Add support for docker registry

After this patch is merged, docker registry will be available.
We can push docker images into local repo on a bay node.

Change-Id: I1245bde7ef3173226617e60e6436759f433eb464
Partially-Implements: blueprint registryv2-in-master

magnum/conductor/template_definition.py

@@ -64,8 +64,18 @@ template_def_opts = [
                 help=_('Enabled bay definition entry points.')),
 ]
 
+docker_registry_opts = [
+    cfg.StrOpt('swift_region',
+               help=_('Region name of Swift')),
+    cfg.StrOpt('swift_registry_container',
+               default='docker_registry',
+               help=_('Name of the container in Swift which docker registry '
+                      'stores images in'))
+]
+
 CONF = cfg.CONF
 CONF.register_opts(template_def_opts, group='bay')
+CONF.register_opts(docker_registry_opts, group='docker_registry')
 CONF.import_opt('trustee_domain_id', 'magnum.common.keystone', group='trust')
 
 
@@ -447,6 +457,8 @@ class K8sTemplateDefinition(BaseTemplateDefinition):
         self.add_parameter('tls_disabled',
                            baymodel_attr='tls_disabled',
                            required=True)
+        self.add_parameter('registry_enabled',
+                           baymodel_attr='registry_enabled')
 
         self.add_output('api_address',
                         bay_attr='api_address',
@@ -475,6 +487,11 @@ class K8sTemplateDefinition(BaseTemplateDefinition):
         for label in label_list:
             extra_params[label] = baymodel.labels.get(label)
 
+        if baymodel.registry_enabled:
+            extra_params['swift_region'] = CONF.docker_registry.swift_region
+            extra_params['registry_container'] = (
+                CONF.docker_registry.swift_registry_container)
+
         return super(K8sTemplateDefinition,
                      self).get_params(context, baymodel, bay,
                                       extra_params=extra_params,

magnum/opts.py

@@ -60,4 +60,6 @@ def list_opts():
                             )),
         ('baymodel', magnum.api.validation.baymodel_opts),
         ('keystone_auth', magnum.common.keystone.keystone_auth_opts),
+        ('docker_registry',
+         magnum.conductor.template_definition.docker_registry_opts)
     ]

magnum/templates/kubernetes/fragments/configure-docker-registry.sh

@@ -15,12 +15,12 @@ storage:
   cache:
     layerinfo: inmemory
   swift:
-    authurl: "$REGISTRY_AUTH_URL"
+    authurl: "$AUTH_URL"
-    region: "$REGISTRY_REGION"
+    region: "$SWIFT_REGION"
-    username: "$REGISTRY_USERNAME"
+    username: "$TRUSTEE_USERNAME"
-    password: "$REGISTRY_PASSWORD"
+    password: "$TRUSTEE_PASSWORD"
-    domain: "$REGISTRY_DOMAIN"
+    domainid: "$TRUSTEE_DOMAIN_ID"
-    trustid: "$REGISTRY_TRUST_ID"
+    trustid: "$TRUST_ID"
     container: "$REGISTRY_CONTAINER"
     insecureskipverify: $REGISTRY_INSECURE
     chunksize: $REGISTRY_CHUNKSIZE

magnum/templates/kubernetes/fragments/write-heat-params.yaml

@@ -14,12 +14,7 @@ write_files:
       NETWORK_DRIVER="$NETWORK_DRIVER"
       REGISTRY_ENABLED="$REGISTRY_ENABLED"
       REGISTRY_PORT="$REGISTRY_PORT"
-      REGISTRY_AUTH_URL="$REGISTRY_AUTH_URL"
+      SWIFT_REGION="$SWIFT_REGION"
-      REGISTRY_REGION="$REGISTRY_REGION"
-      REGISTRY_USERNAME="$REGISTRY_USERNAME"
-      REGISTRY_PASSWORD="$REGISTRY_PASSWORD"
-      REGISTRY_DOMAIN="$REGISTRY_DOMAIN"
-      REGISTRY_TRUST_ID="$REGISTRY_TRUST_ID"
       REGISTRY_CONTAINER="$REGISTRY_CONTAINER"
       REGISTRY_INSECURE="$REGISTRY_INSECURE"
       REGISTRY_CHUNKSIZE="$REGISTRY_CHUNKSIZE"
@@ -38,6 +33,8 @@ write_files:
       WAIT_CURL="$WAIT_CURL"
       KUBE_VERSION="$KUBE_VERSION"
       TRUSTEE_USER_ID="$TRUSTEE_USER_ID"
+      TRUSTEE_USERNAME="$TRUSTEE_USERNAME"
       TRUSTEE_PASSWORD="$TRUSTEE_PASSWORD"
+      TRUSTEE_DOMAIN_ID="$TRUSTEE_DOMAIN_ID"
       TRUST_ID="$TRUST_ID"
       AUTH_URL="$AUTH_URL"

