diff --git a/bitnami/harbor-notary-server/2/debian-11/Dockerfile b/bitnami/harbor-notary-server/2/debian-11/Dockerfile index 6b7317cdad3d..6aa328d8133d 100644 --- a/bitnami/harbor-notary-server/2/debian-11/Dockerfile +++ b/bitnami/harbor-notary-server/2/debian-11/Dockerfile @@ -4,7 +4,7 @@ ARG TARGETARCH LABEL org.opencontainers.image.authors="https://bitnami.com/contact" \ org.opencontainers.image.description="Application packaged by Bitnami" \ - org.opencontainers.image.ref.name="2.6.2-debian-11-r9" \ + org.opencontainers.image.ref.name="2.6.2-debian-11-r10" \ org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/harbor-notary-server" \ org.opencontainers.image.title="harbor-notary-server" \ org.opencontainers.image.vendor="VMware, Inc." \ diff --git a/bitnami/harbor-notary-server/2/debian-11/config/notary/server-config.postgres.json b/bitnami/harbor-notary-server/2/debian-11/config/notary/server-config.postgres.json index a0256dbde419..740284b03ef9 100644 --- a/bitnami/harbor-notary-server/2/debian-11/config/notary/server-config.postgres.json +++ b/bitnami/harbor-notary-server/2/debian-11/config/notary/server-config.postgres.json @@ -1,28 +1,28 @@ { - "server": { - "http_addr": ":4443" - }, - "trust_service": { - "type": "remote", - "hostname": "notarysigner", - "port": "7899", - "tls_ca_file": "./notary-signer-ca.crt", - "key_algorithm": "ecdsa" - }, - "logging": { - "level": "debug" - }, - "storage": { - "backend": "postgres", - "db_url": "postgres://server:password@postgresql:5432/notaryserver?sslmode=disable" - }, - "auth": { - "type": "token", - "options": { - "realm": "https://reg.mydomain.com/service/token", - "service": "harbor-notary", - "issuer": "harbor-token-issuer", - "rootcertbundle": "/etc/notary/root.crt" - } + "server": { + "http_addr": ":4443" + }, + "trust_service": { + "type": "remote", + "hostname": "notarysigner", + "port": "7899", + "tls_ca_file": "./notary-signer-ca.crt", + "key_algorithm": "ecdsa" + }, + "logging": { + "level": "debug" + }, + "storage": { + "backend": "postgres", + "db_url": "postgres://server:password@postgresql:5432/notaryserver?sslmode=disable" + }, + "auth": { + "type": "token", + "options": { + "realm": "https://reg.mydomain.com/service/token", + "service": "harbor-notary", + "issuer": "harbor-token-issuer", + "rootcertbundle": "/etc/notary/root.crt" } + } } diff --git a/bitnami/harbor-notary-server/2/debian-11/config/notary/signer-config.postgres.json b/bitnami/harbor-notary-server/2/debian-11/config/notary/signer-config.postgres.json index 470ede27e0ca..cc70c132804c 100644 --- a/bitnami/harbor-notary-server/2/debian-11/config/notary/signer-config.postgres.json +++ b/bitnami/harbor-notary-server/2/debian-11/config/notary/signer-config.postgres.json @@ -1,15 +1,15 @@ { - "server": { - "grpc_addr": ":7899", - "tls_cert_file": "./notary-signer.crt", - "tls_key_file": "./notary-signer.key" - }, - "logging": { - "level": "debug" - }, - "storage": { - "backend": "postgres", - "db_url": "postgres://signer:password@postgresql:5432/notarysigner?sslmode=disable", - "default_alias": "defaultalias" - } -} + "server": { + "grpc_addr": ":7899", + "tls_cert_file": "./notary-signer.crt", + "tls_key_file": "./notary-signer.key" + }, + "logging": { + "level": "debug" + }, + "storage": { + "backend": "postgres", + "db_url": "postgres://signer:password@postgresql:5432/notarysigner?sslmode=disable", + "default_alias": "defaultalias" + } +} diff --git a/bitnami/harbor-notary-server/2/debian-11/rootfs/opt/bitnami/scripts/harbor-notary-server-env.sh b/bitnami/harbor-notary-server/2/debian-11/rootfs/opt/bitnami/scripts/harbor-notary-server-env.sh new file mode 100644 index 000000000000..f9c6ce4e7cc0 --- /dev/null +++ b/bitnami/harbor-notary-server/2/debian-11/rootfs/opt/bitnami/scripts/harbor-notary-server-env.sh @@ -0,0 +1,30 @@ +#!/bin/bash +# +# Environment configuration for harbor-notary-server + +# The values for all environment variables will be set in the below order of precedence +# 1. Custom environment variables defined below after Bitnami defaults +# 2. Constants defined in this file (environment variables with no default), i.e. BITNAMI_ROOT_DIR +# 3. Environment variables overridden via external files using *_FILE variables (see below) +# 4. Environment variables set externally (i.e. current Bash context/Dockerfile/userdata) + +# Load logging library +# shellcheck disable=SC1090,SC1091 +. /opt/bitnami/scripts/liblog.sh + +export BITNAMI_ROOT_DIR="/opt/bitnami" +export BITNAMI_VOLUME_DIR="/bitnami" + +# Logging configuration +export MODULE="${MODULE:-harbor-notary-server}" +export BITNAMI_DEBUG="${BITNAMI_DEBUG:-false}" + +# Paths +export HARBOR_NOTARY_SERVER_BASE_DIR="${BITNAMI_ROOT_DIR}/harbor-notary-server" +export PATH="${BITNAMI_ROOT_DIR}/common/bin:${PATH}" + +# System users +export HARBOR_NOTARY_SERVER_DAEMON_USER="harbor" +export HARBOR_NOTARY_SERVER_DAEMON_GROUP="harbor" + +# Custom environment variables may be defined below diff --git a/bitnami/harbor-notary-server/2/debian-11/rootfs/opt/bitnami/scripts/harbor-notary-server/entrypoint.sh b/bitnami/harbor-notary-server/2/debian-11/rootfs/opt/bitnami/scripts/harbor-notary-server/entrypoint.sh index a57009f7cd18..fe55522d6152 100755 --- a/bitnami/harbor-notary-server/2/debian-11/rootfs/opt/bitnami/scripts/harbor-notary-server/entrypoint.sh +++ b/bitnami/harbor-notary-server/2/debian-11/rootfs/opt/bitnami/scripts/harbor-notary-server/entrypoint.sh @@ -5,7 +5,7 @@ set -o errexit set -o nounset set -o pipefail -#set -o xtrace +# set -o xtrace # Uncomment this line for debugging purposes # Load libraries . /opt/bitnami/scripts/libbitnami.sh @@ -13,9 +13,9 @@ set -o pipefail print_welcome_page if [[ "$1" = "/opt/bitnami/scripts/harbor-notary-server/run.sh" ]]; then - info "** Starting Harbor Notary Server setup **" + info "** Starting harbor-notary-server setup **" /opt/bitnami/scripts/harbor-notary-server/setup.sh - info "** Harbor Notary Server setup finished! **" + info "** harbor-notary-server setup finished! **" fi echo "" diff --git a/bitnami/harbor-notary-server/2/debian-11/rootfs/opt/bitnami/scripts/harbor-notary-server/postunpack.sh b/bitnami/harbor-notary-server/2/debian-11/rootfs/opt/bitnami/scripts/harbor-notary-server/postunpack.sh index 0f0369a864a0..1227e902bb60 100755 --- a/bitnami/harbor-notary-server/2/debian-11/rootfs/opt/bitnami/scripts/harbor-notary-server/postunpack.sh +++ b/bitnami/harbor-notary-server/2/debian-11/rootfs/opt/bitnami/scripts/harbor-notary-server/postunpack.sh @@ -2,14 +2,26 @@ # shellcheck disable=SC1091 +set -o errexit +set -o nounset +set -o pipefail +# set -o xtrace # Uncomment this line for