Browse Source

use-buildset-registry: support running before docker installed

To accomodate running in a production-simulation environment,
make it safe to run this role on a host before docker is installed.

This also adds support for the new dual-registry configuration
that run-buildset-registry uses.

This removes the region-local proxy from the registry-mirrors
configuration.  Because the buildset registry acts as a pull-through
proxy, the region-local proxy won't be used even if we did include it.
Instead, we should update the run-buildset-registry role to proxy
to the region-local proxy if present.

Change-Id: I21011a3708f17ee61afd0034d90d75e8dc885575
changes/80/638180/8
James E. Blair 3 months ago
parent
commit
42df455705

+ 7
- 0
roles/use-buildset-registry/README.rst View File

@@ -28,3 +28,10 @@ Use this role on any host which should use the buildset registry.
28 28
    .. zuul:rolevar:: cert
29 29
 
30 30
       The (self-signed) certificate used by the registry.
31
+
32
+.. zuul:rolevar:: buildset_registry_docker_user
33
+   :default: {{ ansible_user }}
34
+
35
+   The system user to configure to use the docker registry.  The
36
+   docker configuration file for this user will be updated.  By
37
+   default, the user Ansible is running as.

+ 45
- 7
roles/use-buildset-registry/tasks/main.yaml View File

@@ -1,24 +1,52 @@
1
+- name: Ensure docker directory exists
2
+  become: yes
3
+  file:
4
+    state: directory
5
+    path: /etc/docker
1 6
 - name: Ensure registry cert directory exists
2 7
   become: true
3 8
   file:
4 9
     path: "/etc/docker/certs.d/{{ buildset_registry.host }}:{{ buildset_registry.port }}/"
5 10
     state: directory
11
+- name: Ensure push registry cert directory exists
12
+  become: true
13
+  file:
14
+    path: "/etc/docker/certs.d/{{ buildset_registry.push_host }}:{{ buildset_registry.push_port }}/"
15
+    state: directory
6 16
 - name: Write registry TLS certificate
7 17
   become: true
8 18
   copy:
9 19
     content: "{{ buildset_registry.cert }}"
10 20
     dest: "/etc/docker/certs.d/{{ buildset_registry.host }}:{{ buildset_registry.port }}/ca.crt"
21
+- name: Write push registry TLS certificate
22
+  become: true
23
+  copy:
24
+    content: "{{ buildset_registry.cert }}"
25
+    dest: "/etc/docker/certs.d/{{ buildset_registry.push_host }}:{{ buildset_registry.push_port }}/ca.crt"
26
+
27
+# Update daemon config
28
+- name: Check if docker daemon configuration exists
29
+  stat:
30
+    path: /etc/docker/daemon.json
31
+  register: docker_config_stat
11 32
 - name: Load docker daemon configuration
33
+  when: docker_config_stat.stat.exists
12 34
   slurp:
13 35
     path: /etc/docker/daemon.json
14 36
   register: docker_config
15 37
 - name: Parse docker daemon configuration
38
+  when: docker_config_stat.stat.exists
16 39
   set_fact:
17 40
     docker_config: "{{ docker_config.content | b64decode | from_json }}"
41
+- name: Set default docker daemon configuration
42
+  when: not docker_config_stat.stat.exists
43
+  set_fact:
44
+    docker_config:
45
+      registry-mirrors: []
18 46
 - name: Add registry to docker daemon configuration
19 47
   vars:
20 48
     new_config:
21
-      registry-mirrors: "['https://{{ buildset_registry.host }}:{{ buildset_registry.port}}/'] + {{ docker_config['registry-mirrors'] }}"
49
+      registry-mirrors: "['https://{{ buildset_registry.host }}:{{ buildset_registry.port}}/']"
22 50
   set_fact:
23 51
     docker_config: "{{ docker_config | combine(new_config) }}"
24 52
 - name: Save docker daemon configuration
@@ -26,14 +54,24 @@
26 54
     content: "{{ docker_config | to_nice_json }}"
27 55
     dest: /etc/docker/daemon.json
28 56
   become: true
57
+
29 58
 - name: Restart docker daemon
30 59
   service:
31 60
     name: docker
32 61
     state: restarted
33 62
   become: true
34
-- name: Log in to registry
35
-  command: "docker login -u {{ buildset_registry.username }} -p {{ buildset_registry.password }} https://{{ buildset_registry.host }}:{{ buildset_registry.port}}/"
36
-  register: result
37
-  until: result.rc ==0
38
-  delay: 1
39
-  retries: 120
63
+  register: docker_restart
64
+  failed_when: docker_restart is failed and not 'Could not find the requested service' in docker_restart.msg
65
+
66
+# We use 'block' here to cause the become to apply to all the tasks
67
+# (which does not automatically happen with include_tasks).
68
+- name: Update docker user config to use buildset registry
69
+  become: true
70
+  become_user: "{{ buildset_registry_docker_user }}"
71
+  when: buildset_registry_docker_user is defined
72
+  block:
73
+    - include_tasks: user-config.yaml
74
+- name: Update docker user config to use buildset registry
75
+  when: buildset_registry_docker_user is not defined
76
+  block:
77
+    - include_tasks: user-config.yaml

+ 43
- 0
roles/use-buildset-registry/tasks/user-config.yaml View File

@@ -0,0 +1,43 @@
1
+# Update user config
2
+- name: Ensure docker user directory exists
3
+  file:
4
+    state: directory
5
+    path: "~/.docker"
6
+    mode: 0700
7
+- name: Check if docker user configuration exists
8
+  stat:
9
+    path: "~/.docker/config.json"
10
+  register: docker_config_stat
11
+- name: Load docker user configuration
12
+  when: docker_config_stat.stat.exists
13
+  slurp:
14
+    path: "~/.docker/config.json"
15
+  register: docker_config
16
+- name: Parse docker user configuration
17
+  when: docker_config_stat.stat.exists
18
+  set_fact:
19
+    docker_config: "{{ docker_config.content | b64decode | from_json }}"
20
+- name: Set default docker user configuration
21
+  when: not docker_config_stat.stat.exists
22
+  set_fact:
23
+    docker_config:
24
+      auths: {}
25
+- name: Add registry to docker user configuration
26
+  vars:
27
+    new_config:
28
+      auths: |
29
+        {
30
+          "https://index.docker.io/v1/":
31
+            {"auth": "{{ (buildset_registry.username + ":" + buildset_registry.password) | b64encode }}"},
32
+          "{{ buildset_registry.host }}:{{ buildset_registry.port }}":
33
+            {"auth": "{{ (buildset_registry.username + ":" + buildset_registry.password) | b64encode }}"},
34
+          "{{ buildset_registry.push_host }}:{{ buildset_registry.push_port }}":
35
+            {"auth": "{{ (buildset_registry.username + ":" + buildset_registry.password) | b64encode }}"}
36
+        }
37
+  set_fact:
38
+    docker_config: "{{ docker_config | combine(new_config, recursive=True) }}"
39
+- name: Save docker user configuration
40
+  copy:
41
+    content: "{{ docker_config | to_nice_json }}"
42
+    dest: "~/.docker/config.json"
43
+    mode: 0600

Loading…
Cancel
Save