Merge "Add docker registry support for swarm"
This commit is contained in:
commit
391614e7bf
@ -578,6 +578,8 @@ class AtomicSwarmTemplateDefinition(BaseTemplateDefinition):
|
||||
self.add_parameter('tls_disabled',
|
||||
baymodel_attr='tls_disabled',
|
||||
required=True)
|
||||
self.add_parameter('registry_enabled',
|
||||
baymodel_attr='registry_enabled')
|
||||
self.add_output('api_address',
|
||||
bay_attr='api_address',
|
||||
mapping_type=SwarmApiAddressOutputMapping)
|
||||
@ -607,6 +609,11 @@ class AtomicSwarmTemplateDefinition(BaseTemplateDefinition):
|
||||
for label in label_list:
|
||||
extra_params[label] = baymodel.labels.get(label)
|
||||
|
||||
if baymodel.registry_enabled:
|
||||
extra_params['swift_region'] = CONF.docker_registry.swift_region
|
||||
extra_params['registry_container'] = (
|
||||
CONF.docker_registry.swift_registry_container)
|
||||
|
||||
return super(AtomicSwarmTemplateDefinition,
|
||||
self).get_params(context, baymodel, bay,
|
||||
extra_params=extra_params,
|
||||
|
@ -0,0 +1,45 @@
|
||||
#!/bin/sh
|
||||
|
||||
. /etc/sysconfig/heat-params
|
||||
|
||||
if [ "$REGISTRY_ENABLED" = "False" ]; then
|
||||
exit 0
|
||||
fi
|
||||
|
||||
cat > /etc/sysconfig/registry-config.yml << EOF
|
||||
version: 0.1
|
||||
log:
|
||||
fields:
|
||||
service: registry
|
||||
storage:
|
||||
cache:
|
||||
layerinfo: inmemory
|
||||
swift:
|
||||
authurl: "$AUTH_URL"
|
||||
region: "$SWIFT_REGION"
|
||||
username: "$TRUSTEE_USERNAME"
|
||||
password: "$TRUSTEE_PASSWORD"
|
||||
domainid: "$TRUSTEE_DOMAIN_ID"
|
||||
trustid: "$TRUST_ID"
|
||||
container: "$REGISTRY_CONTAINER"
|
||||
insecureskipverify: $REGISTRY_INSECURE
|
||||
chunksize: $REGISTRY_CHUNKSIZE
|
||||
http:
|
||||
addr: :5000
|
||||
EOF
|
||||
|
||||
cat > /etc/systemd/system/registry.service << EOF
|
||||
[Unit]
|
||||
Description=Docker registry v2
|
||||
Requires=docker.service
|
||||
After=docker.service
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
RemainAfterExit=yes
|
||||
ExecStart=/usr/bin/docker run -d -p $REGISTRY_PORT:5000 --restart=always --name registry -v /etc/sysconfig/registry-config.yml:/etc/docker/registry/config.yml registry:2
|
||||
ExecStop=/usr/bin/docker rm -f registry
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
EOF
|
12
magnum/templates/swarm/fragments/enable-docker-registry.sh
Normal file
12
magnum/templates/swarm/fragments/enable-docker-registry.sh
Normal file
@ -0,0 +1,12 @@
|
||||
#!/bin/sh
|
||||
|
||||
. /etc/sysconfig/heat-params
|
||||
|
||||
if [ "$REGISTRY_ENABLED" = "False" ]; then
|
||||
exit 0
|
||||
fi
|
||||
|
||||
echo "starting docker registry ..."
