diff --git a/endpoints/api/suconfig.py b/endpoints/api/suconfig.py index 337d5b6aa..4bd6ca8b2 100644 --- a/endpoints/api/suconfig.py +++ b/endpoints/api/suconfig.py @@ -67,11 +67,15 @@ class SuperUserGetConfig(ApiResource): 'type': 'object', 'description': 'Updates the YAML config file', 'required': [ - 'config' + 'config', + 'hostname' ], 'properties': { 'config': { 'type': 'object' + }, + 'hostname': { + 'type': 'string' } }, }, @@ -102,9 +106,10 @@ class SuperUserGetConfig(ApiResource): # so we also allow it to be called if there is no valid registry configuration setup. if not os.path.exists(OVERRIDE_CONFIG_YAML_FILENAME) or SuperUserPermission().can(): config_object = request.get_json()['config'] + hostname = request.get_json()['hostname'] # Add any enterprise defaults missing from the config. - add_enterprise_config_defaults(config_object, app.config['SECRET_KEY']) + add_enterprise_config_defaults(config_object, app.config['SECRET_KEY'], hostname) # Write the configuration changes to the YAML file. export_yaml(config_object, OVERRIDE_CONFIG_YAML_FILENAME) diff --git a/static/directives/config/config-setup-tool.html b/static/directives/config/config-setup-tool.html index ffd51bf3d..874322ab9 100644 --- a/static/directives/config/config-setup-tool.html +++ b/static/directives/config/config-setup-tool.html @@ -1,654 +1,656 @@
- -
-
- Basic Configuration -
-
- - - - - - - - - - - - - - - - - - -
Enterprise Logo URL: - -
- This is optional. If not specified, the default logo will be used. -
- 		- -
Contact Information: - -
- Information to show in the Contact Page. If none specified, CoreOS contact information - is displayed. -
- -
- - - - - - -
E-mailmailto:some@email.com
IRCirc://server:port/channel
Telephonetel:number
Twitterhttps://twitter.com/twitterhandle
URLhttp(s)://*
-
-
User Creation: -
- - -
-
- If enabled, users can be created from the registry UI. -
-
Build Support: -
- - -
-
- If enabled, users can submit Dockerfiles to be built and pushed by the Enterprise Registry. -
- -
- Note: Build workers are required for this feature. - See Adding Build Workers for instructions on how to setup build workers. -
-
-
-
- - -
-
- Server Configuration -
-
- - - - - - - - - -
Server hostname: - -
- The HTTP host (and optionally the port number if a non-standard HTTP/HTTPS port) of the location - where the registry will be accessible on the network -
-
SSL: -
- - -
-
- A valid SSL certificate and private key files are required to use this option. -
- - - - - - - - - -
Certificate: - -
- The certificate must be in PEM format. -
-
Private key: - -
-
- -
-
- - -
-
- redis -
-
-
-

A redis key-value store is required for real-time events and build logs.

+ +
+ +
+
+ Basic Configuration
- - - - - - - - - - - - - - -
Redis hostname: - -
Redis port: - -
- Access to this port and hostname must be allowed from all hosts running - the enterprise registry -
-
Redis password: - -
-
- -
-
-
- - -
-
- Registry Storage -
-
-
-

- Registry images can be stored either locally or in a remote storage system. - A remote storage system is required for high-avaliability systems. -

