Skip to content

Commit

Permalink
local-dev: implement quay local development
Browse files Browse the repository at this point in the history
this commit provides a fully functional Quay as part of the local dev
setup.

new makefile targets:
  "local-dev-up-with-quay": start a local dev environment with the quay
  image specified in docker-compose.yaml and config in
  ./local-dev/quay/config.yaml

  "local-dev-restart-quay": restarts the quay instance to make config
  changes take effect.

Signed-off-by: ldelossa <[email protected]>
  • Loading branch information
ldelossa authored and ldelossa committed Aug 28, 2020
1 parent 9bd4f4d commit d1b6012
Show file tree
Hide file tree
Showing 4 changed files with 200 additions and 22 deletions.
25 changes: 25 additions & 0 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,31 @@ local-dev-up: vendor
$(docker-compose) up -d notifier
$(docker-compose) up -d swagger-ui

.PHONY: local-dev-up-with-quay
local-dev-up-with-quay: vendor
## clair ##
$(docker-compose) up -d traefik
$(docker-compose) up -d jaeger
$(docker-compose) up -d prometheus
$(docker-compose) up -d rabbitmq
$(docker-compose) up -d activemq
$(docker-compose) up -d clair-db
$(docker) exec -it clair-db bash -c 'while ! pg_isready; do echo "waiting for clair postgres"; sleep 2; done'
$(docker-compose) up -d indexer-quay
$(docker-compose) up -d matcher
$(docker-compose) up -d notifier
$(docker-compose) up -d swagger-ui
## quay ##
$(docker-compose) up -d redis
$(docker-compose) up -d quay-db
$(docker) exec -it quay-db bash -c 'while ! pg_isready; do echo "waiting for quay postgres"; sleep 2; done'
$(docker) exec -it quay-db /bin/bash -c 'echo "CREATE EXTENSION IF NOT EXISTS pg_trgm" | psql -d quay -U quay'
$(docker-compose) up -d quay

.PHONY: local-dev-restart-quay
local-dev-restart-quay:
$(docker-compose) up -d --force-recreate quay

# starts a local dev environment for testing notifier
# the notifier will create a notification on very notifier.poll_interval value in the local dev configuration.
#
Expand Down
116 changes: 99 additions & 17 deletions docker-compose.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -60,9 +60,6 @@ services:
notifier:
container_name: clair-notifier
image: quay.io/claircore/golang:1.13.5
ports:
- "8079:8080"
- "8088:8089"
volumes:
- "./:/src/clair/"
environment:
Expand All @@ -72,16 +69,16 @@ services:
["bash", "-c", "cd /src/clair/cmd/clair; go run -mod vendor ."]
labels:
- "traefik.enable=true"
- "traefik.http.routers.index_report.entrypoints=clair"
- "traefik.http.routers.index_report.rule=PathPrefix(`/api/v1/notification`)"

- "traefik.http.routers.notifications.entrypoints=clair"
- "traefik.http.routers.notifications.rule=PathPrefix(`/api/v1/notification`)"
- "traefik.http.routers.notifications.service=notifications"
- "traefik.http.services.notifications.loadbalancer.server.port=6000"

# this should only be created and deleted via the make target "local-dev-notifier-test"
notifier-test-mode:
container_name: clair-notifier
image: quay.io/claircore/golang:1.13.5
ports:
- "8079:8080"
- "8088:8089"
volumes:
- "./:/src/clair/"
environment:
Expand All @@ -92,15 +89,15 @@ services:
["bash", "-c", "cd /src/clair/cmd/clair; go run -mod vendor ."]
labels:
- "traefik.enable=true"
- "traefik.http.routers.index_report.entrypoints=clair"
- "traefik.http.routers.index_report.rule=PathPrefix(`/api/v1/notification`)"

- "traefik.http.routers.notifications.entrypoints=clair"
- "traefik.http.routers.notifications.rule=PathPrefix(`/api/v1/notification`)"
- "traefik.http.routers.notifications.service=notifications"
- "traefik.http.services.notifications.loadbalancer.server.port=6000"

indexer:
container_name: clair-indexer
image: quay.io/claircore/golang:1.13.5
ports:
- "8080:8080"
- "8089:8089"
volumes:
- "./:/src/clair/"
environment:
Expand All @@ -110,19 +107,60 @@ services:
["bash", "-c", "cd /src/clair/cmd/clair; go run -mod vendor ."]
labels:
- "traefik.enable=true"

- "traefik.http.routers.index_report.rule=PathPrefix(`/api/v1/index_report`)"
- "traefik.http.routers.index_report.entrypoints=clair"
- "traefik.http.routers.index_report.service=index_report"
- "traefik.http.services.index_report.loadbalancer.server.port=6000"

