c58e2a51dc
The intermediate registry pull role is designed to be used in the same playbook as the run-buildset-registry role, which sets the buildset_registry fact. However, that fact is set on the host where the registry runs, not localhost. Theoretically we should be able to delegate setting that fact to all hosts in the inventory, plus localhost, however, that doesn't seem to work in local testing. Work around this by, once again, loading the buildset_registry fact from the zuul_return file. Change-Id: Ia16b3af8782c875e64ad5eeeeb5f107482a3e30a
28 lines
1.3 KiB
YAML
28 lines
1.3 KiB
YAML
# This can be removed if we add this functionality to Zuul directly
|
|
- name: Load information from zuul_return
|
|
when: buildset_registry is not defined
|
|
set_fact:
|
|
buildset_registry: "{{ (lookup('file', zuul.executor.work_root + '/results.json') | from_json)['buildset_registry'] }}"
|
|
- name: Ensure registry cert directory exists
|
|
file:
|
|
path: "/etc/docker/certs.d/{{ buildset_registry.host }}:{{ buildset_registry.port }}/"
|
|
state: directory
|
|
- name: Ensure registry cert directory exists
|
|
file:
|
|
path: "/etc/docker/certs.d/{{ buildset_registry.host }}:{{ buildset_registry.port }}/"
|
|
state: directory
|
|
- name: Write registry TLS certificate
|
|
copy:
|
|
content: "{{ buildset_registry.cert }}"
|
|
dest: "/etc/docker/certs.d/{{ buildset_registry.host }}:{{ buildset_registry.port }}/ca.crt"
|
|
- name: Pull artifact from intermediate registry
|
|
command: >-
|
|
skopeo --insecure-policy copy
|
|
--src-creds={{ intermediate_registry.username }}:{{ intermediate_registry.password }}
|
|
--dest-creds={{ buildset_registry.username }}:{{ buildset_registry.password }}
|
|
{{ item.url }}
|
|
docker://{{ buildset_registry.host }}:{{ buildset_registry.port }}/{{ item.metadata.repository }}:{{ item.metadata.tag }}
|
|
when: "item.metadata.type | default('') == 'container_image'"
|
|
loop: "{{ zuul.artifacts | default([]) }}"
|
|
# no_log: true TODO(corvus): replace
|