def migrate(input_, output, target): """ migrate command will migrate config file style to specific version :input_: is the path of the original config file :output: is the destination path of config file, the generated configs will storage in it :target: is the the target version of config file will upgrade to """ if target not in accept_versions: click.echo('target version {} not supported'.format(target)) sys.exit(-1) if not output: output = input_ input_path = get_realpath(input_) output_path = get_realpath(output) configs = read_conf(input_path) input_version = configs.get('_version') if version.parse(input_version) < version.parse('1.9.0'): click.echo('the version {} not supported, make sure the version in input file above 1.8.0'.format(input_version)) sys.exit(-1) if input_version == target: click.echo("Version of input harbor.yml is identical to target {}, no need to upgrade".format(input_version)) sys.exit(0) current_input_path = input_path for m in search(input_version, target): current_output_path = "harbor.yml.{}.tmp".format(m.revision) click.echo("migrating to version {}".format(m.revision)) m.migrate(current_input_path, current_output_path) current_input_path = current_output_path shutil.copy(current_input_path, output_path) click.echo("Written new values to {}".format(output)) for tmp_f in glob.glob("harbor.yml.*.tmp"): os.remove(tmp_f)
def migrate(input_, output, target): if not output: output = input_ input_path = get_realpath(input_) output_path = get_realpath(output) configs = read_conf(input_path) input_version = configs.get('_version') if input_version == target: click.echo( "Version of input harbor.yml is identical to target {}, no need to upgrade" .format(input_version)) sys.exit(0) current_input_path = input_path for m in search(input_version, target): current_output_path = "harbor.yml.{}.tmp".format(m.revision) click.echo("migrating to version {}".format(m.revision)) m.migrate(current_input_path, current_output_path) current_input_path = current_output_path shutil.copy(current_input_path, output_path) click.echo("Written new values to {}".format(output)) for tmp_f in glob.glob("harbor.yml.*.tmp"): os.remove(tmp_f)
def gencert(path, days): path = get_realpath(path) click.echo('Check openssl ...') if not openssl_installed(): raise (Exception('openssl not installed')) click.echo("start generate internal tls certs") if not os.path.exists(path): click.echo('path {} not exist, create it...'.format(path)) os.makedirs(path, exist_ok=True) shell_stat = check_call([gen_tls_script, days], stdout=PIPE, stderr=STDOUT, cwd=path) if shell_stat != 0: click.echo('Can not generate internal tls certs') sys.exit(-1)
def gencert(path, days): """ gencert command will generate cert files for internal TLS """ path = get_realpath(path) click.echo('Check openssl ...') if not openssl_installed(): raise (Exception('openssl not installed')) click.echo("start generate internal tls certs") if not os.path.exists(path): click.echo('path {} not exist, create it...'.format(path)) os.makedirs(path, exist_ok=True) with Popen([gen_tls_script, days], stdout=PIPE, stderr=STDOUT, cwd=path) as p: for line in p.stdout: click.echo(line, nl=False) if p.returncode != 0: raise CalledProcessError(p.returncode, p.args)
def prepare(self): """ Prepare moves certs in tls file to data volume with correct permission. """ if not self.enabled: logging.info('internal tls NOT enabled...') return original_tls_dir = get_realpath(self.tls_dir) if internal_tls_dir.exists(): rmtree(internal_tls_dir) copytree(original_tls_dir, internal_tls_dir, symlinks=True) for file in internal_tls_dir.iterdir(): if file.name.endswith('.key'): file.chmod(0o600) elif file.name.endswith('.crt'): file.chmod(0o644) if file.name in self.db_certs_filename: os.chown(file, PG_UID, PG_GID) else: os.chown(file, DEFAULT_UID, DEFAULT_GID)