- "traefik.http.services.index_state.loadbalancer.server.port=6000"
- "traefik.http.routers.index_state.entrypoints=clair"
- "traefik.http.routers.index_state.service=index_state"
- "traefik.http.routers.index_state.rule=PathPrefix(`/api/v1/index_state`)"

- "traefik.http.services.affected_manifest.loadbalancer.server.port=6000"
- "traefik.http.routers.affected_manifest.entrypoints=clair"
- "traefik.http.routers.affected_manifest.service=affected_manifest"
- "traefik.http.routers.affected_manifest.rule=PathPrefix(`/api/v1/internal/affected_manifest`)"

## like the indexer service above, but mounts quay's http port into local
## network namespace.
##
## allows layer fetching over localhost
indexer-quay:
container_name: clair-indexer
image: quay.io/claircore/golang:1.13.5
volumes:
- "./:/src/clair/"
environment:
CLAIR_CONF: "/src/clair/local-dev/clair/config.yaml"
CLAIR_MODE: "indexer"
network_mode: "service:quay"
command:
["bash", "-c", "cd /src/clair/cmd/clair; go run -mod vendor ."]
labels:
- "traefik.enable=true"

- "traefik.http.routers.index_report.rule=PathPrefix(`/api/v1/index_report`)"
- "traefik.http.routers.index_report.entrypoints=clair"
- "traefik.http.routers.index_report.service=index_report"
- "traefik.http.services.index_report.loadbalancer.server.port=6000"

- "traefik.http.services.index_state.loadbalancer.server.port=6000"
- "traefik.http.routers.index_state.entrypoints=clair"
- "traefik.http.routers.index_state.service=index_state"
- "traefik.http.routers.index_state.rule=PathPrefix(`/api/v1/index_state`)"

- "traefik.http.services.affected_manifest.loadbalancer.server.port=6000"
- "traefik.http.routers.affected_manifest.entrypoints=clair"
- "traefik.http.routers.affected_manifest.service=affected_manifest"
- "traefik.http.routers.affected_manifest.rule=PathPrefix(`/api/v1/internal/affected_manifest`)"
depends_on:
- quay

matcher:
container_name: clair-matcher
image: quay.io/claircore/golang:1.13.5
ports:
- "8081:8080"
- "8090:8089"
volumes:
- "./:/src/clair/"
environment:
Expand All @@ -132,12 +170,21 @@ services:
["bash", "-c", "cd /src/clair/cmd/clair; go run -mod vendor ."]
labels:
- "traefik.enable=true"
- "traefik.http.routers.vulnerability_report.entrypoints=clair"

- "traefik.http.routers.vulnerability_report.rule=PathPrefix(`/api/v1/vulnerability_report`)"
- "traefik.http.routers.vulnerability_report.entrypoints=clair"
- "traefik.http.routers.vulnerability_report.service=vulnerability_report"
- "traefik.http.services.vulnerability_report.loadbalancer.server.port=6000"

- "traefik.http.routers.update_operation.entrypoints=clair"
- "traefik.http.routers.update_operation.rule=PathPrefix(`/api/v1/internal/update_operation`)"
- "traefik.http.routers.update_operation.service=update_operation"
- "traefik.http.services.update_operation.loadbalancer.server.port=6000"

- "traefik.http.routers.update_diff.entrypoints=clair"
- "traefik.http.routers.update_diff.rule=PathPrefix(`/api/v1/internal/update_diff`)"
- "traefik.http.routers.update_diff.service=update_diff"
- "traefik.http.services.update_diff.loadbalancer.server.port=6000"

swagger-ui:
container_name: clair-swagger
Expand Down Expand Up @@ -176,3 +223,38 @@ services:
- '--web.console.templates=/usr/share/prometheus/consoles'
ports:
- "9090:9090"

## QUAY ##
redis:
container_name: clair-redis
image: redis:latest
ports:
- "6379:6379"

## quay MUST be bound to port 8080
quay:
container_name: clair-quay
image: quay.io/projectquay/quay:latest
privileged: true
volumes:
- "./local-dev/quay:/conf/stack"
ports:
- "8080:8080"
environment:
DEBUGLOG: "true"

quay-db:
container_name: quay-db
image: postgres:12.1
environment:
POSTGRES_USER: "quay"
POSTGRES_DB: "quay"
ports:
- "5433:5432"
healthcheck:
test: ["CMD-SHELL", "pg_isready -U quay -d quay"]
interval: 10s
timeout: 9s
retries: 3
start_period: 10s

