set_header X-Forwarded-Proto $$scheme;
|
|
||||||
|
|
||||||
proxy_buffering off;
|
|
||||||
proxy_request_buffering off;
|
|
||||||
}
|
|
||||||
|
|
||||||
location /v1/ {
|
|
||||||
return 404;
|
|
||||||
}
|
|
||||||
|
|
||||||
location /v2/ {
|
|
||||||
proxy_pass http://core/v2/;
|
|
||||||
proxy_set_header Host $$http_host;
|
|
||||||
proxy_set_header X-Real-IP $$remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-For $$proxy_add_x_forwarded_for;
|
|
||||||
|
|
||||||
# When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings.
|
|
||||||
proxy_set_header X-Forwarded-Proto $$scheme;
|
|
||||||
proxy_buffering off;
|
|
||||||
proxy_request_buffering off;
|
|
||||||
}
|
|
||||||
|
|
||||||
location /service/ {
|
|
||||||
proxy_pass http://core/service/;
|
|
||||||
proxy_set_header Host $$http_host;
|
|
||||||
proxy_set_header X-Real-IP $$remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-For $$proxy_add_x_forwarded_for;
|
|
||||||
|
|
||||||
# When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings.
|
|
||||||
proxy_set_header X-Forwarded-Proto $$scheme;
|
|
||||||
|
|
||||||
proxy_buffering off;
|
|
||||||
proxy_request_buffering off;
|
|
||||||
}
|
|
||||||
|
|
||||||
location /service/notifications {
|
|
||||||
return 404;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
server {
|
|
||||||
listen 80;
|
|
||||||
#server_name harbordomain.com;
|
|
||||||
return 308 https://$$host$$request_uri;
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,33 +0,0 @@
|
||||||
server {
|
|
||||||
listen 4443 ssl;
|
|
||||||
server_tokens off;
|
|
||||||
# ssl
|
|
||||||
ssl_certificate $ssl_cert;
|
|
||||||
ssl_certificate_key $ssl_cert_key;
|
|
||||||
|
|
||||||
# recommendations from https://raymii.org/s/tutorials/strong_ssl_security_on_nginx.html
|
|
||||||
ssl_protocols tlsv1.1 tlsv1.2;
|
|
||||||
ssl_ciphers '!aNULL:kECDH+AESGCM:ECDH+AESGCM:RSA+AESGCM:kECDH+AES:ECDH+AES:RSA+AES:';
|
|
||||||
ssl_prefer_server_ciphers on;
|
|
||||||
ssl_session_cache shared:ssl:10m;
|
|
||||||
|
|
||||||
# disable any limits to avoid http 413 for large image uploads
|
|
||||||
client_max_body_size 0;
|
|
||||||
|
|
||||||
# required to avoid http 411: see issue #1486 (https://github.com/docker/docker/issues/1486)
|
|
||||||
chunked_transfer_encoding on;
|
|
||||||
|
|
||||||
location /v2/ {
|
|
||||||
proxy_pass http://notary-server/v2/;
|
|
||||||
proxy_set_header Host $$http_host;
|
|
||||||
proxy_set_header X-Real-IP $$remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-For $$proxy_add_x_forwarded_for;
|
|
||||||
|
|
||||||
# When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings.
|
|
||||||
proxy_set_header X-Forwarded-Proto $$scheme;
|
|
||||||
|
|
||||||
proxy_buffering off;
|
|
||||||
proxy_request_buffering off;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
|
@ -1,4 +0,0 @@
|
||||||
|
|
||||||
upstream notary-server {
|
|
||||||
server notary-server:4443;
|
|
||||||
}
|
|
|
@ -1,32 +0,0 @@
|
||||||
-----BEGIN CERTIFICATE-----
|
|
||||||
MIIFhjCCA26gAwIBAgIJALJdsE+BUxypMA0GCSqGSIb3DQEBCwUAMF8xCzAJBgNV
|
|
||||||
BAYTAlVTMQswCQYDVQQIDAJDQTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzEPMA0G
|
|
||||||
A1UECgwGRG9ja2VyMRowGAYDVQQDDBFOb3RhcnkgVGVzdGluZyBDQTAeFw0xNzAx
|
|
||||||
MjMwNjAzMzZaFw0yNzAxMjEwNjAzMzZaMF8xCzAJBgNVBAYTAlVTMQswCQYDVQQI
|
|
||||||
DAJDQTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzEPMA0GA1UECgwGRG9ja2VyMRow
|
|
||||||
GAYDVQQDDBFOb3RhcnkgVGVzdGluZyBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIP
|
|
||||||
ADCCAgoCggIBALIZNBcIoQDJql5w+XULXq9W3tmD47xnf+IG4u7hkDVPCT4xRG74
|
|
||||||
LBoSuFyPUrfT+tsibMlNG6XRtSfLQdNNeQuyIuiilNXV0kXB0RR3TrhxCaKdhRU5
|
|
||||||
oQGfpYMvbPNFB7WU/5aAiQutHH85hEMPECf1qPjq8YlUaXJLGFY3WRkW+OOBZ78U
|
|
||||||
00PqKlvC1kR/NbsV3IkMrO+vWWJQrPFusyYjQ511eQXnRtt8P0Qic0azPffQDVxC
|
|
||||||
WUe47hmdQ1AULbxQ9AZcPlMI7UFqo+/w/4hPEGJMeOWirLvHLXg4nsOwy7DfWl/n
|
|
||||||
MqLdJOC/KNfQVAQtkteeZZkkIIV1gxTPYsJqPNwkP9GdJK1A8NW1ef75v7xbQCPY
|
|
||||||
03QQonBEK7ny7b1xXGGgJzXvK9RP0UUwjt/815c4d0cgUHsy4yuvl2F44EObRshk
|
|
||||||
fjJVsN/0wrtq4QLE5ZvbeO+7to8dLcRxkmB8axhxahega7akUyY0WxZ+iSn6fzft
|
|
||||||
/xeCcs/L10V5z0kK4PbiNnooDzV4B6Dy/5oyNExw0jgpD0mzOK5aLb0tXGqFT/ZJ
|
|
||||||
9vydelBq5q4jLV7SHhHM1dBJSv1fl7vOpDlEr7LBd4YAO2BowoyGLHtLhgYybXF+
|
|
||||||
CZ9ywPb1dIIcdK5IVeZECNHMSBuhCRZUu+aun8tRcdSgLEX7mQ/GKWELAgMBAAGj
|
|
||||||
RTBDMBIGA1UdEwEB/wQIMAYBAf8CAQEwDgYDVR0PAQH/BAQDAgFGMB0GA1UdDgQW
|
|
||||||
BBSWWbcCebeEgZlWk2/k+abh+bEFpDANBgkqhkiG9w0BAQsFAAOCAgEAQ9gA3Q4b
|
|
||||||
r2+ZJdIDoDzCNdtHQbb/d1NiUP/Na1MFo7omR3MnKGXy3dIp9IrQq6ROhlqUhDvl
|
|
||||||
pZegYhTbunTVv1KKJ+5n1hY6pG/Jr8oLY3b9i4qwDLKfQGm5PmrfwAtqbLSfY2M0
|
|
||||||
2AZyAhCdGbqB7WpTdG1J7DzGbVVWAtS05e24Mu0qZJvpHdtl4+t89vXgJ/bPrPxF
|
|
