Fix: the adminserver caused regression

Remove some code related to adminserver
Fix some issues by adminserver removeing

Signed-off-by: Qian Deng <dengq@vmware.com>

Makefile

@@ -209,7 +209,7 @@ REGISTRYUSER=user
 REGISTRYPASSWORD=default
 
 # cmds
-DOCKERSAVE_PARA= $(DOCKERIMAGENAME_PORTAL):$(VERSIONTAG) \
+DOCKERSAVE_PARA=$(DOCKERIMAGENAME_PORTAL):$(VERSIONTAG) \
 		$(DOCKERIMAGENAME_CORE):$(VERSIONTAG) \
 		$(DOCKERIMAGENAME_LOG):$(VERSIONTAG) \
 		$(DOCKERIMAGENAME_DB):$(VERSIONTAG) \
@@ -219,16 +219,16 @@ DOCKERSAVE_PARA= $(DOCKERIMAGENAME_PORTAL):$(VERSIONTAG) \
 		goharbor/nginx-photon:$(NGINXVERSION) goharbor/registry-photon:$(REGISTRYVERSION)-$(VERSIONTAG)
 
 PACKAGE_OFFLINE_PARA=-zcvf harbor-offline-installer-$(PKGVERSIONTAG).tgz \
-		          $(HARBORPKG)/common/templates $(HARBORPKG)/$(DOCKERIMGFILE).$(VERSIONTAG).tar.gz \
-				  $(HARBORPKG)/prepare \
-				  $(HARBORPKG)/LICENSE $(HARBORPKG)/install.sh \
-				  $(HARBORPKG)/harbor.yml
+					$(HARBORPKG)/$(DOCKERIMGFILE).$(VERSIONTAG).tar.gz \
+					$(HARBORPKG)/prepare \
+					$(HARBORPKG)/LICENSE $(HARBORPKG)/install.sh \
+					$(HARBORPKG)/harbor.yml
 
 PACKAGE_ONLINE_PARA=-zcvf harbor-online-installer-$(PKGVERSIONTAG).tgz \
-		          $(HARBORPKG)/common/templates $(HARBORPKG)/prepare \
-				  $(HARBORPKG)/LICENSE \
-				  $(HARBORPKG)/install.sh \
-				  $(HARBORPKG)/harbor.yml
+					$(HARBORPKG)/prepare \
+					$(HARBORPKG)/LICENSE \
+					$(HARBORPKG)/install.sh \
+					$(HARBORPKG)/harbor.yml
 
 DOCKERCOMPOSE_LIST=-f $(DOCKERCOMPOSEFILEPATH)/$(DOCKERCOMPOSEFILENAME)
 
@@ -278,7 +278,7 @@ compile:check_environment compile_core compile_jobservice compile_registryctl co
 	
 prepare:
 	@echo "preparing..."
-	@MAKEPATH=$(MAKEPATH) $(MAKEPATH)/$(PREPARECMD) $(PREPARECMD_PARA)
+	@$(MAKEPATH)/$(PREPARECMD) $(PREPARECMD_PARA)
 
 build:
 	make -f $(MAKEFILEPATH_PHOTON)/Makefile build -e DEVFLAG=$(DEVFLAG) \
@@ -287,15 +287,6 @@ build:
 	 -e BUILDBIN=$(BUILDBIN) -e REDISVERSION=$(REDISVERSION) -e MIGRATORVERSION=$(MIGRATORVERSION) \
 	 -e CHARTMUSEUMVERSION=$(CHARTMUSEUMVERSION) -e DOCKERIMAGENAME_CHART_SERVER=$(DOCKERIMAGENAME_CHART_SERVER)
 
-modify_sourcefiles:
-	@echo "change mode of source files."
-	@chmod 600 $(MAKEPATH)/common/templates/notary/notary-signer.key
-	@chmod 600 $(MAKEPATH)/common/templates/notary/notary-signer.crt
-	@chmod 600 $(MAKEPATH)/common/templates/notary/notary-signer-ca.crt
-	@chmod 600 $(MAKEPATH)/common/templates/core/private_key.pem
-	@chmod 600 $(MAKEPATH)/common/templates/registry/root.crt
-
-# install: compile ui_version build modify_sourcefiles prepare start
 install: compile ui_version build prepare start
 
 package_online: prepare

make/common/templates/chartserver/env

@@ -1,41 +0,0 @@
-## Settings should be set
-PORT=9999
-
-# Only support redis now. If redis is setup, then enable cache
-CACHE=$cache_store
-CACHE_REDIS_ADDR=$cache_redis_addr
-CACHE_REDIS_PASSWORD=$cache_redis_password
-CACHE_REDIS_DB=$cache_redis_db_index
-
-# Credential for internal communication
-BASIC_AUTH_USER=chart_controller
-BASIC_AUTH_PASS=$core_secret
-
-# Multiple tenants
-# Must be set with 1 to support project namespace
-DEPTH=1
-
-# Backend storage driver: e.g. "local", "amazon", "google" etc.
-STORAGE=$storage_driver
-
-# Storage driver settings
-$all_storage_driver_configs
-
-## Settings with default values. Just put here for future changes
-DEBUG=false
-LOG_JSON=true
-DISABLE_METRICS=false
-DISABLE_API=false
-DISABLE_STATEFILES=false
-ALLOW_OVERWRITE=true
-CHART_URL=
-AUTH_ANONYMOUS_GET=false
-TLS_CERT=
-TLS_KEY=
-CONTEXT_PATH=
-INDEX_LIMIT=0
-MAX_STORAGE_OBJECTS=0
-MAX_UPLOAD_SIZE=20971520
-CHART_POST_FORM_FIELD_NAME=chart
-PROV_POST_FORM_FIELD_NAME=prov
-

make/common/templates/clair/clair_env

@@ -1,3 +0,0 @@
-http_proxy=$http_proxy
-https_proxy=$https_proxy
-no_proxy=$no_proxy

make/common/templates/clair/clair_env.jinja

@@ -1,3 +0,0 @@
-http_proxy={{http_proxy}}
-https_proxy={{https_proxy}}
-no_proxy={{no_proxy}}

make/common/templates/clair/config.yaml

@@ -1,25 +0,0 @@
-clair:
-  database:
-    type: pgsql
-    options:
-      source: postgresql://$username:$password@$host:$port/$dbname?sslmode=disable
-
-      # Number of elements kept in the cache
-      # Values unlikely to change (e.g. namespaces) are cached in order to save prevent needless roundtrips to the database.
-      cachesize: 16384
-
-  api:
-    # API server port
-    port: 6060
-    healthport: 6061
-
-    # Deadline before an API request will respond with a 503
-    timeout: 300s
-  updater:
-    interval: ${interval}h
-
-  notifier:
-    attempts: 3
-    renotifyinterval: 2h
-    http:
-      endpoint: http://core:8080/service/notifications/clair

make/common/templates/clair/config.yaml.jinja

@@ -1,25 +0,0 @@
-clair:
-  database:
-    type: pgsql
-    options:
-      source: postgresql://{{username}}:{{password}}@{{host}}:{{port}}/{{dbname}}?sslmode=disable
-
-      # Number of elements kept in the cache
-      # Values unlikely to change (e.g. namespaces) are cached in order to save prevent needless roundtrips to the database.
-      cachesize: 16384
-
-  api:
-    # API server port
-    port: 6060
-    healthport: 6061
-
-    # Deadline before an API request will respond with a 503
-    timeout: 300s
-  updater:
-    interval: {{interval}}h
-
-  notifier:
-    attempts: 3
-    renotifyinterval: 2h
-    http:
-      endpoint: http://core:8080/service/notifications/clair

make/common/templates/clair/postgres_env

@@ -1 +0,0 @@
-POSTGRES_PASSWORD=$password

make/common/templates/clair/postgres_env.jinja

@@ -1 +0,0 @@
-POSTGRES_PASSWORD={{password}}

make/common/templates/clair/postgresql-init.d/README.md

@@ -1,7 +0,0 @@
-This folder used to run some initial sql for clair if needed.
-
-Just put the sql file in this directory and then start the
-clair . 
-
-both .sql and .gz format supported
-

make/common/templates/core/app.conf

@@ -1,6 +0,0 @@
-appname = Harbor
-runmode = dev
-enablegzip = true
-
-[dev]
-httpport = 8080

