Upstream/harbor
1
0
Fork 0
mirror of https://github.com/goharbor/harbor.git synced 2024-11-02 00:29:50 +01:00
Code Issues Projects Releases Wiki Activity
8,287 Commits 51 Branches 312 Tags 347 MiB
a371a2db2d
Commit Graph

855 Commits

Author SHA1 Message Date
stonezdj
8c37b0877a Fix issue when query psql cli failed on more command 
Signed-off-by: stonezdj <stonezdj@gmail.com>
 2018-11-06 13:09:20 +08:00
Daniel Jiang
1e9b34325c Make rendered files less visible 
Some configuration files and env files contain sensitive information,
they should not be readable by any user by default.

This commit updates the `prepare` script to update the mask of the
rendered files.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
 2018-11-05 15:06:00 +08:00
James Zabala
b58ff42dff
Merge pull request #6184 from wy65701436/bump-up-clair 
Build clair version into clair image
 2018-11-02 17:04:25 -04:00
Daniel Jiang
ec01a97eb8 Clair image should accept parms 
Update the entrypoint to allow the image accept other parms,
to help debug in the future.

If replace "$*" with "$@" only one parm will be passed to dumbinit

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
 2018-11-01 22:25:55 -07:00
wang yan
072127a70c Build clair version into clair image 
This commit is to add the clair_version into the harbor images, then clair
will use it in the user-agent, and helpful for the debugging.

Signed-off-by: wang yan <wangyan@vmware.com>
 2018-10-31 16:29:06 +08:00
Daniel Jiang
39b4d011c7 Not submit scan all job when core container starts 
Fixes #6115

As for the change in migration sql file, in 1.7 we'll switch to
jobservice for scheduling "scan all" job.  To avoid inconsistency,
this item will be reset and user will need to configure the policy again.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
 2018-10-25 19:01:52 +08:00
Steven Zou
3b76a960e1
Merge pull request #6039 from stonezdj/refact_5996 
Refactor capacity
 2018-10-24 10:50:11 +08:00
Stéphane Albert
0d44e4f535 Send 308 status on redirect from http to https 
Modify nginx configuration to use 308 instead of 301 on the http to
https redirect.
Fix problems with some clients on POST requests that are transformed to
GET on 301 redirect (per HTTP 1.1 standard).
See [RFC7538](https://tools.ietf.org/html/rfc7538).

Signed-off-by: Stéphane Albert <sheeprine@oh.its.fake.nullplace.com>
 2018-10-23 20:25:35 +02:00
Christian Witts
e9c01255da
Fix install issue with default hostname commented 
Update the `grep` filter to anchor at the start of the line
and allow for whitespace characters, in order to correctly
determine the hostname being set if the default is merely
commented out and the custom one added, instead of overridden.

Fixes #6117

Signed-off-by: Christian Witts <cwitts@gmail.com>
 2018-10-23 14:55:27 +02:00
Daniel Jiang
6f4f941854 Fix permission issue in rsyslog container. 
This commit fixes the permission issues introduced after migration to photon:2.0 base image.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
 2018-10-21 21:45:42 -07:00
陈德
1ffd9d8fba Add op uuid to image replication 
Signed-off-by: 陈德 <chende@caicloud.io>
 2018-10-21 23:55:57 +08:00
Daniel Jiang
3d09089a9c Rebuild Harbor images based on photon:2.0 (#6054) 
Make necessary change to make things work with photon 2.0 docker image.
Remove distro-sync to mitigate the build issue and add `--pull` to docker build
command to make sure the latest photon:2.0 will be pulled during build process.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
 2018-10-18 11:03:28 +08:00
Daniel Jiang
3c577d588c
Merge pull request #6063 from wy65701436/fix-dns 
Use docker official way to unset dns search
 2018-10-17 17:08:00 +08:00
wang yan
f44ff2e4c3 Remove the env GODEBUG=netdns=cgo 
This env is the workaroud of dns resolver on golang 1.7.3.
Remove it is bacause of harbor is using golang 1.9.2, the bug
has already been fixed.

Signed-off-by: wang yan <wangyan@vmware.com>
 2018-10-17 16:11:25 +08:00
Yan
a5e7ac9164
Upgrade notary complile golang version to 1.9.4 (#6064) 
This commit is to upgrade the golang version to 1.9.4, it because a
bug of golang 17.3 could introduce one dns resolver issue for harbor
mentioned by #6031.

The bug of golang is https://github.com/golang/go/issues/15419, it makes
harbor containers to lookup 'endpoint.' firstly which may cause network
issue.

Signed-off-by: wang yan <wangyan@vmware.com>
 2018-10-17 16:04:14 +08:00
wang yan
bad68c5429 Use docker official way to unset dns search 
According docker official document, use 'dns_search= .' in the docker
compose file if you don't wish to set the search domain.

https://docs.docker.com/v17.09/engine/userguide/networking/default_network/configure-dns/

Signed-off-by: wang yan <wangyan@vmware.com>
 2018-10-17 14:27:29 +08:00
stonezdj
0278981523 Change admin server to core in jobservice 
Signed-off-by: stonezdj <stonezdj@gmail.com>
 2018-10-16 19:23:12 +08:00
Yan
08ae5f2f37
Limit dns search in harbor containers (#6057) 
This commit is to set dns search to null in the harbor containers,
that means the dns search domains of docker host doesn't impact
the network IO in the containers.

If do not set this, Harbor notary-server and notary-signer are resolving
the "mysql" alias to the resolv.conf search path instead of to "mysql."
for the notary-db bridge IP, see #6031.

Signed-off-by: wang yan <wangyan@vmware.com>
 2018-10-16 18:34:36 +08:00
stonezdj(Daojun Zhang)
b764033fc9
Merge pull request #6007 from stonezdj/refact_5998 
Change admin server to core in jobservice
 2018-10-15 17:52:24 +08:00
stonezdj
79bac7a64e Change admin server to core in jobservice 
Signed-off-by: stonezdj <stonezdj@gmail.com>
 2018-10-15 14:56:18 +08:00
Daniel Jiang
c8cb2f8481 Create shcema migration table in DB container 
The migrate tool will try to create table schema_migration upon opening
the connection to DB.  This will cause error when there are multiple
instance of adminserver trying to access the migrator upon start.
This commit move the creation of the table during the initialization of
the DB container.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
 2018-10-12 17:17:31 +08:00
Daniel Jiang
31096a35af Run chown to job log directory 
This commit revoke part of the change introduced in commit #1fc4142, by
calling chown to job log directory within the container when the job
service bootstraps.  The reason is we are seeing permission issue in
helm-chart deployment, and we want to reduce effort to handle the
permission on different deployment approaches.

There are some code in `prepare` script to change the ownership of the
JOB_LOG directory, it will be left for now to avoid regression in VIC
integration.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
 2018-09-22 12:05:37 +08:00
Qian Deng
88bb461314 Reactor backend api for authrization 
1. Change backend api
2. Change frontend api
3. Change the proxy config file

Signed-off-by: Qian Deng <dengq@vmware.com>
 2018-09-21 14:03:17 +08:00
Qian Deng
7873a0312a Rename harbor-ui to harbor-core 
1. Update the nginx.conf
2. Update Makefile
3. Update docker-compose
4. Update image name
5. Rename folder ui to core
6. Change the harbor-ui's package name to core
7. Remove unused static file on harbor-core
8. Remove unused code for harbor-portal

Signed-off-by: Qian Deng <dengq@vmware.com>
 2018-09-19 16:35:13 +08:00
Wenkai Yin
89893779fb Support configuring sslmode for the connection of database (#5861) 
The sslmode of the connection with postgresql is hardcoded as "disable" currently, this commit expose it as an environment variable so that users can configure it

Signed-off-by: Wenkai Yin <yinw@vmware.com>
 2018-09-14 13:05:05 +08:00
Daniel Jiang
36ab8a5bf1 Add depdends_on to portal container 
Fixes #5878

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
 2018-09-13 11:00:21 +08:00
Qian Deng
ac6c9d79ba Remove nodeclarity 
Remove the nodeclarity container related code and ui_builder parameter no longer needed when build clarity

Signed-off-by: Qian Deng <dengq@vmware.com>
 2018-09-08 20:33:21 +08:00
Qian Deng
097da4bb8d Fix typo 
adminiserver to adminserver

Signed-off-by: Qian Deng <dengq@vmware.com>
 2018-09-07 16:20:03 +08:00
Qian Deng
ba4762095f Update dockerfile of portal based on angular6 upgrade 
1. Update entrypoint to reflect angular 6 upgrade

Signed-off-by: Qian Deng <dengq@vmware.com>
 2018-09-07 15:06:15 +08:00
Qian Deng
db8d7b9c1c Merge branch 'seprate_harbor_portal_from_harbor_core' into angular6 2018-09-07 14:56:16 +08:00
Qian Deng
d797c50438 Fix trivial issues about rename ui_ng to portal 
Update ui_ng to portal

Signed-off-by: Qian Deng <dengq@vmware.com>
 2018-09-07 13:25:41 +08:00
Qian Deng
870653a5fb Update nginx config to redirect traffic to specific backend 
1. Update nginx.conf file
2. Update photon makefile
3. Update global makefile

Signed-off-by: Qian Deng <dengq@vmware.com>
 2018-09-07 13:21:27 +08:00
Qian Deng
dc21f3f5e2 Add container for harbor-portal 
1. Add dockerfile for building harbor-portal
2. change the name from ui_ng to harbor-portal

