Commit Graph

321 Commits

Author SHA1 Message Date
Qian Deng
52b6a5333a
Add san for notary cert (#13939)
Signed-off-by: DQ <dengq@vmware.com>
2021-01-11 11:41:52 +08:00
Wang Yan
c6814f2bcc
move ci from travis to gitaction (#13891)
1, deprecate travis, and use the gitaction for instread.
2, upgrade golang version to v1.15.6

Signed-off-by: Wang Yan <wangyan@vmware.com>
2021-01-06 15:30:54 +08:00
Daniel Jiang
4f5f8a3961 Update health check script for harbor-db (#12103)
This patch remove the trailing space of the hostname introduced by
`hostname -i`.

The trailing space will cause resolution error after this patch is
applied to glibc in photon:
https://github.com/vmware/photon/blob/2.0/SPECS/glibc/glibc-fix-CVE-2019-10739.patch

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2020-06-01 11:10:45 +08:00
stonezdj(Daojun Zhang)
aae70811f0
Merge pull request #12068 from ninjadq/add_timeout_in_nginx_config_1_10_0
Add timount on nginx configs
2020-05-27 16:57:39 +08:00
DQ
712ac4fb5b Add timount on nginx configs
set timeout to 900

Signed-off-by: DQ <dengq@vmware.com>
2020-05-26 16:25:31 +08:00
DQ
f42a43e495 Enhance: Upgrade chartmuseum version
Upgrade chartmuseum version 0.12.0

Signed-off-by: DQ <dengq@vmware.com>
2020-05-26 15:24:53 +08:00
Daniel Jiang
d6cab4fb8e
fix: set root password never expire (#11851)
Signed-off-by: Yiyang Huang <huangyiyang@caicloud.io>

Co-authored-by: Yiyang Huang <huangyiyang@caicloud.io>
2020-05-08 11:35:35 +08:00
DQ
ac04806336 Fix: GCS storage gc issue
Mount gcs key to registryctl

Signed-off-by: DQ <dengq@vmware.com>
2020-04-29 15:21:50 +08:00
He Weiwei
d0189beddd
fix(prepare): not accpet items of false value in external_redis configurations (#11405)
Item in yaml without value will be as None in python, which will make
the password of redis as `None` in `get_redis_configs`. This fix will
not accept items of `false value` in `external_redis` configurations.

Closes #11367

Signed-off-by: He Weiwei <hweiwei@vmware.com>
2020-04-03 11:39:25 +08:00
Daniel Jiang
9a8efdb8eb
Merge pull request #11345 from reasonerjt/rm-notary-signer-certs-1.10
Remove the certs of notary signer - 1.10
2020-04-01 08:50:43 +08:00
Daniel Jiang
a99609e375 Remove the certs of notary signer
Since `prepare` generates the certs as needed during installation, these
certs should not exist in the repo.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2020-03-27 19:27:51 +08:00
Ziming Zhang
bd2d3ecc81 feat(cicd) fix build_base_docker and prepare image
Signed-off-by: Ziming Zhang <zziming@vmware.com>
2020-03-23 12:03:48 +08:00
DQ
4bbf391d3b Fix: fix logrotate is dir issue
Change it to bind command

Signed-off-by: DQ <dengq@vmware.com>
2020-03-13 15:34:07 +08:00
Ziming Zhang
d80322c3b4 feat(cicd) use unified version as tag name, clean more
Signed-off-by: Ziming Zhang <zziming@vmware.com>
2020-03-09 16:51:45 +08:00
Ziming Zhang
abfafc29f1 feat(cicd) use unified version as tag name
Signed-off-by: Ziming Zhang <zziming@vmware.com>
2020-03-03 20:51:49 +08:00
Steven Zou
07dbbf1023 doc[api spec]:rename folder name to
Signed-off-by: Steven Zou <szou@vmware.com>
2019-12-10 14:20:54 +08:00
Wang Yan
6b84b62f75
Merge pull request #10155 from bitsf/upgrade_clair_1.10
[cherry-pick] upgrade clair to v2.1.1
2019-12-06 11:48:42 +08:00
He Weiwei
91af4f2413
chore(scanner): upgrade clair scanner to 1.0.1 (#10148)
Signed-off-by: He Weiwei <hweiwei@vmware.com>
2019-12-05 17:52:16 +08:00
Ziming Zhang
2b378899df upgrade clair to v2.1.1
Change-Id: Idb2ad0470a51666d75895d8c5e68d80a67e05276
Signed-off-by: Ziming Zhang <zziming@vmware.com>
2019-12-05 14:28:32 +08:00
Daniel Jiang
ae2d0f0588
Merge pull request #10026 from ninjadq/migrator_miss_component_no_proxy_110
Add default domainname for no_proxy
2019-12-03 10:51:12 +08:00
DQ
3aedae86b2 Fix ca bundle path join issue
CA bundle name start with '/' will break the os path join

Signed-off-by: DQ <dengq@vmware.com>
2019-11-27 18:48:23 +08:00
DQ
a8ac235fa1 Add default domainname for no_proxy
All internal service and known internal hostname shuold add to no_proxy by default

Signed-off-by: DQ <dengq@vmware.com>
2019-11-27 17:06:26 +08:00
He Weiwei
b8308f41a0 fix(prepaire,clair): disable clair updaters when its interval is 0
Closes #9961

