Adds auto-pruning docs to 3.10 (#817)

Co-authored-by: Steven Smith <[email protected]>

Author: stevsmit

architecture/master.adoc

@@ -65,3 +65,9 @@ include::modules/sizing-intro.adoc[leveloffset=+1]
 include::modules/sizing-sample.adoc[leveloffset=+2]
 include::modules/subscription-intro.adoc[leveloffset=+2]
 include::modules/quay-internal-registry-intro.adoc[leveloffset=+2]
+
+// Quota management
+include::modules/quota-management-arch.adoc[leveloffset=+1]
+
+//Namespace auto-pruning 
+include::modules/namespace-auto-pruning-arch.adoc[leveloffset=+1]

config_quay/master.adoc

@@ -7,7 +7,8 @@ include::modules/attributes.adoc[]
 
 include::modules/config-intro.adoc[leveloffset=+1]
 include::modules/config-disclaimer.adoc[leveloffset=+1]
-include::modules/config-updates-39.adoc[leveloffset=+2]
+include::modules/config-updates-310.adoc[leveloffset=+2]
+//include::modules/config-updates-39.adoc[leveloffset=+2]
 //include::modules/config-updates-38.adoc[leveloffset=+2]
 //include::modules/config-updates-37.adoc[leveloffset=+2]
 //include::modules/config-updates-36.adoc[leveloffset=+2]

images/auto-prune-policies-page.png

@@ -105,7 +105,7 @@ include::modules/metrics-authentication.adoc[leveloffset=+3]
 //include::modules/proc_manage-quay-geo-replication.adoc[leveloffset=+1]
 
 include::modules/quota-management-and-enforcement.adoc[leveloffset=+1]
-include::modules/quota-management-arch.adoc[leveloffset=+2]
+//include::modules/quota-management-arch.adoc[leveloffset=+2]
 include::modules/quota-management-limitations.adoc[leveloffset=+2]
 include::modules/red-hat-quay-quota-management-configure-39.adoc[leveloffset=+2]
 
@@ -116,16 +116,19 @@ include::modules/quota-establishment-api.adoc[leveloffset=+2]
 include::modules/quota-management-query-39.adoc[leveloffset=+2]
 include::modules/deleting-tag-permanently.adoc[leveloffset=+2]
 
+//namespace auto-pruning
 
+include::modules/red-hat-quay-namespace-auto-pruning-overview.adoc[leveloffset=+1]
+include::modules/managing-namespace-auto-pruning-policies.adoc[leveloffset=+2]
 
 include::modules/georepl-intro.adoc[leveloffset=+1]
 include::modules/arch-georpl-features.adoc[leveloffset=+2]
 include::modules/georepl-prereqs.adoc[leveloffset=+2]
-include::modules/georepl-arch-standalone.adoc[leveloffset=+2]
+//include::modules/georepl-arch-standalone.adoc[leveloffset=+2]
 include::modules/config-ui-storage-georepl.adoc[leveloffset=+3]
 include::modules/georepl-deploy-standalone.adoc[leveloffset=+3]
 include::modules/standalone-georepl-site-removal.adoc[leveloffset=+3]
-include::modules/georepl-arch-operator.adoc[leveloffset=+2]
+//include::modules/georepl-arch-operator.adoc[leveloffset=+2]
 include::modules/georepl-deploy-operator.adoc[leveloffset=+3]
 include::modules/operator-georepl-site-removal.adoc[leveloffset=+3]
 include::modules/georepl-mixed-storage.adoc[leveloffset=+2]

manage_quay/master.adoc

@@ -0,0 +1,18 @@
+:_content-type: REFERENCE
+[id="config-updates-310"]
+= Configuration updates for {productname} 3.10
+
+The following sections detail new configuration fields added in {productname} 3.10.
+
+[id="auto-pruner-namespace"]
+== Namespace auto-pruning configuration fields
+
+With {productname} 3.10, deployments can be configured to automatically prune old image tags by a specified, allotted amount, or by the time in which they were created. 
+
+.Namespace auto-pruning configuration field
+|===
+|Field | Type |Description
+| **FEATURE_AUTO_PRUNE** | Boolean | When set to `True`, enables functionality related to the auto-pruning of tags. 
++
+*Default:* `False`
+|===

