diff --git a/.travis.yml b/.travis.yml
index b0dd4c556..80a1df4a7 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -101,7 +101,7 @@ script:
- docker ps
- ./tests/notarytest.sh
- - go run tests/startuptest.go https://localhost/
+ - ./tests/startuptest.sh
- go run tests/userlogintest.go -name ${HARBOR_ADMIN} -passwd ${HARBOR_ADMIN_PASSWD}
# - sudo ./tests/testprepare.sh
diff --git a/Makefile b/Makefile
index 08f5a0fde..719c23d05 100644
--- a/Makefile
+++ b/Makefile
@@ -1,443 +1,443 @@
-# Makefile for Harbor project
-#
-# Targets:
-#
-# all: prepare env, compile binarys, build images and install images
-# prepare: prepare env
-# compile: compile adminserver, ui and jobservice code
-#
-# compile_golangimage:
-# compile from golang image
-# for example: make compile_golangimage -e GOBUILDIMAGE= \
-# golang:1.7.3
-# compile_adminserver, compile_ui, compile_jobservice: compile specific binary
-#
-# build: build Harbor docker images (defuault: build_photon)
-# for example: make build -e BASEIMAGE=photon
-# build_photon: build Harbor docker images from photon baseimage
-#
-# install: include compile binarys, build images, prepare specific \
-# version composefile and startup Harbor instance
-#
-# start: startup Harbor instance
-#
-# down: shutdown Harbor instance
-#
-# package_online:
-# prepare online install package
-# for example: make package_online -e DEVFLAG=false\
-# REGISTRYSERVER=reg-bj.eng.vmware.com \
-# REGISTRYPROJECTNAME=harborrelease
-#
-# package_offline:
-# prepare offline install package
-#
-# pushimage: push Harbor images to specific registry server
-# for example: make pushimage -e DEVFLAG=false REGISTRYUSER=admin \
-# REGISTRYPASSWORD=***** \
-# REGISTRYSERVER=reg-bj.eng.vmware.com/ \
-# REGISTRYPROJECTNAME=harborrelease
-# note**: need add "/" on end of REGISTRYSERVER. If not setting \
-# this value will push images directly to dockerhub.
-# make pushimage -e DEVFLAG=false REGISTRYUSER=vmware \
-# REGISTRYPASSWORD=***** \
-# REGISTRYPROJECTNAME=vmware
-#
-# clean: remove binary, Harbor images, specific version docker-compose \
-# file, specific version tag and online/offline install package
-# cleanbinary: remove adminserver, ui and jobservice binary
-# cleanimage: remove Harbor images
-# cleandockercomposefile:
-# remove specific version docker-compose
-# cleanversiontag:
-# cleanpackageremove specific version tag
-# cleanpackage: remove online/offline install package
-#
-# other example:
-# clean specific version binarys and images:
-# make clean -e VERSIONTAG=[TAG]
-# note**: If commit new code to github, the git commit TAG will \
-# change. Better use this commond clean previous images and \
-# files with specific TAG.
-# By default DEVFLAG=true, if you want to release new version of Harbor, \
-# should setting the flag to false.
-# make XXXX -e DEVFLAG=false
-
-SHELL := /bin/bash
-BUILDPATH=$(CURDIR)
-MAKEPATH=$(BUILDPATH)/make
-MAKEDEVPATH=$(MAKEPATH)/dev
-SRCPATH=./src
-TOOLSPATH=$(BUILDPATH)/tools
-UIPATH=$(BUILDPATH)/src/ui
-UINGPATH=$(BUILDPATH)/src/ui_ng
-GOBASEPATH=/go/src/github.com/vmware
-CHECKENVCMD=checkenv.sh
-BASEIMAGE=photon
-COMPILETAG=compile_normal
-REGISTRYSERVER=
-REGISTRYPROJECTNAME=vmware
-DEVFLAG=true
-NOTARYFLAG=false
-REGISTRYVERSION=2.6.0
-NGINXVERSION=1.11.5
-PHOTONVERSION=1.0
-NOTARYVERSION=server-0.5.0
-NOTARYSIGNERVERSION=signer-0.5.0
-MARIADBVERSION=mariadb-10.1.10
-HTTPPROXY=
-
-#clarity parameters
-CLARITYIMAGE=danieljt/harbor-clarity-base[:tag]
-CLARITYSEEDPATH=/clarity-seed
-CLARITYBUILDSCRIPT=/entrypoint.sh
-
-# docker parameters
-DOCKERCMD=$(shell which docker)
-DOCKERBUILD=$(DOCKERCMD) build
-DOCKERRMIMAGE=$(DOCKERCMD) rmi
-DOCKERPULL=$(DOCKERCMD) pull
-DOCKERIMASES=$(DOCKERCMD) images
-DOCKERSAVE=$(DOCKERCMD) save
-DOCKERCOMPOSECMD=$(shell which docker-compose)
-DOCKERTAG=$(DOCKERCMD) tag
-
-# go parameters
-GOCMD=$(shell which go)
-GOBUILD=$(GOCMD) build
-GOCLEAN=$(GOCMD) clean
-GOINSTALL=$(GOCMD) install
-GOTEST=$(GOCMD) test
-GODEP=$(GOTEST) -i
-GOFMT=gofmt -w
-GOBUILDIMAGE=reg.mydomain.com/library/harborgo[:tag]
-GOBUILDPATH=$(GOBASEPATH)/harbor
-GOIMAGEBUILDCMD=/usr/local/go/bin/go
-GOIMAGEBUILD=$(GOIMAGEBUILDCMD) build
-GOBUILDPATH_ADMINSERVER=$(GOBUILDPATH)/src/adminserver
-GOBUILDPATH_UI=$(GOBUILDPATH)/src/ui
-GOBUILDPATH_JOBSERVICE=$(GOBUILDPATH)/src/jobservice
-GOBUILDMAKEPATH=$(GOBUILDPATH)/make
-GOBUILDMAKEPATH_ADMINSERVER=$(GOBUILDMAKEPATH)/dev/adminserver
-GOBUILDMAKEPATH_UI=$(GOBUILDMAKEPATH)/dev/ui
-GOBUILDMAKEPATH_JOBSERVICE=$(GOBUILDMAKEPATH)/dev/jobservice
-GOLANGDOCKERFILENAME=Dockerfile.golang
-
-# binary
-ADMINSERVERSOURCECODE=$(SRCPATH)/adminserver
-ADMINSERVERBINARYPATH=$(MAKEDEVPATH)/adminserver
-ADMINSERVERBINARYNAME=harbor_adminserver
-UISOURCECODE=$(SRCPATH)/ui
-UIBINARYPATH=$(MAKEDEVPATH)/ui
-UIBINARYNAME=harbor_ui
-JOBSERVICESOURCECODE=$(SRCPATH)/jobservice
-JOBSERVICEBINARYPATH=$(MAKEDEVPATH)/jobservice
-JOBSERVICEBINARYNAME=harbor_jobservice
-
-# prepare parameters
-PREPAREPATH=$(TOOLSPATH)
-PREPARECMD=prepare
-
-# configfile
-CONFIGPATH=$(MAKEPATH)
-CONFIGFILE=harbor.cfg
-
-# makefile
-MAKEFILEPATH_PHOTON=$(MAKEPATH)/photon
-
-# common dockerfile
-DOCKERFILEPATH_COMMON=$(MAKEPATH)/common
-DOCKERFILEPATH_DB=$(DOCKERFILEPATH_COMMON)/db
-DOCKERFILENAME_DB=Dockerfile
-
-# docker image name
-DOCKERIMAGENAME_ADMINSERVER=vmware/harbor-adminserver
-DOCKERIMAGENAME_UI=vmware/harbor-ui
-DOCKERIMAGENAME_JOBSERVICE=vmware/harbor-jobservice
-DOCKERIMAGENAME_LOG=vmware/harbor-log
-DOCKERIMAGENAME_DB=vmware/harbor-db
-
-# docker-compose files
-DOCKERCOMPOSEFILEPATH=$(MAKEPATH)
-DOCKERCOMPOSETPLFILENAME=docker-compose.tpl
-DOCKERCOMPOSEFILENAME=docker-compose.yml
-DOCKERCOMPOSENOTARYFILENAME=docker-compose.notary.yml
-
-# version prepare
-VERSIONFILEPATH=$(CURDIR)
-VERSIONFILENAME=VERSION
-GITCMD=$(shell which git)
-GITTAG=$(GITCMD) describe --tags
-ifeq ($(DEVFLAG), true)
- VERSIONTAG=dev
-else
- VERSIONTAG=$(shell $(GITTAG))
-endif
-
-SEDCMD=$(shell which sed)
-
-# package
-TARCMD=$(shell which tar)
-ZIPCMD=$(shell which gzip)
-DOCKERIMGFILE=harbor
-HARBORPKG=harbor
-
-# pushimage
-PUSHSCRIPTPATH=$(MAKEPATH)
-PUSHSCRIPTNAME=pushimage.sh
-REGISTRYUSER=user
-REGISTRYPASSWORD=default
-
-version:
- @printf $(VERSIONTAG) > $(VERSIONFILEPATH)/$(VERSIONFILENAME);
-
-check_environment:
- @$(MAKEPATH)/$(CHECKENVCMD)
-
-compile_adminserver:
- @echo "compiling binary for adminserver..."
- @$(GOBUILD) -o $(ADMINSERVERBINARYPATH)/$(ADMINSERVERBINARYNAME) $(ADMINSERVERSOURCECODE)
- @echo "Done."
-
-compile_ui:
- @echo "compiling binary for ui..."
- @$(GOBUILD) -o $(UIBINARYPATH)/$(UIBINARYNAME) $(UISOURCECODE)
- @echo "Done."
-
-compile_jobservice:
- @echo "compiling binary for jobservice..."
- @$(GOBUILD) -o $(JOBSERVICEBINARYPATH)/$(JOBSERVICEBINARYNAME) $(JOBSERVICESOURCECODE)
- @echo "Done."
-
-compile_clarity:
- @echo "compiling binary for clarity ui..."
- @if [ "$(HTTPPROXY)" != "" ] ; then \
- $(DOCKERCMD) run --rm -v $(UIPATH)/static:$(CLARITYSEEDPATH)/dist -v $(UINGPATH)/src:$(CLARITYSEEDPATH)/src $(CLARITYIMAGE) $(SHELL) $(CLARITYBUILDSCRIPT) -p $(HTTPPROXY); \
- else \
- $(DOCKERCMD) run --rm -v $(UIPATH)/static:$(CLARITYSEEDPATH)/dist -v $(UINGPATH)/src:$(CLARITYSEEDPATH)/src $(CLARITYIMAGE) $(SHELL) $(CLARITYBUILDSCRIPT); \
- fi
- @echo "Done."
-
-compile_normal: compile_clarity compile_adminserver compile_ui compile_jobservice
-
-compile_golangimage: compile_clarity
- @echo "compiling binary for adminserver (golang image)..."
- @echo $(GOBASEPATH)
- @echo $(GOBUILDPATH)
- @$(DOCKERCMD) run --rm -v $(BUILDPATH):$(GOBUILDPATH) -w $(GOBUILDPATH_ADMINSERVER) $(GOBUILDIMAGE) $(GOIMAGEBUILD) -v -o $(GOBUILDMAKEPATH_ADMINSERVER)/$(ADMINSERVERBINARYNAME)
- @echo "Done."
-
- @echo "compiling binary for ui (golang image)..."
- @echo $(GOBASEPATH)
- @echo $(GOBUILDPATH)
- @$(DOCKERCMD) run --rm -v $(BUILDPATH):$(GOBUILDPATH) -w $(GOBUILDPATH_UI) $(GOBUILDIMAGE) $(GOIMAGEBUILD) -v -o $(GOBUILDMAKEPATH_UI)/$(UIBINARYNAME)
- @echo "Done."
-
- @echo "compiling binary for jobservice (golang image)..."
- @$(DOCKERCMD) run --rm -v $(BUILDPATH):$(GOBUILDPATH) -w $(GOBUILDPATH_JOBSERVICE) $(GOBUILDIMAGE) $(GOIMAGEBUILD) -v -o $(GOBUILDMAKEPATH_JOBSERVICE)/$(JOBSERVICEBINARYNAME)
- @echo "Done."
-
-compile:check_environment $(COMPILETAG)
-
-prepare:
- @echo "preparing..."
- @if [ "$(NOTARYFLAG)" = "true" ] ; then \
- $(MAKEPATH)/$(PREPARECMD) --conf $(CONFIGPATH)/$(CONFIGFILE) --with-notary; \
- else \
- $(MAKEPATH)/$(PREPARECMD) --conf $(CONFIGPATH)/$(CONFIGFILE) ; \
- fi
-
-build_common: version
- @echo "buildging db container for photon..."
- @cd $(DOCKERFILEPATH_DB) && $(DOCKERBUILD) -f $(DOCKERFILENAME_DB) -t $(DOCKERIMAGENAME_DB):$(VERSIONTAG) .
- @echo "Done."
-
-build_photon: build_common
- make -f $(MAKEFILEPATH_PHOTON)/Makefile build -e DEVFLAG=$(DEVFLAG)
-
-build: build_$(BASEIMAGE)
-
-modify_composefile:
- @echo "preparing docker-compose file..."
- @cp $(DOCKERCOMPOSEFILEPATH)/$(DOCKERCOMPOSETPLFILENAME) $(DOCKERCOMPOSEFILEPATH)/$(DOCKERCOMPOSEFILENAME)
- @$(SEDCMD) -i 's/image\: vmware.*/&:$(VERSIONTAG)/g' $(DOCKERCOMPOSEFILEPATH)/$(DOCKERCOMPOSEFILENAME)
-
-install: compile build prepare modify_composefile start
-
-package_online: modify_composefile
- @echo "packing online package ..."