||||||
cpAlT9DOtobTEqrXZeS937F1qNyIgyBki+7mtxkwng5cf3zQM2BJ9lSFQJOBSRDr
|
|
||||||
haMcnaPI4pknO7OfYf5W9LaS1Dx/U/NeMBfnVBd9NjUw+TMjy2MdMLUaLa9EF7Jo
|
|
||||||
Gjk+fKaTaUgO8I487wHPMeoEA4A4dEePzGrybRLfl1ZYGQ0xcgunz64n2xfQIy2y
|
|
||||||
swiyaofYlLxzHzOL0N+Y76P0ic37t9R2F5ggNhfbXhClK2h4HmdjRRRt3VkxR4AD
|
|
||||||
7OM09bEhlZby34HOlCaC0PHKwYBMjneAG3ycPN88YTMYR2/KizExe71ayNwX2KHL
|
|
||||||
ib1nOZgZT6s+YvgsZ7lRmMD4iqjuAEh5SRAcWlolVif8bAy09BkY1vwrtgV73q88
|
|
||||||
heEbsCE1fsfk1OfH5W4yjjiSDZFRt5oTCPQWJp+2P0RJ9LCxcbf0RrCg3hg5rD9N
|
|
||||||
lVTA0dsixv5zF3wTuad9inhk9Rmlq1KoaqA=
|
|
||||||
-----END CERTIFICATE-----
|
|
|
@ -1,32 +0,0 @@
|
||||||
-----BEGIN CERTIFICATE-----
|
|
||||||
MIIFdjCCA14CCQCeVwANSZmmiDANBgkqhkiG9w0BAQsFADCBhDELMAkGA1UEBhMC
|
|
||||||
VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVBhbG8gQWx0bzEVMBMG
|
|
||||||
A1UECgwMVk13YXJlLCBJbmMuMQ8wDQYDVQQLDAZIYXJib3IxJDAiBgNVBAMMG1Nl
|
|
||||||
bGYtc2lnbmVkIGJ5IFZNd2FyZSwgSW5jLjAeFw0xNzAzMjQwNTMyMDBaFw0yNzAz
|
|
||||||
MjIwNTMyMDBaMHUxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIw
|
|
||||||
EAYDVQQHDAlQYWxvIEFsdG8xFTATBgNVBAoMDFZNd2FyZSwgSW5jLjEPMA0GA1UE
|
|
||||||
CwwGSGFyYm9yMRUwEwYDVQQDDAxub3RhcnlzaWduZXIwggIiMA0GCSqGSIb3DQEB
|
|
||||||
AQUAA4ICDwAwggIKAoICAQC6TV2RCoH8d1g6xFvDo4FL9v+pGLe5+bu9ryjTaLbN
|
|
||||||
dH/Cmf5/8WrmgJ3vG2Ksk796J7qsVddwvQkZn6NwDm2Tm+ETMCG85yEA3jl4Kr9R
|
|
||||||
XfWHYWEavv0vsq6M+bUSSq7VJAhgk4wfx6qJBnFX2qKpODeYLHaHxU1EnIXrStNf
|
|
||||||
IqR4Eu0Xre8jAkzrDdaFy/KnX4HGgNdz413CXzBCKEuu3VJj07ZvonnTzOgoLvh8
|
|
||||||
+PCoQ2M4OBPT9gHqUov1I8nWnrjc+HuM1BW3YIGCB5TV9x0Y7hjvkr4E38gbJURj
|
|
||||||
uDwg8jof4lMRmU/FHXFLt1ucGwNFUJdPwI7dyEKRA03Lr7htfP5sa9tmv3L93dKD
|
|
||||||
po1gW1LsfiM3Cur5jARM/hBA+eYJr12Laf9oL59r8JmweqF3zRSwGSY336XoR/Fv
|
|
||||||
/PAFs9vfKKWZp0uiRtuY9JZNRTF8trnfNf1957bND+DS2HWPmWkw4yK6CGa0s55X
|
|
||||||
adiDt4gDFvKjl68dBWZoHutY+cZy/hK1D5uqagcX1kzbr/Pzy1gsq9FBBwaTJqBu
|
|
||||||
YIAsSuzP+7NNZXoPd3rg13V93pbZr8eQN5VOQIBZK83xZEtHSJBEdUSuBOo3JS7j
|
|
||||||
/rjEnspRqOI4soFnx1vaK0TrRyzJ5KBOuGpW4u8/ZUdIq8KIE30Mj/XI/sgAPr5j
|
|
||||||
UQIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQBjqYBm/FRqyMH2hnHA0TMXY/WPufJ8
|
|
||||||
TX10daELCAYJCEETXmUt1i7dnFxdAZXTnHENHdNYiS4nGBfqMLmODtcAamcv6Dcl
|
|
||||||
JnyQPt3QlCDPKkcHgz3y4tvDDx6M5rFWYzN9QLiWAYrunIk1R4Jj7FODrM6/NODE
|
|
||||||
0Mz1czWfsmLfX/jF80SsxnY1DCLKGgo6/RID3xTp4eIMboxCfeH2/yDA+6YPyYbV
|
|
||||||
Si4ccwo9Foq0IYU8bimPNTyBQ0N+8ajcn328ql6aazmr894Ch5pWA3Qxaa98FcKS
|
|
||||||
zokBvmmCuvCJ9HOmxKWdFEhSRS9GWxn7wg78UIlLP/8RfUrsecBJHgyhWRA7Qs3K
|
|
||||||
keiG68Zrhn456IdMxjCZXgJ7gAAe77n4Cz8sFEHAvnAg9JLNEHuEBV5H1Hb7TzET
|
|
||||||
k0lPiEY78QjutOpqHsWiagqSjlGEMqKI9c8WxXHh9030T/6NnWkdXFo+4HaEZEpp
|
|
||||||
0JryASS53B5SwLIPrn0Y2/io/kRgbglGktPt6Ex0DwW3f96lcz3me34Nw+HOYYnz
|
|
||||||
b0cz7JqJZgFXfEnykic3IwZs7m7Xrl9B/vvaVub9Fb5LQ7rIzrO7VkoILov/G41B
|
|
||||||
Pd4/kagjXDTWd+UBMvZF6YGjr+TUZi5ooi7bvQ3X6N9WNYKW4a1DOokz9janStiL
|
|
||||||
MrTKyOEOBi0Aew==
|
|
||||||
-----END CERTIFICATE-----
|
|
|
@ -1,52 +0,0 @@
|
||||||
-----BEGIN PRIVATE KEY-----
|
|
||||||
MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQC6TV2RCoH8d1g6
|
|
||||||
xFvDo4FL9v+pGLe5+bu9ryjTaLbNdH/Cmf5/8WrmgJ3vG2Ksk796J7qsVddwvQkZ
|
|
||||||
n6NwDm2Tm+ETMCG85yEA3jl4Kr9RXfWHYWEavv0vsq6M+bUSSq7VJAhgk4wfx6qJ
|
|
||||||
BnFX2qKpODeYLHaHxU1EnIXrStNfIqR4Eu0Xre8jAkzrDdaFy/KnX4HGgNdz413C
|
|
||||||
XzBCKEuu3VJj07ZvonnTzOgoLvh8+PCoQ2M4OBPT9gHqUov1I8nWnrjc+HuM1BW3
|
|
||||||
YIGCB5TV9x0Y7hjvkr4E38gbJURjuDwg8jof4lMRmU/FHXFLt1ucGwNFUJdPwI7d
|
|
||||||
yEKRA03Lr7htfP5sa9tmv3L93dKDpo1gW1LsfiM3Cur5jARM/hBA+eYJr12Laf9o
|
|
||||||
L59r8JmweqF3zRSwGSY336XoR/Fv/PAFs9vfKKWZp0uiRtuY9JZNRTF8trnfNf19
|
|
||||||
57bND+DS2HWPmWkw4yK6CGa0s55XadiDt4gDFvKjl68dBWZoHutY+cZy/hK1D5uq
|
|
||||||
agcX1kzbr/Pzy1gsq9FBBwaTJqBuYIAsSuzP+7NNZXoPd3rg13V93pbZr8eQN5VO
|
|
||||||
QIBZK83xZEtHSJBEdUSuBOo3JS7j/rjEnspRqOI4soFnx1vaK0TrRyzJ5KBOuGpW
|
|
||||||
4u8/ZUdIq8KIE30Mj/XI/sgAPr5jUQIDAQABAoICAQCqIgbFcqwcK7zWBgWrFsD3
|
|
||||||
53u4J4t4+df6NGB7F9CAtdgKlej1XDl8gI46Em89HLwqyOdPhCD3opoR3Vg69+IX
|
|
||||||
f62+gSD+SrA4A7jFxXvryXt0g3hTHYFHssx2j39NUghxOrOvxm6bgxJ4ifqt+Uq8
|
|
||||||
cEtM26Xu/T4/3xTpN+7pnVBHGzmLe1q8RNiLe5qhmwtgz/ZKmdSnz0YLQDRo5jWf
|
|
||||||
Xhxkb63WKrFIu4JzV9my/v9/GfMdHxD0a196ZqHLX0Buj4pQuVbS18dxLF94qIXC
|
|
||||||
FCZtYtpAxmhjOR2btJ/M1S2MBMkR3vRvSOuxHd8d/zdYys5k2WElArs1TDGGDldW
|
|
||||||
jp3FYkoygsdWTs056HM1Y9F8dV2KAWfAhEQD8mBIGVjMrCqpnyZcK6JkqVg9c7YW
|
|
||||||
IYQ2JRwsHq58FMNa3TLTvf/OClhEfSbRWAF0AhMTpnSUgP06cbJeXyzqzHdE37hv
|
|
||||||
74OBx7KNoS+PEQ3lVgbHsWoUzf3SqB1IOzLyzuEUgHqON2GKmmCNcRMBi3DuV9tw
|
|
||||||
Q8LWynNxhD8vyBkmo0kAd/FwgXrxJTGdYvxyn29I7QanCTH7o8wtjSE0jj9Qo7oC
|
|
||||||
McAYGR6oTAjrT78KhI7aZJU5nuA6ySSCJRa6et1CC+SseWknyMMJ5HTo8l7jjXJA
|
|
||||||
9hjNGGs6giOxznizf+2YAQKCAQEA9wRQk4yN402tfuicvfQBnFUtcpqctWSgGc0T
