Add docker registry support for swarm

Add docker registry support for swarm in heat template. After this
patch is merged, we can use docker registry in swarm bay.

Change-Id: I5161a4c0259a2df89dfc8591453aebc6f037d40d
Partially-Implements: blueprint registryv2-in-master

magnum/conductor/template_definition.py

@@ -578,6 +578,8 @@ class AtomicSwarmTemplateDefinition(BaseTemplateDefinition):
         self.add_parameter('tls_disabled',
                            baymodel_attr='tls_disabled',
                            required=True)
+        self.add_parameter('registry_enabled',
+                           baymodel_attr='registry_enabled')
         self.add_output('api_address',
                         bay_attr='api_address',
                         mapping_type=SwarmApiAddressOutputMapping)
@@ -607,6 +609,11 @@ class AtomicSwarmTemplateDefinition(BaseTemplateDefinition):
         for label in label_list:
             extra_params[label] = baymodel.labels.get(label)
 
+        if baymodel.registry_enabled:
+            extra_params['swift_region'] = CONF.docker_registry.swift_region
+            extra_params['registry_container'] = (
+                CONF.docker_registry.swift_registry_container)
+
         return super(AtomicSwarmTemplateDefinition,
                      self).get_params(context, baymodel, bay,
                                       extra_params=extra_params,

magnum/templates/swarm/fragments/configure-docker-registry.sh

@@ -0,0 +1,45 @@
+#!/bin/sh
+
+. /etc/sysconfig/heat-params
+
+if [ "$REGISTRY_ENABLED" = "False" ]; then
+    exit 0
+fi
+
+cat > /etc/sysconfig/registry-config.yml << EOF
+version: 0.1
+log:
+  fields:
+    service: registry
+storage:
+  cache:
+    layerinfo: inmemory
+  swift:
+    authurl: "$AUTH_URL"
+    region: "$SWIFT_REGION"
+    username: "$TRUSTEE_USERNAME"
+    password: "$TRUSTEE_PASSWORD"
+    domainid: "$TRUSTEE_DOMAIN_ID"
+    trustid: "$TRUST_ID"
+    container: "$REGISTRY_CONTAINER"
+    insecureskipverify: $REGISTRY_INSECURE
+    chunksize: $REGISTRY_CHUNKSIZE
+http:
+    addr: :5000
+EOF
+
+cat > /etc/systemd/system/registry.service << EOF
+[Unit]
+Description=Docker registry v2
+Requires=docker.service
+After=docker.service
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/usr/bin/docker run -d -p $REGISTRY_PORT:5000 --restart=always --name registry -v /etc/sysconfig/registry-config.yml:/etc/docker/registry/config.yml registry:2
+ExecStop=/usr/bin/docker rm -f registry
+
+[Install]
+WantedBy=multi-user.target
+EOF

magnum/templates/swarm/fragments/enable-docker-registry.sh

@@ -0,0 +1,12 @@
+#!/bin/sh
+
+. /etc/sysconfig/heat-params
+
+if [ "$REGISTRY_ENABLED" = "False" ]; then
+    exit 0
+fi
+
+echo "starting docker registry ..."
+systemctl daemon-reload
+systemctl enable registry
+systemctl --no-block start registry

magnum/templates/swarm/fragments/write-heat-params-node.yaml

@@ -20,7 +20,15 @@ write_files:
       API_IP_ADDRESS="$API_IP_ADDRESS"
       SWARM_VERSION="$SWARM_VERSION"
       AGENT_WAIT_HANDLE="$AGENT_WAIT_HANDLE"
+      TRUSTEE_DOMAIN_ID="$TRUSTEE_DOMAIN_ID"
       TRUSTEE_USER_ID="$TRUSTEE_USER_ID"
+      TRUSTEE_USERNAME="$TRUSTEE_USERNAME"
       TRUSTEE_PASSWORD="$TRUSTEE_PASSWORD"
       TRUST_ID="$TRUST_ID"
       AUTH_URL="$AUTH_URL"
+      REGISTRY_ENABLED="$REGISTRY_ENABLED"
+      REGISTRY_PORT="$REGISTRY_PORT"
+      SWIFT_REGION="$SWIFT_REGION"
+      REGISTRY_CONTAINER="$REGISTRY_CONTAINER"
+      REGISTRY_INSECURE="$REGISTRY_INSECURE"
+      REGISTRY_CHUNKSIZE="$REGISTRY_CHUNKSIZE"

magnum/templates/swarm/swarmcluster.yaml

@@ -172,6 +172,40 @@ parameters:
     type: string
     description: url for keystone
 
