diff --git a/environments/ssl/tls-endpoints-public-dns.yaml b/environments/ssl/tls-endpoints-public-dns.yaml index d1bd2d20fa..d851024a7d 100644 --- a/environments/ssl/tls-endpoints-public-dns.yaml +++ b/environments/ssl/tls-endpoints-public-dns.yaml @@ -30,6 +30,7 @@ parameter_defaults: CongressAdmin: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'} CongressInternal: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'} CongressPublic: {protocol: 'https', port: '13789', host: 'CLOUDNAME'} + DockerRegistryInternal: {protocol: 'https', port: '8787', host: 'CLOUDNAME'} Ec2ApiAdmin: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'} Ec2ApiInternal: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'} Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'CLOUDNAME'} diff --git a/environments/ssl/tls-endpoints-public-ip.yaml b/environments/ssl/tls-endpoints-public-ip.yaml index b776f6487e..1fbbdd441e 100644 --- a/environments/ssl/tls-endpoints-public-ip.yaml +++ b/environments/ssl/tls-endpoints-public-ip.yaml @@ -30,6 +30,7 @@ parameter_defaults: CongressAdmin: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'} CongressInternal: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'} CongressPublic: {protocol: 'https', port: '13789', host: 'IP_ADDRESS'} + DockerRegistryInternal: {protocol: 'https', port: '8787', host: 'IP_ADDRESS'} Ec2ApiAdmin: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'} Ec2ApiInternal: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'} Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'IP_ADDRESS'} diff --git a/environments/ssl/tls-everywhere-endpoints-dns.yaml b/environments/ssl/tls-everywhere-endpoints-dns.yaml index e0cfc9e6ad..05aca9cd71 100644 --- a/environments/ssl/tls-everywhere-endpoints-dns.yaml +++ b/environments/ssl/tls-everywhere-endpoints-dns.yaml @@ -30,6 +30,7 @@ parameter_defaults: CongressAdmin: {protocol: 'https', port: '1789', host: 'CLOUDNAME'} CongressInternal: {protocol: 'https', port: '1789', host: 'CLOUDNAME'} CongressPublic: {protocol: 'https', port: '13789', host: 'CLOUDNAME'} + DockerRegistryInternal: {protocol: 'https', port: '8787', host: 'CLOUDNAME'} Ec2ApiAdmin: {protocol: 'https', port: '8788', host: 'CLOUDNAME'} Ec2ApiInternal: {protocol: 'https', port: '8788', host: 'CLOUDNAME'} Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'CLOUDNAME'} diff --git a/environments/tls-endpoints-public-dns.yaml b/environments/tls-endpoints-public-dns.yaml index 38942899a0..6144ba0179 100644 --- a/environments/tls-endpoints-public-dns.yaml +++ b/environments/tls-endpoints-public-dns.yaml @@ -24,6 +24,7 @@ parameter_defaults: CongressAdmin: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'} CongressInternal: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'} CongressPublic: {protocol: 'https', port: '13789', host: 'CLOUDNAME'} + DockerRegistryInternal: {protocol: 'https', port: '8787', host: 'CLOUDNAME'} Ec2ApiAdmin: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'} Ec2ApiInternal: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'} Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'CLOUDNAME'} diff --git a/environments/tls-endpoints-public-ip.yaml b/environments/tls-endpoints-public-ip.yaml index b6613f4222..6cbe37e25d 100644 --- a/environments/tls-endpoints-public-ip.yaml +++ b/environments/tls-endpoints-public-ip.yaml @@ -24,6 +24,7 @@ parameter_defaults: CongressAdmin: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'} CongressInternal: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'} CongressPublic: {protocol: 'https', port: '13789', host: 'IP_ADDRESS'} + DockerRegistryInternal: {protocol: 'https', port: '8787', host: 'IP_ADDRESS'} Ec2ApiAdmin: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'} Ec2ApiInternal: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'} Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'IP_ADDRESS'} diff --git a/environments/tls-everywhere-endpoints-dns.yaml b/environments/tls-everywhere-endpoints-dns.yaml index 074fae73c4..4f7886ef3a 100644 --- a/environments/tls-everywhere-endpoints-dns.yaml +++ b/environments/tls-everywhere-endpoints-dns.yaml @@ -20,6 +20,7 @@ parameter_defaults: CongressAdmin: {protocol: 'https', port: '1789', host: 'CLOUDNAME'} CongressInternal: {protocol: 'https', port: '1789', host: 