Run a docker registry for CI

Change-Id: If9669bb3286e25bb16ab09373e823b914b645f26
This commit is contained in:
James E. Blair 2019-01-31 09:59:26 -08:00
parent 8062f4c1ec
commit 12709a1c8b
10 changed files with 168 additions and 0 deletions

View File

@ -476,6 +476,29 @@
- testinfra/test_adns.py - testinfra/test_adns.py
- testinfra/test_ns.py - testinfra/test_ns.py
- job:
name: system-config-run-docker-registry
parent: system-config-run
description: |
Run the playbook for the docker registry.
nodeset:
nodes:
- name: bridge.openstack.org
label: ubuntu-bionic
- name: insecure-ci-registry01.opendev.org
label: ubuntu-bionic
host-vars:
insecure-ci-registry01.opendev.org:
host_copy_output:
'/var/registry/auth': logs
'/var/registry/certs': logs
files:
- .zuul.yaml
- playbooks/group_vars/registry.yaml
- playbooks/zuul/templates/group_vars/registry.yaml.j2
- playbooks/roles/registry/
- testinfra/test_registry.py
- job: - job:
name: infra-prod-playbook name: infra-prod-playbook
description: | description: |
@ -524,6 +547,7 @@
- system-config-run-eavesdrop - system-config-run-eavesdrop
- system-config-run-nodepool - system-config-run-nodepool
- system-config-run-docker - system-config-run-docker
- system-config-run-docker-registry
- system-config-build-image-jinja-init - system-config-build-image-jinja-init
- system-config-build-image-gitea-init - system-config-build-image-gitea-init
- system-config-build-image-gitea - system-config-build-image-gitea
@ -542,6 +566,7 @@
- system-config-run-eavesdrop - system-config-run-eavesdrop
- system-config-run-nodepool - system-config-run-nodepool
- system-config-run-docker - system-config-run-docker
- system-config-run-docker-registry
- system-config-upload-image-jinja-init - system-config-upload-image-jinja-init
- system-config-upload-image-gitea-init - system-config-upload-image-gitea-init
- system-config-upload-image-gitea - system-config-upload-image-gitea

View File

@ -172,6 +172,8 @@ groups:
- zk[0-9]*.open*.org - zk[0-9]*.open*.org
refstack: refstack:
- refstack*.open*.org - refstack*.open*.org
registry:
- insecure-ci-registry[0-9]*.opendev.org
review-dev: review-dev:
- review-dev[0-9]*.open*.org - review-dev[0-9]*.open*.org
review: review:

View File

@ -57,3 +57,9 @@
name: "Base: install and configure docker on docker hosts" name: "Base: install and configure docker on docker hosts"
roles: roles:
- install-docker - install-docker
- hosts: "registry:!disabled"
name: "Base: configure registry"
roles:
- install-docker
- registry

View File

@ -0,0 +1 @@
registry_user: zuul

View File

@ -0,0 +1 @@
Install, configure, and run a Docker registry.

View File

@ -0,0 +1,19 @@
# Version 2 is the latest that is supported by docker-compose in
# Ubuntu Xenial.
version: '2'
services:
registry:
restart: always
image: registry:2
network_mode: host
environment:
REGISTRY_HTTP_TLS_CERTIFICATE: /certs/domain.crt
REGISTRY_HTTP_TLS_KEY: /certs/domain.key
REGISTRY_AUTH: htpasswd
REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm
volumes:
- /var/registry/data:/var/lib/registry
- /var/registry/certs:/certs
- /var/registry/auth:/auth

View File

@ -0,0 +1,40 @@
- name: Synchronize docker-compose directory
synchronize:
src: registry-docker/
dest: /etc/registry-docker/
- name: Ensure registry volume directories exists
file:
state: directory
path: "/var/registry/{{ item }}"
loop:
- data
- certs
- auth
- name: Install passlib
package:
name:
- python-passlib
state: present
- name: Write htpassword file
htpasswd:
create: true
path: /var/registry/auth/htpassword
name: "{{ registry_user }}"
password: "{{ registry_password }}"
- name: Write TLS private key
copy:
content: "{{ registry_tls_key }}"
dest: /var/registry/certs/domain.key
- name: Write TLS certificate
copy:
content: "{{ registry_tls_cert }}{{ registry_tls_chain | default('') }}"
dest: /var/registry/certs/domain.crt
- name: Install docker-compose
package:
name:
- docker-compose
state: present
- name: Run docker-compose up
shell:
cmd: docker-compose up -d
chdir: /etc/registry-docker/

View File

@ -61,6 +61,7 @@
- group_vars/adns.yaml - group_vars/adns.yaml
- group_vars/nodepool.yaml - group_vars/nodepool.yaml
- group_vars/ns.yaml - group_vars/ns.yaml
- group_vars/registry.yaml
- host_vars/bridge.openstack.org.yaml - host_vars/bridge.openstack.org.yaml
- name: Display group membership - name: Display group membership
command: ansible localhost -m debug -a 'var=groups' command: ansible localhost -m debug -a 'var=groups'

