harbor/make/photon/prepare/utils/docker_compose.py

import os

from g import templates_dir
from .configs import parse_versions
from .jinja import render_jinja

docker_compose_template_path = os.path.join(templates_dir, 'docker_compose', 'docker-compose.yml.jinja')
docker_compose_yml_path = '/compose_location/docker-compose.yml'

# render docker-compose
def prepare_docker_compose(configs, with_clair, with_trivy, with_notary, with_chartmuseum):
    versions = parse_versions()
    VERSION_TAG = versions.get('VERSION_TAG') or 'dev'

    rendering_variables = {
        'version': VERSION_TAG,
        'reg_version': VERSION_TAG,
        'redis_version': VERSION_TAG,
        'notary_version': VERSION_TAG,
        'clair_version': VERSION_TAG,
        'clair_adapter_version': VERSION_TAG,
        'trivy_adapter_version': VERSION_TAG,
        'chartmuseum_version': VERSION_TAG,
        'data_volume': configs['data_volume'],
        'log_location': configs['log_location'],
        'protocol': configs['protocol'],
        'http_port': configs['http_port'],
        'external_redis': configs['external_redis'],
        'external_database': configs['external_database'],
        'with_notary': with_notary,
        'with_clair': with_clair,
        'with_trivy': with_trivy,
        'with_chartmuseum': with_chartmuseum
    }

    # if configs.get('registry_custom_ca_bundle_path'):
    #     rendering_variables['registry_custom_ca_bundle_path'] = configs.get('registry_custom_ca_bundle_path')
    #     rendering_variables['custom_ca_required'] = True

    # for gcs
    storage_config = configs.get('storage_provider_config') or {}
    if storage_config.get('keyfile') and configs['storage_provider_name'] == 'gcs':
        rendering_variables['gcs_keyfile'] = storage_config['keyfile']

    # for http
    if configs['protocol'] == 'https':
        rendering_variables['cert_key_path'] = configs['cert_key_path']
        rendering_variables['cert_path'] = configs['cert_path']
        rendering_variables['https_port'] = configs['https_port']

    # internal cert pairs
    rendering_variables['internal_tls'] = configs['internal_tls']

    # for uaa
    uaa_config = configs.get('uaa') or {}
    if uaa_config.get('ca_file'):
        rendering_variables['uaa_ca_file'] = uaa_config['ca_file']

    # for log
    log_ep_host = configs.get('log_ep_host')
    if log_ep_host:
        rendering_variables['external_log_endpoint'] = True

    render_jinja(docker_compose_template_path, docker_compose_yml_path,  mode=0o644, **rendering_variables)
Refacotr the prepare script base on the proposal https://github.com/goharbor/community/pull/22 Signed-off-by: Qian Deng <dengq@vmware.com> 2018-11-15 11:09:57 +08:00			`import os`

Enhance: refactor the mount dirs and workflow of generate cert mount a temp dir input for all input files and configs generated secrets file stored in data volumns keys dir certs file stored in data volumns nginx dir Signed-off-by: Qian Deng <dengq@vmware.com> 2019-03-12 19:09:01 +08:00			`from g import templates_dir`
Fix: packaging offline in new prepare This new prepare script now support offline packaging Signed-off-by: Qian Deng <dengq@vmware.com> 2019-03-18 15:07:19 +08:00			`from .configs import parse_versions`
Refacotr the prepare script base on the proposal https://github.com/goharbor/community/pull/22 Signed-off-by: Qian Deng <dengq@vmware.com> 2018-11-15 11:09:57 +08:00			`from .jinja import render_jinja`

