Merge "Add docker registry support for swarm"
This commit is contained in:
commit
391614e7bf
|
@ -578,6 +578,8 @@ class AtomicSwarmTemplateDefinition(BaseTemplateDefinition):
|
||||||
self.add_parameter('tls_disabled',
|
self.add_parameter('tls_disabled',
|
||||||
baymodel_attr='tls_disabled',
|
baymodel_attr='tls_disabled',
|
||||||
required=True)
|
required=True)
|
||||||
|
self.add_parameter('registry_enabled',
|
||||||
|
baymodel_attr='registry_enabled')
|
||||||
self.add_output('api_address',
|
self.add_output('api_address',
|
||||||
bay_attr='api_address',
|
bay_attr='api_address',
|
||||||
mapping_type=SwarmApiAddressOutputMapping)
|
mapping_type=SwarmApiAddressOutputMapping)
|
||||||
|
@ -607,6 +609,11 @@ class AtomicSwarmTemplateDefinition(BaseTemplateDefinition):
|
||||||
for label in label_list:
|
for label in label_list:
|
||||||
extra_params[label] = baymodel.labels.get(label)
|
extra_params[label] = baymodel.labels.get(label)
|
||||||
|
|
||||||
|
if baymodel.registry_enabled:
|
||||||
|
extra_params['swift_region'] = CONF.docker_registry.swift_region
|
||||||
|
extra_params['registry_container'] = (
|
||||||
|
CONF.docker_registry.swift_registry_container)
|
||||||
|
|
||||||
return super(AtomicSwarmTemplateDefinition,
|
return super(AtomicSwarmTemplateDefinition,
|
||||||
self).get_params(context, baymodel, bay,
|
self).get_params(context, baymodel, bay,
|
||||||
extra_params=extra_params,
|
extra_params=extra_params,
|
||||||
|
|
|
@ -0,0 +1,45 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
. /etc/sysconfig/heat-params
|
||||||
|
|
||||||
|
if [ "$REGISTRY_ENABLED" = "False" ]; then
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
cat > /etc/sysconfig/registry-config.yml << EOF
|
||||||
|
version: 0.1
|
||||||
|
log:
|
||||||
|
fields:
|
||||||
|
service: registry
|
||||||
|
storage:
|
||||||
|
cache:
|
||||||
|
layerinfo: inmemory
|
||||||
|
swift:
|
||||||
|
authurl: "$AUTH_URL"
|
||||||
|
region: "$SWIFT_REGION"
|
||||||
|
username: "$TRUSTEE_USERNAME"
|
||||||
|
password: "$TRUSTEE_PASSWORD"
|
||||||
|
domainid: "$TRUSTEE_DOMAIN_ID"
|
||||||
|
trustid: "$TRUST_ID"
|
||||||
|
container: "$REGISTRY_CONTAINER"
|
||||||
|
insecureskipverify: $REGISTRY_INSECURE
|
||||||
|
chunksize: $REGISTRY_CHUNKSIZE
|
||||||
|
http:
|
||||||
|
addr: :5000
|
||||||
|
EOF
|
||||||
|
|
||||||
|
cat > /etc/systemd/system/registry.service << EOF
|
||||||
|
[Unit]
|
||||||
|
Description=Docker registry v2
|
||||||
|
Requires=docker.service
|
||||||
|
After=docker.service
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=oneshot
|
||||||
|
RemainAfterExit=yes
|
||||||
|
ExecStart=/usr/bin/docker run -d -p $REGISTRY_PORT:5000 --restart=always --name registry -v /etc/sysconfig/registry-config.yml:/etc/docker/registry/config.yml registry:2
|
||||||
|
ExecStop=/usr/bin/docker rm -f registry
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
||||||
|
EOF
|
|
@ -0,0 +1,12 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
. /etc/sysconfig/heat-params
|
||||||
|
|
||||||
|
if [ "$REGISTRY_ENABLED" = "False" ]; then
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "starting docker registry ..."