make/common/templates/core/config_env

@@ -1,68 +0,0 @@
-PORT=8080
-LOG_LEVEL=info
-EXT_ENDPOINT=$public_url
-AUTH_MODE=$auth_mode
-SELF_REGISTRATION=$self_registration
-LDAP_URL=$ldap_url
-LDAP_SEARCH_DN=$ldap_searchdn
-LDAP_SEARCH_PWD=$ldap_search_pwd
-LDAP_BASE_DN=$ldap_basedn
-LDAP_FILTER=$ldap_filter
-LDAP_UID=$ldap_uid
-LDAP_SCOPE=$ldap_scope
-LDAP_TIMEOUT=$ldap_timeout
-LDAP_VERIFY_CERT=$ldap_verify_cert
-DATABASE_TYPE=postgresql
-POSTGRESQL_HOST=$db_host
-POSTGRESQL_PORT=$db_port
-POSTGRESQL_USERNAME=$db_user
-POSTGRESQL_PASSWORD=$db_password
-POSTGRESQL_DATABASE=registry
-POSTGRESQL_SSLMODE=disable
-LDAP_GROUP_BASEDN=$ldap_group_basedn
-LDAP_GROUP_FILTER=$ldap_group_filter
-LDAP_GROUP_GID=$ldap_group_gid
-LDAP_GROUP_SCOPE=$ldap_group_scope
-REGISTRY_URL=$registry_url
-TOKEN_SERVICE_URL=$token_service_url
-EMAIL_HOST=$email_host
-EMAIL_PORT=$email_port
-EMAIL_USR=$email_usr
-EMAIL_PWD=$email_pwd
-EMAIL_SSL=$email_ssl
-EMAIL_FROM=$email_from
-EMAIL_IDENTITY=$email_identity
-EMAIL_INSECURE=$email_insecure
-HARBOR_ADMIN_PASSWORD=$harbor_admin_password
-PROJECT_CREATION_RESTRICTION=$project_creation_restriction
-MAX_JOB_WORKERS=$max_job_workers
-CORE_SECRET=$core_secret
-JOBSERVICE_SECRET=$jobservice_secret
-TOKEN_EXPIRATION=$token_expiration
-CFG_EXPIRATION=5
-ADMIRAL_URL=$admiral_url
-WITH_NOTARY=$with_notary
-WITH_CLAIR=$with_clair
-CLAIR_DB_PASSWORD=$clair_db_password
-CLAIR_DB_HOST=$clair_db_host
-CLAIR_DB_PORT=$clair_db_port
-CLAIR_DB_USERNAME=$clair_db_username
-CLAIR_DB=$clair_db
-CLAIR_DB_SSLMODE=disable
-RESET=$reload_config
-UAA_ENDPOINT=$uaa_endpoint
-UAA_CLIENTID=$uaa_clientid
-UAA_CLIENTSECRET=$uaa_clientsecret
-UAA_VERIFY_CERT=$uaa_verify_cert
-CORE_URL=$core_url
-JOBSERVICE_URL=$jobservice_url
-CLAIR_URL=$clair_url
-NOTARY_URL=$notary_url
-REGISTRY_STORAGE_PROVIDER_NAME=$storage_provider_name
-READ_ONLY=false
-SKIP_RELOAD_ENV_PATTERN=$skip_reload_env_pattern
-RELOAD_KEY=$reload_key
-CHART_REPOSITORY_URL=$chart_repository_url
-LDAP_GROUP_ADMIN_DN=$ldap_group_admin_dn
-REGISTRY_CONTROLLER_URL=$registry_controller_url
-WITH_CHARTMUSEUM=$with_chartmuseum

make/common/templates/core/env

@@ -1,10 +0,0 @@
-LOG_LEVEL=info
-CONFIG_PATH=/etc/core/app.conf
-CORE_SECRET=$core_secret
-JOBSERVICE_SECRET=$jobservice_secret
-UAA_CA_ROOT=/etc/core/certificates/uaa_ca.pem
-_REDIS_URL=$redis_host:$redis_port,100,$redis_password
-SYNC_REGISTRY=false
-CHART_CACHE_DRIVER=$chart_cache_driver
-_REDIS_URL_REG=$redis_url_reg
-

make/common/templates/core/private_key.pem

@@ -1,51 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIJKAIBAAKCAgEAtpMvyv153iSmwm6TrFpUOzsIGBEDbGtOOEZMEm08D8IC2n1G
-d6/XOZ5FxPAD6gIpE0EAcMojY5O0Hl4CDoyV3e/iKcBqFOgYtpogNtan7yT5J8gw
-KsPbU/8nBkK75GOq56nfvq4t9GVAclIDtHbuvmlh6O2n+fxtR0M9LbuotbSBdXYU
-hzXqiSsMclBvLyIk/z327VP5l0nUNOzPuKIwQjuxYKDkvq1oGy98oVlE6wl0ldh2
-ZYZLGAYbVhqBVUT1Un/PYqi9Nofa2RI5n1WOkUJQp87vb+PUPFhVOdvH/oAzV6/b
-9dzyhA5paDM06lj2gsg9hQWxCgbFh1x39c6pSI8hmVe6x2d4tAtSyOm3Qwz+zO2l
-bPDvkY8Svh5nxUYObrNreoO8wHr8MC6TGUQLnUt/RfdVKe5fYPFl6VYqJP/L3LDn
-Xj771nFq6PKiYbhBwJw3TM49gpKNS/Of70TP2m7nVlyuyMdE5T1j3xyXNkixXqqn
-JuSMqX/3Bmm0On9KEbemwn7KRYF/bqc50+RcGUdKNcOkN6vuMVZei4GbxALnVqac
-s+/UQAiQP4212UO7iZFwMaCNJ3r/b4GOlyalI1yEA4odoZov7k5zVOzHu8O6QmCj
-3R5TVOudpGiUh+lumRRpNqxDgjngLljvaWU6ttyIbjnAwCjnJoppZM2lkRkCAwEA
-AQKCAgAvsvCPlf2a3fR7Y6xNISRUfS22K+u7DaXX6fXB8qv4afWY45Xfex89vG35
-78L2Bi55C0h0LztjrpkmPeVHq88TtrJduhl88M5UFpxH93jUb9JwZErBQX4xyb2G
-UzUHjEqAT89W3+a9rR5TP74cDd59/MZJtp1mIF7keVqochi3sDsKVxkx4hIuWALe
-csk5hTApRyUWCBRzRCSe1yfF0wnMpA/JcP+SGXfTcmqbNNlelo/Q/kaga59+3UmT
-C0Wy41s8fIvP+MnGT2QLxkkrqYyfwrWTweqoTtuKEIHjpdnwUcoYJKfQ6jKp8aH0
-STyP5UIyFOKNuFjyh6ZfoPbuT1nGW+YKlUnK4hQ9N/GE0oMoecTaHTbqM+psQvbj
-6+CG/1ukA5ZTQyogNyuOApArFBQ+RRmVudPKA3JYygIhwctuB2oItsVEOEZMELCn
-g2aVFAVXGfGRDXvpa8oxs3Pc6RJEp/3tON6+w7cMCx0lwN/Jk2Ie6RgTzUycT3k6
-MoTQJRoO6/ZHcx3hTut/CfnrWiltyAUZOsefLuLg+Pwf9GHhOycLRI6gHfgSwdIV
-S77UbbELWdscVr1EoPIasUm1uYWBBcFRTturRW+GHJ8TZX+mcWSBcWwBhp15LjEl
-tJf+9U6lWMOSB2LvT+vFmR0M9q56fo7UeKFIR7mo7/GpiVu5AQKCAQEA6Qs7G9mw
-N/JZOSeQO6xIQakC+sKApPyXO58fa7WQzri+l2UrLNp0DEQfZCujqDgwys6OOzR/
-xg8ZKQWVoad08Ind3ZwoJgnLn6QLENOcE6PpWxA/JjnVGP4JrXCYR98cP0sf9jEI
-xkR1qT50GbeqU3RDFliI4kGRvbZ8cekzuWppfQcjstSBPdvuxqAcUVmTnTw83nvD
-FmBbhlLiEgI3iKtJ97UB7480ivnWnOuusduk7FO4jF3hkrOa+YRidinTCi8JBo0Y
-jx4Ci3Y5x6nvwkXhKzXapd7YmPNisUc5xA7/a+W71cyC0IKUwRc/8pYWLL3R3CpR
-YiV8gf6gwzOckQKCAQEAyI9CSNoAQH4zpS8B9PF8zILqEEuun8m1f5JB3hQnfWzm
-7uz/zg6I0TkcCE0AJVSKPHQm1V9+TRbF9+DiOWHEYYzPmK8h63SIufaWxZPqai4E
-PUj6eQWykBUVJ96n6/AW0JHRZ+WrJ5RXBqCLuY7NP6wDhORrCJjBwaGMohNpbKPS
-H3QewsoxCh+CEXKdKyy+/yU/f4E89PlHapkW1/bDJ5u7puSD+KvmiDDIXSBncdOO
-uFT8n+XH5IwgjdXFSDim15rQ8jD2l2xLcwKboTpx5GeRl8oB1VGm0fUbBn1dvGPG
-4WfHGyrp9VNZtP160WoHr+vRVPqvHNkoeAlCfEwQCQKCAQBN1dtzLN0HgqE8TrOE
-ysEDdTCykj4nXNoiJr522hi4gsndhQPLolb6NdKKQW0S5Vmekyi8K4e1nhtYMS5N
-5MFRCasZtmtOcR0af87WWucZRDjPmniNCunaxBZ1YFLsRl+H4E6Xir8UgY8O7PYY
-FNkFsKIrl3x4nU/RHl8oKKyG9Dyxbq4Er6dPAuMYYiezIAkGjjUCVjHNindnQM2T
-GDx2IEe/PSydV6ZD+LguhyU88FCAQmI0N7L8rZJIXmgIcWW0VAterceTHYHaFK2t
-u1uB9pcDOKSDnA+Z3kiLT2/CxQOYhQ2clgbnH4YRi/Nm0awsW2X5dATklAKm5GXL
-bLSRAoIBAQClaNnPQdTBXBR2IN3pSZ2XAkXPKMwdxvtk+phOc6raHA4eceLL7FrU
-y9gd1HvRTfcwws8gXcDKDYU62gNaNhMELWEt2QsNqS/2x7Qzwbms1sTyUpUZaSSL
-BohLOKyfv4ThgdIGcXoGi6Z2tcRnRqpq4BCK8uR/05TBgN5+8amaS0ZKYLfaCW4G
-nlPk1fVgHWhtAChtnYZLuKg494fKmB7+NMfAbmmVlxjrq+gkPkxyqXvk9Vrg+V8y
-VIuozu0Fkouv+GRpyw4ldtCHS1hV0eEK8ow2dwmqCMygDxm58X10mYn2b2PcOTl5
-9sNerUw1GNC8O66K+rGgBk4FKgXmg8kZAoIBABBcuisK250fXAfjAWXGqIMs2+Di
-vqAdT041SNZEOJSGNFsLJbhd/3TtCLf29PN/YXtnvBmC37rqryTsqjSbx/YT2Jbr
-Bk3jOr9JVbmcoSubXl8d/uzf7IGs91qaCgBwPZHgeH+kK13FCLexz+U9zYMZ78fF
-/yO82CpoekT+rcl1jzYn43b6gIklHABQU1uCD6MMyMhJ9Op2WmbDk3X+py359jMc
-+Cr2zfzdHAIVff2dOV3OL+ZHEWbwtnn3htKUdOmjoTJrciFx0xNZJS5Q7QYHMONj
-yPqbajyhopiN01aBQpCSGF1F1uRpWeIjTrAZPbrwLl9YSYXz0AT05QeFEFk=
------END RSA PRIVATE KEY-----