- +
- + + - - - - - + + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + - - - - - - - + + - - +
Storage Engine:Enterprise Logo URL: - + +
+ This is optional. If not specified, the default logo will be used. +
+ 		+
Storage Path: - -
Contact Information: + +
+ Information to show in the Contact Page. If none specified, CoreOS contact information + is displayed. +
- -
Access Key: - +
+ + + + + + +
E-mailmailto:some@email.com
IRCirc://server:port/channel
Telephonetel:number
Twitterhttps://twitter.com/twitterhandle
URLhttp(s)://*
+
Secret Key: - -
Bucket Name: - -
Access Key: - -
Secret Key: - -
Bucket Name: - -
Hostname: - -
Is Secure:
User Creation:
- - + +
-
Access Key: -
- See - RADOS Documentation - for more information + If enabled, users can be created from the registry UI.
Secret Key: - +
Build Support: +
+ + +
+
+ If enabled, users can submit Dockerfiles to be built and pushed by the Enterprise Registry. +
+ +
+ Note: Build workers are required for this feature. + See Adding Build Workers for instructions on how to setup build workers. +
Bucket Name:
+
+
+ + +
+
+ Server Configuration +
+
+ + + + + + +
Server hostname: - + +
+ The HTTP host (and optionally the port number if a non-standard HTTP/HTTPS port) of the location + where the registry will be accessible on the network +
+
SSL: +
+ + +
+
+ A valid SSL certificate and private key files are required to use this option. +
+ + + + + + + + + +
Certificate: + +
+ The certificate must be in PEM format. +
+
Private key: + +
-
- -
-
+ + +
+
+ redis +
+
+
+

A redis key-value store is required for real-time events and build logs.

+
+ + + + + + + + + + + + + + +
Redis hostname: + +
Redis port: + +
+ Access to this port and hostname must be allowed from all hosts running + the enterprise registry +
+
Redis password: + +
+
+ +
+
+
+ + +
+
+ Registry Storage +
+
+
+

+ Registry images can be stored either locally or in a remote storage system. + A remote storage system is required for high-avaliability systems. +

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Storage Engine: + +
Storage Path: + +
Access Key: + +
Secret Key: + +
Bucket Name: + +
Access Key: + +
Secret Key: + +
Bucket Name: + +
Hostname: + +
Is Secure: +
+ + +
+
Access Key: + +
+ See + RADOS Documentation + for more information +
+
Secret Key: + +
Bucket Name: + +
+ +
+
+ +
+ +
+
+ + +
+
+ E-mail +
+
+
+

Valid e-mail server configuration is required for notification e-mails and the ability of + users to reset their passwords.

+
+ +
+ + +
+ + + + + + + + + + + + + + + + + + + + + + + +
SMTP Server: + +
SMTP Server Port: + +
TLS: +
+ + +
+
Mail Sender: + +
+ E-mail address from which all e-mails are sent. If not specified, + support@quay.io will be used. +
+
Authentication: +
+ + +
+ + + + + + + + + + +
Username: + +
Password: + +
+
+
+ +
+
+
+ + +
+
+ Authentication +
+
+
+

+ Authentication for the registry can be handled by either the registry itself or LDAP. + External authentication providers (such as Github) can be used on top of this choice. +

+
+ + + + + + +
Authentication: + +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
LDAP URI:
Administrator DN:
Base DN:
Administrator Password:
E-mail Attribute:
UID Attribute:
User RDN:
+ +
+ +
+
+
+ + +
+
+ Github (Enterprise) Authentication +
+
+
+

+ If enabled, users can use Github or Github Enterprise to authenticate to the registry. +

+

+ Note: A registered Github (Enterprise) OAuth application is required. + View instructions on how to + + Create an OAuth Application in GitHub + +

+
+ +
+ + +
+ + + + + + + + + + + + + + + + + + +
Github Endpoint: + + +
+ https://github.com/ for github.com. For Github enterprise, the internal Github endpoint. +
+
API Endpoint: + + +
+ https://api.github.com/ for github.com. For Github Enterprise, leave empty. +
+
OAuth Client ID: + + +
OAuth Client Secret: + + +
+ + +
+ +
+
+
+ + +
+
+ Google Authentication +
+
+
+

+ If enabled, users can use Google to authenticate to the registry. +

+

+ Note: A registered Google OAuth application is required. + Visit the + + Google Developer Console + + to register an application. +

+
+ +
+ + +
+ + + + + + + + + + +
OAuth Client ID: + + +
OAuth Client Secret: + + +
+ + +
+ +
+
+
+ + + +
+
+ Github (Enterprise) Build Triggers +
+
+
+