Signed-off-by: Qian Deng <dengq@vmware.com>
 2018-09-07 13:20:08 +08:00
Meina Zhou
a330d4e116 upgrade to angular 6 
Signed-off-by: Meina Zhou <meinaz@vmware.com>
 2018-09-07 11:30:00 +08:00
Yan
4eba01fc31 Clean make file unused code and unify docker build method (#59) 
Signed-off-by: Yan <wangyan@vmware.com>
 2018-09-04 17:18:15 +08:00
Daniel Jiang
768f165877
Merge pull request #5771 from wy65701436/deprecate-make-dev 
Deprecate dockerfiles in make/dev
 2018-09-04 12:58:52 +08:00
Daniel Jiang
823a9d11e9 Bump Clair to v2.0.5 
The PR to fix the Alpine issue has been merged to Clair's release-2.0
branch, and released v2.0.5.
This commit updates Harbor to include that change and re-enable
Clair's updaters by default.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
 2018-09-02 12:27:04 +08:00
wang yan
9bb7902003 Deprecate dockerfiles in make/dev 
Signed-off-by: wang yan <wangyan@vmware.com>
 2018-08-31 15:26:26 +08:00
wang yan
f8b964d8cf Extend configuration length to 1024 in DB 
Signed-off-by: wang yan <wangyan@vmware.com>
 2018-08-31 13:42:24 +08:00
Steven Zou
3e241be34f
Merge pull request #5739 from steven-zou/fix_s3_storage_issue 
Fix issues related with chart storage
 2018-08-28 15:16:34 +08:00
Daniel Jiang
c4eaf25ed1
Merge pull request #5742 from reasonerjt/remove-compose-ha 
Remove reference of docker-compsoe based HA
 2018-08-28 15:09:22 +08:00
Steven Zou
43ecf62c25 Fix issues related with chart storage 
- inject custom CA bundle into chart repo
- update prepare script to inject credentials

Signed-off-by: Steven Zou <szou@vmware.com>
 2018-08-28 14:10:50 +08:00
Daniel Jiang
e1153eec0a Remove reference of docker-compsoe based HA 
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
 2018-08-28 14:04:44 +08:00
wang yan
854f606f63 upgrade notary to latest release v0.6.1 
Move the notary-server and notary signer into ./notary/release-${notaryversion} as this will not impact the
release branches, the binaries in ./notary are v0.5.1.

Signed-off-by: wang yan <wangyan@vmware.com>
 2018-08-28 13:51:55 +08:00
James Zabala
141f6056e7
Merge pull request #5700 from xxxdreamer/test 
add some comments to harbor.cfg
 2018-08-24 17:18:28 -04:00
Wenkai Yin
2c5b06350e
Merge pull request #5716 from reasonerjt/update-go-import-path 
Update import path in go code
 2018-08-23 19:02:50 +08:00
Daniel Jiang
dcf4e2ee78 Update import path in go code 
vmware -> goharbor

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
 2018-08-23 17:50:53 +08:00
unknown
9b94800216 To make the DCO bot happy^_^ 
Signed-off-by: unknown <cyz.dreamer@gmail.com>
 2018-08-23 14:43:54 +08:00
unknown
7dd68c992f add some comments to harbor.cfg 
Signed-off-by: unknown <cyz.dreamer@gmail.com>
 2018-08-23 14:38:47 +08:00
Daniel Jiang
78bddd831a Temporarily disable updaters of clair 
Set the updater interval to "0" to mitigate the impact of Apline URL
change that cause clair keep polling vuln data.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
 2018-08-23 14:00:37 +08:00
Wenkai Yin
0673e7c0a9 Add VOLUME definition in Dockerfile of chart museum 
The VOLUME definition in Dockerfile of chart museum will mount a volume automatically by docker if no specific volume is provided.

Signed-off-by: Wenkai Yin <yinw@vmware.com>
 2018-08-20 17:00:40 +08:00
Daniel Jiang
bda3878ab8 Update registry image to enable inject root cert 
In some user's environment, there's local object storage hosted with
self-signed certificate.
Because registry process runs in a photon container, it has to trust
the certificate in the photon level such that the registry can access
the storage service.

This commit updates the registry image to append custom cert to the root
bundle when the container is started.  And make the customer cert
configurable in `harbor.cfg`

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
 2018-08-16 18:36:21 +08:00
wangyan
29d0d51403 Signed-off-by: wangyan <wangyan@vmware.com> 
Add clean registry cache to gc job

To workaround the issue: https://github.com/docker/distribution/issues/2094
GC needs to clean cache before to call the docker reigstry api to delete blobs.
Otherwise, the following docker push will not be performed as docker registry
does not clean cache in GC, it thinks the image is still there, and the new
blobs will be uploaded.
 2018-08-13 02:58:27 -07:00
wangyan
e2ff77c4cd Fix namespace when to build harbor images 2018-08-09 23:41:30 -07:00
wangyan
7713764aec Batch update docker image namespace to goharbor 
This commit is to move all the images of harbor from vmware to goharbor
 2018-08-09 23:24:21 -07:00
Steven Zou
79b2f01bab
Merge pull request #5569 from steven-zou/change_notes_in_installation_script 
Update the usage message to include chart repository server related info
 2018-08-09 15:42:34 +08:00
Yan
0ffa6e076c
Unify redis configuration for harbor components (#5564) 
this commit is to specrate the redis_url into host,port,pwd and index for
different components, and make it possible to set external redis server.
 2018-08-09 15:27:46 +08:00
Steven Zou
7fe16eba19 Update the usage message to include chart repository server related info 2018-08-09 14:55:31 +08:00
wangyan
063e44c486 Remove the tdnf error eater in docker files 2018-08-07 22:58:01 -07:00
Deng, Qian
37176c8fe5 Unlink harbor-ui after UI complling. 
After UI compilling should unlink harbor-ui.
Because it create a link with root user in container that will cause permission issues next time you want to aceess this file.
 2018-08-06 19:53:07 +08:00
Steven Zou
e0ed44cc13 Enable chart/prov files overwriting option 
change 'ALLOW_OVERWRITE' from 'false' to 'true'
 2018-08-01 15:20:38 +08:00
Deng, Qian
8feb49c64e Feature of helm chart UI 
1. Add Charts list view
2. Add Charts card view
3. Add Chart version list view
4. Add chart version card view
5. Add Chart Detail Summary
6. Add Chart Detail Value
6. Add Chart Detail Deps
7. Update nodeclarity Dockerfile
8. Add markdown support
9. Add package-lock file to src
 2018-08-01 13:20:06 +08:00
Daniel Jiang
bda0a92ea9
Merge pull request #5427 from ywk253100/180730_redirect 
Remove the URL rewrite for docker registry request
 2018-07-31 13:34:15 +08:00
wangyan
22411cf6b2 Fix pgsql creation column bug 
Root cause: Use default 'now'::timestamp will not generate timestamp for each transaction,
PG will convert now to a timestamp as soon as the constant is parsed. To fix it, update it
to defult CURRENT_TIMESTAMP, thie setting is the same as default now(), which returns the
start time of current transaction because ther are fuction calls, hey will give the desired
behavior of defaulting to the time of row insertion.

Reference: https://www.postgresql.org/docs/9.6/static/functions-datetime.html#FUNCTIONS-DATETIME-CURRENT
PG version: 9.6.9
 2018-07-30 04:58:44 -07:00
Wenkai Yin
7e6a13915b Remove the URL rewrite for docker registry request 
This commit redirects the request to UI directory without URL rewrite
 2018-07-30 17:24:15 +08:00
Daniel Jiang
46de1432f2 Enable cfg migrator to 1.6.0 
In 1.6, there will be only one DB process in the default deployment.
The migrator will try to handle the setting by "guessing" whether Harbor
was pointed to external DB.

