Chapter 8. Automatially build Dockerfiles with build workers

Pull down the latest copy of the image. Make sure to pull the version tagged matching your Red Hat Quay version.

Run this container on each build worker. Since the worker will be orchestrating docker builds, we need to mount in the docker socket. This orchestration will use a large amount of CPU and need to manipulate the docker images on disk — we recommend that dedicated machines be used for this task.

Use the environment variable SERVER to tell the worker the hostname at which Red Hat Quay is accessible:

Here’s what the full command looks like:

docker run --restart on-failure \
  -e SERVER=ws://myquayenterprise \
  -v /var/run/docker.sock:/var/run/docker.sock \
  quay.io/coreos/quay-builder:v2.9.5

# docker run --restart on-failure \
  -e SERVER=ws://myquayenterprise \
  -v /var/run/docker.sock:/var/run/docker.sock \
  quay.io/coreos/quay-builder:v2.9.5

When the container starts, each build worker will auto-register and start building containers once a job is triggered and it is assigned to a worker.

If Quay is setup to use a SSL certificate that is not globally trusted, for example a self-signed certificate, Quay’s public SSL certificates must be mounted onto the quay-builder container’s SSL trust store. An example command to mount a certificate found at the host’s /path/to/ssl/rootCA.pem looks like:

docker run --restart on-failure \
  -e SERVER=wss://myquayenterprise \
  -v /path/to/ssl/rootCA.pem:/usr/local/share/ca-certificates/rootCA.pem \
  -v /var/run/docker.sock:/var/run/docker.sock \
  --entrypoint /bin/sh \
  quay.io/coreos/quay-builder:v2.9.3 \
  -c '/usr/sbin/update-ca-certificates && quay-builder'

# docker run --restart on-failure \
  -e SERVER=wss://myquayenterprise \
  -v /path/to/ssl/rootCA.pem:/usr/local/share/ca-certificates/rootCA.pem \
  -v /var/run/docker.sock:/var/run/docker.sock \
  --entrypoint /bin/sh \
  quay.io/coreos/quay-builder:v2.9.3 \
  -c '/usr/sbin/update-ca-certificates && quay-builder'