clair integration

2024-11-22 02:05:41 +01:00 · 2017-06-13 02:13:24 -07:00 · 2017-06-13 02:13:24 -07:00 · 02df58b4b6
commit 02df58b4b6
parent 83be92f1f0
3 changed files with 138 additions and 139 deletions
--- a/136
+++ b/136
@ -89,6 +89,11 @@ HTTPPROXY=
 REBUILDCLARITYFLAG=false
 NEWCLARITYVERSION=

+#clair parameters
+CLAIRVERSION=v2.0.0
+CLAIRFLAG=false
+CLAIRDBVERSION=latest
+
 #clarity parameters
 CLARITYIMAGE=vmware/harbor-clarity-ui-builder[:tag]
 CLARITYSEEDPATH=/harbor_ui
@ -136,14 +141,21 @@ JOBSERVICESOURCECODE=$(SRCPATH)/jobservice
 JOBSERVICEBINARYPATH=$(MAKEDEVPATH)/jobservice
 JOBSERVICEBINARYNAME=harbor_jobservice

-# prepare parameters
-PREPAREPATH=$(TOOLSPATH)
-PREPARECMD=prepare
-
 # configfile
 CONFIGPATH=$(MAKEPATH)
 CONFIGFILE=harbor.cfg

+# prepare parameters
+PREPAREPATH=$(TOOLSPATH)
+PREPARECMD=prepare
+PREPARECMD_PARA=--conf $(CONFIGPATH)/$(CONFIGFILE)
+ifeq ($(NOTARYFLAG), true)
+	PREPARECMD_PARA+= --with-notary
+endif
+ifeq ($(CLAIRFLAG), true)
+	PREPARECMD_PARA+= --with-clair
+endif
+
 # makefile
 MAKEFILEPATH_PHOTON=$(MAKEPATH)/photon

@ -166,6 +178,7 @@ DOCKERCOMPOSEFILEPATH=$(MAKEPATH)
 DOCKERCOMPOSETPLFILENAME=docker-compose.tpl
 DOCKERCOMPOSEFILENAME=docker-compose.yml
 DOCKERCOMPOSENOTARYFILENAME=docker-compose.notary.yml
+DOCKERCOMPOSECLAIRFILENAME=docker-compose.clair.yml

 # version prepare
 VERSIONFILEPATH=$(CURDIR)
@ -193,6 +206,42 @@ PUSHSCRIPTNAME=pushimage.sh
 REGISTRYUSER=user
 REGISTRYPASSWORD=default

+# cmds
+DOCKERSAVE_PARA=$(DOCKERIMAGENAME_ADMINSERVER):$(VERSIONTAG) \
+		$(DOCKERIMAGENAME_UI):$(VERSIONTAG) \
+		$(DOCKERIMAGENAME_LOG):$(VERSIONTAG) \
+		$(DOCKERIMAGENAME_DB):$(VERSIONTAG) \
+		$(DOCKERIMAGENAME_JOBSERVICE):$(VERSIONTAG) \
+		vmware/nginx:$(NGINXVERSION) vmware/registry:$(REGISTRYVERSION) \
+		photon:$(PHOTONVERSION)
+PACKAGE_OFFLINE_PARA=-zcvf harbor-offline-installer-$(GITTAGVERSION).tgz \
+		          $(HARBORPKG)/common/templates $(HARBORPKG)/$(DOCKERIMGFILE).$(VERSIONTAG).tar.gz \
+				  $(HARBORPKG)/prepare $(HARBORPKG)/NOTICE \
+				  $(HARBORPKG)/upgrade $(HARBORPKG)/harbor_1_1_0_template \
+				  $(HARBORPKG)/LICENSE $(HARBORPKG)/install.sh \
+				  $(HARBORPKG)/harbor.cfg $(HARBORPKG)/$(DOCKERCOMPOSEFILENAME)
+PACKAGE_ONLINE_PARA=-zcvf harbor-online-installer-$(GITTAGVERSION).tgz \
+		          $(HARBORPKG)/common/templates $(HARBORPKG)/prepare \
+				  $(HARBORPKG)/LICENSE $(HARBORPKG)/NOTICE \
+				  $(HARBORPKG)/upgrade $(HARBORPKG)/harbor_1_1_0_template \
+				  $(HARBORPKG)/install.sh $(HARBORPKG)/$(DOCKERCOMPOSEFILENAME) \
+				  $(HARBORPKG)/harbor.cfg
+DOCKERCOMPOSE_LIST=-f $(DOCKERCOMPOSEFILEPATH)/$(DOCKERCOMPOSEFILENAME)
+
+ifeq ($(NOTARYFLAG), true)
+	DOCKERSAVE_PARA+= vmware/notary-photon:$(NOTARYVERSION) vmware/notary-photon:$(NOTARYSIGNERVERSION) \
+				vmware/harbor-notary-db:$(MARIADBVERSION)
+	PACKAGE_OFFLINE_PARA+= $(HARBORPKG)/$(DOCKERCOMPOSENOTARYFILENAME)
+	PACKAGE_ONLINE_PARA+= $(HARBORPKG)/$(DOCKERCOMPOSENOTARYFILENAME)
+	DOCKERCOMPOSE_LIST+= -f $(DOCKERCOMPOSEFILEPATH)/$(DOCKERCOMPOSENOTARYFILENAME)
+endif
+ifeq ($(CLAIRFLAG), true)
+	DOCKERSAVE_PARA+= quay.io/coreos/clair:$(CLAIRVERSION) postgres:$(CLAIRDBVERSION)
+	PACKAGE_OFFLINE_PARA+= $(HARBORPKG)/$(DOCKERCOMPOSECLAIRFILENAME)
+	PACKAGE_ONLINE_PARA+= $(HARBORPKG)/$(DOCKERCOMPOSECLAIRFILENAME)
+	DOCKERCOMPOSE_LIST+= -f $(DOCKERCOMPOSEFILEPATH)/$(DOCKERCOMPOSECLAIRFILENAME)
+endif
+
 version:
 	@printf $(GITTAGVERSION) > $(VERSIONFILEPATH)/$(VERSIONFILENAME);