make/common/templates/db/env

@@ -1 +0,0 @@
-POSTGRES_PASSWORD=$db_password

make/common/templates/jobservice/config.yml

@@ -1,41 +0,0 @@
----
-#Protocol used to serve
-protocol: "http"
-
-#Config certification if use 'https' protocol
-#https_config:
-#  cert: "server.crt"
-#  key: "server.key"
-
-#Server listening port
-port: 8080
-
-#Worker pool
-worker_pool:
-  #Worker concurrency
-  workers: $max_job_workers
-  backend: "redis"
-  #Additional config if use 'redis' backend
-  redis_pool:
-    #redis://[arbitrary_username:password@]ipaddress:port/database_index
-    redis_url: $redis_url
-    namespace: "harbor_job_service_namespace"
-#Loggers for the running job
-job_loggers:
-  - name: "STD_OUTPUT" # logger backend name, only support "FILE" and "STD_OUTPUT"
-    level: "INFO" # INFO/DEBUG/WARNING/ERROR/FATAL
-  - name: "FILE"
-    level: "INFO"
-    settings: # Customized settings of logger
-      base_dir: "/var/log/jobs"
-    sweeper:
-      duration: 1 #days
-      settings: # Customized settings of sweeper
-        work_dir: "/var/log/jobs"
-
-#Loggers for the job service
-loggers:
-  - name: "STD_OUTPUT" # Same with above
-    level: "INFO"
-#Admin server endpoint
-admin_server: "http://adminserver:8080/"

make/common/templates/jobservice/env

@@ -1,3 +0,0 @@
-CORE_SECRET=$core_secret
-JOBSERVICE_SECRET=$jobservice_secret
-CORE_URL=$core_url

make/common/templates/log/logrotate.conf

@@ -1,8 +0,0 @@
-/var/log/docker/*.log {
-        rotate $log_rotate_count
-        size $log_rotate_size
-        copytruncate
-        compress
-        missingok
-        nodateext
-}

make/common/templates/nginx/nginx.http.conf

@@ -1,124 +0,0 @@
-worker_processes auto;
-
-events {
-  worker_connections 1024;
-  use epoll;
-  multi_accept on;
-}
-
-http {
-  tcp_nodelay on;
-
-  # this is necessary for us to be able to disable request buffering in all cases
-  proxy_http_version 1.1;
-
-  upstream core {
-    server core:8080;
-  }
-
-  upstream portal {
-    server portal:80;
-  }
-
-  log_format timed_combined '$$remote_addr - '
-    '"$$request" $$status $$body_bytes_sent '
-    '"$$http_referer" "$$http_user_agent" '
-    '$$request_time $$upstream_response_time $$pipe';
-
-  access_log /dev/stdout timed_combined;
-
-  server {
-    listen 80;
-    server_tokens off;
-    # disable any limits to avoid HTTP 413 for large image uploads
-    client_max_body_size 0;
-
-    # costumized location config file can place to /etc/nginx/etc with prefix harbor.http. and suffix .conf
-    include /etc/nginx/conf.d/harbor.http.*.conf;
-
-    location / {
-      proxy_pass http://portal/;
-      proxy_set_header Host $$host;
-      proxy_set_header X-Real-IP $$remote_addr;
-      proxy_set_header X-Forwarded-For $$proxy_add_x_forwarded_for;
-
-      # When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings.
-      proxy_set_header X-Forwarded-Proto $$scheme;
-      
-      proxy_buffering off;
-      proxy_request_buffering off;
-    }
-
-    location /c/ {
-      proxy_pass http://core/c/;
-      proxy_set_header Host $$host;
-      proxy_set_header X-Real-IP $$remote_addr;
-      proxy_set_header X-Forwarded-For $$proxy_add_x_forwarded_for;
-
-      # When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings.
-      proxy_set_header X-Forwarded-Proto $$scheme;
-      
-      proxy_buffering off;
-      proxy_request_buffering off;
-    }
-
-    location /api/ {
-      proxy_pass http://core/api/;
-      proxy_set_header Host $$host;
-      proxy_set_header X-Real-IP $$remote_addr;
-      proxy_set_header X-Forwarded-For $$proxy_add_x_forwarded_for;
-
-      # When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings.
-      proxy_set_header X-Forwarded-Proto $$scheme;
-      
-      proxy_buffering off;
-      proxy_request_buffering off;
-    }
-
-    location /chartrepo/ {
-      proxy_pass http://core/chartrepo/;
-      proxy_set_header Host $$host;
-      proxy_set_header X-Real-IP $$remote_addr;
-      proxy_set_header X-Forwarded-For $$proxy_add_x_forwarded_for;
-
-      # When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings.
-      proxy_set_header X-Forwarded-Proto $$scheme;
-      
-      proxy_buffering off;
-      proxy_request_buffering off;
-    }
-
-    location /v1/ {
-      return 404;
-    }
-
-    location /v2/ {
-      proxy_pass http://core/v2/;
-      proxy_set_header Host $$http_host;
-      proxy_set_header X-Real-IP $$remote_addr;
-      proxy_set_header X-Forwarded-For $$proxy_add_x_forwarded_for;
-
-      # When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings.
-      proxy_set_header X-Forwarded-Proto $$scheme;
-      proxy_buffering off;
-      proxy_request_buffering off;
-    }
-
-    location /service/ {
-      proxy_pass http://core/service/;
-      proxy_set_header Host $$host;
-      proxy_set_header X-Real-IP $$remote_addr;
-      proxy_set_header X-Forwarded-For $$proxy_add_x_forwarded_for;
-
-      # When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings.
-      proxy_set_header X-Forwarded-Proto $$scheme;
-
-      proxy_buffering off;
-      proxy_request_buffering off;
-    }
-
-  location /service/notifications {
-      return 404;
-    }
-  }
-}

make/common/templates/nginx/nginx.https.conf

@@ -1,149 +0,0 @@
-worker_processes auto;
-
-events {
-  worker_connections 1024;
-  use epoll;
-  multi_accept on;
-}
-
-http {
-  tcp_nodelay on;
-  include /etc/nginx/conf.d/*.upstream.conf;
-
-  # this is necessary for us to be able to disable request buffering in all cases
-  proxy_http_version 1.1;
-
-  upstream core {
-    server core:8080;
-  }
-
-  upstream portal {
-    server portal:80;
-  }
-  
-  log_format timed_combined '$$remote_addr - '
-    '"$$request" $$status $$body_bytes_sent '
-    '"$$http_referer" "$$http_user_agent" '
-    '$$request_time $$upstream_response_time $$pipe';
-
-  access_log /dev/stdout timed_combined;
-
-  include /etc/nginx/conf.d/*.server.conf;
-
-  server {
-    listen 443 ssl;
-#    server_name harbordomain.com;
-    server_tokens off;
-    # SSL
-    ssl_certificate $ssl_cert;
-    ssl_certificate_key $ssl_cert_key;
-  
-    # Recommendations from https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
-    ssl_protocols TLSv1.1 TLSv1.2;
-    ssl_ciphers '!aNULL:kECDH+AESGCM:ECDH+AESGCM:RSA+AESGCM:kECDH+AES:ECDH+AES:RSA+AES:';
-    ssl_prefer_server_ciphers on;
-    ssl_session_cache shared:SSL:10m;
-  
-    # disable any limits to avoid HTTP 413 for large image uploads
-    client_max_body_size 0;
-  
-    # required to avoid HTTP 411: see Issue #1486 (https://github.com/docker/docker/issues/1486)
-    chunked_transfer_encoding on;
-
-    # costumized location config file can place to /etc/nginx dir with prefix harbor.https. and suffix .conf
-    include /etc/nginx/conf.d/harbor.https.*.conf;
-
-    location / {
-      proxy_pass http://portal/;
-      proxy_set_header Host $$http_host;
-      proxy_set_header X-Real-IP $$remote_addr;
-      proxy_set_header X-Forwarded-For $$proxy_add_x_forwarded_for;
-      
-      # When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings.
-      proxy_set_header X-Forwarded-Proto $$scheme;
-
-      # Add Secure flag when serving HTTPS
-      proxy_cookie_path / "/; secure";
-
-      proxy_buffering off;
-      proxy_request_buffering off;
-    }
-
-    location /c/ {
-      proxy_pass http://core/c/;
-      proxy_set_header Host $$host;
-      proxy_set_header X-Real-IP $$remote_addr;
-      proxy_set_header X-Forwarded-For $$proxy_add_x_forwarded_for;
-
-      # When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings.
-      proxy_set_header X-Forwarded-Proto $$scheme;
-      
-      proxy_buffering off;
-      proxy_request_buffering off;
-    }
-  
-    location /api/ {
-      proxy_pass http://core/api/;
-      proxy_set_header Host $$host;
-      proxy_set_header X-Real-IP $$remote_addr;
-      proxy_set_header X-Forwarded-For $$proxy_add_x_forwarded_for;
-
-      # When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings.
-      proxy_set_header X-Forwarded-Proto $$scheme;
-      
-      proxy_buffering off;
-      proxy_request_buffering off;
-    }
-
-    location /chartrepo/ {
-      proxy_pass http://core/chartrepo/;
-      proxy_set_header Host $$host;
-      proxy_set_header X-Real-IP $$remote_addr;
-      proxy_set_header X-Forwarded-For $$proxy_add_x_forwarded_for;
-
-      # When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings.
-      proxy_set_header X-Forwarded-Proto $$scheme;
-      
-      proxy_buffering off;
-      proxy_request_buffering off;
-    }
-
-    location /v1/ {
-      return 404;
-    }
-
-    location /v2/ {
-      proxy_pass http://core/v2/;
-      proxy_set_header Host $$http_host;
-      proxy_set_header X-Real-IP $$remote_addr;
-      proxy_set_header X-Forwarded-For $$proxy_add_x_forwarded_for;
-      
-      # When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings.
-      proxy_set_header X-Forwarded-Proto $$scheme;
-      proxy_buffering off;
-      proxy_request_buffering off;
-    }
-
-    location /service/ {
-      proxy_pass http://core/service/;
-      proxy_set_header Host $$http_host;
-      proxy_set_header X-Real-IP $$remote_addr;
-      proxy_set_header X-Forwarded-For $$proxy_add_x_forwarded_for;
-      
-      # When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings.
-      proxy_set_header X-Forwarded-Proto $$scheme;
-
-      proxy_buffering off;
-      proxy_request_buffering off;
-    }
-	
-	location /service/notifications {
-      return 404;
-    }
-  }
-    server {
-      listen 80;
-      #server_name harbordomain.com;
-      return 308 https://$$host$$request_uri;
-  } 
-}

