clair integration

Makefile

@@ -89,6 +89,11 @@ HTTPPROXY=
 REBUILDCLARITYFLAG=false
 NEWCLARITYVERSION=
 
+#clair parameters
+CLAIRVERSION=v2.0.0
+CLAIRFLAG=false
+CLAIRDBVERSION=latest
+
 #clarity parameters
 CLARITYIMAGE=vmware/harbor-clarity-ui-builder[:tag]
 CLARITYSEEDPATH=/harbor_ui
@@ -136,14 +141,21 @@ JOBSERVICESOURCECODE=$(SRCPATH)/jobservice
 JOBSERVICEBINARYPATH=$(MAKEDEVPATH)/jobservice
 JOBSERVICEBINARYNAME=harbor_jobservice
 
-# prepare parameters
-PREPAREPATH=$(TOOLSPATH)
-PREPARECMD=prepare
-
 # configfile
 CONFIGPATH=$(MAKEPATH)
 CONFIGFILE=harbor.cfg
 
+# prepare parameters
+PREPAREPATH=$(TOOLSPATH)
+PREPARECMD=prepare
+PREPARECMD_PARA=--conf $(CONFIGPATH)/$(CONFIGFILE)
+ifeq ($(NOTARYFLAG), true)
+	PREPARECMD_PARA+= --with-notary
+endif
+ifeq ($(CLAIRFLAG), true)
+	PREPARECMD_PARA+= --with-clair
+endif
+
 # makefile
 MAKEFILEPATH_PHOTON=$(MAKEPATH)/photon
 
@@ -166,6 +178,7 @@ DOCKERCOMPOSEFILEPATH=$(MAKEPATH)
 DOCKERCOMPOSETPLFILENAME=docker-compose.tpl
 DOCKERCOMPOSEFILENAME=docker-compose.yml
 DOCKERCOMPOSENOTARYFILENAME=docker-compose.notary.yml
+DOCKERCOMPOSECLAIRFILENAME=docker-compose.clair.yml
 
 # version prepare
 VERSIONFILEPATH=$(CURDIR)
@@ -193,6 +206,42 @@ PUSHSCRIPTNAME=pushimage.sh
 REGISTRYUSER=user
 REGISTRYPASSWORD=default
 
+# cmds
+DOCKERSAVE_PARA=$(DOCKERIMAGENAME_ADMINSERVER):$(VERSIONTAG) \
+		$(DOCKERIMAGENAME_UI):$(VERSIONTAG) \
+		$(DOCKERIMAGENAME_LOG):$(VERSIONTAG) \
+		$(DOCKERIMAGENAME_DB):$(VERSIONTAG) \
+		$(DOCKERIMAGENAME_JOBSERVICE):$(VERSIONTAG) \
+		vmware/nginx:$(NGINXVERSION) vmware/registry:$(REGISTRYVERSION) \
+		photon:$(PHOTONVERSION)
+PACKAGE_OFFLINE_PARA=-zcvf harbor-offline-installer-$(GITTAGVERSION).tgz \
+		          $(HARBORPKG)/common/templates $(HARBORPKG)/$(DOCKERIMGFILE).$(VERSIONTAG).tar.gz \
+				  $(HARBORPKG)/prepare $(HARBORPKG)/NOTICE \
+				  $(HARBORPKG)/upgrade $(HARBORPKG)/harbor_1_1_0_template \
+				  $(HARBORPKG)/LICENSE $(HARBORPKG)/install.sh \
+				  $(HARBORPKG)/harbor.cfg $(HARBORPKG)/$(DOCKERCOMPOSEFILENAME)
+PACKAGE_ONLINE_PARA=-zcvf harbor-online-installer-$(GITTAGVERSION).tgz \
+		          $(HARBORPKG)/common/templates $(HARBORPKG)/prepare \
+				  $(HARBORPKG)/LICENSE $(HARBORPKG)/NOTICE \
+				  $(HARBORPKG)/upgrade $(HARBORPKG)/harbor_1_1_0_template \
+				  $(HARBORPKG)/install.sh $(HARBORPKG)/$(DOCKERCOMPOSEFILENAME) \
+				  $(HARBORPKG)/harbor.cfg
+DOCKERCOMPOSE_LIST=-f $(DOCKERCOMPOSEFILEPATH)/$(DOCKERCOMPOSEFILENAME)
+
+ifeq ($(NOTARYFLAG), true)
+	DOCKERSAVE_PARA+= vmware/notary-photon:$(NOTARYVERSION) vmware/notary-photon:$(NOTARYSIGNERVERSION) \
+				vmware/harbor-notary-db:$(MARIADBVERSION)
+	PACKAGE_OFFLINE_PARA+= $(HARBORPKG)/$(DOCKERCOMPOSENOTARYFILENAME)
+	PACKAGE_ONLINE_PARA+= $(HARBORPKG)/$(DOCKERCOMPOSENOTARYFILENAME)
+	DOCKERCOMPOSE_LIST+= -f $(DOCKERCOMPOSEFILEPATH)/$(DOCKERCOMPOSENOTARYFILENAME)
+endif
+ifeq ($(CLAIRFLAG), true)
+	DOCKERSAVE_PARA+= quay.io/coreos/clair:$(CLAIRVERSION) postgres:$(CLAIRDBVERSION)
+	PACKAGE_OFFLINE_PARA+= $(HARBORPKG)/$(DOCKERCOMPOSECLAIRFILENAME)
+	PACKAGE_ONLINE_PARA+= $(HARBORPKG)/$(DOCKERCOMPOSECLAIRFILENAME)
+	DOCKERCOMPOSE_LIST+= -f $(DOCKERCOMPOSEFILEPATH)/$(DOCKERCOMPOSECLAIRFILENAME)
+endif
+
 version:
 	@printf $(GITTAGVERSION) > $(VERSIONFILEPATH)/$(VERSIONFILENAME);
 