modules/config-updates-310.adoc

@@ -0,0 +1,243 @@
+:_content-type: PROCEDURE
+[id="managing-namespace-auto-pruning-policies"]
+= Managing namespace auto-pruning policies using the {productname} UI
+
+Namespace auto-pruning policies are created using the {productname} UI v2. This can be done after you have configured your {productname} `config.yaml` file to enable the auto-pruning feature.
+
+[NOTE]
+====
+This feature is not available when using the {productname} legacy UI.
+====
+
+[id="configuring-namespace-auto-prune-feature"]
+== Configuring the {productname} namespace auto-pruning feature
+
+Use the following procedure to configure your {productname} `config.yaml` file to enable the namespace auto-pruning feature.
+
+.Procedure 
+
+* In your {productname} `config.yaml` file, add, and set, the `FEATURE_AUTO_PRUNE` environment variable to `True`. For example:
++
+[source,yaml]
+----
+# ...
+FEATURE_AUTO_PRUNE: True
+# ...
+----
+
+[id="creating-policy-v2-ui"]
+== Creating an auto-prune policy using the {productname} v2 UI
+
+Use the following procedure to create an auto-prune policy using the {productname} UI v2.
+
+.Prerequisites 
+
+* You have enabled the `FEATURE_AUTO_PRUNE` feature.
+
+.Procedure 
+
+. Tag three sample images, for example, `busybox`, that will be pushed to the repository with auto-pruning enabled. For example:
++
+[source,terminal]
+----
+$ podman tag docker.io/library/busybox <quay-server.example.com>/<quayadmin>/busybox:test
+----
++
+[source,terminal]
+----
+$ podman tag docker.io/library/busybox <quay-server.example.com>/<quayadmin>/busybox:test2
+----
++
+[source,terminal]
+----
+$ podman tag docker.io/library/busybox <quay-server.example.com>/<quayadmin>/busybox:test3
+----
++
+[source,terminal]
+----
+$ podman tag docker.io/library/busybox <quay-server.example.com>/<quayadmin>/busybox:test4
+----
+
+. Push the three sample images, for example, `busybox`, to the repository with auto-pruning enabled by entering the following commands:
++
+[source,terminal]
+----
+$ podman push <quay-server.example.com>/quayadmin/busybox:test
+----
++
+[source,terminal]
+----
+$ podman push <quay-server.example.com>/<quayadmin>/busybox:test2
+----
++
+[source,terminal]
+----
+$ podman push <quay-server.example.com>/<quayadmin>/busybox:test3
+----
++
+[source,terminal]
+----
+sudo podman push --tls-verify=false <quay-server.example.com>/<quayadmin>/busybox:test4
+----
+
+. Check that there are four tags in your repository. 
+
+. On the {productname} UI v2, click *Organizations* in the navigation pane. 
+
+. Select the name of an organization that you will apply the auto-pruning feature to, for example, `test_organization`. 
+
+. Click *Settings*. 
+
+. Click *Auto-Prune Policies*. For example:
++
+image:auto-prune-policies-page.png[Auto-Prune Policies page]
+
+. Click the drop down menu and select the desired policy, for example, *By number of tags*. 
+
+. Select the desired number of tags to keep. By default, this is set at *20* tags. For this example, the number of tags to keep is set at *3*.
+
+Click *Save*. The following alert is received: *Successfully updated auto-prune policy*. 
+
+.Verification
+
+* Navigate to the *Tags* page of your repository. After a few minutes, the auto-pruner worker removes tags that no longer fit within the established criteria. In this example, it removes the `busybox:test` tag, and keeps the `busybox:test2`, `busybox:test3`, and `busybox:test4` tag.
++
+After tags are automatically pruned, they go into the {productname} time machine, or the  amount of time, after a tag is deleted, that the tag is accessible before being garbage collected. The expiration time of an image tag is dependent on your organization's settings. For more information, see link:https://access.redhat.com/documentation/en-us/red_hat_quay/3/html-single/manage_red_hat_quay/index#garbage-collection[{productname} garbage collection]. 
+
+[id="creating-policy-api"]
+== Creating an auto-prune policy using the {productname} API
+
+You can use {productname} API endpoints to manage auto-pruning policies for an organization. 
+
+.Prerequisites
+
+* You have set `BROWSER_API_CALLS_XHR_ONLY: false` in your `config.yaml` file. 
+* You have created an OAuth access token. 
+* You have logged into {productname}. 
+
+.Procedure 
+