make/common/templates/nginx/notary.server.conf

@@ -1,33 +0,0 @@
-  server {
-    listen 4443 ssl;
-    server_tokens off;
-    # ssl
-    ssl_certificate $ssl_cert;
-    ssl_certificate_key $ssl_cert_key;
-  
-    # recommendations from https://raymii.org/s/tutorials/strong_ssl_security_on_nginx.html
-    ssl_protocols tlsv1.1 tlsv1.2;
-    ssl_ciphers '!aNULL:kECDH+AESGCM:ECDH+AESGCM:RSA+AESGCM:kECDH+AES:ECDH+AES:RSA+AES:';
-    ssl_prefer_server_ciphers on;
-    ssl_session_cache shared:ssl:10m;
-  
-    # disable any limits to avoid http 413 for large image uploads
-    client_max_body_size 0;
-  
-    # required to avoid http 411: see issue #1486 (https://github.com/docker/docker/issues/1486)
-    chunked_transfer_encoding on;
-
-    location /v2/ {
-      proxy_pass http://notary-server/v2/;
-      proxy_set_header Host $$http_host;
-      proxy_set_header X-Real-IP $$remote_addr;
-      proxy_set_header X-Forwarded-For $$proxy_add_x_forwarded_for;
-
-      # When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings.
-      proxy_set_header X-Forwarded-Proto $$scheme;
-
-      proxy_buffering off;
-      proxy_request_buffering off;
-    }
-  }
-

make/common/templates/nginx/notary.upstream.conf

@@ -1,4 +0,0 @@
-
- upstream notary-server {
-   server notary-server:4443;
- }

make/common/templates/notary/notary-signer-ca.crt

@@ -1,32 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFhjCCA26gAwIBAgIJALJdsE+BUxypMA0GCSqGSIb3DQEBCwUAMF8xCzAJBgNV
-BAYTAlVTMQswCQYDVQQIDAJDQTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzEPMA0G
-A1UECgwGRG9ja2VyMRowGAYDVQQDDBFOb3RhcnkgVGVzdGluZyBDQTAeFw0xNzAx
-MjMwNjAzMzZaFw0yNzAxMjEwNjAzMzZaMF8xCzAJBgNVBAYTAlVTMQswCQYDVQQI
-DAJDQTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzEPMA0GA1UECgwGRG9ja2VyMRow
-GAYDVQQDDBFOb3RhcnkgVGVzdGluZyBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIP
-ADCCAgoCggIBALIZNBcIoQDJql5w+XULXq9W3tmD47xnf+IG4u7hkDVPCT4xRG74
-LBoSuFyPUrfT+tsibMlNG6XRtSfLQdNNeQuyIuiilNXV0kXB0RR3TrhxCaKdhRU5
-oQGfpYMvbPNFB7WU/5aAiQutHH85hEMPECf1qPjq8YlUaXJLGFY3WRkW+OOBZ78U
-00PqKlvC1kR/NbsV3IkMrO+vWWJQrPFusyYjQ511eQXnRtt8P0Qic0azPffQDVxC
-WUe47hmdQ1AULbxQ9AZcPlMI7UFqo+/w/4hPEGJMeOWirLvHLXg4nsOwy7DfWl/n
-MqLdJOC/KNfQVAQtkteeZZkkIIV1gxTPYsJqPNwkP9GdJK1A8NW1ef75v7xbQCPY
-03QQonBEK7ny7b1xXGGgJzXvK9RP0UUwjt/815c4d0cgUHsy4yuvl2F44EObRshk
-fjJVsN/0wrtq4QLE5ZvbeO+7to8dLcRxkmB8axhxahega7akUyY0WxZ+iSn6fzft
-/xeCcs/L10V5z0kK4PbiNnooDzV4B6Dy/5oyNExw0jgpD0mzOK5aLb0tXGqFT/ZJ
-9vydelBq5q4jLV7SHhHM1dBJSv1fl7vOpDlEr7LBd4YAO2BowoyGLHtLhgYybXF+
-CZ9ywPb1dIIcdK5IVeZECNHMSBuhCRZUu+aun8tRcdSgLEX7mQ/GKWELAgMBAAGj
-RTBDMBIGA1UdEwEB/wQIMAYBAf8CAQEwDgYDVR0PAQH/BAQDAgFGMB0GA1UdDgQW
-BBSWWbcCebeEgZlWk2/k+abh+bEFpDANBgkqhkiG9w0BAQsFAAOCAgEAQ9gA3Q4b
-r2+ZJdIDoDzCNdtHQbb/d1NiUP/Na1MFo7omR3MnKGXy3dIp9IrQq6ROhlqUhDvl
-pZegYhTbunTVv1KKJ+5n1hY6pG/Jr8oLY3b9i4qwDLKfQGm5PmrfwAtqbLSfY2M0
-2AZyAhCdGbqB7WpTdG1J7DzGbVVWAtS05e24Mu0qZJvpHdtl4+t89vXgJ/bPrPxF
-cpAlT9DOtobTEqrXZeS937F1qNyIgyBki+7mtxkwng5cf3zQM2BJ9lSFQJOBSRDr
-haMcnaPI4pknO7OfYf5W9LaS1Dx/U/NeMBfnVBd9NjUw+TMjy2MdMLUaLa9EF7Jo
-Gjk+fKaTaUgO8I487wHPMeoEA4A4dEePzGrybRLfl1ZYGQ0xcgunz64n2xfQIy2y
-swiyaofYlLxzHzOL0N+Y76P0ic37t9R2F5ggNhfbXhClK2h4HmdjRRRt3VkxR4AD
-7OM09bEhlZby34HOlCaC0PHKwYBMjneAG3ycPN88YTMYR2/KizExe71ayNwX2KHL
-ib1nOZgZT6s+YvgsZ7lRmMD4iqjuAEh5SRAcWlolVif8bAy09BkY1vwrtgV73q88
-heEbsCE1fsfk1OfH5W4yjjiSDZFRt5oTCPQWJp+2P0RJ9LCxcbf0RrCg3hg5rD9N
-lVTA0dsixv5zF3wTuad9inhk9Rmlq1KoaqA=
------END CERTIFICATE-----