- @cp -r make $(HARBORPKG)
- @if [ -n "$(REGISTRYSERVER)" ] ; then \
- $(SEDCMD) -i 's/image\: vmware/image\: $(REGISTRYSERVER)\/$(REGISTRYPROJECTNAME)/' \
- $(HARBORPKG)/docker-compose.yml ; \
- fi
- @cp LICENSE $(HARBORPKG)/LICENSE
- @cp NOTICE $(HARBORPKG)/NOTICE
-
- @if [ "$(NOTARYFLAG)" = "true" ] ; then \
- $(TARCMD) -zcvf harbor-online-installer-$(VERSIONTAG).tgz \
- $(HARBORPKG)/common/templates $(HARBORPKG)/prepare \
- $(HARBORPKG)/LICENSE $(HARBORPKG)/NOTICE \
- $(HARBORPKG)/install.sh $(HARBORPKG)/$(DOCKERCOMPOSEFILENAME) \
- $(HARBORPKG)/harbor.cfg $(HARBORPKG)/$(DOCKERCOMPOSENOTARYFILENAME); \
- else \
- $(TARCMD) -zcvf harbor-online-installer-$(VERSIONTAG).tgz \
- $(HARBORPKG)/common/templates $(HARBORPKG)/prepare \
- $(HARBORPKG)/LICENSE $(HARBORPKG)/NOTICE \
- $(HARBORPKG)/install.sh $(HARBORPKG)/$(DOCKERCOMPOSEFILENAME) \
- $(HARBORPKG)/harbor.cfg ; \
- fi
-
- @rm -rf $(HARBORPKG)
- @echo "Done."
-
-package_offline: compile build modify_composefile
- @echo "packing offline package ..."
- @cp -r make $(HARBORPKG)
-
- @cp LICENSE $(HARBORPKG)/LICENSE
- @cp NOTICE $(HARBORPKG)/NOTICE
-
- @echo "pulling nginx and registry..."
- @$(DOCKERPULL) registry:$(REGISTRYVERSION)
- @$(DOCKERPULL) nginx:$(NGINXVERSION)
- @if [ "$(NOTARYFLAG)" = "true" ] ; then \
- echo "pulling notary and harbor-notary-db..."; \
- $(DOCKERPULL) vmware/notary-photon:$(NOTARYVERSION); \
- $(DOCKERPULL) vmware/notary-photon:$(NOTARYSIGNERVERSION); \
- $(DOCKERPULL) vmware/harbor-notary-db:$(MARIADBVERSION); \
- fi
-
- @echo "saving harbor docker image"
- @if [ "$(NOTARYFLAG)" = "true" ] ; then \
- $(DOCKERSAVE) -o $(HARBORPKG)/$(DOCKERIMGFILE).$(VERSIONTAG).tgz \
- $(DOCKERIMAGENAME_ADMINSERVER):$(VERSIONTAG) \
- $(DOCKERIMAGENAME_UI):$(VERSIONTAG) \
- $(DOCKERIMAGENAME_LOG):$(VERSIONTAG) \
- $(DOCKERIMAGENAME_DB):$(VERSIONTAG) \
- $(DOCKERIMAGENAME_JOBSERVICE):$(VERSIONTAG) \
- nginx:$(NGINXVERSION) registry:$(REGISTRYVERSION) photon:$(PHOTONVERSION) \
- vmware/notary-photon:$(NOTARYVERSION) vmware/notary-photon:$(NOTARYSIGNERVERSION) vmware/harbor-notary-db:$(MARIADBVERSION); \
- else \
- $(DOCKERSAVE) -o $(HARBORPKG)/$(DOCKERIMGFILE).$(VERSIONTAG).tgz \
- $(DOCKERIMAGENAME_ADMINSERVER):$(VERSIONTAG) \
- $(DOCKERIMAGENAME_UI):$(VERSIONTAG) \
- $(DOCKERIMAGENAME_LOG):$(VERSIONTAG) \
- $(DOCKERIMAGENAME_DB):$(VERSIONTAG) \
- $(DOCKERIMAGENAME_JOBSERVICE):$(VERSIONTAG) \
- nginx:$(NGINXVERSION) registry:$(REGISTRYVERSION) photon:$(PHOTONVERSION) ; \
- fi
-
- @if [ "$(NOTARYFLAG)" = "true" ] ; then \
- $(TARCMD) -zcvf harbor-offline-installer-$(VERSIONTAG).tgz \
- $(HARBORPKG)/common/templates $(HARBORPKG)/$(DOCKERIMGFILE).$(VERSIONTAG).tgz \
- $(HARBORPKG)/prepare $(HARBORPKG)/NOTICE \
- $(HARBORPKG)/LICENSE $(HARBORPKG)/install.sh \
- $(HARBORPKG)/harbor.cfg $(HARBORPKG)/$(DOCKERCOMPOSEFILENAME) \
- $(HARBORPKG)/$(DOCKERCOMPOSENOTARYFILENAME) ; \
- else \
- $(TARCMD) -zcvf harbor-offline-installer-$(VERSIONTAG).tgz \
- $(HARBORPKG)/common/templates $(HARBORPKG)/$(DOCKERIMGFILE).$(VERSIONTAG).tgz \
- $(HARBORPKG)/prepare $(HARBORPKG)/NOTICE \
- $(HARBORPKG)/LICENSE $(HARBORPKG)/install.sh \
- $(HARBORPKG)/harbor.cfg $(HARBORPKG)/$(DOCKERCOMPOSEFILENAME) ; \
- fi
-
- @rm -rf $(HARBORPKG)
- @echo "Done."
-
-pushimage:
- @echo "pushing harbor images ..."
- @$(DOCKERTAG) $(DOCKERIMAGENAME_ADMINSERVER):$(VERSIONTAG) $(REGISTRYSERVER)$(DOCKERIMAGENAME_ADMINSERVER):$(VERSIONTAG)
- @$(PUSHSCRIPTPATH)/$(PUSHSCRIPTNAME) $(REGISTRYSERVER)$(DOCKERIMAGENAME_ADMINSERVER):$(VERSIONTAG) \
- $(REGISTRYUSER) $(REGISTRYPASSWORD) $(REGISTRYSERVER)
- @$(DOCKERRMIMAGE) $(REGISTRYSERVER)$(DOCKERIMAGENAME_ADMINSERVER):$(VERSIONTAG)
-
- @$(DOCKERTAG) $(DOCKERIMAGENAME_UI):$(VERSIONTAG) $(REGISTRYSERVER)$(DOCKERIMAGENAME_UI):$(VERSIONTAG)
- @$(PUSHSCRIPTPATH)/$(PUSHSCRIPTNAME) $(REGISTRYSERVER)$(DOCKERIMAGENAME_UI):$(VERSIONTAG) \
- $(REGISTRYUSER) $(REGISTRYPASSWORD) $(REGISTRYSERVER)
- @$(DOCKERRMIMAGE) $(REGISTRYSERVER)$(DOCKERIMAGENAME_UI):$(VERSIONTAG)
-
- @$(DOCKERTAG) $(DOCKERIMAGENAME_JOBSERVICE):$(VERSIONTAG) $(REGISTRYSERVER)$(DOCKERIMAGENAME_JOBSERVICE):$(VERSIONTAG)
- @$(PUSHSCRIPTPATH)/$(PUSHSCRIPTNAME) $(REGISTRYSERVER)$(DOCKERIMAGENAME_JOBSERVICE):$(VERSIONTAG) \
- $(REGISTRYUSER) $(REGISTRYPASSWORD) $(REGISTRYSERVER)
- @$(DOCKERRMIMAGE) $(REGISTRYSERVER)$(DOCKERIMAGENAME_JOBSERVICE):$(VERSIONTAG)
-
- @$(DOCKERTAG) $(DOCKERIMAGENAME_LOG):$(VERSIONTAG) $(REGISTRYSERVER)$(DOCKERIMAGENAME_LOG):$(VERSIONTAG)
- @$(PUSHSCRIPTPATH)/$(PUSHSCRIPTNAME) $(REGISTRYSERVER)$(DOCKERIMAGENAME_LOG):$(VERSIONTAG) \
- $(REGISTRYUSER) $(REGISTRYPASSWORD) $(REGISTRYSERVER)
- @$(DOCKERRMIMAGE) $(REGISTRYSERVER)$(DOCKERIMAGENAME_LOG):$(VERSIONTAG)
-
- @$(DOCKERTAG) $(DOCKERIMAGENAME_DB):$(VERSIONTAG) $(REGISTRYSERVER)$(DOCKERIMAGENAME_DB):$(VERSIONTAG)
- @$(PUSHSCRIPTPATH)/$(PUSHSCRIPTNAME) $(REGISTRYSERVER)$(DOCKERIMAGENAME_DB):$(VERSIONTAG) \
- $(REGISTRYUSER) $(REGISTRYPASSWORD) $(REGISTRYSERVER)
- @$(DOCKERRMIMAGE) $(REGISTRYSERVER)$(DOCKERIMAGENAME_DB):$(VERSIONTAG)
-
-start:
- @echo "loading harbor images..."
- @if [ "$(NOTARYFLAG)" = "true" ] ; then \
- $(DOCKERCOMPOSECMD) -f $(DOCKERCOMPOSEFILEPATH)/$(DOCKERCOMPOSEFILENAME) -f $(DOCKERCOMPOSEFILEPATH)/$(DOCKERCOMPOSENOTARYFILENAME) up -d ; \
- else \
- $(DOCKERCOMPOSECMD) -f $(DOCKERCOMPOSEFILEPATH)/$(DOCKERCOMPOSEFILENAME) up -d ; \
- fi
- @echo "Start complete. You can visit harbor now."
-
-down:
- @echo "Please make sure to set -e NOTARYFLAG=true if you are using Notary in Harbor, otherwise the Notary containers cannot be stop automaticlly."
- @while [ -z "$$CONTINUE" ]; do \
- read -r -p "Type anything but Y or y to exit. [Y/N]: " CONTINUE; \
- done ; \
- [ $$CONTINUE = "y" ] || [ $$CONTINUE = "Y" ] || (echo "Exiting."; exit 1;)
- @echo "stoping harbor instance..."
- @if [ "$(NOTARYFLAG)" = "true" ] ; then \
- $(DOCKERCOMPOSECMD) -f $(DOCKERCOMPOSEFILEPATH)/$(DOCKERCOMPOSEFILENAME) -f $(DOCKERCOMPOSEFILEPATH)/$(DOCKERCOMPOSENOTARYFILENAME) down ; \
- else \
- $(DOCKERCOMPOSECMD) -f $(DOCKERCOMPOSEFILEPATH)/$(DOCKERCOMPOSEFILENAME) down ; \
- fi
- @echo "Done."
-
-cleanbinary:
- @echo "cleaning binary..."
- @if [ -f $(ADMINSERVERBINARYPATH)/$(ADMINSERVERBINARYNAME) ] ; then rm $(ADMINSERVERBINARYPATH)/$(ADMINSERVERBINARYNAME) ; fi
- @if [ -f $(UIBINARYPATH)/$(UIBINARYNAME) ] ; then rm $(UIBINARYPATH)/$(UIBINARYNAME) ; fi
- @if [ -f $(JOBSERVICEBINARYPATH)/$(JOBSERVICEBINARYNAME) ] ; then rm $(JOBSERVICEBINARYPATH)/$(JOBSERVICEBINARYNAME) ; fi
-
-cleanimage:
- @echo "cleaning image for photon..."
- - $(DOCKERRMIMAGE) -f $(DOCKERIMAGENAME_ADMINSERVER):$(VERSIONTAG)
- - $(DOCKERRMIMAGE) -f $(DOCKERIMAGENAME_UI):$(VERSIONTAG)
- - $(DOCKERRMIMAGE) -f $(DOCKERIMAGENAME_DB):$(VERSIONTAG)
- - $(DOCKERRMIMAGE) -f $(DOCKERIMAGENAME_JOBSERVICE):$(VERSIONTAG)
- - $(DOCKERRMIMAGE) -f $(DOCKERIMAGENAME_LOG):$(VERSIONTAG)
-# - $(DOCKERRMIMAGE) -f registry:$(REGISTRYVERSION)
-# - $(DOCKERRMIMAGE) -f nginx:1.11.5
-
-cleandockercomposefile:
- @echo "cleaning $(DOCKERCOMPOSEFILEPATH)/docker-compose.yml"
- @if [ -f $(DOCKERCOMPOSEFILEPATH)/docker-compose.yml ] ; then rm $(DOCKERCOMPOSEFILEPATH)/docker-compose.yml ; fi
-
-cleanversiontag:
- @echo "cleaning version TAG"
- @rm -rf $(VERSIONFILEPATH)/$(VERSIONFILENAME)
-
-cleanpackage:
- @echo "cleaning harbor install package"
- @if [ -d $(BUILDPATH)/harbor ] ; then rm -rf $(BUILDPATH)/harbor ; fi
- @if [ -f $(BUILDPATH)/harbor-online-installer-$(VERSIONTAG).tgz ] ; \
- then rm $(BUILDPATH)/harbor-online-installer-$(VERSIONTAG).tgz ; fi
- @if [ -f $(BUILDPATH)/harbor-offline-installer-$(VERSIONTAG).tgz ] ; \
- then rm $(BUILDPATH)/harbor-offline-installer-$(VERSIONTAG).tgz ; fi
-
-.PHONY: cleanall
-cleanall: cleanbinary cleanimage cleandockercomposefile cleanversiontag cleanpackage
-
-clean:
- @echo " make cleanall: remove binary, Harbor images, specific version docker-compose"
- @echo " file, specific version tag, online and offline install package"
- @echo " make cleanbinary: remove ui and jobservice binary"
- @echo " make cleanimage: remove Harbor images"
- @echo " make cleandockercomposefile: remove specific version docker-compose"
- @echo " make cleanversiontag: cleanpackageremove specific version tag"
- @echo " make cleanpackage: remove online and offline install package"
-
-all: install
+# Makefile for Harbor project
+#
+# Targets:
+#
+# all: prepare env, compile binarys, build images and install images
+# prepare: prepare env
+# compile: compile adminserver, ui and jobservice code
+#
+# compile_golangimage:
+# compile from golang image
+# for example: make compile_golangimage -e GOBUILDIMAGE= \
+# golang:1.7.3
+# compile_adminserver, compile_ui, compile_jobservice: compile specific binary
+#
+# build: build Harbor docker images (defuault: build_photon)
+# for example: make build -e BASEIMAGE=photon
+# build_photon: build Harbor docker images from photon baseimage
+#
+# install: include compile binarys, build images, prepare specific \
+# version composefile and startup Harbor instance
+#
+# start: startup Harbor instance
+#
+# down: shutdown Harbor instance
+#
+# package_online:
+# prepare online install package
+# for example: make package_online -e DEVFLAG=false\
+# REGISTRYSERVER=reg-bj.eng.vmware.com \
+# REGISTRYPROJECTNAME=harborrelease
+#
+# package_offline:
+# prepare offline install package
+#
+# pushimage: push Harbor images to specific registry server
+# for example: make pushimage -e DEVFLAG=false REGISTRYUSER=admin \
+# REGISTRYPASSWORD=***** \
+# REGISTRYSERVER=reg-bj.eng.vmware.com/ \
+# REGISTRYPROJECTNAME=harborrelease
+# note**: need add "/" on end of REGISTRYSERVER. If not setting \
+# this value will push images directly to dockerhub.