debugging purposes + # Load libraries . /opt/bitnami/scripts/libfs.sh +. /opt/bitnami/scripts/libos.sh +. /opt/bitnami/scripts/libservice.sh +. /opt/bitnami/scripts/libharbor.sh -# Ensure a set of directories exist +# Load environment +. /opt/bitnami/scripts/harbor-notary-server-env.sh + +ensure_user_exists "$HARBOR_NOTARY_SERVER_DAEMON_USER" --group "$HARBOR_NOTARY_SERVER_DAEMON_GROUP" + +# Ensure a set of directories exist and the non-root user has write privileges to them ensure_dir_exists "/etc/notary" - -# Ensure the non-root user has writing permission at a set of directories chmod -R g+rwX "/etc/notary" +chown -R "$HARBOR_NOTARY_SERVER_DAEMON_USER" "/etc/notary" # Fix for CentOS Internal TLS if [[ -f /etc/pki/tls/certs/ca-bundle.crt ]]; then diff --git a/bitnami/harbor-notary-server/2/debian-11/rootfs/opt/bitnami/scripts/harbor-notary-server/run.sh b/bitnami/harbor-notary-server/2/debian-11/rootfs/opt/bitnami/scripts/harbor-notary-server/run.sh index f19f4f7f6234..76a7f0c4d3d2 100755 --- a/bitnami/harbor-notary-server/2/debian-11/rootfs/opt/bitnami/scripts/harbor-notary-server/run.sh +++ b/bitnami/harbor-notary-server/2/debian-11/rootfs/opt/bitnami/scripts/harbor-notary-server/run.sh @@ -5,19 +5,26 @@ set -o errexit set -o nounset set -o pipefail -#set -o xtrace +# set -o xtrace # Uncomment this line for debugging purposes # Load libraries . /opt/bitnami/scripts/liblog.sh +. /opt/bitnami/scripts/libos.sh -readonly cmd=$(command -v notary-server) -readonly flags=("-config=/etc/notary/server-config.postgres.json" "-logf=logfmt") -readonly installdir=$(dirname "$(dirname "$cmd")") +# Load harbor-notary-server environment +. /opt/bitnami/scripts/harbor-notary-server-env.sh -cd "$installdir" +CMD="$(command -v notary-server)" +FLAGS=("-config=/etc/notary/server-config.postgres.json" "-logf=logfmt") -info "Running Harbor Notary Server migrations" -"$installdir"/migrations/migrate.sh +cd "$HARBOR_NOTARY_SERVER_BASE_DIR" -info "** Starting Harbor Notary Server **" -exec "$cmd" "${flags[@]}" +info "Running harbor-notary-server migrations" +migrations/migrate.sh + +info "** Starting harbor-notary-server **" +if am_i_root; then + exec gosu "$HARBOR_NOTARY_SERVER_DAEMON_USER" "$CMD" "${FLAGS[@]}" +else + exec "$CMD" "${FLAGS[@]}" +fi diff --git a/bitnami/harbor-notary-server/2/debian-11/rootfs/opt/bitnami/scripts/harbor-notary-server/setup.sh b/bitnami/harbor-notary-server/2/debian-11/rootfs/opt/bitnami/scripts/harbor-notary-server/setup.sh index a147f9eea41b..6fa1a540f85a 100755 --- a/bitnami/harbor-notary-server/2/debian-11/rootfs/opt/bitnami/scripts/harbor-notary-server/setup.sh +++ b/bitnami/harbor-notary-server/2/debian-11/rootfs/opt/bitnami/scripts/harbor-notary-server/setup.sh @@ -5,11 +5,15 @@ set -o errexit set -o nounset set -o pipefail -# set -o xtrace +# set -o xtrace # Uncomment this line for debugging purposes # Load libraries . /opt/bitnami/scripts/liblog.sh . /opt/bitnami/scripts/libvalidations.sh +. /opt/bitnami/scripts/libharbor.sh + +# Load environment +. /opt/bitnami/scripts/harbor-notary-server-env.sh # Auxiliar Functions @@ -21,7 +25,7 @@ set -o pipefail # None ######################### harbor_notary_server_validate() { - info "Validating Harbor Notary Server settings..." + info "Validating harbor-notary-server settings..." if [[ ! -f "/etc/notary/server-config.postgres.json" ]]; then error "No configuration file was detected. Please mount your configuration file at \"/etc/notary/server-config.postgres.json\"" @@ -29,5 +33,5 @@ harbor_notary_server_validate() { fi } -# Ensure Harbor Notary Server settings are valid +# Ensure harbor-notary-server settings are valid harbor_notary_server_validate diff --git a/bitnami/harbor-notary-server/2/debian-11/rootfs/opt/bitnami/scripts/libharbor.sh b/bitnami/harbor-notary-server/2/debian-11/rootfs/opt/bitnami/scripts/libharbor.sh new file mode 100644 index 000000000000..c33761e3e2e4 --- /dev/null +++ b/bitnami/harbor-notary-server/2/debian-11/rootfs/opt/bitnami/scripts/libharbor.sh @@ -0,0 +1,614 @@ +#!/bin/bash +# +# Bitnami Harbor library + +# shellcheck disable=SC1091 + +# Load Generic Libraries +. /opt/bitnami/scripts/liblog.sh +. /opt/bitnami/scripts/libos.sh +. /opt/bitnami/scripts/libservice.sh + +######################## +# Get the paths relevant to CA certs depending +# on the OS +# Globals: +# OS_FLAVOUR +# Arguments: +# None +# Returns: +# A series of paths relevant to CA certs +# depending on the OS. +######################### +get_system_cert_paths() { + if [[ "$OS_FLAVOUR" =~ ^(debian|ubuntu)-.*$ ]]; then + echo "/etc/ssl/certs/" + elif [[ "$OS_FLAVOUR" =~ ^(centos|photon)-.*$ ]]; then + echo "/etc/pki/tls/certs/" + else + # Check the existence of generic paths when OS_FLAVOR does + # not match + if [[ -d /etc/ssl/certs/ ]] ; then + echo "/etc/ssl/certs/" + elif [[ -d /etc/pki/tls/certs/ ]]; then + echo "/etc/pki/tls/certs/" + else + error "Could not determine relevant CA paths for this OS Flavour" + fi + fi +} + +######################## +# Place a given certificate in the correct location for installation +# depending on the OS +# Globals: +# OS_FLAVOUR* +# Arguments: +# $1 - certificate to be installed +# Returns: +# None +######################### +install_cert() { + local -r cert="${1:?missing certificate}" + + if [[ "$OS_FLAVOUR" =~ ^(debian|ubuntu)-.*$ ]]; then + cat "$cert" >> /etc/ssl/certs/ca-certificates.crt + elif [[ "$OS_FLAVOUR" =~ ^(centos|photon)-.*$ ]]; then + cat "$cert" >> /etc/pki/tls/certs/ca-bundle.crt + else + # Check the existence of generic ca-bundles when OS_FLAVOR does + # not match + if [[ -f /etc/ssl/certs/ca-certificates.crt ]] ; then + cat "$cert" >> /etc/ssl/certs/ca-certificates.crt + elif [[ -f /etc/pki/tls/certs/ca-bundle.crt ]]; then + cat "$cert" >> /etc/pki/tls/certs/ca-bundle.crt + else + error "Could not install CA certificate ${cert} CA in this OS Flavour" + fi + fi +} + +######################## +# Install CA certificates found under the specific paths +# Globals: +# None +# Arguments: +# None +# Returns: +# None +######################### +install_custom_certs() { + local installed=false + + # Install any internalTLS CA authority certificate, found under + # /etc/harbor/ssl/{component}/ca.crt + if [[ -d /etc/harbor/ssl ]]; then + info "Appending internalTLS trust CA cert..." + while IFS= read -r -d '' caCert; do + install_cert "$caCert" + installed=true + debug "Internal tls trust CA $caCert copied" + done < <(find /etc/harbor/ssl -maxdepth 2 -name ca.crt -print0) + info "interalTLS CA certs appending done!" + fi + + # Install any other custom certificate provided by the end user under the path + # /harbor_cust_cert + if [[ -d /harbor_cust_cert ]]; then + info "Appending custom trust CA certs ..." + for certFile in /harbor_cust_cert/*; do + case ${certFile} in + *.crt | *.ca | *.ca-bundle | *.pem) + if [[ -d "$certFile" ]]; then + debug "$certFile is a directory, skipping it" + else + install_cert "$certFile" + installed=true + debug "Custom CA cert $certFile copied" + fi + ;; + *) debug "$certFile is not a CA cert file, skipping it" ;; + esac + done + fi + + if [[ "$installed" = true ]]; then + info "Custom certificates were installed in the system!" + else + info "No custom certificates were installed in the system" + fi +} + +######################## +# Generate an .env file contents given an input string containing all envvars +# Arguments: +# None +# Returns: +# String +######################### +harbor_generate_env_file_contents() { + local -r envvars_string="${1:?missing envvars}" + echo "#!/bin/bash" + while IFS= read -r ENV_VAR_LINE; do + if [[ ! "$ENV_VAR_LINE" =~ ^[A-Z_] ]]; then + continue + fi + ENV_VAR_NAME="${ENV_VAR_LINE/=*}" + ENV_VAR_VALUE="${ENV_VAR_LINE#*=}" + # Use single quotes to avoid shell expansion, and escape to be parsed properly (even if it contains quotes) + # Escape the value, so it can be parsed as a variable even with quotes set + echo "export ${ENV_VAR_NAME}='${ENV_VAR_VALUE//\'/\'\\\'\'}'" + done <<< "$envvars_string" +} + +######################## +# Print harbor-core runtime environment +# Arguments: +# None +# Returns: +# Boolean +######################### +harbor_core_print_env() { + # The CSRF key can only be up to 32 characters long + HARBOR_CORE_CFG_CSRF_KEY="${HARBOR_CORE_CFG_CSRF_KEY:0:32}" + for var in "${!HARBOR_CORE_CFG_@}"; do + echo "${var/HARBOR_CORE_CFG_/}=${!var}" + done +} + +######################## +# Check if harbor-core is running +# Arguments: +# None +# Returns: +# Boolean +######################### +is_harbor_core_running() { + # harbor-core does not create any PID file + # We regenerate the PID file for each time we query it to avoid getting outdated + pgrep -f "$(command -v harbor_core)" > "$HARBOR_CORE_PID_FILE" + + pid="$(get_pid_from_file "$HARBOR_CORE_PID_FILE")" + if [[ -n "$pid" ]]; then + is_service_running "$pid" + else + false + fi +} + +######################## +# Check if harbor-core is not running +# Arguments: +# None +# Returns: +# Boolean +######################### +is_harbor_core_not_running() { + ! is_harbor_core_running +} + +######################## +# Stop harbor-core +# Arguments: +# None +# Returns: +# None +######################### +harbor_core_stop() { + ! is_harbor_core_running && return + stop_service_using_pid "$HARBOR_CORE_PID_FILE" +} + +######################## +# Print harbor-jobservice runtime environment +# Arguments: +# None +# Returns: +# Boolean +######################### +harbor_jobservice_print_env() { + for var in "${!HARBOR_JOBSERVICE_CFG_@}"; do + echo "${var/HARBOR_JOBSERVICE_CFG_/}=${!var}" + done +} + +######################## +# Check if harbor-jobservice is running +# Arguments: +# None +# Returns: +# Boolean +######################### +is_harbor_jobservice_running() { + # harbor-jobservice does not create any PID file + # We regenerate the PID file for each time we query it to avoid getting outdated + pgrep -f "$(command -v