make/common/templates/notary/notary-signer.crt

@@ -1,32 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFdjCCA14CCQCeVwANSZmmiDANBgkqhkiG9w0BAQsFADCBhDELMAkGA1UEBhMC
-VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVBhbG8gQWx0bzEVMBMG
-A1UECgwMVk13YXJlLCBJbmMuMQ8wDQYDVQQLDAZIYXJib3IxJDAiBgNVBAMMG1Nl
-bGYtc2lnbmVkIGJ5IFZNd2FyZSwgSW5jLjAeFw0xNzAzMjQwNTMyMDBaFw0yNzAz
-MjIwNTMyMDBaMHUxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIw
-EAYDVQQHDAlQYWxvIEFsdG8xFTATBgNVBAoMDFZNd2FyZSwgSW5jLjEPMA0GA1UE
-CwwGSGFyYm9yMRUwEwYDVQQDDAxub3RhcnlzaWduZXIwggIiMA0GCSqGSIb3DQEB
-AQUAA4ICDwAwggIKAoICAQC6TV2RCoH8d1g6xFvDo4FL9v+pGLe5+bu9ryjTaLbN
-dH/Cmf5/8WrmgJ3vG2Ksk796J7qsVddwvQkZn6NwDm2Tm+ETMCG85yEA3jl4Kr9R
-XfWHYWEavv0vsq6M+bUSSq7VJAhgk4wfx6qJBnFX2qKpODeYLHaHxU1EnIXrStNf
-IqR4Eu0Xre8jAkzrDdaFy/KnX4HGgNdz413CXzBCKEuu3VJj07ZvonnTzOgoLvh8
-+PCoQ2M4OBPT9gHqUov1I8nWnrjc+HuM1BW3YIGCB5TV9x0Y7hjvkr4E38gbJURj
-uDwg8jof4lMRmU/FHXFLt1ucGwNFUJdPwI7dyEKRA03Lr7htfP5sa9tmv3L93dKD
-po1gW1LsfiM3Cur5jARM/hBA+eYJr12Laf9oL59r8JmweqF3zRSwGSY336XoR/Fv
-/PAFs9vfKKWZp0uiRtuY9JZNRTF8trnfNf1957bND+DS2HWPmWkw4yK6CGa0s55X
-adiDt4gDFvKjl68dBWZoHutY+cZy/hK1D5uqagcX1kzbr/Pzy1gsq9FBBwaTJqBu
-YIAsSuzP+7NNZXoPd3rg13V93pbZr8eQN5VOQIBZK83xZEtHSJBEdUSuBOo3JS7j
-/rjEnspRqOI4soFnx1vaK0TrRyzJ5KBOuGpW4u8/ZUdIq8KIE30Mj/XI/sgAPr5j
-UQIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQBjqYBm/FRqyMH2hnHA0TMXY/WPufJ8
-TX10daELCAYJCEETXmUt1i7dnFxdAZXTnHENHdNYiS4nGBfqMLmODtcAamcv6Dcl
-JnyQPt3QlCDPKkcHgz3y4tvDDx6M5rFWYzN9QLiWAYrunIk1R4Jj7FODrM6/NODE
-0Mz1czWfsmLfX/jF80SsxnY1DCLKGgo6/RID3xTp4eIMboxCfeH2/yDA+6YPyYbV
-Si4ccwo9Foq0IYU8bimPNTyBQ0N+8ajcn328ql6aazmr894Ch5pWA3Qxaa98FcKS
-zokBvmmCuvCJ9HOmxKWdFEhSRS9GWxn7wg78UIlLP/8RfUrsecBJHgyhWRA7Qs3K
-keiG68Zrhn456IdMxjCZXgJ7gAAe77n4Cz8sFEHAvnAg9JLNEHuEBV5H1Hb7TzET
-k0lPiEY78QjutOpqHsWiagqSjlGEMqKI9c8WxXHh9030T/6NnWkdXFo+4HaEZEpp
-0JryASS53B5SwLIPrn0Y2/io/kRgbglGktPt6Ex0DwW3f96lcz3me34Nw+HOYYnz
-b0cz7JqJZgFXfEnykic3IwZs7m7Xrl9B/vvaVub9Fb5LQ7rIzrO7VkoILov/G41B
-Pd4/kagjXDTWd+UBMvZF6YGjr+TUZi5ooi7bvQ3X6N9WNYKW4a1DOokz9janStiL
-MrTKyOEOBi0Aew==
------END CERTIFICATE-----

make/common/templates/notary/notary-signer.key

@@ -1,52 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQC6TV2RCoH8d1g6
-xFvDo4FL9v+pGLe5+bu9ryjTaLbNdH/Cmf5/8WrmgJ3vG2Ksk796J7qsVddwvQkZ
-n6NwDm2Tm+ETMCG85yEA3jl4Kr9RXfWHYWEavv0vsq6M+bUSSq7VJAhgk4wfx6qJ
-BnFX2qKpODeYLHaHxU1EnIXrStNfIqR4Eu0Xre8jAkzrDdaFy/KnX4HGgNdz413C
-XzBCKEuu3VJj07ZvonnTzOgoLvh8+PCoQ2M4OBPT9gHqUov1I8nWnrjc+HuM1BW3
-YIGCB5TV9x0Y7hjvkr4E38gbJURjuDwg8jof4lMRmU/FHXFLt1ucGwNFUJdPwI7d
-yEKRA03Lr7htfP5sa9tmv3L93dKDpo1gW1LsfiM3Cur5jARM/hBA+eYJr12Laf9o
-L59r8JmweqF3zRSwGSY336XoR/Fv/PAFs9vfKKWZp0uiRtuY9JZNRTF8trnfNf19
-57bND+DS2HWPmWkw4yK6CGa0s55XadiDt4gDFvKjl68dBWZoHutY+cZy/hK1D5uq
-agcX1kzbr/Pzy1gsq9FBBwaTJqBuYIAsSuzP+7NNZXoPd3rg13V93pbZr8eQN5VO
-QIBZK83xZEtHSJBEdUSuBOo3JS7j/rjEnspRqOI4soFnx1vaK0TrRyzJ5KBOuGpW
-4u8/ZUdIq8KIE30Mj/XI/sgAPr5jUQIDAQABAoICAQCqIgbFcqwcK7zWBgWrFsD3
-53u4J4t4+df6NGB7F9CAtdgKlej1XDl8gI46Em89HLwqyOdPhCD3opoR3Vg69+IX
-f62+gSD+SrA4A7jFxXvryXt0g3hTHYFHssx2j39NUghxOrOvxm6bgxJ4ifqt+Uq8
-cEtM26Xu/T4/3xTpN+7pnVBHGzmLe1q8RNiLe5qhmwtgz/ZKmdSnz0YLQDRo5jWf
-Xhxkb63WKrFIu4JzV9my/v9/GfMdHxD0a196ZqHLX0Buj4pQuVbS18dxLF94qIXC
-FCZtYtpAxmhjOR2btJ/M1S2MBMkR3vRvSOuxHd8d/zdYys5k2WElArs1TDGGDldW
-jp3FYkoygsdWTs056HM1Y9F8dV2KAWfAhEQD8mBIGVjMrCqpnyZcK6JkqVg9c7YW
-IYQ2JRwsHq58FMNa3TLTvf/OClhEfSbRWAF0AhMTpnSUgP06cbJeXyzqzHdE37hv
-74OBx7KNoS+PEQ3lVgbHsWoUzf3SqB1IOzLyzuEUgHqON2GKmmCNcRMBi3DuV9tw
-Q8LWynNxhD8vyBkmo0kAd/FwgXrxJTGdYvxyn29I7QanCTH7o8wtjSE0jj9Qo7oC
-McAYGR6oTAjrT78KhI7aZJU5nuA6ySSCJRa6et1CC+SseWknyMMJ5HTo8l7jjXJA
-9hjNGGs6giOxznizf+2YAQKCAQEA9wRQk4yN402tfuicvfQBnFUtcpqctWSgGc0T
-qzWJgH/W07FMUHzAvqCgsYMMaeteXOMZH7jijvtIlhYfIg5w+RJ9PSsSu680OzGN
-R31+l2B/QzRAHUJ6+OVgWxAn6awU1mYLaiwVmSNWEnjAPE4XeSK708OOganI3pBQ
-8zOHj+j6uV8ddG79D6FqNJHAQwpou/p+XO/BGDFgX22x4F68Z0gCQcmoyAE7ppOp
-dqq3lPoDbRQ02/5cqaIA6dhmfjK2cpz4y1nUxffzY7qJjpoB/YSdR66cCNiYcJzp
-fMVBXhF9Iyj/Cah1w+hc0NOy9dW15afFaLFK0zrtAzEaVxH/0QKCAQEAwRPOwSCl
-XrMYXmc91TF6XbhErILHK/pIEOIMF09KNJvSjY0188Ram/pFbPRYh0cIyASmRGXL
-Qq5B1Qi0vx5TCq1OCrW2yeE7zboAlnADhk1u9N8YmL6JrCKVGQO7wFD3V8uphXdM
-tixNa5WvJ6eE5Vq+SVy99V5pQgb8ErrISlW4MYK7LI7DruSDuM2tHtiOcXcdTVej
-1stXJZkH46RYvxxid9tRzfiB8K5ziZfLwPNf2wRyj1J4ojn5pPNhhfkjJ24LCZGt
-JxwSXqdP+4x7by6x3mU+hutU/lF3jl+0edSnU0cZ6lvuq2T5YGgda/VXlv1ZFQUw
-rwUXD9unU+aLgQKCAQEA9R74/pI5sthAVHFsKStb9dComtNGstI59aCF5h3oZvV1
-Lvj/q9dARWqMS9qplOoV58MMCWikmhJNw3IMTvVZsjBgyzRVEJ4aDKttcQXde0Ys
-w3m0LdTsxtSHu5XapY032FHG/gLlI+Pm48mjqbQsou6OyOOEJLNhO0qmqc/2tB4T
-v6PdTM9enAYnqCcCTQSlTfSTNJJOYT2OTuRB4U7hUvQoGTSOInrmwLRDNBjQuCso
-/zNQCQbu2P6EPYmam5yjZDTUxqZL+G/GvK49Fp9JXlQc5ycke7rD+uwa3s+3wCtG
-rH9gJitfQZrxj+Cj9EOwj0bfJLbac6ZD0CkH5GNeIQKCAQBdoGFOPapzdZ2HicDu
-NQQFlmmWzgQPS1rO9Q6v7v8o67b6dVOIVdsqb/5ii0qyrruPYtHNsR8TwrShvYsI
-cogKUWfawatV0ibR6DSIvuC2q632iIjA6QSRuGNcsfbFl32Z0WTvF57XaDxSw08g
-h5dmMM69fH+REKsyHXj3DCQ8B70+JQrm3IP/t0g4wWQF5TWNyBkpfCoy6n/j94Vf
-2j4+zmDhhjTxEGTSdYYJXtarRllhN5Ll9TQSVtK8LllIQjvNzwsDJOU2ZeJyi+e5
-L7Jbg+U01xuvCUc52/+Bxt8ZhQlu1Le4ccQW0Ows19AMnfhPe6NLEi09cdZxFi7Z
-/J4BAoIBABCzkBDFxZdfWYt69VBt9PSG8eJ6avny3hXCtKaHIQb+aD5nKjRP0DVh
-gyutCo6RasMEc6D1tJGyR/Xvhm64q4JPb5UbSaRQiVYKdgRtMM9pZeBkcBtNs18K
-yMx5ajgYorrbi86hXHX7q+JYP8MCbcqqAUSl/Hi8nPxc1foTiCNDf4kGoHvXmoxt
-0tA65tFFQhEA6KBn68SDkyTsl/zb5Sx0GJY4kZkOeF3GaxPFX12skgXv95GJUskX
-88RJsH4Qqqtzbzj8R241BH8OrcOoyELc6xPioEqUHKVxSIf2ylITbj0UQHd2u0mN
-tajKl+aoc+CDxUYbilzhhKetWWF/cJY=
------END PRIVATE KEY-----