Verified 1.5->1.6 and 1.4->1.6 migration.
 2018-07-27 17:11:45 +08:00
Wenkai Yin
c3106fc447
Merge pull request #5401 from reasonerjt/config-clair-interval 
Enable configuring the interval of clair updaters
 2018-07-26 18:18:16 +08:00
Daniel Jiang
733a89dea2 Enable configuring the interval of clair updaters 
To mitigate the impact we saw in the updater issues in clair, this
commit enable configuring the interval, include disabling the updaters
of clair.
 2018-07-26 16:27:23 +08:00
Daniel Jiang
ad0c0eba36 Add registry to default no_proxy hosts for Clair 
When proxy is set for Clair, there may be issue when Clair pulls image
from the registryif the `no_proxy` attribute is not updated.  This
commit adds `registry` to the default setting.
 2018-07-26 14:41:03 +08:00
Steven Zou
32f0ceade3 Modify the cfg option 'max_job_workers' from 50 to 10 to reduce the resource requirement 2018-07-23 13:36:46 +08:00
Steven Zou
bb380e6dbc
Merge pull request #5314 from steven-zou/chart_repo_supporting 
Refactor chart API endpoints
 2018-07-20 20:43:55 +08:00
Steven Zou
0227a1315a Keep the chart server related configurations in adminserver 
append chart server related config options to the supporting list of adminserver
provide chart server related config access method in the API layer
update prepare script and ui env template file to enable cache driver config for chart server API
append flag info in the systeminfo API to indicate if chart server is deployed with Harbor
refactor the response rewriting logic to return structual error object
add api init method to initilizing objects required in API handlers
chage owner of the storage folder
update offline/online package scripts in Harbor-Util.robot
 2018-07-20 19:40:33 +08:00
Yan
efdb57548f
add admin job api (#5344) 
It supports Harbor admin to trigger job either manual or
schedule. The job will be populated to job service to execute. 
The api includes:
1. POST /api/system/gc
2, GET /api/system/gc/:id 
3, GET /api/system/gc/:id/log
4, PUT/GET/POST /api/system/gc/schedule
 2018-07-20 19:22:37 +08:00
Daniel Jiang
6c664ee993 Update photon base images (#5346) 
This commit update the base photon image from vmware/photon:1.0 to
photon:1.0, per suggestion by photon team.
 2018-07-19 20:45:20 +08:00
Steven Zou
726d81803b Fix conflicts in Makefiles and prepare script files with upstream 2018-07-19 03:17:05 -07:00
Steven Zou
22ea7dd91f Update the related build scripts to package the chart repo server 
add env file template for chart repo server in make/common/config/chartserver
update the Makefiles to support build chart repo server
add docker file and related build scripts for upstream chart server - chartmuseum
update prepare to support generating chart server related configs
add docker compose file for the chart server
add build/install command options to install with/without chart repo server
update install.sh to support chart repo server installation
 2018-07-19 16:47:05 +08:00
Yan
d5b85a6748
Add the registry controller httpserver, it's responsible for controlling (#5265) 
docker regsitry. This version has the API to call regsitry GC with jobservice
secret. Seprates it into a standalone container as do not want to invoke two
processes in one container.

It needs to mount the registry storage into this container in order to do GC,
and needs to copy the registry binary into it.
 2018-07-16 16:50:28 +08:00
Wenkai Yin
8a92019e8e
Merge pull request #5310 from reasonerjt/adminserver-update-schema 
Let adminserver initialise the DB schema.
 2018-07-16 12:52:11 +08:00
Daniel Jiang
0d6ea995e1 Let adminserver initialise the DB schema. 
This commit make update to remove the code from ui container to init the
DB schema.  As UI has dependency on admin server, so it's safe to assume
adminserver has to be ready first.  Regardless the setting of the config
store of admin server, it will try to access and intialize the schema of
database.
 2018-07-13 17:32:17 +08:00
Daniel Jiang
bd92b165c8
Merge pull request #5309 from ywk253100/180713_redis 
Fix permission deny issue when Redis starting
 2018-07-13 15:33:51 +08:00
Wenkai Yin
e0f2a3d5ce Fix permission deny issue when Redis starting 
This commit changes the ownership of directory that Redis uses to user redis when starting up
 2018-07-13 14:20:20 +08:00
timchenxiaoyu
a912a55ac2 add sync registry env (#5294) 
By default Harbor will call catalog API of registry and sync the result to DB, this becomes problematic when registry is configured to custom storage service, there maybe inconsistent result and the whole process may be very time consuming.
So in this commit a env var SYNC_REGISTRY is introduced if user want Harbor to sync the repo when it starts up, by default it's false.
 2018-07-13 11:15:41 +08:00
Daniel Jiang
f7a29363ed
Merge pull request #5296 from reasonerjt/clair-bump-up-v2.0.4 
Bump up clair to v2.0.4
 2018-07-12 15:09:17 +08:00
Daniel Jiang
bc1969156e Bump up clair to v2.0.4 
This commit bump up clair to v2.0.4.  The current build process is
download the binary from google storage, the update of the binary in
google storage is not reflected in this commit.
 2018-07-12 13:59:51 +08:00
Steven Zou
0dfc273ee8
Merge pull request #5246 from kulong0105/master 
make/docker-compose.tpl: fix wrong mount configuration(#5208)
 2018-07-12 13:54:35 +08:00
wangyan
bba96b3669 Update docker registry cache from inmemory to redis. 
It gives Harbor the capability to controll the cache of docker
registry, and the workaround for cache invalidation bug caused
by garbage collection, that is clean cache in GC job.

For more details, see Harbor issue #5078.
 2018-07-09 02:32:07 -07:00
Daniel Jiang
3bb4e2c921
Merge pull request #5260 from halfa/master 
Change empty_subj to fix #2920 openssl issue
 2018-07-06 15:08:10 +08:00
stonezdj
62acdb14f3 Add settings to define admin with LDAP group DN 2018-07-05 14:46:44 +08:00
Yan
d366134fe8
Fix bug of packaging offline installer (#5245) 
The init sql script name nad path was changed by PR #5197, this
commit is to update these and log the package command to console,
make it more easy to debug in future. Also remove the action to
pull migrator as it will built each time locally.
 2018-07-04 20:03:44 +08:00
Daniel Jiang
c04d99b1ab Workaround the Clair issue in ubuntu updater 
This commit is a temp fix to workaround coreos/clair#562
Recompiled the code at the tip of release-2.0 branch of clair and
updated Makefile.
Once clair provides a new release, we'll need to make update in
Makefiles and Dockerfiles again to consume it.
 2018-07-04 17:28:47 +08:00
Yilong Ren
15d6145f5c make/docker-compose.tpl: fix wrong mount configuration(#5208) 2018-07-04 14:12:10 +08:00
Daniel Jiang
a161f2c95b
Merge pull request #4965 from jouve/reg_upstream 
remove unused upstream
 2018-07-03 16:29:08 +08:00
Steven Zou
6dfccc7dea
Merge pull request #5074 from ninjadq/ldap_search_ui 
Add LDAP search UI
 2018-07-03 15:30:18 +08:00
Deng, Qian
72dfdd552f Add ldap serach 
1. Add group management
2. Add rewrite import user to member ui
3. Add import group to member
4. Add new items in configuration page
 2018-07-03 14:00:59 +08:00
Daniel Jiang
cb0acbace4 Restrict the CPU usage of Clair (#5217) 
This commit fixes #5072
Due to an issue in bzr, Clair container may consume a lot of CPU
resource while updating the vuln data.  This commit mitigates the impact
by setting the cpu_quota of clair container. (default value of
cpu_period is 100000 in v2 docker-compose template)
 2018-07-03 11:23:56 +08:00
Deng, Qian
edbe2fe620 Update migrator to 1 6 0 
1. Add new alembic_pg folder for postgres
2. Add migration file for 1.6.0
3. Update version to 1.6.0
4. update migrator dockerfile
 2018-07-02 21:23:47 +08:00
Daniel Jiang
aef3213dfa
Merge pull request #5190 from stonezdj/reload_config 
Fix issue that harbor tile can not save customized settings
 2018-06-29 13:04:36 +08:00
Daniel Jiang
c9b1962b1e Initialise Harbor DB schema in Harbor UI/adminserver container 
This commit fixes #5040, the harbor-db image will only contain empty
databases, and harbor ui container will use migrate tool to run initial
SQL scripts to do initialization.  This is helpful for the case to
configure Harbor against external DB or DBaaS like RDS for HA deployment
However, this change will results some confusion as there are two tables
to track schema versions have been using alembic for migration, for this
release we'll try to use alembic to mock a `migration` table during
upgrade so the migrator will be bypassed, in future we'll consider to
consolidate to the golang based migrator.
Another issue is that the UI and adminserver containers will access DB
after start up in different congurations, can't ensure the sequence, so
both of them will try to update the schema when started up.
 2018-06-28 16:22:53 +08:00
stonezdj
72e9b22e10 Fix issue that harbor tile can not save customized settings 2018-06-28 16:20:10 +08:00
mricher
ee60eaec16
Change empty_subj to fix openssl issue 2018-06-27 16:50:26 +02:00
Daniel Jiang
cfc95c69e6 Fix failure of running prepare with python3 
This commit fixes #5053.
It removes the usage of `string.strip` which will fail in python3.
 2018-06-13 18:17:00 +08:00
Daniel Jiang
ccbd23d14e Change owner of the secret file in prepare script 
The secretkey file will be loaded by adminserver which is run by non-root
user (uid:10000) previously the entrypoint script will run `chown` to a
lot files, and there's a breakage in upgrade when we skip running
`chown` inside container.
This commit will fix the issue during upgrade by changing the owner of
the secretkey file.
 2018-06-08 16:43:16 +08:00
Wenkai Yin 79628
0c56493fb6 Soft delete label 
Modify the deletion of label to soft deletion, in this way the names of deleted labels referenced by replication rules can be shown to users
 2018-06-07 17:14:12 +08:00
Yan
6d800cabbd
enable migrator to support 1.5.0 migration from mysql to pgsql (#5029) 
This commit is to enable data migrator to support migrates data
from mysql to pgsql, this is a specific step for user to upgrade
harbor across v1.5.0, as we have move harbor DB to pgsql from
1.5.0. It supports both harbor and notary db data migration,
and be split into two steps with dependency.

