More so a question whether the documentation is correct.
It makes more sense that I am upgrading to 3.2, so I would bring up 3.2.z clair and builder versions, not the old 3.0.z version.

Line in question: https://github.com/quay/quay-docs/blame/3.2-release/modules/proc_upgrade_v3.adoc#L165

Currently reads (in 3.2.1 documentation): "Start v3.0.z versions ..."

I think it should read: "Start v3.2.1 versions ..."

Which section(s) is the issue in?

Action log configuration fields

What needs fixing?

The description in the LOGS_MODEL field says Enable or disable the security scanner and it sounds like referring to the security scanner, but this should be about action logs options such as database used by default or elasticsearch to export action logs.

The Quay georeplication upgrade steps are under the quay bridge operator upgrade panel. These should be under the Quay operator upgrade panel.

https://access.redhat.com/documentation/en-us/red_hat_quay/3/html-single/upgrade_red_hat_quay/index#upgrading-geo-repl-quay-operator

quay.io is still use the v2's scheme1.manifest

$ token=`curl -s "https://quay.io/v2/auth?service=quay.io&scope=repository:kubernetes-ingress-controller/nginx-ingress-controller:pull" | jq -r .token`
$ curl -sLH "Authorization: Bearer $token"   https://quay.io/v2/kubernetes-ingress-controller/nginx-ingress-controller/manifests/0.24.1
{
   "schemaVersion": 1,
 ...

README.adoc says the changes should be done against 3.0-master branch but from the recent pull requests it looks like the changes are normally done against master branch. Is the information in README.adoc accurate? Also, it is not clear how relevant the file README.md is. Note that it starts with "Testing changes. Please ignore." If the file is no longer relevant it probably should be removed from the repository. If some of the information is still relevant it should be merged into README.adoc.

Try navigating https://www.projectquay.io/ then open Contributors Guide it gives 404 page not find. Is that link modified or WIP?

Location:
Chapter 2.3. Setting up the HAProxy load balancer and the PostgreSQL database

Step 5-8 runs psql commands from the container path /opt/rh/rh-postgresql96/root/usr/bin/psql. This path does not exist in registry.redhat.io/rhel8/postgresql-13:1-109 image.

[root@HA-quay1 ~]#  mkdir -p /var/lib/pgsql/data1
[root@HA-quay1 ~]# chmod 777 /var/lib/pgsql/data1
[root@HA-quay1 ~]# podman run -d --name postgresql_database1 \
>     -v /var/lib/pgsql/data1:/var/lib/pgsql/data1:Z  \
>     -e POSTGRESQL_USER=quayuser -e POSTGRESQL_PASSWORD=quaypass \
>     -e POSTGRESQL_DATABASE=quaydb -p 5439:5432 \
>     registry.redhat.io/rhel8/postgresql-13:1-109
e1763f752a243395186d51bdc1d2583cb8a79be20deb88c7e6074b66802e6635
[root@HA-quay1 ~]# podman exec -it postgresql_database1 /bin/bash -c 'ls /opt/rh/rh-postgresql96/root/usr/bin/psql'
ls: cannot access '/opt/rh/rh-postgresql96/root/usr/bin/psql': No such file or directory
[root@HA-quay1 ~]# podman exec -it postgresql_database1 /bin/bash -c 'which psql'
/usr/bin/psql

Possible solution:
Use /usr/bin/psql path instead of /opt/rh/rh-postgresql96/root/usr/bin/psql in the steps mentioned.

I couldn't find the code... but:

These steps are described in Project Quay Security Scanning with Clair.

It's on this page: https://docs.projectquay.io/deploy_quay.html

https://access.redhat.com/documentation/en-us/red_hat_quay/%7Bproducty%7D/html-single/manage_red_hat_quay/index#quay-security-scanner

Seems to go no where, or at least link's 404's when I attempt to use it.

Directly from Quay.io.