make/common/templates/notary/server-config.json

@@ -1,28 +0,0 @@
-{
-	"server": {
-		"http_addr": ":4443"
-	},
-	"trust_service": {
-		"type": "remote",
-		"hostname": "notarysigner",
-		"port": "7899",
-		"tls_ca_file": "./notary-signer-ca.crt",
-		"key_algorithm": "ecdsa"
-	},
-	"logging": {
-		"level": "debug"
-	},
-	"storage": {
-		"backend": "mysql",
-		"db_url": "server@tcp(mysql:3306)/notaryserver?parseTime=True"
-	},
-    "auth": {
-        "type": "token",
-        "options": {
-            "realm": "$token_endpoint/service/token",
-            "service": "harbor-notary",
-            "issuer": "harbor-token-issuer",
-            "rootcertbundle": "/etc/notary/root.crt"
-        }
-    }
-}

make/common/templates/notary/server-config.postgres.json

@@ -1,28 +0,0 @@
-{
-	"server": {
-		"http_addr": ":4443"
-	},
-	"trust_service": {
-		"type": "remote",
-		"hostname": "notarysigner",
-		"port": "7899",
-		"tls_ca_file": "./notary-signer-ca.crt",
-		"key_algorithm": "ecdsa"
-	},
-	"logging": {
-		"level": "debug"
-	},
-	"storage": {
-		"backend": "postgres",
-		"db_url": "postgres://server:password@postgresql:5432/notaryserver?sslmode=disable"
-    },
-    "auth": {
-        "type": "token",
-        "options": {
-            "realm": "$token_endpoint/service/token",
-            "service": "harbor-notary",
-            "issuer": "harbor-token-issuer",
-            "rootcertbundle": "/etc/notary/root.crt"
-        }
-    }
-}

make/common/templates/notary/server_env

@@ -1,2 +0,0 @@
-MIGRATIONS_PATH=migrations/server/postgresql
-DB_URL=postgres://server:password@postgresql:5432/notaryserver?sslmode=disable

make/common/templates/notary/signer-config.json

@@ -1,15 +0,0 @@
-{
-	"server": {
-		"grpc_addr": ":7899",
-		"tls_cert_file": "./notary-signer.crt",
-		"tls_key_file": "./notary-signer.key"
-	},
-	"logging": {
-		"level": "debug"
-	},
-	"storage": {
-		"backend": "mysql",
-		"db_url": "signer@tcp(mysql:3306)/notarysigner?parseTime=True",
-        "default_alias":"defaultalias"
-	}
-}

make/common/templates/notary/signer-config.postgres.json

@@ -1,15 +0,0 @@
-{
-	"server": {
-		"grpc_addr": ":7899",
-		"tls_cert_file": "./notary-signer.crt",
-		"tls_key_file": "./notary-signer.key"
-	},
-	"logging": {
-		"level": "debug"
-	},
-    "storage": {
-        "backend": "postgres",
-		    "db_url": "postgres://signer:password@postgresql:5432/notarysigner?sslmode=disable",
-		    "default_alias":"defaultalias"
-    }
-}  

make/common/templates/notary/signer_env

@@ -1,3 +0,0 @@
-NOTARY_SIGNER_DEFAULTALIAS=$alias
-MIGRATIONS_PATH=migrations/signer/postgresql
-DB_URL=postgres://signer:password@postgresql:5432/notarysigner?sslmode=disable

make/common/templates/registry/config.yml

@@ -1,39 +0,0 @@
-version: 0.1
-log:
-  level: info
-  fields:
-    service: registry
-storage:
-  cache:
-    layerinfo: redis
-  $storage_provider_info
-  maintenance:
-    uploadpurging:
-      enabled: false
-  delete:
-    enabled: true
-redis:
-  addr: $redis_host:$redis_port
-  password: $redis_password
-  db: $redis_db_index_reg
-http:
-  addr: :5000
-  secret: placeholder
-  debug:
-    addr: localhost:5001
-auth:
-  token:
-    issuer: harbor-token-issuer
-    realm: $public_url/service/token
-    rootcertbundle: /etc/registry/root.crt
-    service: harbor-registry
-validation:
-  disabled: true
-notifications:
-  endpoints:
-  - name: harbor
-    disabled: false
-    url: $core_url/service/notifications
-    timeout: 3000ms
-    threshold: 5
-    backoff: 1s

make/common/templates/registry/root.crt

@@ -1,35 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIGBzCCA++gAwIBAgIJAKB8CNqCxhr7MA0GCSqGSIb3DQEBCwUAMIGZMQswCQYD
-VQQGEwJDTjEOMAwGA1UECAwFU3RhdGUxCzAJBgNVBAcMAkNOMRUwEwYDVQQKDAxv
-cmdhbml6YXRpb24xHDAaBgNVBAsME29yZ2FuaXphdGlvbmFsIHVuaXQxFDASBgNV
-BAMMC2V4YW1wbGUuY29tMSIwIAYJKoZIhvcNAQkBFhNleGFtcGxlQGV4YW1wbGUu
-Y29tMB4XDTE2MDUxNjAyNDY1NVoXDTI2MDUxNDAyNDY1NVowgZkxCzAJBgNVBAYT
-AkNOMQ4wDAYDVQQIDAVTdGF0ZTELMAkGA1UEBwwCQ04xFTATBgNVBAoMDG9yZ2Fu
-aXphdGlvbjEcMBoGA1UECwwTb3JnYW5pemF0aW9uYWwgdW5pdDEUMBIGA1UEAwwL
-ZXhhbXBsZS5jb20xIjAgBgkqhkiG9w0BCQEWE2V4YW1wbGVAZXhhbXBsZS5jb20w
-ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC2ky/K/XneJKbCbpOsWlQ7
-OwgYEQNsa044RkwSbTwPwgLafUZ3r9c5nkXE8APqAikTQQBwyiNjk7QeXgIOjJXd
-7+IpwGoU6Bi2miA21qfvJPknyDAqw9tT/ycGQrvkY6rnqd++ri30ZUByUgO0du6+
-aWHo7af5/G1HQz0tu6i1tIF1dhSHNeqJKwxyUG8vIiT/PfbtU/mXSdQ07M+4ojBC
-O7FgoOS+rWgbL3yhWUTrCXSV2HZlhksYBhtWGoFVRPVSf89iqL02h9rZEjmfVY6R
-QlCnzu9v49Q8WFU528f+gDNXr9v13PKEDmloMzTqWPaCyD2FBbEKBsWHXHf1zqlI
-jyGZV7rHZ3i0C1LI6bdDDP7M7aVs8O+RjxK+HmfFRg5us2t6g7zAevwwLpMZRAud
-S39F91Up7l9g8WXpViok/8vcsOdePvvWcWro8qJhuEHAnDdMzj2Cko1L85/vRM/a
-budWXK7Ix0TlPWPfHJc2SLFeqqcm5Iypf/cGabQ6f0oRt6bCfspFgX9upznT5FwZ
-R0o1w6Q3q+4xVl6LgZvEAudWppyz79RACJA/jbXZQ7uJkXAxoI0nev9vgY6XJqUj
-XIQDih2hmi/uTnNU7Me7w7pCYKPdHlNU652kaJSH6W6ZFGk2rEOCOeAuWO9pZTq2
-3IhuOcDAKOcmimlkzaWRGQIDAQABo1AwTjAdBgNVHQ4EFgQUPJF++WMsv1OJvf7F
-oCew37JTnfQwHwYDVR0jBBgwFoAUPJF++WMsv1OJvf7FoCew37JTnfQwDAYDVR0T
-BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAb5LvqukMxWd5Zajbh3orfYsXmhWn
-UWiwG176+bd3b5xMlG9iLd4vQ11lTZoIhFOfprRQzbizQ8BzR2JBQckpLcy+5hyA
-D3M9vLL37OwA0wT6kxFnd6LtlFaH5gG++huw2ts2PDXFz0jqw+0YE/R8ov2+YdaZ
-aPSEMunmAuEY1TbYWzz4u6PxycxhQzDQ34ZmJZ34Elvw1NYMfPMGTKp34PsxIcgT
-ao5jqb9RMU6JAumfXrOvXRjjl573vX2hgMZzEU6OF2/+uyg95chn6nO1GUQrT2+F
-/1xIqfHfFCm8+jujSDgqfBtGI+2C7No+Dq8LEyEINZe6wSQ81+ryt5jy5SZmAsnj
-V4OsSIwlpR5fLUwrFStVoUWHEKl1DflkYki/cAC1TL0Om+ldJ219kcOnaXDNaq66
-3I75BvRY7/88MYLl4Fgt7sn05Mn3uNPrCrci8d0R1tlXIcwMdCowIHeZdWHX43f7
-NsVk/7VSOxJ343csgaQc+3WxEFK0tBxGO6GP+Xj0XmdVGLhalVBsEhPjnmx+Yyrn
-oMsTA1Yrs88C8ItQn7zuO/30eKNGTnby0gptHiS6sa/c3O083Mpi8y33GPVZDvBl
-l9PfSZT8LG7SvpjsdgdNZlyFvTY4vsB+Vd5Howh7gXYPVXdCs4k7HMyo7zvzliZS
-ekCw9NGLoNqQqnA=
------END CERTIFICATE-----

make/common/templates/registryctl/config.yml

@@ -1,8 +0,0 @@
----
-protocol: "http"
-port: 8080
-log_level: "INFO"
-
-#https_config:
-#  cert: "server.crt"
-#  key: "server.key"

make/common/templates/registryctl/env

@@ -1,3 +0,0 @@
-CORE_SECRET=$core_secret
-JOBSERVICE_SECRET=$jobservice_secret
-

make/harbor.yml

@@ -12,7 +12,7 @@ hostname: reg.mydomain.com
 ui_url_protocol: https
 
 #Maximum number of job workers in job service  
-max_job_workers: 10 
+max_job_workers: 10
 
