Skip to content

Files

Latest commit

 

History

History
122 lines (103 loc) · 5.37 KB

proc_deploy_quay_add.adoc

File metadata and controls

122 lines (103 loc) · 5.37 KB

Deploying {productname}

To deploy the {productname} service on the nodes in your cluster, you use the same Quay container you used to create the configuration file. The differences here are that you:

  • Identify directories where the configuration files and data are stored

  • Run the command with --sysctl net.core.somaxconn=4096

  • Don’t use the config option or password

For a basic setup, you can deploy on a single node; for high availability you probably want three or more nodes (for example, quay01, quay02, and quay03).

Note

The resulting {productname} service will listen on regular port 8080 and SSL port 8443. This is different from previous releases of {productname}, which listened on standard ports 80 and 443, respectively. In this document, we map 8080 and 8443 to standard ports 80 and 443 on the host, respectively. Througout the rest of this document, we assume you have mapped the ports in this way.

Here is what you do:

  1. Create directories: Create two directories to store configuration information and data on the host. For example:

    # mkdir -p /mnt/quay/config
# #optional: if you don't choose to install an Object Store
# mkdir -p /mnt/quay/storage

  2. Copy config files: Copy the tarball (quay-config.tar.gz) to the configuration directory and unpack it. For example:

    # cp quay-config.tar.gz /mnt/quay/config/
# tar xvf quay-config.tar.gz
config.yaml ssl.cert ssl.key

  3. Deploy {productname}: Having already authenticated to Quay.io (see Accessing {productname}) run {productname} as a container, as follows:

    Note

    Add -e DEBUGLOG=true to the podman run command line for the Quay container to enable debug level logging. Add -e IGNORE_VALIDATION=true to bypass validation during the startup process.

    		 
    # sudo podman run --restart=always -p 443:8443 -p 80:8080 \
   --sysctl net.core.somaxconn=4096 \
   --privileged=true \
   -v /mnt/quay/config:/conf/stack:Z \
   -v /mnt/quay/storage:/datastorage:Z \
   -d {productrepo}/{quayimage}:{productminv}

  4. Open browser to UI: Once the Quay container has started, go to your web browser and open the URL, to the node running the Quay container.

  5. Log into {productname}: Using the superuser account you created during configuration, log in and make sure {productname} is working properly.

  6. Add more {productname} nodes: At this point, you have the option of adding more nodes to this {productname} cluster by simply going to each node, then adding the tarball and starting the Quay container as just shown.

  7. Add optional features: To add more features to your {productname} cluster, such as Clair images scanning and Repository Mirroring, continue on to the next section.

Add Clair image scanning to {productname}

Setting up and deploying Clair image scanning for your {productname} deployment is described in Clair Security Scanning

Add repository mirroring {productname}

Enabling repository mirroring allows you to create container image repositories on your {productname} cluster that exactly match the content of a selected external registry, then sync the contents of those repositories on a regular schedule and on demand.

To add the repository mirroring feature to your {productname} cluster:

  • Run the repository mirroring worker. To do this, you start a quay pod with the repomirror option.

  • Select "Enable Repository Mirroring in the {productname} Setup tool.

  • Log into your {productname} Web UI and begin creating mirrored repositories as described in Repository Mirroring in {productname}.

The following procedure assumes you already have a running {productname} cluster on an OpenShift platform, with the {productname} Setup container running in your browser:

  1. Start the repo mirroring worker: Start the Quay container in repomirror mode. This example assumes you have configured TLS communications using a certificate that is currently stored in /root/ca.crt. If not, then remove the line that adds /root/ca.crt to the container:

    $ sudo podman run -d --name mirroring-worker \
  -v /mnt/quay/config:/conf/stack:Z \
  -v /root/ca.crt:/etc/pki/ca-trust/source/anchors/ca.crt \
  {productrepo}/{quayimage}:{productminv} repomirror

  2. Log into config tool: Log into the {productname} Setup Web UI (config tool).

  3. Enable repository mirroring: Scroll down the Repository Mirroring section and select the Enable Repository Mirroring check box, as shown here:

  4. Select HTTPS and cert verification: If you want to require HTTPS communications and verify certificates during mirroring, select this check box. Enable mirroring and require HTTPS and verified certificates

  5. Save configuration: Select the Save Configuration Changes button. Repository mirroring should now be enabled on your {productname} cluster. Refer to Repository Mirroring in {productname} for details on setting up your own mirrored container image repositories.