|
|
||||||
qzWJgH/W07FMUHzAvqCgsYMMaeteXOMZH7jijvtIlhYfIg5w+RJ9PSsSu680OzGN
|
|
||||||
R31+l2B/QzRAHUJ6+OVgWxAn6awU1mYLaiwVmSNWEnjAPE4XeSK708OOganI3pBQ
|
|
||||||
8zOHj+j6uV8ddG79D6FqNJHAQwpou/p+XO/BGDFgX22x4F68Z0gCQcmoyAE7ppOp
|
|
||||||
dqq3lPoDbRQ02/5cqaIA6dhmfjK2cpz4y1nUxffzY7qJjpoB/YSdR66cCNiYcJzp
|
|
||||||
fMVBXhF9Iyj/Cah1w+hc0NOy9dW15afFaLFK0zrtAzEaVxH/0QKCAQEAwRPOwSCl
|
|
||||||
XrMYXmc91TF6XbhErILHK/pIEOIMF09KNJvSjY0188Ram/pFbPRYh0cIyASmRGXL
|
|
||||||
Qq5B1Qi0vx5TCq1OCrW2yeE7zboAlnADhk1u9N8YmL6JrCKVGQO7wFD3V8uphXdM
|
|
||||||
tixNa5WvJ6eE5Vq+SVy99V5pQgb8ErrISlW4MYK7LI7DruSDuM2tHtiOcXcdTVej
|
|
||||||
1stXJZkH46RYvxxid9tRzfiB8K5ziZfLwPNf2wRyj1J4ojn5pPNhhfkjJ24LCZGt
|
|
||||||
JxwSXqdP+4x7by6x3mU+hutU/lF3jl+0edSnU0cZ6lvuq2T5YGgda/VXlv1ZFQUw
|
|
||||||
rwUXD9unU+aLgQKCAQEA9R74/pI5sthAVHFsKStb9dComtNGstI59aCF5h3oZvV1
|
|
||||||
Lvj/q9dARWqMS9qplOoV58MMCWikmhJNw3IMTvVZsjBgyzRVEJ4aDKttcQXde0Ys
|
|
||||||
w3m0LdTsxtSHu5XapY032FHG/gLlI+Pm48mjqbQsou6OyOOEJLNhO0qmqc/2tB4T
|
|
||||||
v6PdTM9enAYnqCcCTQSlTfSTNJJOYT2OTuRB4U7hUvQoGTSOInrmwLRDNBjQuCso
|
|
||||||
/zNQCQbu2P6EPYmam5yjZDTUxqZL+G/GvK49Fp9JXlQc5ycke7rD+uwa3s+3wCtG
|
|
||||||
rH9gJitfQZrxj+Cj9EOwj0bfJLbac6ZD0CkH5GNeIQKCAQBdoGFOPapzdZ2HicDu
|
|
||||||
NQQFlmmWzgQPS1rO9Q6v7v8o67b6dVOIVdsqb/5ii0qyrruPYtHNsR8TwrShvYsI
|
|
||||||
cogKUWfawatV0ibR6DSIvuC2q632iIjA6QSRuGNcsfbFl32Z0WTvF57XaDxSw08g
|
|
||||||
h5dmMM69fH+REKsyHXj3DCQ8B70+JQrm3IP/t0g4wWQF5TWNyBkpfCoy6n/j94Vf
|
|
||||||
2j4+zmDhhjTxEGTSdYYJXtarRllhN5Ll9TQSVtK8LllIQjvNzwsDJOU2ZeJyi+e5
|
|
||||||
L7Jbg+U01xuvCUc52/+Bxt8ZhQlu1Le4ccQW0Ows19AMnfhPe6NLEi09cdZxFi7Z
|
|
||||||
/J4BAoIBABCzkBDFxZdfWYt69VBt9PSG8eJ6avny3hXCtKaHIQb+aD5nKjRP0DVh
|
|
||||||
gyutCo6RasMEc6D1tJGyR/Xvhm64q4JPb5UbSaRQiVYKdgRtMM9pZeBkcBtNs18K
|
|
||||||
yMx5ajgYorrbi86hXHX7q+JYP8MCbcqqAUSl/Hi8nPxc1foTiCNDf4kGoHvXmoxt
|
|
||||||
0tA65tFFQhEA6KBn68SDkyTsl/zb5Sx0GJY4kZkOeF3GaxPFX12skgXv95GJUskX
|
|
||||||
88RJsH4Qqqtzbzj8R241BH8OrcOoyELc6xPioEqUHKVxSIf2ylITbj0UQHd2u0mN
|
|
||||||
tajKl+aoc+CDxUYbilzhhKetWWF/cJY=
|
|
||||||
-----END PRIVATE KEY-----
|
|
|
@ -1,28 +0,0 @@
|
||||||
{
|
|
||||||
"server": {
|
|
||||||
"http_addr": ":4443"
|
|
||||||
},
|
|
||||||
"trust_service": {
|
|
||||||
"type": "remote",
|
|
||||||
"hostname": "notarysigner",
|
|
||||||
"port": "7899",
|
|
||||||
"tls_ca_file": "./notary-signer-ca.crt",
|
|
||||||
"key_algorithm": "ecdsa"
|
|
||||||
},
|
|
||||||
"logging": {
|
|
||||||
"level": "debug"
|
|
||||||
},
|
|
||||||
"storage": {
|
|
||||||
"backend": "mysql",
|
|
||||||
"db_url": "server@tcp(mysql:3306)/notaryserver?parseTime=True"
|
|
||||||
},
|
|
||||||
"auth": {
|
|
||||||
"type": "token",
|
|
||||||
"options": {
|
|
||||||
"realm": "$token_endpoint/service/token",
|
|
||||||
"service": "harbor-notary",
|
|
||||||
"issuer": "harbor-token-issuer",
|
|
||||||
"rootcertbundle": "/etc/notary/root.crt"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,28 +0,0 @@
|
||||||
{
|
|
||||||
"server": {
|
|
||||||
"http_addr": ":4443"
|
|
||||||
},
|
|
||||||
"trust_service": {
|
|
||||||
"type": "remote",
|
|
||||||
"hostname": "notarysigner",
|
|
||||||
"port": "7899",
|
|
||||||
"tls_ca_file": "./notary-signer-ca.crt",
|
|
||||||
"key_algorithm": "ecdsa"
|
|
||||||
},
|
|
||||||
"logging": {
|
|
||||||
"level": "debug"
|
|
||||||
},
|
|
||||||
"storage": {
|
|
||||||
"backend": "postgres",
|
|
||||||
"db_url": "postgres://server:password@postgresql:5432/notaryserver?sslmode=disable"
|
|
||||||
},
|
|
||||||
"auth": {
|
|
||||||
"type": "token",
|
|
||||||
"options": {
|
|
||||||
"realm": "$token_endpoint/service/token",
|
|
||||||
"service": "harbor-notary",
|
|
||||||
"issuer": "harbor-token-issuer",
|
|
||||||
"rootcertbundle": "/etc/notary/root.crt"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,2 +0,0 @@
|
||||||
MIGRATIONS_PATH=migrations/server/postgresql
|
|
||||||
DB_URL=postgres://server:password@postgresql:5432/notaryserver?sslmode=disable
|
|
|
@ -1,15 +0,0 @@
|
||||||
{
|
|
||||||
"server": {
|
|
||||||
"grpc_addr": ":7899",
|
|
||||||
"tls_cert_file": "./notary-signer.crt",
|
|
||||||
"tls_key_file": "./notary-signer.key"
|
|
||||||
},
|
|
||||||
"logging": {
|
|
||||||
"level": "debug"
|
|
||||||
},
|
|
||||||
"storage": {
|
|
||||||
"backend": "mysql",
|
|
||||||
"db_url": "signer@tcp(mysql:3306)/notarysigner?parseTime=True",
|
|
||||||
"default_alias":"defaultalias"
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,15 +0,0 @@
|
||||||
{
|
|
||||||
"server": {
|
|
||||||
"grpc_addr": ":7899",
|
|
||||||
"tls_cert_file": "./notary-signer.crt",
|
|
||||||
"tls_key_file": "./notary-signer.key"
|
|
||||||
},
|
|
||||||
"logging": {
|
|
||||||
"level": "debug"
|
|
||||||
},
|
|
||||||
"storage": {
|
|
||||||
"backend": "postgres",
