7ff0ba880b
Utility containers shall act as an interface to an Airship environment and shall enable them to perform routine operational and debugging activities. Utility containers shall enable Operations to seamlessly support Airship environment without exposing secrets and credentials, and at the same time restricting the access to actual containers. This container allows users access to MariaDB pods remotely to perform db functions. Authorized users will able to run db queries through 'utilscli' helper. Change-Id: I72f5f202b094de9733c13b6a5a6ce3d29205b574
112 lines
3.2 KiB
YAML
112 lines
3.2 KiB
YAML
- hosts: all
|
|
tasks:
|
|
- include_vars: vars.yaml
|
|
|
|
- name: Install Docker (Debian)
|
|
when: ansible_os_family == 'Debian'
|
|
block:
|
|
- file:
|
|
path: "{{ item }}"
|
|
state: directory
|
|
with_items:
|
|
- /etc/docker/
|
|
- /etc/systemd/system/docker.service.d/
|
|
- /var/lib/docker/
|
|
- mount:
|
|
path: /var/lib/docker/
|
|
src: tmpfs
|
|
fstype: tmpfs
|
|
opts: size=25g
|
|
state: mounted
|
|
- copy: "{{ item }}"
|
|
with_items:
|
|
- content: "{{ docker_daemon | to_json }}"
|
|
dest: /etc/docker/daemon.json
|
|
- src: files/docker-systemd.conf
|
|
dest: /etc/systemd/system/docker.service.d/
|
|
- apt_key:
|
|
url: https://download.docker.com/linux/ubuntu/gpg
|
|
- apt_repository:
|
|
repo: deb http://{{ zuul_site_mirror_fqdn }}/deb-docker xenial stable
|
|
- apt:
|
|
name: "{{ item }}"
|
|
allow_unauthenticated: True
|
|
with_items:
|
|
- docker-ce
|
|
- python-pip
|
|
- pip:
|
|
name: docker
|
|
version: 2.7.0
|
|
# NOTE(SamYaple): Allow all connections from containers to host so the
|
|
# containers can access the http server for git and wheels
|
|
- iptables:
|
|
action: insert
|
|
chain: INPUT
|
|
in_interface: docker0
|
|
jump: ACCEPT
|
|
become: True
|
|
|
|
- name: Debug tag generation inputs
|
|
block:
|
|
- debug:
|
|
var: publish
|
|
- debug:
|
|
var: tags
|
|
- debug:
|
|
var: zuul
|
|
- debug:
|
|
msg: "{{ tags | to_json }}"
|
|
|
|
- name: Determine tags
|
|
shell: echo '{{ tags | to_json }}' | python {{ zuul.project.src_dir }}/tools/image_tags.py
|
|
environment:
|
|
BRANCH: "{{ zuul.branch | default('') }}"
|
|
CHANGE: "{{ zuul.change | default('') }}"
|
|
COMMIT: "{{ zuul.newrev | default('') }}"
|
|
PATCHSET: "{{ zuul.patchset | default('') }}"
|
|
register: image_tags
|
|
|
|
- name: Debug computed tags
|
|
debug:
|
|
var: image_tags
|
|
|
|
- name: Make images
|
|
when: not publish
|
|
block:
|
|
- make:
|
|
chdir: "{{ zuul.project.src_dir }}"
|
|
target: images
|
|
params:
|
|
IMAGE_TAG: "{{ item }}"
|
|
with_items: "{{ image_tags.stdout_lines }}"
|
|
|
|
- shell: "docker images"
|
|
register: docker_images
|
|
|
|
- debug:
|
|
var: docker_images
|
|
|
|
become: True
|
|
|
|
- name: Publish images
|
|
block:
|
|
- docker_login:
|
|
username: "{{ quay_credentials.username }}"
|
|
password: "{{ quay_credentials.password }}"
|
|
registry_url: "https://quay.io/api/v1/"
|
|
- make:
|
|
chdir: "{{ zuul.project.src_dir }}"
|
|
target: images
|
|
params:
|
|
DOCKER_REGISTRY: "quay.io"
|
|
IMAGE_PREFIX: "airshipit"
|
|
IMAGE_TAG: "{{ item }}"
|
|
COMMIT: "{{ zuul.newrev | default('') }}"
|
|
PUSH_IMAGE: "true"
|
|
with_items: "{{ image_tags.stdout_lines }}"
|
|
- shell: "docker images"
|
|
register: docker_images
|
|
- debug:
|
|
var: docker_images
|
|
when: publish
|
|
become: True |