@ -246,11 +295,7 @@ compile:check_environment $(COMPILETAG)
 	
 prepare:
 	@echo "preparing..."
-	@if [ "$(NOTARYFLAG)" = "true" ] ; then \
-		$(MAKEPATH)/$(PREPARECMD) --conf $(CONFIGPATH)/$(CONFIGFILE) --with-notary; \
-	else \
-		$(MAKEPATH)/$(PREPARECMD) --conf $(CONFIGPATH)/$(CONFIGFILE) ; \
-	fi	
+	@$(MAKEPATH)/$(PREPARECMD) $(PREPARECMD_PARA)

 build_common: version
 	@echo "buildging db container for photon..."
@ -289,22 +334,7 @@ package_online: modify_composefile
 	@cp tools/migration/migration_cfg/upgrade $(HARBORPKG)/upgrade
 	@cp tools/migration/migration_cfg/harbor_1_1_0_template $(HARBORPKG)/harbor_1_1_0_template

-	@if [ "$(NOTARYFLAG)" = "true" ] ; then \
-		$(TARCMD) -zcvf harbor-online-installer-$(GITTAGVERSION).tgz \
-		          $(HARBORPKG)/common/templates $(HARBORPKG)/prepare \
-				  $(HARBORPKG)/LICENSE $(HARBORPKG)/NOTICE \
-				  $(HARBORPKG)/upgrade $(HARBORPKG)/harbor_1_1_0_template \
-				  $(HARBORPKG)/install.sh $(HARBORPKG)/$(DOCKERCOMPOSEFILENAME) \
-				  $(HARBORPKG)/harbor.cfg $(HARBORPKG)/$(DOCKERCOMPOSENOTARYFILENAME); \
-	else \
-		$(TARCMD) -zcvf harbor-online-installer-$(GITTAGVERSION).tgz \
-		          $(HARBORPKG)/common/templates $(HARBORPKG)/prepare \
-				  $(HARBORPKG)/LICENSE $(HARBORPKG)/NOTICE \
-				  $(HARBORPKG)/upgrade $(HARBORPKG)/harbor_1_1_0_template \
-				  $(HARBORPKG)/install.sh $(HARBORPKG)/$(DOCKERCOMPOSEFILENAME) \
-				  $(HARBORPKG)/harbor.cfg ; \
-	fi
-						
+	@$(TARCMD) $(PACKAGE_ONLINE_PARA)
 	@rm -rf $(HARBORPKG)
 	@echo "Done."
 	
@ -326,44 +356,16 @@ package_offline: compile build modify_sourcefiles modify_composefile
 		$(DOCKERPULL) vmware/notary-photon:$(NOTARYSIGNERVERSION); \
 		$(DOCKERPULL) vmware/harbor-notary-db:$(MARIADBVERSION); \
 	fi
+	@if [ "$(CLAIRFLAG)" = "true" ] ; then \
+		echo "pulling claiy and postgres..."; \
+		$(DOCKERPULL) quay.io/coreos/clair:$(CLAIRVERSION); \
+		$(DOCKERPULL) postgres:$(CLAIRDBVERSION); \
+	fi

