From ecd0bbf2dd095d5bce43118ad39baa500e46e980 Mon Sep 17 00:00:00 2001 From: yixingj Date: Thu, 21 Dec 2017 16:45:20 +0800 Subject: [PATCH] Enable Clair in HA Run clair with Core Harbor services Add check logic for Clair DB --- Makefile | 2 ++ make/ha/docker-compose.clair.tpl | 32 ++++++++++++++++++++++++++++++++ make/install.sh | 6 ++++-- make/prepare | 9 +++++++-- 4 files changed, 45 insertions(+), 4 deletions(-) create mode 100644 make/ha/docker-compose.clair.tpl diff --git a/Makefile b/Makefile index d42a8c97e..75ea0af33 100644 --- a/Makefile +++ b/Makefile @@ -306,6 +306,8 @@ modify_composefile_clair: @cp $(DOCKERCOMPOSEFILEPATH)/$(DOCKERCOMPOSECLAIRTPLFILENAME) $(DOCKERCOMPOSEFILEPATH)/$(DOCKERCOMPOSECLAIRFILENAME) @$(SEDCMD) -i 's/__postgresql_version__/$(CLAIRDBVERSION)/g' $(DOCKERCOMPOSEFILEPATH)/$(DOCKERCOMPOSECLAIRFILENAME) @$(SEDCMD) -i 's/__clair_version__/$(CLAIRVERSION)-$(VERSIONTAG)/g' $(DOCKERCOMPOSEFILEPATH)/$(DOCKERCOMPOSECLAIRFILENAME) + @cp $(DOCKERCOMPOSEFILEPATH)/ha/$(DOCKERCOMPOSECLAIRTPLFILENAME) $(DOCKERCOMPOSEFILEPATH)/ha/$(DOCKERCOMPOSECLAIRFILENAME) + @$(SEDCMD) -i 's/__clair_version__/$(CLAIRVERSION)-$(VERSIONTAG)/g' $(DOCKERCOMPOSEFILEPATH)/ha/$(DOCKERCOMPOSECLAIRFILENAME) modify_sourcefiles: @echo "change mode of source files." diff --git a/make/ha/docker-compose.clair.tpl b/make/ha/docker-compose.clair.tpl new file mode 100644 index 000000000..3a5590e0c --- /dev/null +++ b/make/ha/docker-compose.clair.tpl @@ -0,0 +1,32 @@ +version: '2' +services: + ui: + networks: + harbor-clair: + aliases: + - harbor-ui + jobservice: + networks: + - harbor-clair + registry: + networks: + - harbor-clair + clair: + networks: + - harbor-clair + container_name: clair + image: vmware/clair-photon:__clair_version__ + restart: always + cpu_quota: 150000 + depends_on: + - log + volumes: + - ./common/config/clair:/config + logging: + driver: "syslog" + options: + syslog-address: "tcp://127.0.0.1:1514" + tag: "clair" +networks: + harbor-clair: + external: false diff --git a/make/install.sh b/make/install.sh index f80805618..069c4b722 100755 --- a/make/install.sh +++ b/make/install.sh @@ -165,7 +165,7 @@ if [ $with_notary ] && [ ! $harbor_ha ] then prepare_para="${prepare_para} --with-notary" fi -if [ $with_clair ] && [ ! $harbor_ha ] +if [ $with_clair ] then prepare_para="${prepare_para} --with-clair" fi @@ -182,7 +182,7 @@ if [ $with_notary ] && [ ! $harbor_ha ] then docker_compose_list="${docker_compose_list} -f docker-compose.notary.yml" fi -if [ $with_clair ] && [ ! $harbor_ha ] +if [ $with_clair ] then docker_compose_list="${docker_compose_list} -f docker-compose.clair.yml" fi @@ -199,6 +199,8 @@ if [ $harbor_ha ] then mv docker-compose.yml docker-compose.yml.bak cp ha/docker-compose.yml docker-compose.yml + mv docker-compose.clair.yml docker-compose.clair.yml.bak + cp ha/docker-compose.clair.yml docker-compose.clair.yml fi docker-compose $docker_compose_list up -d diff --git a/make/prepare b/make/prepare index 1546f3113..0c397deb4 100755 --- a/make/prepare +++ b/make/prepare @@ -30,8 +30,13 @@ def validate(conf, args): redis_url = rcp.get("configuration", "redis_url") if redis_url is None or len(redis_url) < 1: raise Exception("Error: In HA mode redis is required redis_url need to point to an redis cluster") - if args.notary_mode or args.clair_mode: - raise Exception("Error: HA mode doesn't support clair and notary currently") + if args.notary_mode: + raise Exception("Error: HA mode doesn't support Notary currently") + if args.clair_mode: + clair_db_host = rcp.get("configuration", "clair_db_host") + if "postgres" == clair_db_host: + raise Exception("Error: In HA mode, clair_db_host in harbor.cfg needs to point to an external Postgres DB address.") + cert_path = rcp.get("configuration", "ssl_cert") cert_key_path = rcp.get("configuration", "ssl_cert_key") shared_cert_key = os.path.join(base_dir, "ha", os.path.basename(cert_key_path))