|
|
||||||
"db_url": "postgres://signer:password@postgresql:5432/notarysigner?sslmode=disable",
|
|
||||||
"default_alias":"defaultalias"
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,3 +0,0 @@
|
||||||
NOTARY_SIGNER_DEFAULTALIAS=$alias
|
|
||||||
MIGRATIONS_PATH=migrations/signer/postgresql
|
|
||||||
DB_URL=postgres://signer:password@postgresql:5432/notarysigner?sslmode=disable
|
|
|
@ -1,39 +0,0 @@
|
||||||
version: 0.1
|
|
||||||
log:
|
|
||||||
level: info
|
|
||||||
fields:
|
|
||||||
service: registry
|
|
||||||
storage:
|
|
||||||
cache:
|
|
||||||
layerinfo: redis
|
|
||||||
$storage_provider_info
|
|
||||||
maintenance:
|
|
||||||
uploadpurging:
|
|
||||||
enabled: false
|
|
||||||
delete:
|
|
||||||
enabled: true
|
|
||||||
redis:
|
|
||||||
addr: $redis_host:$redis_port
|
|
||||||
password: $redis_password
|
|
||||||
db: $redis_db_index_reg
|
|
||||||
http:
|
|
||||||
addr: :5000
|
|
||||||
secret: placeholder
|
|
||||||
debug:
|
|
||||||
addr: localhost:5001
|
|
||||||
auth:
|
|
||||||
token:
|
|
||||||
issuer: harbor-token-issuer
|
|
||||||
realm: $public_url/service/token
|
|
||||||
rootcertbundle: /etc/registry/root.crt
|
|
||||||
service: harbor-registry
|
|
||||||
validation:
|
|
||||||
disabled: true
|
|
||||||
notifications:
|
|
||||||
endpoints:
|
|
||||||
- name: harbor
|
|
||||||
disabled: false
|
|
||||||
url: $core_url/service/notifications
|
|
||||||
timeout: 3000ms
|
|
||||||
threshold: 5
|
|
||||||
backoff: 1s
|
|
|
@ -1,35 +0,0 @@
|
||||||
-----BEGIN CERTIFICATE-----
|
|
||||||
MIIGBzCCA++gAwIBAgIJAKB8CNqCxhr7MA0GCSqGSIb3DQEBCwUAMIGZMQswCQYD
|
|
||||||
VQQGEwJDTjEOMAwGA1UECAwFU3RhdGUxCzAJBgNVBAcMAkNOMRUwEwYDVQQKDAxv
|
|
||||||
cmdhbml6YXRpb24xHDAaBgNVBAsME29yZ2FuaXphdGlvbmFsIHVuaXQxFDASBgNV
|
|
||||||
BAMMC2V4YW1wbGUuY29tMSIwIAYJKoZIhvcNAQkBFhNleGFtcGxlQGV4YW1wbGUu
|
|
||||||
Y29tMB4XDTE2MDUxNjAyNDY1NVoXDTI2MDUxNDAyNDY1NVowgZkxCzAJBgNVBAYT
|
|
||||||
AkNOMQ4wDAYDVQQIDAVTdGF0ZTELMAkGA1UEBwwCQ04xFTATBgNVBAoMDG9yZ2Fu
|
|
||||||
aXphdGlvbjEcMBoGA1UECwwTb3JnYW5pemF0aW9uYWwgdW5pdDEUMBIGA1UEAwwL
|
|
||||||
ZXhhbXBsZS5jb20xIjAgBgkqhkiG9w0BCQEWE2V4YW1wbGVAZXhhbXBsZS5jb20w
|
|
||||||
ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC2ky/K/XneJKbCbpOsWlQ7
|
|
||||||
OwgYEQNsa044RkwSbTwPwgLafUZ3r9c5nkXE8APqAikTQQBwyiNjk7QeXgIOjJXd
|
|
||||||
7+IpwGoU6Bi2miA21qfvJPknyDAqw9tT/ycGQrvkY6rnqd++ri30ZUByUgO0du6+
|
|
||||||
aWHo7af5/G1HQz0tu6i1tIF1dhSHNeqJKwxyUG8vIiT/PfbtU/mXSdQ07M+4ojBC
|
|
||||||
O7FgoOS+rWgbL3yhWUTrCXSV2HZlhksYBhtWGoFVRPVSf89iqL02h9rZEjmfVY6R
|
|
||||||
QlCnzu9v49Q8WFU528f+gDNXr9v13PKEDmloMzTqWPaCyD2FBbEKBsWHXHf1zqlI
|
|
||||||
jyGZV7rHZ3i0C1LI6bdDDP7M7aVs8O+RjxK+HmfFRg5us2t6g7zAevwwLpMZRAud
|
|
||||||
S39F91Up7l9g8WXpViok/8vcsOdePvvWcWro8qJhuEHAnDdMzj2Cko1L85/vRM/a
|
|
||||||
budWXK7Ix0TlPWPfHJc2SLFeqqcm5Iypf/cGabQ6f0oRt6bCfspFgX9upznT5FwZ
|
|
||||||
R0o1w6Q3q+4xVl6LgZvEAudWppyz79RACJA/jbXZQ7uJkXAxoI0nev9vgY6XJqUj
|
|
||||||
XIQDih2hmi/uTnNU7Me7w7pCYKPdHlNU652kaJSH6W6ZFGk2rEOCOeAuWO9pZTq2
|
|
||||||
3IhuOcDAKOcmimlkzaWRGQIDAQABo1AwTjAdBgNVHQ4EFgQUPJF++WMsv1OJvf7F
|
|
||||||
oCew37JTnfQwHwYDVR0jBBgwFoAUPJF++WMsv1OJvf7FoCew37JTnfQwDAYDVR0T
|
|
||||||
BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAb5LvqukMxWd5Zajbh3orfYsXmhWn
|
|
||||||
UWiwG176+bd3b5xMlG9iLd4vQ11lTZoIhFOfprRQzbizQ8BzR2JBQckpLcy+5hyA
|
|
||||||
D3M9vLL37OwA0wT6kxFnd6LtlFaH5gG++huw2ts2PDXFz0jqw+0YE/R8ov2+YdaZ
|
|
||||||
aPSEMunmAuEY1TbYWzz4u6PxycxhQzDQ34ZmJZ34Elvw1NYMfPMGTKp34PsxIcgT
|
|
||||||
ao5jqb9RMU6JAumfXrOvXRjjl573vX2hgMZzEU6OF2/+uyg95chn6nO1GUQrT2+F
|
|
||||||
/1xIqfHfFCm8+jujSDgqfBtGI+2C7No+Dq8LEyEINZe6wSQ81+ryt5jy5SZmAsnj
|
|
||||||
V4OsSIwlpR5fLUwrFStVoUWHEKl1DflkYki/cAC1TL0Om+ldJ219kcOnaXDNaq66
|
|
||||||
3I75BvRY7/88MYLl4Fgt7sn05Mn3uNPrCrci8d0R1tlXIcwMdCowIHeZdWHX43f7
|
|
||||||
NsVk/7VSOxJ343csgaQc+3WxEFK0tBxGO6GP+Xj0XmdVGLhalVBsEhPjnmx+Yyrn
|
|
||||||
oMsTA1Yrs88C8ItQn7zuO/30eKNGTnby0gptHiS6sa/c3O083Mpi8y33GPVZDvBl
|
|
||||||
l9PfSZT8LG7SvpjsdgdNZlyFvTY4vsB+Vd5Howh7gXYPVXdCs4k7HMyo7zvzliZS
|
|
||||||
ekCw9NGLoNqQqnA=
|
|
||||||
-----END CERTIFICATE-----
|
|
|
@ -1,8 +0,0 @@
|
||||||
---
|
|
||||||
protocol: "http"
|
|
||||||
port: 8080
|
|
||||||
log_level: "INFO"
|
|
||||||
|
|
||||||
#https_config:
|
|
||||||
# cert: "server.crt"
|
|
||||||
# key: "server.key"
|
|
|
@ -1,3 +0,0 @@
|
||||||
CORE_SECRET=$core_secret
|
|
||||||
JOBSERVICE_SECRET=$jobservice_secret
|
|
||||||
|
|
|
@ -12,7 +12,7 @@ hostname: reg.mydomain.com
|
||||||
ui_url_protocol: https
|
ui_url_protocol: https
|
||||||
|
|
||||||
#Maximum number of job workers in job service
|
#Maximum number of job workers in job service
|
||||||
max_job_workers: 10
|
max_job_workers: 10
|
||||||
|
|
||||||
#Determine whether or not to generate certificate for the registry's token.
