summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorZuul <zuul@review.openstack.org>2019-02-12 18:41:27 +0000
committerGerrit Code Review <review@openstack.org>2019-02-12 18:41:27 +0000
commit8040e3db0857ed7523461e58f3b4e893d68dfe29 (patch)
treec5a06770632f7f7e609edbad2cbe11ad498b9b6c
parent54dd1db16e30d3285851c44065c42ed61a365280 (diff)
parent8efc1cf1af7f7092d25c41b88928b743464e6620 (diff)
Merge "Add intermediate registry push/pull roles"
-rw-r--r--roles/pull-from-intermediate-registry/README.rst62
-rw-r--r--roles/pull-from-intermediate-registry/tasks/main.yaml10
-rw-r--r--roles/push-to-intermediate-registry/README.rst75
-rw-r--r--roles/push-to-intermediate-registry/tasks/main.yaml5
-rw-r--r--roles/push-to-intermediate-registry/tasks/push.yaml26
5 files changed, 178 insertions, 0 deletions
diff --git a/roles/pull-from-intermediate-registry/README.rst b/roles/pull-from-intermediate-registry/README.rst
new file mode 100644
index 0000000..435d345
--- /dev/null
+++ b/roles/pull-from-intermediate-registry/README.rst
@@ -0,0 +1,62 @@
1Pull artifacts from the intermediate registry
2
3This role will pull any artifacts built for changes ahead of this
4change which have been placed in an intermediate registry into the
5buildset registry for this buildset.
6
7Run this in a trusted pre-playbook at the start of a job (which, in
8the case of multiple dependent jobs in a buildset, should be at the
9root of the job dependency graph).
10
11This requires the :zuul:role:`run-buildset-registry` role already
12applied. It also requires an externally managed "intermediate"
13registry operating for the use of Zuul, and it requires "skopeo" to be
14installed on the Zuul executors.
15
16**Role Variables**
17
18.. zuul:rolevar:: buildset_registry
19
20 Information about the registry, as returned by
21 :zuul:role:`run-buildset-registry`.
22
23 .. zuul:rolevar:: host
24
25 The host (IP address) of the registry.
26
27 .. zuul:rolevar:: port
28
29 The port on which the registry is listening.
30
31 .. zuul:rolevar:: username
32
33 The username used to access the registry via HTTP basic auth.
34
35 .. zuul:rolevar:: password
36
37 The password used to access the registry via HTTP basic auth.
38
39 .. zuul:rolevar:: cert
40
41 The (self-signed) certificate used by the registry.
42
43.. zuul:rolevar:: intermediate_registry
44
45 Information about the registry. This is expected to be provided as
46 a secret.
47
48 .. zuul:rolevar:: host
49
50 The host (IP address) of the registry.
51
52 .. zuul:rolevar:: port
53
54 The port on which the registry is listening.
55
56 .. zuul:rolevar:: username
57
58 The username used to access the registry via HTTP basic auth.
59
60 .. zuul:rolevar:: password
61
62 The password used to access the registry via HTTP basic auth.
diff --git a/roles/pull-from-intermediate-registry/tasks/main.yaml b/roles/pull-from-intermediate-registry/tasks/main.yaml
new file mode 100644
index 0000000..b0a585c
--- /dev/null
+++ b/roles/pull-from-intermediate-registry/tasks/main.yaml
@@ -0,0 +1,10 @@
1- name: Pull artifact from intermediate registry
2 command: >-
3 skopeo copy
4 --src-creds={{ intermediate_registry.username }}:{{ intermediate_registry.password }}
5 --dest-creds={{ buildset_registry.username }}:{{ buildset_registry.password }}
6 {{ item.url }}
7 docker://{{ buildset_registry.host }}:{{ buildset_registry.port }}/{{ item.metadata.repository }}:{{ item.metadata.tag }}
8 when: "item.metadata.type | default('') == 'container_image'"
9 loop: "{{ zuul.artifacts }}"
10 no_log: true
diff --git a/roles/push-to-intermediate-registry/README.rst b/roles/push-to-intermediate-registry/README.rst
new file mode 100644
index 0000000..ee3939f
--- /dev/null
+++ b/roles/push-to-intermediate-registry/README.rst
@@ -0,0 +1,75 @@
1Push artifacts to the intermediate registry
2
3This role will push any images built by
4:zuul:role:`build-docker-image` into an intermediate registry.
