Merge branch 'master' of github.com:vmware/harbor

.gitignore

@@ -3,4 +3,6 @@ my_start.sh
 Deploy/config/registry/config.yml
 Deploy/config/ui/env
 Deploy/config/ui/app.conf
+Deploy/config/db/env
 Deploy/prepare.my
+Deploy/harbor.cfg.my

Deploy/config/ui/private_key.pem

@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQClak/4HO7EeLU0w/BhtVENPLOqU0AP2QjVUdg1qhNiDWVrbWx9
+KYHqz5Kn0n2+fxdZo3o7ZY5/2+hhgkKh1z6Kge9XGgune6z4fx2J/X2Se8WsGeQU
+TiND8ngSnsCANtYFwW50SbUZPtyf5XjAfKRofZem51OxbxzN3217L/ubKwIDAQAB
+AoGBAITMMuNYJwAogCGaZHOs4yMjZoIJT9bpQMQxbsi2f9UqOA/ky0I4foqKloyQ
+2k6DLbXTHqBsydgwLgGKWAAiE5xIR2bPMUNSLgjbA2eLly3aOR/0FJ5n09k2EmGg
+Am7tLP+6yneXWKVi3HI3NzXriVjWK94WHGGC1b9F+n5CY/2RAkEA1d62OJUNve2k
+IY6/b6T0BdssFo3VFcm22vnayEL/wcYrnRfF9Pb5wM4HUUqwVelKTouivXg60GNK
+ZKYAx5CtHwJBAMYAEf5u0CQ/8URcwBuMkm0LzK4AM2x1nGs7gIxAEFhu1Z4xPjVe
+MtIxuHhDhlLvD760uccmo5yE72QJ1ZrYBHUCQQCAxLZMPRpoB4QyHEOREe1G9V6H
+OeBZXPk2wQcEWqqo3gt2a1DqHCXl+2aWgHTJVUxDHHngwFoRDCdHkFeZ0LcbAkAj
+T8/luI2WaXD16DS6tQ9IM1qFjbOeHDuRRENgv+wqWVnvpIibq/kUU5m6mRBTqh78
+u+6F/fYf6/VluftGalAhAkAukdMtt+sksq2e7Qw2dRr5GXtXjt+Otjj0NaJENmWk
+a7SgAs34EOWtbd0XGYpZFrg134MzQGbweFeEUTj++e8p
+-----END RSA PRIVATE KEY-----

Deploy/docker-compose.yml

@@ -23,8 +23,8 @@ mysql:
   build: ./db/
   volumes:
     - /data/database:/var/lib/mysql
-  environment:
-    MYSQL_ROOT_PASSWORD: root
+  env_file:
+    - ./config/db/env
   links:
     - log
   log_driver: "syslog"
@@ -37,6 +37,7 @@ ui:
     - ./config/ui/env
   volumes:
     - ./config/ui/app.conf:/etc/ui/app.conf
+    - ./config/ui/private_key.pem:/etc/ui/private_key.pem
   links:
     - registry:registry
     - mysql:mysql
@@ -45,7 +46,7 @@ ui:
   log_opt:
     syslog-address: "tcp://127.0.0.1:1514"
     syslog-tag: "ui"
-proxy:
+roxy:
   image: library/nginx:1.9
   volumes:
     - ./config/nginx/nginx.conf:/etc/nginx/nginx.conf

Deploy/harbor.cfg

@@ -0,0 +1,24 @@
+## CONFIGURATIONS 
+#The endpoint for user to access UI and registry service
+hostname = mydomain.com
+#The protocol for accessing the UI and token/notification service, by default it is http
+#User can set it to https if ssl is setup on nginx
+ui_url_protocol = http
+#Email settings for ui to send password resetting emails
+email_server = smtp.mydomain.com 
+email_server_port = 25
+email_username = sample_admin@mydomain.com
+email_password = abc
+email_from = admin <sample_admin@mydomain.com>
+##The password of harbor admin
+harbor_admin_password= Harbor12345
+##By default the auth mode is db_auth, i.e. the creadentials are stored in a databse
+#please set it to ldap_auth if you want to verify user's credentials against an ldap server.
+auth_mode = db_auth
+#The url for ldap endpoint
+ldap_url = ldaps://ldap.mydomain.com
+#The basedn template for verifying the user's password
+ldap_basedn = uid=%s,ou=people,dc=mydomain,dc=com
+#The password for root user of db
+db_password = root123
+#####