harbor_jobservice)" > "$HARBOR_JOBSERVICE_PID_FILE" + + pid="$(get_pid_from_file "$HARBOR_JOBSERVICE_PID_FILE")" + if [[ -n "$pid" ]]; then + is_service_running "$pid" + else + false + fi +} + +######################## +# Check if harbor-jobservice is not running +# Arguments: +# None +# Returns: +# Boolean +######################### +is_harbor_jobservice_not_running() { + ! is_harbor_jobservice_running +} + +######################## +# Stop harbor-jobservice +# Arguments: +# None +# Returns: +# None +######################### +harbor_jobservice_stop() { + ! is_harbor_jobservice_running && return + stop_service_using_pid "$HARBOR_JOBSERVICE_PID_FILE" +} + +######################## +# Print harbor-notary-server runtime environment +# Arguments: +# None +# Returns: +# Boolean +######################### +harbor_notary_server_print_env() { + if [[ -n "${HARBOR_NOTARY_SERVER_DATABASE_NAME:-}" ]]; then + HARBOR_NOTARY_SERVER_CFG_DB_URL="postgres://${HARBOR_NOTARY_SERVER_DATABASE_USERNAME:-}:${HARBOR_NOTARY_SERVER_DATABASE_PASSWORD:-}@${HARBOR_NOTARY_SERVER_DATABASE_HOST:-127.0.0.1}:${HARBOR_NOTARY_SERVER_DATABASE_PORT_NUMBER:-5432}/${HARBOR_NOTARY_SERVER_DATABASE_NAME}?sslmode=${HARBOR_NOTARY_SERVER_DATABASE_SSLMODE:-disable}" + fi + for var in "${!HARBOR_NOTARY_SERVER_CFG_@}"; do + echo "${var/HARBOR_NOTARY_SERVER_CFG_/}=${!var}" + done +} + +######################## +# Check if harbor-notary-server is running +# Arguments: +# None +# Returns: +# Boolean +######################### +is_harbor_notary_server_running() { + # harbor-notary-server does not create any PID file + # We regenerate the PID file for each time we query it to avoid getting outdated + pgrep -f "$(command -v notary-server)" > "$HARBOR_NOTARY_SERVER_PID_FILE" + + pid="$(get_pid_from_file "$HARBOR_NOTARY_SERVER_PID_FILE")" + if [[ -n "$pid" ]]; then + is_service_running "$pid" + else + false + fi +} + +######################## +# Check if harbor-notary-server is not running +# Arguments: +# None +# Returns: +# Boolean +######################### +is_harbor_notary_server_not_running() { + ! is_harbor_notary_server_running +} + +######################## +# Stop harbor-notary-server +# Arguments: +# None +# Returns: +# None +######################### +harbor_notary_server_stop() { + ! is_harbor_notary_server_running && return + stop_service_using_pid "$HARBOR_NOTARY_SERVER_PID_FILE" +} + +######################## +# Print harbor-notary-signer runtime environment +# Arguments: +# None +# Returns: +# Boolean +######################### +harbor_notary_signer_print_env() { + if [[ -n "${HARBOR_NOTARY_SIGNER_DATABASE_NAME:-}" ]]; then + HARBOR_NOTARY_SIGNER_CFG_DB_URL="postgres://${HARBOR_NOTARY_SIGNER_DATABASE_USERNAME:-}:${HARBOR_NOTARY_SIGNER_DATABASE_PASSWORD:-}@${HARBOR_NOTARY_SIGNER_DATABASE_HOST:-127.0.0.1}:${HARBOR_NOTARY_SIGNER_DATABASE_PORT_NUMBER:-5432}/${HARBOR_NOTARY_SIGNER_DATABASE_NAME}?sslmode=${HARBOR_NOTARY_SIGNER_DATABASE_SSLMODE:-disable}" + fi + for var in "${!HARBOR_NOTARY_SIGNER_CFG_@}"; do + echo "${var/HARBOR_NOTARY_SIGNER_CFG_/}=${!var}" + done +} + +######################## +# Check if harbor-notary-signer is running +# Arguments: +# None +# Returns: +# Boolean +######################### +is_harbor_notary_signer_running() { + # harbor-notary-signer does not create any PID file + # We regenerate the PID file for each time we