Add docker registry support for swarm

Add docker registry support for swarm in heat template. After this
patch is merged, we can use docker registry in swarm bay.

Change-Id: I5161a4c0259a2df89dfc8591453aebc6f037d40d
Partially-Implements: blueprint registryv2-in-master
This commit is contained in:
Hua Wang 2016-04-18 18:12:25 +08:00
parent e232c7f1a2
commit 7d8d090a46
8 changed files with 226 additions and 0 deletions

View File

@ -578,6 +578,8 @@ class AtomicSwarmTemplateDefinition(BaseTemplateDefinition):
self.add_parameter('tls_disabled',
baymodel_attr='tls_disabled',
required=True)
self.add_parameter('registry_enabled',
baymodel_attr='registry_enabled')
self.add_output('api_address',
bay_attr='api_address',
mapping_type=SwarmApiAddressOutputMapping)
@ -607,6 +609,11 @@ class AtomicSwarmTemplateDefinition(BaseTemplateDefinition):
for label in label_list:
extra_params[label] = baymodel.labels.get(label)
if baymodel.registry_enabled:
extra_params['swift_region'] = CONF.docker_registry.swift_region
extra_params['registry_container'] = (
CONF.docker_registry.swift_registry_container)
return super(AtomicSwarmTemplateDefinition,
self).get_params(context, baymodel, bay,
extra_params=extra_params,

View File

@ -0,0 +1,45 @@
#!/bin/sh
. /etc/sysconfig/heat-params
if [ "$REGISTRY_ENABLED" = "False" ]; then
exit 0
fi
cat > /etc/sysconfig/registry-config.yml << EOF
version: 0.1
log:
fields:
service: registry
storage:
cache:
layerinfo: inmemory
swift:
authurl: "$AUTH_URL"
region: "$SWIFT_REGION"
username: "$TRUSTEE_USERNAME"
password: "$TRUSTEE_PASSWORD"
domainid: "$TRUSTEE_DOMAIN_ID"
trustid: "$TRUST_ID"
container: "$REGISTRY_CONTAINER"
insecureskipverify: $REGISTRY_INSECURE
chunksize: $REGISTRY_CHUNKSIZE
http:
addr: :5000
EOF
cat > /etc/systemd/system/registry.service << EOF
[Unit]
Description=Docker registry v2
Requires=docker.service
After=docker.service
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/usr/bin/docker run -d -p $REGISTRY_PORT:5000 --restart=always --name registry -v /etc/sysconfig/registry-config.yml:/etc/docker/registry/config.yml registry:2
ExecStop=/usr/bin/docker rm -f registry
[Install]
WantedBy=multi-user.target
EOF

View File

@ -0,0 +1,12 @@
#!/bin/sh
. /etc/sysconfig/heat-params
if [ "$REGISTRY_ENABLED" = "False" ]; then
exit 0
fi
echo "starting docker registry ..."
systemctl daemon-reload
systemctl enable registry
systemctl --no-block start registry

View File

@ -20,7 +20,15 @@ write_files:
API_IP_ADDRESS="$API_IP_ADDRESS"
SWARM_VERSION="$SWARM_VERSION"
AGENT_WAIT_HANDLE="$AGENT_WAIT_HANDLE"
TRUSTEE_DOMAIN_ID="$TRUSTEE_DOMAIN_ID"
TRUSTEE_USER_ID="$TRUSTEE_USER_ID"
TRUSTEE_USERNAME="$TRUSTEE_USERNAME"
TRUSTEE_PASSWORD="$TRUSTEE_PASSWORD"
TRUST_ID="$TRUST_ID"
AUTH_URL="$AUTH_URL"
REGISTRY_ENABLED="$REGISTRY_ENABLED"
REGISTRY_PORT="$REGISTRY_PORT"
SWIFT_REGION="$SWIFT_REGION"
REGISTRY_CONTAINER="$REGISTRY_CONTAINER"
REGISTRY_INSECURE="$REGISTRY_INSECURE"
REGISTRY_CHUNKSIZE="$REGISTRY_CHUNKSIZE"

