Add intermediate registry push/pull roles

Change-Id: Ie2554005f924d2736d1f1fd1c51cfd5ca9e09199
Depends-On: https://review.openstack.org/634825
This commit is contained in:
James E. Blair 2019-02-04 14:53:58 -08:00
parent a9ae9ffb0c
commit 8efc1cf1af
5 changed files with 178 additions and 0 deletions

View File

@ -0,0 +1,62 @@
Pull artifacts from the intermediate registry
This role will pull any artifacts built for changes ahead of this
change which have been placed in an intermediate registry into the
buildset registry for this buildset.
Run this in a trusted pre-playbook at the start of a job (which, in
the case of multiple dependent jobs in a buildset, should be at the
root of the job dependency graph).
This requires the :zuul:role:`run-buildset-registry` role already
applied. It also requires an externally managed "intermediate"
registry operating for the use of Zuul, and it requires "skopeo" to be
installed on the Zuul executors.
**Role Variables**
.. zuul:rolevar:: buildset_registry
Information about the registry, as returned by
:zuul:role:`run-buildset-registry`.
.. zuul:rolevar:: host
The host (IP address) of the registry.
.. zuul:rolevar:: port
The port on which the registry is listening.
.. zuul:rolevar:: username
The username used to access the registry via HTTP basic auth.
.. zuul:rolevar:: password
The password used to access the registry via HTTP basic auth.
.. zuul:rolevar:: cert
The (self-signed) certificate used by the registry.
.. zuul:rolevar:: intermediate_registry
Information about the registry. This is expected to be provided as
a secret.
.. zuul:rolevar:: host
The host (IP address) of the registry.
.. zuul:rolevar:: port
The port on which the registry is listening.
.. zuul:rolevar:: username
The username used to access the registry via HTTP basic auth.
.. zuul:rolevar:: password
The password used to access the registry via HTTP basic auth.

View File

@ -0,0 +1,10 @@
- name: Pull artifact from intermediate registry
command: >-
skopeo copy
--src-creds={{ intermediate_registry.username }}:{{ intermediate_registry.password }}
--dest-creds={{ buildset_registry.username }}:{{ buildset_registry.password }}
{{ item.url }}
docker://{{ buildset_registry.host }}:{{ buildset_registry.port }}/{{ item.metadata.repository }}:{{ item.metadata.tag }}
when: "item.metadata.type | default('') == 'container_image'"
loop: "{{ zuul.artifacts }}"
no_log: true

View File

@ -0,0 +1,75 @@
Push artifacts to the intermediate registry
This role will push any images built by
:zuul:role:`build-docker-image` into an intermediate registry.
Run this in a trusted post-playbook at the end of a job after the
image build.
This requires the :zuul:role:`run-buildset-registry` role already
applied. It also requires an externally managed "intermediate"
registry operating for the use of Zuul, and it requires "skopeo" to be
installed on the Zuul executors.
**Role Variables**
.. zuul:rolevar:: buildset_registry
Information about the registry, as returned by
:zuul:role:`run-buildset-registry`.
.. zuul:rolevar:: host
The host (IP address) of the registry.
.. zuul:rolevar:: port
The port on which the registry is listening.
.. zuul:rolevar:: username
The username used to access the registry via HTTP basic auth.
.. zuul:rolevar:: password
The password used to access the registry via HTTP basic auth.
.. zuul:rolevar:: cert
The (self-signed) certificate used by the registry.
.. zuul:rolevar:: intermediate_registry
Information about the registry. This is expected to be provided as
a secret.
.. zuul:rolevar:: host
The host (IP address) of the registry.
.. zuul:rolevar:: port
The port on which the registry is listening.
.. zuul:rolevar:: username
The username used to access the registry via HTTP basic auth.
.. zuul:rolevar:: password
The password used to access the registry via HTTP basic auth.
.. zuul:rolevar:: docker_images
:type: list
A list of images built. Each item in the list should have:
.. zuul:rolevar:: repository
The name of the target repository for the image.
.. zuul:rolevar:: tags
:type: list
:default: ['latest']
A list of tags to be added to the image.

View File

@ -0,0 +1,5 @@
- name: Push image to intermediate registry
include_tasks: push.yaml
loop: docker_images
loop_control:
loop_var: image

View File

@ -0,0 +1,26 @@
- name: Push tag to intermediate registry
command: >-
skopeo copy
--src-creds={{ buildset_registry.username }}:{{ buildset_registry.password }}
--dest-creds={{ intermediate_registry.username }}:{{ intermediate_registry.password }}
docker://{{ buildset_registry.host }}:{{ buildset_registry.port }}/{{ image.repository }}:{{ image_tag }}
docker://{{ intermediate_registry.hostname }}:{{ intermediate_registry.port}}/{{ image.repository }}:{{ zuul.build }}_{{ image_tag}}
loop: "{{ image.tags }}"
loop_control:
loop_var: image_tag
no_log: true
- name: Return artifact to Zuul
zuul_return:
data:
zuul:
artifacts:
"image_{{ image.repository }}:{{ image_tag }}":
url: "docker://{{ intermediate_registry.hostname }}:{{ intermediate_registry.port}}/{{ image.repository }}:{{ zuul.build }}_{{ image_tag}}"
metadata:
type: container_image
repository: "{{ image.repository }}"
tag: "{{ image_tag }}"
loop: "{{ image.tags }}"
loop_control:
loop_var: image_tag