Tan Jiang
5975e6b964
Add place holder for injecting UAA host
...
As this is for tile deployment only, so add a shortcut for tile/bosh
script to add entry in /etc/hosts inside the container.
Due to effort consideration I don't think we want to render
docker-compose in `prepare` script.
2018-01-25 13:22:43 +08:00
Tan Jiang
e02de2068a
Enable configuring the CA Certificate for UAA
...
Enable configuring the path of root cert of UAA in harbor.cfg. It only
takes effects if the verify_cert is set to "true" If the file does not
exist, the configuration is skipped.
The intention for this commit is to support integration with nested UAA
in PAS or PKS, we don't expect user to manually configure this value,
though he can do it if he wants.
2018-01-03 16:21:29 +08:00
wangyan
1e750a1ed4
Unify images tags and build process
2017-12-14 23:52:18 -08:00
Wenkai Yin
66b9699ac2
Improve log rotation configurability
2017-11-09 14:33:05 +08:00
root
6f335bdb1a
Deprivilege harobr-log, harbor-db, registry image.
...
This change involves using non-root user to run the process of the
docker images. Also made update in Dockerfile to make the containers
support "read-only" and introduce "HEALTHCHECK". Note the "read-only"
options are not enabled in docker-compose, to cover the very corner
case when user wants to update the container filesystem manually.
Remove read only option from docker-compose template by default
2017-11-02 23:35:06 -07:00
Daniel Jiang
e6874cf9f1
Merge pull request #3383 from reasonerjt/uaa-integration
...
Make the root CA certificate of UAA configurable
2017-10-17 12:20:22 +08:00
Tan Jiang
eab6b43d99
Make the root CA certificate of UAA should be configurable
2017-10-16 17:40:29 +08:00
Wenkai Yin
bc3d859571
make log rotate days configurable
2017-10-16 17:09:28 +08:00
Wenkai Yin
232b9ca70c
update the psc token dir
2017-08-02 14:50:49 +08:00
Yan
686b477775
update registry to 2.6.2 ( #2851 )
...
rm dockerfile
update
add comments
2017-07-24 02:19:32 -07:00
Wenkai Yin
7573d59624
update token file location
2017-07-19 13:46:10 +08:00
Daniel Jiang
1ca1eddb0f
Merge pull request #2676 from yixingjia/nginxonphoton
...
Move nginx to photon OS
2017-07-01 00:08:08 +08:00
Wenkai Yin
bdbdb383ac
update
2017-06-30 16:21:55 +08:00
yixingj
fc50fd51d5
Move nginx to photon OS
2017-06-30 14:03:42 +08:00
Wenkai Yin
d6b4330cc8
create a global project manager
2017-06-30 00:08:45 +08:00
Daniel Jiang
0b02231093
Update registry img ( #2330 )
...
* update the registry image
* update other yml files and docs to reflect image update
2017-05-19 00:19:27 -07:00
Tan Jiang
965c7a5e70
reference the patched nginx image
2017-04-07 15:07:46 +08:00
Wenkai Yin
e60fd0530f
mount config to another dir, fix #1939
2017-04-07 09:14:41 +08:00
wy65701436
f6c4137af1
fix issue 1916
2017-04-05 22:53:09 -07:00
Daniel Jiang
7d6d641827
Merge branch 'master' into dev
2017-04-05 17:01:27 +08:00
Wenkai Yin
ee2a6748c0
mount ca dir to container, fix #1829
2017-03-30 12:50:20 +08:00
Tan Jiang
a33f4151e2
merge with dev branch
2017-03-24 14:40:34 +08:00
Tan Jiang
980101eab5
package vmware/registry into offline package
2017-03-23 12:36:36 +08:00
Tan Jiang
44cd3ec85b
update make file and docker compose template
2017-03-22 20:56:08 +08:00
Tan Jiang
f9180c0c96
rebuild registry image on photon
2017-03-22 20:27:15 +08:00
Wenkai Yin
383997f785
read capacity from adminserver
2017-03-21 16:28:24 +08:00
Wenkai Yin
108aa21499
upgrade registry to 2.6.0
2017-03-16 13:44:16 +08:00
Aron Parsons
8ab45d439b
label volumes for SELinux
...
