zuul/zuul-jobs
Code Issues Proposed changes

Use ipwrap filter in registry roles

Browse Source 
We need to escape some ipv6 addresses in URLs.

Change-Id: Ica5fe73dd65e138cdc4817de3903cdd271402941
This commit is contained in:
James E. Blair 2019-04-05 16:10:29 -07:00
parent 0509a390ac
commit 325b666b6d
6 changed files with 21 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
roles/build-docker-image/tasks/push.yaml
View File

@ -1,12 +1,12 @@
- name: Tag image for buildset registry - name: Tag image for buildset registry
command: >- command: >-
docker tag {{ image.repository }}:{{ image_tag }} {{ buildset_registry.host }}:{{ buildset_registry.port }}/{{ image.repository }}:{{ image_tag }} docker tag {{ image.repository }}:{{ image_tag }} {{ buildset_registry.host | ipwrap }}:{{ buildset_registry.port }}/{{ image.repository }}:{{ image_tag }}
loop: "{{ image.tags | default(['latest']) }}" loop: "{{ image.tags | default(['latest']) }}"
loop_control: loop_control:
loop_var: image_tag loop_var: image_tag
- name: Push tag to buildset registry - name: Push tag to buildset registry
command: >- command: >-
docker push {{ buildset_registry.host }}:{{ buildset_registry.port }}/{{ image.repository }}:{{ image_tag }} docker push {{ buildset_registry.host | ipwrap }}:{{ buildset_registry.port }}/{{ image.repository }}:{{ image_tag }}
loop: "{{ image.tags | default(['latest']) }}" loop: "{{ image.tags | default(['latest']) }}"
loop_control: loop_control:
loop_var: image_tag loop_var: image_tag

10
roles/pull-from-intermediate-registry/tasks/main.yaml
View File

@ -5,12 +5,12 @@
buildset_registry: "{{ (lookup('file', zuul.executor.work_root + '/results.json') | from_json)['buildset_registry'] }}" buildset_registry: "{{ (lookup('file', zuul.executor.work_root + '/results.json') | from_json)['buildset_registry'] }}"
- name: Ensure registry cert directory exists - name: Ensure registry cert directory exists
file: file:
path: "/etc/docker/certs.d/{{ buildset_registry.host }}:{{ buildset_registry.port }}/" path: "/etc/docker/certs.d/{{ buildset_registry.host | ipwrap }}:{{ buildset_registry.port }}/"
state: directory state: directory
- name: Write registry TLS certificate - name: Write registry TLS certificate
copy: copy:
content: "{{ buildset_registry.cert }}" content: "{{ buildset_registry.cert }}"
dest: "/etc/docker/certs.d/{{ buildset_registry.host }}:{{ buildset_registry.port }}/ca.crt" dest: "/etc/docker/certs.d/{{ buildset_registry.host | ipwrap }}:{{ buildset_registry.port }}/ca.crt"
# Update user config for intermediate and buildset registries # Update user config for intermediate and buildset registries
@ -42,9 +42,9 @@
new_config: new_config:
auths: | auths: |
{ {
"{{ intermediate_registry.host }}:{{ intermediate_registry.port }}": "{{ intermediate_registry.host | ipwrap }}:{{ intermediate_registry.port }}":
{"auth": "{{ (intermediate_registry.username + ":" + intermediate_registry.password) | b64encode }}"}, {"auth": "{{ (intermediate_registry.username + ":" + intermediate_registry.password) | b64encode }}"},
"{{ buildset_registry.host }}:{{ buildset_registry.port }}": "{{ buildset_registry.host | ipwrap }}:{{ buildset_registry.port }}":
{"auth": "{{ (buildset_registry.username + ":" + buildset_registry.password) | b64encode }}"}, {"auth": "{{ (buildset_registry.username + ":" + buildset_registry.password) | b64encode }}"},
} }
set_fact: set_fact:
@ -62,7 +62,7 @@
command: >- command: >-
skopeo --insecure-policy copy skopeo --insecure-policy copy
{{ item.url }} {{ item.url }}
docker://{{ buildset_registry.host }}:{{ buildset_registry.port }}/{{ item.metadata.repository }}:{{ item.metadata.tag }} docker://{{ buildset_registry.host | ipwrap }}:{{ buildset_registry.port }}/{{ item.metadata.repository }}:{{ item.metadata.tag }}
when: "'metadata' in item and item.metadata.type | default('') == 'container_image'" when: "'metadata' in item and item.metadata.type | default('') == 'container_image'"
loop: "{{ zuul.artifacts | default([]) }}" loop: "{{ zuul.artifacts | default([]) }}"
always: always:

6
roles/push-to-intermediate-registry/tasks/push-image.yaml
View File

@ -1,8 +1,8 @@
- name: Push tag to intermediate registry - name: Push tag to intermediate registry
command: >- command: >-
skopeo --insecure-policy copy skopeo --insecure-policy copy
docker://{{ buildset_registry.host }}:{{ buildset_registry.port }}/{{ image.repository }}:{{ image_tag }} docker://{{ buildset_registry.host | ipwrap }}:{{ buildset_registry.port }}/{{ image.repository }}:{{ image_tag }}
docker://{{ intermediate_registry.host }}:{{ intermediate_registry.port}}/{{ image.repository }}:{{ zuul.build }}_{{ image_tag }} docker://{{ intermediate_registry.host | ipwrap }}:{{ intermediate_registry.port}}/{{ image.repository }}:{{ zuul.build }}_{{ image_tag }}
loop: "{{ image.tags | default(['latest']) }}" loop: "{{ image.tags | default(['latest']) }}"
loop_control: loop_control:
loop_var: image_tag loop_var: image_tag
@ -13,7 +13,7 @@
zuul: zuul:
artifacts: artifacts:
- name: "image_{{ image.repository }}:{{ image_tag }}" - name: "image_{{ image.repository }}:{{ image_tag }}"
url: "docker://{{ intermediate_registry.host }}:{{ intermediate_registry.port}}/{{ image.repository }}:{{ zuul.build }}_{{ image_tag}}" url: "docker://{{ intermediate_registry.host | ipwrap }}:{{ intermediate_registry.port}}/{{ image.repository }}:{{ zuul.build }}_{{ image_tag}}"
metadata: metadata:
type: container_image type: container_image
repository: "{{ image.repository }}" repository: "{{ image.repository }}"

8
roles/push-to-intermediate-registry/tasks/push.yaml
View File

@ -5,12 +5,12 @@
buildset_registry: "{{ (lookup('file', zuul.executor.work_root + '/results.json') | from_json)['buildset_registry'] }}" buildset_registry: "{{ (lookup('file', zuul.executor.work_root + '/results.json') | from_json)['buildset_registry'] }}"
- name: Ensure registry cert directory exists - name: Ensure registry cert directory exists
file: file:
path: "/etc/docker/certs.d/{{ buildset_registry.host }}:{{ buildset_registry.port }}/" path: "/etc/docker/certs.d/{{ buildset_registry.host | ipwrap }}:{{ buildset_registry.port }}/"
state: directory state: directory
- name: Write registry TLS certificate - name: Write registry TLS certificate
copy: copy:
content: "{{ buildset_registry.cert }}" content: "{{ buildset_registry.cert }}"
dest: "/etc/docker/certs.d/{{ buildset_registry.host }}:{{ buildset_registry.port }}/ca.crt" dest: "/etc/docker/certs.d/{{ buildset_registry.host | ipwrap }}:{{ buildset_registry.port }}/ca.crt"
# Update user config for intermediate and buildset registries # Update user config for intermediate and buildset registries
- name: Ensure docker user directory exists - name: Ensure docker user directory exists
@ -41,9 +41,9 @@
new_config: new_config:
auths: | auths: |
{ {
"{{ intermediate_registry.host }}:{{ intermediate_registry.port }}": "{{ intermediate_registry.host | ipwrap }}:{{ intermediate_registry.port }}":
{"auth": "{{ (intermediate_registry.username + ":" + intermediate_registry.password) | b64encode }}"}, {"auth": "{{ (intermediate_registry.username + ":" + intermediate_registry.password) | b64encode }}"},
"{{ buildset_registry.host }}:{{ buildset_registry.port }}": "{{ buildset_registry.host | ipwrap }}:{{ buildset_registry.port }}":
{"auth": "{{ (buildset_registry.username + ":" + buildset_registry.password) | b64encode }}"}, {"auth": "{{ (buildset_registry.username + ":" + buildset_registry.password) | b64encode }}"},
} }
set_fact: set_fact:

10
roles/use-buildset-registry/tasks/main.yaml
View File

@ -6,23 +6,23 @@
- name: Ensure buildset registry cert directory exists - name: Ensure buildset registry cert directory exists
become: true become: true
file: file:
path: "/etc/docker/certs.d/{{ buildset_registry.host }}:{{ buildset_registry.port }}/" path: "/etc/docker/certs.d/{{ buildset_registry.host | ipwrap }}:{{ buildset_registry.port }}/"
state: directory state: directory
- name: Ensure proxy registry cert directory exists - name: Ensure proxy registry cert directory exists
become: true become: true
file: file:
path: "/etc/docker/certs.d/{{ buildset_registry.host }}:{{ buildset_registry.proxy_port }}/" path: "/etc/docker/certs.d/{{ buildset_registry.host | ipwrap }}:{{ buildset_registry.proxy_port }}/"
state: directory state: directory
- name: Write buildset registry TLS certificate - name: Write buildset registry TLS certificate
become: true become: true
copy: copy:
content: "{{ buildset_registry.cert }}" content: "{{ buildset_registry.cert }}"
dest: "/etc/docker/certs.d/{{ buildset_registry.host }}:{{ buildset_registry.port }}/ca.crt" dest: "/etc/docker/certs.d/{{ buildset_registry.host | ipwrap }}:{{ buildset_registry.port }}/ca.crt"
- name: Write proxy registry TLS certificate - name: Write proxy registry TLS certificate
become: true become: true
copy: copy:
content: "{{ buildset_registry.cert }}" content: "{{ buildset_registry.cert }}"
dest: "/etc/docker/certs.d/{{ buildset_registry.host }}:{{ buildset_registry.proxy_port }}/ca.crt" dest: "/etc/docker/certs.d/{{ buildset_registry.host | ipwrap }}:{{ buildset_registry.proxy_port }}/ca.crt"
# Update daemon config # Update daemon config
- name: Check if docker daemon configuration exists - name: Check if docker daemon configuration exists
@ -46,7 +46,7 @@
- name: Add registry to docker daemon configuration - name: Add registry to docker daemon configuration
vars: vars:
new_config: new_config:
registry-mirrors: "['https://{{ buildset_registry.host }}:{{ buildset_registry.port}}/', 'https://{{ buildset_registry.host }}:{{ buildset_registry.proxy_port}}/']" registry-mirrors: "['https://{{ buildset_registry.host | ipwrap }}:{{ buildset_registry.port}}/', 'https://{{ buildset_registry.host | ipwrap }}:{{ buildset_registry.proxy_port}}/']"
set_fact: set_fact:
docker_config: "{{ docker_config | combine(new_config) }}" docker_config: "{{ docker_config | combine(new_config) }}"
- name: Save docker daemon configuration - name: Save docker daemon configuration

4
roles/use-buildset-registry/tasks/user-config.yaml
View File

@ -29,9 +29,9 @@
{ {
"https://index.docker.io/v1/": "https://index.docker.io/v1/":
{"auth": "{{ (buildset_registry.username + ":" + buildset_registry.password) | b64encode }}"}, {"auth": "{{ (buildset_registry.username + ":" + buildset_registry.password) | b64encode }}"},
"{{ buildset_registry.host }}:{{ buildset_registry.port }}": "{{ buildset_registry.host | ipwrap }}:{{ buildset_registry.port }}":
{"auth": "{{ (buildset_registry.username + ":" + buildset_registry.password) | b64encode }}"}, {"auth": "{{ (buildset_registry.username + ":" + buildset_registry.password) | b64encode }}"},
"{{ buildset_registry.host }}:{{ buildset_registry.proxy_port }}": "{{ buildset_registry.host | ipwrap }}:{{ buildset_registry.proxy_port }}":
{"auth": "{{ (buildset_registry.username + ":" + buildset_registry.password) | b64encode }}"} {"auth": "{{ (buildset_registry.username + ":" + buildset_registry.password) | b64encode }}"}
} }
set_fact: set_fact: