Ansible role to deploy a container registry
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Alex Schultz a0a314ade3 Fixup requirements 4 months ago
ci-scripts Fix all the ci 6 months ago
defaults Disable docker iptables support 2 years ago
handlers Fix race on slow environment 2 years ago
meta meta/main: add role description 3 years ago
molecule Fix all the ci 6 months ago
tasks Fix all the ci 6 months ago
templates Restore old task for docker-daemon.json 3 years ago
tests Update role name in test.yml 3 years ago
vars docker: add support for additional sockets 3 years ago
zuul.d Fix all the ci 6 months ago
.gitignore First commit in Gerrit 3 years ago
.gitreview OpenDev Migration Patch 2 years ago
.yamllint Add molecule testing 2 years ago
LICENSE first commit 3 years ago
README.rst Disable docker iptables support 2 years ago
ansible-requirements.txt Fixup requirements 4 months ago
ansible.cfg Fix ansible role name in cfg files 3 years ago
bindep.txt Add molecule testing 2 years ago
requirements.txt Fixup requirements 4 months ago
setup.cfg Update to opendev 2 years ago First commit in Gerrit 3 years ago
test-requirements.txt Fixup requirements 4 months ago
tox.ini Replace deprecated UPPER_CONSTRAINTS_FILE variable 6 months ago



A role to deploy a container registry and provide methods to login to it. For now, the role only support Docker Registry v2. The login currently doesn't work with

Role Variables

Variables used for container registry
Name Default Value Description
container_registry_debug false Enable debug option in Docker
container_registry_deploy_docker true Whether or not to deploy Docker
container_registry_deploy_docker_distribution true Whether or not to deploy Docker Distribution
container_registry_deployment_user centos User which needs to manage containers
container_registry_docker_options --log-driver=journald --signature-verification=false --iptables=false --live-restore Options given to Docker configuration
container_registry_docker_disable_iptables false Adds --iptables=false to /etc/sysconfig/docker-network config
container_registry_insecure_registries [] Array of insecure registries
container_registry_network_options [undefined] Docker networking options
container_registry_host localhost Docker registry host
container_registry_port 8787 Docker registry port
container_registry_mirror [undefined] Docker registry mirror
container_registry_storage_options -s overlay2 Docker storage options
container_registry_selinux false Whether or not SElinux is enabled for containers
container_registry_additional_sockets [undefined] Additional sockets for containers
container_registry_skip_reconfiguration false Do not perform container registry reconfiguration if it's already configured
container_registry_logins [] A dictionary containing registries and a username and a password associated with the registry. Example: {'': {'myusername': 'mypassword'}, '': {'otheruser': 'otherpass'}}


  • ansible >= 2.4
  • python >= 2.6



Example Playbooks

Modify Image

The following playbook will deploy a Docker registry:

- hosts: localhost
  become: true
    - container-registry


Apache 2.0

Running local testing

Local testing of this role can be done in a number of ways.

Mimic Zuul

Sometimes its nessisary to setup a test that will mimic what the OpenStack gate will do (Zuul). To run tests that minic the gate, python-virtualenv git, gcc, and ansible are required.

$ sudo yum install python-virtualenv git gcc

Once the packages are installed, create a python virtual environment.

$ python -m virtualenv --system-site-packages ~/test-python
$ ~/test-python/bin/pip install pip setuptools --upgrade

Now install the latest Ansible

$ ~/test-python/bin/pip install ansible

With Ansible installed, activate the virtual environment and run the run-local.yml test playbook.

$ source ~/test-python/bin/activate
(test-python) $ ansible-playbook -i 'localhost,' \
                                 -e "tripleo_src=$(realpath --relative-to="${HOME}" "$(pwd)")" \
                                 -e "ansible_user=${USER}" \
                                 -e "ansible_user_dir=${HOME}" \
                                 -e "ansible_connection=local" \

Running Molecule directly

It is also possible to test this role using molecule directly. When running tests directly it is assumed all of the dependencies are setup and ready to run on the local workstation. When

$ molecule test --all