+# make pushimage -e DEVFLAG=false REGISTRYUSER=vmware \
+# REGISTRYPASSWORD=***** \
+# REGISTRYPROJECTNAME=vmware
+#
+# clean: remove binary, Harbor images, specific version docker-compose \
+# file, specific version tag and online/offline install package
+# cleanbinary: remove adminserver, ui and jobservice binary
+# cleanimage: remove Harbor images
+# cleandockercomposefile:
+# remove specific version docker-compose
+# cleanversiontag:
+# cleanpackageremove specific version tag
+# cleanpackage: remove online/offline install package
+#
+# other example:
+# clean specific version binarys and images:
+# make clean -e VERSIONTAG=[TAG]
+# note**: If commit new code to github, the git commit TAG will \
+# change. Better use this commond clean previous images and \
+# files with specific TAG.
+# By default DEVFLAG=true, if you want to release new version of Harbor, \
+# should setting the flag to false.
+# make XXXX -e DEVFLAG=false
+
+SHELL := /bin/bash
+BUILDPATH=$(CURDIR)
+MAKEPATH=$(BUILDPATH)/make
+MAKEDEVPATH=$(MAKEPATH)/dev
+SRCPATH=./src
+TOOLSPATH=$(BUILDPATH)/tools
+UIPATH=$(BUILDPATH)/src/ui
+UINGPATH=$(BUILDPATH)/src/ui_ng
+GOBASEPATH=/go/src/github.com/vmware
+CHECKENVCMD=checkenv.sh
+BASEIMAGE=photon
+COMPILETAG=compile_normal
+REGISTRYSERVER=
+REGISTRYPROJECTNAME=vmware
+DEVFLAG=true
+NOTARYFLAG=false
+REGISTRYVERSION=photon-2.6.0
+NGINXVERSION=1.11.5
+PHOTONVERSION=1.0
+NOTARYVERSION=server-0.5.0
+NOTARYSIGNERVERSION=signer-0.5.0
+MARIADBVERSION=mariadb-10.1.10
+HTTPPROXY=
+
+#clarity parameters
+CLARITYIMAGE=danieljt/harbor-clarity-base[:tag]
+CLARITYSEEDPATH=/clarity-seed
+CLARITYBUILDSCRIPT=/entrypoint.sh
+
+# docker parameters
+DOCKERCMD=$(shell which docker)
+DOCKERBUILD=$(DOCKERCMD) build
+DOCKERRMIMAGE=$(DOCKERCMD) rmi
+DOCKERPULL=$(DOCKERCMD) pull
+DOCKERIMASES=$(DOCKERCMD) images
+DOCKERSAVE=$(DOCKERCMD) save
+DOCKERCOMPOSECMD=$(shell which docker-compose)
+DOCKERTAG=$(DOCKERCMD) tag
+
+# go parameters
+GOCMD=$(shell which go)
+GOBUILD=$(GOCMD) build
+GOCLEAN=$(GOCMD) clean
+GOINSTALL=$(GOCMD) install
+GOTEST=$(GOCMD) test
+GODEP=$(GOTEST) -i
+GOFMT=gofmt -w
+GOBUILDIMAGE=reg.mydomain.com/library/harborgo[:tag]
+GOBUILDPATH=$(GOBASEPATH)/harbor
+GOIMAGEBUILDCMD=/usr/local/go/bin/go
+GOIMAGEBUILD=$(GOIMAGEBUILDCMD) build
+GOBUILDPATH_ADMINSERVER=$(GOBUILDPATH)/src/adminserver
+GOBUILDPATH_UI=$(GOBUILDPATH)/src/ui
+GOBUILDPATH_JOBSERVICE=$(GOBUILDPATH)/src/jobservice
+GOBUILDMAKEPATH=$(GOBUILDPATH)/make
+GOBUILDMAKEPATH_ADMINSERVER=$(GOBUILDMAKEPATH)/dev/adminserver
+GOBUILDMAKEPATH_UI=$(GOBUILDMAKEPATH)/dev/ui
+GOBUILDMAKEPATH_JOBSERVICE=$(GOBUILDMAKEPATH)/dev/jobservice
+GOLANGDOCKERFILENAME=Dockerfile.golang
+
+# binary
+ADMINSERVERSOURCECODE=$(SRCPATH)/adminserver
+ADMINSERVERBINARYPATH=$(MAKEDEVPATH)/adminserver
+ADMINSERVERBINARYNAME=harbor_adminserver
+UISOURCECODE=$(SRCPATH)/ui
+UIBINARYPATH=$(MAKEDEVPATH)/ui
+UIBINARYNAME=harbor_ui
+JOBSERVICESOURCECODE=$(SRCPATH)/jobservice
+JOBSERVICEBINARYPATH=$(MAKEDEVPATH)/jobservice
+JOBSERVICEBINARYNAME=harbor_jobservice
+
+# prepare parameters
+PREPAREPATH=$(TOOLSPATH)
+PREPARECMD=prepare
+
+# configfile
+CONFIGPATH=$(MAKEPATH)
+CONFIGFILE=harbor.cfg
+
+# makefile
+MAKEFILEPATH_PHOTON=$(MAKEPATH)/photon
+
+# common dockerfile
+DOCKERFILEPATH_COMMON=$(MAKEPATH)/common
+DOCKERFILEPATH_DB=$(DOCKERFILEPATH_COMMON)/db
+DOCKERFILENAME_DB=Dockerfile
+
+# docker image name
+DOCKERIMAGENAME_ADMINSERVER=vmware/harbor-adminserver
+DOCKERIMAGENAME_UI=vmware/harbor-ui
+DOCKERIMAGENAME_JOBSERVICE=vmware/harbor-jobservice
+DOCKERIMAGENAME_LOG=vmware/harbor-log
+DOCKERIMAGENAME_DB=vmware/harbor-db
+
+# docker-compose files
+DOCKERCOMPOSEFILEPATH=$(MAKEPATH)
+DOCKERCOMPOSETPLFILENAME=docker-compose.tpl
+DOCKERCOMPOSEFILENAME=docker-compose.yml
+DOCKERCOMPOSENOTARYFILENAME=docker-compose.notary.yml
+
+# version prepare
+VERSIONFILEPATH=$(CURDIR)
+VERSIONFILENAME=VERSION
+GITCMD=$(shell which git)
+GITTAG=$(GITCMD) describe --tags
+ifeq ($(DEVFLAG), true)
+ VERSIONTAG=dev
+else
+ VERSIONTAG=$(shell $(GITTAG))
+endif
+
+SEDCMD=$(shell which sed)
+
+# package
+TARCMD=$(shell which tar)
+ZIPCMD=$(shell which gzip)
+DOCKERIMGFILE=harbor
+HARBORPKG=harbor
+
+# pushimage
+PUSHSCRIPTPATH=$(MAKEPATH)
+PUSHSCRIPTNAME=pushimage.sh
+REGISTRYUSER=user
+REGISTRYPASSWORD=default
+
+version:
+ @printf $(VERSIONTAG) > $(VERSIONFILEPATH)/$(VERSIONFILENAME);
+
+check_environment:
+ @$(MAKEPATH)/$(CHECKENVCMD)
+
+compile_adminserver:
+ @echo "compiling binary for adminserver..."
+ @$(GOBUILD) -o $(ADMINSERVERBINARYPATH)/$(ADMINSERVERBINARYNAME) $(ADMINSERVERSOURCECODE)
+ @echo "Done."
+
+compile_ui:
+ @echo "compiling binary for ui..."
+ @$(GOBUILD) -o $(UIBINARYPATH)/$(UIBINARYNAME) $(UISOURCECODE)
+ @echo "Done."
+
+compile_jobservice:
+ @echo "compiling binary for jobservice..."
+ @$(GOBUILD) -o $(JOBSERVICEBINARYPATH)/$(JOBSERVICEBINARYNAME) $(JOBSERVICESOURCECODE)
+ @echo "Done."
+
+compile_clarity:
+ @echo "compiling binary for clarity ui..."
+ @if [ "$(HTTPPROXY)" != "" ] ; then \
+ $(DOCKERCMD) run --rm -v $(UIPATH)/static:$(CLARITYSEEDPATH)/dist -v $(UINGPATH)/src:$(CLARITYSEEDPATH)/src $(CLARITYIMAGE) $(SHELL) $(CLARITYBUILDSCRIPT) -p $(HTTPPROXY); \
+ else \
+ $(DOCKERCMD) run --rm -v $(UIPATH)/static:$(CLARITYSEEDPATH)/dist -v $(UINGPATH)/src:$(CLARITYSEEDPATH)/src $(CLARITYIMAGE) $(SHELL) $(CLARITYBUILDSCRIPT); \
+ fi
+ @echo "Done."
+
+compile_normal: compile_clarity compile_adminserver compile_ui compile_jobservice
+
+compile_golangimage: compile_clarity
+ @echo "compiling binary for adminserver (golang image)..."
+ @echo $(GOBASEPATH)
+ @echo $(GOBUILDPATH)
+ @$(DOCKERCMD) run --rm -v $(BUILDPATH):$(GOBUILDPATH) -w $(GOBUILDPATH_ADMINSERVER) $(GOBUILDIMAGE) $(GOIMAGEBUILD) -v -o $(GOBUILDMAKEPATH_ADMINSERVER)/$(ADMINSERVERBINARYNAME)
+ @echo "Done."
+
+ @echo "compiling binary for ui (golang image)..."
+ @echo $(GOBASEPATH)
+ @echo $(GOBUILDPATH)
+ @$(DOCKERCMD) run --rm -v $(BUILDPATH):$(GOBUILDPATH) -w $(GOBUILDPATH_UI) $(GOBUILDIMAGE) $(GOIMAGEBUILD) -v -o $(GOBUILDMAKEPATH_UI)/$(UIBINARYNAME)
+ @echo "Done."
+
+ @echo "compiling binary for jobservice (golang image)..."
+ @$(DOCKERCMD) run --rm -v $(BUILDPATH):$(GOBUILDPATH) -w $(GOBUILDPATH_JOBSERVICE) $(GOBUILDIMAGE) $(GOIMAGEBUILD) -v -o $(GOBUILDMAKEPATH_JOBSERVICE)/$(JOBSERVICEBINARYNAME)
+ @echo "Done."
+
+compile:check_environment $(COMPILETAG)
+
+prepare:
+ @echo "preparing..."
+ @if [ "$(NOTARYFLAG)" = "true" ] ; then \
+ $(MAKEPATH)/$(PREPARECMD) --conf $(CONFIGPATH)/$(CONFIGFILE) --with-notary; \
+ else \
+ $(MAKEPATH)/$(PREPARECMD) --conf $(CONFIGPATH)/$(CONFIGFILE) ; \
+ fi
+
+build_common: version
+ @echo "buildging db container for photon..."
+ @cd $(DOCKERFILEPATH_DB) && $(DOCKERBUILD) -f $(DOCKERFILENAME_DB) -t $(DOCKERIMAGENAME_DB):$(VERSIONTAG) .
+ @echo "Done."
+
+build_photon: build_common
+ make -f $(MAKEFILEPATH_PHOTON)/Makefile build -e DEVFLAG=$(DEVFLAG)
+
+build: build_$(BASEIMAGE)
+
+modify_composefile:
+ @echo "preparing docker-compose file..."
+ @cp $(DOCKERCOMPOSEFILEPATH)/$(DOCKERCOMPOSETPLFILENAME) $(DOCKERCOMPOSEFILEPATH)/$(DOCKERCOMPOSEFILENAME)
+ @$(SEDCMD) -i 's/__version__/$(VERSIONTAG)/g' $(DOCKERCOMPOSEFILEPATH)/$(DOCKERCOMPOSEFILENAME)
+
+install: compile build prepare modify_composefile start
+
+package_online: modify_composefile
+ @echo "packing online package ..."
