Role to install apache to serve container images

Since podman doesn't yet support mirrors, this service needs to be run
on the host instead of in a container, because there is no reliable
way to get the image onto the undercloud.

Blueprint: podman-support
Change-Id: I5c4920ffbd70171baa4d8ba3ace70b11358aa506

roles/tripleo-image-serve/README.md

@@ -0,0 +1,34 @@
+tripleo-container-tag
+=====================
+
+An Ansible role to deploy an apache based container image serving service.
+
+Role variables
+--------------
+
+- container_registry_host: -- Registry host
+- container_registry_port: -- Registry port
+- image_data_dir: -- Directory to store container image data
+
+Example Playbook
+----------------
+
+Sample playbook to call the role:
+
+  - name: Deploy image service
+    hosts: undercloud
+    roles:
+      - tripleo-image-serve
+    vars:
+      container_registry_host: 192.168.24.1
+      container_registry_port: 8787
+
+License
+-------
+
+Free software: Apache License (2.0)
+
+Author Information
+------------------
+
+OpenStack TripleO team

roles/tripleo-image-serve/defaults/main.yml

@@ -0,0 +1,5 @@
+# defaults file for apache-image-serve
+
+container_registry_host: localhost
+container_registry_port: 8787
+image_data_dir: /var/lib/image-serve

roles/tripleo-image-serve/handlers/main.yml

@@ -0,0 +1,16 @@
+- name: restart httpd
+  command: /bin/true
+  notify:
+    - Image-Serve | reload systemd
+    - Image-Serve | reload httpd
+  listen: "restart httpd service"
+
+- name: Image-Serve | reload systemd
+  systemd:
+    daemon_reload: yes
+  when: ansible_service_mgr == 'systemd'
+
+- name: Image-Serve | reload httpd
+  service:
+    name: httpd
+    state: restarted

roles/tripleo-image-serve/tasks/main.yml

@@ -0,0 +1,40 @@
+- name: ensure apache is installed
+  package:
+    name: httpd
+    state: present
+
+- name: create image data directory
+  file:
+    state: directory
+    path: "{{ image_data_dir }}/v2"
+    mode: 755
+    owner: root
+    group: root
+
+- name: create /v2/ response file
+  copy:
+    content: "{}" 
+    dest: "{{ image_data_dir }}/v2/index.json"
+    mode: 644
+    owner: root
+    group: root
+
+- lineinfile:
+    path: /etc/httpd/conf/httpd.conf
+    regexp: '^\s*Listen(.*)$'
+    line: '# Listen \1'
+
+- name: manage /etc/httpd/conf.d/image-serve.conf
+  template:
+    src: image-serve.conf.j2
+    dest: /etc/httpd/conf.d/image-serve.conf
+  notify: restart httpd service
+
+- name: force systemd to reread configs
+  meta: flush_handlers
+
+- name: enable and start httpd
+  systemd:
+    enabled: true
+    state: started
+    name: httpd

roles/tripleo-image-serve/templates/image-serve.conf.j2

@@ -0,0 +1,24 @@
+Listen {{ container_registry_port }}
+<VirtualHost {{ container_registry_host }}:{{ container_registry_port }}>
+    DocumentRoot {{ image_data_dir }} 
+
+    <Directory {{ image_data_dir }}>
+        # This assumes a file exists containing {} at
+        # {{ image_data_dir }}/index.json
+        DirectoryIndex index.json
+
+        Options FollowSymLinks MultiViews
+        AllowOverride FileInfo
+        Require all granted
+
+        Header set Docker-Distribution-Api-Version registry/2.0
+    </Directory>
+
+    <LocationMatch "^/v2/.*/.*/blobs/sha256:.*$">
+        SetEnvIf Request_URI "sha256:(.*)$" digest=sha256:$1
+        Header set Docker-Content-Digest "%{digest}e"
+        Header set ETag "%{digest}e"
+        Header set Cache-Control "max-age=31536000"
+        Header set Content-Type "application/octet-stream"
+    </LocationMatch>
+</VirtualHost>