Upstream/harbor
1
0
Fork 0
mirror of https://github.com/goharbor/harbor.git synced 2024-12-01 22:54:20 +01:00
Code Issues Projects Releases Wiki Activity

Merge pull request #6247 from stonezdj/trust_cert2

Browse Source 
Install custom cert for clair, registry, chartmuseum
This commit is contained in:
stonezdj(Daojun Zhang) 2018-11-12 14:07:34 +08:00 committed by GitHub
commit ae007c2a49
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
11 changed files with 35 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
make/docker-compose.chartmuseum.tpl
View File

@ -22,6 +22,7 @@ services:
volumes: volumes:
- /data/chart_storage:/chart_storage:z - /data/chart_storage:/chart_storage:z
- ./common/config/chartserver:/etc/chartserver:z - ./common/config/chartserver:/etc/chartserver:z
- ./common/config/custom-ca-bundle.crt:/harbor_cust_cert/custom-ca-bundle.crt:z
logging: logging:
driver: "syslog" driver: "syslog"
options: options:

1
make/docker-compose.clair.tpl
View File

@ -28,6 +28,7 @@ services:
- postgresql - postgresql
volumes: volumes:
- ./common/config/clair/config.yaml:/etc/clair/config.yaml:z - ./common/config/clair/config.yaml:/etc/clair/config.yaml:z
- ./common/config/custom-ca-bundle.crt:/harbor_cust_cert/custom-ca-bundle.crt:z
logging: logging:
driver: "syslog" driver: "syslog"
options: options:

1
make/docker-compose.tpl
View File

@ -19,6 +19,7 @@ services:
volumes: volumes:
- /data/registry:/storage:z - /data/registry:/storage:z
- ./common/config/registry/:/etc/registry/:z - ./common/config/registry/:/etc/registry/:z
- ./common/config/custom-ca-bundle.crt:/harbor_cust_cert/custom-ca-bundle.crt:z
networks: networks:
- harbor - harbor
dns_search: . dns_search: .

2
make/photon/chartserver/Dockerfile
View File

@ -3,10 +3,12 @@ FROM photon:2.0
RUN tdnf install -y shadow sudo >>/dev/null\ RUN tdnf install -y shadow sudo >>/dev/null\
&& tdnf clean all \ && tdnf clean all \
&& mkdir /chartserver/ \ && mkdir /chartserver/ \
&& mkdir /harbor/ \
&& groupadd -r -g 10000 chartuser \ && groupadd -r -g 10000 chartuser \
&& useradd --no-log-init -m -r -g 10000 -u 10000 chartuser && useradd --no-log-init -m -r -g 10000 -u 10000 chartuser
COPY ./make/photon/chartserver/binary/chartm /chartserver/ COPY ./make/photon/chartserver/binary/chartm /chartserver/
COPY ./make/photon/chartserver/docker-entrypoint.sh /docker-entrypoint.sh COPY ./make/photon/chartserver/docker-entrypoint.sh /docker-entrypoint.sh
COPY ./make/photon/common/install_cert.sh /harbor
VOLUME ["/chart_storage"] VOLUME ["/chart_storage"]
EXPOSE 9999 EXPOSE 9999

16
make/photon/chartserver/docker-entrypoint.sh
View File

@ -7,21 +7,7 @@ if [ -d /chart_storage ]; then
chown 10000:10000 -R /chart_storage chown 10000:10000 -R /chart_storage
fi fi
#Config the custom ca bundle /harbor/install_cert.sh
if [ -f /etc/chartserver/custom-ca-bundle.crt ]; then
if grep -q "Photon" /etc/lsb-release; then
if [ ! -f /etc/pki/tls/certs/ca-bundle.crt.original ]; then
cp /etc/pki/tls/certs/ca-bundle.crt /etc/pki/tls/certs/ca-bundle.crt.original
fi
echo "Appending custom ca bundle ..."
cp /etc/pki/tls/certs/ca-bundle.crt.original /etc/pki/tls/certs/ca-bundle.crt
cat /etc/chartserver/custom-ca-bundle.crt >> /etc/pki/tls/certs/ca-bundle.crt
echo "Done."
else
echo "Current OS is not Photon, skip appending ca bundle"
fi
fi
#Start the server process #Start the server process
sudo -E -H -u \#10000 sh -c "/chartserver/chartm" #Parameters are set by ENV sudo -E -H -u \#10000 sh -c "/chartserver/chartm" #Parameters are set by ENV

2
make/photon/clair/Dockerfile
View File

@ -3,11 +3,13 @@ FROM photon:2.0
RUN tdnf install -y git shadow sudo rpm xz python-xml >>/dev/null\ RUN tdnf install -y git shadow sudo rpm xz python-xml >>/dev/null\
&& tdnf clean all \ && tdnf clean all \
&& mkdir /clair/ \ && mkdir /clair/ \
&& mkdir /harbor \
&& groupadd -r -g 10000 clair \ && groupadd -r -g 10000 clair \
&& useradd --no-log-init -m -r -g 10000 -u 10000 clair && useradd --no-log-init -m -r -g 10000 -u 10000 clair
COPY ./make/photon/clair/binary/clair /clair/ COPY ./make/photon/clair/binary/clair /clair/
COPY ./make/photon/clair/docker-entrypoint.sh /docker-entrypoint.sh COPY ./make/photon/clair/docker-entrypoint.sh /docker-entrypoint.sh
COPY ./make/photon/clair/dumb-init /dumb-init COPY ./make/photon/clair/dumb-init /dumb-init
COPY ./make/photon/common/install_cert.sh /harbor
VOLUME /config VOLUME /config

