From 7d8d090a46f2c29b7f2030f4d30ec178b53c4022 Mon Sep 17 00:00:00 2001 From: Hua Wang Date: Mon, 18 Apr 2016 18:12:25 +0800 Subject: [PATCH] Add docker registry support for swarm Add docker registry support for swarm in heat template. After this patch is merged, we can use docker registry in swarm bay. Change-Id: I5161a4c0259a2df89dfc8591453aebc6f037d40d Partially-Implements: blueprint registryv2-in-master --- magnum/conductor/template_definition.py | 7 +++ .../fragments/configure-docker-registry.sh | 45 ++++++++++++++ .../swarm/fragments/enable-docker-registry.sh | 12 ++++ .../fragments/write-heat-params-node.yaml | 8 +++ magnum/templates/swarm/swarmcluster.yaml | 42 ++++++++++++++ magnum/templates/swarm/swarmnode.yaml | 58 +++++++++++++++++++ .../handlers/test_swarm_bay_conductor.py | 53 +++++++++++++++++ .../conductor/test_template_definition.py | 1 + 8 files changed, 226 insertions(+) create mode 100644 magnum/templates/swarm/fragments/configure-docker-registry.sh create mode 100644 magnum/templates/swarm/fragments/enable-docker-registry.sh diff --git a/magnum/conductor/template_definition.py b/magnum/conductor/template_definition.py index d52ebd3f8c..bc4130bb69 100644 --- a/magnum/conductor/template_definition.py +++ b/magnum/conductor/template_definition.py @@ -578,6 +578,8 @@ class AtomicSwarmTemplateDefinition(BaseTemplateDefinition): self.add_parameter('tls_disabled', baymodel_attr='tls_disabled', required=True) + self.add_parameter('registry_enabled', + baymodel_attr='registry_enabled') self.add_output('api_address', bay_attr='api_address', mapping_type=SwarmApiAddressOutputMapping) @@ -607,6 +609,11 @@ class AtomicSwarmTemplateDefinition(BaseTemplateDefinition): for label in label_list: extra_params[label] = baymodel.labels.get(label) + if baymodel.registry_enabled: + extra_params['swift_region'] = CONF.docker_registry.swift_region + extra_params['registry_container'] = ( + CONF.docker_registry.swift_registry_container) + return super(AtomicSwarmTemplateDefinition, self).get_params(context, baymodel, bay, extra_params=extra_params, diff --git a/magnum/templates/swarm/fragments/configure-docker-registry.sh b/magnum/templates/swarm/fragments/configure-docker-registry.sh new file mode 100644 index 0000000000..f3cfcfa5b7 --- /dev/null +++ b/magnum/templates/swarm/fragments/configure-docker-registry.sh @@ -0,0 +1,45 @@ +#!/bin/sh + +. /etc/sysconfig/heat-params + +if [ "$REGISTRY_ENABLED" = "False" ]; then + exit 0 +fi + +cat > /etc/sysconfig/registry-config.yml << EOF +version: 0.1 +log: + fields: + service: registry +storage: + cache: + layerinfo: inmemory + swift: + authurl: "$AUTH_URL" + region: "$SWIFT_REGION" + username: "$TRUSTEE_USERNAME" + password: "$TRUSTEE_PASSWORD" + domainid: "$TRUSTEE_DOMAIN_ID" + trustid: "$TRUST_ID" + container: "$REGISTRY_CONTAINER" + insecureskipverify: $REGISTRY_INSECURE + chunksize: $REGISTRY_CHUNKSIZE +http: + addr: :5000 +EOF + +cat > /etc/systemd/system/registry.service << EOF +[Unit] +Description=Docker registry v2 +Requires=docker.service +After=docker.service + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=/usr/bin/docker run -d -p $REGISTRY_PORT:5000 --restart=always --name registry -v /etc/sysconfig/registry-config.yml:/etc/docker/registry/config.yml registry:2 +ExecStop=/usr/bin/docker rm -f registry + +[Install] +WantedBy=multi-user.target +EOF diff --git a/magnum/templates/swarm/fragments/enable-docker-registry.sh b/magnum/templates/swarm/fragments/enable-docker-registry.sh new file mode 100644 index 0000000000..abc3c473a3 --- /dev/null +++ b/magnum/templates/swarm/fragments/enable-docker-registry.sh @@ -0,0 +1,12 @@ +#!