|
#Determine whether or not to generate certificate for the registry's token.
|
||||||
#If the value is on, the prepare script creates new root cert and private key
|
#If the value is on, the prepare script creates new root cert and private key
|
||||||
|
@ -55,20 +55,6 @@ no_proxy: 127.0.0.1,localhost,core,registry
|
||||||
|
|
||||||
#************************BEGIN INITIAL PROPERTIES************************
|
#************************BEGIN INITIAL PROPERTIES************************
|
||||||
|
|
||||||
#Email account settings for sending out password resetting emails.
|
|
||||||
|
|
||||||
#Email server uses the given username and password to authenticate on TLS connections to host and act as identity.
|
|
||||||
#Identity left blank to act as username.
|
|
||||||
email_identity:
|
|
||||||
|
|
||||||
email_server: smtp.mydomain.com
|
|
||||||
email_server_port: 25
|
|
||||||
email_username: sample_admin@mydomain.com
|
|
||||||
email_password: abc
|
|
||||||
email_from: admin <sample_admin@mydomain.com>
|
|
||||||
email_ssl: false
|
|
||||||
email_insecure: false
|
|
||||||
|
|
||||||
##The initial password of Harbor admin, only works for the first time when Harbor starts.
|
##The initial password of Harbor admin, only works for the first time when Harbor starts.
|
||||||
#It has no effect after the first launch of Harbor.
|
#It has no effect after the first launch of Harbor.
|
||||||
#Change the admin password from UI after launching Harbor.
|
#Change the admin password from UI after launching Harbor.
|
||||||
|
@ -78,52 +64,14 @@ harbor_admin_password: Harbor12345
|
||||||
#Set it to ldap_auth if you want to verify a user's credentials against an LDAP server.
|
#Set it to ldap_auth if you want to verify a user's credentials against an LDAP server.
|
||||||
auth_mode: db_auth
|
auth_mode: db_auth
|
||||||
|
|
||||||
#The url for an ldap endpoint.
|
|
||||||
ldap_url: ldaps://ldap.mydomain.com
|
|
||||||
|
|
||||||
#A user's DN who has the permission to search the LDAP/AD server.
|
#A user's DN who has the permission to search the LDAP/AD server.
|
||||||
#If your LDAP/AD server does not support anonymous search, you should configure this DN and ldap_search_pwd.
|
|
||||||
#ldap_searchdn: uid=searchuser,ou=people,dc=mydomain,dc=com
|
|
||||||
|
|
||||||
#the password of the ldap_searchdn
|
|
||||||
#ldap_search_pwd: password
|
|
||||||
|
|
||||||
#The base DN from which to look up a user in LDAP/AD
|
#The base DN from which to look up a user in LDAP/AD
|
||||||
ldap_basedn: ou=people,dc=mydomain,dc=com
|
ldap_basedn: ou=people,dc=mydomain,dc=com
|
||||||
|
|
||||||
#Search filter for LDAP/AD, make sure the syntax of the filter is correct.
|
|
||||||
#ldap_filter = (objectClass=person)
|
|
||||||
|
|
||||||
# The attribute used in a search to match a user, it could be uid, cn, email, sAMAccountName or other attributes depending on your LDAP/AD
|
|
||||||
ldap_uid: uid
|
|
||||||
|
|
||||||
#the scope to search for users, 0-LDAP_SCOPE_BASE, 1-LDAP_SCOPE_ONELEVEL, 2-LDAP_SCOPE_SUBTREE
|
|
||||||
ldap_scope: 2
|
|
||||||
|
|
||||||
#Timeout (in seconds) when connecting to an LDAP Server. The default value (and most reasonable) is 5 seconds.
|
|
||||||
ldap_timeout: 5
|
|
||||||
|
|
||||||
#Verify certificate from LDAP server
|
|
||||||
ldap_verify_cert: true
|
|
||||||
|
|
||||||
#The base dn from which to lookup a group in LDAP/AD
|
|
||||||
ldap_group_basedn: ou=group,dc=mydomain,dc=com
|
|
||||||
|
|
||||||
#filter to search LDAP/AD group
|
|
||||||
ldap_group_filter: objectclass=group
|
|
||||||
|
|
||||||
#The attribute used to name a LDAP/AD group, it could be cn, name
|
#The attribute used to name a LDAP/AD group, it could be cn, name
|
||||||
ldap_group_gid: cn
|
ldap_group_gid: cn
|
||||||
|
|
||||||
#The scope to search for ldap groups. 0-LDAP_SCOPE_BASE, 1-LDAP_SCOPE_ONELEVEL, 2-LDAP_SCOPE_SUBTREE
|
|
||||||
ldap_group_scope: 2
|
|
||||||
|
|
||||||
#Turn on or off the self-registration feature
|
|
||||||
self_registration: on
|
|
||||||
|
|
||||||
#The expiration time (in minute) of token created by token service, default is 30 minutes
|
|
||||||
token_expiration: 30
|
|
||||||
|
|
||||||
#The flag to control what users have permission to create projects
|
#The flag to control what users have permission to create projects
|
||||||
#The default value "everyone" allows everyone to creates a project.
|
#The default value "everyone" allows everyone to creates a project.
|
||||||
#Set to "adminonly" so that only admin user can create project.
|
#Set to "adminonly" so that only admin user can create project.
|
||||||
|
@ -184,14 +132,6 @@ clair_updaters_interval: 12
|
||||||
|
|
||||||
##########End of Clair DB configuration############
|
##########End of Clair DB configuration############
|
||||||
|
|
||||||
#The following attributes only need to be set when auth mode is uaa_auth
|
|
||||||
uaa_endpoint: uaa.mydomain.org
|
|
||||||
uaa_clientid: id
|
|
||||||
uaa_clientsecret: secret
|
|
||||||
uaa_verify_cert: true
|
|
||||||
uaa_ca_cert: /path/to/ca.pem
|
|
||||||
|
|
||||||
|
|
||||||
### Harbor Storage settings ###
|
### Harbor Storage settings ###
|
||||||
#Please be aware that the following storage settings will be applied to both docker registry and helm chart repository.
|
#Please be aware that the following storage settings will be applied to both docker registry and helm chart repository.