 	@echo "saving harbor docker image"
-	@if [ "$(NOTARYFLAG)" = "true" ] ; then \
-		$(DOCKERSAVE) $(DOCKERIMAGENAME_ADMINSERVER):$(VERSIONTAG) \
-		$(DOCKERIMAGENAME_UI):$(VERSIONTAG) \
-		$(DOCKERIMAGENAME_LOG):$(VERSIONTAG) \
-		$(DOCKERIMAGENAME_DB):$(VERSIONTAG) \
-		$(DOCKERIMAGENAME_JOBSERVICE):$(VERSIONTAG) \
-		vmware/nginx:$(NGINXVERSION) vmware/registry:$(REGISTRYVERSION) photon:$(PHOTONVERSION) \
-		vmware/notary-photon:$(NOTARYVERSION) vmware/notary-photon:$(NOTARYSIGNERVERSION) \
-		vmware/harbor-notary-db:$(MARIADBVERSION) | gzip > $(HARBORPKG)/$(DOCKERIMGFILE).$(VERSIONTAG).tar.gz; \
-	else \
-		$(DOCKERSAVE) $(DOCKERIMAGENAME_ADMINSERVER):$(VERSIONTAG) \
-		$(DOCKERIMAGENAME_UI):$(VERSIONTAG) \
-		$(DOCKERIMAGENAME_LOG):$(VERSIONTAG) \
-		$(DOCKERIMAGENAME_DB):$(VERSIONTAG) \
-		$(DOCKERIMAGENAME_JOBSERVICE):$(VERSIONTAG) \
-		vmware/nginx:$(NGINXVERSION) vmware/registry:$(REGISTRYVERSION) \
-		photon:$(PHOTONVERSION) | gzip > $(HARBORPKG)/$(DOCKERIMGFILE).$(VERSIONTAG).tar.gz; \
-	fi
-	
-	@if [ "$(NOTARYFLAG)" = "true" ] ; then \
-		$(TARCMD) -zcvf harbor-offline-installer-$(GITTAGVERSION).tgz \
-		          $(HARBORPKG)/common/templates $(HARBORPKG)/$(DOCKERIMGFILE).$(VERSIONTAG).tar.gz \
-				  $(HARBORPKG)/prepare $(HARBORPKG)/NOTICE \
-				  $(HARBORPKG)/LICENSE $(HARBORPKG)/install.sh \
-				  $(HARBORPKG)/upgrade $(HARBORPKG)/harbor_1_1_0_template \
-				  $(HARBORPKG)/harbor.cfg $(HARBORPKG)/$(DOCKERCOMPOSEFILENAME) \
-				  $(HARBORPKG)/$(DOCKERCOMPOSENOTARYFILENAME) ; \
-	else \
-		$(TARCMD) -zcvf harbor-offline-installer-$(GITTAGVERSION).tgz \
-		          $(HARBORPKG)/common/templates $(HARBORPKG)/$(DOCKERIMGFILE).$(VERSIONTAG).tar.gz \
-				  $(HARBORPKG)/prepare $(HARBORPKG)/NOTICE \
-				  $(HARBORPKG)/upgrade $(HARBORPKG)/harbor_1_1_0_template \
-				  $(HARBORPKG)/LICENSE $(HARBORPKG)/install.sh \
-				  $(HARBORPKG)/harbor.cfg $(HARBORPKG)/$(DOCKERCOMPOSEFILENAME) ; \
-	fi
+	@$(DOCKERSAVE) $(DOCKERSAVE_PARA) | gzip > $(HARBORPKG)/$(DOCKERIMGFILE).$(VERSIONTAG).tar.gz

+	@$(TARCMD) $(PACKAGE_OFFLINE_PARA)
 	@rm -rf $(HARBORPKG)
 	@echo "Done."

@ -418,25 +420,17 @@ pushimage:

 start:
 	@echo "loading harbor images..."
-	@if [ "$(NOTARYFLAG)" = "true" ] ; then \
-		$(DOCKERCOMPOSECMD) -f $(DOCKERCOMPOSEFILEPATH)/$(DOCKERCOMPOSEFILENAME) -f $(DOCKERCOMPOSEFILEPATH)/$(DOCKERCOMPOSENOTARYFILENAME) up -d ; \
-	else \
-		$(DOCKERCOMPOSECMD) -f $(DOCKERCOMPOSEFILEPATH)/$(DOCKERCOMPOSEFILENAME) up -d ; \
-	fi
+	@$(DOCKERCOMPOSECMD) $(DOCKERCOMPOSE_LIST) up -d
 	@echo "Start complete. You can visit harbor now."

