Run a docker registry for CI
Change-Id: If9669bb3286e25bb16ab09373e823b914b645f26
This commit is contained in:
parent
8062f4c1ec
commit
12709a1c8b
25
.zuul.yaml
25
.zuul.yaml
@ -476,6 +476,29 @@
|
||||
- testinfra/test_adns.py
|
||||
- testinfra/test_ns.py
|
||||
|
||||
- job:
|
||||
name: system-config-run-docker-registry
|
||||
parent: system-config-run
|
||||
description: |
|
||||
Run the playbook for the docker registry.
|
||||
nodeset:
|
||||
nodes:
|
||||
- name: bridge.openstack.org
|
||||
label: ubuntu-bionic
|
||||
- name: insecure-ci-registry01.opendev.org
|
||||
label: ubuntu-bionic
|
||||
host-vars:
|
||||
insecure-ci-registry01.opendev.org:
|
||||
host_copy_output:
|
||||
'/var/registry/auth': logs
|
||||
'/var/registry/certs': logs
|
||||
files:
|
||||
- .zuul.yaml
|
||||
- playbooks/group_vars/registry.yaml
|
||||
- playbooks/zuul/templates/group_vars/registry.yaml.j2
|
||||
- playbooks/roles/registry/
|
||||
- testinfra/test_registry.py
|
||||
|
||||
- job:
|
||||
name: infra-prod-playbook
|
||||
description: |
|
||||
@ -524,6 +547,7 @@
|
||||
- system-config-run-eavesdrop
|
||||
- system-config-run-nodepool
|
||||
- system-config-run-docker
|
||||
- system-config-run-docker-registry
|
||||
- system-config-build-image-jinja-init
|
||||
- system-config-build-image-gitea-init
|
||||
- system-config-build-image-gitea
|
||||
@ -542,6 +566,7 @@
|
||||
- system-config-run-eavesdrop
|
||||
- system-config-run-nodepool
|
||||
- system-config-run-docker
|
||||
- system-config-run-docker-registry
|
||||
- system-config-upload-image-jinja-init
|
||||
- system-config-upload-image-gitea-init
|
||||
- system-config-upload-image-gitea
|
||||
|
@ -172,6 +172,8 @@ groups:
|
||||
- zk[0-9]*.open*.org
|
||||
refstack:
|
||||
- refstack*.open*.org
|
||||
registry:
|
||||
- insecure-ci-registry[0-9]*.opendev.org
|
||||
review-dev:
|
||||
- review-dev[0-9]*.open*.org
|
||||
review:
|
||||
|
@ -57,3 +57,9 @@
|
||||
name: "Base: install and configure docker on docker hosts"
|
||||
roles:
|
||||
- install-docker
|
||||
|
||||
- hosts: "registry:!disabled"
|
||||
name: "Base: configure registry"
|
||||
roles:
|
||||
- install-docker
|
||||
- registry
|
||||
|
1
playbooks/group_vars/registry.yaml
Normal file
1
playbooks/group_vars/registry.yaml
Normal file
@ -0,0 +1 @@
|
||||
registry_user: zuul
|
1
playbooks/roles/registry/README.rst
Normal file
1
playbooks/roles/registry/README.rst
Normal file
@ -0,0 +1 @@
|
||||
Install, configure, and run a Docker registry.