+ @cp -r make $(HARBORPKG)
+ @if [ -n "$(REGISTRYSERVER)" ] ; then \
+ $(SEDCMD) -i 's/image\: vmware/image\: $(REGISTRYSERVER)\/$(REGISTRYPROJECTNAME)/' \
+ $(HARBORPKG)/docker-compose.yml ; \
+ fi
+ @cp LICENSE $(HARBORPKG)/LICENSE
+ @cp NOTICE $(HARBORPKG)/NOTICE
+
+ @if [ "$(NOTARYFLAG)" = "true" ] ; then \
+ $(TARCMD) -zcvf harbor-online-installer-$(VERSIONTAG).tgz \
+ $(HARBORPKG)/common/templates $(HARBORPKG)/prepare \
+ $(HARBORPKG)/LICENSE $(HARBORPKG)/NOTICE \
+ $(HARBORPKG)/install.sh $(HARBORPKG)/$(DOCKERCOMPOSEFILENAME) \
+ $(HARBORPKG)/harbor.cfg $(HARBORPKG)/$(DOCKERCOMPOSENOTARYFILENAME); \
+ else \
+ $(TARCMD) -zcvf harbor-online-installer-$(VERSIONTAG).tgz \
+ $(HARBORPKG)/common/templates $(HARBORPKG)/prepare \
+ $(HARBORPKG)/LICENSE $(HARBORPKG)/NOTICE \
+ $(HARBORPKG)/install.sh $(HARBORPKG)/$(DOCKERCOMPOSEFILENAME) \
+ $(HARBORPKG)/harbor.cfg ; \
+ fi
+
+ @rm -rf $(HARBORPKG)
+ @echo "Done."
+
+package_offline: compile build modify_composefile
+ @echo "packing offline package ..."
+ @cp -r make $(HARBORPKG)
+
+ @cp LICENSE $(HARBORPKG)/LICENSE
+ @cp NOTICE $(HARBORPKG)/NOTICE
+
+ @echo "pulling nginx and registry..."
+ @$(DOCKERPULL) vmware/registry:$(REGISTRYVERSION)
+ @$(DOCKERPULL) nginx:$(NGINXVERSION)
+ @if [ "$(NOTARYFLAG)" = "true" ] ; then \
+ echo "pulling notary and harbor-notary-db..."; \
+ $(DOCKERPULL) vmware/notary-photon:$(NOTARYVERSION); \
+ $(DOCKERPULL) vmware/notary-photon:$(NOTARYSIGNERVERSION); \
+ $(DOCKERPULL) vmware/harbor-notary-db:$(MARIADBVERSION); \
+ fi
+
+ @echo "saving harbor docker image"
+ @if [ "$(NOTARYFLAG)" = "true" ] ; then \
+ $(DOCKERSAVE) -o $(HARBORPKG)/$(DOCKERIMGFILE).$(VERSIONTAG).tgz \
+ $(DOCKERIMAGENAME_ADMINSERVER):$(VERSIONTAG) \
+ $(DOCKERIMAGENAME_UI):$(VERSIONTAG) \
+ $(DOCKERIMAGENAME_LOG):$(VERSIONTAG) \
+ $(DOCKERIMAGENAME_DB):$(VERSIONTAG) \
+ $(DOCKERIMAGENAME_JOBSERVICE):$(VERSIONTAG) \
+ nginx:$(NGINXVERSION) vmware/registry:$(REGISTRYVERSION) photon:$(PHOTONVERSION) \
+ vmware/notary-photon:$(NOTARYVERSION) vmware/notary-photon:$(NOTARYSIGNERVERSION) vmware/harbor-notary-db:$(MARIADBVERSION); \
+ else \
+ $(DOCKERSAVE) -o $(HARBORPKG)/$(DOCKERIMGFILE).$(VERSIONTAG).tgz \
+ $(DOCKERIMAGENAME_ADMINSERVER):$(VERSIONTAG) \
+ $(DOCKERIMAGENAME_UI):$(VERSIONTAG) \
+ $(DOCKERIMAGENAME_LOG):$(VERSIONTAG) \
+ $(DOCKERIMAGENAME_DB):$(VERSIONTAG) \
+ $(DOCKERIMAGENAME_JOBSERVICE):$(VERSIONTAG) \
+ nginx:$(NGINXVERSION) vmware/registry:$(REGISTRYVERSION) photon:$(PHOTONVERSION) ; \
+ fi
+
+ @if [ "$(NOTARYFLAG)" = "true" ] ; then \
+ $(TARCMD) -zcvf harbor-offline-installer-$(VERSIONTAG).tgz \
+ $(HARBORPKG)/common/templates $(HARBORPKG)/$(DOCKERIMGFILE).$(VERSIONTAG).tgz \
+ $(HARBORPKG)/prepare $(HARBORPKG)/NOTICE \
+ $(HARBORPKG)/LICENSE $(HARBORPKG)/install.sh \
+ $(HARBORPKG)/harbor.cfg $(HARBORPKG)/$(DOCKERCOMPOSEFILENAME) \
+ $(HARBORPKG)/$(DOCKERCOMPOSENOTARYFILENAME) ; \
+ else \
+ $(TARCMD) -zcvf harbor-offline-installer-$(VERSIONTAG).tgz \
+ $(HARBORPKG)/common/templates $(HARBORPKG)/$(DOCKERIMGFILE).$(VERSIONTAG).tgz \
+ $(HARBORPKG)/prepare $(HARBORPKG)/NOTICE \
+ $(HARBORPKG)/LICENSE $(HARBORPKG)/install.sh \
+ $(HARBORPKG)/harbor.cfg $(HARBORPKG)/$(DOCKERCOMPOSEFILENAME) ; \
+ fi
+
+ @rm -rf $(HARBORPKG)
+ @echo "Done."
+
+pushimage:
+ @echo "pushing harbor images ..."
+ @$(DOCKERTAG) $(DOCKERIMAGENAME_ADMINSERVER):$(VERSIONTAG) $(REGISTRYSERVER)$(DOCKERIMAGENAME_ADMINSERVER):$(VERSIONTAG)
+ @$(PUSHSCRIPTPATH)/$(PUSHSCRIPTNAME) $(REGISTRYSERVER)$(DOCKERIMAGENAME_ADMINSERVER):$(VERSIONTAG) \
+ $(REGISTRYUSER) $(REGISTRYPASSWORD) $(REGISTRYSERVER)
+ @$(DOCKERRMIMAGE) $(REGISTRYSERVER)$(DOCKERIMAGENAME_ADMINSERVER):$(VERSIONTAG)
+
+ @$(DOCKERTAG) $(DOCKERIMAGENAME_UI):$(VERSIONTAG) $(REGISTRYSERVER)$(DOCKERIMAGENAME_UI):$(VERSIONTAG)
+ @$(PUSHSCRIPTPATH)/$(PUSHSCRIPTNAME) $(REGISTRYSERVER)$(DOCKERIMAGENAME_UI):$(VERSIONTAG) \
+ $(REGISTRYUSER) $(REGISTRYPASSWORD) $(REGISTRYSERVER)
+ @$(DOCKERRMIMAGE) $(REGISTRYSERVER)$(DOCKERIMAGENAME_UI):$(VERSIONTAG)
+
+ @$(DOCKERTAG) $(DOCKERIMAGENAME_JOBSERVICE):$(VERSIONTAG) $(REGISTRYSERVER)$(DOCKERIMAGENAME_JOBSERVICE):$(VERSIONTAG)
+ @$(PUSHSCRIPTPATH)/$(PUSHSCRIPTNAME) $(REGISTRYSERVER)$(DOCKERIMAGENAME_JOBSERVICE):$(VERSIONTAG) \
+ $(REGISTRYUSER) $(REGISTRYPASSWORD) $(REGISTRYSERVER)
+ @$(DOCKERRMIMAGE) $(REGISTRYSERVER)$(DOCKERIMAGENAME_JOBSERVICE):$(VERSIONTAG)
+
+ @$(DOCKERTAG) $(DOCKERIMAGENAME_LOG):$(VERSIONTAG) $(REGISTRYSERVER)$(DOCKERIMAGENAME_LOG):$(VERSIONTAG)
+ @$(PUSHSCRIPTPATH)/$(PUSHSCRIPTNAME) $(REGISTRYSERVER)$(DOCKERIMAGENAME_LOG):$(VERSIONTAG) \
+ $(REGISTRYUSER) $(REGISTRYPASSWORD) $(REGISTRYSERVER)
+ @$(DOCKERRMIMAGE) $(REGISTRYSERVER)$(DOCKERIMAGENAME_LOG):$(VERSIONTAG)
+
+ @$(DOCKERTAG) $(DOCKERIMAGENAME_DB):$(VERSIONTAG) $(REGISTRYSERVER)$(DOCKERIMAGENAME_DB):$(VERSIONTAG)
+ @$(PUSHSCRIPTPATH)/$(PUSHSCRIPTNAME) $(REGISTRYSERVER)$(DOCKERIMAGENAME_DB):$(VERSIONTAG) \
+ $(REGISTRYUSER) $(REGISTRYPASSWORD) $(REGISTRYSERVER)
+ @$(DOCKERRMIMAGE) $(REGISTRYSERVER)$(DOCKERIMAGENAME_DB):$(VERSIONTAG)
+
+start:
+ @echo "loading harbor images..."
+ @if [ "$(NOTARYFLAG)" = "true" ] ; then \
+ $(DOCKERCOMPOSECMD) -f $(DOCKERCOMPOSEFILEPATH)/$(DOCKERCOMPOSEFILENAME) -f $(DOCKERCOMPOSEFILEPATH)/$(DOCKERCOMPOSENOTARYFILENAME) up -d ; \
+ else \
+ $(DOCKERCOMPOSECMD) -f $(DOCKERCOMPOSEFILEPATH)/$(DOCKERCOMPOSEFILENAME) up -d ; \
+ fi
+ @echo "Start complete. You can visit harbor now."
+
+down:
+ @echo "Please make sure to set -e NOTARYFLAG=true if you are using Notary in Harbor, otherwise the Notary containers cannot be stop automaticlly."
+ @while [ -z "$$CONTINUE" ]; do \
+ read -r -p "Type anything but Y or y to exit. [Y/N]: " CONTINUE; \
+ done ; \
+ [ $$CONTINUE = "y" ] || [ $$CONTINUE = "Y" ] || (echo "Exiting."; exit 1;)
+ @echo "stoping harbor instance..."
+ @if [ "$(NOTARYFLAG)" = "true" ] ; then \
+ $(DOCKERCOMPOSECMD) -f $(DOCKERCOMPOSEFILEPATH)/$(DOCKERCOMPOSEFILENAME) -f $(DOCKERCOMPOSEFILEPATH)/$(DOCKERCOMPOSENOTARYFILENAME) down -v ; \
+ else \
+ $(DOCKERCOMPOSECMD) -f $(DOCKERCOMPOSEFILEPATH)/$(DOCKERCOMPOSEFILENAME) down -v ; \
+ fi
+ @echo "Done."
+
+cleanbinary:
+ @echo "cleaning binary..."
+ @if [ -f $(ADMINSERVERBINARYPATH)/$(ADMINSERVERBINARYNAME) ] ; then rm $(ADMINSERVERBINARYPATH)/$(ADMINSERVERBINARYNAME) ; fi
+ @if [ -f $(UIBINARYPATH)/$(UIBINARYNAME) ] ; then rm $(UIBINARYPATH)/$(UIBINARYNAME) ; fi
+ @if [ -f $(JOBSERVICEBINARYPATH)/$(JOBSERVICEBINARYNAME) ] ; then rm $(JOBSERVICEBINARYPATH)/$(JOBSERVICEBINARYNAME) ; fi
+
+cleanimage:
+ @echo "cleaning image for photon..."
+ - $(DOCKERRMIMAGE) -f $(DOCKERIMAGENAME_ADMINSERVER):$(VERSIONTAG)
+ - $(DOCKERRMIMAGE) -f $(DOCKERIMAGENAME_UI):$(VERSIONTAG)
+ - $(DOCKERRMIMAGE) -f $(DOCKERIMAGENAME_DB):$(VERSIONTAG)
+ - $(DOCKERRMIMAGE) -f $(DOCKERIMAGENAME_JOBSERVICE):$(VERSIONTAG)
+ - $(DOCKERRMIMAGE) -f $(DOCKERIMAGENAME_LOG):$(VERSIONTAG)
+# - $(DOCKERRMIMAGE) -f registry:$(REGISTRYVERSION)
+# - $(DOCKERRMIMAGE) -f nginx:1.11.5
+
+cleandockercomposefile:
+ @echo "cleaning $(DOCKERCOMPOSEFILEPATH)/docker-compose.yml"
+ @if [ -f $(DOCKERCOMPOSEFILEPATH)/docker-compose.yml ] ; then rm $(DOCKERCOMPOSEFILEPATH)/docker-compose.yml ; fi
+
+cleanversiontag:
+ @echo "cleaning version TAG"
+ @rm -rf $(VERSIONFILEPATH)/$(VERSIONFILENAME)
+
+cleanpackage:
+ @echo "cleaning harbor install package"
+ @if [ -d $(BUILDPATH)/harbor ] ; then rm -rf $(BUILDPATH)/harbor ; fi
+ @if [ -f $(BUILDPATH)/harbor-online-installer-$(VERSIONTAG).tgz ] ; \
+ then rm $(BUILDPATH)/harbor-online-installer-$(VERSIONTAG).tgz ; fi
+ @if [ -f $(BUILDPATH)/harbor-offline-installer-$(VERSIONTAG).tgz ] ; \
+ then rm $(BUILDPATH)/harbor-offline-installer-$(VERSIONTAG).tgz ; fi
+
+.PHONY: cleanall
+cleanall: cleanbinary cleanimage cleandockercomposefile cleanversiontag cleanpackage
+
+clean:
+ @echo " make cleanall: remove binary, Harbor images, specific version docker-compose"
+ @echo " file, specific version tag, online and offline install package"
+ @echo " make cleanbinary: remove ui and jobservice binary"
+ @echo " make cleanimage: remove Harbor images"
+ @echo " make cleandockercomposefile: remove specific version docker-compose"
+ @echo " make cleanversiontag: cleanpackageremove specific version tag"
+ @echo " make cleanpackage: remove online and offline install package"
+
+all: install
diff --git a/docs/use_make.md b/docs/use_make.md
new file mode 100644
index 000000000..d8fd774cc
--- /dev/null
+++ b/docs/use_make.md
@@ -0,0 +1,51 @@
+### Variables
+Variable | Description
+-------------------|-------------
+BASEIMAGE | Container base image, default: photon
+DEVFLAG | Build model flag, default: dev
+COMPILETAG | Compile model flag, default: compile_normal (local golang build)
+GOBUILDIMAGE | Golang image to compile harbor go source code.