|
||||||
|
systemctl daemon-reload
|
||||||
|
systemctl enable registry
|
||||||
|
systemctl --no-block start registry
|
|
@ -20,7 +20,15 @@ write_files:
|
||||||
API_IP_ADDRESS="$API_IP_ADDRESS"
|
API_IP_ADDRESS="$API_IP_ADDRESS"
|
||||||
SWARM_VERSION="$SWARM_VERSION"
|
SWARM_VERSION="$SWARM_VERSION"
|
||||||
AGENT_WAIT_HANDLE="$AGENT_WAIT_HANDLE"
|
AGENT_WAIT_HANDLE="$AGENT_WAIT_HANDLE"
|
||||||
|
TRUSTEE_DOMAIN_ID="$TRUSTEE_DOMAIN_ID"
|
||||||
TRUSTEE_USER_ID="$TRUSTEE_USER_ID"
|
TRUSTEE_USER_ID="$TRUSTEE_USER_ID"
|
||||||
|
TRUSTEE_USERNAME="$TRUSTEE_USERNAME"
|
||||||
TRUSTEE_PASSWORD="$TRUSTEE_PASSWORD"
|
TRUSTEE_PASSWORD="$TRUSTEE_PASSWORD"
|
||||||
TRUST_ID="$TRUST_ID"
|
TRUST_ID="$TRUST_ID"
|
||||||
AUTH_URL="$AUTH_URL"
|
AUTH_URL="$AUTH_URL"
|
||||||
|
REGISTRY_ENABLED="$REGISTRY_ENABLED"
|
||||||
|
REGISTRY_PORT="$REGISTRY_PORT"
|
||||||
|
SWIFT_REGION="$SWIFT_REGION"
|
||||||
|
REGISTRY_CONTAINER="$REGISTRY_CONTAINER"
|
||||||
|
REGISTRY_INSECURE="$REGISTRY_INSECURE"
|
||||||
|
REGISTRY_CHUNKSIZE="$REGISTRY_CHUNKSIZE"
|
||||||
|
|
|
@ -172,6 +172,40 @@ parameters:
|
||||||
type: string
|
type: string
|
||||||
description: url for keystone
|
description: url for keystone
|
||||||
|
|
||||||
|
registry_enabled:
|
||||||
|
type: boolean
|
||||||
|
description: >
|
||||||
|
Indicates whether the docker registry is enabled.
|
||||||
|
default: false
|
||||||
|
|
||||||
|
registry_port:
|
||||||
|
type: number
|
||||||
|
description: port of registry service
|
||||||
|
default: 5000
|
||||||
|
|
||||||
|
swift_region:
|
||||||
|
type: string
|
||||||
|
description: region of swift service
|
||||||
|
default: ""
|
||||||
|
|
||||||
|
registry_container:
|
||||||
|
type: string
|
||||||
|
description: >
|
||||||
|
name of swift container which docker registry stores images in
|
||||||
|
default: "container"
|
||||||
|
|
||||||
|
registry_insecure:
|
||||||
|
type: boolean
|
||||||
|
description: >
|
||||||
|
indicates whether to skip TLS verification between registry and backend storage
|
||||||
|
default: true
|
||||||
|
|
||||||
|
registry_chunksize:
|
||||||
|
type: number
|
||||||
|
description: >
|
||||||
|
size fo the data segments for the swift dynamic large objects
|
||||||
|
default: 5242880
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
|
|
||||||
######################################################################
|
######################################################################
|
||||||
|
@ -354,10 +388,18 @@ resources:
|
||||||
etcd_server_ip: {get_attr: [etcd_pool, vip, address]}
|
etcd_server_ip: {get_attr: [etcd_pool, vip, address]}
|
||||||
api_ip_address: {get_attr: [api_pool_floating, floating_ip_address]}
|
api_ip_address: {get_attr: [api_pool_floating, floating_ip_address]}
|
||||||
swarm_version: {get_param: swarm_version}
|
swarm_version: {get_param: swarm_version}
|
||||||
|
trustee_domain_id: {get_param: trustee_domain_id}
|
||||||
trustee_user_id: {get_param: trustee_user_id}
|
trustee_user_id: {get_param: trustee_user_id}
|
||||||
|
trustee_username: {get_param: trustee_username}
|
||||||
trustee_password: {get_param: trustee_password}
|
trustee_password: {get_param: trustee_password}
|
||||||
trust_id: {get_param: trust_id}
|
trust_id: {get_param: trust_id}
|
||||||
auth_url: {get_param: auth_url}
|
auth_url: {get_param: auth_url}
|
||||||
|
registry_enabled: {get_param: registry_enabled}
|
||||||
|
registry_port: {get_param: registry_port}
|
||||||
|
swift_region: {get_param: swift_region}
|
||||||
|
registry_container: {get_param: registry_container}
|
||||||
|
registry_insecure: {get_param: registry_insecure}
|
||||||
|
registry_chunksize: {get_param: registry_chunksize}
|
||||||
|
|
||||||
outputs:
|
outputs:
|
||||||
|
|
||||||
|
|
|
@ -93,10 +93,18 @@ parameters:
|
||||||
type: string
|
type: string
|
||||||
description: ip address of the load balancer pool of etcd server.
|
description: ip address of the load balancer pool of etcd server.
|
||||||
|
|
||||||
|
trustee_domain_id:
|
||||||
|
type: string
|
||||||
|
description: domain id of the trustee
|
||||||
|
|
||||||
trustee_user_id:
|
trustee_user_id:
|
||||||
type: string
|
type: string
|
||||||
description: user id of the trustee
|
description: user id of the trustee
|
||||||
|
|
||||||
|
trustee_username:
|
||||||
|
type: string
|
||||||
|
description: username of the trustee
|
||||||
|
|
||||||
trustee_password:
|
trustee_password:
|
||||||
type: string
|
type: string
|
||||||
description: password of the trustee
|
description: password of the trustee
|
||||||
|
@ -111,6 +119,34 @@ parameters:
|
||||||
type: string
|
type: string
|
||||||
description: url for keystone
|
description: url for keystone
|
||||||
|
|
||||||
|
registry_enabled:
|
||||||
|
type: boolean
|
||||||
|
description: >
|
||||||
|
Indicates whether the docker registry is enabled.
|
||||||
|
|
||||||
|
registry_port:
|
||||||
|
type: number
|
||||||
|
description: port of registry service
|
||||||
|
|
||||||
|
swift_region:
|
||||||
|
type: string
|
||||||
|
description: region of swift service
|
||||||
|
|
||||||
|
registry_container:
|
||||||
|
type: string
|
||||||
|
description: >
|
||||||
|
name of swift container which docker registry stores images in
|
||||||
|
|
||||||
|
registry_insecure:
|
||||||
|
type: boolean
|
||||||
|
description: >
|
||||||
|
indicates whether to skip TLS verification between registry and backend storage
|
||||||
|
|
||||||
|
registry_chunksize:
|
||||||
|
type: number
|
||||||
|
description: >
|
||||||
|
size fo the data segments for the swift dynamic large objects
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
|
|
||||||
node_cloud_init_wait_handle:
|
node_cloud_init_wait_handle:
|
||||||
|
@ -164,10 +200,18 @@ resources:
|
||||||
"$API_IP_ADDRESS": {get_param: api_ip_address}
|
"$API_IP_ADDRESS": {get_param: api_ip_address}
|
||||||
"$SWARM_VERSION": {get_param: swarm_version}
|
"$SWARM_VERSION": {get_param: swarm_version}
|
||||||
"$AGENT_WAIT_HANDLE": {get_resource: node_agent_wait_handle}
|
"$AGENT_WAIT_HANDLE": {get_resource: node_agent_wait_handle}
|
||||||
|
"$TRUSTEE_DOMAIN_ID": {get_param: trustee_domain_id}
|
||||||
"$TRUSTEE_USER_ID": {get_param: trustee_user_id}
|
"$TRUSTEE_USER_ID": {get_param: trustee_user_id}
|
||||||
|
"$TRUSTEE_USERNAME": {get_param: trustee_username}
|
||||||
"$TRUSTEE_PASSWORD": {get_param: trustee_password}
|
"$TRUSTEE_PASSWORD": {get_param: trustee_password}
|
||||||
"$TRUST_ID": {get_param: trust_id}
|
"$TRUST_ID": {get_param: trust_id}
|
||||||
"$AUTH_URL": {get_param: auth_url}
|
"$AUTH_URL": {get_param: auth_url}
|
||||||
|
"$REGISTRY_ENABLED": {get_param: registry_enabled}
|
||||||
|
"$REGISTRY_PORT": {get_param: registry_port}
|
||||||
|
"$SWIFT_REGION": {get_param: swift_region}
|
||||||
|
"$REGISTRY_CONTAINER": {get_param: registry_container}
|
||||||
|
"$REGISTRY_INSECURE": {get_param: registry_insecure}
|
||||||
|
"$REGISTRY_CHUNKSIZE": {get_param: registry_chunksize}
|
||||||
|
|
||||||
remove_docker_key:
|
remove_docker_key:
|
||||||
type: "OS::Heat::SoftwareConfig"
|
type: "OS::Heat::SoftwareConfig"
|
||||||
|
@ -187,6 +231,12 @@ resources:
|
||||||
group: ungrouped
|
group: ungrouped
|
||||||
config: {get_file: fragments/configure-docker-storage.sh}
|
config: {get_file: fragments/configure-docker-storage.sh}
|
||||||
|
|
||||||
|
