summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJames E. Blair <jeblair@redhat.com>2019-02-16 10:02:48 -0800
committerJames E. Blair <jeblair@redhat.com>2019-02-16 10:02:48 -0800
commit71b7cb0ae5af1c824e369eb8690862aac7d38e5c (patch)
tree7ca8692ba4d496bee0be43f86cb47cf4fae36d58
parentee1b1ea2e4df9f5fa18d679b5a1c184f3c7f0bc4 (diff)
Update docker image roles
* In the build-image role, push to the buildset registry if it is defined. * In the intermediate registry push and pull roles, ensure that the buildset registry TLS cert is in place. This is a self-signed cert, and so needs to be written for each run. This happens inside bubblewrap where we have permission to write to /etc, which is an ephemeral volume. Change-Id: I47781d8a7adb93817dfe9266e2f4ad5fd829385c
Notes
Notes (review): Code-Review+2: Clark Boylan <cboylan@sapwetik.org> Code-Review+2: Jeremy Stanley <fungi@yuggoth.org> Workflow+1: Jeremy Stanley <fungi@yuggoth.org> Verified+2: Zuul Submitted-by: Zuul Submitted-at: Mon, 18 Feb 2019 17:51:48 +0000 Reviewed-on: https://review.openstack.org/637387 Project: openstack-infra/zuul-jobs Branch: refs/heads/master
-rw-r--r--roles/build-docker-image/tasks/main.yaml12
-rw-r--r--roles/build-docker-image/tasks/push.yaml7
-rw-r--r--roles/pull-from-intermediate-registry/tasks/main.yaml8
-rw-r--r--roles/push-to-intermediate-registry/tasks/main.yaml8
-rw-r--r--roles/push-to-intermediate-registry/tasks/push.yaml2
5 files changed, 36 insertions, 1 deletions
diff --git a/roles/build-docker-image/tasks/main.yaml b/roles/build-docker-image/tasks/main.yaml
index 653dc54..73156e1 100644
--- a/roles/build-docker-image/tasks/main.yaml
+++ b/roles/build-docker-image/tasks/main.yaml
@@ -1,3 +1,9 @@
1# This can be removed if we add this functionality to Zuul directly
2- name: Load information from zuul_return
3 when: buildset_registry is not defined
4 set_fact:
5 buildset_registry: "{{ (lookup('file', zuul.executor.work_root + '/results.json') | from_json)['buildset_registry'] }}"
6 ignore_errors: true
1- name: Build a docker image 7- name: Build a docker image
2 command: >- 8 command: >-
3 docker build {{ item.path | default('.') }} -f {{ item.dockerfile | default(docker_dockerfile) }} 9 docker build {{ item.path | default('.') }} -f {{ item.dockerfile | default(docker_dockerfile) }}
@@ -14,3 +20,9 @@
14 args: 20 args:
15 chdir: "{{ zuul_work_dir }}/{{ item.context }}" 21 chdir: "{{ zuul_work_dir }}/{{ item.context }}"
16 loop: "{{ docker_images }}" 22 loop: "{{ docker_images }}"
23- name: Push image to buildset registry
24 when: buildset_registry is defined
25 include_tasks: push.yaml
26 loop: "{{ docker_images }}"
27 loop_control:
28 loop_var: image
diff --git a/roles/build-docker-image/tasks/push.yaml b/roles/build-docker-image/tasks/push.yaml
new file mode 100644
index 0000000..ed41714
--- /dev/null
+++ b/roles/build-docker-image/tasks/push.yaml
@@ -0,0 +1,7 @@
1- name: Push tag to buildset registry
2 command: >-
3 docker tag {{ image.repository }}:{{ image_tag }} {{ buildset_registry.host }}:{{ buildset_registry.port }}/{{ image.repository }}:{{ image_tag }}
4 docker push {{ buildset_registry.host }}:{{ buildset_registry.port }}/{{ image.repository }}:{{ image_tag }}
5 loop: "{{ image.tags | default(['latest']) }}"
6 loop_control:
7 loop_var: image_tag
