Merge pull request #7277 from ninjadq/refactor_config_file

Refactor config file

Makefile

@@ -295,7 +295,7 @@ compile: check_environment versions_prepare compile_core compile_jobservice comp
 
 update_prepare_version:
 	@echo "substitude the prepare version tag in prepare file..."
-	$(SEDCMD) -i -e 's/goharbor\/prepare:.*[[:space:]]\+/goharbor\/prepare:$(VERSIONTAG) /' $(MAKEPATH)/prepare ;
+	@$(SEDCMD) -i -e 's/goharbor\/prepare:.*[[:space:]]\+/goharbor\/prepare:$(VERSIONTAG) /' $(MAKEPATH)/prepare ;
 
 prepare: update_prepare_version
 	@echo "preparing..."
@@ -310,7 +310,7 @@ build:
 
 install: compile ui_version build prepare start
 
-package_online: prepare
+package_online: update_prepare_version
 	@echo "packing online package ..."
 	@cp -r make $(HARBORPKG)
 	@if [ -n "$(REGISTRYSERVER)" ] ; then \

make/harbor.yml

@@ -1,114 +1,93 @@
 ## Configuration file of Harbor
 
-#This attribute is for migrator to detect the version of the .cfg file, DO NOT MODIFY!
-_version: 1.7.0
 #The IP address or hostname to access admin UI and registry service.
 #DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
-#DO NOT comment out this line, modify the value of "hostname" directly, or the installation will fail.
 hostname: reg.mydomain.com
+# core, harbor
+http:
+  port: 80
 
-#The protocol for accessing the UI and token/notification service, by default it is http.
+# https:
-#It can be set to https if ssl is enabled on nginx.
+#   port: 443
-ui_url_protocol: https
+#   #The path of cert and key files for nginx
+#   certificate: /your/certificate/path
+#   private_key: /your/private/key/path
 
-#Maximum number of job workers in job service  
+# Uncomment extearnal_url if you want to enable external proxy
-max_job_workers: 10
+# And when it enabled the hostname will no longger used
+# external_url: https://reg.mydomain.com:8433
+
+# The initial password of Harbor admin
+# It only works in first time to install harbor
+# Remember Change the admin password from UI after launching Harbor.
+harbor_admin_password: Harbor12345
+
+## Harbor DB configuration
+database:
+  #The password for the root user of Harbor DB. Change this before any production use.
+  password: root123
 
 # The default data volume
 data_volume: /data
 
-#The path of cert and key files for nginx, they are applied only the protocol is set to https
+# Harbor Storage settings by default is using /data dir on local filesystem
-ssl_cert: /data/cert/server.crt
+# Uncomment storage_service setting If you want to using external storage
-ssl_cert_key: /data/cert/server.key
+# storage_service:
+#   # ca_bundle is the path to the custom root ca certificate, which will be injected into the truststore
+#   # of registry's and chart repository's containers.  This is usually needed when the user hosts a internal storage with self signed certificate.
+#   ca_bundle:
 
-#The path of secretkey storage
+#   # storage backend, default is filesystem, options include filesystem, azure, gcs, s3, swift and oss
-secretkey_path: /data
+#   # for more info about this configuration please refer https://docs.docker.com/registry/configuration/
+#   filesystem:
+#     maxthreads: 100
 
-#Admiral's url, comment this attribute, or set its value to NA when Harbor is standalone
+# Clair configuration
-admiral_url: NA
+clair: 
+  # The interval of clair updaters, the unit is hour, set to 0 to disable the updaters.
+  updaters_interval: 12
+
+  # Config http proxy for Clair, e.g. http://my.proxy.com:3128
+  # Clair doesn't need to connect to harbor internal components via http proxy.
+  http_proxy:
+  https_proxy:
+  no_proxy: 127.0.0.1,localhost,core,registry
+
+jobservice:
+  # Maximum number of job workers in job service  
+  max_job_workers: 10
 
 # Log configurations
 log:
+  # options are debug, info, warn, error
+  level: info
   # Log files are rotated log_rotate_count times before being removed. If count is 0, old versions are removed rather than rotated.
   rotate_count: 50
   # Log files are rotated only if they grow bigger than log_rotate_size bytes. If size is followed by k, the size is assumed to be in kilobytes. 
   # If the M is used, the size is in megabytes, and if G is used, the size is in gigabytes. So size 100, size 100k, size 100M and size 100G 
   # are all valid.
   rotate_size: 200M
-  # The directory that store log files
+  # The directory on your host that store log
   location: /var/log/harbor
 
-#NOTES: The properties between BEGIN INITIAL PROPERTIES and END INITIAL PROPERTIES
+#This attribute is for migrator to detect the version of the .cfg file, DO NOT MODIFY!
-#only take effect in the first boot, the subsequent changes of these properties 
+_version: 1.7.0
-#should be performed on web ui
 
-##The initial password of Harbor admin, only works for the first time when Harbor starts. 
+# Uncomment external_database if using external database. And the password will replace the the password setting in database.
-#It has no effect after the first launch of Harbor.
+# And currently ontly support postgres.
-#Change the admin password from UI after launching Harbor.
+# external_database:
-harbor_admin_password: Harbor12345
+#   host: postgresql
+#   port: 5432
+#   username: postgres
+#   password: root123
+#   ssl_mode: disable
 
