Merge remote-tracking branch 'upstream/master'

This commit is contained in:
pengpengshui 2017-07-18 19:12:06 -07:00
commit b16c521e2f
9 changed files with 40 additions and 10 deletions

View File

@ -37,4 +37,5 @@ GODEBUG=netdns=cgo
ADMIRAL_URL=$admiral_url ADMIRAL_URL=$admiral_url
WITH_NOTARY=$with_notary WITH_NOTARY=$with_notary
WITH_CLAIR=$with_clair WITH_CLAIR=$with_clair
CLAIR_DB_PASSWORD=$pg_password
RESET=false RESET=false

View File

@ -30,6 +30,10 @@ secretkey_path = /data
#Admiral's url, comment this attribute, or set its value to NA when Harbor is standalone #Admiral's url, comment this attribute, or set its value to NA when Harbor is standalone
admiral_url = NA admiral_url = NA
#The password of the Clair's postgres database, only effective when Harbor is deployed with Clair.
#Please update it before deployment, subsequent update will cause Clair's API server and Harbor unable to access Clair's database.
clair_db_password = password
#NOTES: The properties between BEGIN INITIAL PROPERTIES and END INITIAL PROPERTIES #NOTES: The properties between BEGIN INITIAL PROPERTIES and END INITIAL PROPERTIES
#only take effect in the first boot, the subsequent changes of these properties #only take effect in the first boot, the subsequent changes of these properties
#should be performed on web ui #should be performed on web ui

View File

@ -153,6 +153,7 @@ if rcp.has_option("configuration", "admiral_url"):
admiral_url = rcp.get("configuration", "admiral_url") admiral_url = rcp.get("configuration", "admiral_url")
else: else:
admiral_url = "" admiral_url = ""
pg_password = rcp.get("configuration", "clair_db_password")
secret_key = get_secret_key(secretkey_path) secret_key = get_secret_key(secretkey_path)
######## ########
@ -225,13 +226,15 @@ render(os.path.join(templates_dir, "adminserver", "env"),
token_expiration=token_expiration, token_expiration=token_expiration,
admiral_url=admiral_url, admiral_url=admiral_url,
with_notary=args.notary_mode, with_notary=args.notary_mode,
with_clair=args.clair_mode with_clair=args.clair_mode,
pg_password=pg_password
) )
render(os.path.join(templates_dir, "ui", "env"), render(os.path.join(templates_dir, "ui", "env"),
ui_conf_env, ui_conf_env,
ui_secret=ui_secret, ui_secret=ui_secret,
jobservice_secret=jobservice_secret,) jobservice_secret=jobservice_secret,
)
render(os.path.join(templates_dir, "registry", render(os.path.join(templates_dir, "registry",
"config.yml"), "config.yml"),
@ -370,11 +373,10 @@ if args.notary_mode:
render(os.path.join(notary_temp_dir, "signer_env"), os.path.join(notary_config_dir, "signer_env"), alias = default_alias) render(os.path.join(notary_temp_dir, "signer_env"), os.path.join(notary_config_dir, "signer_env"), alias = default_alias)
if args.clair_mode: if args.clair_mode:
pg_password = "password"
clair_temp_dir = os.path.join(templates_dir, "clair") clair_temp_dir = os.path.join(templates_dir, "clair")
clair_config_dir = prep_conf_dir(config_dir, "clair") clair_config_dir = prep_conf_dir(config_dir, "clair")
print("Copying offline data file for clair DB")
if os.path.exists(os.path.join(clair_config_dir, "postgresql-init.d")): if os.path.exists(os.path.join(clair_config_dir, "postgresql-init.d")):
print("Copying offline data file for clair DB")
shutil.rmtree(os.path.join(clair_config_dir, "postgresql-init.d")) shutil.rmtree(os.path.join(clair_config_dir, "postgresql-init.d"))
shutil.copytree(os.path.join(clair_temp_dir, "postgresql-init.d"), os.path.join(clair_config_dir, "postgresql-init.d")) shutil.copytree(os.path.join(clair_temp_dir, "postgresql-init.d"), os.path.join(clair_config_dir, "postgresql-init.d"))
postgres_env = os.path.join(clair_config_dir, "postgres_env") postgres_env = os.path.join(clair_config_dir, "postgres_env")

View File

@ -45,6 +45,7 @@ var (
common.LDAPSearchPwd, common.LDAPSearchPwd,
common.MySQLPassword, common.MySQLPassword,
common.AdminInitialPassword, common.AdminInitialPassword,
common.ClairDBPassword,
} }
// all configurations need read from environment variables // all configurations need read from environment variables
@ -120,6 +121,7 @@ var (
env: "WITH_CLAIR", env: "WITH_CLAIR",
parse: parseStringToBool, parse: parseStringToBool,
}, },
common.ClairDBPassword: "CLAIR_DB_PASSWORD",
} }
// configurations need read from environment variables // configurations need read from environment variables
@ -144,6 +146,7 @@ var (
env: "WITH_CLAIR", env: "WITH_CLAIR",
parse: parseStringToBool, parse: parseStringToBool,
}, },
common.ClairDBPassword: "CLAIR_DB_PASSWORD",
} }
) )