|
||||||
#registry_storage_provider can be: filesystem, s3, gcs, azure, etc.
|
#registry_storage_provider can be: filesystem, s3, gcs, azure, etc.
|
||||||
|
|
|
@ -4,7 +4,7 @@ set +e
|
||||||
|
|
||||||
usage(){
|
usage(){
|
||||||
echo "Usage: builder <golang image:version> <code path> <code release tag> <main.go path> <binary name>"
|
echo "Usage: builder <golang image:version> <code path> <code release tag> <main.go path> <binary name>"
|
||||||
echo "e.g: builder golang:1.11.2 github.com/helm/chartmuseum v0.7.1 cmd/chartmuseum chartm"
|
echo "e.g: builder golang:1.11.2 github.com/helm/chartmuseum v0.8.1 cmd/chartmuseum chartm"
|
||||||
exit 1
|
exit 1
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,6 +1,5 @@
|
||||||
import click
|
import click
|
||||||
|
|
||||||
from utils.admin_server import prepare_adminserver
|
|
||||||
from utils.misc import delfile
|
from utils.misc import delfile
|
||||||
from utils.configs import validate, parse_yaml_config
|
from utils.configs import validate, parse_yaml_config
|
||||||
from utils.cert import prepare_ca, SSL_CERT_KEY_PATH, SSL_CERT_PATH, get_secret_key
|
from utils.cert import prepare_ca, SSL_CERT_KEY_PATH, SSL_CERT_PATH, get_secret_key
|
||||||
|
@ -16,7 +15,7 @@ from utils.clair import prepare_clair
|
||||||
from utils.chart import prepare_chartmuseum
|
from utils.chart import prepare_chartmuseum
|
||||||
from utils.docker_compose import prepare_docker_compose
|
from utils.docker_compose import prepare_docker_compose
|
||||||
from utils.nginx import prepare_nginx, nginx_confd_dir
|
from utils.nginx import prepare_nginx, nginx_confd_dir
|
||||||
from g import (config_dir, private_key_pem_template, config_file_path, core_cert_dir, private_key_pem,
|
from g import (config_dir, private_key_pem_template, config_file_path, core_cert_dir, private_key_pem,
|
||||||
root_crt, root_cert_path_template, registry_custom_ca_bundle_config)
|
root_crt, root_cert_path_template, registry_custom_ca_bundle_config)
|
||||||
|
|
||||||
# Main function
|
# Main function
|
||||||
|
@ -33,8 +32,7 @@ def main(conf, with_notary, with_clair, with_chartmuseum):
|
||||||
|
|
||||||
prepare_log_configs(config_dict)
|
prepare_log_configs(config_dict)
|
||||||
prepare_nginx(config_dict)
|
prepare_nginx(config_dict)
|
||||||
prepare_adminserver(config_dict, with_notary=with_notary, with_clair=with_clair, with_chartmuseum=with_chartmuseum)
|
prepare_core(config_dict, with_notary=with_notary, with_clair=with_clair, with_chartmuseum=with_chartmuseum)
|
||||||
prepare_core(config_dict)
|
|
||||||
prepare_registry(config_dict)
|
prepare_registry(config_dict)
|
||||||
prepare_registry_ctl(config_dict)
|
prepare_registry_ctl(config_dict)
|
||||||
prepare_db(config_dict)
|
prepare_db(config_dict)
|
||||||
|
|
|
@ -2,7 +2,6 @@ LOG_LEVEL=info
|
||||||
CONFIG_PATH=/etc/core/app.conf
|
CONFIG_PATH=/etc/core/app.conf
|
||||||
CORE_SECRET={{core_secret}}
|
CORE_SECRET={{core_secret}}
|
||||||
JOBSERVICE_SECRET={{jobservice_secret}}
|
JOBSERVICE_SECRET={{jobservice_secret}}
|
||||||
ADMINSERVER_URL={{adminserver_url}}
|
|
||||||
UAA_CA_ROOT=/etc/core/certificates/uaa_ca.pem
|
UAA_CA_ROOT=/etc/core/certificates/uaa_ca.pem
|
||||||
_REDIS_URL={{redis_host}}:{{redis_port}},100,{{redis_password}}
|
_REDIS_URL={{redis_host}}:{{redis_port}},100,{{redis_password}}
|
||||||
SYNC_REGISTRY=false
|
SYNC_REGISTRY=false
|
||||||
|
|
|
@ -2,9 +2,16 @@ version: '2'
|
||||||
services:
|
services:
|
||||||
log:
|
log:
|
||||||
image: goharbor/harbor-log:{{version}}
|
image: goharbor/harbor-log:{{version}}
|
||||||
container_name: harbor-log
|
container_name: harbor-log
|
||||||
restart: always
|
restart: always
|
||||||
dns_search: .
|
dns_search: .
|
||||||
|
cap_drop:
|
||||||
|
- ALL
|
||||||
|
cap_add:
|
||||||
|
- CHOWN
|
||||||
|
- DAC_OVERRIDE
|
||||||
|
- SETGID
|
||||||
|
- SETUID
|
||||||
volumes:
|
volumes:
|
||||||
- {{log_location}}/:/var/log/docker/:z
|
- {{log_location}}/:/var/log/docker/:z
|
||||||
- ./common/config/log/:/etc/logrotate.d/:z
|
- ./common/config/log/:/etc/logrotate.d/:z
|
||||||
|
@ -16,6 +23,12 @@ services:
|
||||||
image: goharbor/registry-photon:{{reg_version}}
|
image: goharbor/registry-photon:{{reg_version}}
|
||||||
container_name: registry
|
container_name: registry
|
||||||
restart: always
|
restart: always
|
||||||
|
cap_drop:
|
||||||
|
- ALL
|
||||||
|
cap_add:
|
||||||
|
- CHOWN
|
||||||
|
- SETGID
|
||||||
|
- SETUID
|
||||||
volumes:
|
volumes:
|
||||||
- {{data_volume}}/registry:/storage:z
|
- {{data_volume}}/registry:/storage:z
|
||||||
- ./common/config/registry/:/etc/registry/:z
|
- ./common/config/registry/:/etc/registry/:z
|
||||||
|
@ -39,6 +52,12 @@ services:
|
||||||
env_file:
|
env_file:
|
||||||
- ./common/config/registryctl/env
|
- ./common/config/registryctl/env
|
||||||
restart: always
|
restart: always
|
||||||
|
cap_drop:
|
||||||
|
- ALL
|
||||||
|
cap_add:
|
||||||
|
- CHOWN
|
||||||
|
- SETGID
|
||||||
|
- SETUID
|
||||||
volumes:
|
volumes:
|
||||||
- {{data_volume}}/registry:/storage:z
|
- {{data_volume}}/registry:/storage:z
|
||||||
- ./common/config/registry/:/etc/registry/:z
|
- ./common/config/registry/:/etc/registry/:z
|
||||||
|
@ -57,6 +76,13 @@ services:
|
||||||
image: goharbor/harbor-db:{{version}}
|
image: goharbor/harbor-db:{{version}}
|
||||||
container_name: harbor-db
|
container_name: harbor-db
|
||||||
restart: always
|
restart: always
|
||||||
|
cap_drop:
|
||||||
|
- ALL
|
||||||
|
cap_add:
|
||||||
|
- CHOWN
|
||||||
|
- DAC_OVERRIDE
|
||||||
|
- SETGID
|
||||||
|
- SETUID
|
||||||
volumes:
|
volumes:
|
||||||
- {{data_volume}}/database:/var/lib/postgresql/data:z
|
- {{data_volume}}/database:/var/lib/postgresql/data:z
|
||||||
networks:
|
networks:
|
||||||
|
@ -81,32 +107,18 @@ services:
|
||||||
options:
|
options:
|
||||||
syslog-address: "tcp://127.0.0.1:1514"
|
syslog-address: "tcp://127.0.0.1:1514"
|
||||||
tag: "postgresql"
|
tag: "postgresql"
|
||||||
adminserver:
|
|
||||||
image: goharbor/harbor-adminserver:{{version}}
|
|
||||||
container_name: harbor-adminserver
|
|
||||||
env_file:
|
|
||||||
- ./common/config/adminserver/env
|
|
||||||
restart: always
|
|
||||||
volumes:
|
|
||||||
- {{data_volume}}/config/:/etc/adminserver/config/:z
|
|
||||||
- {{secretkey_path}}/secretkey:/etc/adminserver/key:z
|
|
||||||
- {{data_volume}}/:/data/:z
|
|
||||||
networks:
|
|
||||||
- harbor
|
|
||||||
dns_search: .