+. Enter the following `POST` command create a new policy that limits the number of tags allowed in an organization:
++
+[source,terminal]
+----
+$ curl -X POST -H "Authorization: Bearer j8mvpgf0rP5wpbS7LCfDaAxE0NZvCmOC123456" -H "Content-Type: application/json" -d '{
+    "method": "number_of_tags",
+    "value": 10
+}' http://<quay-server.example.com>/api/v1/organization/<quayadmin>/autoprunepolicy/
+----
++
+Alternatively, you can can set tags to expire for a specified time after their creation date:
++
+[source,terminal]
+----
+$ curl -X POST -H "Authorization: Bearer j8mvpgf0rP5wpbS7LCfDaAxE0NZvCmOC123456" -H "Content-Type: application/json" -d '{
+    "method": "creation_date",
+    "value": "7d"
+}' http://<quay-server.example.com>/api/v1/organization/<quayadmin>/autoprunepolicy/
+----
++
+.Example output
+[source,terminal]
+----
+{"uuid": "73d64f05-d587-42d9-af6d-e726a4a80d6e"}
+----
++
+Attempting to create multiple policies returns the following error:
++
+[source,terminal]
+----
+{"detail": "Policy for this namespace already exists, delete existing to create new policy", "error_message": "Policy for this namespace already exists, delete existing to create new policy", "error_type": "invalid_request", "title": "invalid_request", "type": "http://<quay-server.example.com>/api/v1/error/invalid_request", "status": 400}
+----
+
+. Check your auto-prune policy by entering the following command:
++
+[source,terminal]
+----
+$ curl -X GET -H "Authorization: Bearer j8mvpgf0rP5wpbS7LCfDaAxE0NZvCmOC123456" http://<quay-server.example.com>/api/v1/organization/<quayadmin>/autoprunepolicy/
+----
++
+.Example output
++
+[source,terminal]
+----
+{"policies": [{"uuid": "73d64f05-d587-42d9-af6d-e726a4a80d6e", "method": "creation_date", "value": "7d"}]}
+----
+
+. You can delete the auto-prune policy by entering the following command:
++
+[source,terminal]
+----
+$ curl -X DELETE -H "Authorization: Bearer j8mvpgf0rP5wpbS7LCfDaAxE0NZvCmOC123456" http://<quay-server.example.com>/api/v1/organization/<quayadmin>/autoprunepolicy/
+----
+
+[id="creating-policy-api-current-user"]
+== Creating an auto-prune policy for the current user using the API
+
+You can use {productname} API endpoints to manage auto-pruning policies for your account.
+
+[NOTE]
+====
+The use of `/user/` in the following commands represents the user that is currently logged into {productname}.
+====
+
+.Prerequisites
+
+* You have set `BROWSER_API_CALLS_XHR_ONLY: false` in your `config.yaml` file. 
+* You have created an OAuth access token. 
+* You have logged into {productname}. 
+
+.Procedure 
+
+. Enter the following `POST` command create a new policy that limits the number of tags for the current user:
++
+[source,terminal]
+----
+$ curl -X POST -H "Authorization: Bearer j8mvpgf0rP5wpbS7LCfDaAxE0NZvCmOC123456" -H "Content-Type: application/json" -d '{
+    "method": "number_of_tags",
+    "value": 10
+}' http://<quay-server.example.com>/api/v1/user/autoprunepolicy/
+----
++
+.Example output
++
+[source,terminal]
+----
+{"uuid": "8c03f995-ca6f-4928-b98d-d75ed8c14859"}
+----
+
+. Check your auto-prune policy by entering the following command:
++
+[source,terminal]
+----
+$ curl -X GET -H "Authorization: Bearer j8mvpgf0rP5wpbS7LCfDaAxE0NZvCmOC123456" http://<quay-server.example.com>/api/v1/user/autoprunepolicy/8c03f995-ca6f-4928-b98d-d75ed8c14859
+----
++
+Alternatively, you can include the UUID:
++
+[source,terminal]
+----
+$ curl -X GET -H "Authorization: Bearer j8mvpgf0rP5wpbS7LCfDaAxE0NZvCmOC123456" http://<quay-server.example.com>/api/v1/user/autoprunepolicy/8c03f995-ca6f-4928-b98d-d75ed8c14859
+{"uuid": "8c03f995-ca6f-4928-b98d-d75ed8c14859", "method": "number_of_tags", "value": 10}
+----
++
+.Example output
++
+[source,terminal]
+----
+{"policies": [{"uuid": "8c03f995-ca6f-4928-b98d-d75ed8c14859", "method": "number_of_tags", "value": 10}]}
+----
+
+. You can delete the auto-prune policy by entering the following command. Note that deleting the policy require the UUID.
++
+[source,terminal]
+----
+$ curl -X DELETE -H "Authorization: Bearer j8mvpgf0rP5wpbS7LCfDaAxE0NZvCmOC123456" http://<quay-server.example.com>/api/v1/user/autoprunepolicy/8c03f995-ca6f-4928-b98d-d75ed8c14859
+----
++
+.Example output
++
+[source,terminal]
+----
+{"uuid": "8c03f995-ca6f-4928-b98d-d75ed8c14859"}
+----