-## Harbor DB configuration
+# Umcomments external_redis if using external Redis server
-database:
+# external_redis:
-  #The address of the Harbor database. Only need to change when using external db.
+#   host: redis
-  host: postgresql
+#   port: 6379
-  #The port of Harbor database host
+#   password:
-  port: 5432
+#   # db_index 0 is for core, it's unchangeable
-  #The user name of Harbor database
+#   registry_db_index: 1
-  username: postgres
+#   jobservice_db_index: 2
-  #The password for the root user of Harbor DB. Change this before any production use.
+#   chartmuseum_db_index: 3
-  password: root123
-
-
-# Redis server configuration
-redis:
-  # Redis connection address
-  host: redis
-  # Redis connection port
-  port: 6379
-  # Redis connection password
-  password:
-  # Redis connection db index
-  # db_index 1,2,3 is for registry, jobservice and chartmuseum. 
-  # db_index 0 is for UI, it's unchangeable
-  db_index: 1,2,3
-
-
-# Clair DB configuration
-clair: 
-  # Clair DB host address. Only change it when using an exteral DB.
-  db_host: postgresql
-  # The password of the Clair's postgres database. Only effective when Harbor is deployed with Clair.
-  # Please update it before deployment. Subsequent update will cause Clair's API server and Harbor unable to access Clair's database.
-  db_password: root123
-  # Clair DB connect port
-  db_port: 5432
-  # Clair DB username
-  db_username: postgres
-  # Clair default database
-  db: postgres
-  # The interval of clair updaters, the unit is hour, set to 0 to disable the updaters.
-  updaters_interval: 12
-
-  #Config http proxy for Clair, e.g. http://my.proxy.com:3128
-  #Clair doesn't need to connect to harbor internal components via http proxy.
-  http_proxy:
-  https_proxy:
-  no_proxy: 127.0.0.1,localhost,core,registry
-
-# Harbor Storage settings
-storage:
-  #Please be aware that the following storage settings will be applied to both docker registry and helm chart repository.
-  #registry_storage_provider can be: filesystem, s3, gcs, azure, etc.
-  registry_storage_provider_name: filesystem
-  #registry_storage_provider_config is a comma separated "key: value" pairs, e.g. "key1: value, key2: value2".
-  #To avoid duplicated configurations, both docker registry and chart repository follow the same storage configuration specifications of docker registry.
-  #Refer to https://docs.docker.com/registry/configuration/#storage for all available configuration.
-  registry_storage_provider_config:
-  #registry_custom_ca_bundle is the path to the custom root ca certificate, which will be injected into the truststore
-  #of registry's and chart repository's containers.  This is usually needed when the user hosts a internal storage with self signed certificate.
-  registry_custom_ca_bundle:
-
-#If reload_config=true, all settings which present in harbor.yml take effect after prepare and restart harbor, it overwrites exsiting settings.
-#reload_config=true
-#Regular expression to match skipped environment variables
-#skip_reload_env_pattern: (^EMAIL.*)|(^LDAP.*)

make/install.sh

@@ -192,9 +192,9 @@ docker-compose up -d
 protocol=http
 hostname=reg.mydomain.com
 
-if [[ $(cat ./harbor.yml) =~ ui_url_protocol:[[:blank:]]*(https?) ]]
+if [ -n "$(grep '^[^#]*https:' ./harbor.yml)"]
 then
-protocol=${BASH_REMATCH[1]}
+protocol=https
 fi
 
 if [[ $(grep '^[[:blank:]]*hostname:' ./harbor.yml) =~ hostname:[[:blank:]]*(.*) ]]

make/photon/prepare/g.py

@@ -20,10 +20,8 @@ private_key_pem_path = Path('/secret/core/private_key.pem')
 root_crt_path = Path('/secret/registry/root.crt')
 
 config_file_path = '/compose_location/harbor.yml'
+input_config_path = '/input/harbor.yml'
 versions_file_path = Path('/usr/src/app/versions')
 
 cert_dir = os.path.join(config_dir, "nginx", "cert")
 core_cert_dir = os.path.join(config_dir, "core", "certificates")
-
-registry_custom_ca_bundle_storage_path = Path('/secret/common/custom-ca-bundle.crt')
-registry_custom_ca_bundle_storage_input_path = Path('/input/common/custom-ca-bundle.crt')

make/photon/prepare/main.py

@@ -4,7 +4,7 @@ import click
 
 from utils.misc import delfile
 from utils.configs import validate, parse_yaml_config
-from utils.cert import prepare_ca, SSL_CERT_KEY_PATH, SSL_CERT_PATH, get_secret_key, copy_ssl_cert, copy_secret_keys
+from utils.cert import prepare_ca, SSL_CERT_KEY_PATH, SSL_CERT_PATH, get_secret_key
 from utils.db import prepare_db
 from utils.jobservice import prepare_job_service
 from utils.registry import prepare_registry
@@ -16,13 +16,12 @@ from utils.clair import prepare_clair
 from utils.chart import prepare_chartmuseum
 from utils.docker_compose import prepare_docker_compose
 from utils.nginx import prepare_nginx, nginx_confd_dir
-from g import (config_dir, config_file_path, private_key_pem_path, root_crt_path,
+from g import (config_dir, input_config_path, private_key_pem_path, root_crt_path, secret_key_dir,
-registry_custom_ca_bundle_storage_path, registry_custom_ca_bundle_storage_input_path, secret_key_dir,
 old_private_key_pem_path, old_crt_path)
 
 # Main function
 @click.command()
-@click.option('--conf', default=config_file_path, help="the path of Harbor configuration file")
+@click.option('--conf', default=input_config_path, help="the path of Harbor configuration file")
 @click.option('--with-notary', is_flag=True, help="the Harbor instance is to be deployed with notary")
 @click.option('--with-clair', is_flag=True, help="the Harbor instance is to be deployed with clair")
 @click.option('--with-chartmuseum', is_flag=True, help="the Harbor instance is to be deployed with chart repository supporting")
@@ -40,21 +39,14 @@ def main(conf, with_notary, with_clair, with_chartmuseum):
     prepare_db(config_dict)
     prepare_job_service(config_dict)
 
-    copy_secret_keys()
     get_secret_key(secret_key_dir)
 
-    if config_dict['protocol'] == 'https':
-        copy_ssl_cert()
-
     #  If Customized cert enabled
     prepare_ca(
         private_key_pem_path=private_key_pem_path,
         root_crt_path=root_crt_path,
         old_private_key_pem_path=old_private_key_pem_path,
-        old_crt_path=old_crt_path,
+        old_crt_path=old_crt_path)
-        registry_custom_ca_bundle_config=registry_custom_ca_bundle_storage_input_path,
-        registry_custom_ca_bundle_storage_path=registry_custom_ca_bundle_storage_path)
-
     if with_notary:
         prepare_notary(config_dict, nginx_confd_dir, SSL_CERT_PATH, SSL_CERT_KEY_PATH)
 

make/photon/prepare/templates/core/config_env.jinja

@@ -1,16 +1,6 @@
 PORT=8080
-LOG_LEVEL=info
+LOG_LEVEL={{log_level}}
 EXT_ENDPOINT={{public_url}}
-SELF_REGISTRATION={{self_registration}}
-LDAP_URL={{ldap_url}}
-LDAP_SEARCH_DN={{ldap_searchdn}}
-LDAP_SEARCH_PWD={{ldap_search_pwd}}
-LDAP_BASE_DN={{ldap_basedn}}
-LDAP_FILTER={{ldap_filter}}
-LDAP_UID={{ldap_uid}}
-LDAP_SCOPE={{ldap_scope}}
-LDAP_TIMEOUT={{ldap_timeout}}
-LDAP_VERIFY_CERT={{ldap_verify_cert}}
 DATABASE_TYPE=postgresql
 POSTGRESQL_HOST={{db_host}}
 POSTGRESQL_PORT={{db_port}}
@@ -18,50 +8,29 @@ POSTGRESQL_USERNAME={{db_user}}
 POSTGRESQL_PASSWORD={{db_password}}
 POSTGRESQL_DATABASE=registry
 POSTGRESQL_SSLMODE=disable
-LDAP_GROUP_BASEDN={{ldap_group_basedn}}
-LDAP_GROUP_FILTER={{ldap_group_filter}}
-LDAP_GROUP_GID={{ldap_group_gid}}
-LDAP_GROUP_SCOPE={{ldap_group_scope}}
 REGISTRY_URL={{registry_url}}
 TOKEN_SERVICE_URL={{token_service_url}}
-EMAIL_HOST={{email_host}}
-EMAIL_PORT={{email_port}}
-EMAIL_USR={{email_usr}}
-EMAIL_PWD={{email_pwd}}
-EMAIL_SSL={{email_ssl}}
-EMAIL_FROM={{email_from}}
-EMAIL_IDENTITY={{email_identity}}
-EMAIL_INSECURE={{email_insecure}}
 HARBOR_ADMIN_PASSWORD={{harbor_admin_password}}
-PROJECT_CREATION_RESTRICTION={{project_creation_restriction}}
 MAX_JOB_WORKERS={{max_job_workers}}
 CORE_SECRET={{core_secret}}
 JOBSERVICE_SECRET={{jobservice_secret}}
-TOKEN_EXPIRATION={{token_expiration}}
 CFG_EXPIRATION=5
 ADMIRAL_URL={{admiral_url}}
 WITH_NOTARY={{with_notary}}
 WITH_CLAIR={{with_clair}}
-CLAIR_DB_PASSWORD={{clair_db_password}}
+CLAIR_DB_PASSWORD={{db_password}}
-CLAIR_DB_HOST={{clair_db_host}}
+CLAIR_DB_HOST={{db_host}}
-CLAIR_DB_PORT={{clair_db_port}}
+CLAIR_DB_PORT={{db_port}}
-CLAIR_DB_USERNAME={{clair_db_username}}
+CLAIR_DB_USERNAME={{db_user}}
 CLAIR_DB={{clair_db}}
 CLAIR_DB_SSLMODE=disable
-RESET={{reload_config}}
-UAA_ENDPOINT={{uaa_endpoint}}
-UAA_CLIENTID={{uaa_clientid}}
-UAA_CLIENTSECRET={{uaa_clientsecret}}
-UAA_VERIFY_CERT={{uaa_verify_cert}}
 CORE_URL={{core_url}}
 JOBSERVICE_URL={{jobservice_url}}
 CLAIR_URL={{clair_url}}
 NOTARY_URL={{notary_url}}
 REGISTRY_STORAGE_PROVIDER_NAME={{storage_provider_name}}
 READ_ONLY=false
-SKIP_RELOAD_ENV_PATTERN={{skip_reload_env_pattern}}
 RELOAD_KEY={{reload_key}}
 CHART_REPOSITORY_URL={{chart_repository_url}}
-LDAP_GROUP_ADMIN_DN={{ldap_group_admin_dn}}
 REGISTRY_CONTROLLER_URL={{registry_controller_url}}
 WITH_CHARTMUSEUM={{with_chartmuseum}}

make/photon/prepare/templates/docker_compose/docker-compose.yml.jinja

@@ -33,8 +33,11 @@ services:
       - {{data_volume}}/registry:/storage:z
       - ./common/config/registry/:/etc/registry/:z
       - {{data_volume}}/secret/registry/root.crt:/etc/registry/root.crt:z
-{%if registry_custom_ca_bundle_storage_path %}
+{% if gcs_keyfile %}
-      - {{data_volume}}/secret/common/custom-ca-bundle.crt:/harbor_cust_cert/custom-ca-bundle.crt:z
+      - {{gcs_keyfile}}:/etc/registry/gcs.key
+{% endif %}
+{%if registry_custom_ca_bundle_path %}
+      - {{registry_custom_ca_bundle_path}}:/harbor_cust_cert/custom-ca-bundle.crt:z
 {% endif %}
     networks:
       - harbor
@@ -247,8 +250,8 @@ services:
     volumes:
       - ./common/config/nginx:/etc/nginx:z
 {% if protocol == 'https' %}
-      - {{data_volume}}/secret/nginx/server.key:/etc/nginx/cert/server.key
+      - {{cert_key_path}}:/etc/nginx/cert/server.key:z
-      - {{data_volume}}/secret/nginx/server.crt:/etc/nginx/cert/server.crt
+      - {{cert_path}}:/etc/nginx/cert/server.crt:z
 {% endif %}
     networks:
       - harbor
@@ -257,8 +260,8 @@ services:
 {% endif %}
     dns_search: .
     ports:
-      - 80:80
+      - {{http_port}}:80
-      - 443:443
+      - {{https_port}}:443
       - 4443:4443
     depends_on:
       - postgresql
@@ -337,8 +340,8 @@ services:
       - postgresql
     volumes:
       - ./common/config/clair/config.yaml:/etc/clair/config.yaml:z
-{%if registry_custom_ca_bundle_storage_path %}
+{%if registry_custom_ca_bundle_path %}
-      - {{data_volume}}/secret/common/custom-ca-bundle.crt:/harbor_cust_cert/custom-ca-bundle.crt:z
+      - {{registry_custom_ca_bundle_path}}:/harbor_cust_cert/custom-ca-bundle.crt:z
 {% endif %}
     logging:
       driver: "syslog"
@@ -368,8 +371,8 @@ services:
     volumes:
       - {{data_volume}}/chart_storage:/chart_storage:z
       - ./common/config/chartserver:/etc/chartserver:z
-{%if registry_custom_ca_bundle_storage_path %}
+{%if registry_custom_ca_bundle_path %}
-      - {{data_volume}}/secret/common/custom-ca-bundle.crt:/harbor_cust_cert/custom-ca-bundle.crt:z
+      - {{registry_custom_ca_bundle_path}}:/harbor_cust_cert/custom-ca-bundle.crt:z
 {% endif %}
     logging:
       driver: "syslog"

make/photon/prepare/templates/registry/config.yml.jinja

@@ -1,6 +1,6 @@
 version: 0.1
 log:
-  level: info
+  level: {{log_level}}
   fields:
     service: registry
 storage:

make/photon/prepare/utils/cert.py

@@ -10,16 +10,11 @@ from .misc import generate_random_string
 SSL_CERT_PATH = os.path.join("/etc/nginx/cert", "server.crt")
 SSL_CERT_KEY_PATH = os.path.join("/etc/nginx/cert", "server.key")
 
