Upstream/harbor
1
0
Fork 0
mirror of https://github.com/goharbor/harbor.git synced 2024-11-20 09:15:19 +01:00
Code Issues Projects Releases Wiki Activity

Merge pull request #1118 from ywk253100/161117_ova

Browse Source 
OVA script update
This commit is contained in:
Daniel Jiang 2016-11-18 14:49:38 +08:00 committed by GitHub
commit b188a405ac
4 changed files with 95 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
tools/ova/script/common.sh
View File

@ -73,4 +73,18 @@ function configSSH {
fi fi
systemctl restart sshd systemctl restart sshd
}
#Configure attr in harbor.cfg
function configureHarborCfg {
cfg_key=$1
cfg_value=$2
basedir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
cfg_file=$basedir/../harbor/harbor.cfg
if [ -n "$cfg_key" ]
then
sed -i -r s%"#?$cfg_key\s*=\s*.*"%"$cfg_key = $cfg_value"% $cfg_file
fi
} }

85
tools/ova/script/config.sh
View File

@ -2,7 +2,6 @@
set -e set -e
attrs=( attrs=(
harbor_admin_password
ldap_url ldap_url
ldap_searchdn ldap_searchdn
ldap_search_pwd ldap_search_pwd
@ -14,23 +13,30 @@ attrs=(
email_password email_password
email_from email_from
email_ssl email_ssl
db_password
verify_remote_cert verify_remote_cert
self_registration self_registration
) )
cert=/data/cert/server.crt cert_dir=/data/cert
key=/data/cert/server.key mkdir -p $cert_dir
csr=/data/cert/server.csr
ca_cert=/data/cert/ca.crt cert=$cert_dir/server.crt
ca_key=/data/cert/ca.key key=$cert_dir/server.key
ext=/data/cert/extfile.cnf csr=$cert_dir/server.csr
ca_cert=$cert_dir/ca.crt
ca_key=$cert_dir/ca.key
ext=$cert_dir/extfile.cnf
ca_download_dir=/data/ca_download
mkdir -p $ca_download_dir
rm -rf $ca_download_dir/*
hostname="" hostname=""
ip_addr=""
base_dir="$( cd "$( dirname "${BASH_SOURCE[0]}" )/../" && pwd )" base_dir="$( cd "$( dirname "${BASH_SOURCE[0]}" )/../" && pwd )"
source $base_dir/script/common.sh
isFQDN=true
flag=$base_dir/cert_gen_type flag=$base_dir/cert_gen_type
#The location of harbor.cfg #The location of harbor.cfg
@ -56,18 +62,15 @@ function genCert {
fi fi
openssl req -newkey rsa:4096 -nodes -sha256 -keyout $key \ openssl req -newkey rsa:4096 -nodes -sha256 -keyout $key \
-out $csr -subj \ -out $csr -subj \
"/C=US/ST=California/L=Palo Alto/O=VMware, Inc./OU=Harbor/CN=$hostname" "/C=US/ST=California/L=Palo Alto/O=VMware/OU=Harbor/CN=$hostname"
if [ "$isFQDN" = false ]
then echo "Add subjectAltName = IP: $ip_addr to certificate"
echo "Add subjectAltName = IP: $hostname to certificate" echo subjectAltName = IP:$ip_addr > $ext
echo subjectAltName = IP:$hostname > $ext openssl x509 -req -days 365 -in $csr -CA $ca_cert -CAkey $ca_key -CAcreateserial -extfile $ext -out $cert
#openssl x509 -req -days 365 -in $csr -signkey $key -extfile $ext -out $cert
openssl x509 -req -days 365 -in $csr -CA $ca_cert -CAkey $ca_key -CAcreateserial -extfile $ext -out $cert
else
#openssl x509 -req -days 365 -in $csr -signkey $key -out $cert
openssl x509 -req -days 365 -in $csr -CA $ca_cert -CAkey $ca_key -CAcreateserial -out $cert
fi
echo "self-signed" > $flag echo "self-signed" > $flag
echo "Copy CA certificate to $ca_download_dir"
cp $ca_cert $ca_download_dir/
} }
function secure { function secure {
@ -86,9 +89,9 @@ function secure {
return return
fi fi
if [ ! -e $cert ] || [ ! -e $key ] if [ ! -e $ca_cert ] || [ ! -e $cert ] || [ ! -e $key ]
then then
echo "Certificate or key file does not exist, will generate a self-signed certificate" echo "CA, Certificate or key file does not exist, will generate a self-signed certificate"
genCert genCert
return return
fi fi
@ -114,22 +117,32 @@ function secure {
genCert genCert
return return
fi fi
echo "Use the existing certificate and key file" ip_in_cert=$(openssl x509 -noout -text -in $cert | sed -n '/IP Address:/s/.*IP Address://p') || true
if [ "$ip_addr" != "$ip_in_cert" ]
then
echo "IP changed: $ip_in_cert -> $ip_addr , will generate a new self-signed certificate"
genCert
return
fi
echo "Use the existing CA, certificate and key file"
echo "Copy CA certificate to $ca_download_dir"
cp $ca_cert $ca_download_dir/
} }
#Modify hostname #Modify hostname
hostname=$(hostname --fqdn) || true hostname=$(hostname --fqdn) || true
ip_addr=$(ip addr show eth0|grep "inet "|tr -s ' '|cut -d ' ' -f 3|cut -d '/' -f 1)
if [ -z "$hostname" ] if [ -z "$hostname" ]
then then
isFQDN=false hostname=$ip_addr
hostname=$(ip addr show eth0|grep "inet "|tr -s ' '|cut -d ' ' -f 3|cut -d '/' -f 1)
fi fi
if [ -n "$hostname" ] if [ -n "$hostname" ]
then then
echo "Read hostname/IP: [ hostname/IP - $hostname ]" echo "Read hostname/IP: [ hostname/IP - $hostname ]"
sed -i -r s/"hostname\s*=\s*.*"/"hostname = $hostname"/ $cfg configureHarborCfg hostname $hostname
else else
echo "Failed to get the hostname/IP" echo "Failed to get the hostname/IP"
exit 1 exit 1
@ -144,7 +157,7 @@ then
fi fi
echo "Protocol: $protocol" echo "Protocol: $protocol"
sed -i -r s%"#?ui_url_protocol\s*=\s*.*"%"ui_url_protocol = $protocol"% $cfg configureHarborCfg ui_url_protocol $protocol
if [ $protocol = "https" ] if [ $protocol = "https" ]
then then
@ -160,14 +173,12 @@ do
if [ -n "$value" ] || [ "$attr" = "ldap_search_pwd" ] \ if [ -n "$value" ] || [ "$attr" = "ldap_search_pwd" ] \
|| [ "$attr" = "email_password" ] || [ "$attr" = "email_password" ]
then then
if [ "$attr" = ldap_search_pwd ] \ #if [ "$attr" = ldap_search_pwd ] \
|| [ "$attr" = email_password ] \ # || [ "$attr" = email_password ]
|| [ "$attr" = db_password ] \ #then
|| [ "$attr" = harbor_admin_password ] # bs=$(echo $value | base64)
then # value={base64}$bs
bs=$(echo $value | base64) #fi
#value={base64}$bs configureHarborCfg $attr $value
fi
sed -i -r s%"#?$attr\s*=\s*.*"%"$attr = $value"% $cfg
fi fi
done done