query it to avoid getting outdated + pgrep -f "$(command -v notary-signer)" > "$HARBOR_NOTARY_SIGNER_PID_FILE" + + pid="$(get_pid_from_file "$HARBOR_NOTARY_SIGNER_PID_FILE")" + if [[ -n "$pid" ]]; then + is_service_running "$pid" + else + false + fi +} + +######################## +# Check if harbor-notary-signer is not running +# Arguments: +# None +# Returns: +# Boolean +######################### +is_harbor_notary_signer_not_running() { + ! is_harbor_notary_signer_running +} + +######################## +# Stop harbor-notary-signer +# Arguments: +# None +# Returns: +# None +######################### +harbor_notary_signer_stop() { + ! is_harbor_notary_signer_running && return + stop_service_using_pid "$HARBOR_NOTARY_SIGNER_PID_FILE" +} + +######################## +# Print harbor-registry runtime environment +# Arguments: +# None +# Returns: +# Boolean +######################### +harbor_registry_print_env() { + if [[ -n "$HARBOR_REGISTRY_USER" && -n "$HARBOR_REGISTRY_PASSWORD" ]]; then + HARBOR_REGISTRY_CFG_REGISTRY_HTPASSWD="$(htpasswd -nbBC10 "$HARBOR_REGISTRY_USER" "$HARBOR_REGISTRY_PASSWORD")" + # Update passwd file + echo "$HARBOR_REGISTRY_CFG_REGISTRY_HTPASSWD" >/etc/registry/passwd + fi + for var in "${!HARBOR_REGISTRY_CFG_@}"; do + echo "${var/HARBOR_REGISTRY_CFG_/}=${!var}" + done +} + +######################## +# Check if harbor-registry is running +# Arguments: +# None +# Returns: +# Boolean +######################### +is_harbor_registry_running() { + # harbor-registry does not create any PID file + # We regenerate the PID file for each time we query it to avoid getting outdated + pgrep -f "$(command -v registry)" > "$HARBOR_REGISTRY_PID_FILE" + + pid="$(get_pid_from_file "$HARBOR_REGISTRY_PID_FILE")" + if [[ -n "$pid" ]]; then + is_service_running "$pid" + else + false + fi +} + +######################## +# Check if harbor-registry is not running +# Arguments: +# None +# Returns: +# Boolean +######################### +is_harbor_registry_not_running() { + ! is_harbor_registry_running +} + +######################## +# Stop harbor-registry +# Arguments: +# None +# Returns: +# None +######################### +harbor_registry_stop() { + ! is_harbor_registry_running && return + stop_service_using_pid "$HARBOR_REGISTRY_PID_FILE" +} + +######################## +# Print harbor-registryctl runtime environment +# Arguments: +# None +# Returns: +# Boolean +######################### +harbor_registryctl_print_env() { + if [[ -n "$HARBOR_REGISTRYCTL_USER" && -n "$HARBOR_REGISTRYCTL_PASSWORD" ]]; then + HARBOR_REGISTRYCTL_CFG_REGISTRY_HTPASSWD="$(htpasswd -nbBC10 "$HARBOR_REGISTRYCTL_USER" "$HARBOR_REGISTRYCTL_PASSWORD")" + # Update passwd file + echo "$HARBOR_REGISTRYCTL_CFG_REGISTRY_HTPASSWD" >/etc/registry/passwd + fi + for var in "${!HARBOR_REGISTRYCTL_CFG_@}"; do + echo "${var/HARBOR_REGISTRYCTL_CFG_/}=${!var}" + done +} + +######################## +# Check if harbor-registryctl is running +# Arguments: +# None +# Returns: +# Boolean +######################### +is_harbor_registryctl_running() { + # harbor-registryctl does not create any PID file + # We regenerate the PID file for each time we query it to avoid getting outdated + pgrep -f "$(command -v harbor_registryctl)" > "$HARBOR_REGISTRYCTL_PID_FILE" + + pid="$(get_pid_from_file "$HARBOR_REGISTRYCTL_PID_FILE")" + if [[ -n "$pid" ]]; then + is_service_running "$pid" + else + false + fi +} + +######################## +# Check if harbor-registryctl is not running +# Arguments: +# None +# Returns: +# Boolean +######################### +is_harbor_registryctl_not_running() { + ! is_harbor_registryctl_running +} + +######################## +# Stop harbor-registryctl +# Arguments: +# None +# Returns: +# None +######################### +harbor_registryctl_stop() { + ! is_harbor_registryctl_running && return + stop_service_using_pid "$HARBOR_REGISTRYCTL_PID_FILE" + # The service may not respond properly to the default kill signal, so send a SIGKILL if it fails + local -r retries=5 + local -r sleep_time=1 + if ! retry_while "is_harbor_registryctl_not_running" "$retries" "$sleep_time"; then + stop_service_using_pid "$HARBOR_REGISTRYCTL_PID_FILE" SIGKILL + fi +} + +######################## +# Print harbor-adapter-trivy runtime environment +# Arguments: +# None +# Returns: +# Boolean +######################### +harbor_adapter_trivy_print_env() { + for var in "${!SCANNER_TRIVY_CFG_@}"; do + echo "${var/SCANNER_TRIVY_CFG_/}=${!var}" + done +} + +######################## +# Check if harbor-adapter-trivy is running +# Arguments: +# None +# Returns: +# Boolean +######################### +is_harbor_adapter_trivy_running() { + # harbor-adapter-trivy does not create any PID file + # We regenerate the PID file for each time we query it to avoid getting outdated + pgrep -f "$(command -v scanner-trivy)" > "$SCANNER_TRIVY_PID_FILE" + + pid="$(get_pid_from_file "$SCANNER_TRIVY_PID_FILE")" + if [[ -n "$pid" ]]; then + is_service_running "$pid" + else + false + fi +} + +######################## +# Check if harbor-adapter-trivy is not running +# Arguments: +# None +# Returns: +# Boolean +######################### +is_harbor_adapter_trivy_not_running() { + ! is_harbor_adapter_trivy_running +} + +######################## +# Stop harbor-adapter-trivy +# Arguments: +# None +# Returns: +# None +######################### +harbor_adapter_trivy_stop() { + ! is_harbor_adapter_trivy_running && return + stop_service_using_pid "$SCANNER_TRIVY_PID_FILE" +} + +######################## +# Print chartmuseum runtime environment +# Arguments: +# None +# Returns: +# Boolean +######################### +chartmuseum_print_env() { + for var in "${!CHARTMUSEUM_CFG_@}"; do + echo "${var/CHARTMUSEUM_CFG_/}=${!var}" + done +} + +######################## +# Check if chartmuseum is running +# Arguments: +# None +# Returns: +# Boolean +######################### +is_chartmuseum_running() { + # chartmuseum does not create any PID file + # We regenerate the PID file for each time we query it to avoid getting outdated + pgrep -f "$(command -v chartmuseum)" > "$CHARTMUSEUM_PID_FILE" + + pid="$(get_pid_from_file "$CHARTMUSEUM_PID_FILE")" + if [[ -n "$pid" ]]; then + is_service_running "$pid" + else + false + fi +} + +######################## +# Check if chartmuseum is not running +# Arguments: +# None +# Returns: +# Boolean +######################### +is_chartmuseum_not_running() { + ! is_chartmuseum_running +} + +######################## +# Stop chartmuseum +# Arguments: +# None +# Returns: +# None +######################### +chartmuseum_stop() { + ! is_chartmuseum_running && return + stop_service_using_pid "$CHARTMUSEUM_PID_FILE" +}