+ If enabled, users can setup Github or Github Enterprise triggers to invoke Registry builds. +

+

+ Note: A registered Github (Enterprise) OAuth application (separate from Github Authentication) is required. + View instructions on how to + + Create an OAuth Application in GitHub + +

+
+ +
+ + +
+ + + + + + + + + + + + + + + + + + +
Github Endpoint: + + +
+ https://github.com/ for github.com. For Github enterprise, the internal Github endpoint. +
+
API Endpoint: + + +
+ https://api.github.com/ for github.com. For Github Enterprise, leave empty. +
+
OAuth Client ID: + + +
OAuth Client Secret: + + +
+ + +
+ +
+
+
- - -
-
- E-mail -
-
-
-

Valid e-mail server configuration is required for notification e-mails and the ability of - users to reset their passwords.

-
- -
- - -
- - - - - - - - - - - - - - - - - - - - - - - -
SMTP Server: - -
SMTP Server Port: - -
TLS: -
- - -
-
Mail Sender: - -
- E-mail address from which all e-mails are sent. If not specified, - support@quay.io will be used. -
-
Authentication: -
- - -
- - - - - - - - - - -
Username: - -
Password: - -
-
-
- -
-
-
- - -
-
- Authentication -
-
-
-

- Authentication for the registry can be handled by either the registry itself or LDAP. - External authentication providers (such as Github) can be used on top of this choice. -

-
- - - - - - -
Authentication: - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
LDAP URI:
Administrator DN:
Base DN:
Administrator Password:
E-mail Attribute:
UID Attribute:
User RDN:
- -
- -
-
-
- - -
-
- Github (Enterprise) Authentication -
-
-
-

- If enabled, users can use Github or Github Enterprise to authenticate to the registry. -

-

- Note: A registered Github (Enterprise) OAuth application is required. - View instructions on how to - - Create an OAuth Application in GitHub - -

-
- -
- - -
- - - - - - - - - - - - - - - - - - -
Github Endpoint: - - -
- https://github.com/ for github.com. For Github enterprise, the internal Github endpoint. -
-
API Endpoint: - - -
- https://api.github.com/ for github.com. For Github Enterprise, leave empty. -
-
OAuth Client ID: - - -
OAuth Client Secret: - - -
- - -
- -
-
-
- - -
-
- Google Authentication -
-
-
-

- If enabled, users can use Google to authenticate to the registry. -

-

- Note: A registered Google OAuth application is required. - Visit the - - Google Developer Console - - to register an application. -

-
- -
- - -
- - - - - - - - - - -
OAuth Client ID: - - -
OAuth Client Secret: - - -
- - -
- -
-
-
- - - -
-
- Github (Enterprise) Build Triggers -
-
-
-

- If enabled, users can setup Github or Github Enterprise triggers to invoke Registry builds. -

-

- Note: A registered Github (Enterprise) OAuth application (separate from Github Authentication) is required. - View instructions on how to - - Create an OAuth Application in GitHub - -

