harbor job from harbor-container-registry/1.7.5

Github source: c3c22a4 or master branch

Properties¶

admin_password¶

The initial password of Harbor admin, only works for the first time when Harbor starts

admiral_url¶

Admiral’s url, comment this attribute, or set its value to NA when Harbor is standalone

Default

NA

auth_mode¶

By default the auth mode is db_auth, i.e. the credentials are stored in a local database. Set it to ldap_auth if you want to verify a user’s credentials against an LDAP server.

Default

db_auth

clair_db_password¶

The password of the Clair’s postgres database, only effective when Harbor is deployed with Clair

clair_updater_interval¶

The interval to run clair updater

Default

12

customize_container_network¶

Specify the container network type

Default

default

customize_crt¶

Determine whether or not to generate certificate for the registry’s token. If the value is on, the prepare script creates new root cert and private key for generating token to access the registry. If the value is off the default key/cert will be used. This flag also controls the creation of the notary signer’s cert.

Default

"on"

db¶

host¶

The address of the mysql database

Default

mysql

port¶

The port of mysql database host

Default

3306

user¶

The user name of mysql database

Default

root

db_password¶

The password for the root user of mysql db

default_address_pool_base1¶

The container address pool 1 base

default_address_pool_base2¶

The container address pool 2 base

default_address_pool_base3¶

The container address pool 3 base

default_address_pool_size1¶

The container address pool 1 size

default_address_pool_size2¶

The container address pool 2 size

default_address_pool_size3¶

The container address pool 3 size

email¶

from¶

Email address of the sender

identity¶

Identity left blank to act as username

insecure¶

Whether to verify the certificate of email server

Default

false

password¶

Password of email server

port¶

Email server port

Default

25

server¶

Email server address

ssl¶

If SSL is enabled

Default

false

username¶

Username of email server

enable_upgrade¶

Enable upgrading Harbor

Default

true

hostname¶

The IP address or hostname to access admin UI and registry service

http_proxy¶

The http_proxy url for Clair

Default

""

https_proxy¶

The https_proxy url for Clair

Default

""

ldap¶

basedn¶

The base DN from which to look up a user in LDAP/AD

Default

ou=people,dc=mydomain,dc=com

filter¶

Search filter for users in LDAP/AD, make sure the syntax of the filter is correct.

group_admin_dn¶

The group DN from wich to look up an admin user in LDAP/AD

Default

""

group_basedn¶

The base DN from which to look up a group in LDAP/AD

Default

ou=group,dc=mydomain,dc=com

group_filter¶

Search filter for groups in LDAP/AD, make sure the syntax of the filter is correct.

Default

objectclass=group

group_gid¶

The attribute used in a search to match a group, it could be cn, name or other attributes.

Default

cn

group_scope¶

The scope to search for users: 1-LDAP_SCOPE_BASE, 2-LDAP_SCOPE_ONELEVEL, 3-LDAP_SCOPE_SUBTREE

Default

"2"

scope¶

The scope to search for users: 0-LDAP_SCOPE_BASE, 1-LDAP_SCOPE_ONELEVEL, 2-LDAP_SCOPE_SUBTREE

Default

"2"

searchdn¶

A user’s DN who has the permission to search the LDAP/AD server. If your LDAP/AD server does not support anonymous search, you should configure this DN and ldap.searchpwd.

searchpwd¶

The password of the ldap.searchdn

timeout¶

Timeout (in seconds) when connecting to an LDAP Server

Default

5

uid¶

The attribute used in a search to match a user, it could be uid, cn, email, sAMAccountName or other attributes.

Default

uid

url¶

The url for an ldap endpoint

Default

ldaps://ldap.mydomain.com

verify_cert¶

Verify SSL certificate of LDAP server

Default

true

log_rotate_count¶

The max count of log files before rotated

Default

10

log_rotate_size¶

The max size of single log file

Default

100M

max_job_workers¶

Maximum number of job workers in job service

Default

50

no_proxy¶

The no_proxy config for Clair

Default

127.0.0.1,localhost,ui,registry

populate_etc_hosts¶

Whether to add IP to hostname mapping for Harbor instance in /etc/hosts.

Default

false

project_creation_restriction¶

The flag to control what users have permission to create projects. The default value [everyone] allows everyone to creates a project. Set to [adminonly] so that only admin user can create project.

Default

everyone

registry_storage_provider¶

config¶

The comma separated ‘key: value’ pairs for configuring Docker Registry storage provider.

Default

""

gcs¶

keyfile_content¶

The text content of the GCS key file.

Default

""

name¶

The name of Docker Registry storage provider.

Default

filesystem

nfs¶

mount_point¶

The local mount point for remote NFS Server.

Default

/harbor-registry

server_uri¶

The URI of NFS Server, e.g. nfs_server_ip:/path/to/exported_directory .

redirect¶

This allows to redirect to the docker storage location

Default

false

reload_config¶

Whether to reload all configurations in harbor.cfg

Default

true

self_registration¶

Turn on or off the self-registration feature

Default

"on"

ssl¶

ca¶

The CA of the server

cert¶

The certificate for server

key¶

The certificate key for server

token_expiration¶

The expiration time (in minute) of token created by token service, default is 30 minutes

Default

30

trusted_certificates¶

The opsmanager trusted certificates.

uaa¶

admin¶

client_id¶

ID of UAA admin client

Default

""

client_secret¶

Secret of UAA admin client

Default

""

ca_cert¶

The root CA of UAA Server certificate.

Default

""

client_id¶

The client id for connecting to UAA Server.

Default

""

client_secret¶

The client secret for connecting to UAA Server.

Default

""

url¶

UAA Server URL

Default

""

verify_cert¶

Whether to verify UAA Server certificate.

Default

true

ui_url_protocol¶

The protocol for accessing the UI and token/notification service, by default it is https

Default

https

with_clair¶

An option to determine whether install the optional component Clair or not.

Default

true

with_notary¶

An option to determine whether install the optional component Notary or not.

Default

true

Templates¶

Templates are rendered and placed onto corresponding instances during the deployment process. This job's templates will be placed into /var/vcap/jobs/harbor/ directory (learn more).

• bin/ctl (from bin/ctl.erb)
• bin/pre-start (from bin/pre-start.erb)
• bin/properties.sh (from bin/properties.sh.erb)
• bin/status_check (from bin/status_check.erb)
• bin/uaa.sh (from bin/uaa.sh.erb)
• config/ca.crt (from config/ca.crt)
• config/daemon.json (from config/daemon.json)
• config/gcs_keyfile (from config/gcs_keyfile)
• config/harbor.cfg (from config/harbor.cfg)
• config/server.crt (from config/server.crt)
• config/server.key (from config/server.key)
• config/trusted_certificates.crt (from config/trusted_certificates.crt)
• config/uaa.json (from config/uaa.json.erb)
• config/uaa_ca.crt (from config/uaa_ca.crt)

Packages¶

Packages are compiled and placed onto corresponding instances during the deployment process. Packages will be placed into /var/vcap/packages/ directory.

• common
• docker-compose
• harbor-app
• harbor-common
• nfs-common
• python
• uaa