Run a docker registry for CI
Change-Id: If9669bb3286e25bb16ab09373e823b914b645f26
This commit is contained in:
parent
8062f4c1ec
commit
12709a1c8b
25
.zuul.yaml
25
.zuul.yaml
@ -476,6 +476,29 @@
|
|||||||
- testinfra/test_adns.py
|
- testinfra/test_adns.py
|
||||||
- testinfra/test_ns.py
|
- testinfra/test_ns.py
|
||||||
|
|
||||||
|
- job:
|
||||||
|
name: system-config-run-docker-registry
|
||||||
|
parent: system-config-run
|
||||||
|
description: |
|
||||||
|
Run the playbook for the docker registry.
|
||||||
|
nodeset:
|
||||||
|
nodes:
|
||||||
|
- name: bridge.openstack.org
|
||||||
|
label: ubuntu-bionic
|
||||||
|
- name: insecure-ci-registry01.opendev.org
|
||||||
|
label: ubuntu-bionic
|
||||||
|
host-vars:
|
||||||
|
insecure-ci-registry01.opendev.org:
|
||||||
|
host_copy_output:
|
||||||
|
'/var/registry/auth': logs
|
||||||
|
'/var/registry/certs': logs
|
||||||
|
files:
|
||||||
|
- .zuul.yaml
|
||||||
|
- playbooks/group_vars/registry.yaml
|
||||||
|
- playbooks/zuul/templates/group_vars/registry.yaml.j2
|
||||||
|
- playbooks/roles/registry/
|
||||||
|
- testinfra/test_registry.py
|
||||||
|
|
||||||
- job:
|
- job:
|
||||||
name: infra-prod-playbook
|
name: infra-prod-playbook
|
||||||
description: |
|
description: |
|
||||||
@ -524,6 +547,7 @@
|
|||||||
- system-config-run-eavesdrop
|
- system-config-run-eavesdrop
|
||||||
- system-config-run-nodepool
|
- system-config-run-nodepool
|
||||||
- system-config-run-docker
|
- system-config-run-docker
|
||||||
|
- system-config-run-docker-registry
|
||||||
- system-config-build-image-jinja-init
|
- system-config-build-image-jinja-init
|
||||||
- system-config-build-image-gitea-init
|
- system-config-build-image-gitea-init
|
||||||
- system-config-build-image-gitea
|
- system-config-build-image-gitea
|
||||||
@ -542,6 +566,7 @@
|
|||||||
- system-config-run-eavesdrop
|
- system-config-run-eavesdrop
|
||||||
- system-config-run-nodepool
|
- system-config-run-nodepool
|
||||||
- system-config-run-docker
|
- system-config-run-docker
|
||||||
|
- system-config-run-docker-registry
|
||||||
- system-config-upload-image-jinja-init
|
- system-config-upload-image-jinja-init
|
||||||
- system-config-upload-image-gitea-init
|
- system-config-upload-image-gitea-init
|
||||||
- system-config-upload-image-gitea
|
- system-config-upload-image-gitea
|
||||||
|
@ -172,6 +172,8 @@ groups:
|
|||||||
- zk[0-9]*.open*.org
|
- zk[0-9]*.open*.org
|
||||||
refstack:
|
refstack:
|
||||||
- refstack*.open*.org
|
- refstack*.open*.org
|
||||||
|
registry:
|
||||||
|
- insecure-ci-registry[0-9]*.opendev.org
|
||||||
review-dev:
|
review-dev:
|
||||||
- review-dev[0-9]*.open*.org
|
- review-dev[0-9]*.open*.org
|
||||||
review:
|
review:
|
||||||
|
@ -57,3 +57,9 @@
|
|||||||
name: "Base: install and configure docker on docker hosts"
|
name: "Base: install and configure docker on docker hosts"
|
||||||
roles:
|
roles:
|
||||||
- install-docker
|
- install-docker
|
||||||
|
|
||||||
|
- hosts: "registry:!disabled"
|
||||||
|
name: "Base: configure registry"
|
||||||
|
roles:
|
||||||
|
- install-docker
|
||||||
|
- registry
|
||||||
|
1
playbooks/group_vars/registry.yaml
Normal file
1
playbooks/group_vars/registry.yaml
Normal file
@ -0,0 +1 @@
|
|||||||
|
registry_user: zuul
|
1
playbooks/roles/registry/README.rst
Normal file
1
playbooks/roles/registry/README.rst
Normal file
@ -0,0 +1 @@
|
|||||||
|
Install, configure, and run a Docker registry.
|
@ -0,0 +1,19 @@
|
|||||||
|
# Version 2 is the latest that is supported by docker-compose in
|
||||||
|
# Ubuntu Xenial.
|
||||||
|
version: '2'
|
||||||
|
|
||||||
|
services:
|
||||||
|
registry:
|
||||||
|
restart: always
|
||||||
|
image: registry:2
|
||||||
|
network_mode: host
|
||||||
|
environment:
|
||||||
|
REGISTRY_HTTP_TLS_CERTIFICATE: /certs/domain.crt
|
||||||
|
REGISTRY_HTTP_TLS_KEY: /certs/domain.key
|
||||||
|
REGISTRY_AUTH: htpasswd
|
||||||
|
REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
|
||||||
|
REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm
|
||||||
|
volumes:
|
||||||
|
- /var/registry/data:/var/lib/registry
|
||||||
|
- /var/registry/certs:/certs
|
||||||
|
- /var/registry/auth:/auth
|
40
playbooks/roles/registry/tasks/main.yaml
Normal file
40
playbooks/roles/registry/tasks/main.yaml
Normal file
@ -0,0 +1,40 @@
|
|||||||
|
- name: Synchronize docker-compose directory
|
||||||
|
synchronize:
|
||||||
|
src: registry-docker/
|
||||||
|
dest: /etc/registry-docker/
|
||||||
|
- name: Ensure registry volume directories exists
|
||||||
|
file:
|
||||||
|
state: directory
|
||||||
|
path: "/var/registry/{{ item }}"
|
||||||
|
loop:
|
||||||
|
- data
|
||||||
|
- certs
|
||||||
|
- auth
|
||||||
|
- name: Install passlib
|
||||||
|
package:
|
||||||
|
name:
|
||||||
|
- python-passlib
|
||||||
|
state: present
|
||||||
|
- name: Write htpassword file
|
||||||
|
htpasswd:
|
||||||
|
create: true
|
||||||
|
path: /var/registry/auth/htpassword
|
||||||
|
name: "{{ registry_user }}"
|
||||||
|
password: "{{ registry_password }}"
|
||||||
|
- name: Write TLS private key
|
||||||
|
copy:
|
||||||
|
content: "{{ registry_tls_key }}"
|
||||||
|
dest: /var/registry/certs/domain.key
|
||||||
|
- name: Write TLS certificate
|
||||||
|
copy:
|
||||||
|
content: "{{ registry_tls_cert }}{{ registry_tls_chain | default('') }}"
|
||||||
|
dest: /var/registry/certs/domain.crt
|
||||||
|
- name: Install docker-compose
|
||||||
|
package:
|
||||||
|
name:
|
||||||
|
- docker-compose
|
||||||
|
state: present
|
||||||
|
- name: Run docker-compose up
|
||||||
|
shell:
|
||||||
|
cmd: docker-compose up -d
|
||||||
|
chdir: /etc/registry-docker/
|
@ -61,6 +61,7 @@
|
|||||||
- group_vars/adns.yaml
|
- group_vars/adns.yaml
|
||||||
- group_vars/nodepool.yaml
|