-input_cert = '/input/nginx/server.crt'
-input_cert_key = '/input/nginx/server.key'
-
 secret_cert_dir = '/secret/nginx'
 secret_cert = '/secret/nginx/server.crt'
 secret_cert_key = '/secret/nginx/server.key'
 
-input_secret_keys_dir = '/input/keys'
 secret_keys_dir = '/secret/keys'
-allowed_secret_key_names = ['defaultalias', 'secretkey']
 
 def _get_secret(folder, filename, length=16):
     key_file = os.path.join(folder, filename)
@@ -50,26 +45,6 @@ def get_alias(path):
     alias = _get_secret(path, "defaultalias", length=8)
     return alias
 
-def copy_secret_keys():
-    """
-    Copy the secret keys, which used for encrypt user password, from input keys dir to secret keys dir
-    """
-    if os.path.isdir(input_secret_keys_dir) and os.path.isdir(secret_keys_dir):
-        input_files = os.listdir(input_secret_keys_dir)
-        secret_files = os.listdir(secret_keys_dir)
-        files_need_copy =  [x for x in input_files if (x in allowed_secret_key_names) and (x not in secret_files) ]
-        for f in files_need_copy:
-            shutil.copy(f, secret_keys_dir)
-
-def copy_ssl_cert():
-    """
-    Copy the ssl certs key paris, which used in nginx ssl certificate, from input dir to secret cert dir
-    """
-    if os.path.isfile(input_cert_key) and os.path.isfile(input_cert):
-        os.makedirs(secret_cert_dir, exist_ok=True)
-        shutil.copy(input_cert, secret_cert)
-        shutil.copy(input_cert_key, secret_cert_key)
-
 ## decorator actions
 def stat_decorator(func):
     @wraps(func)
@@ -115,9 +90,7 @@ def prepare_ca(
     private_key_pem_path: Path,
     root_crt_path: Path,
     old_private_key_pem_path: Path,
-    old_crt_path: Path,
+    old_crt_path: Path):
-    registry_custom_ca_bundle_config: Path,
-    registry_custom_ca_bundle_storage_path: Path):
     if not ( private_key_pem_path.exists() and root_crt_path.exists() ):
         # From version 1.8 the cert storage path is changed
         # if old key paris not exist create new ones
@@ -133,10 +106,3 @@ def prepare_ca(
         else:
             shutil.move(old_crt_path, root_crt_path)
             shutil.move(old_private_key_pem_path, private_key_pem_path)
-
-
-    if not registry_custom_ca_bundle_storage_path.exists() and registry_custom_ca_bundle_config.exists():
-        registry_custom_ca_bundle_storage_path.parent.mkdir(parents=True, exist_ok=True)
-        shutil.copyfile(registry_custom_ca_bundle_config, registry_custom_ca_bundle_storage_path)
-        mark_file(registry_custom_ca_bundle_storage_path)
-        print("Copied custom ca bundle: %s" % registry_custom_ca_bundle_config)

make/photon/prepare/utils/chart.py

@@ -24,11 +24,6 @@ def prepare_chartmuseum(config_dict):
         print ("Create config folder: %s" % chartm_config_dir)
         os.makedirs(chartm_config_dir)
 
-    # handle custom ca bundle
-    if len(registry_custom_ca_bundle_path) > 0 and os.path.isfile(registry_custom_ca_bundle_path):
-        shutil.copyfile(registry_custom_ca_bundle_path, os.path.join(chartm_config_dir, "custom-ca-bundle.crt"))
-        print("Copied custom ca bundle: %s" % os.path.join(chartm_config_dir, "custom-ca-bundle.crt"))
-
     # process redis info
     cache_store = "redis"
     cache_redis_password = redis_password
@@ -42,18 +37,9 @@ def prepare_chartmuseum(config_dict):
     # storage provider configurations
     # please be aware that, we do not check the validations of the values for the specified keys
     # convert the configs to config map
-    storage_provider_configs = storage_provider_config.split(",")
+    storgae_provider_confg_map = storage_provider_config
-    storgae_provider_confg_map = {}
     storage_provider_config_options = []
 
-    for k_v in storage_provider_configs:
-        if len(k_v) > 0:
-            kvs = k_v.split(": ") # add space suffix to avoid existing ":" in the value
-            if len(kvs) == 2:
-                #key must not be empty
-                if kvs[0].strip() != "":
-                    storgae_provider_confg_map[kvs[0].strip()] = kvs[1].strip()
-
     if storage_provider_name == "s3":
         # aws s3 storage
         storage_driver = "amazon"

make/photon/prepare/utils/clair.py

@@ -27,17 +27,17 @@ def prepare_clair(config_dict):
     render_jinja(
         postgres_env_template,
         postgres_env_path,
-        password=config_dict['clair_db_password'])
+        password=config_dict['db_password'])
 
     render_jinja(
         clair_config_template,
         clair_config_path,
         uid=DEFAULT_UID,
         gid=DEFAULT_GID,
-        password= config_dict['clair_db_password'],
+        password= config_dict['db_password'],
-        username= config_dict['clair_db_username'],
+        username= config_dict['db_user'],
-        host= config_dict['clair_db_host'],
+        host= config_dict['db_host'],
-        port= config_dict['clair_db_port'],
+        port= config_dict['db_port'],
         dbname= config_dict['clair_db'],
         interval= config_dict['clair_updaters_interval'])
 

make/photon/prepare/utils/configs.py

@@ -37,10 +37,6 @@ def validate(conf, **kwargs):
         raise Exception(
             "Error: redis_port in harbor.cfg needs to point to the port of Redis server or cluster.")
 
-    redis_db_index = conf.get("redis_db_index")
-    if len(redis_db_index.split(",")) != 3:
-        raise Exception(
-             "Error invalid value for redis_db_index: %s. please set it as 1,2,3" % redis_db_index)
 
 def parse_versions():
     if not versions_file_path.is_file():
@@ -58,137 +54,127 @@ def parse_yaml_config(config_file_path):
     with open(config_file_path) as f:
         configs = yaml.load(f)
 
-    config_dict = {}
+    config_dict = {
-    config_dict['adminserver_url'] = "http://adminserver:8080"
+        'adminserver_url': "http://adminserver:8080",
-    config_dict['registry_url'] = "http://registry:5000"
+        'registry_url': "http://registry:5000",
-    config_dict['registry_controller_url'] = "http://registryctl:8080"
+        'registry_controller_url': "http://registryctl:8080",
-    config_dict['core_url'] = "http://core:8080"
+        'core_url': "http://core:8080",
-    config_dict['token_service_url'] = "http://core:8080/service/token"
+        'token_service_url': "http://core:8080/service/token",
+        'jobservice_url': 'http://jobservice:8080',
+        'clair_url': 'http://clair:6060',
+        'notary_url': 'http://notary-server:4443',
+        'chart_repository_url': 'http://chartmuseum:9999'
+    }
 