|
||||
systemctl daemon-reload
|
||||
systemctl enable registry
|
||||
systemctl --no-block start registry
|
@ -20,7 +20,15 @@ write_files:
|
||||
API_IP_ADDRESS="$API_IP_ADDRESS"
|
||||
SWARM_VERSION="$SWARM_VERSION"
|
||||
AGENT_WAIT_HANDLE="$AGENT_WAIT_HANDLE"
|
||||
TRUSTEE_DOMAIN_ID="$TRUSTEE_DOMAIN_ID"
|
||||
TRUSTEE_USER_ID="$TRUSTEE_USER_ID"
|
||||
TRUSTEE_USERNAME="$TRUSTEE_USERNAME"
|
||||
TRUSTEE_PASSWORD="$TRUSTEE_PASSWORD"
|
||||
TRUST_ID="$TRUST_ID"
|
||||
AUTH_URL="$AUTH_URL"
|
||||
REGISTRY_ENABLED="$REGISTRY_ENABLED"
|
||||
REGISTRY_PORT="$REGISTRY_PORT"
|
||||
SWIFT_REGION="$SWIFT_REGION"
|
||||
REGISTRY_CONTAINER="$REGISTRY_CONTAINER"
|
||||
REGISTRY_INSECURE="$REGISTRY_INSECURE"
|
||||
REGISTRY_CHUNKSIZE="$REGISTRY_CHUNKSIZE"
|
||||
|
@ -172,6 +172,40 @@ parameters:
|
||||
type: string
|
||||
description: url for keystone
|
||||
|
||||
registry_enabled:
|
||||
type: boolean
|
||||
description: >
|
||||
Indicates whether the docker registry is enabled.
|
||||
default: false
|
||||
|
||||
registry_port:
|
||||
type: number
|
||||
description: port of registry service
|
||||
default: 5000
|
||||
|
||||
swift_region:
|
||||
type: string
|
||||
description: region of swift service
|
||||
default: ""
|
||||
|
||||
registry_container:
|
||||
type: string
|
||||
description: >
|
||||
name of swift container which docker registry stores images in
|
||||
default: "container"
|
||||
|
||||
registry_insecure:
|
||||
type: boolean
|
||||
description: >
|
||||
indicates whether to skip TLS verification between registry and backend storage
|
||||
default: true
|
||||
|
||||
registry_chunksize:
|
||||
type: number
|
||||
description: >
|
||||
size fo the data segments for the swift dynamic large objects
|
||||
default: 5242880
|
||||
|
||||
resources:
|
||||
|
||||
######################################################################
|
||||
@ -354,10 +388,18 @@ resources:
|
||||
etcd_server_ip: {get_attr: [etcd_pool, vip, address]}
|
||||
api_ip_address: {get_attr: [api_pool_floating, floating_ip_address]}
|
||||
swarm_version: {get_param: swarm_version}
|
||||
trustee_domain_id: {get_param: trustee_domain_id}
|
||||
trustee_user_id: {get_param: trustee_user_id}
|
||||
trustee_username: {get_param: trustee_username}
|
||||
trustee_password: {get_param: trustee_password}
|
||||
trust_id: {get_param: trust_id}
|
||||
auth_url: {get_param: auth_url}
|
||||
registry_enabled: {get_param: registry_enabled}
|
||||
registry_port: {get_param: registry_port}
|
||||
swift_region: {get_param: swift_region}
|
||||
registry_container: {get_param: registry_container}
|
||||
registry_insecure: {get_param: registry_insecure}
|
||||
registry_chunksize: {get_param: registry_chunksize}
|
||||
|
||||
outputs:
|
||||
|
||||
|
@ -93,10 +93,18 @@ parameters:
|
||||
type: string
|
||||
description: ip address of the load balancer pool of etcd server.
|
||||
|
||||
trustee_domain_id:
|
||||
type: string
|
||||
description: domain id of the trustee
|
||||
|
||||
trustee_user_id:
|
||||
type: string
|
||||
description: user id of the trustee
|
||||
|
||||
trustee_username:
|
||||
type: string
|
||||
description: username of the trustee
|
||||
|
||||
trustee_password:
|
||||
type: string
|
||||
description: password of the trustee
|
||||
@ -111,6 +119,34 @@ parameters:
|
||||
type: string
|
||||
description: url for keystone
|
||||
|
||||
registry_enabled:
|
||||
type: boolean
|
||||
description: >
|
||||
Indicates whether the docker registry is enabled.
|
||||
|
||||
registry_port:
|
||||
type: number
|
||||
description: port of registry service
|
||||
|
||||
swift_region:
|
||||
type: string
|
||||
description: region of swift service
|
||||
|
||||
registry_container:
|
||||
type: string
|
||||
description: >
|
||||
name of swift container which docker registry stores images in
|
||||
|
||||
registry_insecure:
|
||||
type: boolean
|
||||
description: >
|
||||
indicates whether to skip TLS verification between registry and backend storage
|
||||
|
||||
registry_chunksize:
|
||||
type: number
|
||||
description: >
|
||||
size fo the data segments for the swift dynamic large objects
|
||||
|
||||
resources:
|
||||
|
||||
node_cloud_init_wait_handle:
|
||||
@ -164,10 +200,18 @@ resources:
|
||||
"$API_IP_ADDRESS": {get_param: api_ip_address}
|
||||
"$SWARM_VERSION": {get_param: swarm_version}
|
||||
"$AGENT_WAIT_HANDLE": {get_resource: node_agent_wait_handle}
|
||||
"$TRUSTEE_DOMAIN_ID": {get_param: trustee_domain_id}
|
||||
"$TRUSTEE_USER_ID": {get_param: trustee_user_id}
|
||||
"$TRUSTEE_USERNAME": {get_param: trustee_username}
|
||||
"$TRUSTEE_PASSWORD": {get_param: trustee_password}
|
||||
"$TRUST_ID": {get_param: trust_id}
|
||||
"$AUTH_URL": {get_param: auth_url}
|
||||
"$REGISTRY_ENABLED": {get_param: registry_enabled}
|
||||
"$REGISTRY_PORT": {get_param: registry_port}
|
||||
"$SWIFT_REGION": {get_param: swift_region}
|
||||
"$REGISTRY_CONTAINER": {get_param: registry_container}
|
||||
"$REGISTRY_INSECURE": {get_param: registry_insecure}
|
||||
"$REGISTRY_CHUNKSIZE": {get_param: registry_chunksize}
|
||||
|
||||
remove_docker_key:
|
||||
type: "OS::Heat::SoftwareConfig"
|
||||
@ -187,6 +231,12 @@ resources:
|
||||
group: ungrouped
|
||||
config: {get_file: fragments/configure-docker-storage.sh}
|
||||
|
||||
configure_docker_registry:
|
||||
type: OS::Heat::SoftwareConfig
|
||||
properties:
|
||||
group: ungrouped
|
||||
config: {get_file: fragments/configure-docker-registry.sh}
|
||||
|
||||
write_docker_service:
|
||||
type: "OS::Heat::SoftwareConfig"
|
||||
properties:
|
||||
@ -222,6 +272,12 @@ resources:
|
||||
group: ungrouped
|
||||
config: {get_file: fragments/write-swarm-agent-service.sh}
|
||||
|
||||
enable_docker_registry:
|
||||
type: OS::Heat::SoftwareConfig
|
||||
properties:
|
||||
group: ungrouped
|
||||
config: {get_file: fragments/enable-docker-registry.sh}
|
||||
|
||||
enable_services:
|
||||
type: "OS::Heat::SoftwareConfig"
|
||||
properties:
|
||||
@ -260,11 +316,13 @@ resources:
|
||||
- config: {get_resource: make_cert}
|
||||
- config: {get_resource: network_service}
|
||||
- config: {get_resource: configure_docker_storage}
|
||||
- config: {get_resource: configure_docker_registry}
|
||||
- config: {get_resource: write_swarm_agent_failure_service}
|
||||
- config: {get_resource: write_swarm_agent_service}
|
||||
- config: {get_resource: write_docker_service}
|
||||
- config: {get_resource: write_docker_socket}
|
||||
- config: {get_resource: add_proxy}
|
||||
- config: {get_resource: enable_docker_registry}
|
||||
- config: {get_resource: enable_services}
|
||||
- config: {get_resource: cfn_signal}
|
||||
|
||||
|
@ -40,6 +40,7 @@ class TestBayConductorWithSwarm(base.TestCase):
|
||||
'https_proxy': 'https_proxy',
|
||||
'no_proxy': 'no_proxy',
|
||||
'tls_disabled': False,
|
||||
'registry_enabled': False,
|
||||
'server_type': 'vm',
|
||||
'network_driver': 'network_driver',
|
||||
'labels': {'flannel_network_cidr': '10.101.0.0/16',
|
||||
@ -102,6 +103,57 @@ class TestBayConductorWithSwarm(base.TestCase):
|
||||
'bay_uuid': '5d12f6fd-a196-4bf0-ae4c-1f639a523a52',
|
||||
'magnum_url': self.mock_osc.magnum_url.return_value,
|
||||
'tls_disabled': False,
|
||||
'registry_enabled': False,
|
||||
'network_driver': 'network_driver',
|
||||
'flannel_network_cidr': '10.101.0.0/16',
|
||||
'flannel_network_subnetlen': '26',
|
||||
'flannel_backend': 'vxlan',
|
||||
'trustee_domain_id': '3527620c-b220-4f37-9ebc-6e63a81a9b2f',
|
||||
'trustee_username': 'fake_trustee',
|
||||
'trustee_password': 'fake_trustee_password',
|
||||
'trustee_user_id': '7b489f04-b458-4541-8179-6a48a553e656',
|
||||
'trust_id': 'bd11efc5-d4e2-4dac-bbce-25e348ddf7de',
|
||||
'auth_url': 'http://192.168.10.10:5000/v3'
|
||||
}
|
||||
self.assertEqual(expected, definition)
|
||||
|
||||
@patch('magnum.objects.BayModel.get_by_uuid')
|
||||
def test_extract_template_definition_with_registry(
|
||||
self,
|
||||
mock_objects_baymodel_get_by_uuid):
|
||||
self.baymodel_dict['registry_enabled'] = True
|
||||
baymodel = objects.BayModel(self.context, **self.baymodel_dict)
|
||||
mock_objects_baymodel_get_by_uuid.return_value = baymodel
|
||||
bay = objects.Bay(self.context, **self.bay_dict)
|
||||
|
||||
cfg.CONF.set_override('swift_region',
|
||||
'RegionOne',
|
||||
group='docker_registry')
|
||||
|
||||
(template_path,
|
||||
definition) = bay_conductor._extract_template_definition(self.context,
|
||||
bay)
|
||||
|
||||
expected = {
|
||||
'ssh_key_name': 'keypair_id',
|
||||
'external_network': 'external_network_id',
|
||||
'dns_nameserver': 'dns_nameserver',
|
||||
'server_image': 'image_id',
|
||||
'master_flavor': 'master_flavor_id',
|
||||
'node_flavor': 'flavor_id',
|
||||
'number_of_masters': 1,
|
||||
'number_of_nodes': 1,
|
||||
'docker_volume_size': 20,
|
||||
'discovery_url': 'https://discovery.test.io/123456789',
|
||||
'http_proxy': 'http_proxy',
|
||||
'https_proxy': 'https_proxy',
|
||||
'no_proxy': 'no_proxy',
|
||||
'bay_uuid': '5d12f6fd-a196-4bf0-ae4c-1f639a523a52',
|
||||
'magnum_url': self.mock_osc.magnum_url.return_value,
|
||||
'tls_disabled': False,
|
||||
'registry_enabled': True,
|
||||
'registry_container': 'docker_registry',
|
||||
'swift_region': 'RegionOne',
|
||||
'network_driver': 'network_driver',
|
||||
'flannel_network_cidr': '10.101.0.0/16',
|
||||
'flannel_network_subnetlen': '26',
|
||||
@ -145,6 +197,7 @@ class TestBayConductorWithSwarm(base.TestCase):
|
||||
'bay_uuid': '5d12f6fd-a196-4bf0-ae4c-1f639a523a52',
|
||||
'magnum_url': self.mock_osc.magnum_url.return_value,
|
||||
'tls_disabled': False,
|
||||
'registry_enabled': False,
|
||||
'flannel_network_cidr': u'10.101.0.0/16',
|
||||
'flannel_network_subnetlen': u'26',
|
||||
'flannel_backend': u'vxlan',
|
||||
|
@ -407,6 +407,7 @@ class AtomicSwarmTemplateDefinitionTestCase(base.TestCase):
|
||||
mock_context.auth_token = 'AUTH_TOKEN'
|
||||
mock_baymodel = mock.MagicMock()
|
||||
mock_baymodel.tls_disabled = False
|
||||
mock_baymodel.registry_enabled = False
|
||||
mock_bay = mock.MagicMock()
|
||||
mock_bay.uuid = '5d12f6fd-a196-4bf0-ae4c-1f639a523a52'
|
||||
del mock_bay.stack_id
|
||||
|
Loading…
x
Reference in New Issue
Block a user