summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJames E. Blair <jeblair@redhat.com>2019-02-20 07:35:29 -0800
committerJames E. Blair <jeblair@redhat.com>2019-02-21 14:07:33 -0800
commit42df4557053e08d3a7cea8d222adb8ccaa83fc55 (patch)
tree278604ddfc912d7ccd87bb1494bfda90c2d4af94
parente7a0f0da8b83f59a482240faac7330fea12cfefd (diff)
use-buildset-registry: support running before docker installed
To accomodate running in a production-simulation environment, make it safe to run this role on a host before docker is installed. This also adds support for the new dual-registry configuration that run-buildset-registry uses. This removes the region-local proxy from the registry-mirrors configuration. Because the buildset registry acts as a pull-through proxy, the region-local proxy won't be used even if we did include it. Instead, we should update the run-buildset-registry role to proxy to the region-local proxy if present. Change-Id: I21011a3708f17ee61afd0034d90d75e8dc885575
Notes
Notes (review): Code-Review+2: Monty Taylor <mordred@inaugust.com> Code-Review+2: Clark Boylan <cboylan@sapwetik.org> Workflow+1: Clark Boylan <cboylan@sapwetik.org> Code-Review+2: Jeremy Stanley <fungi@yuggoth.org> Verified+2: Zuul Submitted-by: Zuul Submitted-at: Thu, 21 Feb 2019 23:39:30 +0000 Reviewed-on: https://review.openstack.org/638180 Project: openstack-infra/zuul-jobs Branch: refs/heads/master
-rw-r--r--roles/use-buildset-registry/README.rst7
-rw-r--r--roles/use-buildset-registry/tasks/main.yaml52
-rw-r--r--roles/use-buildset-registry/tasks/user-config.yaml43
3 files changed, 95 insertions, 7 deletions
diff --git a/roles/use-buildset-registry/README.rst b/roles/use-buildset-registry/README.rst
index 415a6cc..2801477 100644
--- a/roles/use-buildset-registry/README.rst
+++ b/roles/use-buildset-registry/README.rst
@@ -28,3 +28,10 @@ Use this role on any host which should use the buildset registry.
28 .. zuul:rolevar:: cert 28 .. zuul:rolevar:: cert
29 29
30 The (self-signed) certificate used by the registry. 30 The (self-signed) certificate used by the registry.
31
32.. zuul:rolevar:: buildset_registry_docker_user
33 :default: {{ ansible_user }}
34
35 The system user to configure to use the docker registry. The
36 docker configuration file for this user will be updated. By
37 default, the user Ansible is running as.
diff --git a/roles/use-buildset-registry/tasks/main.yaml b/roles/use-buildset-registry/tasks/main.yaml
index 983e25b..e31a622 100644
--- a/roles/use-buildset-registry/tasks/main.yaml
+++ b/roles/use-buildset-registry/tasks/main.yaml
@@ -1,24 +1,52 @@
1- name: Ensure docker directory exists
2 become: yes
3 file:
4 state: directory
5 path: /etc/docker
1- name: Ensure registry cert directory exists 6- name: Ensure registry cert directory exists
2 become: true 7 become: true
3 file: 8 file:
4 path: "/etc/docker/certs.d/{{ buildset_registry.host }}:{{ buildset_registry.port }}/" 9 path: "/etc/docker/certs.d/{{ buildset_registry.host }}:{{ buildset_registry.port }}/"
5 state: directory 10 state: directory
11- name: Ensure push registry cert directory exists
12 become: true
13 file:
14 path: "/etc/docker/certs.d/{{ buildset_registry.push_host }}:{{ buildset_registry.push_port }}/"
15 state: directory
6- name: Write registry TLS certificate 16- name: Write registry TLS certificate
7 become: true 17 become: true
8 copy: 18 copy:
9 content: "{{ buildset_registry.cert }}" 19 content: "{{ buildset_registry.cert }}"
10 dest: "/etc/docker/certs.d/{{ buildset_registry.host }}:{{ buildset_registry.port }}/ca.crt" 20 dest: "/etc/docker/certs.d/{{ buildset_registry.host }}:{{ buildset_registry.port }}/ca.crt"
21- name: Write push registry TLS certificate
22 become: true
23 copy:
24 content: "{{ buildset_registry.cert }}"
25 dest: "/etc/docker/certs.d/{{ buildset_registry.push_host }}:{{ buildset_registry.push_port }}/ca.crt"
26
27# Update daemon config
28- name: Check if docker daemon configuration exists
29 stat:
30 path: /etc/docker/daemon.json
31 register: docker_config_stat
11- name: Load docker daemon configuration 32- name: Load docker daemon configuration
33 when: docker_config_stat.stat.exists
12 slurp: 34 slurp:
13 path: /etc/docker/daemon.json 35 path: /etc/docker/daemon.json