-    config_dict['jobservice_url'] = "http://jobservice:8080"
+    config_dict['hostname'] = configs["hostname"]
-    config_dict['clair_url'] = "http://clair:6060"
-    config_dict['notary_url'] = "http://notary-server:4443"
-    config_dict['chart_repository_url'] = "http://chartmuseum:9999"
 
-    if configs.get("reload_config"):
+    config_dict['protocol'] = 'http'
-        config_dict['reload_config'] = configs.get("reload_config")
+    http_config = configs.get('http') or {}
-    else:
+    config_dict['http_port'] = http_config.get('port', 80)
-        config_dict['reload_config'] = "false"
 
-    config_dict['hostname'] = configs.get("hostname")
+    https_config = configs.get('https')
-    config_dict['protocol'] = configs.get("ui_url_protocol")
+    if https_config:
-    config_dict['public_url'] = config_dict['protocol'] + "://" + config_dict['hostname']
+        config_dict['protocol'] = 'https'
+        config_dict['https_port'] = https_config.get('port', 443)
+        config_dict['cert_path'] = https_config["certificate"]
+        config_dict['cert_key_path'] = https_config["private_key"]
 
-    # Data path volume
+    config_dict['public_url'] = configs.get('external_url') or '{protocol}://{hostname}'.format(**config_dict)
-    config_dict['data_volume'] = configs.get("data_volume")
-
-    # Email related configs
-    config_dict['email_identity'] = configs.get("email_identity")
-    config_dict['email_host'] = configs.get("email_server")
-    config_dict['email_port'] = configs.get("email_server_port")
-    config_dict['email_usr'] = configs.get("email_username")
-    config_dict['email_pwd'] = configs.get("email_password")
-    config_dict['email_from'] = configs.get("email_from")
-    config_dict['email_ssl'] = configs.get("email_ssl")
-    config_dict['email_insecure'] = configs.get("email_insecure")
-    config_dict['harbor_admin_password'] = configs.get("harbor_admin_password")
-    config_dict['auth_mode'] = configs.get("auth_mode")
-    config_dict['ldap_url'] = configs.get("ldap_url")
-
-    # LDAP related configs
-    # this two options are either both set or unset
-    if configs.get("ldap_searchdn"):
-        config_dict['ldap_searchdn'] = configs["ldap_searchdn"]
-        config_dict['ldap_search_pwd'] = configs["ldap_search_pwd"]
-    else:
-        config_dict['ldap_searchdn'] = ""
-        config_dict['ldap_search_pwd'] = ""
-    config_dict['ldap_basedn'] = configs.get("ldap_basedn")
-    # ldap_filter is null by default
-    if configs.get("ldap_filter"):
-        config_dict['ldap_filter'] = configs["ldap_filter"]
-    else:
-        config_dict['ldap_filter'] = ""
-    config_dict['ldap_uid'] = configs.get("ldap_uid")
-    config_dict['ldap_scope'] = configs.get("ldap_scope")
-    config_dict['ldap_timeout'] = configs.get("ldap_timeout")
-    config_dict['ldap_verify_cert'] = configs.get("ldap_verify_cert")
-    config_dict['ldap_group_basedn'] = configs.get("ldap_group_basedn")
-    config_dict['ldap_group_filter'] = configs.get("ldap_group_filter")
-    config_dict['ldap_group_gid'] = configs.get("ldap_group_gid")
-    config_dict['ldap_group_scope'] = configs.get("ldap_group_scope")
-    # Admin dn
-    config_dict['ldap_group_admin_dn'] = configs.get("ldap_group_admin_dn") or ''
 
     # DB configs
     db_configs = configs.get('database')
-    config_dict['db_host'] = db_configs.get("host")
+    if db_configs:
-    config_dict['db_port'] = db_configs.get("port")
+        config_dict['db_host'] = 'postgresql'
-    config_dict['db_user'] = db_configs.get("username")
+        config_dict['db_port'] = 5432
-    config_dict['db_password'] = db_configs.get("password")
+        config_dict['db_user'] = 'postgres'
+        config_dict['db_password'] = db_configs.get("password") or ''
+        config_dict['ssl_mode'] = 'disable'
 
-    config_dict['self_registration'] = configs.get("self_registration")
-    config_dict['project_creation_restriction'] = configs.get("project_creation_restriction")
 
-    # secure configs
+    # Data path volume
-    if config_dict['protocol'] == "https":
+    config_dict['data_volume'] = configs['data_volume']
-        config_dict['cert_path'] = configs.get("ssl_cert")
-        config_dict['cert_key_path'] = configs.get("ssl_cert_key")
-    config_dict['customize_crt'] = configs.get("customize_crt")
-    config_dict['max_job_workers'] = configs.get("max_job_workers")
-    config_dict['token_expiration'] = configs.get("token_expiration")
 
-    config_dict['secretkey_path'] = configs["secretkey_path"]
+    # Initial Admin Password
-     # Admiral configs
+    config_dict['harbor_admin_password'] = configs["harbor_admin_password"]
-    if configs.get("admiral_url"):
+
-        config_dict['admiral_url'] = configs["admiral_url"]
+    # Registry storage configs
+    storage_config = configs.get('storage_service') or {}
+
+    config_dict['registry_custom_ca_bundle_path'] = storage_config.get('ca_bundle') or ''
+
+    if storage_config.get('filesystem'):
+        config_dict['storage_provider_name'] = 'filesystem'
+        config_dict['storage_provider_config'] = storage_config['filesystem']
+    elif storage_config.get('azure'):
+        config_dict['storage_provider_name'] = 'azure'
+        config_dict['storage_provider_config'] = storage_config['azure']
+    elif storage_config.get('gcs'):
+        config_dict['storage_provider_name'] = 'gcs'
+        config_dict['storage_provider_config'] = storage_config['gcs']
+    elif storage_config.get('s3'):
+        config_dict['storage_provider_name'] = 's3'
+        config_dict['storage_provider_config'] = storage_config['s3']
+    elif storage_config.get('swift'):
+        config_dict['storage_provider_name'] = 'swift'
+        config_dict['storage_provider_config'] = storage_config['swift']
+    elif storage_config.get('oss'):
+        config_dict['storage_provider_name'] = 'oss'
+        config_dict['storage_provider_config'] = storage_config['oss']
     else:
-        config_dict['admiral_url'] = ""
+        config_dict['storage_provider_name'] = 'filesystem'
+        config_dict['storage_provider_config'] = {}
 