'CLOUDNAME'} CongressPublic: {protocol: 'https', port: '13789', host: 'CLOUDNAME'} + DockerRegistryInternal: {protocol: 'https', port: '8787', host: 'CLOUDNAME'} Ec2ApiAdmin: {protocol: 'https', port: '8788', host: 'CLOUDNAME'} Ec2ApiInternal: {protocol: 'https', port: '8788', host: 'CLOUDNAME'} Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'CLOUDNAME'} diff --git a/environments/undercloud.yaml b/environments/undercloud.yaml index b1ce295423..08046924ca 100644 --- a/environments/undercloud.yaml +++ b/environments/undercloud.yaml @@ -3,6 +3,7 @@ resource_registry: OS::TripleO::Network::Ports::ControlPlaneVipPort: ../deployed-server/deployed-neutron-port.yaml OS::TripleO::Undercloud::Net::SoftwareConfig: ../net-config-undercloud.yaml OS::TripleO::NodeExtraConfigPost: ../extraconfig/post_deploy/undercloud_post.yaml + OS::TripleO::Services::DockerRegistry: ../puppet/services/docker-registry.yaml parameter_defaults: EnablePackageInstall: true diff --git a/network/endpoints/endpoint_data.yaml b/network/endpoints/endpoint_data.yaml index f5661b12f6..1e5cd627bc 100644 --- a/network/endpoints/endpoint_data.yaml +++ b/network/endpoints/endpoint_data.yaml @@ -349,3 +349,8 @@ Octavia: Admin: net_param: OctaviaApi port: 9876 + +DockerRegistry: + Internal: + net_param: DockerRegistry + port: 8787 diff --git a/network/endpoints/endpoint_map.yaml b/network/endpoints/endpoint_map.yaml index f27af13927..cd4fab66f6 100644 --- a/network/endpoints/endpoint_map.yaml +++ b/network/endpoints/endpoint_map.yaml @@ -37,6 +37,7 @@ parameters: CongressAdmin: {protocol: http, port: '1789', host: IP_ADDRESS} CongressInternal: {protocol: http, port: '1789', host: IP_ADDRESS} CongressPublic: {protocol: http, port: '1789', host: IP_ADDRESS} + DockerRegistryInternal: {protocol: http, port: '8787', host: IP_ADDRESS} Ec2ApiAdmin: {protocol: http, port: '8788', host: IP_ADDRESS} Ec2ApiInternal: {protocol: http, port: '8788', host: IP_ADDRESS} Ec2ApiPublic: {protocol: http, port: '8788', host: IP_ADDRESS} @@ -2095,6 +2096,87 @@ outputs: template: NETWORK_uri port: get_param: [EndpointMap, CongressPublic, port] + DockerRegistryInternal: + host: + str_replace: + template: + get_param: [EndpointMap, DockerRegistryInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, DockerRegistryNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, DockerRegistryNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, DockerRegistryInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, DockerRegistryNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, DockerRegistryNetwork] + port: + get_param: [EndpointMap, DockerRegistryInternal, port] + protocol: + get_param: [EndpointMap, DockerRegistryInternal, protocol] + uri: + make_url: + scheme: + get_param: [EndpointMap, DockerRegistryInternal, protocol] + host: + str_replace: + template: + get_param: [EndpointMap, DockerRegistryInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, DockerRegistryNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, DockerRegistryNetwork] + template: NETWORK_uri + port: + get_param: [EndpointMap, DockerRegistryInternal, port] + uri_no_suffix: + make_url: + scheme: + get_param: [EndpointMap, DockerRegistryInternal, protocol] + host: + str_replace: + template: + get_param: [EndpointMap, DockerRegistryInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, DockerRegistryNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, DockerRegistryNetwork] + template: NETWORK_uri + port: + get_param: [EndpointMap, DockerRegistryInternal, port] Ec2ApiAdmin: host: str_replace: diff --git a/network/service_net_map.j2.yaml b/network/service_net_map.j2.yaml index beeedaa84a..89084eb790 100644 --- a/network/service_net_map.j2.yaml +++ b/network/service_net_map.j2.yaml @@ -79,6 +79,7 @@ parameters: OvnDbsNetwork: internal_api MistralApiNetwork: internal_api ZaqarApiNetwork: internal_api + DockerRegistryNetwork: ctlplane PacemakerRemoteNetwork: internal_api # We special-case the default ResolveNetwork for the CephStorage role # for backwards compatibility, all other roles default to internal_api diff --git a/overcloud-resource-registry-puppet.j2.yaml b/overcloud-resource-registry-puppet.j2.yaml index b974c91a68..a8a8be6a9d 100644 --- a/overcloud-resource-registry-puppet.j2.yaml +++ b/overcloud-resource-registry-puppet.j2.yaml @@ -303,6 +303,7 @@ resource_registry: OS::TripleO::Services::Vpp: OS::Heat::None OS::TripleO::Services::NeutronVppAgent: OS::Heat::None OS::TripleO::Services::Docker: OS::Heat::None + OS::TripleO::Services::DockerRegistry: OS::Heat::None OS::TripleO::Services::CertmongerUser: OS::Heat::None OS::TripleO::Services::Clustercheck: OS::Heat::None OS::TripleO::Services::RsyslogSidecar: OS::Heat::None diff --git a/puppet/services/docker-registry.yaml b/puppet/services/docker-registry.yaml new file mode 100644 index 0000000000..0b7d74b623 --- /dev/null +++ b/puppet/services/docker-registry.yaml @@ -0,0 +1,49 @@ +heat_template_version: queens + +description: > + Configures docker-registry on a host. + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + +outputs: + role_data: + description: Role data for the docker registry service + value: + service_name: docker_registry + config_settings: + tripleo::profile::base::docker_registry::registry_host: + {get_param: [ServiceNetMap, DockerRegistryNetwork]} + tripleo::profile::base::docker_registry::registry_port: + {get_param: [EndpointMap, DockerRegistryInternal, port]} + step_config: | + include ::tripleo::profile::base::docker_registry + upgrade_tasks: + - name: Install docker packages on upgrade if missing + tags: step3 + yum: name=docker-distribution state=latest diff --git a/roles/Undercloud.yaml b/roles/Undercloud.yaml index 6e360df8cc..19b8a9bc9b 100644 --- a/roles/Undercloud.yaml +++ b/roles/Undercloud.yaml @@ -13,6 +13,7 @@ ServicesDefault: - OS::TripleO::Services::Apache - OS::TripleO::Services::Docker + - OS::TripleO::Services::DockerRegistry - OS::TripleO::Services::GlanceApi - OS::TripleO::Services::HeatApi - OS::TripleO::Services::HeatApiCfn diff --git a/roles/UndercloudLight.yaml b/roles/UndercloudLight.yaml index 7a809b353c..80468c706e 100644 --- a/roles/UndercloudLight.yaml +++ b/roles/UndercloudLight.yaml @@ -15,6 +15,7 @@ ServicesDefault: - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::Docker + - OS::TripleO::Services::DockerRegistry - OS::TripleO::Services::HeatApi - OS::TripleO::Services::HeatApiCfn - OS::TripleO::Services::HeatEngine diff --git a/roles_data_undercloud.yaml b/roles_data_undercloud.yaml index d5e9c2cb50..f068d9ab9c 100644 --- a/roles_data_undercloud.yaml +++ b/roles_data_undercloud.yaml @@ -16,6 +16,7 @@ ServicesDefault: - OS::TripleO::Services::Apache - OS::TripleO::Services::Docker + - OS::TripleO::Services::DockerRegistry - OS::TripleO::Services::GlanceApi - OS::TripleO::Services::HeatApi - OS::TripleO::Services::HeatApiCfn diff --git a/sample-env-generator/ssl.yaml b/sample-env-generator/ssl.yaml index a3b5f24ab2..c6a4e69adb 100644 --- a/sample-env-generator/ssl.yaml +++ b/sample-env-generator/ssl.yaml @@ -125,6 +125,7 @@ environments: CongressAdmin: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'} CongressInternal: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'} CongressPublic: {protocol: 'https', port: '13789', host: 'IP_ADDRESS'} + DockerRegistryInternal: {protocol: 'https', port: '8787', host: 'IP_ADDRESS'} Ec2ApiAdmin: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'} Ec2ApiInternal: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'} Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'IP_ADDRESS'} @@ -226,6 +227,7 @@ environments: CongressAdmin: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'} CongressInternal: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'} CongressPublic: {protocol: 'https', port: '13789', host: 'CLOUDNAME'} + DockerRegistryInternal: {protocol: 'https', port: '8787', host: 'CLOUDNAME'} Ec2ApiAdmin: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'} Ec2ApiInternal: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'} Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'CLOUDNAME'} @@ -327,6 +329,7 @@ environments: CongressAdmin: {protocol: 'https', port: '1789', host: 'CLOUDNAME'} CongressInternal: {protocol: 'https', port: '1789', host: 'CLOUDNAME'} CongressPublic: {protocol: 'https', port: '13789', host: 'CLOUDNAME'} + DockerRegistryInternal: {protocol: 'https', port: '8787', host: 'CLOUDNAME'} Ec2ApiAdmin: {protocol: 'https', port: '8788', host: 'CLOUDNAME'} Ec2ApiInternal: {protocol: 'https', port: '8788', host: 'CLOUDNAME'} Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'CLOUDNAME'}