diff --git a/roles/pull-from-intermediate-registry/tasks/main.yaml b/roles/pull-from-intermediate-registry/tasks/main.yaml
index e5591ad..dabe367 100644
--- a/roles/pull-from-intermediate-registry/tasks/main.yaml
+++ b/roles/pull-from-intermediate-registry/tasks/main.yaml
@@ -1,3 +1,11 @@
1- name: Ensure registry cert directory exists
2 file:
3 path: "/etc/docker/certs.d/{{ buildset_registry.host }}:{{ buildset_registry.port }}/"
4 state: directory
5- name: Write registry TLS certificate
6 copy:
7 content: "{{ buildset_registry.cert }}"
8 dest: "/etc/docker/certs.d/{{ buildset_registry.host }}:{{ buildset_registry.port }}/ca.crt"
1- name: Pull artifact from intermediate registry 9- name: Pull artifact from intermediate registry
2 command: >- 10 command: >-
3 skopeo --insecure-policy copy 11 skopeo --insecure-policy copy
diff --git a/roles/push-to-intermediate-registry/tasks/main.yaml b/roles/push-to-intermediate-registry/tasks/main.yaml
index 42b3288..740d88a 100644
--- a/roles/push-to-intermediate-registry/tasks/main.yaml
+++ b/roles/push-to-intermediate-registry/tasks/main.yaml
@@ -3,6 +3,14 @@
3 when: buildset_registry is not defined 3 when: buildset_registry is not defined
4 set_fact: 4 set_fact:
5 buildset_registry: "{{ (lookup('file', zuul.executor.work_root + '/results.json') | from_json)['buildset_registry'] }}" 5 buildset_registry: "{{ (lookup('file', zuul.executor.work_root + '/results.json') | from_json)['buildset_registry'] }}"
6- name: Ensure registry cert directory exists
7 file:
8 path: "/etc/docker/certs.d/{{ buildset_registry.host }}:{{ buildset_registry.port }}/"
9 state: directory
10- name: Write registry TLS certificate
11 copy:
12 content: "{{ buildset_registry.cert }}"
13 dest: "/etc/docker/certs.d/{{ buildset_registry.host }}:{{ buildset_registry.port }}/ca.crt"
6- name: Push image to intermediate registry 14- name: Push image to intermediate registry
7 include_tasks: push.yaml 15 include_tasks: push.yaml
8 loop: "{{ docker_images }}" 16 loop: "{{ docker_images }}"
diff --git a/roles/push-to-intermediate-registry/tasks/push.yaml b/roles/push-to-intermediate-registry/tasks/push.yaml
index 94038fc..a8736af 100644
--- a/roles/push-to-intermediate-registry/tasks/push.yaml
+++ b/roles/push-to-intermediate-registry/tasks/push.yaml
@@ -4,7 +4,7 @@
4 --src-creds={{ buildset_registry.username }}:{{ buildset_registry.password }} 4 --src-creds={{ buildset_registry.username }}:{{ buildset_registry.password }}
5 --dest-creds={{ intermediate_registry.username }}:{{ intermediate_registry.password }} 5 --dest-creds={{ intermediate_registry.username }}:{{ intermediate_registry.password }}
6 docker://{{ buildset_registry.host }}:{{ buildset_registry.port }}/{{ image.repository }}:{{ image_tag }} 6 docker://{{ buildset_registry.host }}:{{ buildset_registry.port }}/{{ image.repository }}:{{ image_tag }}
7 docker://{{ intermediate_registry.host }}:{{ intermediate_registry.port}}/{{ image.repository }}:{{ zuul.build }}_{{ image_tag}} 7 docker://{{ intermediate_registry.host }}:{{ intermediate_registry.port}}/{{ image.repository }}:{{ zuul.build }}_{{ image_tag }}
8 loop: "{{ image.tags | default(['latest']) }}" 8 loop: "{{ image.tags | default(['latest']) }}"
9 loop_control: 9 loop_control:
10 loop_var: image_tag 10 loop_var: image_tag