diff --git a/.gitignore b/.gitignore index fb4bb6ae1..1cfe814a5 100644 --- a/.gitignore +++ b/.gitignore @@ -3,4 +3,6 @@ my_start.sh Deploy/config/registry/config.yml Deploy/config/ui/env Deploy/config/ui/app.conf +Deploy/config/db/env Deploy/prepare.my +Deploy/harbor.cfg.my diff --git a/Deploy/config/ui/private_key.pem b/Deploy/config/ui/private_key.pem new file mode 100644 index 000000000..6c68cacb3 --- /dev/null +++ b/Deploy/config/ui/private_key.pem @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXQIBAAKBgQClak/4HO7EeLU0w/BhtVENPLOqU0AP2QjVUdg1qhNiDWVrbWx9 +KYHqz5Kn0n2+fxdZo3o7ZY5/2+hhgkKh1z6Kge9XGgune6z4fx2J/X2Se8WsGeQU +TiND8ngSnsCANtYFwW50SbUZPtyf5XjAfKRofZem51OxbxzN3217L/ubKwIDAQAB +AoGBAITMMuNYJwAogCGaZHOs4yMjZoIJT9bpQMQxbsi2f9UqOA/ky0I4foqKloyQ +2k6DLbXTHqBsydgwLgGKWAAiE5xIR2bPMUNSLgjbA2eLly3aOR/0FJ5n09k2EmGg +Am7tLP+6yneXWKVi3HI3NzXriVjWK94WHGGC1b9F+n5CY/2RAkEA1d62OJUNve2k +IY6/b6T0BdssFo3VFcm22vnayEL/wcYrnRfF9Pb5wM4HUUqwVelKTouivXg60GNK +ZKYAx5CtHwJBAMYAEf5u0CQ/8URcwBuMkm0LzK4AM2x1nGs7gIxAEFhu1Z4xPjVe +MtIxuHhDhlLvD760uccmo5yE72QJ1ZrYBHUCQQCAxLZMPRpoB4QyHEOREe1G9V6H +OeBZXPk2wQcEWqqo3gt2a1DqHCXl+2aWgHTJVUxDHHngwFoRDCdHkFeZ0LcbAkAj +T8/luI2WaXD16DS6tQ9IM1qFjbOeHDuRRENgv+wqWVnvpIibq/kUU5m6mRBTqh78 +u+6F/fYf6/VluftGalAhAkAukdMtt+sksq2e7Qw2dRr5GXtXjt+Otjj0NaJENmWk +a7SgAs34EOWtbd0XGYpZFrg134MzQGbweFeEUTj++e8p +-----END RSA PRIVATE KEY----- diff --git a/Deploy/docker-compose.yml b/Deploy/docker-compose.yml index c8cf549ed..f377d8ea5 100644 --- a/Deploy/docker-compose.yml +++ b/Deploy/docker-compose.yml @@ -23,8 +23,8 @@ mysql: build: ./db/ volumes: - /data/database:/var/lib/mysql - environment: - MYSQL_ROOT_PASSWORD: root + env_file: + - ./config/db/env links: - log log_driver: "syslog" @@ -37,6 +37,7 @@ ui: - ./config/ui/env volumes: - ./config/ui/app.conf:/etc/ui/app.conf + - ./config/ui/private_key.pem:/etc/ui/private_key.pem links: - registry:registry - mysql:mysql @@ -45,7 +46,7 @@ ui: log_opt: syslog-address: "tcp://127.0.0.1:1514" syslog-tag: "ui" -proxy: +roxy: image: library/nginx:1.9 volumes: - ./config/nginx/nginx.conf:/etc/nginx/nginx.conf diff --git a/Deploy/harbor.cfg b/Deploy/harbor.cfg new file mode 100644 index 000000000..3bf02a7fd --- /dev/null +++ b/Deploy/harbor.cfg @@ -0,0 +1,24 @@ +## CONFIGURATIONS +#The endpoint for user to access UI and registry service +hostname = mydomain.com +#The protocol for accessing the UI and token/notification service, by default it is http +#User can set it to https if ssl is setup on nginx +ui_url_protocol = http +#Email settings for ui to send password resetting emails +email_server = smtp.mydomain.com +email_server_port = 25 +email_username = sample_admin@mydomain.com +email_password = abc +email_from = admin +##The password of harbor admin +harbor_admin_password= Harbor12345 +##By default the auth mode is db_auth, i.e. the creadentials are stored in a databse +#please set it to ldap_auth if you want to verify user's credentials against an ldap server. +auth_mode = db_auth +#The url for ldap endpoint +ldap_url = ldaps://ldap.mydomain.com +#The basedn template for verifying the user's password +ldap_basedn = uid=%s,ou=people,dc=mydomain,dc=com +#The password for root user of db +db_password = root123 +##### diff --git a/Deploy/prepare b/Deploy/prepare index 076910851..76f3d0356 100755 --- a/Deploy/prepare +++ b/Deploy/prepare @@ -1,36 +1,45 @@ #!