 down:
-	@echo "Please make sure to set -e NOTARYFLAG=true if you are using Notary in Harbor, otherwise the Notary containers cannot be stop automaticlly."
+	@echo "Please make sure to set -e NOTARYFLAG=true/CLAIRFLAG=true if you are using Notary/CLAIR in Harbor, otherwise the Notary/CLAIR containers cannot be stop automaticlly."
 	@while [ -z "$$CONTINUE" ]; do \
        read -r -p "Type anything but Y or y to exit. [Y/N]: " CONTINUE; \
    done ; \
    [ $$CONTINUE = "y" ] || [ $$CONTINUE = "Y" ] || (echo "Exiting."; exit 1;)
 	@echo "stoping harbor instance..."
-	@if [ "$(NOTARYFLAG)" = "true" ] ; then \
-		$(DOCKERCOMPOSECMD) -f $(DOCKERCOMPOSEFILEPATH)/$(DOCKERCOMPOSEFILENAME) -f $(DOCKERCOMPOSEFILEPATH)/$(DOCKERCOMPOSENOTARYFILENAME) down -v ; \
-	else \
-		$(DOCKERCOMPOSECMD) -f $(DOCKERCOMPOSEFILEPATH)/$(DOCKERCOMPOSEFILENAME) down -v ; \
-	fi	
+	@$(DOCKERCOMPOSECMD) $(DOCKERCOMPOSE_LIST) down -v
 	@echo "Done."

 cleanbinary:
--- a/make/docker-compose.clair.yml
+++ b/make/docker-compose.clair.yml
@ -31,7 +31,7 @@ services:
    networks:
      - harbor-clair
    container_name: clair
-    image: quay.io/coreos/clair:v2.0.0-rc.0
+    image: quay.io/coreos/clair:v2.0.0
    restart: always
    depends_on:
      - postgres
--- a/make/install.sh
+++ b/make/install.sh
@ -50,11 +50,14 @@ set -e
 set +o noglob

 usage=$'Please set hostname and other necessary attributes in harbor.cfg first. DO NOT use localhost or 127.0.0.1 for hostname, because Harbor needs to be accessed by external clients.
-Please set --with-notary if needs enable Notary in Harbor, and set ui_url_protocol/ssl_cert/ssl_cert_key in harbor.cfg bacause notary must run under https.'
+Please set --with-notary if needs enable Notary in Harbor, and set ui_url_protocol/ssl_cert/ssl_cert_key in harbor.cfg bacause notary must run under https. 
+Please set --with-clair if needs enable Clair in Harbor'
 item=0

 # notary is not enabled by default
 with_notary=$false
+# clair is not enabled by default
+with_clair=$false

 while [ $# -gt 0 ]; do
        case $1 in
@ -63,6 +66,8 @@ while [ $# -gt 0 ]; do
            exit 0;;
            --with-notary)
            with_notary=true;;
+            --with-clair)
+            with_clair=true;;	 					 	
            *)
            note "$usage"
            exit 1;;
@ -152,38 +157,38 @@ if [ -n "$host" ]
 then
 	sed "s/^hostname = .*/hostname = $host/g" -i ./harbor.cfg
 fi
+prepare_para=
 if [ $with_notary ]
 then
-	./prepare --with-notary
-else
-	./prepare
+	prepare_para="${prepare_para} --with-notary"
 fi
+if [ $with_clair ]
+then
+	prepare_para="${prepare_para} --with-clair"
+fi
+./prepare $prepare_para
 echo ""

 h2 "[Step $item]: checking existing instance of Harbor ..."; let item+=1
+docker_compose_list='-f docker-compose.yml'
 if [ $with_notary ]
 then
-	if [ -n "$(docker-compose -f docker-compose.yml -f docker-compose.notary.yml ps -q)"  ]
-	then
-		note "stopping existing Harbor instance ..." 
-		docker-compose -f docker-compose.yml -f docker-compose.notary.yml down -v
-	fi
-else
-	if [ -n "$(docker-compose -f docker-compose.yml ps -q)" ]
-	then
-		note "stopping existing Harbor instance ..." 
-		docker-compose -f docker-compose.yml down -v
-	fi	
+	docker_compose_list="${docker_compose_list} -f docker-compose.notary.yml"
+fi
+if [ $with_clair ]
+then
+	docker_compose_list="${docker_compose_list} -f docker-compose.clair.yml"
+fi
+
+if [ -n "$(docker-compose $docker_compose_list ps -q)"  ]
+then
+	note "stopping existing Harbor instance ..." 
+	docker-compose $docker_compose_list down -v
 fi
 echo ""

 h2 "[Step $item]: starting Harbor ..."
-if [ $with_notary ]
-then
-	docker-compose -f docker-compose.yml -f docker-compose.notary.yml up -d
-else
-	docker-compose -f docker-compose.yml up -d
-fi
+docker-compose $docker_compose_list up -d

 protocol=http
 hostname=reg.mydomain.com