View File

@ -172,6 +172,40 @@ parameters:
type: string
description: url for keystone
registry_enabled:
type: boolean
description: >
Indicates whether the docker registry is enabled.
default: false
registry_port:
type: number
description: port of registry service
default: 5000
swift_region:
type: string
description: region of swift service
default: ""
registry_container:
type: string
description: >
name of swift container which docker registry stores images in
default: "container"
registry_insecure:
type: boolean
description: >
indicates whether to skip TLS verification between registry and backend storage
default: true
registry_chunksize:
type: number
description: >
size fo the data segments for the swift dynamic large objects
default: 5242880
resources:
######################################################################
@ -354,10 +388,18 @@ resources:
etcd_server_ip: {get_attr: [etcd_pool, vip, address]}
api_ip_address: {get_attr: [api_pool_floating, floating_ip_address]}
swarm_version: {get_param: swarm_version}
trustee_domain_id: {get_param: trustee_domain_id}
trustee_user_id: {get_param: trustee_user_id}
trustee_username: {get_param: trustee_username}
trustee_password: {get_param: trustee_password}
trust_id: {get_param: trust_id}
auth_url: {get_param: auth_url}
registry_enabled: {get_param: registry_enabled}
registry_port: {get_param: registry_port}
swift_region: {get_param: swift_region}
registry_container: {get_param: registry_container}
registry_insecure: {get_param: registry_insecure}
registry_chunksize: {get_param: registry_chunksize}
outputs:

View File

@ -93,10 +93,18 @@ parameters:
type: string
description: ip address of the load balancer pool of etcd server.
trustee_domain_id:
type: string
description: domain id of the trustee
trustee_user_id:
type: string
description: user id of the trustee
trustee_username:
type: string
description: username of the trustee
trustee_password:
type: string
description: password of the trustee
@ -111,6 +119,34 @@ parameters:
type: string
description: url for keystone
registry_enabled:
type: boolean
description: >
Indicates whether the docker registry is enabled.
registry_port:
type: number
description: port of registry service
swift_region:
type: string
description: region of swift service
registry_container:
type: string
description: >
name of swift container which docker registry stores images in
registry_insecure:
type: boolean
description: >
indicates whether to skip TLS verification between registry and backend storage
registry_chunksize:
type: number
description: >
size fo the data segments for the swift dynamic large objects
resources:
node_cloud_init_wait_handle:
@ -164,10 +200,18 @@ resources:
"$API_IP_ADDRESS": {get_param: api_ip_address}
"$SWARM_VERSION": {get_param: swarm_version}
"$AGENT_WAIT_HANDLE": {get_resource: node_agent_wait_handle}
"$TRUSTEE_DOMAIN_ID": {get_param: trustee_domain_id}
"$TRUSTEE_USER_ID": {get_param: trustee_user_id}
"$TRUSTEE_USERNAME": {get_param: trustee_username}
"$TRUSTEE_PASSWORD": {get_param: trustee_password}
"$TRUST_ID": {get_param: trust_id}
"$AUTH_URL": {get_param: auth_url}
"$REGISTRY_ENABLED": {get_param: registry_enabled}
"$REGISTRY_PORT": {get_param: registry_port}
"$SWIFT_REGION": {get_param: swift_region}
"$REGISTRY_CONTAINER": {get_param: registry_container}
"$REGISTRY_INSECURE": {get_param: registry_insecure}
"$REGISTRY_CHUNKSIZE": {get_param: registry_chunksize}
remove_docker_key:
type: "OS::Heat::SoftwareConfig"
@ -187,6 +231,12 @@ resources:
group: ungrouped
config: {get_file: fragments/configure-docker-storage.sh}
configure_docker_registry:
type: OS::Heat::SoftwareConfig
properties:
group: ungrouped
config: {get_file: fragments/configure-docker-registry.sh}
write_docker_service:
type: "OS::Heat::SoftwareConfig"
properties:
@ -222,6 +272,12 @@ resources:
group: ungrouped
config: {get_file: fragments/write-swarm-agent-service.sh}
enable_docker_registry:
type: OS::Heat::SoftwareConfig
properties:
group: ungrouped
config: {get_file: fragments/enable-docker-registry.sh}
enable_services:
type: "OS::Heat::SoftwareConfig"
properties:
@ -260,11 +316,13 @@ resources:
- config: {get_resource: make_cert}
- config: {get_resource: network_service}
- config: {get_resource: configure_docker_storage}
- config: {get_resource: configure_docker_registry}
- config: {get_resource: write_swarm_agent_failure_service}
- config: {get_resource: write_swarm_agent_service}
- config: {get_resource: write_docker_service}
- config: {get_resource: write_docker_socket}
- config: {get_resource: add_proxy}
- config: {get_resource: enable_docker_registry}
- config: {get_resource: enable_services}
- config: {get_resource: cfn_signal}