@@ -246,11 +295,7 @@ compile:check_environment $(COMPILETAG)
 	
 prepare:
 	@echo "preparing..."
-	@if [ "$(NOTARYFLAG)" = "true" ] ; then \
+	@$(MAKEPATH)/$(PREPARECMD) $(PREPARECMD_PARA)
-		$(MAKEPATH)/$(PREPARECMD) --conf $(CONFIGPATH)/$(CONFIGFILE) --with-notary; \
-	else \
-		$(MAKEPATH)/$(PREPARECMD) --conf $(CONFIGPATH)/$(CONFIGFILE) ; \
-	fi	
 
 build_common: version
 	@echo "buildging db container for photon..."
@@ -289,22 +334,7 @@ package_online: modify_composefile
 	@cp tools/migration/migration_cfg/upgrade $(HARBORPKG)/upgrade
 	@cp tools/migration/migration_cfg/harbor_1_1_0_template $(HARBORPKG)/harbor_1_1_0_template
 
-	@if [ "$(NOTARYFLAG)" = "true" ] ; then \
+	@$(TARCMD) $(PACKAGE_ONLINE_PARA)
-		$(TARCMD) -zcvf harbor-online-installer-$(GITTAGVERSION).tgz \
-		          $(HARBORPKG)/common/templates $(HARBORPKG)/prepare \
-				  $(HARBORPKG)/LICENSE $(HARBORPKG)/NOTICE \
-				  $(HARBORPKG)/upgrade $(HARBORPKG)/harbor_1_1_0_template \
-				  $(HARBORPKG)/install.sh $(HARBORPKG)/$(DOCKERCOMPOSEFILENAME) \
-				  $(HARBORPKG)/harbor.cfg $(HARBORPKG)/$(DOCKERCOMPOSENOTARYFILENAME); \
-	else \
-		$(TARCMD) -zcvf harbor-online-installer-$(GITTAGVERSION).tgz \
-		          $(HARBORPKG)/common/templates $(HARBORPKG)/prepare \
-				  $(HARBORPKG)/LICENSE $(HARBORPKG)/NOTICE \
-				  $(HARBORPKG)/upgrade $(HARBORPKG)/harbor_1_1_0_template \
-				  $(HARBORPKG)/install.sh $(HARBORPKG)/$(DOCKERCOMPOSEFILENAME) \
-				  $(HARBORPKG)/harbor.cfg ; \
-	fi
-						
 	@rm -rf $(HARBORPKG)
 	@echo "Done."
 	
@@ -326,44 +356,16 @@ package_offline: compile build modify_sourcefiles modify_composefile
 		$(DOCKERPULL) vmware/notary-photon:$(NOTARYSIGNERVERSION); \
 		$(DOCKERPULL) vmware/harbor-notary-db:$(MARIADBVERSION); \
 	fi
+	@if [ "$(CLAIRFLAG)" = "true" ] ; then \
+		echo "pulling claiy and postgres..."; \
+		$(DOCKERPULL) quay.io/coreos/clair:$(CLAIRVERSION); \
+		$(DOCKERPULL) postgres:$(CLAIRDBVERSION); \
+	fi
 