View File

@ -66,6 +66,7 @@ const (
WithNotary = "with_notary" WithNotary = "with_notary"
WithClair = "with_clair" WithClair = "with_clair"
ScanAllPolicy = "scan_all_policy" ScanAllPolicy = "scan_all_policy"
ClairDBPassword = "clair_db_password"
DefaultClairEndpoint = "http://clair:6060" DefaultClairEndpoint = "http://clair:6060"
) )

View File

@ -43,13 +43,13 @@ type Database interface {
} }
// InitClairDB ... // InitClairDB ...
func InitClairDB() error { func InitClairDB(password string) error {
//TODO: Read from env vars. //Except for password other information will not be configurable, so keep it hard coded for 1.2.0.
p := &pgsql{ p := &pgsql{
host: "postgres", host: "postgres",
port: 5432, port: 5432,
usr: "postgres", usr: "postgres",
pwd: "password", pwd: password,
database: "postgres", database: "postgres",
sslmode: false, sslmode: false,
} }

View File

@ -358,12 +358,20 @@ func ClairEndpoint() string {
return common.DefaultClairEndpoint return common.DefaultClairEndpoint
} }
// ClairDBPassword returns the password for accessing Clair's DB.
func ClairDBPassword() (string, error) {
cfg, err := mg.Get()
if err != nil {
return "", err
}
return cfg[common.ClairDBPassword].(string), nil
}
// AdmiralEndpoint returns the URL of admiral, if Harbor is not deployed with admiral it should return an empty string. // AdmiralEndpoint returns the URL of admiral, if Harbor is not deployed with admiral it should return an empty string.
func AdmiralEndpoint() string { func AdmiralEndpoint() string {
cfg, err := mg.Get() cfg, err := mg.Get()
if err != nil { if err != nil {
log.Errorf("Failed to get configuration, will return empty string as admiral's endpoint, error: %v", err) log.Errorf("Failed to get configuration, will return empty string as admiral's endpoint, error: %v", err)
return "" return ""
} }
if e, ok := cfg[common.AdmiralEndpoint].(string); !ok || e == "NA" { if e, ok := cfg[common.AdmiralEndpoint].(string); !ok || e == "NA" {

View File

@ -92,7 +92,11 @@ func main() {
log.Fatalf("failed to initialize database: %v", err) log.Fatalf("failed to initialize database: %v", err)
} }
if config.WithClair() { if config.WithClair() {
if err := dao.InitClairDB(); err != nil { clairDBPassword, err := config.ClairDBPassword()
if err != nil {
log.Fatalf("failed to load clair database information: %v", err)
}
if err := dao.InitClairDB(clairDBPassword); err != nil {
log.Fatalf("failed to initialize clair database: %v", err) log.Fatalf("failed to initialize clair database: %v", err)
} }
} }

View File

@ -22,6 +22,7 @@ import (
"time" "time"
"github.com/vmware/harbor/src/common/dao" "github.com/vmware/harbor/src/common/dao"
clairdao "github.com/vmware/harbor/src/common/dao/clair"
"github.com/vmware/harbor/src/common/models" "github.com/vmware/harbor/src/common/models"
"github.com/vmware/harbor/src/common/utils" "github.com/vmware/harbor/src/common/utils"
"github.com/vmware/harbor/src/common/utils/log" "github.com/vmware/harbor/src/common/utils/log"
@ -105,8 +106,14 @@ func (n *NotificationHandler) Post() {
}() }()
go api.TriggerReplicationByRepository(pro.ProjectID, repository, []string{tag}, models.RepOpTransfer) go api.TriggerReplicationByRepository(pro.ProjectID, repository, []string{tag}, models.RepOpTransfer)
if autoScanEnabled(project) { if autoScanEnabled(project) {
if err := uiutils.TriggerImageScan(repository, tag); err != nil { last, err := clairdao.GetLastUpdate()
if err != nil {
log.Errorf("Failed to get last update from Clair DB, error: %v, the auto scan will be skipped.", err)
} else if last == 0 {
log.Infof("The Vulnerability data is not ready in Clair DB, the auto scan will be skipped.", err)
} else if err := uiutils.TriggerImageScan(repository, tag); err != nil {
log.Warningf("Failed to scan image, repository: %s, tag: %s, error: %v", repository, tag, err) log.Warningf("Failed to scan image, repository: %s, tag: %s, error: %v", repository, tag, err)
} }
} }