|
@ -0,0 +1,19 @@
|
||||
# Version 2 is the latest that is supported by docker-compose in
|
||||
# Ubuntu Xenial.
|
||||
version: '2'
|
||||
|
||||
services:
|
||||
registry:
|
||||
restart: always
|
||||
image: registry:2
|
||||
network_mode: host
|
||||
environment:
|
||||
REGISTRY_HTTP_TLS_CERTIFICATE: /certs/domain.crt
|
||||
REGISTRY_HTTP_TLS_KEY: /certs/domain.key
|
||||
REGISTRY_AUTH: htpasswd
|
||||
REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
|
||||
REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm
|
||||
volumes:
|
||||
- /var/registry/data:/var/lib/registry
|
||||
- /var/registry/certs:/certs
|
||||
- /var/registry/auth:/auth
|
40
playbooks/roles/registry/tasks/main.yaml
Normal file
40
playbooks/roles/registry/tasks/main.yaml
Normal file
@ -0,0 +1,40 @@
|
||||
- name: Synchronize docker-compose directory
|
||||
synchronize:
|
||||
src: registry-docker/
|
||||
dest: /etc/registry-docker/
|
||||
- name: Ensure registry volume directories exists
|
||||
file:
|
||||
state: directory
|
||||
path: "/var/registry/{{ item }}"
|
||||
loop:
|
||||
- data
|
||||
- certs
|
||||
- auth
|
||||
- name: Install passlib
|
||||
package:
|
||||
name:
|
||||
- python-passlib
|
||||
state: present
|
||||
- name: Write htpassword file
|
||||
htpasswd:
|
||||
create: true
|
||||
path: /var/registry/auth/htpassword
|
||||
name: "{{ registry_user }}"
|
||||
password: "{{ registry_password }}"
|
||||
- name: Write TLS private key
|
||||
copy:
|
||||
content: "{{ registry_tls_key }}"
|
||||
dest: /var/registry/certs/domain.key
|
||||
- name: Write TLS certificate
|
||||
copy:
|
||||
content: "{{ registry_tls_cert }}{{ registry_tls_chain | default('') }}"
|
||||
dest: /var/registry/certs/domain.crt
|
||||
- name: Install docker-compose
|
||||
package:
|
||||
name:
|
||||
- docker-compose
|
||||
state: present
|
||||
- name: Run docker-compose up
|
||||
shell:
|
||||
cmd: docker-compose up -d
|
||||
chdir: /etc/registry-docker/
|
@ -61,6 +61,7 @@
|
||||
- group_vars/adns.yaml
|
||||
- group_vars/nodepool.yaml
|
||||
- group_vars/ns.yaml
|
||||
- group_vars/registry.yaml
|
||||
- host_vars/bridge.openstack.org.yaml
|
||||
- name: Display group membership
|
||||
command: ansible localhost -m debug -a 'var=groups'
|
||||
|
52
playbooks/zuul/templates/group_vars/registry.yaml.j2
Normal file
52
playbooks/zuul/templates/group_vars/registry.yaml.j2
Normal file
@ -0,0 +1,52 @@
|
||||
registry_password: testpassword
|
||||
registry_tls_cert: |
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDXTCCAkWgAwIBAgIJAKnLZ+dUZQ6UMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV
|
||||
BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
|
||||
aWRnaXRzIFB0eSBMdGQwHhcNMTkwMTMxMTc0ODE5WhcNMTkwMzAyMTc0ODE5WjBF
|
||||
MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50
|
||||
ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
|
||||
CgKCAQEA3IwbwpVkQGheW95MNkquuh7Y+/KIemlbyxQZILUiRt4R4kLT+MAI0F1z
|
||||
u/cCErICNOeVBRXq6yZpTPH0UuBVpSpbFXhsxaW3ICmvevtEAw/EJZHqI8cjTcoa
|
||||
oWoOQEDDr2sCnWDVpnnyuGIBk+Lajro6wy8teSeASJDmxexRKFaWRghrMUO2SKr2
|
||||