|
|
||||||
depends_on:
|
|
||||||
- log
|
|
||||||
logging:
|
|
||||||
driver: "syslog"
|
|
||||||
options:
|
|
||||||
syslog-address: "tcp://127.0.0.1:1514"
|
|
||||||
tag: "adminserver"
|
|
||||||
core:
|
core:
|
||||||
image: goharbor/harbor-core:{{version}}
|
image: goharbor/harbor-core:{{version}}
|
||||||
container_name: harbor-core
|
container_name: harbor-core
|
||||||
env_file:
|
env_file:
|
||||||
- ./common/config/core/env
|
- ./common/config/core/env
|
||||||
|
- ./common/config/core/config_env
|
||||||
restart: always
|
restart: always
|
||||||
|
cap_drop:
|
||||||
|
- ALL
|
||||||
|
cap_add:
|
||||||
|
- SETGID
|
||||||
|
- SETUID
|
||||||
volumes:
|
volumes:
|
||||||
- ./common/config/core/app.conf:/etc/core/app.conf:z
|
- ./common/config/core/app.conf:/etc/core/app.conf:z
|
||||||
- ./common/config/core/private_key.pem:/etc/core/private_key.pem:z
|
- ./common/config/core/private_key.pem:/etc/core/private_key.pem:z
|
||||||
|
@ -133,7 +145,6 @@ services:
|
||||||
dns_search: .
|
dns_search: .
|
||||||
depends_on:
|
depends_on:
|
||||||
- log
|
- log
|
||||||
- adminserver
|
|
||||||
- registry
|
- registry
|
||||||
logging:
|
logging:
|
||||||
driver: "syslog"
|
driver: "syslog"
|
||||||
|
@ -144,6 +155,13 @@ services:
|
||||||
image: goharbor/harbor-portal:{{version}}
|
image: goharbor/harbor-portal:{{version}}
|
||||||
container_name: harbor-portal
|
container_name: harbor-portal
|
||||||
restart: always
|
restart: always
|
||||||
|
cap_drop:
|
||||||
|
- ALL
|
||||||
|
cap_add:
|
||||||
|
- CHOWN
|
||||||
|
- SETGID
|
||||||
|
- SETUID
|
||||||
|
- NET_BIND_SERVICE
|
||||||
networks:
|
networks:
|
||||||
- harbor
|
- harbor
|
||||||
dns_search: .
|
dns_search: .
|
||||||
|
@ -162,6 +180,12 @@ services:
|
||||||
env_file:
|
env_file:
|
||||||
- ./common/config/jobservice/env
|
- ./common/config/jobservice/env
|
||||||
restart: always
|
restart: always
|
||||||
|
cap_drop:
|
||||||
|
- ALL
|
||||||
|
cap_add:
|
||||||
|
- CHOWN
|
||||||
|
- SETGID
|
||||||
|
- SETUID
|
||||||
volumes:
|
volumes:
|
||||||
- {{data_volume}}/job_logs:/var/log/jobs:z
|
- {{data_volume}}/job_logs:/var/log/jobs:z
|
||||||
- ./common/config/jobservice/config.yml:/etc/jobservice/config.yml:z
|
- ./common/config/jobservice/config.yml:/etc/jobservice/config.yml:z
|
||||||
|
@ -174,7 +198,6 @@ services:
|
||||||
depends_on:
|
depends_on:
|
||||||
- redis
|
- redis
|
||||||
- core
|
- core
|
||||||
- adminserver
|
|
||||||
logging:
|
logging:
|
||||||
driver: "syslog"
|
driver: "syslog"
|
||||||
options:
|
options:
|
||||||
|
@ -184,6 +207,12 @@ services:
|
||||||
image: goharbor/redis-photon:{{redis_version}}
|
image: goharbor/redis-photon:{{redis_version}}
|
||||||
container_name: redis
|
container_name: redis
|
||||||
restart: always
|
restart: always
|
||||||
|
cap_drop:
|
||||||
|
- ALL
|
||||||
|
cap_add:
|
||||||
|
- CHOWN
|
||||||
|
- SETGID
|
||||||
|
- SETUID
|
||||||
volumes:
|
volumes:
|
||||||
- {{data_volume}}/redis:/var/lib/redis
|
- {{data_volume}}/redis:/var/lib/redis
|
||||||
networks:
|
networks:
|
||||||
|
@ -205,6 +234,13 @@ services:
|
||||||
image: goharbor/nginx-photon:{{redis_version}}
|
image: goharbor/nginx-photon:{{redis_version}}
|
||||||
container_name: nginx
|
container_name: nginx
|
||||||
restart: always
|
restart: always
|
||||||
|
cap_drop:
|
||||||
|
- ALL
|
||||||
|
cap_add:
|
||||||
|
- CHOWN
|
||||||
|
- SETGID
|
||||||
|
- SETUID
|
||||||
|
- NET_BIND_SERVICE
|
||||||
volumes:
|
volumes:
|
||||||
- ./common/config/nginx:/etc/nginx:z
|
- ./common/config/nginx:/etc/nginx:z
|
||||||
- {{cert_key_path}}:/etc/nginx/cert/server.key
|
- {{cert_key_path}}:/etc/nginx/cert/server.key
|
||||||
|
|
|
@ -27,6 +27,8 @@ auth:
|
||||||
realm: {{public_url}}/service/token
|
realm: {{public_url}}/service/token
|
||||||
rootcertbundle: /etc/registry/root.crt
|
rootcertbundle: /etc/registry/root.crt
|
||||||
service: harbor-registry
|
service: harbor-registry
|
||||||
|
validation:
|
||||||
|
disabled: true
|
||||||
notifications:
|
notifications:
|
||||||
endpoints:
|
endpoints:
|
||||||
- name: harbor
|
- name: harbor
|
||||||
|
|
|
@ -1,30 +0,0 @@
|
||||||
import os
|
|
||||||
|
|
||||||
from g import config_dir, templates_dir
|
|
||||||
from utils.misc import prepare_config_dir, generate_random_string
|
|
||||||
from utils.jinja import render_jinja
|
|
||||||
|
|
||||||
adminserver_config_dir = os.path.join(config_dir, 'adminserver')
|
|
||||||
adminserver_env_template = os.path.join(templates_dir, "adminserver", "env.jinja")
|
|
||||||
adminserver_conf_env = os.path.join(config_dir, "adminserver", "env")
|
|
||||||
|
|
||||||
def prepare_adminserver(config_dict, with_notary, with_clair, with_chartmuseum):
|
|
||||||
prepare_adminserver_config_dir()
|
|
||||||
render_adminserver(config_dict, with_notary, with_clair, with_chartmuseum)
|
|
||||||
|
|
||||||
def prepare_adminserver_config_dir():
|
|
||||||
prepare_config_dir(adminserver_config_dir)
|
|
||||||
|
|
||||||
def render_adminserver(config_dict, with_notary, with_clair, with_chartmuseum):
|
|
||||||
# Use reload_key to avoid reload config after restart harbor
|
|
||||||
reload_key = generate_random_string(6) if config_dict['reload_config'] == "true" else ""
|
|
||||||
|
|
||||||
render_jinja(
|
|
||||||
adminserver_env_template,
|
|
||||||
adminserver_conf_env,
|
|
||||||
with_notary=with_notary,
|
|
||||||
with_clair=with_clair,
|
|
||||||
with_chartmuseum=with_chartmuseum,
|
|
||||||
reload_key=reload_key,
|
|
||||||
**config_dict
|
|
||||||
)
|
|
|
@ -208,7 +208,7 @@ def parse_yaml_config(config_file_path):
|
||||||
'''
|
'''
|
||||||
|
|
||||||
with open(config_file_path) as f:
|
with open(config_file_path) as f:
|
||||||
configs = yaml.load(f)
|
configs = yaml.safe_load(f)
|
||||||
|
|
||||||
config_dict = {}
|
config_dict = {}
|
||||||
config_dict['adminserver_url'] = "http://adminserver:8080"
|
config_dict['adminserver_url'] = "http://adminserver:8080"
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
import shutil, os
|
import shutil, os
|
||||||
|
|
||||||
from g import config_dir, templates_dir
|
from g import config_dir, templates_dir