magnum/templates/kubernetes/kubecluster.yaml

@@ -125,37 +125,10 @@ parameters:
     description: port of registry service
     default: 5000
 
-  registry_username:
+  swift_region:
-    type: string
-    description: username used by docker registry
-    default: "username"
-
-  registry_password:
-    type: string
-    description: password used by docker registry
-    default: "password"
-    hidden: true
-
-  registry_domain:
-    type: string
-    description: domain used by docker registry
-    default: "domain"
-
-  registry_trust_id:
-    type: string
-    description: trust_id used by docker registry
-    default: "trust_id"
-    hidden: true
-
-  registry_auth_url:
-    type: string
-    description: auth_url for keystone
-    default: "auth_url"
-
-  registry_region:
     type: string
     description: region of swift service
-    default: "region"
+    default: ""
 
   registry_container:
     type: string
@@ -250,28 +223,23 @@ parameters:
   trustee_domain_id:
     type: string
     description: domain id of the trustee
-    default: ""
 
   trustee_user_id:
     type: string
     description: user id of the trustee
-    default: ""
 
   trustee_username:
     type: string
     description: username of the trustee
-    default: ""
 
   trustee_password:
     type: string
     description: password of the trustee
-    default: ""
     hidden: true
 
   trust_id:
     type: string
     description: id of the trust which is used by the trustee
-    default: ""
     hidden: true
 
   auth_url:
@@ -496,12 +464,7 @@ resources:
           wait_condition_timeout: {get_param: wait_condition_timeout}
           registry_enabled: {get_param: registry_enabled}
           registry_port: {get_param: registry_port}
-          registry_username: {get_param: registry_username}
+          swift_region: {get_param: swift_region}
-          registry_password: {get_param: registry_password}
-          registry_domain: {get_param: registry_domain}
-          registry_trust_id: {get_param: registry_trust_id}
-          registry_auth_url: {get_param: registry_auth_url}
-          registry_region: {get_param: registry_region}
           registry_container: {get_param: registry_container}
           registry_insecure: {get_param: registry_insecure}
           registry_chunksize: {get_param: registry_chunksize}
@@ -521,7 +484,9 @@ resources:
           no_proxy: {get_param: no_proxy}
           kube_version: {get_param: kube_version}
           trustee_user_id: {get_param: trustee_user_id}
+          trustee_username: {get_param: trustee_username}
           trustee_password: {get_param: trustee_password}
+          trustee_domain_id: {get_param: trustee_domain_id}
           trust_id: {get_param: trust_id}
           auth_url: {get_param: auth_url}
 

magnum/templates/kubernetes/kubeminion.yaml

@@ -92,29 +92,7 @@ parameters:
     type: number
     description: port of registry service
 
-  registry_username:
+  swift_region:
-    type: string
-    description: username used by docker registry
-
-  registry_password:
-    type: string
-    description: password used by docker registry
-    hidden: true
-
-  registry_domain:
-    type: string
-    description: domain used by docker registry
-
-  registry_trust_id:
-    type: string
-    description: trust_id used by docker registry
-    hidden: true
-
-  registry_auth_url:
-    type: string
-    description: auth_url for keystone
-
-  registry_region:
     type: string
     description: region of swift service
 
@@ -183,10 +161,18 @@ parameters:
     type: string
     description: version of kubernetes used for kubernetes cluster
 