It also fix issue #4847, add build DB migrator in make process.
 2018-06-01 14:58:43 +08:00
Daniel Jiang
9f13453d5f
chown only to the folder to store the config.json (#4978) 
Narrow down the scope of `chown` in adminserver because the
/etc/adminserver/config/ is the location to store the config.json file.
And /etc/adminserver/key should be readonly.
 2018-05-16 15:36:22 +08:00
Cyril Jouve
086ebbfe84 remove unused upstream 2018-05-15 14:11:28 +02:00
Deng, Qian
282a63f57f Fix legacy issues that html and css file are written on ts file. 
Currently, our html and css files are written as string on .ts file. This pr is to solve the legacy issue.
 2018-05-10 18:39:48 +08:00
Tan Jiang
5ff07cf619 Fix permission issue on VIC appliance 
The job logs directory's permission is not changed by prepare script
because the everything is moved from /data to /storage/data on VIC
appliance.  This commit will make sure both cases the directory is
readable by user 10000:10000.
This PR also makes sure the config json of notary signer has 0644
permission.
 2018-05-06 22:02:19 +08:00
Tan Jiang
21ec4808ec Collect log of redis 
Previously the log file was set to a hard coded file, but given this
redis should run in container, the update is made to have the process
output log messages to standard output, and redirect it to syslog in
docker-compose template.
 2018-04-30 18:16:11 +08:00
Wenkai Yin
fa8bbe821a Modify unique constraint of table harbor_label in pgsql (#4811) 
Add unique constraint to column name, scope and project_id of table harbor_label to make creating same name labels under different projects valid
 2018-04-27 08:01:20 -07:00
Yan
ae257433cc
Fully migrate harbor db to postgresql (#4689) 
* Merge harbor db to postgres
 2018-04-27 02:27:12 -07:00
Wenkai Yin
73babbf1ab Modify unique constraint of table harbor_label 
Add unique constraint to column name, scope and project_id  of table harbor_label to make creating same name labels under different projects valid
 2017-12-19 22:15:56 +08:00
Tan Jiang
1fc4142e1a Do not call chown to config files 
This commit fixes a recently discovered issue on Kubernetes #4496
It make necessary to avoid calling `chown` to config files during the
bootstrap of the containers.
 2018-04-20 13:44:21 +08:00
Steven Zou
9d13842a29 Fix the issue of missing copying the setting.json to container image (#4714) 
add `cp ./src/setting.json ../ui/static/`
 2018-04-18 17:43:24 +08:00
Steven Zou
43018dc755 Update the entrypoint script of clarity builder image to fix customized image copying issue 2018-04-17 19:10:43 +08:00
Steven Zou
ca8d3bdcc9
Merge pull request #4638 from vmware/use_redis_url_addr 
Use redis URL address to replace host:port when connecting to redis server
 2018-04-17 10:12:51 +08:00
Steven Zou
adc2f8f124 Use redis URL address to replace host:port when connecting to redis server 
replace tcp host:port with
'redis://arbitrary_usrname:password@ipaddress:port/database_index'

update prepare to generate config yaml file of job service based on harbor.cfg

update harbor.cfg default values
 2018-04-13 19:19:56 +08:00
yixingj
221a8b0892 Update HA tempalte 
Update the template.
Update the installation guide.
 2018-04-13 11:12:48 +08:00
Yan
946b4b4ad8
Update harbor default log level to info (#4639) 2018-04-12 19:04:44 +08:00
Daniel Jiang
ebc9d04479
Merge pull request #4624 from yixingjia/clairdbconfigurable 
Add dbname paramter in dburl
 2018-04-11 18:43:52 +08:00
yixingj
5b7f176c1d Add dbname paramter in dburl 
add dbname to dburl
 2018-04-11 17:38:45 +08:00
Steven Zou
a7c2e049cc Update the worker concurrency of job service from 10 to 50 to improve performance 2018-04-11 17:12:09 +08:00
Daniel Jiang
ba4c7f5731
Merge pull request #4514 from yixingjia/usemonitorapi 
Use new health check api for docker files
 2018-04-08 10:03:49 +08:00
Steven Zou
44808650be Merge branch 'master' into job_service 2018-04-03 16:28:26 +08:00
Daniel Jiang
53cea404fd
Merge pull request #4523 from ninjadq/migrator_1_5 
Upgrade migrator to 1.5.0
 2018-04-02 09:25:11 +08:00
Deng, Qian
93c96da18b Upgrade migrator to 1.5.0 2018-03-30 22:45:32 +08:00
Steven Zou
250360307b Modify docker compose file template and make file to enable new job service 
Fix typo in Makefile under photon

Fix version tag issue of redis container

Assign container name for redis container

Update docker compose template to enable network for redis

Remove exposed ports of redis from compose yaml tpl
 2018-03-30 16:52:55 +08:00
Steven Zou
d5a696d821 Merge branch 'master' into job_service 2018-03-30 11:23:20 +08:00
Steven Zou
afd3ffd63c
Merge pull request #4472 from yixingjia/redisserver 
Add Redis docker file
 2018-03-30 11:21:23 +08:00
Steven Zou
d1899c840d Merge branch 'master' into job_service 2018-03-29 23:25:20 +08:00
Jesse Hu
debcf7858a
Merge pull request #4521 from vmware/clair-http-proxy 
Add http_proxy configuration for Clair service
 2018-03-29 14:04:34 +08:00
yixingj
22f682c020 Use new health check api for docker files 
ui
nginx
adminserver
postgresql
 2018-03-29 13:00:28 +08:00
Jesse Hu
87c622141b Add http_proxy configuration for Clair service 
Clair needs Internet access to download vulnerabilities data.

Fix issue https://github.com/vmware/harbor/issues/4272
 2018-03-28 18:49:40 +08:00
Tan Jiang
b6df6cf169 Add indexes to job tables and bump up schema version. 2018-03-28 16:15:54 +08:00
Tan Jiang
41ce0891ab Trigger scan job from UI. 2018-03-26 18:07:21 +08:00
Tan Jiang
745b21abbc Merge remote-tracking branch 'upstream/master' into scan-job-migrate 2018-03-26 15:39:42 +08:00
stone
203b1b52bb
Merge pull request #4415 from stonezdj/user_group_and_project_member 
Add DAO for user group and project member
 2018-03-26 15:21:20 +08:00
Daniel Jiang
93568854d9
Merge pull request #4474 from reasonerjt/job_uuid 
Update SQL script to add uuid to job tables.
 2018-03-26 15:17:53 +08:00
stonezdj
49d960b060 Add DAO for project member and user group 2018-03-26 14:38:32 +08:00
yixingj
cb64ad96ff Make endpoint configurable 
Move all the endpoint to harbor.cfg
 2018-03-26 10:50:18 +08:00
Tan Jiang
381ecc3521 Merge with master 2018-03-26 10:37:17 +08:00
Tan Jiang
df69f7e410 Fix error in registry_sqlite.sql 2018-03-25 13:47:03 +08:00
Yan
cbcca015b0
add read only mode to stop docker push (#4433) 2018-03-23 03:16:08 -07:00
Jesse Hu
0b5e0aa041
Enhance registry docker file to make it work with NFS server (#4466) 2018-03-23 17:57:26 +08:00
yixingj
ee6a6af3c5 Add Redis docker file 
Add the redis docker files
 2018-03-23 17:46:43 +08:00
Tan Jiang
6f1c46624f Update SQL script to add uuid to job tables. 
We have to add the uuid/id mapping as new job service will only store uuid.