|
||||||
from utils.misc import prepare_config_dir
|
from utils.misc import prepare_config_dir, generate_random_string
|
||||||
from utils.jinja import render_jinja
|
from utils.jinja import render_jinja
|
||||||
|
|
||||||
core_config_dir = os.path.join(config_dir, "core", "certificates")
|
core_config_dir = os.path.join(config_dir, "core", "certificates")
|
||||||
|
@ -10,14 +10,20 @@ core_conf_env = os.path.join(config_dir, "core", "env")
|
||||||
core_conf_template_path = os.path.join(templates_dir, "core", "app.conf.jinja")
|
core_conf_template_path = os.path.join(templates_dir, "core", "app.conf.jinja")
|
||||||
core_conf = os.path.join(config_dir, "core", "app.conf")
|
core_conf = os.path.join(config_dir, "core", "app.conf")
|
||||||
|
|
||||||
def prepare_core(config_dict):
|
core_config_env_template = os.path.join(templates_dir, "core", "config_env.jinja")
|
||||||
|
core_config_env = os.path.join(config_dir, "core", "config_env")
|
||||||
|
|
||||||
|
def prepare_core(config_dict, with_notary, with_clair, with_chartmuseum):
|
||||||
prepare_core_config_dir()
|
prepare_core_config_dir()
|
||||||
# Render Core
|
# Render Core
|
||||||
# set cache for chart repo server
|
# set cache for chart repo server
|
||||||
# default set 'memory' mode, if redis is configured then set to 'redis'
|
# default set 'memory' mode, if redis is configured then set to 'redis'
|
||||||
chart_cache_driver = "memory"
|
|
||||||
if len(config_dict['redis_host']) > 0:
|
if len(config_dict['redis_host']) > 0:
|
||||||
chart_cache_driver = "redis"
|
chart_cache_driver = "redis"
|
||||||
|
else:
|
||||||
|
chart_cache_driver = "memory"
|
||||||
|
|
||||||
|
render_config_env(config_dict, with_notary, with_clair, with_chartmuseum)
|
||||||
|
|
||||||
render_jinja(
|
render_jinja(
|
||||||
core_env_template_path,
|
core_env_template_path,
|
||||||
|
@ -33,4 +39,18 @@ def prepare_core_config_dir():
|
||||||
|
|
||||||
def copy_core_config(core_templates_path, core_config_path):
|
def copy_core_config(core_templates_path, core_config_path):
|
||||||
shutil.copyfile(core_templates_path, core_config_path)
|
shutil.copyfile(core_templates_path, core_config_path)
|
||||||
print("Generated configuration file: %s" % core_config_path)
|
print("Generated configuration file: %s" % core_config_path)
|
||||||
|
|
||||||
|
def render_config_env(config_dict, with_notary, with_clair, with_chartmuseum):
|
||||||
|
# Use reload_key to avoid reload config after restart harbor
|
||||||
|
reload_key = generate_random_string(6) if config_dict['reload_config'] == "true" else ""
|
||||||
|
|
||||||
|
render_jinja(
|
||||||
|
core_config_env_template,
|
||||||
|
core_config_env,
|
||||||
|
with_notary=with_notary,
|
||||||
|
with_clair=with_clair,
|
||||||
|
with_chartmuseum=with_chartmuseum,
|
||||||
|
reload_key=reload_key,
|
||||||
|
**config_dict
|
||||||
|
)
|
|
@ -9,7 +9,7 @@ VERSION_TAG = 'dev'
|
||||||
REGISTRY_VERSION = 'v2.7.1'
|
REGISTRY_VERSION = 'v2.7.1'
|
||||||
NOTARY_VERSION = 'v0.6.1-v1.7.1'
|
NOTARY_VERSION = 'v0.6.1-v1.7.1'
|
||||||
CLAIR_VERSION = 'v2.0.7-dev'
|
CLAIR_VERSION = 'v2.0.7-dev'
|
||||||
CHARTMUSEUM_VERSION = 'v0.7.1-dev'
|
CHARTMUSEUM_VERSION = 'v0.8.1-dev'
|
||||||
CLAIR_DB_VERSION = VERSION_TAG
|
CLAIR_DB_VERSION = VERSION_TAG
|
||||||
MIGRATOR_VERSION = VERSION_TAG
|
MIGRATOR_VERSION = VERSION_TAG
|
||||||
REDIS_VERSION = VERSION_TAG
|
REDIS_VERSION = VERSION_TAG
|
||||||
|
|
|
@ -1,5 +1,4 @@
|
||||||
from jinja2 import Environment, FileSystemLoader, select_autoescape
|
from jinja2 import Environment, FileSystemLoader
|
||||||
from g import templates_dir
|
|
||||||
from .misc import mark_file
|
from .misc import mark_file
|
||||||
|
|
||||||
jinja_env = Environment(loader=FileSystemLoader('/'), trim_blocks=True)
|
jinja_env = Environment(loader=FileSystemLoader('/'), trim_blocks=True)
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
import os
|
import os
|
||||||
|
|
||||||
from g import config_dir, DEFAULT_GID, DEFAULT_UID, templates_dir
|
from g import config_dir, DEFAULT_GID, DEFAULT_UID, templates_dir
|
||||||
from utils.misc import prepare_config_dir, mark_file
|
from utils.misc import prepare_config_dir
|
||||||
from utils.jinja import render_jinja
|
from utils.jinja import render_jinja
|
||||||
|
|
||||||
job_config_dir = os.path.join(config_dir, "jobservice")
|
job_config_dir = os.path.join(config_dir, "jobservice")
|
||||||
|
|
|
@ -68,7 +68,7 @@ def prepare_env_notary(customize_crt, nginx_config_dir):
|
||||||
# print("Copying sql file for notary DB")
|
# print("Copying sql file for notary DB")
|
||||||
# if os.path.exists(os.path.join(notary_config_dir, "postgresql-initdb.d")):
|
# if os.path.exists(os.path.join(notary_config_dir, "postgresql-initdb.d")):
|
||||||
# shutil.rmtree(os.path.join(notary_config_dir, "postgresql-initdb.d"))
|
# shutil.rmtree(os.path.join(notary_config_dir, "postgresql-initdb.d"))
|
||||||
# shutil.copytree(os.path.join(notary_temp_dir, "postgresql-initdb.d"), os.path.join(notary_config_dir, "postgresql-initdb.d"))
|
# shutil.copytree(os.path.join(notary_temp_dir, "postgresql-initdb.d"), os.path.join(notary_config_dir, "postgresql-initdb.d"))
|
||||||
|
|
||||||
|
|
||||||
def prepare_notary(config_dict, nginx_config_dir, ssl_cert_path, ssl_cert_key_path):
|
def prepare_notary(config_dict, nginx_config_dir, ssl_cert_path, ssl_cert_key_path):
|
||||||
|
@ -78,7 +78,7 @@ def prepare_notary(config_dict, nginx_config_dir, ssl_cert_path, ssl_cert_key_pa
|
||||||
render_jinja(
|
render_jinja(
|
||||||
notary_signer_pg_template,
|
notary_signer_pg_template,
|
||||||
notary_signer_pg_config,
|
notary_signer_pg_config,
|
||||||
uid=DEFAULT_UID,
|
uid=DEFAULT_UID,
|
||||||
gid=DEFAULT_GID
|
gid=DEFAULT_GID
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
|
@ -14,4 +14,8 @@ else
|
||||||
fi
|
fi
|
||||||
echo "server ip is "$IP
|
echo "server ip is "$IP
|
||||||
|
|
||||||
|
echo "Current path is"
|
||||||
|
pwd
|
||||||
|
cat make/common/config/core/config_env
|
||||||
|
|
||||||
chmod 777 /data/
|
chmod 777 /data/
|
||||||
|
|
Loading…
Reference in New Issue