pGdgJzcX6kRMzvfVFxNBQHp8tsiePCYX6ItA5GCckpY+Ry2wtP/+SDso3JB0FT9X
|
||||
cwU+jwOgJ/qoilYzJj/t6qkAERn7068YOgkYF/lE6xc0u9WipGzmWfPhK/FtsWR0
|
||||
m5AahsxSkbrNGEmXXD1MvrdDsgTZTQIDAQABo1AwTjAdBgNVHQ4EFgQUtkzdWtTK
|
||||
4Ikk/YJGwMfO9543baMwHwYDVR0jBBgwFoAUtkzdWtTK4Ikk/YJGwMfO9543baMw
|
||||
DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAUblwXaHPD15RkiIzvNIB
|
||||
iYfinZZHV9zDolNMK4TaPh/e4rIzuqnDqaqt+JdgvLLWHpbmYoHEhawKx4zxq2ko
|
||||
UsjRBFoH/MMvokCZiaePUMl0FgqCBgr5ExMM+ClTomTqDU/piEY8qEokiI+hsOKh
|
||||
X38JQL1XrPiO56lutO6ZzsswTPsKx/jVAFGItmqg9qjjoo8klKRNcTBHRgCr7tRS
|
||||
loxC6xb+4WxgNlnR1mFBHy/9TXh6awGFB5iR4vzmu0qPazmmz/ZuGgh64R2RE1e6
|
||||
4RyZK/F5fqRZhU2E23CFF82sxrSxOfyvc6I+I7t+at4tWx/v0ButmDtpUfM6v+/i
|
||||
gA==
|
||||
-----END CERTIFICATE-----
|
||||
registry_tls_key: |
|
||||
-----BEGIN PRIVATE KEY-----
|
||||
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDcjBvClWRAaF5b
|
||||
3kw2Sq66Htj78oh6aVvLFBkgtSJG3hHiQtP4wAjQXXO79wISsgI055UFFerrJmlM
|
||||
8fRS4FWlKlsVeGzFpbcgKa96+0QDD8QlkeojxyNNyhqhag5AQMOvawKdYNWmefK4
|
||||
YgGT4tqOujrDLy15J4BIkObF7FEoVpZGCGsxQ7ZIqvakZ2AnNxfqREzO99UXE0FA
|
||||
eny2yJ48Jhfoi0DkYJySlj5HLbC0//5IOyjckHQVP1dzBT6PA6An+qiKVjMmP+3q
|
||||
qQARGfvTrxg6CRgX+UTrFzS71aKkbOZZ8+Er8W2xZHSbkBqGzFKRus0YSZdcPUy+
|
||||
t0OyBNlNAgMBAAECggEAAgF0LyzUoJFSalt3Lfc355FoP8JQ42wZ3ZrtL5L2INbc
|
||||
KsaYzuZQLjTrXIY+ipT72CdS/5zXahQLWRvKMQbBQKNF+MgDlTiQlcZLRj8Ku0xl
|
||||
aEIPcwvYkliILXedcZAlN28tsuiyiLULNAoQIZwqiKnA5w2CyFtHm2FV9+7SPh+n
|
||||
I1i5OzG0rnvIdOIk+ENgZAePmNSTktkH1HBcHhBkWjInhrxpojWgsjdljmxj5/qk
|
||||
QaPuCBDQ6wZeU4WQ2OiQCjzxRxA06681N06vjq23x/nxpw3gDncbT01vRCYkmXVX
|
||||
xqL0IrypDFOWqdWeqKLUCDnzpzf3OtUodnsfc+JQAQKBgQD0oh+PxqoaupStYD98
|
||||
GIMTNGuG2Ii77vw92i4b8pPL8lg4edl3boDMj+q+Z9zONrYdEddwzHjLS+v2jwbf
|
||||
YPXtZGVDGcYBONtb+vyUmbJtS6SXbatSvqMwG2E6aZypLN2DC4qTQsG2GKtDiAEk
|
||||
+KRuahXaegY7TVxJVXZ7TfhaTQKBgQDmy3xeB2fV48sk5kKVtTZQkBGhtsn8MiOb
|
||||
rmDBqH9hf7UUT8tmZrp747QwDpZTuwvtHkF/XechH4nHKnui14q2tyJ9fauxHXHt
|
||||
omZ26ECzmjMJ0bk2mUQjPVnQZ/PtnIZEY5MRDOzNgh1GzP5s2tUiacyEJ+BgAq99
|
||||
jYL1fQ/7AQKBgQDFuUvdP2s5k1icEVD+kilPGm1WXimWDIFf1Lqz6ArBKq1XaFT2
|
||||
jSAZNrE7GGOFYP8s28DP8NQpLMIZVFzvq0TajOyzoV9CmZvi6ifAS8HFSQBNTFzO
|
||||
0jq/pUGensH6ksKvKmLkx24eKi4ytPiH01fDzoa/QSVMRSi0NRlAbDKxeQKBgQCk
|
||||
KpAfblMc4LjKWYN5a/njmmcASb4pRxzvCz3F4u4g0y9h8FR1VZNGtrSgDnA9xOn5
|
||||
07CxQYE7nWxqoDxrm7gOufutmeu7w38bko4h/JixaHjvfh+px6GhE23EgX0QQmt7
|
||||
T/z3fuMeV3QtvXkowwwiO3F/e8HtaVudCkDiEACDAQKBgBZhje6z3COHW4Nt/oos
|
||||
gYojwgF6YQHXvfKxm6jjps77ar80XeID5wvuGj1HUw8f0IpnY/oh4TH6ddelnbEI
|
||||
a1ccBlsEu6roxKAEJKuIUbGwV8tlWeaw+f9CoP3VvmtBW4SqA7c76J/9wgmypotk
|
||||
lLz/WCDkOWqGgPF2gkdW09NZ
|
||||
-----END PRIVATE KEY-----
|
21
testinfra/test_registry.py
Normal file
21
testinfra/test_registry.py
Normal file
@ -0,0 +1,21 @@
|
||||
# Copyright 2018 Red Hat, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
|
||||
testinfra_hosts = ['insecure-ci-registry.opendev.org']
|
||||
|
||||
|
||||
def test_registry_listening(host):
|
||||
registry = host.socket("tcp://0.0.0.0:5000")
|
||||
assert registry.is_listening
|
Loading…
x
Reference in New Issue
Block a user