mirror of
https://github.com/goharbor/harbor.git
synced 2024-11-22 10:15:35 +01:00
Enable Clair in HA
Run clair with Core Harbor services Add check logic for Clair DB
This commit is contained in:
parent
fa67e11680
commit
ecd0bbf2dd
2
Makefile
2
Makefile
@ -306,6 +306,8 @@ modify_composefile_clair:
|
||||
@cp $(DOCKERCOMPOSEFILEPATH)/$(DOCKERCOMPOSECLAIRTPLFILENAME) $(DOCKERCOMPOSEFILEPATH)/$(DOCKERCOMPOSECLAIRFILENAME)
|
||||
@$(SEDCMD) -i 's/__postgresql_version__/$(CLAIRDBVERSION)/g' $(DOCKERCOMPOSEFILEPATH)/$(DOCKERCOMPOSECLAIRFILENAME)
|
||||
@$(SEDCMD) -i 's/__clair_version__/$(CLAIRVERSION)-$(VERSIONTAG)/g' $(DOCKERCOMPOSEFILEPATH)/$(DOCKERCOMPOSECLAIRFILENAME)
|
||||
@cp $(DOCKERCOMPOSEFILEPATH)/ha/$(DOCKERCOMPOSECLAIRTPLFILENAME) $(DOCKERCOMPOSEFILEPATH)/ha/$(DOCKERCOMPOSECLAIRFILENAME)
|
||||
@$(SEDCMD) -i 's/__clair_version__/$(CLAIRVERSION)-$(VERSIONTAG)/g' $(DOCKERCOMPOSEFILEPATH)/ha/$(DOCKERCOMPOSECLAIRFILENAME)
|
||||
|
||||
modify_sourcefiles:
|
||||
@echo "change mode of source files."
|
||||
|
32
make/ha/docker-compose.clair.tpl
Normal file
32
make/ha/docker-compose.clair.tpl
Normal file
@ -0,0 +1,32 @@
|
||||
version: '2'
|
||||
services:
|
||||
ui:
|
||||
networks:
|
||||
harbor-clair:
|
||||
aliases:
|
||||
- harbor-ui
|
||||
jobservice:
|
||||
networks:
|
||||
- harbor-clair
|
||||
registry:
|
||||
networks:
|
||||
- harbor-clair
|
||||
clair:
|
||||
networks:
|
||||
- harbor-clair
|
||||
container_name: clair
|
||||
image: vmware/clair-photon:__clair_version__
|
||||
restart: always
|
||||
cpu_quota: 150000
|
||||
depends_on:
|
||||
- log
|
||||
volumes:
|
||||
- ./common/config/clair:/config
|
||||
logging:
|
||||
driver: "syslog"
|
||||
options:
|
||||
syslog-address: "tcp://127.0.0.1:1514"
|
||||
tag: "clair"
|
||||
networks:
|
||||
harbor-clair:
|
||||
external: false
|
@ -165,7 +165,7 @@ if [ $with_notary ] && [ ! $harbor_ha ]
|
||||
then
|
||||
prepare_para="${prepare_para} --with-notary"
|
||||
fi
|
||||
if [ $with_clair ] && [ ! $harbor_ha ]
|
||||
if [ $with_clair ]
|
||||
then
|
||||
prepare_para="${prepare_para} --with-clair"
|
||||
fi
|
||||
@ -182,7 +182,7 @@ if [ $with_notary ] && [ ! $harbor_ha ]
|
||||
then
|
||||
docker_compose_list="${docker_compose_list} -f docker-compose.notary.yml"
|
||||
fi
|
||||
if [ $with_clair ] && [ ! $harbor_ha ]
|
||||
if [ $with_clair ]
|
||||
then
|
||||
docker_compose_list="${docker_compose_list} -f docker-compose.clair.yml"
|
||||
fi
|
||||
@ -199,6 +199,8 @@ if [ $harbor_ha ]
|
||||
then
|
||||
mv docker-compose.yml docker-compose.yml.bak
|
||||
cp ha/docker-compose.yml docker-compose.yml
|
||||
mv docker-compose.clair.yml docker-compose.clair.yml.bak
|
||||
cp ha/docker-compose.clair.yml docker-compose.clair.yml
|
||||
fi
|
||||
docker-compose $docker_compose_list up -d
|
||||
|
||||
|
@ -30,8 +30,13 @@ def validate(conf, args):
|
||||
redis_url = rcp.get("configuration", "redis_url")
|
||||
if redis_url is None or len(redis_url) < 1:
|
||||
raise Exception("Error: In HA mode redis is required redis_url need to point to an redis cluster")
|
||||
if args.notary_mode or args.clair_mode:
|
||||
raise Exception("Error: HA mode doesn't support clair and notary currently")
|
||||
if args.notary_mode:
|
||||
raise Exception("Error: HA mode doesn't support Notary currently")
|
||||
if args.clair_mode:
|
||||
clair_db_host = rcp.get("configuration", "clair_db_host")
|
||||
if "postgres" == clair_db_host:
|
||||
raise Exception("Error: In HA mode, clair_db_host in harbor.cfg needs to point to an external Postgres DB address.")
|
||||
|
||||
cert_path = rcp.get("configuration", "ssl_cert")
|
||||
cert_key_path = rcp.get("configuration", "ssl_cert_key")
|
||||
shared_cert_key = os.path.join(base_dir, "ha", os.path.basename(cert_key_path))
|
||||
|
Loading…
Reference in New Issue
Block a user