Further work is in feature branch for now, commit this change to
accelerate migration work.
 2018-03-23 17:45:50 +08:00
Tan Jiang
7238efd9ae Integrate new jobservice into docker-compose template 
This commit doesn't integrate redis.  No change to makefile b/c it
should work once the temporary jobservice_v2 folder is renamed to jobservice.
 2018-03-22 19:48:22 +08:00
Daniel Jiang
f885de0913
Merge pull request #4449 from ywk253100/180314_filter_by_label 
Add unique constraint to columns label_id, resource_id, resource_name and resource_type in table harbor_resource_label
 2018-03-21 18:37:04 +08:00
Wenkai Yin
83cfe9814d Add unique constraint to columns label_id, resource_id, resource_name and resource_type in table harbor_resource_label 2018-03-21 16:24:21 +08:00
Yan
5edbd00318
Revise harbor build version (#4445) 2018-03-21 13:03:49 +08:00
Wenkai Yin
838b439560 Implement filter repository and tags by label API 2018-03-21 10:51:06 +08:00
Daniel Jiang
62f25be709
Merge pull request #4423 from reasonerjt/config-migration 
Provide migration scripts for harbor.cfg
 2018-03-18 19:56:30 +08:00
Tan Jiang
c8265a8d53 Provide migration scripts for harbor.cfg 
Default target version is 1.5.0
This is mainly for VIC-appliance upgrade, and should be considered
experimental for oss due to limited test.
Tested with 1.2 and 1.3 harbor.cfg from VIC appliance.
 2018-03-16 14:38:50 +08:00
stonezdj
44fc373c6d Add LDAP Group Search Configure Param 2018-03-15 06:16:47 +08:00
Wenkai Yin
bcf81224ad Update according to the comments 2018-03-14 13:42:19 +08:00
Wenkai Yin
36b9c4e458 Implement adding/removing labels to/from repositories and images API 2018-03-12 19:30:05 +08:00
Wenkai Yin
379f113452 Implement label management API 2018-03-09 12:17:27 +08:00
Tan Jiang
f83c65bcc5 Reduce the output of build. 
The following are done to avoid travis-ci failing due to too much log
size.
1) Update Makefile and scripts to make go build less verbose.
2) Make tdnf less verbose
 2018-02-27 20:54:52 +08:00
stonezdj
f138067242 Refactor project member 2018-02-09 10:38:51 +08:00
Tan Jiang
07251181b9 Remove extra-hosts from docker-compose template 2018-02-05 00:02:37 +08:00
yixingj
6c8bb9c73f Refactor DB configuration in harbor.cfg 
Put harbor_db, clair_db configuration together
 2018-02-02 17:14:52 +08:00
Wenkai Yin
2221e114fa Add SELinux label for all volumes 2018-01-30 14:25:43 +08:00
yixingj
9c8706b0ce Fix images tag issue. 
move the image tag out
only remove the first : in the keypair.
 2018-01-25 17:34:47 +08:00
Tan Jiang
5975e6b964 Add place holder for injecting UAA host 
As this is for tile deployment only, so add a shortcut for tile/bosh
script to add entry in /etc/hosts inside the container.
Due to effort consideration I don't think we want to render
docker-compose in `prepare` script.
 2018-01-25 13:22:43 +08:00
yixingjia
f676a71422
Merge pull request #4110 from yixingjia/updatekeepalived 
Update keepalived config file
 2018-01-24 12:24:44 +08:00
yixingj
44df82a82d Update keepalived config file 
Update the keepalived config file
 2018-01-24 10:57:39 +08:00
Jesse Hu
8fe8c2b4ac Add a space after ':' when generating registry storage yaml config 
yaml requires 1 or more spaces between the key and value. This patch
is useful in case the user inputs 'key:value' instead of 'key: value'.
 2018-01-22 20:14:33 +08:00
yixingjia
208cb02d5c
Merge pull request #4054 from yixingjia/HA_Monitor 
Keepalived real server check script
 2018-01-17 19:03:14 +08:00
yixingj
ffa69bb256 Enhance monitor script for HA 
Add keepalived real server check script
 2018-01-17 14:23:26 +08:00
Wenkai Yin
8cda2d8d65
Merge pull request #4036 from ywk253100/180116_s3 
Propagate registry storage driver name to adminserver and return it in /api/systeminfo
 2018-01-16 18:41:08 +08:00
Daniel Jiang
1595200d05
Merge pull request #4028 from jessehu/reload_config 
[Issue 4015] Read reload_config option from harbor.cfg
 2018-01-16 17:35:04 +08:00
Wenkai Yin
53d5a2256a Propagate registry storage driver name to adminserver and return it in /api/systeminfo 2018-01-16 16:57:28 +08:00
Deng, Qian
b3e65ed71e Update migration tool for v1.4 
1. Update database meta file
2. Add migration file for 1.4
 2018-01-16 15:38:51 +08:00
Jesse Hu
b995881cd2 [Issue 4015] Read reload_config option from harbor.cfg 
If reload_config is true, Harbor will reload all configuration
in harbor.cfg when restarting. It's false by default.
 2018-01-16 12:42:30 +08:00
stonezdj
aa4e36c61a Change ldap scope after refactor 2018-01-08 16:59:15 +08:00
Daniel Jiang
64cc71ea12
Merge pull request #3941 from vmware/replication_enhancement 
Replication enhancement
 2018-01-08 10:56:39 +08:00
Jesse Hu
b1b316a97b
Add registry storage config in harbor.cfg (#3918) 
Refer to https://docs.docker.com/registry/configuration/#storage
for all available configuration.
 2018-01-07 17:23:18 +08:00
pfh
13308ce9d8 Merge remote-tracking branch 'upstream/master' into repEnhance 2018-01-05 14:09:03 +08:00
Jesse Hu
4fb947a155 Fix indentation in registry yaml files 2018-01-03 18:28:22 +08:00
Tan Jiang
e02de2068a Enable configuring the CA Certificate for UAA 
Enable configuring the path of root cert of UAA in harbor.cfg.  It only
takes effects if the verify_cert is set to "true" If the file does not
exist, the configuration is skipped.
The intention for this commit is to support integration with nested UAA
in PAS or PKS, we don't expect user to manually configure this value,
though he can do it if he wants.
 2018-01-03 16:21:29 +08:00
yixingjia
5340fed110
Merge pull request #3848 from yixingjia/ClairHA 
Enable Clair in HA
 2018-01-03 11:45:44 +08:00
Wenkai Yin
96a63c56b1 Merge remote-tracking branch 'upstream/master' into 180103_merge 2018-01-03 10:32:03 +08:00
stonezdj
b065f19f51 Add configure parameter ldap_verify_cert to harbor.cfg 2017-12-27 10:21:58 +08:00
Daniel Jiang
1c2d5e8036
Merge pull request #3638 from CMUH/k8s/bump-to-newer-resource 
Bump many resources type to newer ones of Kubernetes
 2017-12-26 11:44:29 +08:00
Deng, Qian
3187dcb5ae Upgrade Clarity to 0.10.x and Angular To 4.3.0 2017-12-25 16:10:51 +08:00
yixingj
ecd0bbf2dd Enable Clair in HA 
Run clair with Core Harbor services
Add check logic for Clair DB
 2017-12-21 23:23:35 +08:00
yixingj
f63588855f Make Clair DB configurable 
Make the HOST,PORT,USERNAME,DB configurable for
Clair
 2017-12-20 18:29:50 +08:00
Daniel Jiang
068d6a35df
Merge pull request #3832 from wy65701436/master 
Remove the workaroud for avoiding photon distro-sync error
 2017-12-20 15:06:43 +08:00
wangyan
b560f6c061 Remove the workaroud for avoiding photon distro-sync error 2017-12-19 21:10:32 -08:00
Daniel Jiang
052521b92c
Merge pull request #3821 from reasonerjt/uaa-restriction 
Refactor the configuraiton of UAA
 2017-12-19 19:36:09 +08:00
Tan Jiang
2ffc58a5d4 Refactor the configuraiton of UAA 
Remove the attribute "uaa_ca_root" from harbor.cfg and introduce
"uaa_verify_cert".  Similar to LDAP settings, this allow user to
explicitly turn of the cert verification against UAA server, such that
the code will work with self-signed certificate.
 2017-12-19 14:42:07 +08:00
wangyan
6b7df3636c Temporary workaround for photon distro-sync error 2017-12-18 22:18:21 -08:00
wangyan
1e750a1ed4 Unify images tags and build process 2017-12-14 23:52:18 -08:00
Wenkai Yin
a54b7dd4c0 Merge remote-tracking branch 'upstream/master' into 171219_merge 2017-12-15 08:48:57 +08:00
Wenkai Yin
665a54edc3 Merge remote-tracking branch 'upstream/master' into 171213_merge 2017-12-13 13:40:24 +08:00
yixingjia
ec269047c7
Merge pull request #3736 from yixingjia/HA 
HA installation script
 2017-12-12 16:27:28 +08:00
yixingjia
f4d0fd4d23
Merge pull request #3640 from yixingjia/moveconftoDB 
Add database driver for Harbor configurations
 2017-12-11 10:42:05 +08:00
yixingj
d328e2586e HA installation script 
Add --ha options when install Harbor.

Currently it does nothing.
 2017-12-07 22:56:57 +08:00
wangyan
8cd5ac5171 Update prepare chmod to support python3 2017-12-07 00:31:02 -08:00
yixingj
9b03c93afd Add database driver for Harbor configurations 
1>Add a new database driver for configurations
2> change the current default driver from json
to database
 2017-12-06 13:06:54 +08:00
stone
30e536b18b
Merge pull request #3683 from stonezdj/local_ldap_enhance 
Ldap enhancement
 2017-11-27 14:36:20 +08:00
Wenkai Yin
6b0ee138e5 Implement immediate trigger and the methods of WatchList 2017-11-27 14:23:21 +08:00
A31882(Wu Yi Chung)
0ae6eccde4 Replace Nginx-Proxy with Ingress 2017-11-27 09:25:24 +08:00
A31882(Wu Yi Chung)
ae2b702ea5 Replace ReplicationController with Deployment 2017-11-24 16:50:09 +08:00
A31882(Wu Yi Chung)
ee8144b98a change config path to fit with what defined in Dockerfile 2017-11-24 16:28:17 +08:00
stonezdj
16243cfbbc Add LDAP remote certifcate validation 
push test