Deploy/prepare

@@ -1,36 +1,45 @@
 #!/usr/bin/python
 
-## CONFIGURATIONS 
-#The endpoint for user to access UI and registry service
-hostname = "mydomain.com"
-#User can update the protocol if ssl has been setup
-ui_url = "http://" + hostname
-#Email settings for ui to send password resetting emails
-email_server = "smtp.mydomain.com" 
-email_server_port = "25"
-email_username = "sample_admin@mydomain.com"
-email_password = "abc"
-email_from = "admin <sample_admin@mydomain.com>"
-##The password of harbor admin
-harbor_admin_password= "Harbor12345"
-##By default the auth mode is db_auth, i.e. the creadentials are stored in a databse
-#please set it to ldap_auth if you want to verify user's credentials against an ldap server.
-auth_mode = "db_auth"
-#The url for ldap endpoint
-ldap_url = "ldaps://ldap.mydomain.com"
-#The basedn template for verifying the user's password
-ldap_basedn = "uid=%s,ou=people,dc=mydomain,dc=com"
-#####
+import ConfigParser
+import StringIO
 import os 
 from string import Template
+
+#Read configurations
+conf = StringIO.StringIO()
+conf.write("[configuration]\n")
+conf.write(open("harbor.cfg").read())
+conf.seek(0, os.SEEK_SET)
+cp = ConfigParser.RawConfigParser()
+cp.readfp(conf)
+
+hostname = cp.get("configuration", "hostname")
+ui_url = cp.get("configuration", "ui_url_protocol") + "://" + hostname
+email_server = cp.get("configuration", "email_server")
+email_server_port = cp.get("configuration", "email_server_port")
+email_username = cp.get("configuration", "email_username")
+email_password = cp.get("configuration", "email_password")
+email_from = cp.get("configuration", "email_from")
+harbor_admin_password = cp.get("configuration", "harbor_admin_password")
+auth_mode = cp.get("configuration", "auth_mode")
+ldap_url = cp.get("configuration", "ldap_url")
+ldap_basedn = cp.get("configuration", "ldap_basedn")
+db_password = cp.get("configuration", "db_password")
+########
+
 base_dir = os.path.dirname(__file__) 
 config_dir = os.path.join(base_dir, "config")
 templates_dir = os.path.join(base_dir, "templates")
 
+
 ui_config_dir = os.path.join(config_dir,"ui")
 if not os.path.exists(ui_config_dir):
     os.makedirs(os.path.join(config_dir, "ui"))
 
+db_config_dir = os.path.join(config_dir, "db")
+if not os.path.exists(db_config_dir):
+    os.makedirs(os.path.join(config_dir, "db"))
+
 def render(src, dest, **kw):
     t = Template(open(src, 'r').read())
     with open(dest, 'w') as f:
@@ -40,8 +49,9 @@ def render(src, dest, **kw):
 ui_conf_env = os.path.join(config_dir, "ui", "env")
 ui_conf = os.path.join(config_dir, "ui", "app.conf") 
 registry_conf = os.path.join(config_dir, "registry", "config.yml")
+db_conf_env = os.path.join(config_dir, "db", "env")
 
-conf_files = [ ui_conf, ui_conf_env, registry_conf ]
+conf_files = [ ui_conf, ui_conf_env, registry_conf, db_conf_env ]
 for f in conf_files:
     if os.path.exists(f):
         print "Clearing the configuration file: %s" % f
@@ -69,4 +79,8 @@ render(os.path.join(templates_dir, "registry", "config.yml"),
         registry_conf,
         ui_url=ui_url)
 
+render(os.path.join(templates_dir, "db", "env"),
+        db_conf_env,
+        db_password=db_password)
+
 print "The configuration files are ready, please use docker-compose to start the service."

Deploy/templates/db/env

@@ -0,0 +1 @@
+MYSQL_ROOT_PASSWORD=$db_password

README.md

@@ -12,11 +12,12 @@ Harbor is a project to provide enterprise capabilities for Docker Registry V2.
 Harbor is self contained and can be easily deployed via docker-compose.
 ```sh
 $ cd Deploy
-#make update to the parameters in ./prepare
+#make update to the parameters in ./harbor.cfg
 $ ./prepare
 Generated configuration file: ./config/ui/env
 Generated configuration file: ./config/ui/app.conf
 Generated configuration file: ./config/registry/config.yml
+Generated configuration file: ./config/db/env
 $ docker-compose up
 ```
 

service/utils/auth_utils.go

@@ -32,7 +32,7 @@ import (
 
 const (
 	issuer     = "registry-token-issuer"
-	privateKey = "conf/private_key.pem"
+	privateKey = "/etc/ui/private_key.pem"
 	expiration = 5 //minute
 )