-
- -
- - -
- - - - - - - - - - - - - - - - - - -
Github Endpoint: - - -
- https://github.com/ for github.com. For Github enterprise, the internal Github endpoint. -
-
API Endpoint: - - -
- https://api.github.com/ for github.com. For Github Enterprise, leave empty. -
-
OAuth Client ID: - - -
OAuth Client Secret: - - -
- - -
- -
-
-
-
\ No newline at end of file diff --git a/static/js/controllers.js b/static/js/controllers.js index 6d9dca926..e0b04e319 100644 --- a/static/js/controllers.js +++ b/static/js/controllers.js @@ -3118,7 +3118,8 @@ function SuperUserAdminCtrl($scope, $timeout, ApiService, Features, UserService, var data = { 'config': { 'DB_URI': $scope.databaseUri - } + }, + 'hostname': window.location.host }; var params = { diff --git a/static/js/core-config-setup.js b/static/js/core-config-setup.js index 366101d8d..9ef952f5c 100644 --- a/static/js/core-config-setup.js +++ b/static/js/core-config-setup.js @@ -7,25 +7,10 @@ angular.module("core-config-setup", ['angularFileUpload']) transclude: true, restrict: 'C', scope: { + 'isActive': '=isActive' }, - controller: function($rootScope, $scope, $element, $timeout) { - $scope.config = { - 'DB_URI': 'mysql+pymysql://jschorr:somepassword@mymysql.server.somewhere:768/mydb', - 'PREFERRED_URL_SCHEME': 'https', - 'FEATURE_USER_CREATION': true, - 'DISTRIBUTED_STORAGE_CONFIG': {'local': ['LocalStorage', {'storage_path': '/datastorage/registry'}]}, - 'AUTHENTICATION_TYPE': 'Database' - } - - $scope.generateKey = function() { - var d = new Date().getTime(); - var uuid = 'xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx'.replace(/[xy]/g, function(c) { - var r = (d + Math.random()*16)%16 | 0; - d = Math.floor(d/16); - return (c=='x' ? r : (r&0x3|0x8)).toString(16); - }); - $scope.config['SECRET_KEY'] = uuid; - }; + controller: function($rootScope, $scope, $element, $timeout, ApiService) { + $scope.config = null; $scope.parseDbUri = function(value) { if (!value) { return null; } @@ -55,6 +40,14 @@ angular.module("core-config-setup", ['angularFileUpload']) uri = uri && uri.toString(); return uri; }; + + $scope.$watch('isActive', function(value) { + if (!value) { return; } + + ApiService.scGetConfig().then(function(resp) { + $scope.config = resp['config']; + }); + }); } }; diff --git a/static/partials/super-user.html b/static/partials/super-user.html index 1ba95a39e..ca8679372 100644 --- a/static/partials/super-user.html +++ b/static/partials/super-user.html @@ -29,7 +29,7 @@
-
+
diff --git a/util/configutil.py b/util/configutil.py index e3750df49..981a9150c 100644 --- a/util/configutil.py +++ b/util/configutil.py @@ -36,7 +36,7 @@ def set_config_value(config_file, config_key, value): export_yaml(config_obj, config_file) -def add_enterprise_config_defaults(config_obj, current_secret_key): +def add_enterprise_config_defaults(config_obj, current_secret_key, hostname): """ Adds/Sets the config defaults for enterprise registry config. """ # These have to be false. config_obj['TESTING'] = False @@ -50,6 +50,10 @@ def add_enterprise_config_defaults(config_obj, current_secret_key): config_obj['FEATURE_MAILING'] = config_obj.get('FEATURE_MAILING', False) config_obj['FEATURE_BUILD_SUPPORT'] = config_obj.get('FEATURE_BUILD_SUPPORT', False) + # Default auth type. + if not 'AUTHENTICATION_TYPE' in config_obj: + config_obj['AUTHENTICATION_TYPE'] = 'Database' + # Default secret key. if not 'SECRET_KEY' in config_obj: config_obj['SECRET_KEY'] = current_secret_key @@ -58,12 +62,15 @@ def add_enterprise_config_defaults(config_obj, current_secret_key): if not 'DISTRIBUTED_STORAGE_CONFIG' in config_obj: config_obj['DISTRIBUTED_STORAGE_PREFERENCE'] = ['local'] config_obj['DISTRIBUTED_STORAGE_CONFIG'] = { - 'local': ['LocalStorage', { 'storage_path': '/datastorage/registry' }] + 'local': ['LocalStorage', {'storage_path': '/datastorage/registry'}] } config_obj['USERFILES_LOCATION'] = 'local' config_obj['USERFILES_PATH'] = 'userfiles/' + if not 'SERVER_HOSTNAME' in config_obj: + config_obj['SERVER_HOSTNAME'] = hostname + # Misc configuration. config_obj['PREFERRED_URL_SCHEME'] = config_obj.get('PREFERRED_URL_SCHEME', 'http') config_obj['ENTERPRISE_LOGO_URL'] = config_obj.get('ENTERPRISE_LOGO_URL',