78da67824a
With the upcoming activation of RHEL8 pipeline, we decided with infra it was better to switch rdo registry to restricted access. This means that all the job in rdo must login to registry to pull containers. All the Centos7 jobs must now call this role to login to the registry, so we are expanding the login part to satisfy the workflow RHEL8 job with podman will use a internal role instead. Change-Id: I6e55bdcf493d04bfc88ae22154124a7888563147 |
||
---|---|---|
ci-scripts | ||
defaults | ||
handlers | ||
meta | ||
molecule | ||
tasks | ||
templates | ||
tests | ||
vars | ||
zuul.d | ||
.gitignore | ||
.gitreview | ||
.yamllint | ||
LICENSE | ||
README.rst | ||
ansible-requirements.txt | ||
ansible.cfg | ||
bindep.txt | ||
requirements.txt | ||
setup.cfg | ||
setup.py | ||
test-requirements.txt | ||
tox.ini |
README.rst
ansible-role-container-registry
A role to deploy a container registry and provide methods to login to it. For now, the role only support Docker Registry v2. The login currently doesn't work with hub.docker.com.
Role Variables
Name | Default Value | Description |
---|---|---|
container_registry_debug | false | Enable debug option in Docker |
container_registry_deploy_docker | true | Whether or not to deploy Docker |
container_registry_deploy_docker_distribution | true | Whether or not to deploy Docker Distribution |
container_registry_deployment_user | centos | User which needs to manage containers |
container_registry_docker_options | --log-driver=journald --signature-verification=false --iptables=false --live-restore | Options given to Docker configuration |
container_registry_insecure_registries | [] | Array of insecure registries |
container_registry_network_options | [undefined] | Docker networking options |
container_registry_host | localhost | Docker registry host |
container_registry_port | 8787 | Docker registry port |
container_registry_mirror | [undefined] | Docker registry mirror |
container_registry_storage_options | -s overlay2 | Docker storage options |
container_registry_selinux | false | Whether or not SElinux is enabled for containers |
container_registry_additional_sockets | [undefined] | Additional sockets for containers |
container_registry_skip_reconfiguration | false | Do not perform container registry reconfiguration if it's already configured |
container_registry_logins | [] | A dictionary containing registries and a username and a password associated with the registry. Example: {'docker.io': {'myusername': 'mypassword'}, 'registry.example.com:8787': {'otheruser': 'otherpass'}} |
Requirements
- ansible >= 2.4
- python >= 2.6
Dependencies
None
Example Playbooks
Modify Image
The following playbook will deploy a Docker registry:
- hosts: localhost
become: true
roles:
- container-registry
License
Apache 2.0
Running local testing
Local testing of this role can be done in a number of ways.
Mimic Zuul
Sometimes its nessisary to setup a test that will mimic what the OpenStack gate will do (Zuul). To run tests that minic the gate, python-virtualenv git, gcc, and ansible are required.
$ sudo yum install python-virtualenv git gcc
Once the packages are installed, create a python virtual environment.
$ python -m virtualenv --system-site-packages ~/test-python
$ ~/test-python/bin/pip install pip setuptools --upgrade
Now install the latest Ansible
$ ~/test-python/bin/pip install ansible
With Ansible installed, activate the virtual environment and run the run-local.yml test playbook.
$ source ~/test-python/bin/activate
(test-python) $ ansible-playbook -i 'localhost,' \
-e "tripleo_src=$(realpath --relative-to="${HOME}" "$(pwd)")" \
-e "ansible_user=${USER}" \
-e "ansible_user_dir=${HOME}" \
-e "ansible_connection=local" \
zuul.d/playbooks/run-local.yml
Running Molecule directly
It is also possible to test this role using molecule directly. When running tests directly it is assumed all of the dependencies are setup and ready to run on the local workstation. When
$ molecule test --all