 #Determine whether or not to generate certificate for the registry's token.
 #If the value is on, the prepare script creates new root cert and private key 
@@ -55,20 +55,6 @@ no_proxy: 127.0.0.1,localhost,core,registry
 
 #************************BEGIN INITIAL PROPERTIES************************
 
-#Email account settings for sending out password resetting emails.
-
-#Email server uses the given username and password to authenticate on TLS connections to host and act as identity.
-#Identity left blank to act as username.
-email_identity:
-
-email_server: smtp.mydomain.com
-email_server_port: 25
-email_username: sample_admin@mydomain.com
-email_password: abc
-email_from: admin <sample_admin@mydomain.com>
-email_ssl: false
-email_insecure: false
-
 ##The initial password of Harbor admin, only works for the first time when Harbor starts. 
 #It has no effect after the first launch of Harbor.
 #Change the admin password from UI after launching Harbor.
@@ -78,52 +64,14 @@ harbor_admin_password: Harbor12345
 #Set it to ldap_auth if you want to verify a user's credentials against an LDAP server.
 auth_mode: db_auth
 
-#The url for an ldap endpoint.
-ldap_url: ldaps://ldap.mydomain.com
-
 #A user's DN who has the permission to search the LDAP/AD server. 
-#If your LDAP/AD server does not support anonymous search, you should configure this DN and ldap_search_pwd.
-#ldap_searchdn: uid=searchuser,ou=people,dc=mydomain,dc=com
-
-#the password of the ldap_searchdn
-#ldap_search_pwd: password
 
 #The base DN from which to look up a user in LDAP/AD
 ldap_basedn: ou=people,dc=mydomain,dc=com
 
-#Search filter for LDAP/AD, make sure the syntax of the filter is correct.
-#ldap_filter = (objectClass=person)
-
-# The attribute used in a search to match a user, it could be uid, cn, email, sAMAccountName or other attributes depending on your LDAP/AD  
-ldap_uid: uid 
-
-#the scope to search for users, 0-LDAP_SCOPE_BASE, 1-LDAP_SCOPE_ONELEVEL, 2-LDAP_SCOPE_SUBTREE
-ldap_scope: 2 
-
-#Timeout (in seconds)  when connecting to an LDAP Server. The default value (and most reasonable) is 5 seconds.
-ldap_timeout: 5
-
-#Verify certificate from LDAP server
-ldap_verify_cert: true
-
-#The base dn from which to lookup a group in LDAP/AD
-ldap_group_basedn: ou=group,dc=mydomain,dc=com
-
-#filter to search LDAP/AD group
-ldap_group_filter: objectclass=group
-
 #The attribute used to name a LDAP/AD group, it could be cn, name
 ldap_group_gid: cn
 
-#The scope to search for ldap groups. 0-LDAP_SCOPE_BASE, 1-LDAP_SCOPE_ONELEVEL, 2-LDAP_SCOPE_SUBTREE
-ldap_group_scope: 2
-
-#Turn on or off the self-registration feature
-self_registration: on
-
-#The expiration time (in minute) of token created by token service, default is 30 minutes
-token_expiration: 30
-
 #The flag to control what users have permission to create projects
 #The default value "everyone" allows everyone to creates a project. 
 #Set to "adminonly" so that only admin user can create project.
@@ -184,14 +132,6 @@ clair_updaters_interval: 12
 
 ##########End of Clair DB configuration############
 
-#The following attributes only need to be set when auth mode is uaa_auth
-uaa_endpoint: uaa.mydomain.org
-uaa_clientid: id
-uaa_clientsecret: secret
-uaa_verify_cert: true
-uaa_ca_cert: /path/to/ca.pem
-
-
 ### Harbor Storage settings ###
 #Please be aware that the following storage settings will be applied to both docker registry and helm chart repository.
 #registry_storage_provider can be: filesystem, s3, gcs, azure, etc.

make/photon/chartserver/builder

@@ -4,7 +4,7 @@ set +e
 
 usage(){
   echo "Usage: builder <golang image:version> <code path> <code release tag> <main.go path> <binary name>"
-  echo "e.g: builder golang:1.11.2 github.com/helm/chartmuseum v0.7.1 cmd/chartmuseum chartm"
+  echo "e.g: builder golang:1.11.2 github.com/helm/chartmuseum v0.8.1 cmd/chartmuseum chartm"
   exit 1
 }
 

make/photon/prepare/main.py

@@ -1,6 +1,5 @@
 import click
 
-from utils.admin_server import prepare_adminserver
 from utils.misc import delfile
 from utils.configs import validate, parse_yaml_config
 from utils.cert import prepare_ca, SSL_CERT_KEY_PATH, SSL_CERT_PATH, get_secret_key
@@ -16,7 +15,7 @@ from utils.clair import prepare_clair
 from utils.chart import prepare_chartmuseum
 from utils.docker_compose import prepare_docker_compose
 from utils.nginx import prepare_nginx, nginx_confd_dir
-from g import (config_dir, private_key_pem_template, config_file_path, core_cert_dir, private_key_pem, 
+from g import (config_dir, private_key_pem_template, config_file_path, core_cert_dir, private_key_pem,
 root_crt, root_cert_path_template, registry_custom_ca_bundle_config)
 
 # Main function
@@ -33,8 +32,7 @@ def main(conf, with_notary, with_clair, with_chartmuseum):
 
     prepare_log_configs(config_dict)
     prepare_nginx(config_dict)
-    prepare_adminserver(config_dict, with_notary=with_notary, with_clair=with_clair, with_chartmuseum=with_chartmuseum)
-    prepare_core(config_dict)
+    prepare_core(config_dict, with_notary=with_notary, with_clair=with_clair, with_chartmuseum=with_chartmuseum)
     prepare_registry(config_dict)
     prepare_registry_ctl(config_dict)
     prepare_db(config_dict)

make/photon/prepare/templates/core/env.jinja

@@ -2,7 +2,6 @@ LOG_LEVEL=info
 CONFIG_PATH=/etc/core/app.conf
 CORE_SECRET={{core_secret}}
 JOBSERVICE_SECRET={{jobservice_secret}}
-ADMINSERVER_URL={{adminserver_url}}
 UAA_CA_ROOT=/etc/core/certificates/uaa_ca.pem
 _REDIS_URL={{redis_host}}:{{redis_port}},100,{{redis_password}}
 SYNC_REGISTRY=false

