b152659d8d
Apparently, at least 8787 has a selinux type already, preventing httpd to listen on it. Change-Id: I03eacda0d8eaaa76915d8382bc21e8aa15c88265 Closes-Bug: #1821025
92 lines
3.0 KiB
YAML
92 lines
3.0 KiB
YAML
heat_template_version: rocky
|
|
|
|
description: >
|
|
Configures apache to serve container images on a host.
|
|
|
|
parameters:
|
|
EndpointMap:
|
|
default: {}
|
|
description: Mapping of service endpoint -> protocol. Typically set
|
|
via parameter_defaults in the resource registry.
|
|
type: json
|
|
ServiceData:
|
|
default: {}
|
|
description: Dictionary packing service data
|
|
type: json
|
|
ServiceNetMap:
|
|
default: {}
|
|
description: Mapping of service_name -> network name. Typically set
|
|
via parameter_defaults in the resource registry. This
|
|
mapping overrides those in ServiceNetMapDefaults.
|
|
type: json
|
|
DefaultPasswords:
|
|
default: {}
|
|
type: json
|
|
RoleName:
|
|
default: ''
|
|
description: Role name on which the service is applied
|
|
type: string
|
|
RoleParameters:
|
|
default: {}
|
|
description: Parameters specific to the role
|
|
type: json
|
|
LocalContainerRegistry:
|
|
default: ''
|
|
description: The IP address used to bind the local container registry
|
|
type: string
|
|
|
|
conditions:
|
|
local_container_registry_is_empty: {equals : [{get_param: LocalContainerRegistry}, '']}
|
|
|
|
outputs:
|
|
role_data:
|
|
description: Role data for the image serve registry service
|
|
value:
|
|
service_name: docker_registry
|
|
config_settings:
|
|
tripleo::docker_registry::firewall_rules:
|
|
'155 docker-registry':
|
|
dport:
|
|
- 8787
|
|
- 13787
|
|
step_config: ''
|
|
host_prep_tasks:
|
|
- name: authorize httpd to listen on registry ports
|
|
seport:
|
|
ports:
|
|
- '8787'
|
|
- '13787'
|
|
proto: tcp
|
|
setype: http_port_t
|
|
state: present
|
|
- name: Install, Configure and Run Apache to serve container images
|
|
block:
|
|
- set_fact:
|
|
container_registry_host:
|
|
if:
|
|
- local_container_registry_is_empty
|
|
- {get_param: [EndpointMap, DockerRegistryInternal, host]}
|
|
- {get_param: LocalContainerRegistry}
|
|
container_registry_port: {get_param: [EndpointMap, DockerRegistryInternal, port]}
|
|
- include_role:
|
|
name: tripleo-image-serve
|
|
upgrade_tasks:
|
|
- name: Uninstall docker-distribution
|
|
when: step|int == 3
|
|
block:
|
|
- name: check if docker-distribution is installed
|
|
command: /usr/bin/rpm -q docker-distribution
|
|
failed_when: false
|
|
register: docker_distribution_installed
|
|
check_mode: no
|
|
- name: Stop, disable docker-distribution
|
|
systemd:
|
|
enabled: false
|
|
state: stopped
|
|
name: docker-distribution
|
|
when: docker_distribution_installed.rc == 0
|
|
- name: Uninstall docker-distribution
|
|
package: name=docker-distribution state=absent
|
|
when: docker_distribution_installed.rc == 0
|
|
# TODO(sbaker) migrate docker-distribution data to image-serve
|