summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJames E. Blair <jeblair@redhat.com>2019-02-21 14:11:19 -0800
committerJames E. Blair <jeblair@redhat.com>2019-02-21 14:15:45 -0800
commita358f2173603b53a8f1baf2d39247b5317630f19 (patch)
tree956db71f3a7061f3b0650e2d197ee1844be90451
parent90fc18f62171291e2551ba4d3b4f914b3d38480f (diff)
Use buildset registry push endpoint
When copying images from the intermediate registry to the buildset registry, use the new push endpoint of the dual-registry system. Also, use the push endpoint after a docker build to push the new image to the buildset registry. Change-Id: I3a11036bb9fb7cb3457a3d744fa83647c1b1b085
Notes
Notes (review): Code-Review+2: Monty Taylor <mordred@inaugust.com> Code-Review+2: Clark Boylan <cboylan@sapwetik.org> Workflow+1: Clark Boylan <cboylan@sapwetik.org> Verified+2: Zuul Submitted-by: Zuul Submitted-at: Thu, 21 Feb 2019 23:43:32 +0000 Reviewed-on: https://review.openstack.org/638520 Project: openstack-infra/zuul-jobs Branch: refs/heads/master
-rw-r--r--roles/build-docker-image/tasks/push.yaml4
-rw-r--r--roles/pull-from-intermediate-registry/tasks/main.yaml10
-rw-r--r--roles/use-buildset-registry/README.rst8
3 files changed, 13 insertions, 9 deletions
diff --git a/roles/build-docker-image/tasks/push.yaml b/roles/build-docker-image/tasks/push.yaml
index d49edd1..1f8e449 100644
--- a/roles/build-docker-image/tasks/push.yaml
+++ b/roles/build-docker-image/tasks/push.yaml
@@ -1,12 +1,12 @@
1- name: Tag image for buildset registry 1- name: Tag image for buildset registry
2 command: >- 2 command: >-
3 docker tag {{ image.repository }}:{{ image_tag }} {{ buildset_registry.host }}:{{ buildset_registry.port }}/{{ image.repository }}:{{ image_tag }} 3 docker tag {{ image.repository }}:{{ image_tag }} {{ buildset_registry.push_host }}:{{ buildset_registry.push_port }}/{{ image.repository }}:{{ image_tag }}
4 loop: "{{ image.tags | default(['latest']) }}" 4 loop: "{{ image.tags | default(['latest']) }}"
5 loop_control: 5 loop_control:
6 loop_var: image_tag 6 loop_var: image_tag
7- name: Push tag to buildset registry 7- name: Push tag to buildset registry
8 command: >- 8 command: >-
9 docker push {{ buildset_registry.host }}:{{ buildset_registry.port }}/{{ image.repository }}:{{ image_tag }} 9 docker push {{ buildset_registry.push_host }}:{{ buildset_registry.push_port }}/{{ image.repository }}:{{ image_tag }}
10 loop: "{{ image.tags | default(['latest']) }}" 10 loop: "{{ image.tags | default(['latest']) }}"
11 loop_control: 11 loop_control:
12 loop_var: image_tag 12 loop_var: image_tag
diff --git a/roles/pull-from-intermediate-registry/tasks/main.yaml b/roles/pull-from-intermediate-registry/tasks/main.yaml
index b787eb9..ee4c572 100644
--- a/roles/pull-from-intermediate-registry/tasks/main.yaml
+++ b/roles/pull-from-intermediate-registry/tasks/main.yaml
@@ -5,23 +5,19 @@
5 buildset_registry: "{{ (lookup('file', zuul.executor.work_root + '/results.json') | from_json)['buildset_registry'] }}" 5 buildset_registry: "{{ (lookup('file', zuul.executor.work_root + '/results.json') | from_json)['buildset_registry'] }}"
6- name: Ensure registry cert directory exists 6- name: Ensure registry cert directory exists
7 file: 7 file:
8 path: "/etc/docker/certs.d/{{ buildset_registry.host }}:{{ buildset_registry.port }}/" 8 path: "/etc/docker/certs.d/{{ buildset_registry.push_host }}:{{ buildset_registry.push_port }}/"
9 state: directory
10- name: Ensure registry cert directory exists
11 file:
12 path: "/etc/docker/certs.d/{{ buildset_registry.host }}:{{ buildset_registry.port }}/"
13 state: directory 9 state: directory
14- name: Write registry TLS certificate 10- name: Write registry TLS certificate
15 copy: 11 copy:
16 content: "{{ buildset_registry.cert }}" 12 content: "{{ buildset_registry.cert }}"
17 dest: "/etc/docker/certs.d/{{ buildset_registry.host }}:{{ buildset_registry.port }}/ca.crt" 13 dest: "/etc/docker/certs.d/{{ buildset_registry.push_host }}:{{ buildset_registry.push_port }}/ca.crt"
18- name: Pull artifact from intermediate registry 14- name: Pull artifact from intermediate registry
19 command: >- 15 command: >-
20 skopeo --insecure-policy copy 16 skopeo --insecure-policy copy
21 --src-creds={{ intermediate_registry.username }}:{{ intermediate_registry.password }} 17 --src-creds={{ intermediate_registry.username }}:{{ intermediate_registry.password }}
22 --dest-creds={{ buildset_registry.username }}:{{ buildset_registry.password }} 18 --dest-creds={{ buildset_registry.username }}:{{ buildset_registry.password }}
23 {{ item.url }} 19 {{ item.url }}
24 docker://{{ buildset_registry.host }}:{{ buildset_registry.port }}/{{ item.metadata.repository }}:{{ item.metadata.tag }} 20 docker://{{ buildset_registry.push_host }}:{{ buildset_registry.push_port }}/{{ item.metadata.repository }}:{{ item.metadata.tag }}
25 when: "item.metadata.type | default('') == 'container_image'" 21 when: "item.metadata.type | default('') == 'container_image'"
26 loop: "{{ zuul.artifacts | default([]) }}" 22 loop: "{{ zuul.artifacts | default([]) }}"
27 # no_log: true TODO(corvus): replace 23 # no_log: true TODO(corvus): replace
diff --git a/roles/use-buildset-registry/README.rst b/roles/use-buildset-registry/README.rst
index 2801477..8219157 100644
--- a/roles/use-buildset-registry/README.rst
+++ b/roles/use-buildset-registry/README.rst
@@ -17,6 +17,14 @@ Use this role on any host which should use the buildset registry.
17 17
18 The port on which the registry is listening. 18 The port on which the registry is listening.
19 19
20 .. zuul:rolevar:: push_host
21
22 The host (IP address) to use when pushing images to the registry.
23
24 .. zuul:rolevar:: push_port
25
26 The port to use when pushing images to the registry.
27
20 .. zuul:rolevar:: username 28 .. zuul:rolevar:: username
21 29
22 The username used to access the registry via HTTP basic auth. 30 The username used to access the registry via HTTP basic auth.