Browse Source

Add docker registry support for swarm

Add docker registry support for swarm in heat template. After this
patch is merged, we can use docker registry in swarm bay.

Change-Id: I5161a4c0259a2df89dfc8591453aebc6f037d40d
Partially-Implements: blueprint registryv2-in-master
changes/18/307618/6
Hua Wang 6 years ago
parent
commit
7d8d090a46
  1. 7
      magnum/conductor/template_definition.py
  2. 45
      magnum/templates/swarm/fragments/configure-docker-registry.sh
  3. 12
      magnum/templates/swarm/fragments/enable-docker-registry.sh
  4. 8
      magnum/templates/swarm/fragments/write-heat-params-node.yaml
  5. 42
      magnum/templates/swarm/swarmcluster.yaml
  6. 58
      magnum/templates/swarm/swarmnode.yaml
  7. 53
      magnum/tests/unit/conductor/handlers/test_swarm_bay_conductor.py
  8. 1
      magnum/tests/unit/conductor/test_template_definition.py

7
magnum/conductor/template_definition.py

@ -578,6 +578,8 @@ class AtomicSwarmTemplateDefinition(BaseTemplateDefinition):
self.add_parameter('tls_disabled',
baymodel_attr='tls_disabled',
required=True)
self.add_parameter('registry_enabled',
baymodel_attr='registry_enabled')
self.add_output('api_address',
bay_attr='api_address',
mapping_type=SwarmApiAddressOutputMapping)
@ -607,6 +609,11 @@ class AtomicSwarmTemplateDefinition(BaseTemplateDefinition):
for label in label_list:
extra_params[label] = baymodel.labels.get(label)
if baymodel.registry_enabled:
extra_params['swift_region'] = CONF.docker_registry.swift_region
extra_params['registry_container'] = (
CONF.docker_registry.swift_registry_container)
return super(AtomicSwarmTemplateDefinition,
self).get_params(context, baymodel, bay,
extra_params=extra_params,

45
magnum/templates/swarm/fragments/configure-docker-registry.sh

@ -0,0 +1,45 @@
#!/bin/sh
. /etc/sysconfig/heat-params
if [ "$REGISTRY_ENABLED" = "False" ]; then
exit 0
fi
cat > /etc/sysconfig/registry-config.yml << EOF
version: 0.1
log:
fields:
service: registry
storage:
cache:
layerinfo: inmemory
swift:
authurl: "$AUTH_URL"
region: "$SWIFT_REGION"
username: "$TRUSTEE_USERNAME"
password: "$TRUSTEE_PASSWORD"
domainid: "$TRUSTEE_DOMAIN_ID"
trustid: "$TRUST_ID"
container: "$REGISTRY_CONTAINER"
insecureskipverify: $REGISTRY_INSECURE
chunksize: $REGISTRY_CHUNKSIZE
http:
addr: :5000
EOF
cat > /etc/systemd/system/registry.service << EOF
[Unit]
Description=Docker registry v2
Requires=docker.service
After=docker.service
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/usr/bin/docker run -d -p $REGISTRY_PORT:5000 --restart=always --name registry -v /etc/sysconfig/registry-config.yml:/etc/docker/registry/config.yml registry:2
ExecStop=/usr/bin/docker rm -f registry
[Install]
WantedBy=multi-user.target
EOF

12
magnum/templates/swarm/fragments/enable-docker-registry.sh

@ -0,0 +1,12 @@
#!/bin/sh
. /etc/sysconfig/heat-params
if [ "$REGISTRY_ENABLED" = "False" ]; then
exit 0
fi
echo "starting docker registry ..."
systemctl daemon-reload
systemctl enable registry
systemctl --no-block start registry

8
magnum/templates/swarm/fragments/write-heat-params-node.yaml

@ -20,7 +20,15 @@ write_files:
API_IP_ADDRESS="$API_IP_ADDRESS"
SWARM_VERSION="$SWARM_VERSION"
AGENT_WAIT_HANDLE="$AGENT_WAIT_HANDLE"
TRUSTEE_DOMAIN_ID="$TRUSTEE_DOMAIN_ID"
TRUSTEE_USER_ID="$TRUSTEE_USER_ID"
TRUSTEE_USERNAME="$TRUSTEE_USERNAME"
TRUSTEE_PASSWORD="$TRUSTEE_PASSWORD"
TRUST_ID="$TRUST_ID"
AUTH_URL="$AUTH_URL"
REGISTRY_ENABLED="$REGISTRY_ENABLED"
REGISTRY_PORT="$REGISTRY_PORT"
SWIFT_REGION="$SWIFT_REGION"
REGISTRY_CONTAINER="$REGISTRY_CONTAINER"
REGISTRY_INSECURE="$REGISTRY_INSECURE"
REGISTRY_CHUNKSIZE="$REGISTRY_CHUNKSIZE"

