def migrate(input_, output, target):
"""
migrate command will migrate config file style to specific version
:input_: is the path of the original config file
:output: is the destination path of config file, the generated configs will storage in it
:target: is the the target version of config file will upgrade to
"""
if target not in accept_versions:
click.echo('target version {} not supported'.format(target))
sys.exit(-1)
if not output:
output = input_
input_path = get_realpath(input_)
output_path = get_realpath(output)
configs = read_conf(input_path)
input_version = configs.get('_version')
if version.parse(input_version) < version.parse('1.9.0'):
click.echo('the version {} not supported, make sure the version in input file above 1.8.0'.format(input_version))
sys.exit(-1)
if input_version == target:
click.echo("Version of input harbor.yml is identical to target {}, no need to upgrade".format(input_version))
sys.exit(0)
current_input_path = input_path
for m in search(input_version, target):
current_output_path = "harbor.yml.{}.tmp".format(m.revision)
click.echo("migrating to version {}".format(m.revision))
m.migrate(current_input_path, current_output_path)
current_input_path = current_output_path
shutil.copy(current_input_path, output_path)
click.echo("Written new values to {}".format(output))
for tmp_f in glob.glob("harbor.yml.*.tmp"):
os.remove(tmp_f)
def migrate(input_, output, target):
if not output:
output = input_
input_path = get_realpath(input_)
output_path = get_realpath(output)
configs = read_conf(input_path)
input_version = configs.get('_version')
if input_version == target:
click.echo(
"Version of input harbor.yml is identical to target {}, no need to upgrade"
.format(input_version))
sys.exit(0)
current_input_path = input_path
for m in search(input_version, target):
current_output_path = "harbor.yml.{}.tmp".format(m.revision)
click.echo("migrating to version {}".format(m.revision))
m.migrate(current_input_path, current_output_path)
current_input_path = current_output_path
shutil.copy(current_input_path, output_path)
click.echo("Written new values to {}".format(output))
for tmp_f in glob.glob("harbor.yml.*.tmp"):
os.remove(tmp_f)
def gencert(path, days):
path = get_realpath(path)
click.echo('Check openssl ...')
if not openssl_installed():
raise (Exception('openssl not installed'))
click.echo("start generate internal tls certs")
if not os.path.exists(path):
click.echo('path {} not exist, create it...'.format(path))
os.makedirs(path, exist_ok=True)
shell_stat = check_call([gen_tls_script, days],
stdout=PIPE,
stderr=STDOUT,
cwd=path)
if shell_stat != 0:
click.echo('Can not generate internal tls certs')
sys.exit(-1)
def gencert(path, days):
"""
gencert command will generate cert files for internal TLS
"""
path = get_realpath(path)
click.echo('Check openssl ...')
if not openssl_installed():
raise (Exception('openssl not installed'))
click.echo("start generate internal tls certs")
if not os.path.exists(path):
click.echo('path {} not exist, create it...'.format(path))
os.makedirs(path, exist_ok=True)
with Popen([gen_tls_script, days], stdout=PIPE, stderr=STDOUT,
cwd=path) as p:
for line in p.stdout:
click.echo(line, nl=False)
if p.returncode != 0:
raise CalledProcessError(p.returncode, p.args)
def prepare(self):
"""
Prepare moves certs in tls file to data volume with correct permission.
"""
if not self.enabled:
logging.info('internal tls NOT enabled...')
return
original_tls_dir = get_realpath(self.tls_dir)
if internal_tls_dir.exists():
rmtree(internal_tls_dir)
copytree(original_tls_dir, internal_tls_dir, symlinks=True)
for file in internal_tls_dir.iterdir():
if file.name.endswith('.key'):
file.chmod(0o600)
elif file.name.endswith('.crt'):
file.chmod(0o644)
if file.name in self.db_certs_filename:
os.chown(file, PG_UID, PG_GID)
else:
os.chown(file, DEFAULT_UID, DEFAULT_GID)
