Merge pull request #2166 from reasonerjt/deploy-clair

use docker-compose to deploy clair with harbor
This commit is contained in:
Yan 2017-04-28 10:59:40 +08:00 committed by GitHub
commit 64a8ebee4d
4 changed files with 84 additions and 2 deletions

View File

@ -0,0 +1,23 @@
clair:
database:
type: pgsql
options:
source: postgresql://postgres:$password@postgres:5432?sslmode=disable
# Number of elements kept in the cache
# Values unlikely to change (e.g. namespaces) are cached in order to save prevent needless roundtrips to the database.
cachesize: 16384
api:
# API server port
port: 6060
healthport: 6061
# Deadline before an API request will respond with a 503
timeout: 300s
updater:
interval: 0h
notifier:
attempts: 3
renotifyinterval: 2h

View File

@ -0,0 +1 @@
POSTGRES_PASSWORD=$password

View File

@ -0,0 +1,48 @@
version: '2'
services:
ui:
networks:
harbor-clair:
aliases:
- harbor-ui
jobservice:
networks:
- harbor-clair
postgres:
networks:
harbor-clair:
aliases:
- postgres
container_name: clair-db
image: postgres:latest
restart: always
depends_on:
- log
env_file:
./common/config/clair/postgres_env
volumes:
- /data/clair-db:/var/lib/postgresql/data
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "clair-db"
clair:
networks:
- harbor-clair
container_name: clair
image: quay.io/coreos/clair:v2.0.0-rc.0
restart: always
depends_on:
- postgres
volumes:
- ./common/config/clair:/config
command: [-config, /config/config.yaml]
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "clair"
networks:
harbor-clair:
external: false

View File

@ -95,6 +95,7 @@ def delfile(src):
parser = argparse.ArgumentParser()
parser.add_argument('--conf', dest='cfgfile', default=base_dir+'/harbor.cfg',type=str,help="the path of Harbor configuration file")
parser.add_argument('--with-notary', dest='notary_mode', default=False, action='store_true', help="the Harbor instance is to be deployed with notary")
parser.add_argument('--with-clair', dest='clair_mode', default=False, action='store_true', help="the Harbor instance is to be deployed with clair")
args = parser.parse_args()
delfile(config_dir)
@ -223,7 +224,8 @@ render(os.path.join(templates_dir, "adminserver", "env"),
jobservice_secret=jobservice_secret,
token_expiration=token_expiration,
admiral_url=admiral_url,
with_notary=args.notary_mode
with_notary=args.notary_mode,
scanner=args.clair_mode and "clair" or "none"
)
render(os.path.join(templates_dir, "ui", "env"),
@ -364,10 +366,18 @@ if args.notary_mode:
ssl_cert = os.path.join("/etc/nginx/cert", os.path.basename(target_cert_path)),
ssl_cert_key = os.path.join("/etc/nginx/cert", os.path.basename(target_cert_key_path)))
default_alias = get_alias(secretkey_path)
render(os.path.join(notary_temp_dir, "signer_env"), os.path.join(notary_config_dir, "signer_env"), alias = default_alias)
if args.clair_mode:
pg_password = "password"
clair_temp_dir = os.path.join(templates_dir, "clair")
clair_config_dir = prep_conf_dir(config_dir, "clair")
postgres_env = os.path.join(clair_config_dir, "postgres_env")
render(os.path.join(clair_temp_dir, "postgres_env"), postgres_env, password = pg_password)
clair_conf = os.path.join(clair_config_dir, "config.yaml")
render(os.path.join(clair_temp_dir, "config.yaml"), clair_conf, password = pg_password)
FNULL.close()
print("The configuration files are ready, please use docker-compose to start the service.")