+  trustee_domain_id:
+    type: string
+    description: domain id of the trustee
+
   trustee_user_id:
     type: string
     description: user id of the trustee
 
+  trustee_username:
+    type: string
+    description: username of the trustee
+
   trustee_password:
     type: string
     description: password of the trustee
@@ -236,12 +222,7 @@ resources:
             $NETWORK_DRIVER: {get_param: network_driver}
             $REGISTRY_ENABLED: {get_param: registry_enabled}
             $REGISTRY_PORT: {get_param: registry_port}
-            $REGISTRY_AUTH_URL: {get_param: registry_auth_url}
+            $SWIFT_REGION: {get_param: swift_region}
-            $REGISTRY_REGION: {get_param: registry_region}
-            $REGISTRY_USERNAME: {get_param: registry_username}
-            $REGISTRY_PASSWORD: {get_param: registry_password}
-            $REGISTRY_DOMAIN: {get_param: registry_domain}
-            $REGISTRY_TRUST_ID: {get_param: registry_trust_id}
             $REGISTRY_CONTAINER: {get_param: registry_container}
             $REGISTRY_INSECURE: {get_param: registry_insecure}
             $REGISTRY_CHUNKSIZE: {get_param: registry_chunksize}
@@ -259,7 +240,9 @@ resources:
             $NO_PROXY: {get_param: no_proxy}
             $KUBE_VERSION: {get_param: kube_version}
             $WAIT_CURL: {get_attr: [minion_wait_handle, curl_cli]}
+            $TRUSTEE_DOMAIN_ID: {get_param: trustee_domain_id}
             $TRUSTEE_USER_ID: {get_param: trustee_user_id}
+            $TRUSTEE_USERNAME: {get_param: trustee_username}
             $TRUSTEE_PASSWORD: {get_param: trustee_password}
             $TRUST_ID: {get_param: trust_id}
             $AUTH_URL: {get_param: auth_url}

magnum/tests/unit/conductor/handlers/test_k8s_bay_conductor.py

@@ -44,7 +44,8 @@ class TestBayConductorWithK8s(base.TestCase):
                        'flannel_network_subnetlen': '26',
                        'flannel_backend': 'vxlan'},
             'tls_disabled': False,
-            'server_type': 'vm'
+            'server_type': 'vm',
+            'registry_enabled': False
         }
         self.bay_dict = {
             'uuid': '5d12f6fd-a196-4bf0-ae4c-1f639a523a52',
@@ -148,6 +149,7 @@ class TestBayConductorWithK8s(base.TestCase):
             'magnum_url': self.mock_osc.magnum_url.return_value,
             'region_name': self.mock_osc.cinder_region_name.return_value,
             'tls_disabled': False,
+            'registry_enabled': False,
             'trustee_domain_id': '3527620c-b220-4f37-9ebc-6e63a81a9b2f',
             'trustee_username': 'fake_trustee',
             'trustee_password': 'fake_trustee_password',
@@ -160,6 +162,61 @@ class TestBayConductorWithK8s(base.TestCase):
 
         self.assertEqual(expected, definition)
 