12
tools/ova/script/firstboot.sh
View File

@ -37,17 +37,7 @@ load
echo "Configuring Harbor..." echo "Configuring Harbor..."
chmod 600 $base_dir/../harbor/harbor.cfg chmod 600 $base_dir/../harbor/harbor.cfg
#Configure authentication mode $base_dir/firstboot_config.sh
echo "Read attribute using ovfenv: [ auth_mode ]"
auth_mode=$(ovfenv -k auth_mode)
if [ -n "$auth_mode" ]
then
sed -i -r s%"#?auth_mode\s*=\s*.*"%"auth_mode = $auth_mode"% $base_dir/../harbor/harbor.cfg
fi
#Configure other attrs
mkdir -p /data/cert/
configure
#Start Harbor #Start Harbor
echo "Starting Harbor..." echo "Starting Harbor..."

32
tools/ova/script/firstboot_config.sh Executable file
View File

@ -0,0 +1,32 @@
#!/bin/bash
set -e
base_dir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
source $base_dir/common.sh
#Configure authentication mode
echo "Read attribute using ovfenv: [ auth_mode ]"
auth_mode=$(ovfenv -k auth_mode)
if [ -n "$auth_mode" ]
then
configureHarborCfg auth_mode $auth_mode
fi
#Configure password of Harbor administrator
echo "Read attribute using ovfenv: [ harbor_admin_password ]"
adm_pwd=$(ovfenv -k harbor_admin_password)
if [ -n "$adm_pwd" ]
then
configureHarborCfg harbor_admin_password $adm_pwd
fi
#Configure password of database
echo "Read attribute using ovfenv: [ db_password ]"
db_pwd=$(ovfenv -k db_password)
if [ -n "$db_pwd" ]
then
configureHarborCfg db_password $db_pwd
fi
#Configure other attrs
configure