+CLARITYIMAGE | Clarity image that based on Node to compile UI.
+NOTARYFLAG | Whether to enable notary in harbor, default:false
+HTTPPROXY | Clarity proxy to build UI.
+
+
+### Targets
+Target | Description
+--------------------|-------------
+all | prepare env, compile binaries, build images and install images
+prepare | prepare env
+compile | compile ui and jobservice code
+compile_ui | compile ui binary
+compile_jobservice | compile jobservice binary
+compile_clarity | compile clarity ui binary
+compile_adminserver | compile admin server binary
+build | build Harbor docker images (default: using build_photon)
+build_photon | build Harbor docker images from Photon OS base image
+install | compile binaries, build images, prepare specific version of compose file and startup Harbor instance
+start | startup Harbor instance
+down | shutdown Harbor instance
+package_online | prepare online install package
+package_offline | prepare offline install package
+pushimage | push Harbor images to specific registry server
+clean all | remove binary, Harbor images, specific version docker-compose file, specific version tag and online/offline install package
+cleanbinary | remove ui and jobservice binary
+cleanimage | remove Harbor images
+cleandockercomposefile | remove specific version docker-compose
+cleanversiontag | remove specific version tag
+cleanpackage | remove online/offline install package
+version | set harbor version
+
+#### EXAMPLE:
+
+#### Build and run harbor from source code.
+make install GOBUILDIMAGE=golang:1.7.3 COMPILETAG=compile_golangimage CLARITYIMAGE=danieljt/harbor-clarity-base:0.8.4 NOTARYFLAG=true HTTPPROXY=http://proxy.vmware.com:3128
+
+### Package offline installer
+make package_offline GOBUILDIMAGE=golang:1.7.3 COMPILETAG=compile_golangimage CLARITYIMAGE=danieljt/harbor-clarity-base:0.8.4 NOTARYFLAG=true HTTPPROXY=http://proxy.vmware.com:3128
+
+### Start harbor with notary
+make -e NOTARYFLAG=true start
+
+### Stop harbor with notary
+make -e NOTARYFLAG=true down
\ No newline at end of file
diff --git a/docs/use_notary.md b/docs/use_notary.md
new file mode 100644
index 000000000..08d2dfbb0
--- /dev/null
+++ b/docs/use_notary.md
@@ -0,0 +1,23 @@
+### Setup
+In harbor.cfg, make sure the attribute ```ui_url_protocol``` is set to ```https```, and the attributes ```ssl_cert``` and ```ssl_cert_key``` are pointed to valid certificates. For more information about generating https certificate please refer to: [Configuring HTTPS for Harbor](configure_https.md)
+
+### Copy Root Certificate
+Suppose the Harbor instance is hosted on a machine ```192.168.0.5```
+If you are using a self-signed cetificate, make sure to copy the CA root cert to ```/etc/docker/certs.d/192.168.0.5/``` and ```~/.docker/tls/192.168.0.5/```
+
+### Enable Docker Content Trust
+It can be done via setting envrironment variables:
+
+```
+export DOCKER_CONTENT_TRUST=1
+export DOCKER_CONTENT_TRUST_SERVER=https://192.168.0.5/notary
+```
+
+### Set alias for notary (optional)
+Because by default the local directory for storing meta files for notary client is different from docker client. If you want to use notary client to manipulate the keys/meta files generated by Docker Content Trust, please set the alias to reduce the effort:
+
+```
+alias notary="notary -s https//192.168.0.5 -d ~/.docker/trust --tlscacert /
+etc/docker/certs.d/192.168.0.5/ca.crt"
+
+```
diff --git a/make/common/templates/notary/notary-signer-ca.crt b/make/common/templates/notary/notary-signer-ca.crt
new file mode 100644
index 000000000..02e78443e
--- /dev/null
+++ b/make/common/templates/notary/notary-signer-ca.crt
@@ -0,0 +1,34 @@
+-----BEGIN CERTIFICATE-----
+MIIF3TCCA8WgAwIBAgIJANgnJg8tUB+HMA0GCSqGSIb3DQEBCwUAMIGEMQswCQYD
+VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJUGFsbyBBbHRv
+MRUwEwYDVQQKDAxWTXdhcmUsIEluYy4xDzANBgNVBAsMBkhhcmJvcjEkMCIGA1UE
+AwwbU2VsZi1zaWduZWQgYnkgVk13YXJlLCBJbmMuMB4XDTE3MDMyNDA1MzE1N1oX
+DTI3MDMyMjA1MzE1N1owgYQxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9y
+bmlhMRIwEAYDVQQHDAlQYWxvIEFsdG8xFTATBgNVBAoMDFZNd2FyZSwgSW5jLjEP
+MA0GA1UECwwGSGFyYm9yMSQwIgYDVQQDDBtTZWxmLXNpZ25lZCBieSBWTXdhcmUs
+IEluYy4wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQClgcA3XhXFgaBa
+iK5G60ym0SB0P4KDyB0aKz1nQwf3svJdzUOLzom3zK8mUDXZ5b0Jnix5KrW6CONs
+JsjPtZKRXVNkWhUh6362OUt2icmq3BLGqKQ9qTqi4R1NrPr4vug/TmBumxMB+JJI
+UHRJgLox1dXUEsyxxv5yt/AKPa9nZruI2x8CzdKRVhsiR06B70OJZA8l2UuRv7v8
+9biGGu4Haavt4CG0goPBXh7PpPNHcoQmgdMAHkawBmrf3qvn2nSrJzfbjsv6iQ9/
+e3GRAmWmJVsDBvlxwtIJDXLvm3qUN/P/ul6w6zbueAXkAq5UcjIMdDLSnt690DWo
+B7cO8FWKg4TqvuJ0+qb9Uwty+3x/mONiq9kwbFIKuLnjRJApPO1gevGexotiOyKp
+ljJMkeabPCuClquqI+LxM+TEmDtxOfJ2OuhisOaAuW2qYl2ZdnaTaVz42kctobwj
++DnhvtwItE88mf8tYxDY+Kp+bITlcanmSPASw/YJXMrIbPynzMPCloe2TRSoImGC
+8uQI6rLSyeUvkpCCxIDnfUTuhmSc2jseqTYyxXrf+qMVNNoTC2VMUwt/nxerjK1a
+L000KIqk4h0GqUwuAE6I1CPLN9eQE9qlaeSxKPiScPG3M3mkKyIIAKUz3WjR7UnW
+Aw1Z5fRH28ci8GfbxynTMuWlU/izqwIDAQABo1AwTjAdBgNVHQ4EFgQUZP1uZGYH
+85c0RIrIJVr/RdC64YcwHwYDVR0jBBgwFoAUZP1uZGYH85c0RIrIJVr/RdC64Ycw
+DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEACYIVf0U2kc849GlpvYCv
+LDGjbdswjmjAxpZaKFCO3MjAEhDxd8QWb1uCN+asRKV146qU3UL40stjjWUpwx6P
+YQ48zJi1N+Npc53NWoTQ8JxsmQtATTaIlAgYg1WC1oTg5WTPeNOAY/KuSiwPHIrX
+yaCJdz0+c1xKRRE1m3m85amrtAJkIigL8WIPsKqnNprP11zLzaebMJNpGwq2lRsI
+4Sm0SEdJNaOm3fQ8KuTElBAGEmJ3F34FeNajM+hIkd0RnG35nsJQgMQz36E5rMVd
+P1Djk/wPfXJIk61lGJvS/Rl41c1d+XG8aFjhL0APdYHddB11IZ7+QNslEk11kiVI
+nNjx5CfFuE6ZSq/TAVrco97TxqKdbMIMkRp/MKoTlxG4O5UlFGOniGvQT4g1A962
+aobnVvxkIhZ5NbPc8PX18EdfpQcheubDZuQtZMmcdU7ilFI0pP9/bQ2EYKi2oPJv
+4v6vtCYKU2et2KLJLFt7zUoY4zJGqJcW8BibP5kDkmAT+qxurH6T5X+M2QctdxU/
+63L3sE/dH3saSAVNqB1hs+9pweEj6E+Uaj6Oyn9UDarri11y+esyVPdBEnHwCEsc
+o3/KMSc7gXfixQi+WgRoD0DpR/bNatjgbq7KSGi9gZp/Aq+ltx5I49nbf4c+WZ9b
+l7WOOMS8XTJr7KLDUXkAeic=
+-----END CERTIFICATE-----
diff --git a/make/common/templates/notary/notary-signer.crt b/make/common/templates/notary/notary-signer.crt
index 9e9478998..1189dfd7b 100644
--- a/make/common/templates/notary/notary-signer.crt
+++ b/make/common/templates/notary/notary-signer.crt
@@ -1,63 +1,32 @@
-----BEGIN CERTIFICATE-----
-MIIFBDCCAuygAwIBAgIJAMbWdVJcKhXYMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNV
-BAYTAlVTMQswCQYDVQQIDAJDQTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzEPMA0G
-A1UECgwGRG9ja2VyMScwJQYDVQQDDB5Ob3RhcnkgSW50ZXJtZWRpYXRlIFRlc3Rp
-bmcgQ0EwHhcNMTcwMTIzMDYwMzM3WhcNMTkwMjEyMDYwMzM3WjBbMQswCQYDVQQG
-EwJVUzELMAkGA1UECAwCQ0ExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDzANBgNV
-BAoMBkRvY2tlcjEWMBQGA1UEAwwNbm90YXJ5LXNpZ25lcjCCASIwDQYJKoZIhvcN
-AQEBBQADggEPADCCAQoCggEBANhO8+K9xT6M9dQC90Hxs6bmTXWQzE5oV2kLeVKq
-OjwAvGt6wBE2XJCAbTS3FORIOyoOVQDVCv2Pk2lZXGWqSrH8SY2umjRJIhPDiqN9
-V5M/gcmMm2EUgwmp2l4bsDk1MQ6GSbud5kjYGZcp9uXxAVO8tfLVLQF7ohJYqiex
-JN+fZkQyxTgSqrI7MKK1pUvGX/fa6EXzpKwxTQPJXiG/ZQW0Pn+gdrz+/Cf0PcVy
-V/Ghc2RR+WjKzqqAiDUJoEtKm/xQVRcSPbagVLCe0KZr7VmtDWnHsUv9ZB9BRNlI
-lRVDOhVDCCcMu/zEtcxuH8ja7fafi5xNt6vCBmHuCXQtTUsCAwEAAaOBuTCBtjAf
-BgNVHSMEGDAWgBQjgpNYJjU9Ei7nadpOhHm59FPiKTAMBgNVHRMBAf8EAjAAMB0G
-A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAOBgNVHQ8BAf8EBAMCBaAwNwYD
-VR0RBDAwLoINbm90YXJ5LXNpZ25lcoIMbm90YXJ5c2lnbmVygglsb2NhbGhvc3SH
-BAp1BI4wHQYDVR0OBBYEFLv4/22eN7pe8IzCbL+gKr2i/o6VMA0GCSqGSIb3DQEB
-CwUAA4ICAQBzBcFgcwtr7oNP7WPyG64mRXHFs1qGCoDZO3D2dZPF/vUKnyPWI6+i
-Ozu1Lmvd6QUQ5C0m91D6RidKKy3ENz2MgUo8NNj3QY3XzassiLnNOtpo1ed6U3BG