allow Harbor to run when dockerd is running with --selinux-enabled
example AVC denials:
type=AVC msg=audit(1488384855.681:154671): avc: denied { read } for pid=454 comm="registry" name="config.yml" dev="dm-8" ino=12583048 scontext=system_u:system_r:svirt_lxc_net_t:s0:c298,c958 tcontext=system_u:object_r:default_t:s0 tclass=file
type=AVC msg=audit(1488384855.681:154671): avc: denied { open } for pid=454 comm="registry" path="/etc/registry/config.yml" dev="dm-8" ino=12583048 scontext=system_u:system_r:svirt_lxc_net_t:s0:c298,c958 tcontext=system_u:object_r:default_t:s0 tclass=file
type=AVC msg=audit(1488384855.687:154672): avc: denied { append } for pid=350 comm=72733A6D61696E20513A526567 name="registry.log" dev="dm-5" ino=4315920 scontext=system_u:system_r:svirt_lxc_net_t:s0:c599,c800 tcontext=system_u:object_r:default_t:s0 tclass=file
type=AVC msg=audit(1488384856.895:154702): avc: denied { remove_name } for pid=708 comm="mysqld" name="4691d4d62464.lower-test" dev="dm-12" ino=402656159 scontext=system_u:system_r:svirt_lxc_net_t:s0:c149,c797 tcontext=system_u:object_r:default_t:s0 tclass=dir
type=AVC msg=audit(1488384856.926:154703): avc: denied { lock } for pid=708 comm="mysqld" path="/var/lib/mysql/ibdata1" dev="dm-12" ino=402656097 scontext=system_u:system_r:svirt_lxc_net_t:s0:c149,c797 tcontext=system_u:object_r:default_t:s0 tclass=file
type=AVC msg=audit(1488384857.958:154736): avc: denied { open } for pid=924 comm="harbor_jobservi" path="/etc/jobservice/app.conf" dev="dm-8" ino=142 scontext=system_u:system_r:svirt_lxc_net_t:s0:c102,c158 tcontext=system_u:object_r:default_t:s0 tclass=file
type=AVC msg=audit(1488384858.089:154737): avc: denied { read } for pid=1017 comm="nginx" name="nginx.conf" dev="dm-8" ino=4194445 scontext=system_u:system_r:svirt_lxc_net_t:s0:c847,c996 tcontext=system_u:object_r:default_t:s0 tclass=file
type=AVC msg=audit(1488384858.089:154737): avc: denied { open } for pid=1017 comm="nginx" path="/etc/nginx/nginx.conf" dev="dm-8" ino=4194445 scontext=system_u:system_r:svirt_lxc_net_t:s0:c847,c996 tcontext=system_u:object_r:default_t:s0 tclass=file
2017-03-03 14:13:39 -05:00
yhua
9f18c8458b
fix #1332
2017-02-27 18:52:22 +08:00
Wenkai Yin
9f3f48be59
add harbor network to adminserver
2017-02-24 14:35:11 +08:00
Wenkai Yin
414e8a8bcf
Merge remote-tracking branch 'upstream/dev' into 170224_merge_config
...
Conflicts:
make/docker-compose.tpl
src/ui/service/token/authutils.go
2017-02-24 13:52:19 +08:00
Wenkai Yin
40eb6bb7d3
encrypt passwords enhancement
2017-02-22 16:59:28 +08:00
Wenkai Yin
390f89ee0a
encrypt passwords and secret
2017-02-17 18:23:21 +08:00
Daniel Jiang
a17cd5bcfe
add a default network for containers in harbor ( #1384 )
...
LGTM
2017-02-16 14:51:21 +08:00
Wenkai Yin
b62a958250
configure harbor
2017-01-12 17:15:32 +08:00
yhua
0249f2181a
update registry from 2.5.0 to 2.5.1
2016-12-15 16:50:50 +08:00
kunw
55b98f9abd
Merge remote-tracking branch 'upstream/dev' into dev-volume-info
2016-11-09 14:53:26 +08:00
Wenkai Yin
4fcfffeb47
upgrade nginx to 1.11.5
2016-11-02 15:49:28 +08:00
kunw
560b41b5e6
Merge remote-tracking branch 'upstream/dev' into dev-volume-info
2016-11-02 12:46:57 +08:00
yhua
03e2a3ee56
remove tag in docker-compose.yml
2016-10-26 13:09:12 +08:00