+    @patch('magnum.objects.BayModel.get_by_uuid')
+    def test_extract_template_definition_with_registry(
+            self,
+            mock_objects_baymodel_get_by_uuid):
+        self.baymodel_dict['registry_enabled'] = True
+        baymodel = objects.BayModel(self.context, **self.baymodel_dict)
+        mock_objects_baymodel_get_by_uuid.return_value = baymodel
+        bay = objects.Bay(self.context, **self.bay_dict)
+
+        cfg.CONF.set_override('swift_region',
+                              'RegionOne',
+                              group='docker_registry')
+
+        (template_path,
+         definition) = bay_conductor._extract_template_definition(self.context,
+                                                                  bay)
+
+        expected = {
+            'auth_url': 'http://192.168.10.10:5000/v3',
+            'bay_uuid': '5d12f6fd-a196-4bf0-ae4c-1f639a523a52',
+            'discovery_url': 'https://discovery.etcd.io/test',
+            'dns_nameserver': 'dns_nameserver',
+            'docker_volume_size': 20,
+            'external_network': 'external_network_id',
+            'flannel_backend': 'vxlan',
+            'flannel_network_cidr': '10.101.0.0/16',
+            'flannel_network_subnetlen': '26',
+            'http_proxy': 'http_proxy',
+            'https_proxy': 'https_proxy',
+            'magnum_url': 'http://127.0.0.1:9511/v1',
+            'master_flavor': 'master_flavor_id',
+            'minion_flavor': 'flavor_id',
+            'network_driver': 'network_driver',
+            'no_proxy': 'no_proxy',
+            'number_of_masters': 1,
+            'number_of_minions': 1,
+            'region_name': 'RegionOne',
+            'registry_container': 'docker_registry',
+            'registry_enabled': True,
+            'server_image': 'image_id',
+            'ssh_key_name': 'keypair_id',
+            'swift_region': 'RegionOne',
+            'tenant_name': 'fake_tenant',
+            'tls_disabled': False,
+            'trust_id': 'bd11efc5-d4e2-4dac-bbce-25e348ddf7de',
+            'trustee_domain_id': '3527620c-b220-4f37-9ebc-6e63a81a9b2f',
+            'trustee_password': 'fake_trustee_password',
+            'trustee_user_id': '7b489f04-b458-4541-8179-6a48a553e656',
+            'trustee_username': 'fake_trustee',
+            'username': 'fake_user',
+            'volume_driver': 'volume_driver'
+        }
+
+        self.assertEqual(expected, definition)
+
     @patch('magnum.objects.BayModel.get_by_uuid')
     def test_extract_template_definition_coreos_with_disovery(
             self,
@@ -192,6 +249,7 @@ class TestBayConductorWithK8s(base.TestCase):
             'flannel_network_subnetlen': '26',
             'flannel_backend': 'vxlan',
             'tls_disabled': False,
+            'registry_enabled': False,
             'trustee_domain_id': '3527620c-b220-4f37-9ebc-6e63a81a9b2f',
             'trustee_username': 'fake_trustee',
             'trustee_password': 'fake_trustee_password',
@@ -238,6 +296,7 @@ class TestBayConductorWithK8s(base.TestCase):
             'flannel_network_subnetlen': '26',
             'flannel_backend': 'vxlan',
             'tls_disabled': False,
+            'registry_enabled': False,
             'trustee_domain_id': '3527620c-b220-4f37-9ebc-6e63a81a9b2f',
             'trustee_username': 'fake_trustee',
             'trustee_password': 'fake_trustee_password',
@@ -358,6 +417,7 @@ class TestBayConductorWithK8s(base.TestCase):
             'magnum_url': self.mock_osc.magnum_url.return_value,
             'region_name': self.mock_osc.cinder_region_name.return_value,
             'tls_disabled': False,
+            'registry_enabled': False,
             'trustee_domain_id': '3527620c-b220-4f37-9ebc-6e63a81a9b2f',
             'trustee_username': 'fake_trustee',
             'trustee_password': 'fake_trustee_password',

magnum/tests/unit/conductor/test_template_definition.py

@@ -175,6 +175,7 @@ class AtomicK8sTemplateDefinitionTestCase(base.TestCase):
         mock_context.auth_token = 'AUTH_TOKEN'
         mock_baymodel = mock.MagicMock()
         mock_baymodel.tls_disabled = False
+        mock_baymodel.registry_enabled = False
         mock_bay = mock.MagicMock()
         mock_bay.uuid = '5d12f6fd-a196-4bf0-ae4c-1f639a523a52'
         del mock_bay.stack_id
@@ -227,6 +228,7 @@ class AtomicK8sTemplateDefinitionTestCase(base.TestCase):
         mock_context.auth_token = 'AUTH_TOKEN'
         mock_baymodel = mock.MagicMock()
         mock_baymodel.tls_disabled = True
+        mock_baymodel.registry_enabled = False
         mock_bay = mock.MagicMock()
         mock_bay.uuid = '5d12f6fd-a196-4bf0-ae4c-1f639a523a52'
         del mock_bay.stack_id