42
magnum/templates/swarm/swarmcluster.yaml

@ -172,6 +172,40 @@ parameters:
type: string
description: url for keystone
registry_enabled:
type: boolean
description: >
Indicates whether the docker registry is enabled.
default: false
registry_port:
type: number
description: port of registry service
default: 5000
swift_region:
type: string
description: region of swift service
default: ""
registry_container:
type: string
description: >
name of swift container which docker registry stores images in
default: "container"
registry_insecure:
type: boolean
description: >
indicates whether to skip TLS verification between registry and backend storage
default: true
registry_chunksize:
type: number
description: >
size fo the data segments for the swift dynamic large objects
default: 5242880
resources:
######################################################################
@ -354,10 +388,18 @@ resources:
etcd_server_ip: {get_attr: [etcd_pool, vip, address]}
api_ip_address: {get_attr: [api_pool_floating, floating_ip_address]}
swarm_version: {get_param: swarm_version}
trustee_domain_id: {get_param: trustee_domain_id}
trustee_user_id: {get_param: trustee_user_id}
trustee_username: {get_param: trustee_username}
trustee_password: {get_param: trustee_password}
trust_id: {get_param: trust_id}
auth_url: {get_param: auth_url}
registry_enabled: {get_param: registry_enabled}
registry_port: {get_param: registry_port}
swift_region: {get_param: swift_region}
registry_container: {get_param: registry_container}
registry_insecure: {get_param: registry_insecure}
registry_chunksize: {get_param: registry_chunksize}
outputs:

58
magnum/templates/swarm/swarmnode.yaml

@ -93,10 +93,18 @@ parameters:
type: string
description: ip address of the load balancer pool of etcd server.
trustee_domain_id:
type: string
description: domain id of the trustee
trustee_user_id:
type: string
description: user id of the trustee
trustee_username:
type: string
description: username of the trustee
trustee_password:
type: string
description: password of the trustee
@ -111,6 +119,34 @@ parameters:
type: string
description: url for keystone
registry_enabled:
type: boolean
description: >
Indicates whether the docker registry is enabled.
registry_port:
type: number
description: port of registry service
swift_region:
type: string
description: region of swift service
registry_container:
type: string
description: >
name of swift container which docker registry stores images in
registry_insecure:
type: boolean
description: >
indicates whether to skip TLS verification between registry and backend storage
registry_chunksize:
type: number
description: >
size fo the data segments for the swift dynamic large objects
resources:
node_cloud_init_wait_handle:
@ -164,10 +200,18 @@ resources:
"$API_IP_ADDRESS": {get_param: api_ip_address}
"$SWARM_VERSION": {get_param: swarm_version}
"$AGENT_WAIT_HANDLE": {get_resource: node_agent_wait_handle}
"$TRUSTEE_DOMAIN_ID": {get_param: trustee_domain_id}
"$TRUSTEE_USER_ID": {get_param: trustee_user_id}
"$TRUSTEE_USERNAME": {get_param: trustee_username}
"$TRUSTEE_PASSWORD": {get_param: trustee_password}
"$TRUST_ID": {get_param: trust_id}
"$AUTH_URL": {get_param: auth_url}
"$REGISTRY_ENABLED": {get_param: registry_enabled}
"$REGISTRY_PORT": {get_param: registry_port}
"$SWIFT_REGION": {get_param: swift_region}
"$REGISTRY_CONTAINER": {get_param: registry_container}
"$REGISTRY_INSECURE": {get_param: registry_insecure}
"$REGISTRY_CHUNKSIZE": {get_param: registry_chunksize}
remove_docker_key:
type: "OS::Heat::SoftwareConfig"
@ -187,6 +231,12 @@ resources:
group: ungrouped
config: {get_file: fragments/configure-docker-storage.sh}
configure_docker_registry:
type: OS::Heat::SoftwareConfig
properties:
group: ungrouped
config: {get_file: fragments/configure-docker-registry.sh}
write_docker_service:
type: "OS::Heat::SoftwareConfig"
properties:
@ -222,6 +272,12 @@ resources:
group: ungrouped
config: {get_file: fragments/write-swarm-agent-service.sh}
enable_docker_registry:
type: OS::Heat::SoftwareConfig
properties:
group: ungrouped
config: {get_file: fragments/enable-docker-registry.sh}
enable_services:
type: "OS::Heat::SoftwareConfig"
properties:
@ -260,11 +316,13 @@ resources:
- config: {get_resource: make_cert}
- config: {get_resource: network_service}
- config: {get_resource: configure_docker_storage}
- config: {get_resource: configure_docker_registry}
- config: {get_resource: write_swarm_agent_failure_service}
- config: {get_resource: write_swarm_agent_service}
- config: {get_resource: write_docker_service}
- config: {get_resource: write_docker_socket}
- config: {get_resource: add_proxy}
- config: {get_resource: enable_docker_registry}
- config: {get_resource: enable_services}
- config: {get_resource: cfn_signal}