/bin/sh + +. /etc/sysconfig/heat-params + +if [ "$REGISTRY_ENABLED" = "False" ]; then + exit 0 +fi + +echo "starting docker registry ..." +systemctl daemon-reload +systemctl enable registry +systemctl --no-block start registry diff --git a/magnum/templates/swarm/fragments/write-heat-params-node.yaml b/magnum/templates/swarm/fragments/write-heat-params-node.yaml index 36b624f30a..051123385b 100644 --- a/magnum/templates/swarm/fragments/write-heat-params-node.yaml +++ b/magnum/templates/swarm/fragments/write-heat-params-node.yaml @@ -20,7 +20,15 @@ write_files: API_IP_ADDRESS="$API_IP_ADDRESS" SWARM_VERSION="$SWARM_VERSION" AGENT_WAIT_HANDLE="$AGENT_WAIT_HANDLE" + TRUSTEE_DOMAIN_ID="$TRUSTEE_DOMAIN_ID" TRUSTEE_USER_ID="$TRUSTEE_USER_ID" + TRUSTEE_USERNAME="$TRUSTEE_USERNAME" TRUSTEE_PASSWORD="$TRUSTEE_PASSWORD" TRUST_ID="$TRUST_ID" AUTH_URL="$AUTH_URL" + REGISTRY_ENABLED="$REGISTRY_ENABLED" + REGISTRY_PORT="$REGISTRY_PORT" + SWIFT_REGION="$SWIFT_REGION" + REGISTRY_CONTAINER="$REGISTRY_CONTAINER" + REGISTRY_INSECURE="$REGISTRY_INSECURE" + REGISTRY_CHUNKSIZE="$REGISTRY_CHUNKSIZE" diff --git a/magnum/templates/swarm/swarmcluster.yaml b/magnum/templates/swarm/swarmcluster.yaml index d521f66740..819819a307 100644 --- a/magnum/templates/swarm/swarmcluster.yaml +++ b/magnum/templates/swarm/swarmcluster.yaml @@ -172,6 +172,40 @@ parameters: type: string description: url for keystone + registry_enabled: + type: boolean + description: > + Indicates whether the docker registry is enabled. + default: false + + registry_port: + type: number + description: port of registry service + default: 5000 + + swift_region: + type: string + description: region of swift service + default: "" + + registry_container: + type: string + description: > + name of swift container which docker registry stores images in + default: "container" + + registry_insecure: + type: boolean + description: > + indicates whether to skip TLS verification between registry and backend storage + default: true + + registry_chunksize: + type: number + description: > + size fo the data segments for the swift dynamic large objects + default: 5242880 + resources: ###################################################################### @@ -354,10 +388,18 @@ resources: etcd_server_ip: {get_attr: [etcd_pool, vip, address]} api_ip_address: {get_attr: [api_pool_floating, floating_ip_address]} swarm_version: {get_param: swarm_version} + trustee_domain_id: {get_param: trustee_domain_id} trustee_user_id: {get_param: trustee_user_id} + trustee_username: {get_param: trustee_username} trustee_password: {get_param: trustee_password} trust_id: {get_param: trust_id} auth_url: {get_param: auth_url} + registry_enabled: {get_param: registry_enabled} + registry_port: {get_param: registry_port} + swift_region: {get_param: swift_region} + registry_container: {get_param: registry_container} + registry_insecure: {get_param: registry_insecure} + registry_chunksize: {get_param: registry_chunksize} outputs: diff --git a/magnum/templates/swarm/swarmnode.yaml b/magnum/templates/swarm/swarmnode.yaml index 89593f4534..0cb193be6e 100644 --- a/magnum/templates/swarm/swarmnode.yaml +++ b/magnum/templates/swarm/swarmnode.yaml @@ -93,10 +93,18 @@ parameters: type: string description: ip address of the load balancer pool of etcd server. + trustee_domain_id: + type: string + description: domain id of the trustee + trustee_user_id: type: string description: user id of the trustee + trustee_username: + type: string + description: username of the trustee + trustee_password: type: string description: password of the trustee @@ -111,6 +119,34 @@ parameters: type: string description: url for keystone + registry_enabled: + type: boolean + description: > + Indicates whether the docker registry is enabled. + + registry_port: + type: number + description: port of registry service + + swift_region: + type: string + description: region of swift service + + registry_container: + type: string + description: > + name of swift container which docker registry stores images in + + registry_insecure: + type: boolean + description: > + indicates whether to skip TLS verification between registry and backend storage + + registry_chunksize: + type: number + description: > + size fo the data segments for the swift dynamic large objects + resources: node_cloud_init_wait_handle: @@ -164,10 +200,18 @@ resources: "$API_IP_ADDRESS": {get_param: api_ip_address} "$SWARM_VERSION": {get_param: swarm_version} "$AGENT_WAIT_HANDLE": {get_resource: node_agent_wait_handle} + "$TRUSTEE_DOMAIN_ID": {get_param: trustee_domain_id} "$TRUSTEE_USER_ID": {get_param: trustee_user_id} + "$TRUSTEE_USERNAME": {get_param: trustee_username} "$TRUSTEE_PASSWORD": {get_param: trustee_password} "$TRUST_ID": {get_param: trust_id} "$AUTH_URL": {get_param: auth_url} + "$REGISTRY_ENABLED": {get_param: registry_enabled} + "$REGISTRY_PORT": {get_param: registry_port} + "$SWIFT_REGION": {get_param: swift_region} + "$REGISTRY_CONTAINER": {get_param: registry_container} + "$REGISTRY_INSECURE": {get_param: registry_insecure} + "$REGISTRY_CHUNKSIZE": {get_param: registry_chunksize} remove_docker_key: type: "OS::Heat::SoftwareConfig" @@ -187,6 +231,12 @@ resources: group: ungrouped config: {get_file: fragments/configure-docker-storage.sh} + configure_docker_registry: + type: OS::Heat::SoftwareConfig + properties: + group: ungrouped + config: {get_file: fragments/configure-docker-registry.sh} + write_docker_service: type: "OS::Heat::SoftwareConfig" properties: @@ -222,6 +272,12 @@ resources: group: ungrouped config: {get_file: fragments/write-swarm-agent-service.sh} + enable_docker_registry: + type: OS::Heat::SoftwareConfig + properties: + group: ungrouped + config: {get_file: fragments/enable-docker-registry.sh} + enable_services: type: "OS::Heat::SoftwareConfig" properties: @@ -260,11 +316,13 @@ resources: - config: {get_resource: make_cert} - config: {get_resource: network_service} - config: {get_resource: configure_docker_storage} + - config: {get_resource: configure_docker_registry} - config: {get_resource: write_swarm_agent_failure_service} - config: {get_resource: write_swarm_agent_service} - config: {get_resource: write_docker_service} - config: {get_resource: write_docker_socket} - config: {get_resource: add_proxy} + - config: {get_resource: enable_docker_registry} - config: {get_resource: enable_services} - config: {get_resource: cfn_signal} diff --git a/magnum/tests/unit/conductor/handlers/test_swarm_bay_conductor.py b/magnum/tests/unit/conductor/handlers/test_swarm_bay_conductor.py index 47b7520813..ade0ec2fb6 100644 --- a/magnum/tests/unit/conductor/handlers/test_swarm_bay_conductor.py +++ b/magnum/tests/unit/conductor/handlers/test_swarm_bay_conductor.py @@ -40,6 +40,7 @@ class TestBayConductorWithSwarm(base.TestCase): 'https_proxy': 'https_proxy', 'no_proxy': 'no_proxy', 'tls_disabled': False, + 'registry_enabled': False, 'server_type': 'vm', 'network_driver': 'network_driver', 'labels': {'flannel_network_cidr': '10.101.0.0/16', @@ -102,6 +103,57 @@ class TestBayConductorWithSwarm(base.TestCase): 'bay_uuid': '5d12f6fd-a196-4bf0-ae4c-1f639a523a52', 'magnum_url': self.mock_osc.magnum_url.return_value, 'tls_disabled': False, + 'registry_enabled': False, + 'network_driver': 'network_driver', + 'flannel_network_cidr': '10.101.0.0/16', + 'flannel_network_subnetlen': '26', + 'flannel_backend': 'vxlan', + 'trustee_domain_id': '3527620c-b220-4f37-9ebc-6e63a81a9b2f', + 'trustee_username': 'fake_trustee', + 'trustee_password': 'fake_trustee_password', + 'trustee_user_id': '7b489f04-b458-4541-8179-6a48a553e656', + 'trust_id': 'bd11efc5-d4e2-4dac-bbce-25e348ddf7de', + 'auth_url': 'http://192.168.10.10:5000/v3' + } + self.assertEqual(expected, definition) + + @patch('magnum.objects.BayModel.get_by_uuid') + def test_extract_template_definition_with_registry( + self, + mock_objects_baymodel_get_by_uuid): + self.baymodel_dict['registry_enabled'] = True + baymodel = objects.BayModel(self.context, **self.baymodel_dict) + mock_objects_baymodel_get_by_uuid.return_value = baymodel + bay = objects.Bay(self.context, **self.bay_dict) + + cfg.CONF.set_override('swift_region', + 'RegionOne', + group='docker_registry') + + (template_path, + definition) = bay_conductor._extract_template_definition(self.context, + bay) + + expected = { + 'ssh_key_name': 'keypair_id', + 'external_network': 'external_network_id', + 'dns_nameserver': 'dns_nameserver', + 'server_image': 'image_id', + 'master_flavor': 'master_flavor_id', + 'node_flavor': 'flavor_id', + 'number_of_masters': 1, + 'number_of_nodes': 1, + 'docker_volume_size': 20, + 'discovery_url': 'https://discovery.test.io/123456789', + 'http_proxy': 'http_proxy', + 'https_proxy': 'https_proxy', + 'no_proxy': 'no_proxy', + 'bay_uuid': '5d12f6fd-a196-4bf0-ae4c-1f639a523a52', + 'magnum_url': self.mock_osc.magnum_url.return_value, + 'tls_disabled': False, + 'registry_enabled': True, + 'registry_container': 'docker_registry', + 'swift_region': 'RegionOne', 'network_driver': 'network_driver', 'flannel_network_cidr': '10.101.0.0/16', 'flannel_network_subnetlen': '26', @@ -145,6 +197,7 @@ class TestBayConductorWithSwarm(base.TestCase): 'bay_uuid': '5d12f6fd-a196-4bf0-ae4c-1f639a523a52', 'magnum_url': self.mock_osc.magnum_url.return_value, 'tls_disabled': False, + 'registry_enabled': False, 'flannel_network_cidr': u'10.101.0.0/16', 'flannel_network_subnetlen': u'26', 'flannel_backend': u'vxlan', diff --git a/magnum/tests/unit/conductor/test_template_definition.py b/magnum/tests/unit/conductor/test_template_definition.py index d744f985fd..fbc2741219 100644 --- a/magnum/tests/unit/conductor/test_template_definition.py +++ b/magnum/tests/unit/conductor/test_template_definition.py @@ -407,6 +407,7 @@ class AtomicSwarmTemplateDefinitionTestCase(base.TestCase): mock_context.auth_token = 'AUTH_TOKEN' mock_baymodel = mock.MagicMock() mock_baymodel.tls_disabled = False + mock_baymodel.registry_enabled = False mock_bay = mock.MagicMock() mock_bay.uuid = '5d12f6fd-a196-4bf0-ae4c-1f639a523a52' del mock_bay.stack_id