Signed-off-by: He Weiwei <hweiwei@vmware.com>
2019-11-22 03:31:20 +00:00
Daniel Jiang
2fcd174e4b
Merge pull request #9828 from wy65701436/cii-docker-base
add base images when to build harbor assets
2019-11-15 14:24:11 +08:00
He Weiwei
fe69a5df99 build(scanner-adapter): bump up clair adapter to v1.0.1-rc2
Signed-off-by: He Weiwei <hweiwei@vmware.com>
2019-11-13 02:35:21 +00:00
wang yan
47793e77e3 update base file name ane pass base version to build file
Signed-off-by: wang yan <wangyan@vmware.com>
2019-11-12 19:12:49 +08:00
Wang Yan
544cc98971 add base images when to build harbor assets
* add base images when to build harbor assets

Signed-off-by: wang yan <wangyan@vmware.com>
2019-11-12 15:38:51 +08:00
Yogi_Wang
cddc1149f1 Modify the memory of nodejs used from 8192MB to 2048MB
Signed-off-by: Yogi_Wang <yawang@vmware.com>
2019-11-11 17:05:42 +08:00
Wang Yan
6da183d576
Merge pull request #9800 from ninjadq/failure_earlier_of_ca_bundle_permission_check
Failure earlier of ca bundle permission check
2019-11-11 14:09:21 +08:00
Wang Yan
0b09bd14b1
Merge pull request #9756 from ninjadq/add_ignore_media_type
Add ignore mediatypes for registry
2019-11-08 18:34:13 +08:00
DQ
80c3e76b5a check the permission of ca bundle file
CA bundle need check before use

Signed-off-by: DQ <dengq@vmware.com>
2019-11-08 15:34:17 +08:00
Daniel Jiang
06e4e124d8
Refine request handle process (#9760)
* Refine request handle process

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2019-11-07 13:02:17 +08:00
DQ
45868107aa Add ignore mediatypes for registry
Add these mediatypes to reduce the amount of registry event

Signed-off-by: DQ <dengq@vmware.com>
2019-11-06 21:39:08 +08:00
Wang Yan
27cb25cc04
Merge pull request #9400 from ninjadq/inject_certs_to_non_root
Inject certs to non root
2019-11-05 14:49:08 +08:00
DQ
ece321a53a Change certs's owner to 10000
Signed-off-by: DQ <dengq@vmware.com>
2019-11-04 17:38:41 +08:00
Wang Yan
3f39b0ba4f
Merge pull request #9550 from ninjadq/enable_https_by_default
Enable https by default
2019-11-04 16:51:33 +08:00
DQ
a0462f0baa Change the clair container to non root user
Signed-off-by: DQ <dengq@vmware.com>
2019-11-04 11:36:39 +08:00
DQ
d0ed075b91 Change chartmuseum container to non-root
Signed-off-by: DQ <dengq@vmware.com>
2019-11-04 11:36:39 +08:00
DQ
1c76d52152 Add registryctl to non-root
And the install_cert.sh will changed for non-root too

Signed-off-by: DQ <dengq@vmware.com>
2019-11-04 11:36:39 +08:00
Qian Deng
336dbfd3e1
Merge pull request #9452 from ninjadq/add_certs_in_specific_dir
All certs in /harbor_cust_certs will appended to ca_bundle
2019-11-01 13:13:18 +08:00
Daniel Jiang
02dab35a43
Merge pull request #9683 from ninjadq/upgrade_python_rand_gen
Replance python ran lib to secrets
2019-10-31 21:51:38 +08:00
DQ
873d9f5b82 Enable https by default
1. Umcomment https related configs
2. Remove the https prepare related thing in ci

Signed-off-by: DQ <dengq@vmware.com>
2019-10-31 20:58:09 +08:00
DQ
2529f69fba All certs in /harbor_cust_certs will appended to ca_bundle
Signed-off-by: DQ <dengq@vmware.com>
2019-10-31 20:51:08 +08:00
Daniel Jiang
bc65609a10
Merge pull request #9657 from wy65701436/quota-sync-switcher
add a switcher for quota sync on core launch
2019-10-31 19:22:23 +08:00
Wang Yan
fa784d7514
Merge pull request #9649 from wy65701436/fix-9081
add ldflags for harbor compiler and linker
2019-10-31 19:14:16 +08:00
DQ
6c01049d94 Replance python ran lib to secrets
Secrets is included in python 3.6, so just import and use it

Signed-off-by: DQ <dengq@vmware.com>
2019-10-31 17:23:19 +08:00
wang yan
c46d7e856a add a switcher for quota sync on core launch
As the quota sync is default called by harbor-core on every launch, and it will break the launch process if any failure throwed.

1, The commit is to provide an switcher for the system admin to bypass the quota sync.
2, In case Harbor goes into the restarting cycle.

Harbor already provides an internal API to sync quota data, in the failure case,
system admin can launch harbor and call the /api/internal/syncquota to sync quota.

Signed-off-by: wang yan <wangyan@vmware.com>
2019-10-31 16:17:27 +08:00
Steven Zou
7b6e83090e create API folder to keep API swagger files
- create API folder
- move harbor API swagger file to API/harbor
- add scanner adapter open API swagger file to API/scanner
- update protal build Dockerfile
- update swagger explorer build command in Makefile

Signed-off-by: Steven Zou <szou@vmware.com>
2019-10-30 21:41:03 +08:00
wang yan
253e87d186 inject ldflags for harbor compiler and linker
1, replace the UIVERSION file with ldflags, which is generarted by make to inject into the UI core.
2, inject additional ldflags for harbor compiler

Signed-off-by: wang yan <wangyan@vmware.com>
2019-10-30 18:31:42 +08:00
He Weiwei
b0f7404231
chore(log): log level support for clair adapter (#9640)
Signed-off-by: He Weiwei <hweiwei@vmware.com>
2019-10-29 16:50:26 +08:00