53
magnum/tests/unit/conductor/handlers/test_swarm_bay_conductor.py

@ -40,6 +40,7 @@ class TestBayConductorWithSwarm(base.TestCase):
'https_proxy': 'https_proxy',
'no_proxy': 'no_proxy',
'tls_disabled': False,
'registry_enabled': False,
'server_type': 'vm',
'network_driver': 'network_driver',
'labels': {'flannel_network_cidr': '10.101.0.0/16',
@ -102,6 +103,57 @@ class TestBayConductorWithSwarm(base.TestCase):
'bay_uuid': '5d12f6fd-a196-4bf0-ae4c-1f639a523a52',
'magnum_url': self.mock_osc.magnum_url.return_value,
'tls_disabled': False,
'registry_enabled': False,
'network_driver': 'network_driver',
'flannel_network_cidr': '10.101.0.0/16',
'flannel_network_subnetlen': '26',
'flannel_backend': 'vxlan',
'trustee_domain_id': '3527620c-b220-4f37-9ebc-6e63a81a9b2f',
'trustee_username': 'fake_trustee',
'trustee_password': 'fake_trustee_password',
'trustee_user_id': '7b489f04-b458-4541-8179-6a48a553e656',
'trust_id': 'bd11efc5-d4e2-4dac-bbce-25e348ddf7de',
'auth_url': 'http://192.168.10.10:5000/v3'
}
self.assertEqual(expected, definition)
@patch('magnum.objects.BayModel.get_by_uuid')
def test_extract_template_definition_with_registry(
self,
mock_objects_baymodel_get_by_uuid):
self.baymodel_dict['registry_enabled'] = True
baymodel = objects.BayModel(self.context, **self.baymodel_dict)
mock_objects_baymodel_get_by_uuid.return_value = baymodel
bay = objects.Bay(self.context, **self.bay_dict)
cfg.CONF.set_override('swift_region',
'RegionOne',
group='docker_registry')
(template_path,
definition) = bay_conductor._extract_template_definition(self.context,
bay)
expected = {
'ssh_key_name': 'keypair_id',
'external_network': 'external_network_id',
'dns_nameserver': 'dns_nameserver',
'server_image': 'image_id',
'master_flavor': 'master_flavor_id',
'node_flavor': 'flavor_id',
'number_of_masters': 1,
'number_of_nodes': 1,
'docker_volume_size': 20,
'discovery_url': 'https://discovery.test.io/123456789',
'http_proxy': 'http_proxy',
'https_proxy': 'https_proxy',
'no_proxy': 'no_proxy',
'bay_uuid': '5d12f6fd-a196-4bf0-ae4c-1f639a523a52',
'magnum_url': self.mock_osc.magnum_url.return_value,
'tls_disabled': False,
'registry_enabled': True,
'registry_container': 'docker_registry',
'swift_region': 'RegionOne',
'network_driver': 'network_driver',
'flannel_network_cidr': '10.101.0.0/16',
'flannel_network_subnetlen': '26',
@ -145,6 +197,7 @@ class TestBayConductorWithSwarm(base.TestCase):
'bay_uuid': '5d12f6fd-a196-4bf0-ae4c-1f639a523a52',
'magnum_url': self.mock_osc.magnum_url.return_value,
'tls_disabled': False,
'registry_enabled': False,
'flannel_network_cidr': u'10.101.0.0/16',
'flannel_network_subnetlen': u'26',
'flannel_backend': u'vxlan',

1
magnum/tests/unit/conductor/test_template_definition.py

@ -407,6 +407,7 @@ class AtomicSwarmTemplateDefinitionTestCase(base.TestCase):
mock_context.auth_token = 'AUTH_TOKEN'
mock_baymodel = mock.MagicMock()
mock_baymodel.tls_disabled = False
mock_baymodel.registry_enabled = False
mock_bay = mock.MagicMock()
mock_bay.uuid = '5d12f6fd-a196-4bf0-ae4c-1f639a523a52'
del mock_bay.stack_id

Loading…
Cancel
Save