Beispiel #1
0
def main(conf, with_notary, with_clair, with_chartmuseum):

    delfile(config_dir)
    config_dict = parse_yaml_config(conf, with_notary=with_notary, with_clair=with_clair, with_chartmuseum=with_chartmuseum)
    validate(config_dict, notary_mode=with_notary)

    prepare_log_configs(config_dict)
    prepare_nginx(config_dict)
    prepare_core(config_dict, with_notary=with_notary, with_clair=with_clair, with_chartmuseum=with_chartmuseum)
    prepare_registry(config_dict)
    prepare_registry_ctl(config_dict)
    prepare_db(config_dict)
    prepare_job_service(config_dict)
    prepare_redis(config_dict)

    get_secret_key(secret_key_dir)

    #  If Customized cert enabled
    prepare_ca(
        private_key_pem_path=private_key_pem_path,
        root_crt_path=root_crt_path,
        old_private_key_pem_path=old_private_key_pem_path,
        old_crt_path=old_crt_path)
    if with_notary:
        prepare_notary(config_dict, nginx_confd_dir, SSL_CERT_PATH, SSL_CERT_KEY_PATH)

    if with_clair:
        prepare_clair(config_dict)

    if with_chartmuseum:
        prepare_chartmuseum(config_dict)

    prepare_docker_compose(config_dict, with_clair, with_notary, with_chartmuseum)
Beispiel #2
0
def main(conf, with_notary, with_clair, with_chartmuseum):

    delfile(config_dir)
    config_dict = parse_yaml_config(conf)
    validate(config_dict, notary_mode=with_notary)

    prepare_log_configs(config_dict)
    prepare_nginx(config_dict)
    prepare_core(config_dict, with_notary=with_notary, with_clair=with_clair, with_chartmuseum=with_chartmuseum)
    prepare_registry(config_dict)
    prepare_registry_ctl(config_dict)
    prepare_db(config_dict)
    prepare_job_service(config_dict)

    get_secret_key(secret_key_dir)

    #  If Customized cert enabled
    prepare_ca(
        private_key_pem_path=private_key_pem_path,
        root_crt_path=root_crt_path,
        old_private_key_pem_path=old_private_key_pem_path,
        old_crt_path=old_crt_path)
    if with_notary:
        prepare_notary(config_dict, nginx_confd_dir, SSL_CERT_PATH, SSL_CERT_KEY_PATH)

    if with_clair:
        prepare_clair(config_dict)

    if with_chartmuseum:
        prepare_chartmuseum(config_dict)

    prepare_docker_compose(config_dict, with_clair, with_notary, with_chartmuseum)
Beispiel #3
0
def main(conf, with_notary, with_clair, with_chartmuseum):

    delfile(config_dir)
    config_dict = parse_yaml_config(conf)
    validate(config_dict, notary_mode=with_notary)

    prepare_log_configs(config_dict)
    prepare_nginx(config_dict)
    prepare_core(config_dict,
                 with_notary=with_notary,
                 with_clair=with_clair,
                 with_chartmuseum=with_chartmuseum)
    prepare_registry(config_dict)
    prepare_registry_ctl(config_dict)
    prepare_db(config_dict)
    prepare_job_service(config_dict)

    copy_secret_keys()
    get_secret_key(secret_key_dir)

    if config_dict['protocol'] == 'https':
        copy_ssl_cert()