Add unit test for ldap verify cert

remove common.VerifyRemoteCert

Update code with PR review comments

Add change ldaps config and add UT testcase for TLS feature

add ldap verfiy cert checkbox about #3513

Draft harbor ova install guide

Search and import ldap user when add project members

Add unit test case for SearchAndImportUser

ova guide

Add ova install guide

Add ova install guide 2

Add ova install guide 3

Call ValidateLdapConf before search ldap

trim space in username

Remove leading space in openLdap username

Remove doc change in this branch

Update unit test for ldap search and import user

Add test case about ldap verify cert checkbox

Modify ldap testcase
 2017-11-24 12:41:51 +08:00
yixingj
0af4e3a41d Fix clair permission issue 
Clair will call bzr, without -H in sudo it will usr root user's
Home envrionment.
 2017-11-23 20:03:57 +08:00
Daniel Jiang
a409cf8088
Merge pull request #3648 from reasonerjt/rebuild-images 
[Upload Build]Bump up mariaDB's version
 2017-11-21 23:47:45 +08:00
Yan
bef15d6180
Merge pull request #3655 from reasonerjt/scanjob-permission-fix 
Fix permission issue in job_log directory
 2017-11-21 23:28:39 +08:00
reasonerjt
074aa352ba Bump up mariaDB's version 2017-11-21 06:42:41 -08:00
Tan Jiang
b3e0af2382 Fix permission issue in job_log directory 2017-11-21 19:31:15 +08:00
yixingj
ceba1fd629 Fix Clair config permission issue 
Change config file own to clair
 2017-11-21 17:48:48 +08:00
Tan Jiang
e60de3e39d Update the log level of registry to info 2017-11-20 00:08:47 +08:00
reasonerjt
1f5a9cdee8 Fix issue in Docker files 
1)Fix a syntax error in clair Dockerfile
2)Fix permission issue in database migrator image.
 2017-11-16 01:15:59 -08:00
Ben Sebastian
ef14b1f308 Use dumb-init for Clair entrypoint (#3361) 2017-11-16 00:02:09 -06:00
yixingjia
effa92e7f0
Merge pull request #3605 from reasonerjt/dockerfile-refine 
Refine the Dockerfile
 2017-11-13 18:50:12 -08:00
Tan Jiang
6d7c028729 Refine the Dockerfile 
Refine the Dockerfile to remove temporary workarounds.
Also fixes #3587, to make sure the configuration files of rsyslog can be
read by uid 10000.
 2017-11-13 18:04:17 +08:00
Yan
e91fa5f7a5
Merge pull request #3489 from Evalle/fix-notary-link 
ISSUE-3460 - Fix link to Notary repo
 2017-11-13 16:19:06 +08:00
Daniel Jiang
01493508c1
Merge pull request #3589 from yixingjia/noroot_notary 
Run notary related images with user notary
 2017-11-12 22:56:59 -06:00
Evgeny Shmarnev
6c07689d85 Fix link to Notary repo 2017-11-10 11:16:37 +01:00
yixingj
12abeb0a36 Run notary related images with user notary 
1>Change the user from root to notary
2>Update the images.
 2017-11-10 14:38:41 +08:00
reasonerjt
19a13e8575 Deprivilege harbor-ui harbor-jobservice harbor-adminserver 
Use non-root user to run the service within these docker images, and provide HEALTHCHECK
mechanism.
 2017-11-09 03:09:09 -08:00
Wenkai Yin
367c2b142f
Merge pull request #3571 from ywk253100/171107_log_rotate 
Improve log rotation configurability
 2017-11-09 15:19:18 +08:00
Wenkai Yin
66b9699ac2 Improve log rotation configurability 2017-11-09 14:33:05 +08:00
Daniel Jiang
b654a55e85
Merge pull request #3546 from yixingjia/noroot_clair 
Run clair with limited user
 2017-11-08 13:51:16 +08:00
yixingj
e9d1b89936 Run clair with limited user 
1>creat user clair
2>run clair with user clair
 2017-11-08 12:31:35 +08:00
Daniel Jiang
8dfe5f0bfc
Merge pull request #3536 from ywk253100/171102_fail_earlier 
Fail earlier when found database schema dismatch
 2017-11-07 15:01:14 +08:00
Wenkai Yin
5293a9287b Fail earlier when found database schema dismatch 2017-11-07 13:07:56 +08:00
reasonerjt
9382cac934 Remove the Dockerfile of rsyslog image 2017-11-05 21:52:23 -08:00
Tan Jiang
512384722a Make the internal URL of UI and JobService configurable 2017-11-03 20:43:25 +08:00
root
6f335bdb1a Deprivilege harobr-log, harbor-db, registry image. 
This change involves using non-root user to run the process of the
docker images.  Also made update in Dockerfile to make the containers
support "read-only" and introduce "HEALTHCHECK". Note the "read-only"
options are not enabled in docker-compose, to cover the very corner
case when user wants to update the container filesystem manually.

Remove read only option from docker-compose template by default
 2017-11-02 23:35:06 -07:00
Daniel Jiang
6a9dc8a133
Merge pull request #3495 from ywk253100/171031_config 
Add email_insecure and delete verify_remote_cert configuration item from harbor.cfg
 2017-11-02 17:47:48 +08:00
Wenkai Yin
51d5df0849 Update replication policy API to support trigger and filter 2017-11-02 14:59:26 +08:00
Daniel Jiang
f7967e22ab
Merge pull request #3482 from yixingjia/ossclairupdate 
Update Clair base images
 2017-11-02 14:23:33 +08:00
yixingjia
8908b75085
Merge pull request #3481 from yixingjia/ossnotaryupdate 
Update Notary base images and oss package
 2017-10-31 19:46:07 -07:00
Daniel Jiang
f7b4218022
Merge pull request #3476 from yixingjia/ossUpdateUI 
Update UI image oss package to latest
 2017-10-31 17:50:03 +08:00
yixingjia
5e54f793e1
Merge pull request #3477 from yixingjia/ossUpdateRegistry 
Update registry image oss package to latest
 2017-10-31 00:40:07 -07:00
Wenkai Yin
f3a4cecdcb Add email_insecure and delete verify_remote_cert configuration item from harbor.cfg 2017-10-31 13:51:49 +08:00
Wenkai Yin
0ddca31355 Add column id to table project_metadagta as the primary key 2017-10-30 17:37:25 +08:00
yixingj
651cb81389 Update Clair base images 
1>update clair base iamges to vmware/photon:1.0
2>update oss packages to latest
 2017-10-30 17:04:14 +08:00
yixingj
2953ca9967 Update Notary base images and oss package 
1> Update Notary server image to vmware/photon
2> Update NOtary signer image to vmware/photon
3> update oss package to latest
 2017-10-30 14:46:33 +08:00
yixingj
d8919f4da9 Update Clair base images 
1>update clair base iamges to vmware/photon:1.0
2>update oss packages to latest
 2017-10-30 13:50:44 +08:00
yixingj
beefb40d0d Update Notary base images and oss package 
1> Update Notary server image to vmware/photon
2> Update NOtary signer image to vmware/photon
3> update oss package to latest
 2017-10-30 13:12:47 +08:00
yixingj
d173fd7256 Update registry image oss package to latest 
1>Change base image to vmware/photon
2>update oss pakcage and remove vim package.
 2017-10-30 11:06:48 +08:00
yixingj
c4024f03a1 Update UI image oss package to latest 
Update base image to photon
Remove vim from the image
 2017-10-30 10:56:18 +08:00
Tan Jiang
5b12747761 Fix the bug to change permission of bootstrap scripts 2017-10-27 14:10:48 +08:00
Tan Jiang
2cedfff4b3 Rebuild Harbor DB docker image on top of Maria DB 
This change reworked the vmware/harbor-db image to build it on top of
vmware/mariadb-photon.
Also made minor change in the entrypoint script of mariadb image to
execute upgrade script during bootstrap, and fix a file permission
issue in the bootstrap scripts.
 2017-10-26 12:27:09 +08:00
Daniel Jiang
bda38bd72e Merge pull request #3451 from reasonerjt/commit-message 
Provide a template for git commit messages
 2017-10-24 19:20:08 +08:00
Tan Jiang
aa84090587 Provide a template for git commit messages 
Also removed some comment in the entrypoint script.
 2017-10-24 17:54:06 +08:00
yixingjia
160c716d83 Merge pull request #3423 from yixingjia/ossrsyslog 
Update OSS in rsyslog images
 2017-10-23 21:11:51 -07:00
yixingjia
844d3a7893 Merge pull request #3424 from yixingjia/ossJobservice 
Update OSS package in Jobservice
 2017-10-23 21:11:37 -07:00
yixingj
20929350b1 Update OSS in rsyslog images 
1> change to new photon base images
2> update OSS to latest
 2017-10-23 16:37:28 +08:00
Daniel Jiang
cf5bcbebb9 Merge pull request #3415 from reasonerjt/mariadb-on-photon 
Provide Dockerfile and artifacts for building mariadb on photon OS.
 2017-10-23 12:19:04 +08:00
yixingj
535e7cadd5 Update OSS in rsyslog images 
1> change to new photon base images
2> update OSS to latest
 2017-10-23 12:02:22 +08:00
yixingj
83a5ab2818 Update OSS package in Jobservice 
1>update OSS package in Job eservice images
2>use new photon base images
 2017-10-23 10:49:27 +08:00
Wenkai Yin
2156750b04 Move certificate verification to target level 
The certificate verification is on system level before this commit. Moving it
to target level makes the configuration more flexible for different targets.
 2017-10-20 15:36:56 +08:00
Tan Jiang
1871011a5d Provide Dockerfile and artifacts for building mariadb on photon OS. 
Also update the docker-compose template such that the notary db instance
will be provisioned via the mariadb-photon image.
 2017-10-20 14:41:36 +08:00
Wenkai Yin
66b2d0d3f3 Apply project level policies to standalone Harbor 
The following features are only enabled in integration mode, this commit moves
these to standalone Harbor:
 - Content trust policy: only signed images can be pulled
 - Vulnerability policy: only images whose severity is below the threshold can be pulled
 - Automatic scan policy: automatic scan pushed images
 2017-10-19 17:33:28 +08:00
yixingjia
95743f9a81 Merge pull request #3373 from yixingjia/updatenginx 
Update nginx images OSS to latest
 2017-10-17 22:13:11 -07:00
yixingjia
98472237e5 Merge pull request #3389 from yixingjia/updateadminserver 
Update OSS packages in adminserver images
 2017-10-17 22:12:56 -07:00
yixingj
0f3380c3ef user change image tag to 20170928 
due to photon os images 1.0 has bugs.
fallback to 20170928, we shuld change this to 1.0
when the bug fixed.
 2017-10-17 16:55:30 +08:00
yixingj
7cf47fafc4 Update docker file 2017-10-17 15:33:07 +08:00
yixingj
882b077d2f Update OSS packages in adminserver images 
remove unneeded packages
move to vmware/photon images base
 2017-10-17 14:56:34 +08:00
Daniel Jiang
e6874cf9f1 Merge pull request #3383 from reasonerjt/uaa-integration 
Make the root CA certificate of UAA configurable
 2017-10-17 12:20:22 +08:00
Daniel Jiang
b5551af27f Merge pull request #3382 from ywk253100/171013_rotate 
Make log rotate days configurable
 2017-10-17 11:22:46 +08:00
yixingj
4e9e6b2641 Update adminserver software images 2017-10-17 10:54:00 +08:00
Tan Jiang
eab6b43d99 Make the root CA certificate of UAA should be configurable 2017-10-16 17:40:29 +08:00
Wenkai Yin
bc3d859571 make log rotate days configurable 2017-10-16 17:09:28 +08:00
yixingj
28b60bd197 Update nginx images OSS to latest 
1>update nginx images OSS to latest
2>Fix nginx version issue
 2017-10-13 15:25:19 +08:00
yixingj
3dc0f65fb3 Update OSS in postgresql image 
1> update OSS in postgresql image
2> update postgresql to 9.6.5
 2017-10-12 17:08:47 +08:00
Tan Jiang
51286d9baa Provide UAA authenticator for password based authentication. 2017-10-07 00:16:53 +08:00
Daniel Jiang
ddaad98526 Merge pull request #3307 from wy65701436/add-build-notary 
build scripts for notary(signer/server) docker images based on photon 1.0
 2017-09-29 17:23:19 +08:00
Daniel Jiang
1bc4db0ec8 Merge pull request #3340 from reasonerjt/k8s-deploy 
Refine doc, rename script.
 2017-09-29 16:42:08 +08:00
Wenkai Yin
b2420c035f Merge pull request #3336 from ywk253100/170927_pro_policy 
Implement the default project metadata manager
 2017-09-28 17:21:43 +08:00
Tan Jiang
72b9c5f39e Refine document to add limitation and clarify loading the image, also update the name of prepare script to k8s-prepare, to differentiate the default one. 2017-09-28 16:28:59 +08:00
Wenkai Yin
e495357d98 implement the default project metadata manager 2017-09-28 16:17:51 +08:00
Daniel Jiang
21c4e45cd3 Merge pull request #3302 from reasonerjt/k8s-deploy 
Refine k8s deployment scripts and document
 2017-09-28 13:02:08 +08:00
wangyan
c2e4e9aa1b remove the binary files from commit, and get them from the private repo. 2017-09-26 17:52:34 +08:00
wangyan
0aac7832eb automate scripts for notary(signer/server) docker images bases on photon 1.0, code is not based on 0.5.0 
remove the binary temp folder, just keep on binary path.
 2017-09-26 17:21:50 +08:00
Tan Jiang
0615f7ba9b Refine k8s deployment scripts and document 2017-09-26 13:57:44 +08:00
yixingj
2a53c64c59 move database configuration to HA only seciton 2017-09-25 13:33:45 +08:00
yixingj
6df2623956 Merge branch 'makedatabgaseconfigurable' of github.com:yixingjia/harbor into makedatabgaseconfigurable 2017-09-25 13:31:35 +08:00
yixingj
357004fbf1 Make Harbor database configurable 2017-09-25 13:29:49 +08:00
yixingj
fb690a972f Make Harbor database configurable 2017-09-22 11:23:08 +08:00
Daniel Jiang
9c6468f963 Merge pull request #3088 from m-masataka/k8s-deploy 
k8s deployment
 2017-09-19 15:22:34 +08:00
yixingj
026e8e7f95 disable nginx buffer 
When host in low disk status, enable the buffer will cause upload error.
 2017-09-01 18:44:13 +08:00
Yan
408c1b429b update registry image (#3135) 
update