View File

@ -0,0 +1,52 @@
registry_password: testpassword
registry_tls_cert: |
-----BEGIN CERTIFICATE-----
MIIDXTCCAkWgAwIBAgIJAKnLZ+dUZQ6UMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV
BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
aWRnaXRzIFB0eSBMdGQwHhcNMTkwMTMxMTc0ODE5WhcNMTkwMzAyMTc0ODE5WjBF
MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50
ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEA3IwbwpVkQGheW95MNkquuh7Y+/KIemlbyxQZILUiRt4R4kLT+MAI0F1z
u/cCErICNOeVBRXq6yZpTPH0UuBVpSpbFXhsxaW3ICmvevtEAw/EJZHqI8cjTcoa
oWoOQEDDr2sCnWDVpnnyuGIBk+Lajro6wy8teSeASJDmxexRKFaWRghrMUO2SKr2
pGdgJzcX6kRMzvfVFxNBQHp8tsiePCYX6ItA5GCckpY+Ry2wtP/+SDso3JB0FT9X
cwU+jwOgJ/qoilYzJj/t6qkAERn7068YOgkYF/lE6xc0u9WipGzmWfPhK/FtsWR0
m5AahsxSkbrNGEmXXD1MvrdDsgTZTQIDAQABo1AwTjAdBgNVHQ4EFgQUtkzdWtTK
4Ikk/YJGwMfO9543baMwHwYDVR0jBBgwFoAUtkzdWtTK4Ikk/YJGwMfO9543baMw
DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAUblwXaHPD15RkiIzvNIB
iYfinZZHV9zDolNMK4TaPh/e4rIzuqnDqaqt+JdgvLLWHpbmYoHEhawKx4zxq2ko
UsjRBFoH/MMvokCZiaePUMl0FgqCBgr5ExMM+ClTomTqDU/piEY8qEokiI+hsOKh
X38JQL1XrPiO56lutO6ZzsswTPsKx/jVAFGItmqg9qjjoo8klKRNcTBHRgCr7tRS
loxC6xb+4WxgNlnR1mFBHy/9TXh6awGFB5iR4vzmu0qPazmmz/ZuGgh64R2RE1e6
4RyZK/F5fqRZhU2E23CFF82sxrSxOfyvc6I+I7t+at4tWx/v0ButmDtpUfM6v+/i
gA==
-----END CERTIFICATE-----
registry_tls_key: |
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDcjBvClWRAaF5b
3kw2Sq66Htj78oh6aVvLFBkgtSJG3hHiQtP4wAjQXXO79wISsgI055UFFerrJmlM
8fRS4FWlKlsVeGzFpbcgKa96+0QDD8QlkeojxyNNyhqhag5AQMOvawKdYNWmefK4
YgGT4tqOujrDLy15J4BIkObF7FEoVpZGCGsxQ7ZIqvakZ2AnNxfqREzO99UXE0FA
eny2yJ48Jhfoi0DkYJySlj5HLbC0//5IOyjckHQVP1dzBT6PA6An+qiKVjMmP+3q
qQARGfvTrxg6CRgX+UTrFzS71aKkbOZZ8+Er8W2xZHSbkBqGzFKRus0YSZdcPUy+
t0OyBNlNAgMBAAECggEAAgF0LyzUoJFSalt3Lfc355FoP8JQ42wZ3ZrtL5L2INbc
KsaYzuZQLjTrXIY+ipT72CdS/5zXahQLWRvKMQbBQKNF+MgDlTiQlcZLRj8Ku0xl
aEIPcwvYkliILXedcZAlN28tsuiyiLULNAoQIZwqiKnA5w2CyFtHm2FV9+7SPh+n
I1i5OzG0rnvIdOIk+ENgZAePmNSTktkH1HBcHhBkWjInhrxpojWgsjdljmxj5/qk
QaPuCBDQ6wZeU4WQ2OiQCjzxRxA06681N06vjq23x/nxpw3gDncbT01vRCYkmXVX
xqL0IrypDFOWqdWeqKLUCDnzpzf3OtUodnsfc+JQAQKBgQD0oh+PxqoaupStYD98
GIMTNGuG2Ii77vw92i4b8pPL8lg4edl3boDMj+q+Z9zONrYdEddwzHjLS+v2jwbf
YPXtZGVDGcYBONtb+vyUmbJtS6SXbatSvqMwG2E6aZypLN2DC4qTQsG2GKtDiAEk
+KRuahXaegY7TVxJVXZ7TfhaTQKBgQDmy3xeB2fV48sk5kKVtTZQkBGhtsn8MiOb
rmDBqH9hf7UUT8tmZrp747QwDpZTuwvtHkF/XechH4nHKnui14q2tyJ9fauxHXHt
omZ26ECzmjMJ0bk2mUQjPVnQZ/PtnIZEY5MRDOzNgh1GzP5s2tUiacyEJ+BgAq99
jYL1fQ/7AQKBgQDFuUvdP2s5k1icEVD+kilPGm1WXimWDIFf1Lqz6ArBKq1XaFT2
jSAZNrE7GGOFYP8s28DP8NQpLMIZVFzvq0TajOyzoV9CmZvi6ifAS8HFSQBNTFzO
0jq/pUGensH6ksKvKmLkx24eKi4ytPiH01fDzoa/QSVMRSi0NRlAbDKxeQKBgQCk
KpAfblMc4LjKWYN5a/njmmcASb4pRxzvCz3F4u4g0y9h8FR1VZNGtrSgDnA9xOn5
07CxQYE7nWxqoDxrm7gOufutmeu7w38bko4h/JixaHjvfh+px6GhE23EgX0QQmt7
T/z3fuMeV3QtvXkowwwiO3F/e8HtaVudCkDiEACDAQKBgBZhje6z3COHW4Nt/oos
gYojwgF6YQHXvfKxm6jjps77ar80XeID5wvuGj1HUw8f0IpnY/oh4TH6ddelnbEI
a1ccBlsEu6roxKAEJKuIUbGwV8tlWeaw+f9CoP3VvmtBW4SqA7c76J/9wgmypotk
lLz/WCDkOWqGgPF2gkdW09NZ
-----END PRIVATE KEY-----

View File

@ -0,0 +1,21 @@
# Copyright 2018 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
testinfra_hosts = ['insecure-ci-registry.opendev.org']
def test_registry_listening(host):
registry = host.socket("tcp://0.0.0.0:5000")
assert registry.is_listening