mirror of
https://github.com/goharbor/harbor.git
synced 2024-11-25 11:46:43 +01:00
add ove upgrade script
This commit is contained in:
parent
4f8174a497
commit
b7340ebbce
103
tools/ova/script/harbor_0_6_0_template
Normal file
103
tools/ova/script/harbor_0_6_0_template
Normal file
@ -0,0 +1,103 @@
|
||||
## Configuration file of Harbor
|
||||
|
||||
#The IP address or hostname to access admin UI and registry service.
|
||||
#DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
|
||||
hostname = $hostname
|
||||
|
||||
#The protocol for accessing the UI and token/notification service, by default it is http.
|
||||
#It can be set to https if ssl is enabled on nginx.
|
||||
ui_url_protocol = $ui_url_protocol
|
||||
|
||||
#The password for the root user of mysql db, change this before any production use.
|
||||
db_password = $db_password
|
||||
|
||||
#Determine whether the UI should use compressed js files.
|
||||
#For production, set it to on. For development, set it to off.
|
||||
use_compressed_js = $use_compressed_js
|
||||
|
||||
#Maximum number of job workers in job service
|
||||
max_job_workers = $max_job_workers
|
||||
|
||||
#Determine whether or not to generate certificate for the registry's token.
|
||||
#If the value is on, the prepare script creates new root cert and private key
|
||||
#for generating token to access the registry. If the value is off the default key/cert will be used.
|
||||
#This flag also controls the creation of the notary signer's cert.
|
||||
customize_crt = $customize_crt
|
||||
|
||||
#The path of cert and key files for nginx, they are applied only the protocol is set to https
|
||||
ssl_cert = $ssl_cert
|
||||
ssl_cert_key = $ssl_cert_key
|
||||
|
||||
#The path of secretkey storage
|
||||
secretkey_path = /data
|
||||
|
||||
#Admiral's url, comment this attribute, or set its value to to NA when Harbor is standalone
|
||||
admiral_url = NA
|
||||
|
||||
#NOTES: The properties between BEGIN INITIAL PROPERTIES and END INITIAL PROPERTIES
|
||||
#only take effect in the first boot, the subsequent changes of these properties
|
||||
#should be performed on web ui
|
||||
#************************BEGIN INITIAL PROPERTIES************************
|
||||
|
||||
#Email account settings for sending out password resetting emails.
|
||||
|
||||
#Email server uses the given username and password to authenticate on TLS connections to host and act as identity.
|
||||
#Identity left blank to act as username.
|
||||
email_identity = $email_identity
|
||||
|
||||
email_server = $email_server
|
||||
email_server_port = $email_server_port
|
||||
email_username = $email_username
|
||||
email_password = $email_password
|
||||
email_from = $email_from
|
||||
email_ssl = $email_ssl
|
||||
|
||||
##The initial password of Harbor admin, only works for the first time when Harbor starts.
|
||||
#It has no effect after the first launch of Harbor.
|
||||
#Change the admin password from UI after launching Harbor.
|
||||
harbor_admin_password = $harbor_admin_password
|
||||
|
||||
##By default the auth mode is db_auth, i.e. the credentials are stored in a local database.
|
||||
#Set it to ldap_auth if you want to verify a user's credentials against an LDAP server.
|
||||
auth_mode = $auth_mode
|
||||
|
||||
#The url for an ldap endpoint.
|
||||
ldap_url = $ldap_url
|
||||
|
||||
#A user's DN who has the permission to search the LDAP/AD server.
|
||||
#If your LDAP/AD server does not support anonymous search, you should configure this DN and ldap_search_pwd.
|
||||
#ldap_searchdn = uid=searchuser,ou=people,dc=mydomain,dc=com
|
||||
|
||||
#the password of the ldap_searchdn
|
||||
#ldap_search_pwd = password
|
||||
|
||||
#The base DN from which to look up a user in LDAP/AD
|
||||
ldap_basedn = $ldap_basedn
|
||||
|
||||
#Search filter for LDAP/AD, make sure the syntax of the filter is correct.