 	@echo "saving harbor docker image"
-	@if [ "$(NOTARYFLAG)" = "true" ] ; then \
+	@$(DOCKERSAVE) $(DOCKERSAVE_PARA) | gzip > $(HARBORPKG)/$(DOCKERIMGFILE).$(VERSIONTAG).tar.gz
-		$(DOCKERSAVE) $(DOCKERIMAGENAME_ADMINSERVER):$(VERSIONTAG) \
-		$(DOCKERIMAGENAME_UI):$(VERSIONTAG) \
-		$(DOCKERIMAGENAME_LOG):$(VERSIONTAG) \
-		$(DOCKERIMAGENAME_DB):$(VERSIONTAG) \
-		$(DOCKERIMAGENAME_JOBSERVICE):$(VERSIONTAG) \
-		vmware/nginx:$(NGINXVERSION) vmware/registry:$(REGISTRYVERSION) photon:$(PHOTONVERSION) \
-		vmware/notary-photon:$(NOTARYVERSION) vmware/notary-photon:$(NOTARYSIGNERVERSION) \
-		vmware/harbor-notary-db:$(MARIADBVERSION) | gzip > $(HARBORPKG)/$(DOCKERIMGFILE).$(VERSIONTAG).tar.gz; \
-	else \
-		$(DOCKERSAVE) $(DOCKERIMAGENAME_ADMINSERVER):$(VERSIONTAG) \
-		$(DOCKERIMAGENAME_UI):$(VERSIONTAG) \
-		$(DOCKERIMAGENAME_LOG):$(VERSIONTAG) \
-		$(DOCKERIMAGENAME_DB):$(VERSIONTAG) \
-		$(DOCKERIMAGENAME_JOBSERVICE):$(VERSIONTAG) \
-		vmware/nginx:$(NGINXVERSION) vmware/registry:$(REGISTRYVERSION) \
-		photon:$(PHOTONVERSION) | gzip > $(HARBORPKG)/$(DOCKERIMGFILE).$(VERSIONTAG).tar.gz; \
-	fi
-	
-	@if [ "$(NOTARYFLAG)" = "true" ] ; then \
-		$(TARCMD) -zcvf harbor-offline-installer-$(GITTAGVERSION).tgz \
-		          $(HARBORPKG)/common/templates $(HARBORPKG)/$(DOCKERIMGFILE).$(VERSIONTAG).tar.gz \
-				  $(HARBORPKG)/prepare $(HARBORPKG)/NOTICE \
-				  $(HARBORPKG)/LICENSE $(HARBORPKG)/install.sh \
-				  $(HARBORPKG)/upgrade $(HARBORPKG)/harbor_1_1_0_template \
-				  $(HARBORPKG)/harbor.cfg $(HARBORPKG)/$(DOCKERCOMPOSEFILENAME) \
-				  $(HARBORPKG)/$(DOCKERCOMPOSENOTARYFILENAME) ; \
-	else \
-		$(TARCMD) -zcvf harbor-offline-installer-$(GITTAGVERSION).tgz \
-		          $(HARBORPKG)/common/templates $(HARBORPKG)/$(DOCKERIMGFILE).$(VERSIONTAG).tar.gz \
-				  $(HARBORPKG)/prepare $(HARBORPKG)/NOTICE \
-				  $(HARBORPKG)/upgrade $(HARBORPKG)/harbor_1_1_0_template \
-				  $(HARBORPKG)/LICENSE $(HARBORPKG)/install.sh \
-				  $(HARBORPKG)/harbor.cfg $(HARBORPKG)/$(DOCKERCOMPOSEFILENAME) ; \
-	fi
 
+	@$(TARCMD) $(PACKAGE_OFFLINE_PARA)
 	@rm -rf $(HARBORPKG)
 	@echo "Done."
 
@@ -418,25 +420,17 @@ pushimage:
 
 start:
 	@echo "loading harbor images..."
-	@if [ "$(NOTARYFLAG)" = "true" ] ; then \
+	@$(DOCKERCOMPOSECMD) $(DOCKERCOMPOSE_LIST) up -d
-		$(DOCKERCOMPOSECMD) -f $(DOCKERCOMPOSEFILEPATH)/$(DOCKERCOMPOSEFILENAME) -f $(DOCKERCOMPOSEFILEPATH)/$(DOCKERCOMPOSENOTARYFILENAME) up -d ; \
-	else \
-		$(DOCKERCOMPOSECMD) -f $(DOCKERCOMPOSEFILEPATH)/$(DOCKERCOMPOSEFILENAME) up -d ; \
-	fi
 	@echo "Start complete. You can visit harbor now."
 
