Quay 基础版安装和部署

详细的安装手册可以参考官方文档，地址在

https://access.redhat.com/documentation/en-us/red_hat_quay/3/html-single/deploy_red_hat_quay_-_basic/index

Quay包含了几个核心组件

• 数据库:主要存放镜像的元数据（非镜像存储)
• redis:存放构建日志和Quay的向导
• Quay:作为registry
• Clair: 镜像扫描功能

安装的环境至少需要4G内存

• 安装步骤

1.安装docker以及关闭防火墙

yum install docker
systemctl enable docker
systemctl start docker
systemctl is-active docker

systemctl stop firewalld
systemctl disable firewalld

2.安装mysql数据库

mkdir -p /var/lib/mysql
chmod 777 /var/lib/mysql
export MYSQL_CONTAINER_NAME=mysql
export MYSQL_DATABASE=enterpriseregistrydb
export MYSQL_PASSWORD=welcome1
export MYSQL_USER=quayuser
export MYSQL_ROOT_PASSWORD=welcome1

docker run \\
   --detach \\
   --restart=always \\
   --env MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD} \\
   --env MYSQL_USER=${MYSQL_USER} \\
   --env MYSQL_PASSWORD=${MYSQL_PASSWORD} \\
   --env MYSQL_DATABASE=${MYSQL_DATABASE} \\
   --name ${MYSQL_CONTAINER_NAME} \\
   --privileged=true \\
   --publish 3306:3306 \\
   -v /var/lib/mysql:/var/lib/mysql/data:Z \\
   registry.access.redhat.com/rhscl/mysql-57-rhel7

如果是离线环境，需要事先下载镜像registry.access.redhat.com/rhscl/mysql-57-rhel7

验证连接性

yum install -y mariadb
mysql -h 192.168.56.107 -u root --password=welcome1
Welcome to the MariaDB monitor.  Commands end with ; or \\g.
Your MySQL connection id is 10184
Server version: 5.7.21 MySQL Community Server (GPL)
Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\\h' for help. Type '\\c' to clear the current input statement.
MySQL [(none)]> status

3.安装redis

mkdir -p /var/lib/redis
chmod 777 /var/lib/redis
docker run -d --restart=always -p 6379:6379 \\
   --privileged=true \\
   -v /var/lib/redis:/var/lib/redis/data:Z \\
   registry.access.redhat.com/rhscl/redis-32-rhel7

mysql和redis都是以restart=always方式启动，也就是说docker启动以后这两服务就启动了。

4.配置Quay

docker run --privileged=true -p 8443:8443 -d quay.io/redhat/quay:v3.2.0 config welcome1

这一步拉去quay的镜像花了不少时间，能够拉去之前，需要访问redhat的用户网站获取login密码

https://access.redhat.com/solutions/3533201

拉去完成后会启动一个配置quay的进程，访问

https://registry.redhat.ren:8443

登录通过quayconfig/welcome1

选择新建

设置完数据库后，需要设置super user

下面这个界面需要设置两个地方，一个是

Server configuration的Server Hostname,另一个是Redis Hostname

SSL暂时先不配置，然后保存出一个quay-config.tar.gz

5.部署Quay

mkdir -p /mnt/quay/config

mkdir -p /mnt/quay/storage

cp quay-config.tar.gz /mnt/quay/config/

tar xvf quay-config.tar.gz
config.yaml

docker run --restart=always -p 443:8443 -p 80:8080 \\
   --sysctl net.core.somaxconn=4096 \\
   --privileged=true \\
   -v /mnt/quay/config:/conf/stack:Z \\
   -v /mnt/quay/storage:/datastorage:Z \\
   -d quay.io/redhat/quay:v3.2.0

访问http://registry.redhat.ren

然后建立repository,然后push镜像。

如果是非ssl模式push镜像，需要在docker上进行设置

[root@registry ssl]# cat /etc/docker/daemon.json 
{
"insecure-registries" : ["registry.redhat.ren"]
}

## SSL配置

生成SSL文件，详细参考

https://access.redhat.com/documentation/en-us/red_hat_quay/3/html-single/manage_red_hat_quay/index#using-ssl-to-protect-quay

生成rootca

openssl genrsa -out rootCA.key 2048
openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.pem

建立私钥和认证

openssl genrsa -out device.key 2048
openssl req -new -key device.key -out device.csr

#这个应该设置成openshift node的主机名
Common Name (eg, your name or your server's hostname) []:*.redhat.ren

    openssl x509 -req -in device.csr -CA rootCA.pem \\
           -CAkey rootCA.key -CAcreateserial -out device.crt -days 500 -sha256

将device.crt和device.key重命名为ssl.cert和ssl.key

图形化配置不work,然后找到一句话

非openshift安装，可以通过命令行。

将key放到quay的配置目录下

cp ssl* /mnt/quay/config/
ls /mnt/quay/config/

config.yaml  ssl.cert  ssl.key

修改config.yaml

PREFERRED_URL_SCHEME: https

重新启动quay

docker restart cbe7b0fa39d8

先用浏览器验证一下 https://registry.redhat.ren

然后在需要访问registry的客户端机器上设置

cp rootCA.pem /etc/docker/certs.d/registry.redhat.ren/ca.crt

验证。

[root@registry ssl]# docker login registry.redhat.ren
Username (admin): admin
Password: 
Login Succeeded
[root@registry ssl]# docker push  registry.redhat.ren/admin/postgres:latest
The push refers to a repository [registry.redhat.ren/admin/postgres]
881e1c269a4d: Layer already exists 
7db57ad3e021: Layer already exists 
7605e1c60aec: Layer already exists 
a1d223e6e6a4: Layer already exists 
360cf55e74f6: Layer already exists 
fd0cac2972ba: Layer already exists 
a9de3f685bb0: Layer already exists 
dedb3d1e3b58: Layer already exists 
9087d83a2760: Layer already exists 
ee106a0920de: Layer already exists 
237b8fa99d00: Layer already exists 
fd4cba0278cd: Layer already exists 
d2c7e196c047: Layer already exists 
556c5fb0d91b: Layer already exists 
latest: digest: sha256:625225ca4ab31e1f8fc53dcd7dcff96293359c27002b7525522188ca6139cf66 size: 3245
[root@registry ssl]#