    #  If Customized cert enabled
    prepare_ca(private_key_pem_path=private_key_pem_path,
               root_crt_path=root_crt_path,
               old_private_key_pem_path=old_private_key_pem_path,
               old_crt_path=old_crt_path,
               registry_custom_ca_bundle_config=
               registry_custom_ca_bundle_storage_input_path,
               registry_custom_ca_bundle_storage_path=
               registry_custom_ca_bundle_storage_path)

    if with_notary:
        prepare_notary(config_dict, nginx_confd_dir, SSL_CERT_PATH,
                       SSL_CERT_KEY_PATH)

    if with_clair:
        prepare_clair(config_dict)

    if with_chartmuseum:
        prepare_chartmuseum(config_dict)

    prepare_docker_compose(config_dict, with_clair, with_notary,
                           with_chartmuseum)
Beispiel #4
0
def main(conf, with_notary, with_clair, with_trivy, with_chartmuseum):

    delfile(config_dir)
    config_dict = parse_yaml_config(conf, with_notary=with_notary, with_clair=with_clair, with_trivy=with_trivy, with_chartmuseum=with_chartmuseum)
    try:
        validate(config_dict, notary_mode=with_notary)
    except Exception as e:
        logging.info('Error happened in config validation...')
        logging.error(e)
        sys.exit(-1)

    prepare_log_configs(config_dict)
    prepare_nginx(config_dict)
    prepare_core(config_dict, with_notary=with_notary, with_clair=with_clair, with_trivy=with_trivy, with_chartmuseum=with_chartmuseum)
    prepare_registry(config_dict)
    prepare_registry_ctl(config_dict)
    prepare_db(config_dict)
    prepare_job_service(config_dict)
    prepare_redis(config_dict)

    get_secret_key(secret_key_dir)

    #  If Customized cert enabled
    prepare_ca(
        private_key_pem_path=private_key_pem_path,
        root_crt_path=root_crt_path,
        old_private_key_pem_path=old_private_key_pem_path,
        old_crt_path=old_crt_path)
    if with_notary:
        prepare_notary(config_dict, nginx_confd_dir, SSL_CERT_PATH, SSL_CERT_KEY_PATH)

    if with_clair:
        prepare_clair(config_dict)
        prepare_clair_adapter(config_dict)

    if with_trivy:
        prepare_trivy_adapter(config_dict)

    if with_chartmuseum:
        prepare_chartmuseum(config_dict)

    prepare_docker_compose(config_dict, with_clair, with_trivy, with_notary, with_chartmuseum)
Beispiel #5
0
def main():
    if not path.exists("/etc/harbor/secret/registry/root.crt"):
        core_secret = generate_random_string(16)
        jobservice_secret = generate_random_string(16)
        chartserver_secret = generate_random_string(16)
        os.system("sed -i 's/^CORE_SECRET=.*$/CORE_SECRET={}/g' /etc/harbor/core/env".format(core_secret))
        os.system("sed -i 's/^JOBSERVICE_SECRET=.*$/JOBSERVICE_SECRET={}/g' /etc/harbor/core/env".format(jobservice_secret))
        os.system("sed -i 's/^CORE_SECRET=.*$/CORE_SECRET={}/g' /etc/harbor/jobservice/env".format(core_secret))
        os.system("sed -i 's/^JOBSERVICE_SECRET=.*$/JOBSERVICE_SECRET={}/g' /etc/harbor/jobservice/env".format(jobservice_secret))
        os.system("sed -i 's/^CORE_SECRET=.*$/CORE_SECRET={}/g' /etc/harbor/registryctl/env".format(core_secret))
        os.system("sed -i 's/^JOBSERVICE_SECRET=.*$/JOBSERVICE_SECRET={}/g' /etc/harbor/registryctl/env".format(jobservice_secret))
        os.system("sed -i 's/^BASIC_AUTH_PASS=.*$/BASIC_AUTH_PASS={}/g' /etc/harbor/registryctl/env".format(chartserver_secret))

    get_secret_key("/etc/harbor/secret/keys/")

    private_key_pem_path=Path("/etc/harbor/secret/core/private_key.pem")
    root_crt_path=Path("/etc/harbor/secret/registry/root.crt")
    #  If Customized cert enabled
    prepare_ca(
        private_key_pem_path=private_key_pem_path,
        root_crt_path=root_crt_path,
        old_private_key_pem_path=old_private_key_pem_path,
        old_crt_path=old_crt_path)
    os.system("chown harbor:harbor -R /etc/harbor/secret/")