diff --git a/roles/install-openshift/tasks/main.yaml b/roles/install-openshift/tasks/main.yaml index d897efa57..a36d229ee 100644 --- a/roles/install-openshift/tasks/main.yaml +++ b/roles/install-openshift/tasks/main.yaml @@ -25,6 +25,20 @@ state: absent become: yes +- name: Ensure "docker" group exists + become: true + group: + name: docker + state: present + +- name: Add user to docker group + become: true + user: + name: "{{ ansible_user }}" + groups: + - docker + append: yes + - name: Start docker service service: name: docker @@ -41,3 +55,12 @@ - origin-pod - origin become: yes + +- name: Set group ownership of docker socket + become: true + file: + path: /var/run/docker.sock + group: docker + +- name: Reset ssh connection to pick up docker group + meta: reset_connection diff --git a/roles/use-buildset-registry/tasks/main.yaml b/roles/use-buildset-registry/tasks/main.yaml index 212669e38..e8e663be2 100644 --- a/roles/use-buildset-registry/tasks/main.yaml +++ b/roles/use-buildset-registry/tasks/main.yaml @@ -1,3 +1,12 @@ +- name: Include OS-specific variables + include_vars: "{{ item }}" + with_first_found: + - "{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yaml" + - "{{ ansible_distribution }}.{{ ansible_architecture }}.yaml" + - "{{ ansible_distribution }}.yaml" + - "{{ ansible_os_family }}.yaml" + - "default.yaml" + # Docker doesn't understand docker push [1234:5678::]:5000/image/path:tag # so we set up /etc/hosts with a registry alias name to support ipv6 and 4. - name: Configure /etc/hosts for buildset_registry to workaround docker not understanding ipv6 addresses @@ -27,9 +36,9 @@ become: true copy: content: "{{ buildset_registry.cert }}" - dest: "/usr/local/share/ca-certificates/buildset-registry.crt" + dest: "{{ ca_dir }}/buildset-registry.crt" - name: Update CA certs - command: update-ca-certificates + command: "{{ ca_command }}" become: true # Update daemon config diff --git a/roles/use-buildset-registry/vars/CentOS.yaml b/roles/use-buildset-registry/vars/CentOS.yaml new file mode 100644 index 000000000..c2b260ab2 --- /dev/null +++ b/roles/use-buildset-registry/vars/CentOS.yaml @@ -0,0 +1,2 @@ +ca_dir: /etc/pki/ca-trust/source/anchors +ca_command: update-ca-trust diff --git a/roles/use-buildset-registry/vars/default.yaml b/roles/use-buildset-registry/vars/default.yaml new file mode 100644 index 000000000..7bea1b23b --- /dev/null +++ b/roles/use-buildset-registry/vars/default.yaml @@ -0,0 +1,2 @@ +ca_dir: /usr/local/share/ca-certificates +ca_command: update-ca-certificates diff --git a/test-playbooks/registry/buildset-registry-openshift-docker.yaml b/test-playbooks/registry/buildset-registry-openshift-docker.yaml new file mode 100644 index 000000000..dbb2d5fcd --- /dev/null +++ b/test-playbooks/registry/buildset-registry-openshift-docker.yaml @@ -0,0 +1,27 @@ +- hosts: all + roles: + - role: clear-firewall + - role: install-openshift + - role: use-buildset-registry + buildset_registry_docker_user: root + - role: deploy-openshift + tasks: + - name: Wait for cluster to come up + command: kubectl cluster-info + register: result + until: result.rc == 0 + retries: 5 + delay: 30 + - name: Run a local test pod + command: oc run --generator=run-pod/v1 --image=zuul/docker-testimage dockertest + - name: Wait for the pod to be ready + command: oc wait --for=condition=Ready pod/dockertest --timeout=60s + - name: Check the output of the pod + shell: "oc logs pod/dockertest | grep 'Zuul container test'" + + - name: Run a remote test pod + command: oc run --generator=run-pod/v1 --image=debian:testing upstream-dockertest --command -- /bin/bash -c 'echo Upstream; sleep infinity' + - name: Wait for the pod to be ready + command: oc wait --for=condition=Ready pod/upstream-dockertest --timeout=60s + - name: Check the output of the pod + shell: "oc logs pod/upstream-dockertest | grep 'Upstream'" diff --git a/zuul-tests.d/container-roles-jobs.yaml b/zuul-tests.d/container-roles-jobs.yaml index 46a291619..2922ea23e 100644 --- a/zuul-tests.d/container-roles-jobs.yaml +++ b/zuul-tests.d/container-roles-jobs.yaml @@ -111,6 +111,33 @@ vars: container_command: docker +- job: + name: zuul-jobs-test-registry-buildset-registry-openshift-docker + dependencies: zuul-jobs-test-registry-buildset-registry + description: | + Test a buildset registry with openshift and docker + + It is not meant to be used directly but rather run on changes + to roles in the zuul-jobs repo. + files: + - roles/pull-from-intermediate-registry/.* + - roles/push-to-intermediate-registry/.* + - roles/install-docker/.* + - roles/install-openshift/.* + - roles/build-docker-image/.* + - roles/run-buildset-registry/.* + - roles/use-buildset-registry/.* + - test-playbooks/registry/.* + run: test-playbooks/registry/buildset-registry-openshift-docker.yaml + post-run: + - test-playbooks/registry/test-registry-post.yaml + vars: + container_command: docker + nodeset: + nodes: + - name: controller + label: centos-7 + - job: name: zuul-jobs-test-install-kubernetes-docker description: | @@ -166,6 +193,7 @@ - zuul-jobs-test-registry-podman - zuul-jobs-test-registry-buildset-registry - zuul-jobs-test-registry-buildset-registry-k8s-docker + - zuul-jobs-test-registry-buildset-registry-openshift-docker - zuul-jobs-test-install-kubernetes-docker - zuul-jobs-test-install-kubernetes-crio - zuul-jobs-test-install-podman