opendev/system-config
Code Issues Proposed changes
system-config/playbooks/roles/registry/tasks/main.yaml
Jack Morgan ded27cbb5d Adds support for running zuul-registry as a non-root user 
Signed-off-by: Jack Morgan <jack@jento.io>
Change-Id: I89594affb04639b49b409a569036d6afac997251
2022-03-03 09:06:51 -08:00

86 lines
1.8 KiB
YAML
Raw Blame History

- name: Create registry_service group
group:
name: "registry"
gid: "{{ registry_service_group_id }}"
system: yes
- name: Create registry_service user
user:
name: "registry"
group: "registry"
uid: "{{ registry_service_user_id }}"
home: "/var/registry"
system: yes
- name: Make docker-compose dir
file:
state: directory
path: /etc/registry-docker
owner: root
group: root
mode: 0755
- name: Write docker-compose.yaml
template:
src: docker-compose.yaml.j2
dest: /etc/registry-docker/docker-compose.yaml
owner: root
group: root
mode: 644
- name: Ensure directory permission
file:
state: directory
path: /var/registry/
owner: registry
group: registry
mode: 0755
- name: Ensure registry volume directories exists
file:
state: directory
path: "/var/registry/{{ item }}"
owner: registry
group: registry
loop:
- certs
- conf
- etc
- name: Write clouds.yaml
template:
src: clouds.yaml.j2
dest: /var/registry/etc/clouds.yaml
owner: registry
group: registry
- name: Write registry config
template:
src: registry.yaml.j2
dest: /var/registry/conf/registry.yaml
owner: registry
group: registry
- name: Run docker-compose pull
shell:
cmd: docker-compose pull
chdir: /etc/registry-docker/
- name: Run docker-compose up
shell:
cmd: docker-compose up -d
chdir: /etc/registry-docker/
- name: Run docker prune to cleanup unneeded images
shell:
cmd: docker image prune -f
# Temporarily disable to aid debug of mysteriously absent blobs
# -corvus 2019-10-09
# - name: Install cron to garbage collect the registry daily
# cron:
# name: "docker registry garbage-collect"
# minute: "0"
# hour: "0"
# job: "/usr/bin/docker exec registrydocker_registry_1 zuul-registry prune"
View Git Blame Copy Permalink