I would like to open tag-templating.html directory from Quay.io (https://docs.quay.io/guides/tag-templating.html)
but it returns 404

Regarding tag naming https://docs.projectquay.io/use_quay.html#_understanding_tag_naming_for_build_triggers, would it be possible to add a reference to commit_info? What are possible values?

docker pull universal-developer-image throws error.
How can i pull this image?

https://issues.redhat.com/browse/PROJQUAY-1114

If there are any limitations on the ability to roll back to 3.1 we should address that in the doc. When i was testing the pre-release version of 3.2 I believe there was a schema change that took place during the upgrade that would have prevented me from rolling back.

Which section(s) is the issue in?

Clair v4 released from Quay v3.6 started to use NVD [1] but it's not stated in the 7.8. Clair updater URLs.

What needs fixing?

nvd should be added to the list.

Hi good morning

I'm using quay (community) and now I'm trying to download the image of the clair with the command 'docker pull quay.io/redhat/clair-jwt:v3.3.0' but I'm getting the following error below

fsbano @ argon ~% docker login quay.io
Username: fsbano
Password:
Login successful
fsbano @ argon ~% docker pull quay.io/redhat/clair-jwt:v3.3.0
Daemon error response: unauthorized: access to the requested resource is not authorized
fsbano @ argon ~%

Best regards,
Fábio Sbano

Seems like a recent change to the doc rippled down on https://docs.projectquay.io/upgrade_quay.html and now lists clair:4.7.2as the matching Clair version for all releases since Quay 3.5.

Which section(s) is the issue in?

Configuring TLS and routes

What needs fixing?

Managed tls means that the default cluster wildcard cert is used. Unmanaged tls means that the user provided cert/key pair will be injected into the Route.
I think this should say "user provided cert/key pair will be injected into into the Quay container" but not for the Route object, but is it correct? Because when tls is set unmanaged, Route with passthrough termination is used instead of edge termination.

It could be worth mentioning that when Postgresql DB (for Quay and for Clair) is provisioned by Quay Operator, POSTGRES_ADMIN_PASSWORD environment variable is not being set:

https://github.com/redhat-cop/quay-operator/blob/8f6360ec4864a889a0965aa140b4158ff3bf079f/pkg/controller/quayecosystem/resources/deployments.go#L588

So the database secret database-root-password field is used only if they are using their own database (whether it is containerised or not):
https://github.com/quay/quay-docs/blob/master/modules/proc_deploy-quay-openshift-operator.adoc#specifying-database-credentials

In the deploy_quay page (https://docs.projectquay.io/deploy_quay.html) and specifically the following part (https://github.com/quay/quay-docs/blob/master/modules/clair-standalone-running.adoc), the specified Clair container version is wrong. It should be 4.4.4 instead of v3.7.1. {productminv} is used for both Quay container version and Clair container version.

Previous upgrade versions provide the docker run command for starting quay, but the 3.2 page doesn't.

Hi all.

In our on prem network we have to request access to technical URLs like quay.io via change requests to the internet proxy team to be able to reach them with tools like Docker or Podman.

I have requested to quay.io which is working fine, but a Docker pull is suddenly ending up in 407 proxy auth errors.
Analysis with our proxy team figured out that a redirect is happening to cdn.quay.io and furthermore to cdn02.quay.io etc.

Is there a stable list of URLs which we could add to our rules?
The proxy team and internal security will most likely not accept wildcard rules like *.quay.io if there is no good reason.

Thanks for your hints.

Regards Sergei

It is very useful to have any simple guidelines about how to configure with/out the operator, but using objectbucketclaim and its configmap/secret.

Files Affected:
modules/proc_deploy-quay-openshift-operator.adoc

The documented property isn't respected by the operator for either the Quay route or the Quay Configuration route. Per the README on quay-operator, the appropriate conversions are:
routeHost --> hostname
configRouteHost --> configHostname

A PR resolving this issue is incoming.