-2w05gaLTTFywnpOgPy180U6f5uNSHGxY/fq9dN+8YR/MqGOht74q36x0swkPegG/
-+0SLloKOJw1wBzZ4nCLmED08DWNnuNTAj5IIVjApzqZbTh4+z6H1lmN3b7XwmiWw
-+y7Jx8k74h5JmqKQnV+3lN0DlCc1BCbtH2fbKOmAKeu4gMniw5FBo75wYrPIet+Z
-E3G2Zg+T6fjTXAnLGT3S0RVn/CW1lLR6RgkoFgURRZoJyTWrg+1yu4ZOgEz+bot2
-/hMAr/fjo+Dd6ReFrgGkpTyWYtPhYusori1W8KW138CVrJmSs6p2ss1Ixh8uIOaQ
-iFmlX/ZXXbvkz3FGQS9LfBdESO3MGjiJTcnXE0DTnXf6RmdlUfNwxsZbIliFa0TQ
-E/JjIJYQzWmtkJbUdC02GUMjUJAM7SxmP7tU9CmMmjUI28Nno0XtPN2WsAszaiLh
-JYLJCi7rqaLo0oZuaXVIrgBpQ0qEC1XXS5sCQL+xvMSYvke/rhwIPItWt7Ww/9yj
-QDIi1nzzX86lbKd095pNX4sUfFx6j4caR8iENgJDfWnqynAzj1Y21A==
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIIF1TCCA72gAwIBAgIJAMk2DFRLRSRRMA0GCSqGSIb3DQEBCwUAMF8xCzAJBgNV
-BAYTAlVTMQswCQYDVQQIDAJDQTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzEPMA0G
-A1UECgwGRG9ja2VyMRowGAYDVQQDDBFOb3RhcnkgVGVzdGluZyBDQTAeFw0xNzAx
-MjMwNjAzMzdaFw0yNzAxMjEwNjAzMzdaMGwxCzAJBgNVBAYTAlVTMQswCQYDVQQI
-DAJDQTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzEPMA0GA1UECgwGRG9ja2VyMScw
-JQYDVQQDDB5Ob3RhcnkgSW50ZXJtZWRpYXRlIFRlc3RpbmcgQ0EwggIiMA0GCSqG
-SIb3DQEBAQUAA4ICDwAwggIKAoICAQCu+ldASegXuhXrA7mnk4nybTEomHnV8zJ/
-uU6+8bWIo+htD8zgiONuk1uEww0p/nWtIZqm7xpLsklMp0CWRA8EAeUnxfNJ37ks
-7nZuJ+YDtw77fC0IUJSWqFbro75nPMyegMqajT7IDWfLeTrIlgUmDu/45AWdbE2w
-BrRgejqkL1yeQPaldgr97g00swbTd7wzWn1o6025Frm0kDEIqMJlkB61cHiVGZNu
-oeDBZcFiwa/Ek/keDG3Y2R6cDQzZa8aEZG9i3Cmo0nGviojr+06JxQ8IkVc5P72e
-Fb/jgX/NvRaqeBnJrZoiPnuMoMag/ynGC9fuIAGz25fKOuGOf52x+swzQB2ZVtxA
-BIgIZIbMTURKknqbl6LAh46onQUVF+3h9E9Te3a4Oh7SvSGLYfEbWprPKo1J3lI9
-ApU19TBhKUrj7dsJT3gri7f71NC2RLraZbpK3d8PWKMc/q4ffoRCeW+TPjYreC/d
-7LdykAwYB2AGyHCLHkkkJC86n6wAsk/TaoTgjflyyQ35FNikUYqNF/rVuc+0Oj5R
-odPk8y2vB7VvPvWWlttcr7OMqVVAymQvDOTb+5T6EI/LdHejjDMMI5lt6rVUU+uq
-kGMYGiHtWG5JqQdhUBpISYuF74cS5aVRmnhK6O2ylMpmlWYq4128SRv8EEAPNcN9
-V/RrOF9RsQIDAQABo4GGMIGDMB8GA1UdIwQYMBaAFJZZtwJ5t4SBmVaTb+T5puH5
-sQWkMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
-AQUFBwMCMA4GA1UdDwEB/wQEAwIBRjAdBgNVHQ4EFgQUI4KTWCY1PRIu52naToR5
-ufRT4ikwDQYJKoZIhvcNAQELBQADggIBAI64zW1o24R8K7qsE8FO3UHJQdizR1RC
-FvMDgXGDSYMUg4QkEvHYYOoFH1zMd1HNUuLDO231dtw23kshNY/kdKfdFJktT3Dz
-50r/hl2090uZIOk9aLv7swG0voA6A8CI2qyXEXW9Le8xrnrJUU5T+3YDxseHokTT
-XT9hLd1iSNH5gi3tOaJ4KNbHc2zhKtQSUZbxguapUIUXStiQLz06itQu3i1fLdMd
-L3yRJID4aWU+Dmm5AQ6F3ticIpzFmJyAsTM2BMiTnlSJPK3LA2WYMBOVD6r9yo08
-cEpi6Vo8pZdsnHWaIaIkO4UR7iBwmkT0h8HfNZ4uEoViiMsxqNVsQBfJR/9DzAXz
-ctO6JtNJdNwn2zlv4NCIcV0AdncVf049uOtTBWIqRn1IHQ8d119lQAMXZZMSNKBI
-lIYFCKMh95XI6mK6VFsFKs2wSDiSH4ZOqIwr4urmr1opLNJ5T5Ck18YwJafgCH4p
-1BcgR06wuw5ckIuUyUwiakiGINZcrzUnAoRtEKsVi/PQAC+45veo8Lcvwnj5X0vg
-PKudwiJivo7Umvj1xEVyVIy+22cyDk/yLTVI0sS2Kpuwd+PLE16C5+nPr8wKEWqL
-ccotlod4ZDVb6vNU5VRUSu4bSYBry/FbftPNgAwfH8ufSddeJMjTQ+V69XrQZ5Ex
-XJCKYD/1jYIB
+MIIFdjCCA14CCQCeVwANSZmmiDANBgkqhkiG9w0BAQsFADCBhDELMAkGA1UEBhMC
+VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVBhbG8gQWx0bzEVMBMG
+A1UECgwMVk13YXJlLCBJbmMuMQ8wDQYDVQQLDAZIYXJib3IxJDAiBgNVBAMMG1Nl
+bGYtc2lnbmVkIGJ5IFZNd2FyZSwgSW5jLjAeFw0xNzAzMjQwNTMyMDBaFw0yNzAz
+MjIwNTMyMDBaMHUxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIw
+EAYDVQQHDAlQYWxvIEFsdG8xFTATBgNVBAoMDFZNd2FyZSwgSW5jLjEPMA0GA1UE
+CwwGSGFyYm9yMRUwEwYDVQQDDAxub3RhcnlzaWduZXIwggIiMA0GCSqGSIb3DQEB
+AQUAA4ICDwAwggIKAoICAQC6TV2RCoH8d1g6xFvDo4FL9v+pGLe5+bu9ryjTaLbN
+dH/Cmf5/8WrmgJ3vG2Ksk796J7qsVddwvQkZn6NwDm2Tm+ETMCG85yEA3jl4Kr9R
+XfWHYWEavv0vsq6M+bUSSq7VJAhgk4wfx6qJBnFX2qKpODeYLHaHxU1EnIXrStNf
+IqR4Eu0Xre8jAkzrDdaFy/KnX4HGgNdz413CXzBCKEuu3VJj07ZvonnTzOgoLvh8
++PCoQ2M4OBPT9gHqUov1I8nWnrjc+HuM1BW3YIGCB5TV9x0Y7hjvkr4E38gbJURj
+uDwg8jof4lMRmU/FHXFLt1ucGwNFUJdPwI7dyEKRA03Lr7htfP5sa9tmv3L93dKD
+po1gW1LsfiM3Cur5jARM/hBA+eYJr12Laf9oL59r8JmweqF3zRSwGSY336XoR/Fv
+/PAFs9vfKKWZp0uiRtuY9JZNRTF8trnfNf1957bND+DS2HWPmWkw4yK6CGa0s55X
+adiDt4gDFvKjl68dBWZoHutY+cZy/hK1D5uqagcX1kzbr/Pzy1gsq9FBBwaTJqBu
+YIAsSuzP+7NNZXoPd3rg13V93pbZr8eQN5VOQIBZK83xZEtHSJBEdUSuBOo3JS7j
+/rjEnspRqOI4soFnx1vaK0TrRyzJ5KBOuGpW4u8/ZUdIq8KIE30Mj/XI/sgAPr5j
+UQIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQBjqYBm/FRqyMH2hnHA0TMXY/WPufJ8
+TX10daELCAYJCEETXmUt1i7dnFxdAZXTnHENHdNYiS4nGBfqMLmODtcAamcv6Dcl
+JnyQPt3QlCDPKkcHgz3y4tvDDx6M5rFWYzN9QLiWAYrunIk1R4Jj7FODrM6/NODE
+0Mz1czWfsmLfX/jF80SsxnY1DCLKGgo6/RID3xTp4eIMboxCfeH2/yDA+6YPyYbV
+Si4ccwo9Foq0IYU8bimPNTyBQ0N+8ajcn328ql6aazmr894Ch5pWA3Qxaa98FcKS
+zokBvmmCuvCJ9HOmxKWdFEhSRS9GWxn7wg78UIlLP/8RfUrsecBJHgyhWRA7Qs3K
+keiG68Zrhn456IdMxjCZXgJ7gAAe77n4Cz8sFEHAvnAg9JLNEHuEBV5H1Hb7TzET
+k0lPiEY78QjutOpqHsWiagqSjlGEMqKI9c8WxXHh9030T/6NnWkdXFo+4HaEZEpp
+0JryASS53B5SwLIPrn0Y2/io/kRgbglGktPt6Ex0DwW3f96lcz3me34Nw+HOYYnz
+b0cz7JqJZgFXfEnykic3IwZs7m7Xrl9B/vvaVub9Fb5LQ7rIzrO7VkoILov/G41B
+Pd4/kagjXDTWd+UBMvZF6YGjr+TUZi5ooi7bvQ3X6N9WNYKW4a1DOokz9janStiL
+MrTKyOEOBi0Aew==
-----END CERTIFICATE-----
diff --git a/make/common/templates/notary/notary-signer.key b/make/common/templates/notary/notary-signer.key
index 2db6e2ce9..3973cec7b 100644
--- a/make/common/templates/notary/notary-signer.key
+++ b/make/common/templates/notary/notary-signer.key
@@ -1,28 +1,52 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEowIBAAKCAQEA2E7z4r3FPoz11AL3QfGzpuZNdZDMTmhXaQt5Uqo6PAC8a3rA
-ETZckIBtNLcU5Eg7Kg5VANUK/Y+TaVlcZapKsfxJja6aNEkiE8OKo31Xkz+ByYyb
-YRSDCanaXhuwOTUxDoZJu53mSNgZlyn25fEBU7y18tUtAXuiEliqJ7Ek359mRDLF
-OBKqsjsworWlS8Zf99roRfOkrDFNA8leIb9lBbQ+f6B2vP78J/Q9xXJX8aFzZFH5
-aMrOqoCINQmgS0qb/FBVFxI9tqBUsJ7QpmvtWa0NacexS/1kH0FE2UiVFUM6FUMI
-Jwy7/MS1zG4fyNrt9p+LnE23q8IGYe4JdC1NSwIDAQABAoIBAHykYhyRxYrZpv3Y
-B6pUIHVX1+Ka4V98+IFrPynHNW9F7UzxmqNQc95AYq0xojQ4+v6s64ZjPMYHaaYW
-/AsJKamN+sRNjEX8rko9LzIuE7yhp6QABbjXHPsAiPgZdF5CrFX2Q558yinHfFeC
-sualDWK3JxEajaiBGU8BEGt2xAymuWACGblrM1aAEZa8B84TW3CzzcdyzAkn8P3e
-piJCe+DWMc33441r0KlV5GruwF9ewXiWzZtXAOiP/0xEDICFdlFWbO39myMpxDdU
-Y0uZ+zmn2G3gz2tz25thH0Wl7mDQ3AA0VlHurgPBBEekeZPQmjiKW+F4slCzXvuy
-kW/urIECgYEA/LhY+OWlZVXzIEly7z1/cU9/WImqTs2uRKDeQHMwZrd7D9BXkJuQ
-jPN+jZlMYBBrxoaCywbMrgB80Z3MgGHaSx9OIDEZmaxyuQv0zQJCMogysYkbCcaD
-mHYnyAf7OXa708Z168WAisEhrwa/DXBn3/hPoBkrbMsuPF/J+tEP7lsCgYEA2x2g
-86SitgPVeNV3iuZ6D/SV0QIbDWOYoST2GQn2LnfALIOrzpXRClOSQZ2pGtg9gYo1
-owUyyOSv2Fke93p3ufHv3Gqvjl55lzBVV0siHkEXwHcol36DDGQcskVnXJqaL3IF
-tiOisuJS9A7PW7gEi0miyGzzB/kh/IEWHKqLL9ECgYEAoBOFB+MuqMmQftsHWlLx
-7qwUVdidb90IjZ/4J4rPFcESyimFzas8HIv/lWGM5yx/l/iL0F42N+FHLt9tMcTJ
-qNvjeLChLp307RGNtm2/0JJEyf+2iLKdmGz/Nc0YbIWw46vJ9dXcXgeHdn4ndjPF
-GDEI/rfysa7hUoy6O41BMhECgYBPJsLPgHdufLAOeD44pM0PGnFMERCoo4OtImbr
-4JdXbdazvdTASYo7yriYj1VY5yhAtSZu/x+7RjDnXDo9d7XsK6NT4g4Mxb/yh3ks
-kW1/tE/aLLEzGHZKcZeUJlISN57e6Ld7dh/9spf4pajuHuk1T6JH+GNKTAqk5hSQ
-wmKJIQKBgCGBWGvJrCeT5X9oHdrlHj2YoKvIIG1eibagcjcKemD7sWzi7Q4P7JIo
-xeX8K1WVxdBpo4/RiQcGFmwSmSUKwwr1dO00xtjxIl7ip4DU+WAM7CdmcOIOMbr4
-rP9T/wy1ZBkERCIw2ElybTzB8yuOlNLuOMhUeU55xUMFNYYrWEp2
------END RSA PRIVATE KEY-----
-
+-----BEGIN PRIVATE KEY-----
+MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQC6TV2RCoH8d1g6
+xFvDo4FL9v+pGLe5+bu9ryjTaLbNdH/Cmf5/8WrmgJ3vG2Ksk796J7qsVddwvQkZ
+n6NwDm2Tm+ETMCG85yEA3jl4Kr9RXfWHYWEavv0vsq6M+bUSSq7VJAhgk4wfx6qJ
+BnFX2qKpODeYLHaHxU1EnIXrStNfIqR4Eu0Xre8jAkzrDdaFy/KnX4HGgNdz413C
+XzBCKEuu3VJj07ZvonnTzOgoLvh8+PCoQ2M4OBPT9gHqUov1I8nWnrjc+HuM1BW3
+YIGCB5TV9x0Y7hjvkr4E38gbJURjuDwg8jof4lMRmU/FHXFLt1ucGwNFUJdPwI7d
+yEKRA03Lr7htfP5sa9tmv3L93dKDpo1gW1LsfiM3Cur5jARM/hBA+eYJr12Laf9o
+L59r8JmweqF3zRSwGSY336XoR/Fv/PAFs9vfKKWZp0uiRtuY9JZNRTF8trnfNf19
+57bND+DS2HWPmWkw4yK6CGa0s55XadiDt4gDFvKjl68dBWZoHutY+cZy/hK1D5uq
+agcX1kzbr/Pzy1gsq9FBBwaTJqBuYIAsSuzP+7NNZXoPd3rg13V93pbZr8eQN5VO
