--- # Roughly follows kolla-ansible's service deployment patterns. # Action to perform. One of 'deploy', 'destroy', 'pull', 'reconfigure', # 'stop', 'upgrade'. docker_registry_action: deploy # Whether a docker registry is enabled. docker_registry_enabled: true # Dict of environment variables to provide to the docker registry container. # This allows to configure the registry by overriding specific configuration # options, as described at https://docs.docker.com/registry/configuration/ # For example, the registry can be configured as a pull through cache to Docker # Hub by setting REGISTRY_PROXY_REMOTEURL to "https://registry-1.docker.io". # Note that it is not possible to push to a registry configured as a # pull through cache. docker_registry_env: {} # Dict of environment variables setting a listen port for docker registry # container. docker_registry_env_listen: REGISTRY_HTTP_ADDR: "0.0.0.0:{{ docker_registry_port }}" # Dict of environment variables to provide to the docker registry container # when TLS is enabled. docker_registry_env_tls: REGISTRY_HTTP_TLS_CERTIFICATE: "{{ docker_registry_config_path }}/cert.pem" REGISTRY_HTTP_TLS_KEY: "{{ docker_registry_config_path }}/key.pem" # Dict of environment variables to provide to the docker registry container # when basic authentication is enabled. docker_registry_env_basic_auth: REGISTRY_AUTH: htpasswd REGISTRY_AUTH_HTPASSWD_REALM: "Registry realm" REGISTRY_AUTH_HTPASSWD_PATH: "{{ docker_registry_config_path }}/htpasswd" # Service deployment definition. docker_registry_services: docker_registry: container_name: docker_registry env: >- {{ {} | combine(docker_registry_env_tls if docker_registry_enable_tls | bool else {}) | combine(docker_registry_env_basic_auth if docker_registry_enable_basic_auth | bool else {}) | combine(docker_registry_env_listen if docker_registry_network_mode == 'host' else {}) | combine(docker_registry_env) }} enabled: "{{ docker_registry_enabled }}" image: "{{ docker_registry_image_full }}" network_mode: "{{ docker_registry_network_mode }}" ports: "{{ [docker_registry_port ~ ':5000'] if docker_registry_network_mode == 'bridge' else [] }}" volumes: "{{ docker_registry_volumes | select | list }}" # The network mode of the docker registry container. docker_registry_network_mode: host # The port on which the docker registry server should listen. docker_registry_port: 5000 # The name or path to use for the docker volume that backs the registry. # Defaults to ``docker_registry``. docker_registry_datadir_volume: docker_registry # Path in which to store docker registry configuration. docker_registry_config_path: "/etc/docker/registry" # Whether to enable TLS for the registry. docker_registry_enable_tls: false # Path to a TLS certificate to use when TLS is enabled. docker_registry_cert_path: # Path to a TLS key to use when TLS is enabled. docker_registry_key_path: # Whether to enable basic authentication for the registry. docker_registry_enable_basic_auth: false # Path to a htpasswd formatted password store for the registry. docker_registry_basic_auth_htpasswd_path: #################### # Docker #################### # NOTE: Namespace 'library' causes image task to always be changed and # container to never update to new images. docker_registry_namespace: "" docker_registry_image: "{{ docker_registry_namespace ~ '/' if docker_registry_namespace else '' }}registry" docker_registry_tag: "latest" docker_registry_image_full: "{{ docker_registry_image }}:{{ docker_registry_tag }}" # List of volumes to be mounted to the docker registry container. docker_registry_volumes: - "/etc/localtime:/etc/localtime:ro" - "{{ docker_registry_datadir_volume }}:/var/lib/registry" - "{% if docker_registry_enable_tls | bool or docker_registry_enable_basic_auth | bool %}{{ docker_registry_config_path }}:{{ docker_registry_config_path }}:ro{% endif %}" docker_registry_restart_policy: "unless-stopped" #docker_registry_restart_retries: