Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: Ziming Zhang <zziming@vmware.com> Change-Id: If900968d2afb8a55ed15b279354d427bb0c93b24
- Loading branch information
Showing
5 changed files
with
118 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
build.* |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,48 @@ | ||
#!/usr/bin/env python3 | ||
|
||
import yaml,os | ||
print("fix cicd harbor") | ||
|
||
config=yaml.safe_load(open('/input/harbor.yml')) | ||
config['hostname']=os.environ.get('IP', '127.0.0.1') | ||
config['data_volume']=os.environ.get('data_volume', '/data') | ||
config['http']['port']=os.environ.get('HTTP_PORT', 80) | ||
config['https']={} | ||
config['https']['port']=os.environ.get('HTTPS_PORT', 443) | ||
config['https']['certificate']=os.environ.get('certificate', '/cert/server.crt') | ||
config['https']['private_key']=os.environ.get('private_key', '/cert/server.key') | ||
config['log']['local']['location']=os.environ.get('data_volume', '/data')+'/logs' | ||
|
||
yaml.dump(config, open('/input/harbor.yml', 'w+')) | ||
|
||
versions=yaml.safe_load(open('versions')) | ||
versions['VERSION_TAG']=os.environ.get('TAG', 'dev') | ||
yaml.dump(versions, open('versions', 'w+')) | ||
|
||
import main | ||
try: | ||
main.main() | ||
except SystemExit as e: | ||
if e.code != 0: | ||
raise e | ||
|
||
compose=yaml.safe_load(open('/compose_location/docker-compose.yml')) | ||
NAMESPACE=os.environ.get('NAMESPACE', 'goharbor') | ||
for s in compose['services'].values(): | ||
s['image']=s['image'].replace('goharbor'+"/", NAMESPACE+'/') | ||
s['container_name']=s['container_name']+"-"+versions['VERSION_TAG'] | ||
if isinstance(s['networks'], dict): | ||
nn={} | ||
for n in s['networks']: | ||
nn[n+"-"+versions['VERSION_TAG']]=s['networks'][n] | ||
s['networks']=nn | ||
else: | ||
nn=[] | ||
for n in s['networks']: | ||
nn.append(n+"-"+versions['VERSION_TAG']) | ||
s['networks']=nn | ||
nn={} | ||
for n in compose['networks']: | ||
nn[n+"-"+versions['VERSION_TAG']]=compose['networks'][n] | ||
compose['networks']=nn | ||
yaml.dump(compose, open('/compose_location/docker-compose.yml', 'w+')) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,59 @@ | ||
#!/usr/bin/env bash | ||
|
||
if [ -z "$2" ];then echo "$0 <ip> <buildnum> [http_port] [https_port]";exit 1;fi | ||
IP=$1 | ||
BUILDNUM=$2 | ||
HTTP_PORT=${3:-80} | ||
HTTPS_PORT=${4:-443} | ||
|
||
TAG=build.$BUILDNUM | ||
NAMESPACE="cicd.harbor.bitsf.xin/harbor-dev" | ||
data_path=$(pwd)/$TAG/data | ||
mkdir -p $data_path | ||
config_dir=$(pwd)/$TAG/common/config | ||
mkdir -p $config_dir | ||
mkdir -p $data_path/logs | ||
compose_file=$(pwd)/$TAG/docker-compose.yml | ||
touch $compose_file | ||
secret_dir=$data_path/secret | ||
mkdir -p $secret_dir | ||
cert_path=$data_path/cert | ||
mkdir -p $cert_path | ||
|
||
docker pull $NAMESPACE/registry-photon:v2.7.1-patch-2819 | ||
docker tag $NAMESPACE/registry-photon:v2.7.1-patch-2819 $NAMESPACE/registry-photon:v2.7.1-patch-2819-$TAG | ||
for name in prepare harbor-registryctl nginx-photon harbor-portal harbor-jobservice harbor-core harbor-db redis-photon harbor-log; do | ||
docker pull $NAMESPACE/$name:$TAG | ||
done | ||
|
||
curl https://raw.githubusercontent.com/goharbor/harbor/master/tests/harbor_ca.key -o $cert_path/harbor_ca.key | ||
curl https://raw.githubusercontent.com/goharbor/harbor/master/tests/harbor_ca.crt -o $cert_path/harbor_ca.crt | ||
openssl req \ | ||
-newkey rsa:4096 -nodes -sha256 -keyout $cert_path/$IP.key \ | ||
-out $cert_path/$IP.csr -subj "/C=CN/ST=PEK/L=Bei Jing/O=VMware/CN=HarborManager" | ||
echo subjectAltName = IP:$IP > $cert_path/extfile.cnf | ||
openssl x509 -req -days 365 -sha256 -in $cert_path/$IP.csr -CA $cert_path/harbor_ca.crt \ | ||
-CAkey $cert_path/harbor_ca.key -CAcreateserial -CAserial $cert_path/$IP.srl -extfile $cert_path/extfile.cnf -out $cert_path/$IP.crt | ||
|
||
docker run --rm -v $(pwd)/fixcicdharbor.py:/usr/src/app/fixcicdharbor.py \ | ||
-v $data_path:/data:z \ | ||
-v $compose_file:/compose_location/docker-compose.yml:z \ | ||
-v $config_dir:/config:z \ | ||
-v $secret_dir:/secret:z \ | ||
-v $cert_path/$IP.key:/hostfs/cert/server.key:z \ | ||
-v $cert_path/$IP.crt:/hostfs/cert/server.crt:z \ | ||
-e IP=$IP -e HTTP_PORT=$HTTP_PORT -e HTTPS_PORT=$HTTPS_PORT \ | ||
-e data_volume=$data_path \ | ||
-e TAG=$TAG -e NAMESPACE=$NAMESPACE \ | ||
--entrypoint ./fixcicdharbor.py \ | ||
$NAMESPACE/prepare:$TAG \ | ||
|| exit 1 | ||
|
||
sudo chmod -R +r $TAG | ||
sudo chmod -R 700 $data_path/database | ||
|
||
cd $TAG | ||
docker-compose down | ||
docker-compose up -d | ||
|
||
echo enjoy you harbor at http://$IP:$HTTP_PORT |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
#!/usr/bin/env bash | ||
|
||
if [ -z "$1" ];then echo "$0 <buildnum> [action]";exit 1;fi | ||
BUILDNUM=$1 | ||
ACTION=${2:-stop} | ||
|
||
for name in nginx harbor-jobservice harbor-portal harbor-core registry registryctl harbor-db redis harbor-log; do | ||
docker $ACTION $name-build.$BUILDNUM | ||
done |