services:quay.ceph.io
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
services:quay.ceph.io [2020/07/30 17:12] djgalloway [Summary] |
services:quay.ceph.io [2024/03/04 21:29] (current) zmc |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== quay.ceph.io ====== | ====== quay.ceph.io ====== | ||
| - | ===== Summary ===== | + | ===== Pulling from quay.ceph.io ===== |
| + | In Quay's web UI, in the "Pull this container with the following Podman command:" fields, you'll see commands like this: | ||
| + | |||
| + | ''podman pull quay-quay-quay.apps.os.sepia.ceph.com/ceph-ci/ceph'' | ||
| + | |||
| + | These will work just fine when connected to the Sepia VPN. A public endpoint is available at ''quay.ceph.io'', so you may pull images without the VPN like so: | ||
| + | |||
| + | ''podman pull quay.ceph.io/ceph-ci/ceph'' | ||
| + | |||
| + | ===== Operations Summary ===== | ||
| This is a VM in [[services:RHEV]] that was created because quay.io was having lots of issues the week of 25MAY2020 which broke the lab (https://tracker.ceph.com/issues/45343). | This is a VM in [[services:RHEV]] that was created because quay.io was having lots of issues the week of 25MAY2020 which broke the lab (https://tracker.ceph.com/issues/45343). | ||
| Line 12: | Line 21: | ||
| I had some trouble getting the containers to communicate with one another. The Quay docs don't cover setting up the ''br_netfilter'' kernel module or firewall rules so I wrote https://access.redhat.com/solutions/5254621. | I had some trouble getting the containers to communicate with one another. The Quay docs don't cover setting up the ''br_netfilter'' kernel module or firewall rules so I wrote https://access.redhat.com/solutions/5254621. | ||
| + | |||
| ===== Setup Commands ===== | ===== Setup Commands ===== | ||
| + | From dmick, 3Nov22: apparently this has changed a bit; it looks like the client.container auth doesn't exist anymore; rather, client.admin is used. Also, the cluster path is /containers/quay | ||
| <code> | <code> | ||
| ## On reesi001 | ## On reesi001 | ||
| Line 29: | Line 40: | ||
| # Then I just followed https://access.redhat.com/documentation/en-us/red_hat_quay/3.3/html/deploy_red_hat_quay_-_basic/preparing_for_red_hat_quay_basic | # Then I just followed https://access.redhat.com/documentation/en-us/red_hat_quay/3.3/html/deploy_red_hat_quay_-_basic/preparing_for_red_hat_quay_basic | ||
| + | </code> | ||
| + | |||
| + | |||
| + | |||
| + | ===== Letsencrypt ===== | ||
| + | Since the quay container listens on port 80 and 443, we have to temporarily stop it to renew the cert. To avoid doing this too frequently, I have it done on the first Saturday of even-numbered months early in the morning when traffic should be minimal. | ||
| + | |||
| + | <code> | ||
| + | [root@quay ~]# crontab -l | ||
| + | # On the first Saturday of Feb,Apr,Jun,Aug,Oct,Dec, renew quay cert | ||
| + | 0 4 * 2,4,6,8,10,12 6 [ $(date +\%d) -le 06 ] && /root/bin/quay-cert-renew.sh | ||
| + | |||
| + | [root@quay ~]# cat /root/bin/quay-cert-renew.sh | ||
| + | #!/bin/bash | ||
| + | for container in $(docker ps | grep "quay\.io" | awk '{ print $1 }'); do docker stop $container; done | ||
| + | certbot renew | ||
| + | docker run --restart=always -p 443:8443 -p 80:8080 --sysctl net.core.somaxconn=4096 --privileged=true -v /etc/quay:/conf/stack:Z -v /lrc:/datastorage/registry:Z -d quay.io/redhat/quay:v3.3.0 | ||
| </code> | </code> | ||
services/quay.ceph.io.1596129138.txt.gz · Last modified: 2020/07/30 17:12 by djgalloway
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