+QIBZK83xZEtHSJBEdUSuBOo3JS7j/rjEnspRqOI4soFnx1vaK0TrRyzJ5KBOuGpW
+4u8/ZUdIq8KIE30Mj/XI/sgAPr5jUQIDAQABAoICAQCqIgbFcqwcK7zWBgWrFsD3
+53u4J4t4+df6NGB7F9CAtdgKlej1XDl8gI46Em89HLwqyOdPhCD3opoR3Vg69+IX
+f62+gSD+SrA4A7jFxXvryXt0g3hTHYFHssx2j39NUghxOrOvxm6bgxJ4ifqt+Uq8
+cEtM26Xu/T4/3xTpN+7pnVBHGzmLe1q8RNiLe5qhmwtgz/ZKmdSnz0YLQDRo5jWf
+Xhxkb63WKrFIu4JzV9my/v9/GfMdHxD0a196ZqHLX0Buj4pQuVbS18dxLF94qIXC
+FCZtYtpAxmhjOR2btJ/M1S2MBMkR3vRvSOuxHd8d/zdYys5k2WElArs1TDGGDldW
+jp3FYkoygsdWTs056HM1Y9F8dV2KAWfAhEQD8mBIGVjMrCqpnyZcK6JkqVg9c7YW
+IYQ2JRwsHq58FMNa3TLTvf/OClhEfSbRWAF0AhMTpnSUgP06cbJeXyzqzHdE37hv
+74OBx7KNoS+PEQ3lVgbHsWoUzf3SqB1IOzLyzuEUgHqON2GKmmCNcRMBi3DuV9tw
+Q8LWynNxhD8vyBkmo0kAd/FwgXrxJTGdYvxyn29I7QanCTH7o8wtjSE0jj9Qo7oC
+McAYGR6oTAjrT78KhI7aZJU5nuA6ySSCJRa6et1CC+SseWknyMMJ5HTo8l7jjXJA
+9hjNGGs6giOxznizf+2YAQKCAQEA9wRQk4yN402tfuicvfQBnFUtcpqctWSgGc0T
+qzWJgH/W07FMUHzAvqCgsYMMaeteXOMZH7jijvtIlhYfIg5w+RJ9PSsSu680OzGN
+R31+l2B/QzRAHUJ6+OVgWxAn6awU1mYLaiwVmSNWEnjAPE4XeSK708OOganI3pBQ
+8zOHj+j6uV8ddG79D6FqNJHAQwpou/p+XO/BGDFgX22x4F68Z0gCQcmoyAE7ppOp
+dqq3lPoDbRQ02/5cqaIA6dhmfjK2cpz4y1nUxffzY7qJjpoB/YSdR66cCNiYcJzp
+fMVBXhF9Iyj/Cah1w+hc0NOy9dW15afFaLFK0zrtAzEaVxH/0QKCAQEAwRPOwSCl
+XrMYXmc91TF6XbhErILHK/pIEOIMF09KNJvSjY0188Ram/pFbPRYh0cIyASmRGXL
+Qq5B1Qi0vx5TCq1OCrW2yeE7zboAlnADhk1u9N8YmL6JrCKVGQO7wFD3V8uphXdM
+tixNa5WvJ6eE5Vq+SVy99V5pQgb8ErrISlW4MYK7LI7DruSDuM2tHtiOcXcdTVej
+1stXJZkH46RYvxxid9tRzfiB8K5ziZfLwPNf2wRyj1J4ojn5pPNhhfkjJ24LCZGt
+JxwSXqdP+4x7by6x3mU+hutU/lF3jl+0edSnU0cZ6lvuq2T5YGgda/VXlv1ZFQUw
+rwUXD9unU+aLgQKCAQEA9R74/pI5sthAVHFsKStb9dComtNGstI59aCF5h3oZvV1
+Lvj/q9dARWqMS9qplOoV58MMCWikmhJNw3IMTvVZsjBgyzRVEJ4aDKttcQXde0Ys
+w3m0LdTsxtSHu5XapY032FHG/gLlI+Pm48mjqbQsou6OyOOEJLNhO0qmqc/2tB4T
+v6PdTM9enAYnqCcCTQSlTfSTNJJOYT2OTuRB4U7hUvQoGTSOInrmwLRDNBjQuCso
+/zNQCQbu2P6EPYmam5yjZDTUxqZL+G/GvK49Fp9JXlQc5ycke7rD+uwa3s+3wCtG
+rH9gJitfQZrxj+Cj9EOwj0bfJLbac6ZD0CkH5GNeIQKCAQBdoGFOPapzdZ2HicDu
+NQQFlmmWzgQPS1rO9Q6v7v8o67b6dVOIVdsqb/5ii0qyrruPYtHNsR8TwrShvYsI
+cogKUWfawatV0ibR6DSIvuC2q632iIjA6QSRuGNcsfbFl32Z0WTvF57XaDxSw08g
+h5dmMM69fH+REKsyHXj3DCQ8B70+JQrm3IP/t0g4wWQF5TWNyBkpfCoy6n/j94Vf
+2j4+zmDhhjTxEGTSdYYJXtarRllhN5Ll9TQSVtK8LllIQjvNzwsDJOU2ZeJyi+e5
+L7Jbg+U01xuvCUc52/+Bxt8ZhQlu1Le4ccQW0Ows19AMnfhPe6NLEi09cdZxFi7Z
+/J4BAoIBABCzkBDFxZdfWYt69VBt9PSG8eJ6avny3hXCtKaHIQb+aD5nKjRP0DVh
+gyutCo6RasMEc6D1tJGyR/Xvhm64q4JPb5UbSaRQiVYKdgRtMM9pZeBkcBtNs18K
+yMx5ajgYorrbi86hXHX7q+JYP8MCbcqqAUSl/Hi8nPxc1foTiCNDf4kGoHvXmoxt
+0tA65tFFQhEA6KBn68SDkyTsl/zb5Sx0GJY4kZkOeF3GaxPFX12skgXv95GJUskX
+88RJsH4Qqqtzbzj8R241BH8OrcOoyELc6xPioEqUHKVxSIf2ylITbj0UQHd2u0mN
+tajKl+aoc+CDxUYbilzhhKetWWF/cJY=
+-----END PRIVATE KEY-----
diff --git a/make/common/templates/notary/root-ca.crt b/make/common/templates/notary/root-ca.crt
deleted file mode 100644
index c30df3cbf..000000000
--- a/make/common/templates/notary/root-ca.crt
+++ /dev/null
@@ -1,32 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFhjCCA26gAwIBAgIJALJdsE+BUxypMA0GCSqGSIb3DQEBCwUAMF8xCzAJBgNV
-BAYTAlVTMQswCQYDVQQIDAJDQTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzEPMA0G
-A1UECgwGRG9ja2VyMRowGAYDVQQDDBFOb3RhcnkgVGVzdGluZyBDQTAeFw0xNzAx
-MjMwNjAzMzZaFw0yNzAxMjEwNjAzMzZaMF8xCzAJBgNVBAYTAlVTMQswCQYDVQQI
-DAJDQTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzEPMA0GA1UECgwGRG9ja2VyMRow
-GAYDVQQDDBFOb3RhcnkgVGVzdGluZyBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIP
-ADCCAgoCggIBALIZNBcIoQDJql5w+XULXq9W3tmD47xnf+IG4u7hkDVPCT4xRG74
-LBoSuFyPUrfT+tsibMlNG6XRtSfLQdNNeQuyIuiilNXV0kXB0RR3TrhxCaKdhRU5
-oQGfpYMvbPNFB7WU/5aAiQutHH85hEMPECf1qPjq8YlUaXJLGFY3WRkW+OOBZ78U
-00PqKlvC1kR/NbsV3IkMrO+vWWJQrPFusyYjQ511eQXnRtt8P0Qic0azPffQDVxC
-WUe47hmdQ1AULbxQ9AZcPlMI7UFqo+/w/4hPEGJMeOWirLvHLXg4nsOwy7DfWl/n
-MqLdJOC/KNfQVAQtkteeZZkkIIV1gxTPYsJqPNwkP9GdJK1A8NW1ef75v7xbQCPY
-03QQonBEK7ny7b1xXGGgJzXvK9RP0UUwjt/815c4d0cgUHsy4yuvl2F44EObRshk
-fjJVsN/0wrtq4QLE5ZvbeO+7to8dLcRxkmB8axhxahega7akUyY0WxZ+iSn6fzft
-/xeCcs/L10V5z0kK4PbiNnooDzV4B6Dy/5oyNExw0jgpD0mzOK5aLb0tXGqFT/ZJ
-9vydelBq5q4jLV7SHhHM1dBJSv1fl7vOpDlEr7LBd4YAO2BowoyGLHtLhgYybXF+
-CZ9ywPb1dIIcdK5IVeZECNHMSBuhCRZUu+aun8tRcdSgLEX7mQ/GKWELAgMBAAGj
-RTBDMBIGA1UdEwEB/wQIMAYBAf8CAQEwDgYDVR0PAQH/BAQDAgFGMB0GA1UdDgQW
-BBSWWbcCebeEgZlWk2/k+abh+bEFpDANBgkqhkiG9w0BAQsFAAOCAgEAQ9gA3Q4b
-r2+ZJdIDoDzCNdtHQbb/d1NiUP/Na1MFo7omR3MnKGXy3dIp9IrQq6ROhlqUhDvl
-pZegYhTbunTVv1KKJ+5n1hY6pG/Jr8oLY3b9i4qwDLKfQGm5PmrfwAtqbLSfY2M0
-2AZyAhCdGbqB7WpTdG1J7DzGbVVWAtS05e24Mu0qZJvpHdtl4+t89vXgJ/bPrPxF
-cpAlT9DOtobTEqrXZeS937F1qNyIgyBki+7mtxkwng5cf3zQM2BJ9lSFQJOBSRDr
-haMcnaPI4pknO7OfYf5W9LaS1Dx/U/NeMBfnVBd9NjUw+TMjy2MdMLUaLa9EF7Jo
-Gjk+fKaTaUgO8I487wHPMeoEA4A4dEePzGrybRLfl1ZYGQ0xcgunz64n2xfQIy2y
-swiyaofYlLxzHzOL0N+Y76P0ic37t9R2F5ggNhfbXhClK2h4HmdjRRRt3VkxR4AD
-7OM09bEhlZby34HOlCaC0PHKwYBMjneAG3ycPN88YTMYR2/KizExe71ayNwX2KHL
-ib1nOZgZT6s+YvgsZ7lRmMD4iqjuAEh5SRAcWlolVif8bAy09BkY1vwrtgV73q88
-heEbsCE1fsfk1OfH5W4yjjiSDZFRt5oTCPQWJp+2P0RJ9LCxcbf0RrCg3hg5rD9N
-lVTA0dsixv5zF3wTuad9inhk9Rmlq1KoaqA=
------END CERTIFICATE-----
diff --git a/make/common/templates/notary/server-config.json b/make/common/templates/notary/server-config.json
index 8e6af5d22..dc8ffba31 100644
--- a/make/common/templates/notary/server-config.json
+++ b/make/common/templates/notary/server-config.json
@@ -6,7 +6,7 @@
"type": "remote",
"hostname": "notarysigner",
"port": "7899",
- "tls_ca_file": "./root-ca.crt",
+ "tls_ca_file": "./notary-signer-ca.crt",
"key_algorithm": "ecdsa"
},
"logging": {
diff --git a/make/docker-compose.notary.yml b/make/docker-compose.notary.yml
index 0b6340366..102bf3641 100644
--- a/make/docker-compose.notary.yml
+++ b/make/docker-compose.notary.yml
@@ -60,6 +60,8 @@ services:
- TERM=dumb
- MYSQL_ALLOW_EMPTY_PASSWORD="true"
command: mysqld --innodb_file_per_table
+ depends_on:
+ - log
logging:
driver: "syslog"
options:
diff --git a/make/docker-compose.tpl b/make/docker-compose.tpl
index ae8630425..decf381ee 100644
--- a/make/docker-compose.tpl
+++ b/make/docker-compose.tpl
@@ -1,7 +1,7 @@
version: '2'
services:
log:
- image: vmware/harbor-log
+ image: vmware/harbor-log:__version__
container_name: harbor-log
restart: always
volumes:
@@ -11,7 +11,7 @@ services:
networks:
- harbor
registry:
- image: registry:2.6.0
+ image: vmware/registry:photon-2.6.0
container_name: registry
restart: always
volumes:
@@ -31,7 +31,7 @@ services:
syslog-address: "tcp://127.0.0.1:1514"
tag: "registry"
mysql:
- image: vmware/harbor-db
+ image: vmware/harbor-db:__version__
container_name: harbor-db
restart: always
volumes:
@@ -48,7 +48,7 @@ services:
syslog-address: "tcp://127.0.0.1:1514"
tag: "mysql"
adminserver:
- image: vmware/harbor-adminserver
+ image: vmware/harbor-adminserver:__version__
container_name: harbor-adminserver
env_file:
- ./common/config/adminserver/env
@@ -67,7 +67,7 @@ services:
syslog-address: "tcp://127.0.0.1:1514"
tag: "adminserver"
ui:
- image: vmware/harbor-ui
+ image: vmware/harbor-ui:__version__
container_name: harbor-ui
env_file:
- ./common/config/ui/env
@@ -88,7 +88,7 @@ services:
syslog-address: "tcp://127.0.0.1:1514"
tag: "ui"
jobservice:
- image: vmware/harbor-jobservice
+ image: vmware/harbor-jobservice:__version__
container_name: harbor-jobservice
env_file:
- ./common/config/jobservice/env
diff --git a/make/harbor.cfg b/make/harbor.cfg
index 844daa49e..8c9575585 100644
--- a/make/harbor.cfg
+++ b/make/harbor.cfg
@@ -20,19 +20,10 @@ max_job_workers = 3
#Determine whether or not to generate certificate for the registry's token.
