These playbooks can be used as a starting point to setup Quay 3 and Clair in an HA configuration following the docs at: https://access.redhat.com/documentation/en-us/red_hat_quay/3/html/manage_red_hat_quay/index
quay-setup.yaml is all that's needed, but also included is an example standalone redis and postgres container for testing, and some host preparation playbooks.
Copy inventories/example/, files/example/, and secrets/example/ and make modifications for your environment.
All Quay options start with clair or quay_ (except for is_clair and is_quay)_
Mark individual hosts with 'is_quay=true' and/or 'is_clair=true' to run those components there.
Review roles/quay/defaults/main.yml for default variable values and options.
- config object response from quay config mode API
- reuse of SECRET_KEY, DATABASE_SECRET_KEY, and BITORRENT_FILENAME_PEPPER from first found existing quay/config.yaml on a server on re-run
- some sane defaults from roles/quay/files/quay/config.yaml
- values from 'quay_config' variable defined in inventory (this most easily defined by loading a file like files/example/quay/config.yaml )
- security_scanner options from:
- reuse of security_scanner pem file and id if already on all clair hosts and known by the Quay config API responses
- Quay config API generating a key
- roles/quay/files/clair/config.yaml
Tested on RHEL 7 with Ansible 2.6
Expects NetworkManager, Firewalld, and Selinux to be enabled.
Expects Postgresql DB for Quay Expects Postgresql DB for Clair
ansible-vault password is password *.key and secrets/../config.yaml files are encrypted
You definitely don't want to use the presetup- playbooks without modifying them for your environment.*
The load-balancer configuration is outside the scope of these playbooks