/usr/bin/python -## CONFIGURATIONS -#The endpoint for user to access UI and registry service -hostname = "mydomain.com" -#User can update the protocol if ssl has been setup -ui_url = "http://" + hostname -#Email settings for ui to send password resetting emails -email_server = "smtp.mydomain.com" -email_server_port = "25" -email_username = "sample_admin@mydomain.com" -email_password = "abc" -email_from = "admin " -##The password of harbor admin -harbor_admin_password= "Harbor12345" -##By default the auth mode is db_auth, i.e. the creadentials are stored in a databse -#please set it to ldap_auth if you want to verify user's credentials against an ldap server. -auth_mode = "db_auth" -#The url for ldap endpoint -ldap_url = "ldaps://ldap.mydomain.com" -#The basedn template for verifying the user's password -ldap_basedn = "uid=%s,ou=people,dc=mydomain,dc=com" -##### +import ConfigParser +import StringIO import os from string import Template + +#Read configurations +conf = StringIO.StringIO() +conf.write("[configuration]\n") +conf.write(open("harbor.cfg").read()) +conf.seek(0, os.SEEK_SET) +cp = ConfigParser.RawConfigParser() +cp.readfp(conf) + +hostname = cp.get("configuration", "hostname") +ui_url = cp.get("configuration", "ui_url_protocol") + "://" + hostname +email_server = cp.get("configuration", "email_server") +email_server_port = cp.get("configuration", "email_server_port") +email_username = cp.get("configuration", "email_username") +email_password = cp.get("configuration", "email_password") +email_from = cp.get("configuration", "email_from") +harbor_admin_password = cp.get("configuration", "harbor_admin_password") +auth_mode = cp.get("configuration", "auth_mode") +ldap_url = cp.get("configuration", "ldap_url") +ldap_basedn = cp.get("configuration", "ldap_basedn") +db_password = cp.get("configuration", "db_password") +######## + base_dir = os.path.dirname(__file__) config_dir = os.path.join(base_dir, "config") templates_dir = os.path.join(base_dir, "templates") + ui_config_dir = os.path.join(config_dir,"ui") if not os.path.exists(ui_config_dir): os.makedirs(os.path.join(config_dir, "ui")) +db_config_dir = os.path.join(config_dir, "db") +if not os.path.exists(db_config_dir): + os.makedirs(os.path.join(config_dir, "db")) + def render(src, dest, **kw): t = Template(open(src, 'r').read()) with open(dest, 'w') as f: @@ -40,8 +49,9 @@ def render(src, dest, **kw): ui_conf_env = os.path.join(config_dir, "ui", "env") ui_conf = os.path.join(config_dir, "ui", "app.conf") registry_conf = os.path.join(config_dir, "registry", "config.yml") +db_conf_env = os.path.join(config_dir, "db", "env") -conf_files = [ ui_conf, ui_conf_env, registry_conf ] +conf_files = [ ui_conf, ui_conf_env, registry_conf, db_conf_env ] for f in conf_files: if os.path.exists(f): print "Clearing the configuration file: %s" % f @@ -69,4 +79,8 @@ render(os.path.join(templates_dir, "registry", "config.yml"), registry_conf, ui_url=ui_url) +render(os.path.join(templates_dir, "db", "env"), + db_conf_env, + db_password=db_password) + print "The configuration files are ready, please use docker-compose to start the service." diff --git a/Deploy/templates/db/env b/Deploy/templates/db/env new file mode 100644 index 000000000..31cb6bdec --- /dev/null +++ b/Deploy/templates/db/env @@ -0,0 +1 @@ +MYSQL_ROOT_PASSWORD=$db_password diff --git a/README.md b/README.md index 292a4e09d..6c6909204 100644 --- a/README.md +++ b/README.md @@ -12,11 +12,12 @@ Harbor is a project to provide enterprise capabilities for Docker Registry V2. Harbor is self contained and can be easily deployed via docker-compose. ```sh $ cd Deploy -#make update to the parameters in ./prepare +#make update to the parameters in ./harbor.cfg $ ./prepare Generated configuration file: ./config/ui/env Generated configuration file: ./config/ui/app.conf Generated configuration file: ./config/registry/config.yml +Generated configuration file: ./config/db/env $ docker-compose up ``` diff --git a/service/utils/auth_utils.go b/service/utils/auth_utils.go index ce1cbb140..1d53d4d46 100644 --- a/service/utils/auth_utils.go +++ b/service/utils/auth_utils.go @@ -32,7 +32,7 @@ import ( const ( issuer = "registry-token-issuer" - privateKey = "conf/private_key.pem" + privateKey = "/etc/ui/private_key.pem" expiration = 5 //minute )