2019-01-31 13:44:04 -08:00
|
|
|
- name: Install packages
|
|
|
|
become: yes
|
|
|
|
package:
|
|
|
|
name:
|
|
|
|
- python-docker
|
2019-10-17 11:13:46 -07:00
|
|
|
- openssl
|
2019-01-31 13:44:04 -08:00
|
|
|
- python-passlib
|
|
|
|
state: present
|
2019-10-31 12:07:03 -04:00
|
|
|
when: ansible_python_version is version('3', '<')
|
2019-01-31 13:44:04 -08:00
|
|
|
- name: Install packages
|
|
|
|
become: yes
|
|
|
|
package:
|
|
|
|
name:
|
|
|
|
- python3-docker
|
2019-10-17 11:13:46 -07:00
|
|
|
- openssl
|
2019-01-31 13:44:04 -08:00
|
|
|
- python3-passlib
|
|
|
|
state: present
|
2019-10-31 12:07:03 -04:00
|
|
|
when: ansible_python_version is version('3', '>=')
|
2019-10-17 11:13:46 -07:00
|
|
|
- name: Ensure registry volume directories exists
|
2019-01-31 13:44:04 -08:00
|
|
|
file:
|
|
|
|
state: directory
|
2019-06-26 18:05:08 +00:00
|
|
|
path: "{{ buildset_registry_root }}/{{ item }}"
|
2019-01-31 13:44:04 -08:00
|
|
|
loop:
|
2019-10-17 11:13:46 -07:00
|
|
|
- tls
|
|
|
|
- conf
|
|
|
|
- name: Generate registry secrets
|
2019-01-31 13:44:04 -08:00
|
|
|
set_fact:
|
2019-06-04 18:33:29 +00:00
|
|
|
registry_password: "{{ lookup('password', '/dev/null') }}"
|
2019-10-17 11:13:46 -07:00
|
|
|
registry_secret: "{{ lookup('password', '/dev/null') }}"
|
|
|
|
- name: Write registry config
|
|
|
|
template:
|
|
|
|
src: registry.yaml.j2
|
|
|
|
dest: "{{ buildset_registry_root }}/conf/registry.yaml"
|
|
|
|
- name: Generate a TLS key for the registry
|
|
|
|
command: "openssl req -x509 -newkey rsa:2048 -keyout {{ buildset_registry_root }}/tls/cert.key -out {{ buildset_registry_root }}/tls/cert.pem -days 365 -nodes -subj '/C=US/ST=California/L=Oakland/O=Company Name/OU=Org/CN={{ ansible_host }}' -addext 'subjectAltName = DNS:zuul-jobs.buildset-registry,DNS:{{ ansible_host }},IP:{{ ansible_host }},IP:127.0.0.1'"
|
2019-01-31 13:44:04 -08:00
|
|
|
- name: Read TLS certificate
|
|
|
|
slurp:
|
2019-10-17 11:13:46 -07:00
|
|
|
src: "{{ buildset_registry_root }}/tls/cert.pem"
|
2019-01-31 13:44:04 -08:00
|
|
|
register: certificate
|
|
|
|
- name: Decode TLS certificate
|
|
|
|
set_fact:
|
|
|
|
certificate: "{{ certificate.content | b64decode }}"
|
2019-10-17 11:13:46 -07:00
|
|
|
- name: Start the buildset registry
|
2019-01-31 13:44:04 -08:00
|
|
|
docker_container:
|
2019-10-24 07:44:35 -07:00
|
|
|
name: "{{ (buildset_registry_port == 5000) | ternary('buildset_registry', 'buildset_registry_' + buildset_registry_port|string) }}"
|
2019-10-17 11:13:46 -07:00
|
|
|
image: zuul/zuul-registry:latest
|
2019-01-31 13:44:04 -08:00
|
|
|
state: started
|
|
|
|
restart_policy: always
|
|
|
|
ports:
|
2019-10-17 11:20:30 -07:00
|
|
|
- "{{ buildset_registry_port }}:5000"
|
2019-01-31 13:44:04 -08:00
|
|
|
volumes:
|
2019-10-17 11:13:46 -07:00
|
|
|
- "{{ buildset_registry_root }}/tls:/tls"
|
|
|
|
- "{{ buildset_registry_root }}/conf:/conf"
|
2019-01-31 13:44:04 -08:00
|
|
|
- name: Set registry information fact
|
|
|
|
set_fact:
|
|
|
|
buildset_registry:
|
|
|
|
host: "{{ ansible_host }}"
|
2019-10-17 11:20:30 -07:00
|
|
|
port: "{{ buildset_registry_port }}"
|
2019-01-31 13:44:04 -08:00
|
|
|
username: zuul
|
|
|
|
password: "{{ registry_password }}"
|
|
|
|
cert: "{{ certificate }}"
|
|
|
|
- name: Return registry information to Zuul
|
|
|
|
zuul_return:
|
|
|
|
data:
|
|
|
|
buildset_registry: "{{ buildset_registry }}"
|