10 changes: 5 additions & 5 deletions local-dev/clair/config.yaml
Original file line number Diff line number Diff line change
@@ -1,20 +1,20 @@
---
log_level: debug-color
introspection_addr: ":8089"
http_listen_addr: ":8080"
introspection_addr: ""
http_listen_addr: ":6000"
indexer:
connstring: host=clair-db port=5432 user=clair dbname=clair sslmode=disable
scanlock_retry: 10
layer_scan_concurrency: 5
migrations: true
matcher:
indexer_addr: http://clair-indexer:8080/
indexer_addr: http://clair-traefik:6060/
connstring: host=clair-db port=5432 user=clair dbname=clair sslmode=disable
max_conn_pool: 100
migrations: true
notifier:
indexer_addr: http://clair-indexer:8080/
matcher_addr: http://clair-matcher:8080/
indexer_addr: http://clair-traefik:6060/
matcher_addr: http://clair-traefik:6060/
connstring: host=clair-db port=5432 user=clair dbname=clair sslmode=disable
migrations: true
delivery_interval: 5s
Expand Down
71 changes: 71 additions & 0 deletions local-dev/quay/config.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,71 @@
SUPER_USERS:
- admin
AUTHENTICATION_TYPE: Database
BITTORRENT_FILENAME_PEPPER: 0ee18f90-5b6d-42d2-ab5e-ec9fcd846272
BUILDLOGS_REDIS:
host: clair-redis
port: 6379
DATABASE_SECRET_KEY: '30060361640793187613697366923211113205676925445650250274752125083971638376224'
DB_URI: postgresql://quay@quay-db/quay
DEFAULT_TAG_EXPIRATION: 2w
DISTRIBUTED_STORAGE_CONFIG:
default:
- LocalStorage
- storage_path: /datastorage/registry
DISTRIBUTED_STORAGE_DEFAULT_LOCATIONS: []
DISTRIBUTED_STORAGE_PREFERENCE:
- default
ENTERPRISE_LOGO_URL: /static/img/quay-horizontal-color.svg
EXTERNAL_TLS_TERMINATION: true
FEATURE_ACI_CONVERSION: false
FEATURE_ANONYMOUS_ACCESS: true
FEATURE_APP_REGISTRY: false
FEATURE_APP_SPECIFIC_TOKENS: true
FEATURE_BUILD_SUPPORT: false
FEATURE_CHANGE_TAG_EXPIRATION: true
FEATURE_DIRECT_LOGIN: true
FEATURE_MAILING: false
FEATURE_PARTIAL_USER_AUTOCOMPLETE: true
FEATURE_REPO_MIRROR: false
FEATURE_REQUIRE_TEAM_INVITE: true
FEATURE_RESTRICTED_V1_PUSH: false
FEATURE_SECURITY_NOTIFICATIONS: true
FEATURE_SECURITY_SCANNER: true
FEATURE_USERNAME_CONFIRMATION: true
FEATURE_USER_CREATION: true
FEATURE_USER_LOG_ACCESS: true
GITHUB_LOGIN_CONFIG: {}
GITHUB_TRIGGER_CONFIG: {}
GITLAB_TRIGGER_KIND: {}
GPG2_PRIVATE_KEY_FILENAME: signing-private.gpg
GPG2_PUBLIC_KEY_FILENAME: signing-public.gpg
LOG_ARCHIVE_LOCATION: default
MAIL_DEFAULT_SENDER: [email protected]
MAIL_PORT: 587
MAIL_USE_TLS: true
PREFERRED_URL_SCHEME: http
REGISTRY_TITLE: Red Hat Quay
REGISTRY_TITLE_SHORT: Red Hat Quay
REPO_MIRROR_SERVER_HOSTNAME: null
REPO_MIRROR_TLS_VERIFY: true
SECURITY_SCANNER_V4_ENDPOINT: http://clair-traefik:6060
SECURITY_SCANNER_V4_NAMESPACE_WHITELIST:
- "clairv4-org"
SECURITY_SCANNER_ISSUER_NAME: security_scanner
SERVER_HOSTNAME: localhost:8080
SETUP_COMPLETE: true
SIGNING_ENGINE: gpg2
TAG_EXPIRATION_OPTIONS:
- 0s
- 1d
- 1w
- 2w
- 4w
TEAM_RESYNC_STALE_TIME: 60m
TESTING: false
USERFILES_LOCATION: default
USERFILES_PATH: userfiles/
USER_EVENTS_REDIS:
host: clair-redis
port: 6379
USE_CDN: false

0 comments on commit d1b6012

Please sign in to comment.