View File

@ -40,6 +40,7 @@ class TestBayConductorWithSwarm(base.TestCase):
'https_proxy': 'https_proxy',
'no_proxy': 'no_proxy',
'tls_disabled': False,
'registry_enabled': False,
'server_type': 'vm',
'network_driver': 'network_driver',
'labels': {'flannel_network_cidr': '10.101.0.0/16',
@ -102,6 +103,57 @@ class TestBayConductorWithSwarm(base.TestCase):
'bay_uuid': '5d12f6fd-a196-4bf0-ae4c-1f639a523a52',
'magnum_url': self.mock_osc.magnum_url.return_value,
'tls_disabled': False,
'registry_enabled': False,
'network_driver': 'network_driver',
'flannel_network_cidr': '10.101.0.0/16',
'flannel_network_subnetlen': '26',
'flannel_backend': 'vxlan',
'trustee_domain_id': '3527620c-b220-4f37-9ebc-6e63a81a9b2f',
'trustee_username': 'fake_trustee',
'trustee_password': 'fake_trustee_password',
'trustee_user_id': '7b489f04-b458-4541-8179-6a48a553e656',
'trust_id': 'bd11efc5-d4e2-4dac-bbce-25e348ddf7de',
'auth_url': 'http://192.168.10.10:5000/v3'
}
self.assertEqual(expected, definition)
@patch('magnum.objects.BayModel.get_by_uuid')
def test_extract_template_definition_with_registry(
self,
mock_objects_baymodel_get_by_uuid):
self.baymodel_dict['registry_enabled'] = True
baymodel = objects.BayModel(self.context, **self.baymodel_dict)
mock_objects_baymodel_get_by_uuid.return_value = baymodel
bay = objects.Bay(self.context, **self.bay_dict)
cfg.CONF.set_override('swift_region',
'RegionOne',
group='docker_registry')
(template_path,
definition) = bay_conductor._extract_template_definition(self.context,
bay)
expected = {
'ssh_key_name': 'keypair_id',
'external_network': 'external_network_id',
'dns_nameserver': 'dns_nameserver',
'server_image': 'image_id',
'master_flavor': 'master_flavor_id',
'node_flavor': 'flavor_id',
'number_of_masters': 1,
'number_of_nodes': 1,
'docker_volume_size': 20,
'discovery_url': 'https://discovery.test.io/123456789',
'http_proxy': 'http_proxy',
'https_proxy': 'https_proxy',
'no_proxy': 'no_proxy',
'bay_uuid': '5d12f6fd-a196-4bf0-ae4c-1f639a523a52',
'magnum_url': self.mock_osc.magnum_url.return_value,
'tls_disabled': False,
'registry_enabled': True,
'registry_container': 'docker_registry',
'swift_region': 'RegionOne',
'network_driver': 'network_driver',
'flannel_network_cidr': '10.101.0.0/16',
'flannel_network_subnetlen': '26',
@ -145,6 +197,7 @@ class TestBayConductorWithSwarm(base.TestCase):
'bay_uuid': '5d12f6fd-a196-4bf0-ae4c-1f639a523a52',
'magnum_url': self.mock_osc.magnum_url.return_value,
'tls_disabled': False,
'registry_enabled': False,
'flannel_network_cidr': u'10.101.0.0/16',
'flannel_network_subnetlen': u'26',
'flannel_backend': u'vxlan',

View File

@ -407,6 +407,7 @@ class AtomicSwarmTemplateDefinitionTestCase(base.TestCase):
mock_context.auth_token = 'AUTH_TOKEN'
mock_baymodel = mock.MagicMock()
mock_baymodel.tls_disabled = False
mock_baymodel.registry_enabled = False
mock_bay = mock.MagicMock()
mock_bay.uuid = '5d12f6fd-a196-4bf0-ae4c-1f639a523a52'
del mock_bay.stack_id