update
 2017-08-30 16:13:54 +08:00
yixingjia
8f34945d4b Merge pull request #3112 from yixingjia/nginx_temp_path 
Try to fix some wired permission error
 2017-08-25 20:32:56 -07:00
yixingj
362bf1a83e Try to fix some wired permission error 2017-08-24 15:42:20 +08:00
Daniel Jiang
0659edeebc Merge pull request #2855 from wy65701436/build-registry 
build registry
 2017-08-23 13:58:24 +08:00
Wassim Dhif
70f2865500 use $REGISTRY instead of $4 (#3103) 2017-08-22 18:24:34 +08:00
Daniel Jiang
bf8aef8e7e Merge pull request #3092 from reasonerjt/clair-conf-change 
Clair conf change
 2017-08-22 13:40:18 +08:00
yixingjia
549ad02ac7 Update postgresql to 9.6.4 (#3093) 2017-08-21 18:16:57 +08:00
Tan Jiang
c1bbcb5bab update the interval of clair updater to 12 hours, and update the interval for scan all to 2 hours 2017-08-21 13:45:23 +08:00
root
f9480b92b5 k8s deployment 2017-08-18 18:11:15 +00:00
Wenkai Yin
7296bdc131 increase length of username in database to 256 2017-08-17 15:24:34 +08:00
Daniel Jiang
0b2d7ae6c2 Merge pull request #2973 from reasonerjt/master 
Enable buffer on nginx
 2017-08-07 12:48:24 +08:00
Tan Jiang
885ddfddd0 enable buffer on nginx 2017-08-04 21:22:22 +08:00
Wenkai Yin
232b9ca70c update the psc token dir 2017-08-02 14:50:49 +08:00
yixingjia
af1b11df2f Limit clair resource (#2924) 
When run clair full scan it will take more than 60% percent of CPU if no limit
this change to limit clair to use at most 1.5cpu

We can this it to cpus when we move to docker compose3.0
 2017-08-02 13:11:26 +08:00
wangyan
efc10127f3 update message 2017-07-26 02:22:03 -07:00
wangyan
c952db3c73 update 2017-07-24 18:32:50 -07:00
wangyan
3f831b2326 update per comments 2017-07-24 17:49:59 -07:00
wangyan
694bbef633 build registry 2017-07-24 03:21:38 -07:00
Yan
686b477775 update registry to 2.6.2 (#2851) 
rm dockerfile

update

add comments
 2017-07-24 02:19:32 -07:00
Daniel Jiang
5c8be3502c Merge pull request #2697 from yixingjia/rsyslog 
Prepare rsyslog docker based on photon
 2017-07-19 18:08:05 +08:00
Wenkai Yin
7573d59624 update token file location 2017-07-19 13:46:10 +08:00
Tan Jiang
629cf29850 The password to access clair db can be configured in harbor.cfg, skip auto-scan if clair-db is not ready 2017-07-17 15:25:47 +08:00
Yan
7040e5ad5a Clair photon (#2721) 
* update

* update

* modify docker compose

* update tag

* update
 2017-07-10 21:00:44 -07:00
Tan Jiang
e1e975096c add int id for scan overview and revoke the change in beego 2017-07-09 12:37:08 +08:00
yixingjia
326b65ef23 Merge pull request #2700 from yixingjia/upgradeclair 
Update Clair to 2.0.1
 2017-07-06 11:02:56 +08:00
Daniel Jiang
b96770b90a Merge pull request #2693 from reasonerjt/clair-notification 
Clair notification handler
 2017-07-05 20:18:34 +08:00
Yan
d849c36e3f Merge pull request #2570 from samifruit514/master 
Allow 255 chars for Realname
 2017-07-05 03:17:57 -07:00
Tan Jiang
8b31715b34 provide Clair notification handler 
update the timestamp in DB, when handling the notification
 2017-07-05 15:35:53 +08:00
yixingj
3d5cd32ee8 Base dockerfile for rsyslog 2017-07-04 17:57:37 +08:00
yixingj
34c812243e Update Clair to 2.0.1 
fix the Debian mapping issue.
 2017-07-04 17:44:10 +08:00
Yan
2638e3dc7d Merge pull request #2682 from wy65701436/db-migrate 
1.2.0 DB migrator
 2017-07-03 22:51:31 -07:00
yixingj
2762eec4ed Prepare rsyslog docker based on photon 2017-07-03 17:57:46 +08:00
Daniel Jiang
1ca1eddb0f Merge pull request #2676 from yixingjia/nginxonphoton 
Move nginx to photon OS
 2017-07-01 00:08:08 +08:00
wangyan
c986c33a6c 1.2.0 DB migration 
update