#If the value is on, the prepare script creates new root cert and private key
-#for generating token to access the registry. If the value is off, a key/certificate must
-#be supplied for token generation.
+#for generating token to access the registry. If the value is off the default key/cert will be used.
+#This flag also controls the creation of the notary signer's cert.
customize_crt = on
-#Information of your organization for certificate
-crt_country = CN
-crt_state = State
-crt_location = CN
-crt_organization = organization
-crt_organizationalunit = organizational unit
-crt_commonname = example.com
-crt_email = example@example.com
-
#The path of cert and key files for nginx, they are applied only the protocol is set to https
ssl_cert = /data/cert/server.crt
ssl_cert_key = /data/cert/server.key
diff --git a/make/install.sh b/make/install.sh
index 54c2b10be..def0189f0 100755
--- a/make/install.sh
+++ b/make/install.sh
@@ -166,13 +166,13 @@ then
if [ -n "$(docker-compose -f docker-compose.yml -f docker-compose.notary.yml ps -q)" ]
then
note "stopping existing Harbor instance ..."
- docker-compose -f docker-compose.yml -f docker-compose.notary.yml down
+ docker-compose -f docker-compose.yml -f docker-compose.notary.yml down -v
fi
else
if [ -n "$(docker-compose -f docker-compose.yml ps -q)" ]
then
note "stopping existing Harbor instance ..."
- docker-compose -f docker-compose.yml down
+ docker-compose -f docker-compose.yml down -v
fi
fi
echo ""
diff --git a/make/prepare b/make/prepare
index 2d0ddc67a..6a3d34c06 100755
--- a/make/prepare
+++ b/make/prepare
@@ -135,13 +135,6 @@ if protocol == "https":
cert_path = rcp.get("configuration", "ssl_cert")
cert_key_path = rcp.get("configuration", "ssl_cert_key")
customize_crt = rcp.get("configuration", "customize_crt")
-crt_country = rcp.get("configuration", "crt_country")
-crt_state = rcp.get("configuration", "crt_state")
-crt_location = rcp.get("configuration", "crt_location")
-crt_organization = rcp.get("configuration", "crt_organization")
-crt_organizationalunit = rcp.get("configuration", "crt_organizationalunit")
-crt_commonname = rcp.get("configuration", "crt_commonname")
-crt_email = rcp.get("configuration", "crt_email")
max_job_workers = rcp.get("configuration", "max_job_workers")
token_expiration = rcp.get("configuration", "token_expiration")
verify_remote_cert = rcp.get("configuration", "verify_remote_cert")
@@ -262,52 +255,54 @@ FNULL = open(os.devnull, 'w')
from functools import wraps
def stat_decorator(func):
@wraps(func)
- def check_wrapper(*args, **kwargs):
- stat = func(*args, **kwargs)
- message = "Generated configuration file: %s" % kwargs['path'] \
- if stat == 0 else "Fail to generate %s" % kwargs['path']
+ def check_wrapper(*args, **kw):
+ stat = func(*args, **kw)
+ message = "Generated certificate, key file: %s, cert file: %s" % (kw['key_path'], kw['cert_path']) \
+ if stat == 0 else "Fail to generate key file: %s, cert file: %s" % (kw['key_path'], kw['cert_path'])
print(message)
if stat != 0:
sys.exit(1)
return check_wrapper
@stat_decorator
-def check_private_key_stat(*args, **kwargs):
- return subprocess.call(["openssl", "genrsa", "-out", kwargs['path'], "4096"],\
- stdout=FNULL, stderr=subprocess.STDOUT)
+def create_root_cert(subj, key_path="./k.key", cert_path="./cert.crt"):
+ rc = subprocess.call(["openssl", "genrsa", "-out", key_path, "4096"], stdout=FNULL, stderr=subprocess.STDOUT)
+ if rc != 0:
+ return rc
+ return subprocess.call(["openssl", "req", "-new", "-x509", "-key", key_path,\
+ "-out", cert_path, "-days", "3650", "-subj", subj], stdout=FNULL, stderr=subprocess.STDOUT)
@stat_decorator
-def check_certificate_stat(*args, **kwargs):
- dirty_subj = "/C={0}/ST={1}/L={2}/O={3}/OU={4}/CN={5}/emailAddress={6}"\
- .format(crt_country, crt_state, crt_location, crt_organization,\
- crt_organizationalunit, crt_commonname, crt_email)
- subj = validate_crt_subj(dirty_subj)
- return subprocess.call(["openssl", "req", "-new", "-x509", "-key",\
- private_key_pem, "-out", root_crt, "-days", "3650", "-subj", subj], \
- stdout=FNULL, stderr=subprocess.STDOUT)
+def create_cert(subj, ca_key, ca_cert, key_path="./k.key", cert_path="./cert.crt"):
+ cert_dir = os.path.dirname(cert_path)
+ csr_path = os.path.join(cert_dir, "tmp.csr")
+ rc = subprocess.call(["openssl", "req", "-newkey", "rsa:4096", "-nodes","-sha256","-keyout", key_path,\
+ "-out", csr_path, "-subj", subj], stdout=FNULL, stderr=subprocess.STDOUT)
+ if rc != 0:
+ return rc
+ return subprocess.call(["openssl", "x509", "-req", "-days", "3650", "-in", csr_path, "-CA", \
+ ca_cert, "-CAkey", ca_key, "-CAcreateserial", "-out", cert_path], stdout=FNULL, stderr=subprocess.STDOUT)
-def openssl_is_installed(stat):
- if stat == 0:
- return True
- else:
+def openssl_installed():
+ shell_stat = subprocess.check_call(["which", "openssl"], stdout=FNULL, stderr=subprocess.STDOUT)
+ if shell_stat != 0:
print("Cannot find openssl installed in this computer\nUse default SSL certificate file")
return False
+ return True
+
-if customize_crt == 'on':
+if customize_crt == 'on' and openssl_installed():
shell_stat = subprocess.check_call(["which", "openssl"], stdout=FNULL, stderr=subprocess.STDOUT)
- if openssl_is_installed(shell_stat):
- private_key_pem = os.path.join(config_dir, "ui", "private_key.pem")
- root_crt = os.path.join(config_dir, "registry", "root.crt")
-
- check_private_key_stat(path=private_key_pem)
- check_certificate_stat(path=root_crt)
+ empty_subj = "/C=/ST=/L=/O=/CN=/"
+ private_key_pem = os.path.join(config_dir, "ui", "private_key.pem")
+ root_crt = os.path.join(config_dir, "registry", "root.crt")
+ create_root_cert(empty_subj, key_path=private_key_pem, cert_path=root_crt)
else:
- print("Generated configuration file: %s" % ui_config_dir + "private_key.pem")
+ print("Copied configuration file: %s" % ui_config_dir + "private_key.pem")
shutil.copyfile(os.path.join(templates_dir, "ui", "private_key.pem"), os.path.join(ui_config_dir, "private_key.pem"))
- print("Generated configuration file: %s" % registry_config_dir + "root.crt")
+ print("Copied configuration file: %s" % registry_config_dir + "root.crt")
shutil.copyfile(os.path.join(templates_dir, "registry", "root.crt"), os.path.join(registry_config_dir, "root.crt"))
-FNULL.close()
if args.notary_mode:
notary_config_dir = prep_conf_dir(config_dir, "notary")
notary_temp_dir = os.path.join(templates_dir, "notary")
@@ -315,11 +310,27 @@ if args.notary_mode:
if os.path.exists(os.path.join(notary_config_dir, "mysql-initdb.d")):
shutil.rmtree(os.path.join(notary_config_dir, "mysql-initdb.d"))
shutil.copytree(os.path.join(notary_temp_dir, "mysql-initdb.d"), os.path.join(notary_config_dir, "mysql-initdb.d"))
- #TODO:generate certs?
- print("Copying certs for notary signer")
- shutil.copy2(os.path.join(notary_temp_dir, "notary-signer.crt"), notary_config_dir)
- shutil.copy2(os.path.join(notary_temp_dir, "notary-signer.key"), notary_config_dir)
- shutil.copy2(os.path.join(notary_temp_dir, "root-ca.crt"), notary_config_dir)
+ if customize_crt == 'on' and openssl_installed():
+ temp_cert_dir = os.path.join(base_dir, "cert_tmp")
+ if not os.path.exists(temp_cert_dir):
+ os.makedirs(temp_cert_dir)
+ ca_subj = "/C=US/ST=California/L=Palo Alto/O=VMware, Inc./OU=Harbor/CN=Self-signed by VMware, Inc."
+ cert_subj = "/C=US/ST=California/L=Palo Alto/O=VMware, Inc./OU=Harbor/CN=notarysigner"
+ signer_ca_cert = os.path.join(temp_cert_dir, "notary-signer-ca.crt")
+ signer_ca_key = os.path.join(temp_cert_dir, "notary-signer-ca.key")
+ signer_cert_path = os.path.join(temp_cert_dir, "notary-signer.crt")
+ signer_key_path = os.path.join(temp_cert_dir, "notary-signer.key")
+ create_root_cert(ca_subj, key_path=signer_ca_key, cert_path=signer_ca_cert)
+ create_cert(cert_subj, signer_ca_key, signer_ca_cert, key_path=signer_key_path, cert_path=signer_cert_path)
+ print("Copying certs for notary signer")
+ shutil.copy2(signer_cert_path, notary_config_dir)
+ shutil.copy2(signer_key_path, notary_config_dir)
+ shutil.copy2(signer_ca_cert, notary_config_dir)
+ else:
+ print("Copying certs for notary signer")
+ shutil.copy2(os.path.join(notary_temp_dir, "notary-signer.crt"), notary_config_dir)
+ shutil.copy2(os.path.join(notary_temp_dir, "notary-signer.key"), notary_config_dir)
+ shutil.copy2(os.path.join(notary_temp_dir, "notary-signer-ca.crt"), notary_config_dir)
shutil.copy2(os.path.join(registry_config_dir, "root.crt"), notary_config_dir)
print("Copying notary signer configuration file")
@@ -335,6 +346,6 @@ if args.notary_mode:
default_alias = ''.join(random.choice(string.ascii_letters) for i in range(8))
render(os.path.join(notary_temp_dir, "signer_env"), os.path.join(notary_config_dir, "signer_env"), alias = default_alias)
-
+FNULL.close()
print("The configuration files are ready, please use docker-compose to start the service.")
diff --git a/src/ui/views/reset-password-mail.tpl b/src/ui/views/reset-password-mail.tpl
new file mode 100644
index 000000000..31fb438ef
--- /dev/null
+++ b/src/ui/views/reset-password-mail.tpl
@@ -0,0 +1,21 @@
+
+
+
+
+
Please click this link to reset your password:
+ {{.URL}}/reset_password?reset_uuid={{.UUID}}
+
+
diff --git a/src/ui_ng/src/app/base/harbor-shell/harbor-shell.component.ts b/src/ui_ng/src/app/base/harbor-shell/harbor-shell.component.ts
index 765ccf10b..e4c9c56a4 100644
--- a/src/ui_ng/src/app/base/harbor-shell/harbor-shell.component.ts
+++ b/src/ui_ng/src/app/base/harbor-shell/harbor-shell.component.ts
@@ -120,15 +120,8 @@ export class HarborShellComponent implements OnInit, OnDestroy {
//Handle the global search event and then let the result page to trigger api
doSearch(event: string): void {
if (event === "") {
- if (!this.isSearchResultsOpened) {
- //Will not open search result panel if term is empty
- return;
- } else {
- //If opened, then close the search result panel
- this.isSearchResultsOpened = false;
- this.searchResultComponet.close();
- return;
- }
+ //Do nothing
+ return;
}
//Once this method is called
//the search results page must be opened
diff --git a/src/ui_ng/src/app/config/config.component.1.html b/src/ui_ng/src/app/config/config.component.1.html
new file mode 100644
index 000000000..a4be64f0c
--- /dev/null
+++ b/src/ui_ng/src/app/config/config.component.1.html
@@ -0,0 +1,62 @@
+
\ No newline at end of file
diff --git a/src/ui_ng/src/app/config/config.component.html b/src/ui_ng/src/app/config/config.component.html
index 8ab32e45f..9f3656f31 100644
--- a/src/ui_ng/src/app/config/config.component.html
+++ b/src/ui_ng/src/app/config/config.component.html
@@ -1,39 +1,47 @@