Doc question: need to create a Postgres database in order to run Clair container

[xueshanf]

It seems that a Postgres database needs to be created first, otherwise, docker run gave errors:

docker run --rm -v /path/to/image-storage:/path/to/image-storage -p 6060:6060 -p 6061:6061 quay.io/coreos/clair --db-type=sql --db-path='host=postgresdb.example.com port=5432 user=admin password=adminPass' --update-interval=2h
E1117 18:56:31.908102 00001 quadstore.go:59] Couldn't open database at host=postgresdb.example.com> port=5432 user=admin password=adminPass': &pq.Error{Severity:"FATAL", Code:"3D000", Message:"database \"admin\" does not exist", Detail:"", Hint:"", Position:"", InternalPosition:"", InternalQuery:"", Where:"", Schema:"", Table:"", Column:"", DataTypeName:"", Constraint:"", File:"postinit.c", Line:"775", Routine:"InitPostgres"}

I created the database like so:

CREATE ROLE clair with LOGIN CREATEDB PASSWORD 'somepassword;
CREATE DATABASE clair;
GRANT ALL PRIVILEGES ON DATABASE clair to clair;

And then this works:

docker run --rm -v /path/to//image-storage:/path/to/image-storage -p 6060:6060 -p 6061:6061 quay.io/coreos/clair --db-type=sql --db-path='host=postgresdb.example.com port=5432 user=clair password=somepassword' --update-interval=2h
E1117 19:38:15.411549 00001 quadstore.go:319] Couldn't execute horizon: sql: no rows in result set
2015-11-17 19:38:15.412148 I | api: starting Health API on port 6061.
2015-11-17 19:38:15.412261 I | api: starting API on port 6060.
2015-11-17 19:38:15.412458 I | updater: updater service started. lock identifier: 35f76bb1-cfa4-4682-816c-591be9ca52b8
2015-11-17 19:38:15.432099 I | updater: updating vulnerabilities
2015-11-17 19:38:15.432135 I | updater/fetchers: fetching Debian vulneratibilities
2015-11-17 19:38:15.432196 I | updater/fetchers: fetching Red Hat vulneratibilities
2015-11-17 19:38:15.432396 I | updater/fetchers: fetching Ubuntu vulneratibilities

Despite the error from quadstore.go:319, it does work.
Note that the container expects the database name is the same as the db user name, or you can pass in 'database=' in the connection string, which is undocumented.

Is it correct that, unlike 'bolt' db type, a pre-existing sql database is required to run the clair container?

This is great! Once I get it going I was able to insert layers for local images and get reports.

[Quentin-M]

Hello,

Correct ! The database has to be present in the first place. However, the schema is then created by Clair itself at the first run. The error that you have is actually expected - everything is fine !

Note: Bolt is great for testing but as it uses a file lock, it is not possible to run multiple Clair instances on the same database. That is why PostgreSQL is the way to go for the distributed service.

Thank you.

[candita]

Quentin, have you removed the ability to use bolt in the latest? It was great for testing/evaluation purposes.

[Quentin-M]

@candita Hi. The Bolt backend was powered by Cayley and Clair doesn't use Cayley anymore for performance reasons. It is however possible to re-implement the Bolt backend using the Datastore interface.