update
 2017-06-30 03:01:56 -07:00
Wenkai Yin
bdbdb383ac update 2017-06-30 16:21:55 +08:00
yixingj
fc50fd51d5 Move nginx to photon OS 2017-06-30 14:03:42 +08:00
Wenkai Yin
84b443e2b2 Merge remote-tracking branch 'upstream/master' into 170628_getpm 
Conflicts:
	src/ui/config/config.go
	src/ui/proxy/interceptor_test.go
 2017-06-30 00:14:45 +08:00
Wenkai Yin
d6b4330cc8 create a global project manager 2017-06-30 00:08:45 +08:00
yixingjia
b79b80c6ee Merge pull request #2657 from yixingjia/clairofflinedata 
Support include offline data on clair startup
 2017-06-28 18:01:34 +08:00
yixingj
a23c6ee8c6 Support include offline data on clair startup 2017-06-28 15:45:16 +08:00
Steven Zou
c90dacb0ba Merge pull request #2648 from steven-zou/master 
Upgrade UI builder to 1.2.7
 2017-06-27 19:26:57 +08:00
yixingjia
a64926231d Merge pull request #2629 from yixingjia/postgresqlonphoton 
Update clair postgresql to use photon os
 2017-06-27 17:30:26 +08:00
Steven Zou
85db2ad892 fix issue of ui builder image entry command 2017-06-27 13:49:41 +08:00
yixingj
27670742b4 Change version fromat and add init db sql directory 2017-06-26 15:31:34 +08:00
yixingj
e0af9c036f Update clair postgresql to use photon os 2017-06-26 10:56:29 +08:00
Steven Zou
7c68c1ca69 Enhance script in make/dev/nodeclarity/entrypoint.sh 2017-06-23 18:58:58 +08:00
Steven Zou
a12ec997cc Fix tooltip cut issue 
Change Dockerfile of UI builder
 2017-06-23 18:58:43 +08:00
Steven Zou
7c0e79d10a update ui builder to 1.2.6 2017-06-23 18:58:14 +08:00
Steven Zou
deeb37ac87 Update ui building process 2017-06-22 17:09:53 +08:00
Steven Zou
ed1263148f Merge pull request #2562 from steven-zou/master 
Refactor harnor portal with sharable components in harbor-ui lib
 2017-06-21 16:51:46 +08:00
Archambault, Samuel
18cea61121 Allow 255 chars for Realname 2017-06-19 13:54:21 -04:00
Steven Zou
4d9eeac434 change angualr cli version to 1.2.0 2017-06-19 12:43:43 +08:00
Tan Jiang
15384317e0 add with_clair flag in systeminfo 2017-06-15 16:15:46 +08:00
Daniel Jiang
f61ba725c5 Merge pull request #2505 from wy65701436/master 
clair integration
 2017-06-14 21:02:16 +08:00
wangyan
b71584457f udpate DB image version 2017-06-14 02:22:26 -07:00
Tan Jiang
ae2d868fd4 handlers for image scan, store results overview in DB 2017-06-13 23:37:54 +08:00
wangyan
02df58b4b6 clair integration 2017-06-13 02:13:24 -07:00
Daniel Jiang
42984fe1c9 refactory for scan job service (#2459) 
* refactory for scan job service and implement ScanJob.
 2017-06-08 15:04:23 +08:00
Daniel Jiang
32102c1523 Merge pull request #2332 from vmware/release-1.1.0 
merge 1.1.0 to master
 2017-05-19 07:19:46 -07:00
Daniel Jiang
0b02231093 Update registry img (#2330) 
* update the registry image

* update other yml files and docs to reflect image update
 2017-05-19 00:19:27 -07:00
Daniel Jiang
5892ef29c2 Merge pull request #2291 from reasonerjt/vulscan-job-refactory 
add scan job table and dao functions
 2017-05-12 02:45:55 -04:00
Tan Jiang
dcbfb4d309 add scan job table and dao functions 2017-05-11 21:41:57 +08:00
Wenkai Yin
1e28f01365 delete foreign key 2017-05-10 18:28:19 +08:00
Yan
8db1b2807e Merge pull request #2197 from ywk253100/170502_change_userid 
Delete column user_id from table access_log
 2017-05-10 00:02:54 -07:00
Daniel Jiang
79903ca3f3 Merge pull request #2194 from reasonerjt/create-reverse-proxy 
create reverse proxy
 2017-05-03 15:09:11 +08:00
Wenkai Yin
3be9cca0f5 delete column user_id from table accesslog 2017-05-03 14:18:07 +08:00
Tan Jiang
785298e6b9 create reverseproxy 2017-05-02 20:27:45 +08:00
Wenkai Yin
4eca617916 Merge remote-tracking branch 'upstream/master' into 170427_delete_ownerid 2017-05-02 14:58:36 +08:00
Wenkai Yin
4f9d9ed5d8 delete owner_id column from table repository 2017-05-02 14:57:07 +08:00
kunw
5ed47c0316 Merge release-1.1.0 2017-05-02 13:27:06 +08:00
Tan Jiang
83b9196925 use docker-compose to deploy clair with harbor 2017-04-27 19:13:53 +08:00
Tan Jiang
c3c34ea7c3 set restart policy of notary to 'always' 2017-04-27 17:07:38 +08:00
kunw
eddde3c804 Update for harbor UI builder image. 2017-04-26 16:00:18 +08:00
kunw
ba49eb79f1 Update for ui image building. 2017-04-21 19:34:57 +08:00
wangyan
29845dbcca add clarity support 2017-04-21 02:08:13 -07:00
Yan
c06abe9b8a Merge pull request #2026 from wy65701436/1.1.0-document 
update compile document
 2017-04-17 22:16:15 -07:00
wangyan
f41fcdeeb4 update compile document 
update makefile

update per comments

update document
 2017-04-17 04:05:33 -07:00
Haining Henry Zhang
425106524f update documents (#2020) 
* update change log

* update documents

* update documents

* update AUTHORS

* update README

* update harbor.cfg
 2017-04-17 13:46:39 +08:00
wy65701436
20458f88d2 fix mysql image to 5.6.35 2017-04-12 03:47:23 -07:00
Yan
a7d21baebc Merge branch 'master' into master 2017-04-11 14:19:43 +08:00
wy65701436
91a86faa75 update 2017-04-10 22:33:39 -07:00
wy65701436
ec06bd2073 add crt 0600 2017-04-10 22:06:39 -07:00
Tan Jiang
0471c8ed2c escape mysql root password 2017-04-11 12:50:13 +08:00
wy65701436
6b2b9cdc83 fix issue 1932 2017-04-09 05:16:52 -07:00
Wenkai Yin
2cdd2bb659 fix word mistake 2017-04-07 18:24:08 +08:00
Tan Jiang
965c7a5e70 reference the patched nginx image 2017-04-07 15:07:46 +08:00
Daniel Jiang
93f5c78b4b Merge pull request #1948 from ywk253100/170406_secretkey 
Mount config to another dir, fix #1939
 2017-04-07 11:35:58 +08:00
Wenkai Yin
e60fd0530f mount config to another dir, fix #1939 2017-04-07 09:14:41 +08:00
Tan Jiang
a2726b55a8 Merge remote-tracking branch 'upstream/master' into enable-gzip 2017-04-06 15:28:41 +08:00
Tan Jiang
d527a543bd enable gzip by default 2017-04-06 14:47:41 +08:00
wy65701436
f6c4137af1 fix issue 1916 2017-04-05 22:53:09 -07:00
Daniel Jiang
7d6d641827 Merge branch 'master' into dev 2017-04-05 17:01:27 +08:00
wy65701436
b827fdd5a5 use gzip to save docker images. 2017-04-04 23:48:29 -07:00
Daniel Jiang
d49a307312 Merge pull request #1868 from reasonerjt/nginx-log-format 
update nginx log format to include response time
 2017-03-30 15:12:30 +08:00
Wenkai Yin
2528ad9c62 Merge pull request #1870 from ywk253100/170330_ca_download_dir 
Mount ca dir to UI container
 2017-03-30 13:52:27 +08:00
Wenkai Yin
ec27e2dc07 remove compress js flag 2017-03-30 12:59:47 +08:00
Wenkai Yin
ee2a6748c0 mount ca dir to container, fix #1829 2017-03-30 12:50:20 +08:00
Tan Jiang
7555dd9d48 update nginx log format to include response time 2017-03-30 12:46:13 +08:00
Tan Jiang
864e0f415e prepare should remove the temp files generated for creating certificate 2017-03-29 17:08:28 +08:00
Tan Jiang
715d87dc80 fixes #1818 2017-03-28 10:11:13 +08:00
Tan Jiang
851f61032a Do not generate new alias each time prepare runs 2017-03-24 20:05:13 +08:00
Tan Jiang
a33f4151e2 merge with dev branch 2017-03-24 14:40:34 +08:00
Yan
e2fe74598b Merge pull request #1776 from wy65701436/dev 
add -v to docker-compose down
 2017-03-24 14:05:48 +08:00
wy65701436
02431de5a4 add -v to docker-compose down 2017-03-23 22:45:01 -07:00
Tan Jiang
3e8d71538f generate cert for notary signer in prepare, 
update the default certificates so the subject is formal.
 2017-03-24 13:33:49 +08:00
Tan Jiang
90bc280ea1 add a 4443 ssl server to nginx config 2017-03-24 13:16:48 +08:00
Tan Jiang
402a482bc6 generate cert for notary signer in prepare 2017-03-23 21:00:53 +08:00
Tan Jiang
980101eab5 package vmware/registry into offline package 2017-03-23 12:36:36 +08:00
Daniel Jiang
6d013531a7 Merge pull request #1717 from reasonerjt/dev 
restrict access to notary db
 2017-03-23 11:01:01 +08:00
Tan Jiang
44cd3ec85b update make file and docker compose template 2017-03-22 20:56:08 +08:00
Tan Jiang
f9180c0c96 rebuild registry image on photon 2017-03-22 20:27:15 +08:00
Tan Jiang
3c16d6c1a1 restrict access to notary db 2017-03-22 18:15:16 +08:00
wy65701436
c5633f7ce8 add version support 2017-03-21 04:56:59 -07:00
Daniel Jiang
7f099ebe50 Merge pull request #1703 from reasonerjt/dev 
Use notary images based on photon, migrate db in notary's images
 2017-03-21 19:35:27 +08:00