			`docker_compose_template_path = os.path.join(templates_dir, 'docker_compose', 'docker-compose.yml.jinja')`
Enhance: refactor the mount dirs and workflow of generate cert mount a temp dir input for all input files and configs generated secrets file stored in data volumns keys dir certs file stored in data volumns nginx dir Signed-off-by: Qian Deng <dengq@vmware.com> 2019-03-12 19:09:01 +08:00			`docker_compose_yml_path = '/compose_location/docker-compose.yml'`
Refacotr the prepare script base on the proposal https://github.com/goharbor/community/pull/22 Signed-off-by: Qian Deng <dengq@vmware.com> 2018-11-15 11:09:57 +08:00
Fix: packaging offline in new prepare This new prepare script now support offline packaging Signed-off-by: Qian Deng <dengq@vmware.com> 2019-03-18 15:07:19 +08:00			`# render docker-compose`
chore(install): Add --with-trivy arg to the installation script Signed-off-by: Daniel Pacak <pacak.daniel@gmail.com> 2020-02-10 23:46:26 +08:00			`def prepare_docker_compose(configs, with_clair, with_trivy, with_notary, with_chartmuseum):`
Fix: packaging offline in new prepare This new prepare script now support offline packaging Signed-off-by: Qian Deng <dengq@vmware.com> 2019-03-18 15:07:19 +08:00			`versions = parse_versions()`
			`VERSION_TAG = versions.get('VERSION_TAG') or 'dev'`
Refacotr the prepare script base on the proposal https://github.com/goharbor/community/pull/22 Signed-off-by: Qian Deng <dengq@vmware.com> 2018-11-15 11:09:57 +08:00
			`rendering_variables = {`
			`'version': VERSION_TAG,`
feat(cicd) use unified version as tag name Signed-off-by: Ziming Zhang <zziming@vmware.com> 2020-03-03 15:22:21 +08:00			`'reg_version': VERSION_TAG,`
Fix: packaging offline in new prepare This new prepare script now support offline packaging Signed-off-by: Qian Deng <dengq@vmware.com> 2019-03-18 15:07:19 +08:00			`'redis_version': VERSION_TAG,`
feat(cicd) use unified version as tag name Signed-off-by: Ziming Zhang <zziming@vmware.com> 2020-03-03 15:22:21 +08:00			`'notary_version': VERSION_TAG,`
			`'clair_version': VERSION_TAG,`
			`'clair_adapter_version': VERSION_TAG,`
			`'trivy_adapter_version': VERSION_TAG,`
			`'chartmuseum_version': VERSION_TAG,`
Refacotr the prepare script base on the proposal https://github.com/goharbor/community/pull/22 Signed-off-by: Qian Deng <dengq@vmware.com> 2018-11-15 11:09:57 +08:00			`'data_volume': configs['data_volume'],`
			`'log_location': configs['log_location'],`
Enhance: refactor the mount dirs and workflow of generate cert mount a temp dir input for all input files and configs generated secrets file stored in data volumns keys dir certs file stored in data volumns nginx dir Signed-off-by: Qian Deng <dengq@vmware.com> 2019-03-12 19:09:01 +08:00			`'protocol': configs['protocol'],`
Enhance: Refacotr Registry config file 1. Refactor registry configs 2. cp gcs keyfile is exist Signed-off-by: Qian Deng <dengq@vmware.com> 2019-04-02 20:08:26 +08:00			`'http_port': configs['http_port'],`
Disable redis and db containers if external db enabled If depend on external redis or pg. local db and redis should not start. Therefore can save some resources. Signed-off-by: DQ <dengq@vmware.com> 2019-08-26 15:04:57 +08:00			`'external_redis': configs['external_redis'],`
			`'external_database': configs['external_database'],`
Refacotr the prepare script base on the proposal https://github.com/goharbor/community/pull/22 Signed-off-by: Qian Deng <dengq@vmware.com> 2018-11-15 11:09:57 +08:00			`'with_notary': with_notary,`
			`'with_clair': with_clair,`
chore(install): Add --with-trivy arg to the installation script Signed-off-by: Daniel Pacak <pacak.daniel@gmail.com> 2020-02-10 23:46:26 +08:00			`'with_trivy': with_trivy,`
Refacotr the prepare script base on the proposal https://github.com/goharbor/community/pull/22 Signed-off-by: Qian Deng <dengq@vmware.com> 2018-11-15 11:09:57 +08:00			`'with_chartmuseum': with_chartmuseum`
			`}`