modules/managing-namespace-auto-pruning-policies.adoc

@@ -0,0 +1,76 @@
+:_content-type: CONCEPT
+[id="namespace-auto-pruning-arch"]
+= Namespace auto-pruning architecture
+
+For the namespace auto-pruning feature, two distinct database tables within a database schema were created: one for `namespaceautoprunepolicy` and another for `autoprunetaskstatus`. An auto-prune worker carries out the configured policies. 
+
+[discrete]
+[id="namespaceautoprunepolicy-database-table"]
+== Namespace auto prune policy database table
+
+The `namespaceautoprunepolicy` database table holds the policy configuration for a single namespace. There is only one entry per namespace, but there is support for multiple rows per `namespace_id`. The `policy` field holds the policy details, such as `{method: "creation_date", olderThan: "2w"}` or `{method: "number_of_tags",  numTags: 100}`.
+
+.`namespaceautoprunepolicy` database table
+[cols="1a,1a,1a,1a",options="header"]
+|===
+| Field | Type |Attributes | Description
+
+| `uuid` | character varying (225) | Unique, indexed | Unique identifier for this policy
+
+| `namespace_id` | Integer | Foreign Key |Namespace that the policy falls under
+
+| `policy` | text | JSON | Policy configuration
+|===
+
+[discrete]
+[id="autoprunetaskstatus-database-table"]
+== Auto-prune task status database table
+
+The `autoprunetaskstatus` table registers tasks to be executed by the auto-prune worker. Tasks are executed within the context of a single namespace. Only one task per namespace exists. 
+
+.`autoprunetaskstatus` database table
+[cols="1a,1a,1a,1a",options="header"]
+
+|===
+| Field | Type |Attributes | Description
+| `namespace_id` | Integer | Foreign Key | Namespace that this task belongs to
+
+| `last_ran_ms` | Big Integer (bigint) | Nullable, indexed | Last time that the worker executed the policies for this namespace
+
+| `status` | text | Nullable | Details from the last execution task
+|===
+
+[id="auto-prune-worker"]
+== Auto-prune worker
+
+The following sections detail information about the auto-prune worker. 
+
+[id="auto-prune-task-creation"]
+=== Auto-prune-task-creation
+
+When a new policy is created in the `namespaceautoprunepolicy` database table, a row is also created in the `autoprunetask` table. This is done in the same transaction. The auto-prune worker uses the entry in the `autoprunetask` table to identify which namespace it should execute policies for. 
+
+[id="auto-prune-worker-execution"]
+=== Auto-prune worker execution
+
+The auto-pruning worker is an asynchronous job that executes configured policies. Its workflow is based on values in the `autoprunetask` table. When a task begins, the following occurs: 
+
+* The auto-prune worker starts on a set interval, which defaults at 30 seconds. 
+* The auto-prune worker selects a row from `autoprunetask` with the least, or null, `last_ran_ms` and `FOR UPDATE SKIP LOCKED`. 
+** A null `last_ran_ms` indicates that the task was never ran. 
+** A task that hasn't been ran in he longest amount of time, or has never been run at all, is prioritized. 
+
+* The auto-prune worker obtains the policy configuration from the `namespaceautoprunepolicy` table.
+** If no policy configuration exists, the entry from `autoprunetask` is deleted for this namespace and the procedure stops immediately. 
+
+* The auto-prune worker begins a paginated loop of all repositories under the organization. 
+** The auto-prune worker determines much pruning method to use based on `policy.method`. 
+* The auto-prune worker executes the pruning method with the policy configuration retrieved earlier. 
+** For pruning by the number of tags: the auto-pruner worker gets the number of currently active tags sorted by creation date, and deletes the older tags to the configured number.
+** For pruning by date: the auto-pruner worker gets the active tags older than the specified time span and any tags returned are deleted. 
+
+* The auto-prune worker adds audit logs of the tags deleted.
+
+* The `last_ran_ms` gets updated after a row from `autoprunetask` is selected. 
+
+* The auto-prune worker ends.