Use buildset registry push endpoint

When copying images from the intermediate registry to the buildset registry, use the new push endpoint of the dual-registry system. Also, use the push endpoint after a docker build to push the new image to the buildset registry. Change-Id: I3a11036bb9fb7cb3457a3d744fa83647c1b1b085
2019-02-21 14:11:19 -08:00 · 2019-02-21 14:11:19 -08:00 · a358f21736
parent 90fc18f621
commit a358f21736
3 changed files with 13 additions and 9 deletions
--- a/roles/build-docker-image/tasks/push.yaml
+++ b/roles/build-docker-image/tasks/push.yaml
@ -1,12 +1,12 @@
 - name: Tag image for buildset registry
  command: >-
-    docker tag {{ image.repository }}:{{ image_tag }} {{ buildset_registry.host }}:{{ buildset_registry.port }}/{{ image.repository }}:{{ image_tag }}
+    docker tag {{ image.repository }}:{{ image_tag }} {{ buildset_registry.push_host }}:{{ buildset_registry.push_port }}/{{ image.repository }}:{{ image_tag }}
  loop: "{{ image.tags | default(['latest']) }}"
  loop_control:
    loop_var: image_tag
 - name: Push tag to buildset registry
  command: >-
-    docker push {{ buildset_registry.host }}:{{ buildset_registry.port }}/{{ image.repository }}:{{ image_tag }}
+    docker push {{ buildset_registry.push_host }}:{{ buildset_registry.push_port }}/{{ image.repository }}:{{ image_tag }}
  loop: "{{ image.tags | default(['latest']) }}"
  loop_control:
    loop_var: image_tag
--- a/roles/pull-from-intermediate-registry/tasks/main.yaml
+++ b/roles/pull-from-intermediate-registry/tasks/main.yaml
@ -5,23 +5,19 @@
    buildset_registry: "{{ (lookup('file', zuul.executor.work_root + '/results.json') | from_json)['buildset_registry'] }}"
 - name: Ensure registry cert directory exists
  file:
-    path: "/etc/docker/certs.d/{{ buildset_registry.host }}:{{ buildset_registry.port }}/"
-    state: directory
- name: Ensure registry cert directory exists
-  file:
-    path: "/etc/docker/certs.d/{{ buildset_registry.host }}:{{ buildset_registry.port }}/"
+    path: "/etc/docker/certs.d/{{ buildset_registry.push_host }}:{{ buildset_registry.push_port }}/"
    state: directory
 - name: Write registry TLS certificate
  copy:
    content: "{{ buildset_registry.cert }}"
-    dest: "/etc/docker/certs.d/{{ buildset_registry.host }}:{{ buildset_registry.port }}/ca.crt"
+    dest: "/etc/docker/certs.d/{{ buildset_registry.push_host }}:{{ buildset_registry.push_port }}/ca.crt"
 - name: Pull artifact from intermediate registry
  command: >-
    skopeo --insecure-policy copy
    --src-creds={{ intermediate_registry.username }}:{{ intermediate_registry.password }}
    --dest-creds={{ buildset_registry.username }}:{{ buildset_registry.password }}
    {{ item.url }}
-    docker://{{ buildset_registry.host }}:{{ buildset_registry.port }}/{{ item.metadata.repository }}:{{ item.metadata.tag }}
+    docker://{{ buildset_registry.push_host }}:{{ buildset_registry.push_port }}/{{ item.metadata.repository }}:{{ item.metadata.tag }}
  when: "item.metadata.type | default('') == 'container_image'"
  loop: "{{ zuul.artifacts | default([]) }}"
  # no_log: true  TODO(corvus): replace
--- a/roles/use-buildset-registry/README.rst
+++ b/roles/use-buildset-registry/README.rst
@ -17,6 +17,14 @@ Use this role on any host which should use the buildset registry.

      The port on which the registry is listening.

+   .. zuul:rolevar:: push_host
+
+      The host (IP address) to use when pushing images to the registry.
+
+   .. zuul:rolevar:: push_port
+
+      The port to use when pushing images to the registry.
+
   .. zuul:rolevar:: username

      The username used to access the registry via HTTP basic auth.