+  registry_enabled:
+    type: boolean
+    description: >
+      Indicates whether the docker registry is enabled.
+    default: false
+
+  registry_port:
+    type: number
+    description: port of registry service
+    default: 5000
+
+  swift_region:
+    type: string
+    description: region of swift service
+    default: ""
+
+  registry_container:
+    type: string
+    description: >
+      name of swift container which docker registry stores images in
+    default: "container"
+
+  registry_insecure:
+    type: boolean
+    description: >
+      indicates whether to skip TLS verification between registry and backend storage
+    default: true
+
+  registry_chunksize:
+    type: number
+    description: >
+      size fo the data segments for the swift dynamic large objects
+    default: 5242880
+
 resources:
 
   ######################################################################
@@ -354,10 +388,18 @@ resources:
           etcd_server_ip: {get_attr: [etcd_pool, vip, address]}
           api_ip_address: {get_attr: [api_pool_floating, floating_ip_address]}
           swarm_version: {get_param: swarm_version}
+          trustee_domain_id: {get_param: trustee_domain_id}
           trustee_user_id: {get_param: trustee_user_id}
+          trustee_username: {get_param: trustee_username}
           trustee_password: {get_param: trustee_password}
           trust_id: {get_param: trust_id}
           auth_url: {get_param: auth_url}
+          registry_enabled: {get_param: registry_enabled}
+          registry_port: {get_param: registry_port}
+          swift_region: {get_param: swift_region}
+          registry_container: {get_param: registry_container}
+          registry_insecure: {get_param: registry_insecure}
+          registry_chunksize: {get_param: registry_chunksize}
 
 outputs:
 

magnum/templates/swarm/swarmnode.yaml

@@ -93,10 +93,18 @@ parameters:
     type: string
     description: ip address of the load balancer pool of etcd server.
 
+  trustee_domain_id:
+    type: string
+    description: domain id of the trustee
+
   trustee_user_id:
     type: string
     description: user id of the trustee
 
+  trustee_username:
+    type: string
+    description: username of the trustee
+
   trustee_password:
     type: string
     description: password of the trustee
@@ -111,6 +119,34 @@ parameters:
     type: string
     description: url for keystone
 
+  registry_enabled:
+    type: boolean
+    description: >
+      Indicates whether the docker registry is enabled.
+
+  registry_port:
+    type: number
+    description: port of registry service
+
+  swift_region:
+    type: string
+    description: region of swift service
+
+  registry_container:
+    type: string
+    description: >
+      name of swift container which docker registry stores images in
+
+  registry_insecure:
+    type: boolean
+    description: >
+      indicates whether to skip TLS verification between registry and backend storage
+
+  registry_chunksize:
+    type: number
+    description: >
+      size fo the data segments for the swift dynamic large objects
+
 resources:
 
   node_cloud_init_wait_handle:
@@ -164,10 +200,18 @@ resources:
             "$API_IP_ADDRESS": {get_param: api_ip_address}
             "$SWARM_VERSION": {get_param: swarm_version}
             "$AGENT_WAIT_HANDLE": {get_resource: node_agent_wait_handle}
+            "$TRUSTEE_DOMAIN_ID": {get_param: trustee_domain_id}
             "$TRUSTEE_USER_ID": {get_param: trustee_user_id}
+            "$TRUSTEE_USERNAME": {get_param: trustee_username}
             "$TRUSTEE_PASSWORD": {get_param: trustee_password}
             "$TRUST_ID": {get_param: trust_id}
             "$AUTH_URL": {get_param: auth_url}
+            "$REGISTRY_ENABLED": {get_param: registry_enabled}
+            "$REGISTRY_PORT": {get_param: registry_port}
+            "$SWIFT_REGION": {get_param: swift_region}
+            "$REGISTRY_CONTAINER": {get_param: registry_container}
+            "$REGISTRY_INSECURE": {get_param: registry_insecure}
+            "$REGISTRY_CHUNKSIZE": {get_param: registry_chunksize}
 
   remove_docker_key:
     type: "OS::Heat::SoftwareConfig"
@@ -187,6 +231,12 @@ resources:
       group: ungrouped
       config: {get_file: fragments/configure-docker-storage.sh}
 
+  configure_docker_registry:
+    type: OS::Heat::SoftwareConfig
+    properties:
+      group: ungrouped
+      config: {get_file: fragments/configure-docker-registry.sh}
+
   write_docker_service:
     type: "OS::Heat::SoftwareConfig"
     properties:
@@ -222,6 +272,12 @@ resources:
       group: ungrouped
       config: {get_file: fragments/write-swarm-agent-service.sh}
 