     # Clair configs
     clair_configs = configs.get("clair") or {}
-    config_dict['clair_db_password'] = clair_configs.get("db_password") or ''
+    config_dict['clair_db'] = 'postgres'
-    config_dict['clair_db_host'] = clair_configs.get("db_host") or ''
+    config_dict['clair_updaters_interval'] = clair_configs.get("updaters_interval") or 12
-    config_dict['clair_db_port'] = clair_configs.get("db_port") or ''
-    config_dict['clair_db_username'] = clair_configs.get("db_username") or ''
-    config_dict['clair_db'] = clair_configs.get("db") or ''
-    config_dict['clair_updaters_interval'] = clair_configs.get("updaters_interval") or ''
     config_dict['clair_http_proxy'] = clair_configs.get('http_proxy') or ''
     config_dict['clair_https_proxy'] = clair_configs.get('https_proxy') or ''
-    config_dict['clair_no_proxy'] = clair_configs.get('no_proxy') or ''
+    config_dict['clair_no_proxy'] = clair_configs.get('no_proxy') or '127.0.0.1,localhost,core,registry'
+
+    # jobservice config
+    js_config = configs.get('jobservice') or {}
+    config_dict['max_job_workers'] = js_config["max_job_workers"]
+    config_dict['jobservice_secret'] = generate_random_string(16)
 
-    # UAA configs
-    config_dict['uaa_endpoint'] = configs.get("uaa_endpoint")
-    config_dict['uaa_clientid'] = configs.get("uaa_clientid")
-    config_dict['uaa_clientsecret'] = configs.get("uaa_clientsecret")
-    config_dict['uaa_verify_cert'] = configs.get("uaa_verify_cert")
-    config_dict['uaa_ca_cert'] = configs.get("uaa_ca_cert")
 
     # Log configs
     log_configs = configs.get('log') or {}
-    config_dict['log_location'] = log_configs.get("location")
+    config_dict['log_location'] = log_configs["location"]
-    config_dict['log_rotate_count'] = log_configs.get("rotate_count")
+    config_dict['log_rotate_count'] = log_configs["rotate_count"]
-    config_dict['log_rotate_size'] = log_configs.get("rotate_size")
+    config_dict['log_rotate_size'] = log_configs["rotate_size"]
+    config_dict['log_level'] = log_configs['level']
 
-    # Redis configs
+
-    redis_configs = configs.get("redis")
+    # external DB, if external_db enabled, it will cover the database config
+    external_db_configs = configs.get('external_database') or {}
+    if external_db_configs:
+        config_dict['db_password'] = external_db_configs.get('password') or ''
+        config_dict['db_host'] = external_db_configs['host']
+        config_dict['db_port'] = external_db_configs['port']
+        config_dict['db_user'] = db_configs['username']
+        if external_db_configs.get('ssl_mode'):
+            config_dict['db_ssl_mode'] = external_db_configs['ssl_mode']
+
+
+    # redis config
+    redis_configs = configs.get("external_redis")
     if redis_configs:
-        config_dict['redis_host'] = redis_configs.get("host") or ''
+        # using external_redis
-        config_dict['redis_port'] = redis_configs.get("port") or ''
+        config_dict['redis_host'] = redis_configs['host']
+        config_dict['redis_port'] = redis_configs['port']
         config_dict['redis_password'] = redis_configs.get("password") or ''
-        config_dict['redis_db_index'] = redis_configs.get("db_index") or ''
+        config_dict['redis_db_index_reg'] = redis_configs.get('registry_db_index') or 1
-        db_indexs = config_dict['redis_db_index'].split(',')
+        config_dict['redis_db_index_js'] = redis_configs.get('jobservice_db_index') or 2
-        config_dict['redis_db_index_reg'] = db_indexs[0]
+        config_dict['redis_db_index_chart'] = redis_configs.get('chartmuseum_db_index') or 3
-        config_dict['redis_db_index_js'] = db_indexs[1]
-        config_dict['redis_db_index_chart'] = db_indexs[2]
     else:
-        config_dict['redis_host'] = ''
+        ## Using local redis
-        config_dict['redis_port'] = ''
+        config_dict['redis_host'] = 'redis'
+        config_dict['redis_port'] = 6379
         config_dict['redis_password'] = ''
-        config_dict['redis_db_index'] = ''
+        config_dict['redis_db_index_reg'] = 1
-        config_dict['redis_db_index_reg'] = ''
+        config_dict['redis_db_index_js'] = 2
-        config_dict['redis_db_index_js'] = ''
+        config_dict['redis_db_index_chart'] = 3
-        config_dict['redis_db_index_chart'] = ''
 
     # redis://[arbitrary_username:password@]ipaddress:port/database_index
     if config_dict.get('redis_password'):
@@ -198,26 +184,10 @@ def parse_yaml_config(config_file_path):
         config_dict['redis_url_js'] = "redis://%s:%s/%s" % (config_dict['redis_host'], config_dict['redis_port'], config_dict['redis_db_index_js'])
         config_dict['redis_url_reg'] = "redis://%s:%s/%s" % (config_dict['redis_host'], config_dict['redis_port'], config_dict['redis_db_index_reg'])
 
-    if configs.get("skip_reload_env_pattern"):
+    # auto generated secret string for core
-        config_dict['skip_reload_env_pattern'] = configs["skip_reload_env_pattern"]
-    else:
-        config_dict['skip_reload_env_pattern'] = "$^"
-
-    # Registry storage configs
-    storage_config = configs.get('storage')
-    if storage_config:
-        config_dict['storage_provider_name'] = storage_config.get("registry_storage_provider_name") or ''
-        config_dict['storage_provider_config'] = storage_config.get("registry_storage_provider_config") or ''
-        # yaml requires 1 or more spaces between the key and value
-        config_dict['storage_provider_config'] = config_dict['storage_provider_config'].replace(":", ": ", 1)
-        config_dict['registry_custom_ca_bundle_path'] = storage_config.get("registry_custom_ca_bundle") or ''
-    else:
-        config_dict['storage_provider_name'] = ''
-        config_dict['storage_provider_config'] = ''
-        config_dict['registry_custom_ca_bundle_path'] = ''
-
-    # auto generate secret string
     config_dict['core_secret'] = generate_random_string(16)
-    config_dict['jobservice_secret'] = generate_random_string(16)
+
+     # Admiral configs
+    config_dict['admiral_url'] = configs.get("admiral_url") or ""
 
     return config_dict

make/photon/prepare/utils/core.py

@@ -43,7 +43,6 @@ def copy_core_config(core_templates_path, core_config_path):
 
 def render_config_env(config_dict, with_notary, with_clair, with_chartmuseum):
     # Use reload_key to avoid reload config after restart harbor
-    reload_key = generate_random_string(6) if config_dict['reload_config'] == "true" else ""
 
     render_jinja(
         core_config_env_template,
@@ -51,6 +50,5 @@ def render_config_env(config_dict, with_notary, with_clair, with_chartmuseum):
         with_notary=with_notary,
         with_clair=with_clair,
         with_chartmuseum=with_chartmuseum,
-        reload_key=reload_key,
         **config_dict
         )

make/photon/prepare/utils/docker_compose.py

@@ -28,10 +28,17 @@ def prepare_docker_compose(configs, with_clair, with_notary, with_chartmuseum):
         'cert_key_path': configs['cert_key_path'],
         'cert_path': configs['cert_path'],
         'protocol': configs['protocol'],
-        'registry_custom_ca_bundle_storage_path': configs['registry_custom_ca_bundle_path'],
+        'http_port': configs['http_port'],
+        'registry_custom_ca_bundle_path': configs['registry_custom_ca_bundle_path'],
         'with_notary': with_notary,
         'with_clair': with_clair,
         'with_chartmuseum': with_chartmuseum
     }
 
+    storage_config = configs.get('storage_provider_config') or {}
+    if storage_config.get('keyfile'):
+        rendering_variables['gcs_keyfile'] = storage_config['keyfile']
+    if configs.get('https_port'):
+        rendering_variables['https_port'] = configs['https_port']
+
     render_jinja(docker_compose_template_path, docker_compose_yml_path, **rendering_variables)

make/photon/prepare/utils/misc.py

@@ -36,13 +36,6 @@ def validate(conf, **kwargs):
             raise Exception(
                 "Error: The path for certificate key: %s is invalid" % cert_key_path)
 
-    # Project validate
-    project_creation = conf.get(
-        "configuration", "project_creation_restriction")
-    if project_creation != "everyone" and project_creation != "adminonly":
-        raise Exception(
-            "Error invalid value for project_creation_restriction: %s" % project_creation)
-
     # Storage validate
     valid_storage_drivers = ["filesystem",
                              "azure", "gcs", "s3", "swift", "oss"]

make/photon/prepare/utils/nginx.py

@@ -22,11 +22,13 @@ def prepare_nginx(config_dict):
 def render_nginx_template(config_dict):
     if config_dict['protocol'] == "https":
         render_jinja(nginx_https_conf_template, nginx_conf,
-            ssl_cert = SSL_CERT_PATH,
+            ssl_cert=SSL_CERT_PATH,
-            ssl_cert_key = SSL_CERT_KEY_PATH)
+            ssl_cert_key=SSL_CERT_KEY_PATH)
         location_file_pattern = CUSTOM_NGINX_LOCATION_FILE_PATTERN_HTTPS
     else:
-        render_jinja(nginx_http_conf_template, nginx_conf)
+        render_jinja(
+            nginx_http_conf_template,
+            nginx_conf)
         location_file_pattern = CUSTOM_NGINX_LOCATION_FILE_PATTERN_HTTP
     copy_nginx_location_configs_if_exist(nginx_template_ext_dir, nginx_confd_dir, location_file_pattern)
 

make/photon/prepare/utils/notary.py

@@ -19,7 +19,7 @@ notary_signer_env_path = os.path.join(notary_config_dir, "signer_env")
 notary_server_env_path = os.path.join(notary_config_dir, "server_env")
 
 
-def prepare_env_notary(customize_crt, nginx_config_dir):
+def prepare_env_notary(nginx_config_dir):
     notary_config_dir = prepare_config_dir(config_dir, "notary")
     old_signer_cert_secret_path = pathlib.Path(os.path.join(config_dir, 'notary-signer.crt'))
     old_signer_key_secret_path = pathlib.Path(os.path.join(config_dir, 'notary-signer.key'))
@@ -87,7 +87,7 @@ def prepare_env_notary(customize_crt, nginx_config_dir):
 
 def prepare_notary(config_dict, nginx_config_dir, ssl_cert_path, ssl_cert_key_path):
 
-    prepare_env_notary(config_dict['customize_crt'], nginx_config_dir)
+    prepare_env_notary(nginx_config_dir)
 
     render_jinja(
         notary_signer_pg_template,

make/photon/prepare/utils/registry.py

@@ -1,4 +1,4 @@
-import os, shutil
+import os, copy
 
 from g import config_dir, templates_dir, DEFAULT_GID, DEFAULT_UID
 from utils.misc import prepare_config_dir
@@ -11,12 +11,11 @@ registry_conf = os.path.join(config_dir, "registry", "config.yml")
 
 
 def prepare_registry(config_dict):
-    prepare_registry_config_dir()
+    prepare_config_dir(registry_config_dir)
 
     storage_provider_info = get_storage_provider_info(
     config_dict['storage_provider_name'],
-    config_dict['storage_provider_config'],
+    config_dict['storage_provider_config'])
-    registry_config_dir)
 
     render_jinja(
         registry_config_template_path,
@@ -26,26 +25,17 @@ def prepare_registry(config_dict):
         storage_provider_info=storage_provider_info,
         **config_dict)
 
-def prepare_registry_config_dir():
-    prepare_config_dir(registry_config_dir)
 
-def get_storage_provider_info(provider_name, provider_config, registry_config_dir_path):
+def get_storage_provider_info(provider_name, provider_config):
+    provider_config_copy = copy.deepcopy(provider_config)
     if provider_name == "filesystem":
-        if not provider_config:
+        if not (provider_config_copy and provider_config_copy.has_key('rootdirectory')):
-            storage_provider_config = "rootdirectory: /storage"
+            provider_config_copy['rootdirectory'] = '/storage'
-        elif "rootdirectory:" not in storage_provider_config:
+    if provider_name == 'gcs' and provider_config_copy.get('keyfile'):
-            storage_provider_config = "rootdirectory: /storage" + "," + storage_provider_config
+        provider_config_copy['keyfile'] = '/etc/registry/gcs.key'
     # generate storage configuration section in yaml format
     storage_provider_conf_list = [provider_name + ':']
-    for c in storage_provider_config.split(","):
+    for config in provider_config_copy.items():
-        kvs = c.split(": ")
+        storage_provider_conf_list.append('{}: {}'.format(*config))
-        if len(kvs) == 2:
-            if kvs[0].strip() == "keyfile":
-                srcKeyFile = kvs[1].strip()
-                if os.path.isfile(srcKeyFile):
-                    shutil.copyfile(srcKeyFile, os.path.join(registry_config_dir_path, "gcs.key"))
-                    storage_provider_conf_list.append("keyfile: %s" % "/etc/registry/gcs.key")
-                    continue
-        storage_provider_conf_list.append(c.strip())
     storage_provider_info = ('\n' + ' ' * 4).join(storage_provider_conf_list)
     return storage_provider_info