configure_docker_registry:
|
||||||
|
type: OS::Heat::SoftwareConfig
|
||||||
|
properties:
|
||||||
|
group: ungrouped
|
||||||
|
config: {get_file: fragments/configure-docker-registry.sh}
|
||||||
|
|
||||||
write_docker_service:
|
write_docker_service:
|
||||||
type: "OS::Heat::SoftwareConfig"
|
type: "OS::Heat::SoftwareConfig"
|
||||||
properties:
|
properties:
|
||||||
|
@ -222,6 +272,12 @@ resources:
|
||||||
group: ungrouped
|
group: ungrouped
|
||||||
config: {get_file: fragments/write-swarm-agent-service.sh}
|
config: {get_file: fragments/write-swarm-agent-service.sh}
|
||||||
|
|
||||||
|
enable_docker_registry:
|
||||||
|
type: OS::Heat::SoftwareConfig
|
||||||
|
properties:
|
||||||
|
group: ungrouped
|
||||||
|
config: {get_file: fragments/enable-docker-registry.sh}
|
||||||
|
|
||||||
enable_services:
|
enable_services:
|
||||||
type: "OS::Heat::SoftwareConfig"
|
type: "OS::Heat::SoftwareConfig"
|
||||||
properties:
|
properties:
|
||||||
|
@ -260,11 +316,13 @@ resources:
|
||||||
- config: {get_resource: make_cert}
|
- config: {get_resource: make_cert}
|
||||||
- config: {get_resource: network_service}
|
- config: {get_resource: network_service}
|
||||||
- config: {get_resource: configure_docker_storage}
|
- config: {get_resource: configure_docker_storage}
|
||||||
|
- config: {get_resource: configure_docker_registry}
|
||||||
- config: {get_resource: write_swarm_agent_failure_service}
|
- config: {get_resource: write_swarm_agent_failure_service}
|
||||||
- config: {get_resource: write_swarm_agent_service}
|
- config: {get_resource: write_swarm_agent_service}
|
||||||
- config: {get_resource: write_docker_service}
|
- config: {get_resource: write_docker_service}
|
||||||
- config: {get_resource: write_docker_socket}
|
- config: {get_resource: write_docker_socket}
|
||||||
- config: {get_resource: add_proxy}
|
- config: {get_resource: add_proxy}
|
||||||
|
- config: {get_resource: enable_docker_registry}
|
||||||
- config: {get_resource: enable_services}
|
- config: {get_resource: enable_services}
|
||||||
- config: {get_resource: cfn_signal}
|
- config: {get_resource: cfn_signal}
|
||||||
|
|
||||||
|
|
|
@ -40,6 +40,7 @@ class TestBayConductorWithSwarm(base.TestCase):
|
||||||
'https_proxy': 'https_proxy',
|
'https_proxy': 'https_proxy',
|
||||||
'no_proxy': 'no_proxy',
|
'no_proxy': 'no_proxy',
|
||||||
'tls_disabled': False,
|
'tls_disabled': False,
|
||||||
|
'registry_enabled': False,
|
||||||
'server_type': 'vm',
|
'server_type': 'vm',
|
||||||
'network_driver': 'network_driver',
|
'network_driver': 'network_driver',
|
||||||
'labels': {'flannel_network_cidr': '10.101.0.0/16',
|
'labels': {'flannel_network_cidr': '10.101.0.0/16',
|
||||||
|
@ -102,6 +103,57 @@ class TestBayConductorWithSwarm(base.TestCase):
|
||||||
'bay_uuid': '5d12f6fd-a196-4bf0-ae4c-1f639a523a52',
|
'bay_uuid': '5d12f6fd-a196-4bf0-ae4c-1f639a523a52',
|
||||||
'magnum_url': self.mock_osc.magnum_url.return_value,
|
'magnum_url': self.mock_osc.magnum_url.return_value,
|
||||||
'tls_disabled': False,
|
'tls_disabled': False,
|
||||||
|
'registry_enabled': False,
|
||||||
|
'network_driver': 'network_driver',
|
||||||
|
'flannel_network_cidr': '10.101.0.0/16',
|
||||||
|
'flannel_network_subnetlen': '26',
|
||||||
|
'flannel_backend': 'vxlan',
|
||||||
|
'trustee_domain_id': '3527620c-b220-4f37-9ebc-6e63a81a9b2f',
|
||||||
|
'trustee_username': 'fake_trustee',
|
||||||
|
'trustee_password': 'fake_trustee_password',