 down:
-	@echo "Please make sure to set -e NOTARYFLAG=true if you are using Notary in Harbor, otherwise the Notary containers cannot be stop automaticlly."
+	@echo "Please make sure to set -e NOTARYFLAG=true/CLAIRFLAG=true if you are using Notary/CLAIR in Harbor, otherwise the Notary/CLAIR containers cannot be stop automaticlly."
 	@while [ -z "$$CONTINUE" ]; do \
         read -r -p "Type anything but Y or y to exit. [Y/N]: " CONTINUE; \
     done ; \
     [ $$CONTINUE = "y" ] || [ $$CONTINUE = "Y" ] || (echo "Exiting."; exit 1;)
 	@echo "stoping harbor instance..."
-	@if [ "$(NOTARYFLAG)" = "true" ] ; then \
+	@$(DOCKERCOMPOSECMD) $(DOCKERCOMPOSE_LIST) down -v
-		$(DOCKERCOMPOSECMD) -f $(DOCKERCOMPOSEFILEPATH)/$(DOCKERCOMPOSEFILENAME) -f $(DOCKERCOMPOSEFILEPATH)/$(DOCKERCOMPOSENOTARYFILENAME) down -v ; \
-	else \
-		$(DOCKERCOMPOSECMD) -f $(DOCKERCOMPOSEFILEPATH)/$(DOCKERCOMPOSEFILENAME) down -v ; \
-	fi	
 	@echo "Done."
 
 cleanbinary:

make/docker-compose.clair.yml

@@ -31,7 +31,7 @@ services:
     networks:
       - harbor-clair
     container_name: clair
-    image: quay.io/coreos/clair:v2.0.0-rc.0
+    image: quay.io/coreos/clair:v2.0.0
     restart: always
     depends_on:
       - postgres

make/install.sh

@@ -50,11 +50,14 @@ set -e
 set +o noglob
 
 usage=$'Please set hostname and other necessary attributes in harbor.cfg first. DO NOT use localhost or 127.0.0.1 for hostname, because Harbor needs to be accessed by external clients.
-Please set --with-notary if needs enable Notary in Harbor, and set ui_url_protocol/ssl_cert/ssl_cert_key in harbor.cfg bacause notary must run under https.'
+Please set --with-notary if needs enable Notary in Harbor, and set ui_url_protocol/ssl_cert/ssl_cert_key in harbor.cfg bacause notary must run under https. 
+Please set --with-clair if needs enable Clair in Harbor'
 item=0
 
 # notary is not enabled by default
 with_notary=$false
+# clair is not enabled by default
+with_clair=$false
 
 while [ $# -gt 0 ]; do
         case $1 in
@@ -63,6 +66,8 @@ while [ $# -gt 0 ]; do
             exit 0;;
             --with-notary)
             with_notary=true;;
+            --with-clair)
+            with_clair=true;;	 					 	
             *)
             note "$usage"
             exit 1;;
@@ -152,38 +157,38 @@ if [ -n "$host" ]
 then
 	sed "s/^hostname = .*/hostname = $host/g" -i ./harbor.cfg
 fi
+prepare_para=
 if [ $with_notary ]
 then
-	./prepare --with-notary
+	prepare_para="${prepare_para} --with-notary"
-else
-	./prepare
 fi
+if [ $with_clair ]
+then
+	prepare_para="${prepare_para} --with-clair"
+fi
+./prepare $prepare_para
 echo ""
 
 h2 "[Step $item]: checking existing instance of Harbor ..."; let item+=1
+docker_compose_list='-f docker-compose.yml'
 if [ $with_notary ]
 then
-	if [ -n "$(docker-compose -f docker-compose.yml -f docker-compose.notary.yml ps -q)"  ]
+	docker_compose_list="${docker_compose_list} -f docker-compose.notary.yml"
+fi
+if [ $with_clair ]
+then
+	docker_compose_list="${docker_compose_list} -f docker-compose.clair.yml"
+fi
+
+if [ -n "$(docker-compose $docker_compose_list ps -q)"  ]
 then
 	note "stopping existing Harbor instance ..." 
-		docker-compose -f docker-compose.yml -f docker-compose.notary.yml down -v
+	docker-compose $docker_compose_list down -v
-	fi
-else
-	if [ -n "$(docker-compose -f docker-compose.yml ps -q)" ]
-	then
-		note "stopping existing Harbor instance ..." 
-		docker-compose -f docker-compose.yml down -v
-	fi	
 fi
 echo ""
 
 h2 "[Step $item]: starting Harbor ..."
-if [ $with_notary ]
+docker-compose $docker_compose_list up -d
-then
-	docker-compose -f docker-compose.yml -f docker-compose.notary.yml up -d
-else
-	docker-compose -f docker-compose.yml up -d
-fi
 
 protocol=http
 hostname=reg.mydomain.com