+  enable_docker_registry:
+    type: OS::Heat::SoftwareConfig
+    properties:
+      group: ungrouped
+      config: {get_file: fragments/enable-docker-registry.sh}
+
   enable_services:
     type: "OS::Heat::SoftwareConfig"
     properties:
@@ -260,11 +316,13 @@ resources:
         - config: {get_resource: make_cert}
         - config: {get_resource: network_service}
         - config: {get_resource: configure_docker_storage}
+        - config: {get_resource: configure_docker_registry}
         - config: {get_resource: write_swarm_agent_failure_service}
         - config: {get_resource: write_swarm_agent_service}
         - config: {get_resource: write_docker_service}
         - config: {get_resource: write_docker_socket}
         - config: {get_resource: add_proxy}
+        - config: {get_resource: enable_docker_registry}
         - config: {get_resource: enable_services}
         - config: {get_resource: cfn_signal}
 

magnum/tests/unit/conductor/handlers/test_swarm_bay_conductor.py

@@ -40,6 +40,7 @@ class TestBayConductorWithSwarm(base.TestCase):
             'https_proxy': 'https_proxy',
             'no_proxy': 'no_proxy',
             'tls_disabled': False,
+            'registry_enabled': False,
             'server_type': 'vm',
             'network_driver': 'network_driver',
             'labels': {'flannel_network_cidr': '10.101.0.0/16',
@@ -102,6 +103,57 @@ class TestBayConductorWithSwarm(base.TestCase):
             'bay_uuid': '5d12f6fd-a196-4bf0-ae4c-1f639a523a52',
             'magnum_url': self.mock_osc.magnum_url.return_value,
             'tls_disabled': False,
+            'registry_enabled': False,
+            'network_driver': 'network_driver',
+            'flannel_network_cidr': '10.101.0.0/16',
+            'flannel_network_subnetlen': '26',
+            'flannel_backend': 'vxlan',
+            'trustee_domain_id': '3527620c-b220-4f37-9ebc-6e63a81a9b2f',
+            'trustee_username': 'fake_trustee',
+            'trustee_password': 'fake_trustee_password',
+            'trustee_user_id': '7b489f04-b458-4541-8179-6a48a553e656',
+            'trust_id': 'bd11efc5-d4e2-4dac-bbce-25e348ddf7de',
+            'auth_url': 'http://192.168.10.10:5000/v3'
+        }
+        self.assertEqual(expected, definition)
+
+    @patch('magnum.objects.BayModel.get_by_uuid')
+    def test_extract_template_definition_with_registry(
+            self,
+            mock_objects_baymodel_get_by_uuid):
+        self.baymodel_dict['registry_enabled'] = True
+        baymodel = objects.BayModel(self.context, **self.baymodel_dict)
+        mock_objects_baymodel_get_by_uuid.return_value = baymodel
+        bay = objects.Bay(self.context, **self.bay_dict)
+
+        cfg.CONF.set_override('swift_region',
+                              'RegionOne',
+                              group='docker_registry')
+
+        (template_path,
+         definition) = bay_conductor._extract_template_definition(self.context,
+                                                                  bay)
+
+        expected = {
+            'ssh_key_name': 'keypair_id',
+            'external_network': 'external_network_id',
+            'dns_nameserver': 'dns_nameserver',
+            'server_image': 'image_id',
+            'master_flavor': 'master_flavor_id',
+            'node_flavor': 'flavor_id',
+            'number_of_masters': 1,
+            'number_of_nodes': 1,
+            'docker_volume_size': 20,
+            'discovery_url': 'https://discovery.test.io/123456789',
+            'http_proxy': 'http_proxy',
+            'https_proxy': 'https_proxy',
+            'no_proxy': 'no_proxy',
+            'bay_uuid': '5d12f6fd-a196-4bf0-ae4c-1f639a523a52',
+            'magnum_url': self.mock_osc.magnum_url.return_value,
+            'tls_disabled': False,
+            'registry_enabled': True,
+            'registry_container': 'docker_registry',
+            'swift_region': 'RegionOne',
             'network_driver': 'network_driver',
             'flannel_network_cidr': '10.101.0.0/16',
             'flannel_network_subnetlen': '26',
@@ -145,6 +197,7 @@ class TestBayConductorWithSwarm(base.TestCase):
             'bay_uuid': '5d12f6fd-a196-4bf0-ae4c-1f639a523a52',
             'magnum_url': self.mock_osc.magnum_url.return_value,
             'tls_disabled': False,
+            'registry_enabled': False,
             'flannel_network_cidr': u'10.101.0.0/16',
             'flannel_network_subnetlen': u'26',
             'flannel_backend': u'vxlan',

magnum/tests/unit/conductor/test_template_definition.py

@@ -407,6 +407,7 @@ class AtomicSwarmTemplateDefinitionTestCase(base.TestCase):
         mock_context.auth_token = 'AUTH_TOKEN'
         mock_baymodel = mock.MagicMock()
         mock_baymodel.tls_disabled = False
+        mock_baymodel.registry_enabled = False
         mock_bay = mock.MagicMock()
         mock_bay.uuid = '5d12f6fd-a196-4bf0-ae4c-1f639a523a52'
         del mock_bay.stack_id