Feat: update prepare to support tls update makefile add model for prepare update jinja template for prepare Signed-off-by: DQ <dengq@vmware.com> 2020-02-11 13:47:55 +08:00			`# if configs.get('registry_custom_ca_bundle_path'):`
			`# rendering_variables['registry_custom_ca_bundle_path'] = configs.get('registry_custom_ca_bundle_path')`
			`# rendering_variables['custom_ca_required'] = True`

Add supoort for external endpoint Add config item in harbor.yml Make fowarding rule configurable Signed-off-by: DQ <dengq@vmware.com> 2019-06-21 14:18:28 +08:00			`# for gcs`
Enhance: Refacotr Registry config file 1. Refactor registry configs 2. cp gcs keyfile is exist Signed-off-by: Qian Deng <dengq@vmware.com> 2019-04-02 20:08:26 +08:00			`storage_config = configs.get('storage_provider_config') or {}`
Fix chart storage keyfile issue in gcs Add volumn binding on docker-compose.yml Signed-off-by: Qian Deng <dengq@vmware.com> 2019-05-05 16:02:01 +08:00			`if storage_config.get('keyfile') and configs['storage_provider_name'] == 'gcs':`
Enhance: Refacotr Registry config file 1. Refactor registry configs 2. cp gcs keyfile is exist Signed-off-by: Qian Deng <dengq@vmware.com> 2019-04-02 20:08:26 +08:00			`rendering_variables['gcs_keyfile'] = storage_config['keyfile']`

Add supoort for external endpoint Add config item in harbor.yml Make fowarding rule configurable Signed-off-by: DQ <dengq@vmware.com> 2019-06-21 14:18:28 +08:00			`# for http`
Fix make prepare problem Signed-off-by: cd1989 <chende@caicloud.io> 2019-04-03 16:19:04 +08:00			`if configs['protocol'] == 'https':`
			`rendering_variables['cert_key_path'] = configs['cert_key_path']`
			`rendering_variables['cert_path'] = configs['cert_path']`
Add redirect disable item if set storage redirect disable ture, will render it in registry config file Signed-off-by: Qian Deng <dengq@vmware.com> 2019-04-30 17:05:27 +08:00			`rendering_variables['https_port'] = configs['https_port']`
Fix make prepare problem Signed-off-by: cd1989 <chende@caicloud.io> 2019-04-03 16:19:04 +08:00
Feat: update prepare to support tls update makefile add model for prepare update jinja template for prepare Signed-off-by: DQ <dengq@vmware.com> 2020-02-11 13:47:55 +08:00			`# internal cert pairs`
			`rendering_variables['internal_tls'] = configs['internal_tls']`

Add supoort for external endpoint Add config item in harbor.yml Make fowarding rule configurable Signed-off-by: DQ <dengq@vmware.com> 2019-06-21 14:18:28 +08:00			`# for uaa`
Alow user to set CA cert for UAA in harbor.yml Signed-off-by: Daniel Jiang <jiangd@vmware.com> 2019-05-06 16:32:00 +08:00			`uaa_config = configs.get('uaa') or {}`
			`if uaa_config.get('ca_file'):`
			`rendering_variables['uaa_ca_file'] = uaa_config['ca_file']`

Add supoort for external endpoint Add config item in harbor.yml Make fowarding rule configurable Signed-off-by: DQ <dengq@vmware.com> 2019-06-21 14:18:28 +08:00			`# for log`
			`log_ep_host = configs.get('log_ep_host')`
			`if log_ep_host:`
			`rendering_variables['external_log_endpoint'] = True`

Fix docker-compose file permmission non-root user can see the content Signed-off-by: Qian Deng <dengq@vmware.com> 2019-05-24 15:17:35 +08:00			`render_jinja(docker_compose_template_path, docker_compose_yml_path, mode=0o644, **rendering_variables)`