|
||||
#ldap_filter = (objectClass=person)
|
||||
|
||||
# The attribute used in a search to match a user, it could be uid, cn, email, sAMAccountName or other attributes depending on your LDAP/AD
|
||||
ldap_uid = $ldap_uid
|
||||
|
||||
#the scope to search for users, 1-LDAP_SCOPE_BASE, 2-LDAP_SCOPE_ONELEVEL, 3-LDAP_SCOPE_SUBTREE
|
||||
ldap_scope = $ldap_scope
|
||||
|
||||
#Timeout (in seconds) when connecting to an LDAP Server. The default value (and most reasonable) is 5 seconds.
|
||||
ldap_timeout = 5
|
||||
|
||||
#Turn on or off the self-registration feature
|
||||
self_registration = $self_registration
|
||||
|
||||
#The expiration time (in minute) of token created by token service, default is 30 minutes
|
||||
token_expiration = $token_expiration
|
||||
|
||||
#The flag to control what users have permission to create projects
|
||||
#Be default everyone can create a project, set to "adminonly" such that only admin can create project.
|
||||
project_creation_restriction = $project_creation_restriction
|
||||
|
||||
#Determine whether the job service should verify the ssl cert when it connects to a remote registry.
|
||||
#Set this flag to off when the remote registry uses a self-signed or untrusted certificate.
|
||||
verify_remote_cert = $verify_remote_cert
|
||||
#************************BEGIN INITIAL PROPERTIES************************
|
||||
#############
|
117
tools/ova/script/upgrade
Executable file
117
tools/ova/script/upgrade
Executable file
@ -0,0 +1,117 @@
|
||||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
from string import Template
|
||||
import string
|
||||
import os
|
||||
import sys
|
||||
import argparse
|
||||
from io import open
|
||||
|
||||
if sys.version_info[:3][0] == 2:
|
||||
import ConfigParser as ConfigParser
|
||||
import StringIO as StringIO
|
||||
|
||||
if sys.version_info[:3][0] == 3:
|
||||
import configparser as ConfigParser
|
||||
import io as StringIO
|
||||
|
||||
parser = argparse.ArgumentParser()
|
||||
parser.add_argument('--source-loc', dest='source_loc', type=str,help="the path of Harbor 0.5.0 configuration file")
|
||||
parser.add_argument('--source-version', dest='source_ver', type=str,help="the Harbor instance is to be deployed with notary")
|
||||
parser.add_argument('--target-loc', dest='target_loc', type=str,help="the path of Harbor 0.6.0 configuration file")
|
||||
parser.add_argument('--target-version', dest='target_ver', type=str, help="the Harbor instance is to be deployed with notary")
|
||||
upgrade_args = parser.parse_args()
