From 325b666b6d8796e12585c2148ac9c074b8b177b6 Mon Sep 17 00:00:00 2001 From: "James E. Blair" Date: Fri, 5 Apr 2019 16:10:29 -0700 Subject: [PATCH] Use ipwrap filter in registry roles We need to escape some ipv6 addresses in URLs. Change-Id: Ica5fe73dd65e138cdc4817de3903cdd271402941 --- roles/build-docker-image/tasks/push.yaml | 4 ++-- roles/pull-from-intermediate-registry/tasks/main.yaml | 10 +++++----- .../tasks/push-image.yaml | 6 +++--- roles/push-to-intermediate-registry/tasks/push.yaml | 8 ++++---- roles/use-buildset-registry/tasks/main.yaml | 10 +++++----- roles/use-buildset-registry/tasks/user-config.yaml | 4 ++-- 6 files changed, 21 insertions(+), 21 deletions(-) diff --git a/roles/build-docker-image/tasks/push.yaml b/roles/build-docker-image/tasks/push.yaml index d49edd1df..582849329 100644 --- a/roles/build-docker-image/tasks/push.yaml +++ b/roles/build-docker-image/tasks/push.yaml @@ -1,12 +1,12 @@ - name: Tag image for buildset registry command: >- - docker tag {{ image.repository }}:{{ image_tag }} {{ buildset_registry.host }}:{{ buildset_registry.port }}/{{ image.repository }}:{{ image_tag }} + docker tag {{ image.repository }}:{{ image_tag }} {{ buildset_registry.host | ipwrap }}:{{ buildset_registry.port }}/{{ image.repository }}:{{ image_tag }} loop: "{{ image.tags | default(['latest']) }}" loop_control: loop_var: image_tag - name: Push tag to buildset registry command: >- - docker push {{ buildset_registry.host }}:{{ buildset_registry.port }}/{{ image.repository }}:{{ image_tag }} + docker push {{ buildset_registry.host | ipwrap }}:{{ buildset_registry.port }}/{{ image.repository }}:{{ image_tag }} loop: "{{ image.tags | default(['latest']) }}" loop_control: loop_var: image_tag diff --git a/roles/pull-from-intermediate-registry/tasks/main.yaml b/roles/pull-from-intermediate-registry/tasks/main.yaml index ad6a1f33f..448f01cf7 100644 --- a/roles/pull-from-intermediate-registry/tasks/main.yaml +++ b/roles/pull-from-intermediate-registry/tasks/main.yaml @@ -5,12 +5,12 @@ buildset_registry: "{{ (lookup('file', zuul.executor.work_root + '/results.json') | from_json)['buildset_registry'] }}" - name: Ensure registry cert directory exists file: - path: "/etc/docker/certs.d/{{ buildset_registry.host }}:{{ buildset_registry.port }}/" + path: "/etc/docker/certs.d/{{ buildset_registry.host | ipwrap }}:{{ buildset_registry.port }}/" state: directory - name: Write registry TLS certificate copy: content: "{{ buildset_registry.cert }}" - dest: "/etc/docker/certs.d/{{ buildset_registry.host }}:{{ buildset_registry.port }}/ca.crt" + dest: "/etc/docker/certs.d/{{ buildset_registry.host | ipwrap }}:{{ buildset_registry.port }}/ca.crt" # Update user config for intermediate and buildset registries @@ -42,9 +42,9 @@ new_config: auths: | { - "{{ intermediate_registry.host }}:{{ intermediate_registry.port }}": + "{{ intermediate_registry.host | ipwrap }}:{{ intermediate_registry.port }}": {"auth": "{{ (intermediate_registry.username + ":" + intermediate_registry.password) | b64encode }}"}, - "{{ buildset_registry.host }}:{{ buildset_registry.port }}": + "{{ buildset_registry.host | ipwrap }}:{{ buildset_registry.port }}": {"auth": "{{ (buildset_registry.username + ":" + buildset_registry.password) | b64encode }}"}, } set_fact: @@ -62,7 +62,7 @@ command: >- skopeo --insecure-policy copy {{ item.url }} - docker://{{ buildset_registry.host }}:{{ buildset_registry.port }}/{{ item.metadata.repository }}:{{ item.metadata.tag }} + docker://{{ buildset_registry.host | ipwrap }}:{{ buildset_registry.port }}/{{ item.metadata.repository }}:{{ item.metadata.tag }} when: "'metadata' in item and item.metadata.type | default('') == 'container_image'" loop: "{{ zuul.artifacts | default([]) }}" always: diff --git a/roles/push-to-intermediate-registry/tasks/push-image.yaml b/roles/push-to-intermediate-registry/tasks/push-image.yaml index 0721a771a..6e1e72d59 100644 --- a/roles/push-to-intermediate-registry/tasks/push-image.yaml +++ b/roles/push-to-intermediate-registry/tasks/push-image.yaml @@ -1,8 +1,8 @@ - name: Push tag to intermediate registry command: >- skopeo --insecure-policy copy - docker://{{ buildset_registry.host }}:{{ buildset_registry.port }}/{{ image.repository }}:{{ image_tag }} - docker://{{ intermediate_registry.host }}:{{ intermediate_registry.port}}/{{ image.repository }}:{{ zuul.build }}_{{ image_tag }} + docker://{{ buildset_registry.host | ipwrap }}:{{ buildset_registry.port }}/{{ image.repository }}:{{ image_tag }} + docker://{{ intermediate_registry.host | ipwrap }}:{{ intermediate_registry.port}}/{{ image.repository }}:{{ zuul.build }}_{{ image_tag }} loop: "{{ image.tags | default(['latest']) }}" loop_control: loop_var: image_tag @@ -13,7 +13,7 @@ zuul: artifacts: - name: "image_{{ image.repository }}:{{ image_tag }}" - url: "docker://{{ intermediate_registry.host }}:{{ intermediate_registry.port}}/{{ image.repository }}:{{ zuul.build }}_{{ image_tag}}" + url: "docker://{{ intermediate_registry.host | ipwrap }}:{{ intermediate_registry.port}}/{{ image.repository }}:{{ zuul.build }}_{{ image_tag}}" metadata: type: container_image repository: "{{ image.repository }}" diff --git a/roles/push-to-intermediate-registry/tasks/push.yaml b/roles/push-to-intermediate-registry/tasks/push.yaml index 36498ff07..3c71df47a 100644 --- a/roles/push-to-intermediate-registry/tasks/push.yaml +++ b/roles/push-to-intermediate-registry/tasks/push.yaml @@ -5,12 +5,12 @@ buildset_registry: "{{ (lookup('file', zuul.executor.work_root + '/results.json') | from_json)['buildset_registry'] }}" - name: Ensure registry cert directory exists file: - path: "/etc/docker/certs.d/{{ buildset_registry.host }}:{{ buildset_registry.port }}/" + path: "/etc/docker/certs.d/{{ buildset_registry.host | ipwrap }}:{{ buildset_registry.port }}/" state: directory - name: Write registry TLS certificate copy: content: "{{ buildset_registry.cert }}" - dest: "/etc/docker/certs.d/{{ buildset_registry.host }}:{{ buildset_registry.port }}/ca.crt" + dest: "/etc/docker/certs.d/{{ buildset_registry.host | ipwrap }}:{{ buildset_registry.port }}/ca.crt" # Update user config for intermediate and buildset registries - name: Ensure docker user directory exists @@ -41,9 +41,9 @@ new_config: auths: | { - "{{ intermediate_registry.host }}:{{ intermediate_registry.port }}": + "{{ intermediate_registry.host | ipwrap }}:{{ intermediate_registry.port }}": {"auth": "{{ (intermediate_registry.username + ":" + intermediate_registry.password) | b64encode }}"}, - "{{ buildset_registry.host }}:{{ buildset_registry.port }}": + "{{ buildset_registry.host | ipwrap }}:{{ buildset_registry.port }}": {"auth": "{{ (buildset_registry.username + ":" + buildset_registry.password) | b64encode }}"}, } set_fact: diff --git a/roles/use-buildset-registry/tasks/main.yaml b/roles/use-buildset-registry/tasks/main.yaml index 9977ffdc7..f98820c91 100644 --- a/roles/use-buildset-registry/tasks/main.yaml +++ b/roles/use-buildset-registry/tasks/main.yaml @@ -6,23 +6,23 @@ - name: Ensure buildset registry cert directory exists become: true file: - path: "/etc/docker/certs.d/{{ buildset_registry.host }}:{{ buildset_registry.port }}/" + path: "/etc/docker/certs.d/{{ buildset_registry.host | ipwrap }}:{{ buildset_registry.port }}/" state: directory - name: Ensure proxy registry cert directory exists become: true file: - path: "/etc/docker/certs.d/{{ buildset_registry.host }}:{{ buildset_registry.proxy_port }}/" + path: "/etc/docker/certs.d/{{ buildset_registry.host | ipwrap }}:{{ buildset_registry.proxy_port }}/" state: directory - name: Write buildset registry TLS certificate become: true copy: content: "{{ buildset_registry.cert }}" - dest: "/etc/docker/certs.d/{{ buildset_registry.host }}:{{ buildset_registry.port }}/ca.crt" + dest: "/etc/docker/certs.d/{{ buildset_registry.host | ipwrap }}:{{ buildset_registry.port }}/ca.crt" - name: Write proxy registry TLS certificate become: true copy: content: "{{ buildset_registry.cert }}" - dest: "/etc/docker/certs.d/{{ buildset_registry.host }}:{{ buildset_registry.proxy_port }}/ca.crt" + dest: "/etc/docker/certs.d/{{ buildset_registry.host | ipwrap }}:{{ buildset_registry.proxy_port }}/ca.crt" # Update daemon config - name: Check if docker daemon configuration exists @@ -46,7 +46,7 @@ - name: Add registry to docker daemon configuration vars: new_config: - registry-mirrors: "['https://{{ buildset_registry.host }}:{{ buildset_registry.port}}/', 'https://{{ buildset_registry.host }}:{{ buildset_registry.proxy_port}}/']" + registry-mirrors: "['https://{{ buildset_registry.host | ipwrap }}:{{ buildset_registry.port}}/', 'https://{{ buildset_registry.host | ipwrap }}:{{ buildset_registry.proxy_port}}/']" set_fact: docker_config: "{{ docker_config | combine(new_config) }}" - name: Save docker daemon configuration diff --git a/roles/use-buildset-registry/tasks/user-config.yaml b/roles/use-buildset-registry/tasks/user-config.yaml index 35fc8feeb..56b2d2124 100644 --- a/roles/use-buildset-registry/tasks/user-config.yaml +++ b/roles/use-buildset-registry/tasks/user-config.yaml @@ -29,9 +29,9 @@ { "https://index.docker.io/v1/": {"auth": "{{ (buildset_registry.username + ":" + buildset_registry.password) | b64encode }}"}, - "{{ buildset_registry.host }}:{{ buildset_registry.port }}": + "{{ buildset_registry.host | ipwrap }}:{{ buildset_registry.port }}": {"auth": "{{ (buildset_registry.username + ":" + buildset_registry.password) | b64encode }}"}, - "{{ buildset_registry.host }}:{{ buildset_registry.proxy_port }}": + "{{ buildset_registry.host | ipwrap }}:{{ buildset_registry.proxy_port }}": {"auth": "{{ (buildset_registry.username + ":" + buildset_registry.password) | b64encode }}"} } set_fact: