root
6f335bdb1a
Deprivilege harobr-log, harbor-db, registry image.
...
This change involves using non-root user to run the process of the
docker images. Also made update in Dockerfile to make the containers
support "read-only" and introduce "HEALTHCHECK". Note the "read-only"
options are not enabled in docker-compose, to cover the very corner
case when user wants to update the container filesystem manually.
Remove read only option from docker-compose template by default
2017-11-02 23:35:06 -07:00
Daniel Jiang
e6874cf9f1
Merge pull request #3383 from reasonerjt/uaa-integration
...
Make the root CA certificate of UAA configurable
2017-10-17 12:20:22 +08:00
Tan Jiang
eab6b43d99
Make the root CA certificate of UAA should be configurable
2017-10-16 17:40:29 +08:00
Wenkai Yin
bc3d859571
make log rotate days configurable
2017-10-16 17:09:28 +08:00
Wenkai Yin
232b9ca70c
update the psc token dir
2017-08-02 14:50:49 +08:00
Yan
686b477775
update registry to 2.6.2 ( #2851 )
...
rm dockerfile
update
add comments
2017-07-24 02:19:32 -07:00
Wenkai Yin
7573d59624
update token file location
2017-07-19 13:46:10 +08:00
Daniel Jiang
1ca1eddb0f
Merge pull request #2676 from yixingjia/nginxonphoton
...
Move nginx to photon OS
2017-07-01 00:08:08 +08:00
Wenkai Yin
bdbdb383ac
update
2017-06-30 16:21:55 +08:00
yixingj
fc50fd51d5
Move nginx to photon OS
2017-06-30 14:03:42 +08:00
Wenkai Yin
d6b4330cc8
create a global project manager
2017-06-30 00:08:45 +08:00
Daniel Jiang
0b02231093
Update registry img ( #2330 )
...
* update the registry image
* update other yml files and docs to reflect image update
2017-05-19 00:19:27 -07:00
Tan Jiang
965c7a5e70
reference the patched nginx image
2017-04-07 15:07:46 +08:00
Wenkai Yin
e60fd0530f
mount config to another dir, fix #1939
2017-04-07 09:14:41 +08:00
wy65701436
f6c4137af1
fix issue 1916
2017-04-05 22:53:09 -07:00
Daniel Jiang
7d6d641827
Merge branch 'master' into dev
2017-04-05 17:01:27 +08:00
Wenkai Yin
ee2a6748c0
mount ca dir to container, fix #1829
2017-03-30 12:50:20 +08:00
Tan Jiang
a33f4151e2
merge with dev branch
2017-03-24 14:40:34 +08:00
Tan Jiang
980101eab5
package vmware/registry into offline package
2017-03-23 12:36:36 +08:00
Tan Jiang
44cd3ec85b
update make file and docker compose template
2017-03-22 20:56:08 +08:00
Tan Jiang
f9180c0c96
rebuild registry image on photon
2017-03-22 20:27:15 +08:00
Wenkai Yin
383997f785
read capacity from adminserver
2017-03-21 16:28:24 +08:00
Wenkai Yin
108aa21499
upgrade registry to 2.6.0
2017-03-16 13:44:16 +08:00
Aron Parsons
8ab45d439b
label volumes for SELinux
...
allow Harbor to run when dockerd is running with --selinux-enabled
example AVC denials:
type=AVC msg=audit(1488384855.681:154671): avc: denied { read } for pid=454 comm="registry" name="config.yml" dev="dm-8" ino=12583048 scontext=system_u:system_r:svirt_lxc_net_t:s0:c298,c958 tcontext=system_u:object_r:default_t:s0 tclass=file
type=AVC msg=audit(1488384855.681:154671): avc: denied { open } for pid=454 comm="registry" path="/etc/registry/config.yml" dev="dm-8" ino=12583048 scontext=system_u:system_r:svirt_lxc_net_t:s0:c298,c958 tcontext=system_u:object_r:default_t:s0 tclass=file
type=AVC msg=audit(1488384855.687:154672): avc: denied { append } for pid=350 comm=72733A6D61696E20513A526567 name="registry.log" dev="dm-5" ino=4315920 scontext=system_u:system_r:svirt_lxc_net_t:s0:c599,c800 tcontext=system_u:object_r:default_t:s0 tclass=file
type=AVC msg=audit(1488384856.895:154702): avc: denied { remove_name } for pid=708 comm="mysqld" name="4691d4d62464.lower-test" dev="dm-12" ino=402656159 scontext=system_u:system_r:svirt_lxc_net_t:s0:c149,c797 tcontext=system_u:object_r:default_t:s0 tclass=dir
type=AVC msg=audit(1488384856.926:154703): avc: denied { lock } for pid=708 comm="mysqld" path="/var/lib/mysql/ibdata1" dev="dm-12" ino=402656097 scontext=system_u:system_r:svirt_lxc_net_t:s0:c149,c797 tcontext=system_u:object_r:default_t:s0 tclass=file
type=AVC msg=audit(1488384857.958:154736): avc: denied { open } for pid=924 comm="harbor_jobservi" path="/etc/jobservice/app.conf" dev="dm-8" ino=142 scontext=system_u:system_r:svirt_lxc_net_t:s0:c102,c158 tcontext=system_u:object_r:default_t:s0 tclass=file
type=AVC msg=audit(1488384858.089:154737): avc: denied { read } for pid=1017 comm="nginx" name="nginx.conf" dev="dm-8" ino=4194445 scontext=system_u:system_r:svirt_lxc_net_t:s0:c847,c996 tcontext=system_u:object_r:default_t:s0 tclass=file
type=AVC msg=audit(1488384858.089:154737): avc: denied { open } for pid=1017 comm="nginx" path="/etc/nginx/nginx.conf" dev="dm-8" ino=4194445 scontext=system_u:system_r:svirt_lxc_net_t:s0:c847,c996 tcontext=system_u:object_r:default_t:s0 tclass=file
2017-03-03 14:13:39 -05:00
yhua
9f18c8458b
fix #1332
2017-02-27 18:52:22 +08:00
Wenkai Yin
9f3f48be59
add harbor network to adminserver
2017-02-24 14:35:11 +08:00
Wenkai Yin
414e8a8bcf
Merge remote-tracking branch 'upstream/dev' into 170224_merge_config
...
Conflicts:
make/docker-compose.tpl
src/ui/service/token/authutils.go
2017-02-24 13:52:19 +08:00
Wenkai Yin
40eb6bb7d3
encrypt passwords enhancement
2017-02-22 16:59:28 +08:00
Wenkai Yin
390f89ee0a
encrypt passwords and secret
2017-02-17 18:23:21 +08:00
Daniel Jiang
a17cd5bcfe
add a default network for containers in harbor ( #1384 )
...
LGTM
2017-02-16 14:51:21 +08:00
Wenkai Yin
b62a958250
configure harbor
2017-01-12 17:15:32 +08:00
yhua
0249f2181a
update registry from 2.5.0 to 2.5.1
2016-12-15 16:50:50 +08:00
kunw
55b98f9abd
Merge remote-tracking branch 'upstream/dev' into dev-volume-info
2016-11-09 14:53:26 +08:00
Wenkai Yin
4fcfffeb47
upgrade nginx to 1.11.5
2016-11-02 15:49:28 +08:00
kunw
560b41b5e6
Merge remote-tracking branch 'upstream/dev' into dev-volume-info
2016-11-02 12:46:57 +08:00
yhua
03e2a3ee56
remove tag in docker-compose.yml
2016-10-26 13:09:12 +08:00