5
6Run this in a trusted post-playbook at the end of a job after the
7image build.
8
9This requires the :zuul:role:`run-buildset-registry` role already
10applied. It also requires an externally managed "intermediate"
11registry operating for the use of Zuul, and it requires "skopeo" to be
12installed on the Zuul executors.
13
14**Role Variables**
15
16.. zuul:rolevar:: buildset_registry
17
18 Information about the registry, as returned by
19 :zuul:role:`run-buildset-registry`.
20
21 .. zuul:rolevar:: host
22
23 The host (IP address) of the registry.
24
25 .. zuul:rolevar:: port
26
27 The port on which the registry is listening.
28
29 .. zuul:rolevar:: username
30
31 The username used to access the registry via HTTP basic auth.
32
33 .. zuul:rolevar:: password
34
35 The password used to access the registry via HTTP basic auth.
36
37 .. zuul:rolevar:: cert
38
39 The (self-signed) certificate used by the registry.
40
41.. zuul:rolevar:: intermediate_registry
42
43 Information about the registry. This is expected to be provided as
44 a secret.
45
46 .. zuul:rolevar:: host
47
48 The host (IP address) of the registry.
49
50 .. zuul:rolevar:: port
51
52 The port on which the registry is listening.
53
54 .. zuul:rolevar:: username
55
56 The username used to access the registry via HTTP basic auth.
57
58 .. zuul:rolevar:: password
59
60 The password used to access the registry via HTTP basic auth.
61
62.. zuul:rolevar:: docker_images
63 :type: list
64
65 A list of images built. Each item in the list should have:
66
67 .. zuul:rolevar:: repository
68
69 The name of the target repository for the image.
70
71 .. zuul:rolevar:: tags
72 :type: list
73 :default: ['latest']
74
75 A list of tags to be added to the image.
diff --git a/roles/push-to-intermediate-registry/tasks/main.yaml b/roles/push-to-intermediate-registry/tasks/main.yaml
new file mode 100644
index 0000000..4c7f32a
--- /dev/null
+++ b/roles/push-to-intermediate-registry/tasks/main.yaml
@@ -0,0 +1,5 @@
1- name: Push image to intermediate registry
2 include_tasks: push.yaml
3 loop: docker_images
4 loop_control:
5 loop_var: image
diff --git a/roles/push-to-intermediate-registry/tasks/push.yaml b/roles/push-to-intermediate-registry/tasks/push.yaml
new file mode 100644
index 0000000..db9fd8d
--- /dev/null
+++ b/roles/push-to-intermediate-registry/tasks/push.yaml
@@ -0,0 +1,26 @@
1- name: Push tag to intermediate registry
2 command: >-
3 skopeo copy
4 --src-creds={{ buildset_registry.username }}:{{ buildset_registry.password }}
5 --dest-creds={{ intermediate_registry.username }}:{{ intermediate_registry.password }}
6 docker://{{ buildset_registry.host }}:{{ buildset_registry.port }}/{{ image.repository }}:{{ image_tag }}
7 docker://{{ intermediate_registry.hostname }}:{{ intermediate_registry.port}}/{{ image.repository }}:{{ zuul.build }}_{{ image_tag}}
8 loop: "{{ image.tags }}"
9 loop_control:
10 loop_var: image_tag
11 no_log: true
12
13- name: Return artifact to Zuul
14 zuul_return:
15 data:
16 zuul:
17 artifacts:
18 "image_{{ image.repository }}:{{ image_tag }}":
19 url: "docker://{{ intermediate_registry.hostname }}:{{ intermediate_registry.port}}/{{ image.repository }}:{{ zuul.build }}_{{ image_tag}}"
20 metadata:
21 type: container_image
22 repository: "{{ image.repository }}"
23 tag: "{{ image_tag }}"
24 loop: "{{ image.tags }}"
25 loop_control:
26 loop_var: image_tag