14 register: docker_config 36 register: docker_config
15- name: Parse docker daemon configuration 37- name: Parse docker daemon configuration
38 when: docker_config_stat.stat.exists
16 set_fact: 39 set_fact:
17 docker_config: "{{ docker_config.content | b64decode | from_json }}" 40 docker_config: "{{ docker_config.content | b64decode | from_json }}"
41- name: Set default docker daemon configuration
42 when: not docker_config_stat.stat.exists
43 set_fact:
44 docker_config:
45 registry-mirrors: []
18- name: Add registry to docker daemon configuration 46- name: Add registry to docker daemon configuration
19 vars: 47 vars:
20 new_config: 48 new_config:
21 registry-mirrors: "['https://{{ buildset_registry.host }}:{{ buildset_registry.port}}/'] + {{ docker_config['registry-mirrors'] }}" 49 registry-mirrors: "['https://{{ buildset_registry.host }}:{{ buildset_registry.port}}/']"
22 set_fact: 50 set_fact:
23 docker_config: "{{ docker_config | combine(new_config) }}" 51 docker_config: "{{ docker_config | combine(new_config) }}"
24- name: Save docker daemon configuration 52- name: Save docker daemon configuration
@@ -26,14 +54,24 @@
26 content: "{{ docker_config | to_nice_json }}" 54 content: "{{ docker_config | to_nice_json }}"
27 dest: /etc/docker/daemon.json 55 dest: /etc/docker/daemon.json
28 become: true 56 become: true
57
29- name: Restart docker daemon 58- name: Restart docker daemon
30 service: 59 service:
31 name: docker 60 name: docker
32 state: restarted 61 state: restarted
33 become: true 62 become: true
34- name: Log in to registry 63 register: docker_restart
35 command: "docker login -u {{ buildset_registry.username }} -p {{ buildset_registry.password }} https://{{ buildset_registry.host }}:{{ buildset_registry.port}}/" 64 failed_when: docker_restart is failed and not 'Could not find the requested service' in docker_restart.msg
36 register: result 65
37 until: result.rc ==0 66# We use 'block' here to cause the become to apply to all the tasks
38 delay: 1 67# (which does not automatically happen with include_tasks).
39 retries: 120 68- name: Update docker user config to use buildset registry
69 become: true
70 become_user: "{{ buildset_registry_docker_user }}"
71 when: buildset_registry_docker_user is defined
72 block:
73 - include_tasks: user-config.yaml
74- name: Update docker user config to use buildset registry
75 when: buildset_registry_docker_user is not defined
76 block:
77 - include_tasks: user-config.yaml
diff --git a/roles/use-buildset-registry/tasks/user-config.yaml b/roles/use-buildset-registry/tasks/user-config.yaml
new file mode 100644
index 0000000..24b5e52
--- /dev/null
+++ b/roles/use-buildset-registry/tasks/user-config.yaml
@@ -0,0 +1,43 @@
1# Update user config
2- name: Ensure docker user directory exists
3 file:
4 state: directory
5 path: "~/.docker"
6 mode: 0700
7- name: Check if docker user configuration exists
8 stat:
9 path: "~/.docker/config.json"
10 register: docker_config_stat
11- name: Load docker user configuration
12 when: docker_config_stat.stat.exists
13 slurp:
14 path: "~/.docker/config.json"
15 register: docker_config
16- name: Parse docker user configuration
17 when: docker_config_stat.stat.exists
18 set_fact:
19 docker_config: "{{ docker_config.content | b64decode | from_json }}"
20- name: Set default docker user configuration
21 when: not docker_config_stat.stat.exists
22 set_fact:
23 docker_config:
24 auths: {}
25- name: Add registry to docker user configuration
26 vars:
27 new_config:
28 auths: |
29 {
30 "https://index.docker.io/v1/":
31 {"auth": "{{ (buildset_registry.username + ":" + buildset_registry.password) | b64encode }}"},
32 "{{ buildset_registry.host }}:{{ buildset_registry.port }}":
33 {"auth": "{{ (buildset_registry.username + ":" + buildset_registry.password) | b64encode }}"},
34 "{{ buildset_registry.push_host }}:{{ buildset_registry.push_port }}":
35 {"auth": "{{ (buildset_registry.username + ":" + buildset_registry.password) | b64encode }}"}
36 }
37 set_fact:
38 docker_config: "{{ docker_config | combine(new_config, recursive=True) }}"
39- name: Save docker user configuration
40 copy:
41 content: "{{ docker_config | to_nice_json }}"
42 dest: "~/.docker/config.json"
43 mode: 0600