make/photon/prepare/templates/docker_compose/docker-compose.yml.jinja

@@ -2,9 +2,16 @@ version: '2'
 services:
   log:
     image: goharbor/harbor-log:{{version}}
-    container_name: harbor-log 
+    container_name: harbor-log
     restart: always
     dns_search: .
+    cap_drop:
+      - ALL
+    cap_add:
+      - CHOWN
+      - DAC_OVERRIDE
+      - SETGID
+      - SETUID
     volumes:
       - {{log_location}}/:/var/log/docker/:z
       - ./common/config/log/:/etc/logrotate.d/:z
@@ -16,6 +23,12 @@ services:
     image: goharbor/registry-photon:{{reg_version}}
     container_name: registry
     restart: always
+    cap_drop:
+      - ALL
+    cap_add:
+      - CHOWN
+      - SETGID
+      - SETUID
     volumes:
       - {{data_volume}}/registry:/storage:z
       - ./common/config/registry/:/etc/registry/:z
@@ -39,6 +52,12 @@ services:
     env_file:
       - ./common/config/registryctl/env
     restart: always
+    cap_drop:
+      - ALL
+    cap_add:
+      - CHOWN
+      - SETGID
+      - SETUID
     volumes:
       - {{data_volume}}/registry:/storage:z
       - ./common/config/registry/:/etc/registry/:z
@@ -57,6 +76,13 @@ services:
     image: goharbor/harbor-db:{{version}}
     container_name: harbor-db
     restart: always
+    cap_drop:
+      - ALL
+    cap_add:
+      - CHOWN
+      - DAC_OVERRIDE
+      - SETGID
+      - SETUID
     volumes:
       - {{data_volume}}/database:/var/lib/postgresql/data:z
     networks:
@@ -81,32 +107,18 @@ services:
       options:  
         syslog-address: "tcp://127.0.0.1:1514"
         tag: "postgresql"
-  adminserver:
-    image: goharbor/harbor-adminserver:{{version}}
-    container_name: harbor-adminserver
-    env_file:
-      - ./common/config/adminserver/env
-    restart: always
-    volumes:
-      - {{data_volume}}/config/:/etc/adminserver/config/:z
-      - {{secretkey_path}}/secretkey:/etc/adminserver/key:z
-      - {{data_volume}}/:/data/:z
-    networks:
-      - harbor
-    dns_search: .
-    depends_on:
-      - log
-    logging:
-      driver: "syslog"
-      options:  
-        syslog-address: "tcp://127.0.0.1:1514"
-        tag: "adminserver"
   core:
     image: goharbor/harbor-core:{{version}}
     container_name: harbor-core
     env_file:
       - ./common/config/core/env
+      - ./common/config/core/config_env
     restart: always
+    cap_drop:
+      - ALL
+    cap_add:
+      - SETGID
+      - SETUID
     volumes:
       - ./common/config/core/app.conf:/etc/core/app.conf:z
       - ./common/config/core/private_key.pem:/etc/core/private_key.pem:z
@@ -133,7 +145,6 @@ services:
     dns_search: .
     depends_on:
       - log
-      - adminserver
       - registry
     logging:
       driver: "syslog"
@@ -144,6 +155,13 @@ services:
     image: goharbor/harbor-portal:{{version}}
     container_name: harbor-portal
     restart: always
+    cap_drop:
+      - ALL
+    cap_add:
+      - CHOWN
+      - SETGID
+      - SETUID
+      - NET_BIND_SERVICE
     networks:
       - harbor
     dns_search: .
@@ -162,6 +180,12 @@ services:
     env_file:
       - ./common/config/jobservice/env
     restart: always
+    cap_drop:
+      - ALL
+    cap_add:
+      - CHOWN
+      - SETGID
+      - SETUID
     volumes:
       - {{data_volume}}/job_logs:/var/log/jobs:z
       - ./common/config/jobservice/config.yml:/etc/jobservice/config.yml:z
@@ -174,7 +198,6 @@ services:
     depends_on:
       - redis
       - core
-      - adminserver
     logging:
       driver: "syslog"
       options:
@@ -184,6 +207,12 @@ services:
     image: goharbor/redis-photon:{{redis_version}}
     container_name: redis
     restart: always
+    cap_drop:
+      - ALL
+    cap_add:
+      - CHOWN
+      - SETGID
+      - SETUID
     volumes:
       - {{data_volume}}/redis:/var/lib/redis
     networks:
@@ -205,6 +234,13 @@ services:
     image: goharbor/nginx-photon:{{redis_version}}
     container_name: nginx
     restart: always
+    cap_drop:
+      - ALL
+    cap_add:
+      - CHOWN
+      - SETGID
+      - SETUID
+      - NET_BIND_SERVICE
     volumes:
       - ./common/config/nginx:/etc/nginx:z
       - {{cert_key_path}}:/etc/nginx/cert/server.key

make/photon/prepare/templates/registry/config.yml.jinja

@@ -27,6 +27,8 @@ auth:
     realm: {{public_url}}/service/token
     rootcertbundle: /etc/registry/root.crt
     service: harbor-registry
+validation:
+  disabled: true
 notifications:
   endpoints:
   - name: harbor

make/photon/prepare/utils/admin_server.py

@@ -1,30 +0,0 @@
-import os
-
-from g import config_dir, templates_dir
-from utils.misc import prepare_config_dir, generate_random_string
-from utils.jinja import render_jinja
-
-adminserver_config_dir = os.path.join(config_dir, 'adminserver')
-adminserver_env_template = os.path.join(templates_dir, "adminserver", "env.jinja")
-adminserver_conf_env = os.path.join(config_dir, "adminserver", "env")
-
-def prepare_adminserver(config_dict, with_notary, with_clair, with_chartmuseum):
-    prepare_adminserver_config_dir()
-    render_adminserver(config_dict, with_notary, with_clair, with_chartmuseum)
-
-def prepare_adminserver_config_dir():
-    prepare_config_dir(adminserver_config_dir)
-
-def render_adminserver(config_dict, with_notary, with_clair, with_chartmuseum):
-    # Use reload_key to avoid reload config after restart harbor
-    reload_key = generate_random_string(6) if config_dict['reload_config'] == "true" else ""
-
-    render_jinja(
-        adminserver_env_template,
-        adminserver_conf_env,
-        with_notary=with_notary,
-        with_clair=with_clair,
-        with_chartmuseum=with_chartmuseum,
-        reload_key=reload_key,
-        **config_dict
-        )

make/photon/prepare/utils/configs.py

@@ -208,7 +208,7 @@ def parse_yaml_config(config_file_path):
     '''
 
     with open(config_file_path) as f:
-        configs = yaml.load(f)
+        configs = yaml.safe_load(f)
 
     config_dict = {}
     config_dict['adminserver_url'] = "http://adminserver:8080"

make/photon/prepare/utils/core.py

@@ -1,7 +1,7 @@
 import shutil, os
 
 from g import config_dir, templates_dir
-from utils.misc import prepare_config_dir
+from utils.misc import prepare_config_dir, generate_random_string
 from utils.jinja import render_jinja
 
 core_config_dir = os.path.join(config_dir, "core", "certificates")
@@ -10,14 +10,20 @@ core_conf_env = os.path.join(config_dir, "core", "env")
 core_conf_template_path = os.path.join(templates_dir, "core", "app.conf.jinja")
 core_conf = os.path.join(config_dir, "core", "app.conf")
 
-def prepare_core(config_dict):
+core_config_env_template = os.path.join(templates_dir, "core", "config_env.jinja")
+core_config_env = os.path.join(config_dir, "core", "config_env")
+
+def prepare_core(config_dict, with_notary, with_clair, with_chartmuseum):
     prepare_core_config_dir()
     # Render Core
     # set cache for chart repo server
     # default set 'memory' mode, if redis is configured then set to 'redis'
-    chart_cache_driver = "memory"
     if len(config_dict['redis_host']) > 0:
         chart_cache_driver = "redis"
+    else:
+        chart_cache_driver = "memory"
+
+    render_config_env(config_dict, with_notary, with_clair, with_chartmuseum)
 
     render_jinja(
         core_env_template_path,
@@ -33,4 +39,18 @@ def prepare_core_config_dir():
 
 def copy_core_config(core_templates_path, core_config_path):
     shutil.copyfile(core_templates_path, core_config_path)
-    print("Generated configuration file: %s" % core_config_path)
+    print("Generated configuration file: %s" % core_config_path)
+
+def render_config_env(config_dict, with_notary, with_clair, with_chartmuseum):
+    # Use reload_key to avoid reload config after restart harbor
+    reload_key = generate_random_string(6) if config_dict['reload_config'] == "true" else ""
+
+    render_jinja(
+        core_config_env_template,
+        core_config_env,
+        with_notary=with_notary,
+        with_clair=with_clair,
+        with_chartmuseum=with_chartmuseum,
+        reload_key=reload_key,
+        **config_dict
+        )

make/photon/prepare/utils/docker_compose.py

@@ -9,7 +9,7 @@ VERSION_TAG = 'dev'
 REGISTRY_VERSION = 'v2.7.1'
 NOTARY_VERSION = 'v0.6.1-v1.7.1'
 CLAIR_VERSION = 'v2.0.7-dev'
-CHARTMUSEUM_VERSION = 'v0.7.1-dev'
+CHARTMUSEUM_VERSION = 'v0.8.1-dev'
 CLAIR_DB_VERSION = VERSION_TAG
 MIGRATOR_VERSION = VERSION_TAG
 REDIS_VERSION = VERSION_TAG

make/photon/prepare/utils/jinja.py

@@ -1,5 +1,4 @@
-from jinja2 import Environment, FileSystemLoader, select_autoescape
-from g import templates_dir
+from jinja2 import Environment, FileSystemLoader
 from .misc import mark_file
 
 jinja_env = Environment(loader=FileSystemLoader('/'), trim_blocks=True)

make/photon/prepare/utils/jobservice.py

@@ -1,7 +1,7 @@
 import os
 
 from g import config_dir, DEFAULT_GID, DEFAULT_UID, templates_dir
-from utils.misc import prepare_config_dir, mark_file
+from utils.misc import prepare_config_dir
 from utils.jinja import render_jinja
 
 job_config_dir = os.path.join(config_dir, "jobservice")

make/photon/prepare/utils/notary.py

@@ -68,7 +68,7 @@ def prepare_env_notary(customize_crt, nginx_config_dir):
     # print("Copying sql file for notary DB")
     # if os.path.exists(os.path.join(notary_config_dir, "postgresql-initdb.d")):
     #     shutil.rmtree(os.path.join(notary_config_dir, "postgresql-initdb.d"))
-    # shutil.copytree(os.path.join(notary_temp_dir, "postgresql-initdb.d"), os.path.join(notary_config_dir, "postgresql-initdb.d")) 
+    # shutil.copytree(os.path.join(notary_temp_dir, "postgresql-initdb.d"), os.path.join(notary_config_dir, "postgresql-initdb.d"))
 
 
 def prepare_notary(config_dict, nginx_config_dir, ssl_cert_path, ssl_cert_key_path):
@@ -78,7 +78,7 @@ def prepare_notary(config_dict, nginx_config_dir, ssl_cert_path, ssl_cert_key_pa
     render_jinja(
         notary_signer_pg_template,
         notary_signer_pg_config,
-        uid=DEFAULT_UID, 
+        uid=DEFAULT_UID,
         gid=DEFAULT_GID
         )
 

tests/testprepare.sh

@@ -14,4 +14,8 @@ else
 fi
 echo "server ip is "$IP
 
+echo "Current path is"
+pwd
+cat make/common/config/core/config_env
+
 chmod 777 /data/