2
make/photon/clair/docker-entrypoint.sh
View File

@ -1,4 +1,6 @@
#!/bin/bash #!/bin/bash
set -e set -e
/harbor/install_cert.sh
sudo -E -H -u \#10000 sh -c "/dumb-init -- /clair/clair -config /etc/clair/config.yaml $*" sudo -E -H -u \#10000 sh -c "/dumb-init -- /clair/clair -config /etc/clair/config.yaml $*"
set +e set +e

18
make/photon/common/install_cert.sh Executable file
View File

@ -0,0 +1,18 @@
#!/bin/sh
set -e
if [ ! -f /etc/pki/tls/certs/ca-bundle.crt.original ]; then
cp /etc/pki/tls/certs/ca-bundle.crt /etc/pki/tls/certs/ca-bundle.crt.original
fi
if [ -f /harbor_cust_cert/custom-ca-bundle.crt ]; then
if grep -q "Photon" /etc/lsb-release; then
echo "Appending custom ca bundle ..."
cp /etc/pki/tls/certs/ca-bundle.crt.original /etc/pki/tls/certs/ca-bundle.crt
cat /harbor_cust_cert/custom-ca-bundle.crt >> /etc/pki/tls/certs/ca-bundle.crt
echo "Done."
else
echo "Current OS is not Photon, skip appending ca bundle"
fi
fi

3
make/photon/registry/Dockerfile
View File

@ -5,8 +5,11 @@ MAINTAINER wangyan@vmware.com
# The original script in the docker offical registry image. # The original script in the docker offical registry image.
RUN tdnf install sudo -y >> /dev/null\ RUN tdnf install sudo -y >> /dev/null\
&& tdnf clean all \ && tdnf clean all \
&& mkdir /harbor/ \
&& groupadd -r -g 10000 harbor && useradd --no-log-init -r -g 10000 -u 10000 harbor && groupadd -r -g 10000 harbor && useradd --no-log-init -r -g 10000 -u 10000 harbor
COPY ./make/photon/common/install_cert.sh /harbor
COPY ./make/photon/registry/entrypoint.sh / COPY ./make/photon/registry/entrypoint.sh /
RUN chmod u+x /entrypoint.sh RUN chmod u+x /entrypoint.sh

15
make/photon/registry/entrypoint.sh
View File

@ -17,20 +17,7 @@ if [ -d /storage ]; then
fi fi
fi fi
if [ ! -f /etc/pki/tls/certs/ca-bundle.crt.original ]; then /harbor/install_cert.sh
cp /etc/pki/tls/certs/ca-bundle.crt /etc/pki/tls/certs/ca-bundle.crt.original
fi
if [ -f /etc/registry/custom-ca-bundle.crt ]; then
if grep -q "Photon" /etc/lsb-release; then
echo "Appending custom ca bundle ..."
cp /etc/pki/tls/certs/ca-bundle.crt.original /etc/pki/tls/certs/ca-bundle.crt
cat /etc/registry/custom-ca-bundle.crt >> /etc/pki/tls/certs/ca-bundle.crt
echo "Done."
else
echo "Current OS is not Photon, skip appending ca bundle"
fi
fi
case "$1" in case "$1" in
*.yaml|*.yml) set -- registry serve "$@" ;; *.yaml|*.yml) set -- registry serve "$@" ;;

9
make/prepare
View File

@ -532,8 +532,8 @@ else:
shutil.copyfile(os.path.join(templates_dir, "registry", "root.crt"), os.path.join(registry_config_dir, "root.crt")) shutil.copyfile(os.path.join(templates_dir, "registry", "root.crt"), os.path.join(registry_config_dir, "root.crt"))
if len(registry_custom_ca_bundle_path) > 0 and os.path.isfile(registry_custom_ca_bundle_path): if len(registry_custom_ca_bundle_path) > 0 and os.path.isfile(registry_custom_ca_bundle_path):
shutil.copyfile(registry_custom_ca_bundle_path, os.path.join(registry_config_dir, "custom-ca-bundle.crt")) shutil.copyfile(registry_custom_ca_bundle_path, os.path.join(config_dir, "custom-ca-bundle.crt"))
print("Copied custom ca bundle: %s" % os.path.join(registry_config_dir, "custom-ca-bundle.crt")) print("Copied custom ca bundle: %s" % os.path.join(config_dir, "custom-ca-bundle.crt"))
if args.notary_mode: if args.notary_mode:
notary_config_dir = prep_conf_dir(config_dir, "notary") notary_config_dir = prep_conf_dir(config_dir, "notary")
@ -639,11 +639,6 @@ if args.chart_mode:
print ("Create config folder: %s" % chartm_config_dir) print ("Create config folder: %s" % chartm_config_dir)
os.makedirs(chartm_config_dir) os.makedirs(chartm_config_dir)
# handle custom ca bundle
if len(registry_custom_ca_bundle_path) > 0 and os.path.isfile(registry_custom_ca_bundle_path):
shutil.copyfile(registry_custom_ca_bundle_path, os.path.join(chartm_config_dir, "custom-ca-bundle.crt"))
print("Copied custom ca bundle: %s" % os.path.join(chartm_config_dir, "custom-ca-bundle.crt"))
# process redis info # process redis info
cache_store = "redis" cache_store = "redis"
cache_redis_password = redis_password cache_redis_password = redis_password