make/photon/prepare/utils/uaa.py

@@ -1,11 +0,0 @@
-import os, shutil
-
-def prepare_uaa_cert_file(uaa_ca_cert, core_cert_dir):
-    if os.path.isfile(uaa_ca_cert):
-        if not os.path.isdir(core_cert_dir):
-            os.makedirs(core_cert_dir)
-        core_uaa_ca = os.path.join(core_cert_dir, "uaa_ca.pem")
-        print("Copying UAA CA cert to %s" % core_uaa_ca)
-        shutil.copyfile(uaa_ca_cert, core_uaa_ca)
-    else:
-        print("Can not find UAA CA cert: %s, skip" % uaa_ca_cert)

make/prepare

@@ -1,39 +1,40 @@
 #!/bin/bash
+set +e
 
 # If compling source code this dir is harbor's make dir
 # If install harbor via pacakge, this dir is harbor's root dir
 harbor_prepare_path="$( cd "$(dirname "$0")" ; pwd -P )"
-
+echo "prepare base dir is set to ${harbor_prepare_path}"
-echo host make path is set to ${harbor_prepare_path}
 data_path=$(grep '^[^#]*data_volume:' ${harbor_prepare_path}/harbor.yml | awk '{print $NF}')
-log_path=$(grep '^[^#]*location:' ${harbor_prepare_path}/harbor.yml | awk '{print $NF}')
-secretkey_path=$(grep '^[^#]*secretkey_path:' ${harbor_prepare_path}/harbor.yml | awk '{print $NF}')
-ssl_cert_path=$(grep '^[^#]*ssl_cert:' ${harbor_prepare_path}/harbor.yml | awk '{print $NF}')
-ssl_cert_key_path=$(grep '^[^#]*ssl_cert_key:' ${harbor_prepare_path}/harbor.yml | awk '{print $NF}')
-registry_custom_ca_bundle=$(grep '^[^#]*registry_custom_ca_bundle:' ${harbor_prepare_path}/harbor.yml | awk '{print $NF}')
 
+# If previous secretkeys exist, move it to new location
+previous_secretkey_path=/data/secretkey
+previous_defaultalias_path=/data/defaultalias
+
+if [ -f $previous_secretkey_path ]; then
+    mkdir -p $data_path/secret/keys
+    mv $previous_secretkey_path $data_path/secret/keys
+fi
+if [ -f $previous_defaultalias_path ]; then
+    mkdir -p $data_path/secret/keys
+    mv $previous_defaultalias_path $data_path/secret/keys
+fi
+
+# Clean up input dir
+rm -rf ${harbor_prepare_path}/input
 # Create a input dirs
 mkdir -p ${harbor_prepare_path}/input
 input_dir=${harbor_prepare_path}/input
-mkdir -p $input_dir/nginx
-mkdir -p $input_dir/keys
-mkdir -p $input_dir/common
 
-# Copy nginx config file to input dir
+set -e
-cp $ssl_cert_path $input_dir/nginx/server.crt
-cp $ssl_cert_key_path $input_dir/nginx/server.key
-
-# Copy secretkey to input dir
-cp -r $secretkey_path $input_dir/keys
-
-# Copy ca bundle to input dir
-if [ -f $registry_custom_ca_bundle ]
-then
-    cp -r $registry_custom_ca_bundle $input_dir/common/custom-ca-bundle.crt
-fi
 
 # Copy harbor.yml to input dir
-cp ${harbor_prepare_path}/harbor.yml $input_dir/harbor.yml
+if [[ ! "$1" =~ ^\-\- ]] && [ -f "$1" ]
+then
+    cp $1 $input_dir/harbor.yml 
+else
+    cp ${harbor_prepare_path}/harbor.yml $input_dir/harbor.yml
+fi
 
 # Create secret dir
 secret_dir=${data_path}/secret
@@ -44,8 +45,8 @@ docker run -it --rm -v $input_dir:/input \
                     -v $harbor_prepare_path:/compose_location \
                     -v $config_dir:/config \
                     -v $secret_dir:/secret \
-                    -v $log_path:/var/log/harbor \
                     goharbor/prepare:dev $@
 
+echo "Clean up the input dir"
 # Clean up input dir
 rm -rf ${harbor_prepare_path}/input

tests/hostcfg.sh

@@ -1,7 +1,9 @@
 #!/bin/bash
 IP=`ip addr s eth0 |grep "inet "|awk '{print $2}' |awk -F "/" '{print $1}'`
-PROTOCOL='https'
 
 #echo $IP
 sudo sed "s/reg.mydomain.com/$IP/" -i make/harbor.yml
-sudo sed "s/^ui_url_protocol: .*/ui_url_protocol: $PROTOCOL/g" -i make/harbor.yml
+
+echo "https:" >> make/harbor.yml
+echo "  certificate: /data/cert/server.crt" >> make/harbor.yml
+echo "  private_key: /data/cert/server.key" >> make/harbor.yml

tests/testprepare.sh

@@ -8,7 +8,7 @@ cp /data/secret/core/private_key.pem /etc/core/
 mkdir src/core/conf
 cp make/common/config/core/app.conf src/core/conf/
 if [ "$(uname)" == "Darwin" ]; then
-	IP=`ifconfig en0 | grep "inet " | grep -Fv 127.0.0.1 | awk '{print $2}'`
+        IP=`ifconfig en0 | grep "inet " | grep -Fv 127.0.0.1 | awk '{print $2}'`
 else 
         IP=`ip addr s eth0 |grep "inet "|awk '{print $2}' |awk -F "/" '{print $1}'`
 fi

tests/travis/api_common_install.sh

@@ -10,12 +10,12 @@ sudo sed "s/127.0.0.1/$1/" -i tests/generateCerts.sh
 sudo ./tests/generateCerts.sh
 sudo mkdir -p /etc/docker/certs.d/$1 && sudo cp ./harbor_ca.crt /etc/docker/certs.d/$1/
 
+sudo ./tests/hostcfg.sh
+
 if [ "$2" = 'LDAP' ]; then
-    sudo ./tests/hostcfg.sh LDAP
     cd tests && sudo ./ldapprepare.sh && cd ..
 fi
 
-sudo ./tests/hostcfg.sh
 
 
 # prepare a chart file for API_DB test...