- group_vars/nodepool.yaml
|
||||||
- group_vars/ns.yaml
|
- group_vars/ns.yaml
|
||||||
|
- group_vars/registry.yaml
|
||||||
- host_vars/bridge.openstack.org.yaml
|
- host_vars/bridge.openstack.org.yaml
|
||||||
- name: Display group membership
|
- name: Display group membership
|
||||||
command: ansible localhost -m debug -a 'var=groups'
|
command: ansible localhost -m debug -a 'var=groups'
|
||||||
|
52
playbooks/zuul/templates/group_vars/registry.yaml.j2
Normal file
52
playbooks/zuul/templates/group_vars/registry.yaml.j2
Normal file
@ -0,0 +1,52 @@
|
|||||||
|
registry_password: testpassword
|
||||||
|
registry_tls_cert: |
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIDXTCCAkWgAwIBAgIJAKnLZ+dUZQ6UMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV
|
||||||
|
BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
|
||||||
|
aWRnaXRzIFB0eSBMdGQwHhcNMTkwMTMxMTc0ODE5WhcNMTkwMzAyMTc0ODE5WjBF
|
||||||
|
MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50
|
||||||
|
ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
|
||||||
|
CgKCAQEA3IwbwpVkQGheW95MNkquuh7Y+/KIemlbyxQZILUiRt4R4kLT+MAI0F1z
|
||||||
|
u/cCErICNOeVBRXq6yZpTPH0UuBVpSpbFXhsxaW3ICmvevtEAw/EJZHqI8cjTcoa
|
||||||
|
oWoOQEDDr2sCnWDVpnnyuGIBk+Lajro6wy8teSeASJDmxexRKFaWRghrMUO2SKr2
|
||||||
|
pGdgJzcX6kRMzvfVFxNBQHp8tsiePCYX6ItA5GCckpY+Ry2wtP/+SDso3JB0FT9X
|
||||||
|
cwU+jwOgJ/qoilYzJj/t6qkAERn7068YOgkYF/lE6xc0u9WipGzmWfPhK/FtsWR0
|
||||||
|
m5AahsxSkbrNGEmXXD1MvrdDsgTZTQIDAQABo1AwTjAdBgNVHQ4EFgQUtkzdWtTK
|
||||||
|
4Ikk/YJGwMfO9543baMwHwYDVR0jBBgwFoAUtkzdWtTK4Ikk/YJGwMfO9543baMw
|
||||||
|
DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAUblwXaHPD15RkiIzvNIB
|
||||||
|
iYfinZZHV9zDolNMK4TaPh/e4rIzuqnDqaqt+JdgvLLWHpbmYoHEhawKx4zxq2ko
|
||||||
|
UsjRBFoH/MMvokCZiaePUMl0FgqCBgr5ExMM+ClTomTqDU/piEY8qEokiI+hsOKh
|
||||||
|
X38JQL1XrPiO56lutO6ZzsswTPsKx/jVAFGItmqg9qjjoo8klKRNcTBHRgCr7tRS
|
||||||
|
loxC6xb+4WxgNlnR1mFBHy/9TXh6awGFB5iR4vzmu0qPazmmz/ZuGgh64R2RE1e6
|
||||||
|
4RyZK/F5fqRZhU2E23CFF82sxrSxOfyvc6I+I7t+at4tWx/v0ButmDtpUfM6v+/i
|
||||||
|
gA==
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
registry_tls_key: |
|
||||||
|
-----BEGIN PRIVATE KEY-----
|
||||||
|
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDcjBvClWRAaF5b
|
||||||
|
3kw2Sq66Htj78oh6aVvLFBkgtSJG3hHiQtP4wAjQXXO79wISsgI055UFFerrJmlM
|
||||||
|
8fRS4FWlKlsVeGzFpbcgKa96+0QDD8QlkeojxyNNyhqhag5AQMOvawKdYNWmefK4
|
||||||
|
YgGT4tqOujrDLy15J4BIkObF7FEoVpZGCGsxQ7ZIqvakZ2AnNxfqREzO99UXE0FA
|
||||||
|
eny2yJ48Jhfoi0DkYJySlj5HLbC0//5IOyjckHQVP1dzBT6PA6An+qiKVjMmP+3q
|
||||||
|
qQARGfvTrxg6CRgX+UTrFzS71aKkbOZZ8+Er8W2xZHSbkBqGzFKRus0YSZdcPUy+
|
||||||
|
t0OyBNlNAgMBAAECggEAAgF0LyzUoJFSalt3Lfc355FoP8JQ42wZ3ZrtL5L2INbc
|
||||||
|
KsaYzuZQLjTrXIY+ipT72CdS/5zXahQLWRvKMQbBQKNF+MgDlTiQlcZLRj8Ku0xl
|
||||||
|
aEIPcwvYkliILXedcZAlN28tsuiyiLULNAoQIZwqiKnA5w2CyFtHm2FV9+7SPh+n
|
||||||
|
I1i5OzG0rnvIdOIk+ENgZAePmNSTktkH1HBcHhBkWjInhrxpojWgsjdljmxj5/qk
|
||||||
|
QaPuCBDQ6wZeU4WQ2OiQCjzxRxA06681N06vjq23x/nxpw3gDncbT01vRCYkmXVX
|
||||||
|
xqL0IrypDFOWqdWeqKLUCDnzpzf3OtUodnsfc+JQAQKBgQD0oh+PxqoaupStYD98
|
||||||
|
GIMTNGuG2Ii77vw92i4b8pPL8lg4edl3boDMj+q+Z9zONrYdEddwzHjLS+v2jwbf
|
||||||
|
YPXtZGVDGcYBONtb+vyUmbJtS6SXbatSvqMwG2E6aZypLN2DC4qTQsG2GKtDiAEk
|
||||||
|
+KRuahXaegY7TVxJVXZ7TfhaTQKBgQDmy3xeB2fV48sk5kKVtTZQkBGhtsn8MiOb
|
||||||
|
rmDBqH9hf7UUT8tmZrp747QwDpZTuwvtHkF/XechH4nHKnui14q2tyJ9fauxHXHt
|
||||||
|
omZ26ECzmjMJ0bk2mUQjPVnQZ/PtnIZEY5MRDOzNgh1GzP5s2tUiacyEJ+BgAq99
|
||||||
|
jYL1fQ/7AQKBgQDFuUvdP2s5k1icEVD+kilPGm1WXimWDIFf1Lqz6ArBKq1XaFT2
|
||||||
|
jSAZNrE7GGOFYP8s28DP8NQpLMIZVFzvq0TajOyzoV9CmZvi6ifAS8HFSQBNTFzO
|
||||||
|
0jq/pUGensH6ksKvKmLkx24eKi4ytPiH01fDzoa/QSVMRSi0NRlAbDKxeQKBgQCk
|
||||||
|
KpAfblMc4LjKWYN5a/njmmcASb4pRxzvCz3F4u4g0y9h8FR1VZNGtrSgDnA9xOn5
|
||||||
|
07CxQYE7nWxqoDxrm7gOufutmeu7w38bko4h/JixaHjvfh+px6GhE23EgX0QQmt7
|
||||||
|
T/z3fuMeV3QtvXkowwwiO3F/e8HtaVudCkDiEACDAQKBgBZhje6z3COHW4Nt/oos
|
||||||
|
gYojwgF6YQHXvfKxm6jjps77ar80XeID5wvuGj1HUw8f0IpnY/oh4TH6ddelnbEI
|
||||||
|
a1ccBlsEu6roxKAEJKuIUbGwV8tlWeaw+f9CoP3VvmtBW4SqA7c76J/9wgmypotk
|
||||||
|
lLz/WCDkOWqGgPF2gkdW09NZ
|
||||||
|
-----END PRIVATE KEY-----
|
21
testinfra/test_registry.py
Normal file
21
testinfra/test_registry.py
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
# Copyright 2018 Red Hat, Inc.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
|
||||||
|
|
||||||
|
testinfra_hosts = ['insecure-ci-registry.opendev.org']
|
||||||
|
|
||||||
|
|
||||||
|
def test_registry_listening(host):
|
||||||
|
registry = host.socket("tcp://0.0.0.0:5000")
|
||||||
|
assert registry.is_listening
|
Loading…
Reference in New Issue
Block a user