|
||||
|
||||
# NOTE: the script only support to upgrade from 0.5.0.to 0.6.0.
|
||||
def validate():
|
||||
if upgrade_args.source_ver == '0.5.0' and upgrade_args.target_ver == '0.6.0':
|
||||
return
|
||||
raise Exception("Unable to support upgrade from %s to %s" % (upgrade_args.source_ver, upgrade_args.target_ver))
|
||||
|
||||
validate()
|
||||
|
||||
conf = StringIO.StringIO()
|
||||
conf.write("[configuration]\n")
|
||||
conf.write(open(upgrade_args.source_loc).read())
|
||||
conf.seek(0, os.SEEK_SET)
|
||||
rcp = ConfigParser.RawConfigParser()
|
||||
rcp.readfp(conf)
|
||||
|
||||
hostname = rcp.get("configuration", "hostname")
|
||||
ui_url_protocol = rcp.get("configuration", "ui_url_protocol")
|
||||
email_identity = rcp.get("configuration", "email_identity")
|
||||
email_server = rcp.get("configuration", "email_server")
|
||||
email_server_port = rcp.get("configuration", "email_server_port")
|
||||
email_username = rcp.get("configuration", "email_username")
|
||||
email_password = rcp.get("configuration", "email_password")
|
||||
email_from = rcp.get("configuration", "email_from")
|
||||
email_ssl = rcp.get("configuration", "email_ssl")
|
||||
harbor_admin_password = rcp.get("configuration", "harbor_admin_password")
|
||||
auth_mode = rcp.get("configuration", "auth_mode")
|
||||
ldap_url = rcp.get("configuration", "ldap_url")
|
||||
ldap_basedn = rcp.get("configuration", "ldap_basedn")
|
||||
ldap_uid = rcp.get("configuration", "ldap_uid")
|
||||
ldap_scope = rcp.get("configuration", "ldap_scope")
|
||||
db_password = rcp.get("configuration", "db_password")
|
||||
self_registration = rcp.get("configuration", "self_registration")
|
||||
use_compressed_js = rcp.get("configuration", "use_compressed_js")
|
||||
max_job_workers = rcp.get("configuration", "max_job_workers")
|
||||
token_expiration = rcp.get("configuration", "token_expiration")
|
||||
verify_remote_cert = rcp.get("configuration", "verify_remote_cert")
|
||||
customize_crt = rcp.get("configuration", "customize_crt")
|
||||
project_creation_restriction = rcp.get("configuration", "project_creation_restriction")
|
||||
ssl_cert = rcp.get("configuration", "ssl_cert")
|
||||
ssl_cert_key = rcp.get("configuration", "ssl_cert_key")
|
||||
|
||||
def delfile(src):
|
||||
if os.path.isfile(src):
|
||||
try:
|
||||
os.remove(src)
|
||||
print("Clearing the configuration file: %s" % src)
|
||||
except:
|
||||
pass
|
||||
elif os.path.isdir(src):
|
||||
for item in os.listdir(src):
|
||||
itemsrc=os.path.join(src,item)
|
||||
delfile(itemsrc)
|
||||
|
||||
def render(src, dest, **kw):
|
||||
t = Template(open(src, 'r').read())
|
||||
with open(dest, 'w') as f:
|
||||
f.write(t.substitute(**kw))
|
||||
print("Generated configuration file: %s" % dest)
|
||||
|
||||
delfile(upgrade_args.target_loc)
|
||||
|
||||
base_dir = os.path.dirname(__file__)
|
||||
config_template = os.path.join(base_dir, "harbor_0_6_0_template")
|
||||
|
||||
render(config_template,
|
||||
upgrade_args.target_loc,
|
||||
hostname=hostname,
|
||||
ui_url_protocol=ui_url_protocol,
|
||||
db_password=db_password,
|
||||
use_compressed_js=use_compressed_js,
|
||||
max_job_workers=max_job_workers,
|
||||
customize_crt=customize_crt,
|
||||
ssl_cert=ssl_cert,
|
||||
ssl_cert_key=ssl_cert_key,
|
||||
admiral_url='',
|
||||
email_identity=email_identity,
|
||||
email_server=email_server,
|
||||
email_server_port=email_server_port,
|
||||
email_username=email_username,
|
||||
email_password=email_password,
|
||||
email_from=email_from,
|
||||
email_ssl=email_ssl,
|
||||
harbor_admin_password=harbor_admin_password,
|
||||
auth_mode=auth_mode,
|
||||
ldap_url=ldap_url,
|
||||
ldap_basedn=ldap_basedn,
|
||||
ldap_uid=ldap_uid,
|
||||
ldap_scope=ldap_scope,
|
||||
self_registration=self_registration,
|
||||
token_expiration=token_expiration,
|
||||
project_creation_restriction=project_creation_restriction,
|
||||
verify_remote_cert=verify_remote_cert
|
||||
)
|
Loading…
Reference in New Issue
Block a user