Use swift to back intermediate docker registry

Note, this does not have complete tests yet (we will need to update the job to start a swift for that). Change-Id: I2ee7a9e4fb503a3431366c16c380cf09327f6050
2019-04-17 14:39:32 -07:00 · 2019-04-17 14:39:32 -07:00 · f357e5cdab
commit f357e5cdab
parent 6747cf236b
5 changed files with 47 additions and 6 deletions
--- a/playbooks/roles/registry/files/registry-docker/docker-compose.yaml
+++ b/playbooks/roles/registry/files/registry-docker/docker-compose.yaml
@ -7,13 +7,8 @@ services:
    restart: always
    image: registry:2
    network_mode: host
-    environment:
-      REGISTRY_HTTP_TLS_CERTIFICATE: /certs/domain.crt
-      REGISTRY_HTTP_TLS_KEY: /certs/domain.key
-      REGISTRY_AUTH: htpasswd
-      REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
-      REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm
    volumes:
      - /var/registry/data:/var/lib/registry
      - /var/registry/certs:/certs
      - /var/registry/auth:/auth
+      - /var/registry/etc:/etc/docker/registry
--- a/playbooks/roles/registry/tasks/main.yaml
+++ b/playbooks/roles/registry/tasks/main.yaml
@ -10,6 +10,7 @@
    - data
    - certs
    - auth
+    - etc
 - name: Install passlib
  package:
    name:
@ -31,6 +32,10 @@
  copy:
    content: "{{ registry_tls_cert }}{{ registry_tls_chain | default('') }}"
    dest: /var/registry/certs/domain.crt
+- name: Write registry config
+  template:
+    src: config.yml.j2
+    dest: /var/registry/etc/config.yml
 - name: Install docker-compose
  package:
    name:
--- a/playbooks/roles/registry/templates/config.yml.j2
+++ b/playbooks/roles/registry/templates/config.yml.j2
@ -0,0 +1,33 @@
+version: 0.1
+log:
+  fields:
+    service: registry
+storage:
+  cache:
+    blobdescriptor: inmemory
+  swift:
+    username: {{ registry_swift_username }}
+    password: {{ registry_swift_password }}
+    authurl: {{ registry_swift_authurl }}
+    tenant: {{ registry_swift_tenant }}
+    region: {{ registry_swift_region }}
+    container: {{ registry_swift_container }}
+    secretkey: {{ registry_swift_secretkey }}
+  delete:
+    enabled: true
+http:
+  addr: :5000
+  headers:
+    X-Content-Type-Options: [nosniff]
+  tls:
+    certificate: /certs/domain.crt
+    key: /certs/domain.key
+health:
+  storagedriver:
+    enabled: true
+    interval: 10s
+    threshold: 3
+auth:
+  htpasswd:
+    realm: Registry Realm
+    path: /auth/htpasswd
--- a/playbooks/zuul/run-base.yaml
+++ b/playbooks/zuul/run-base.yaml
@ -66,6 +66,7 @@
        - group_vars/gitea.yaml
        - group_vars/gitea-lb.yaml
        - group_vars/letsencrypt.yaml
+        - group_vars/registry.yaml
        - host_vars/bridge.openstack.org.yaml
        - host_vars/letsencrypt01.opendev.org.yaml
        - host_vars/letsencrypt02.opendev.org.yaml
--- a/playbooks/zuul/templates/group_vars/registry.yaml.j2
+++ b/playbooks/zuul/templates/group_vars/registry.yaml.j2
@ -1,3 +1,10 @@
+registry_swift_username: openstackregistry
+registry_swift_password: testpassword
+registry_swift_authurl: https://identity.example.com/v2.0/
+registry_swift_tenant: 123456
+registry_swift_region: DFW
+registry_swift_container: intermediate_registry
+registry_swift_secretkey: testsecretkey
 registry_password: testpassword
 registry_tls_cert: |
  -----BEGIN CERTIFICATE-----