|
||||||
|
'trustee_user_id': '7b489f04-b458-4541-8179-6a48a553e656',
|
||||||
|
'trust_id': 'bd11efc5-d4e2-4dac-bbce-25e348ddf7de',
|
||||||
|
'auth_url': 'http://192.168.10.10:5000/v3'
|
||||||
|
}
|
||||||
|
self.assertEqual(expected, definition)
|
||||||
|
|
||||||
|
@patch('magnum.objects.BayModel.get_by_uuid')
|
||||||
|
def test_extract_template_definition_with_registry(
|
||||||
|
self,
|
||||||
|
mock_objects_baymodel_get_by_uuid):
|
||||||
|
self.baymodel_dict['registry_enabled'] = True
|
||||||
|
baymodel = objects.BayModel(self.context, **self.baymodel_dict)
|
||||||
|
mock_objects_baymodel_get_by_uuid.return_value = baymodel
|
||||||
|
bay = objects.Bay(self.context, **self.bay_dict)
|
||||||
|
|
||||||
|
cfg.CONF.set_override('swift_region',
|
||||||
|
'RegionOne',
|
||||||
|
group='docker_registry')
|
||||||
|
|
||||||
|
(template_path,
|
||||||
|
definition) = bay_conductor._extract_template_definition(self.context,
|
||||||
|
bay)
|
||||||
|
|
||||||
|
expected = {
|
||||||
|
'ssh_key_name': 'keypair_id',
|
||||||
|
'external_network': 'external_network_id',
|
||||||
|
'dns_nameserver': 'dns_nameserver',
|
||||||
|
'server_image': 'image_id',
|
||||||
|
'master_flavor': 'master_flavor_id',
|
||||||
|
'node_flavor': 'flavor_id',
|
||||||
|
'number_of_masters': 1,
|
||||||
|
'number_of_nodes': 1,
|
||||||
|
'docker_volume_size': 20,
|
||||||
|
'discovery_url': 'https://discovery.test.io/123456789',
|
||||||
|
'http_proxy': 'http_proxy',
|
||||||
|
'https_proxy': 'https_proxy',
|
||||||
|
'no_proxy': 'no_proxy',
|
||||||
|
'bay_uuid': '5d12f6fd-a196-4bf0-ae4c-1f639a523a52',
|
||||||
|
'magnum_url': self.mock_osc.magnum_url.return_value,
|
||||||
|
'tls_disabled': False,
|
||||||
|
'registry_enabled': True,
|
||||||
|
'registry_container': 'docker_registry',
|
||||||
|
'swift_region': 'RegionOne',
|
||||||
'network_driver': 'network_driver',
|
'network_driver': 'network_driver',
|
||||||
'flannel_network_cidr': '10.101.0.0/16',
|
'flannel_network_cidr': '10.101.0.0/16',
|
||||||
'flannel_network_subnetlen': '26',
|
'flannel_network_subnetlen': '26',
|
||||||
|
@ -145,6 +197,7 @@ class TestBayConductorWithSwarm(base.TestCase):
|
||||||
'bay_uuid': '5d12f6fd-a196-4bf0-ae4c-1f639a523a52',
|
'bay_uuid': '5d12f6fd-a196-4bf0-ae4c-1f639a523a52',
|
||||||
'magnum_url': self.mock_osc.magnum_url.return_value,
|
'magnum_url': self.mock_osc.magnum_url.return_value,
|
||||||
'tls_disabled': False,
|
'tls_disabled': False,
|
||||||
|
'registry_enabled': False,
|
||||||
'flannel_network_cidr': u'10.101.0.0/16',
|
'flannel_network_cidr': u'10.101.0.0/16',
|
||||||
'flannel_network_subnetlen': u'26',
|
'flannel_network_subnetlen': u'26',
|
||||||
'flannel_backend': u'vxlan',
|
'flannel_backend': u'vxlan',
|
||||||
|
|
|
@ -407,6 +407,7 @@ class AtomicSwarmTemplateDefinitionTestCase(base.TestCase):
|
||||||
mock_context.auth_token = 'AUTH_TOKEN'
|
mock_context.auth_token = 'AUTH_TOKEN'
|
||||||
mock_baymodel = mock.MagicMock()
|
mock_baymodel = mock.MagicMock()
|
||||||
mock_baymodel.tls_disabled = False
|
mock_baymodel.tls_disabled = False
|
||||||
|
mock_baymodel.registry_enabled = False
|
||||||
mock_bay = mock.MagicMock()
|
mock_bay = mock.MagicMock()
|
||||||
mock_bay.uuid = '5d12f6fd-a196-4bf0-ae4c-1f639a523a52'
|
mock_bay.uuid = '5d12f6fd-a196-4bf0-ae4c-1f639a523a52'
|
||||||
del mock_bay.stack_id
|
del mock_bay.stack_id
|
||||||
|
|
Loading…
Reference in New Issue