From 0f6796d12bb1b78f897355dfb683d68e69371b75 Mon Sep 17 00:00:00 2001
From: "James E. Blair" <jeblair@redhat.com>
Date: Thu, 31 Jan 2019 15:27:23 -0800
Subject: [PATCH] Add role to use buildset registry

Change-Id: Ieacbd033c49afd0bac11cdb17891386c9e1d6a4b
---
 roles/use-buildset-registry/README.rst      | 30 ++++++++++++++++
 roles/use-buildset-registry/tasks/main.yaml | 39 +++++++++++++++++++++
 2 files changed, 69 insertions(+)
 create mode 100644 roles/use-buildset-registry/README.rst
 create mode 100644 roles/use-buildset-registry/tasks/main.yaml

diff --git a/roles/use-buildset-registry/README.rst b/roles/use-buildset-registry/README.rst
new file mode 100644
index 000000000..415a6ccba
--- /dev/null
+++ b/roles/use-buildset-registry/README.rst
@@ -0,0 +1,30 @@
+Adds a buildset registry to the docker configuration.
+
+Use this role on any host which should use the buildset registry.
+
+**Role Variables**
+
+.. zuul:rolevar:: buildset_registry
+
+   Information about the registry, as returned by
+   :zuul:role:`run-buildset-registry`.
+
+   .. zuul:rolevar:: host
+
+      The host (IP address) of the registry.
+
+   .. zuul:rolevar:: port
+
+      The port on which the registry is listening.
+
+   .. zuul:rolevar:: username
+
+      The username used to access the registry via HTTP basic auth.
+
+   .. zuul:rolevar:: password
+
+      The password used to access the registry via HTTP basic auth.
+
+   .. zuul:rolevar:: cert
+
+      The (self-signed) certificate used by the registry.
diff --git a/roles/use-buildset-registry/tasks/main.yaml b/roles/use-buildset-registry/tasks/main.yaml
new file mode 100644
index 000000000..983e25bc8
--- /dev/null
+++ b/roles/use-buildset-registry/tasks/main.yaml
@@ -0,0 +1,39 @@
+- name: Ensure registry cert directory exists
+  become: true
+  file:
+    path: "/etc/docker/certs.d/{{ buildset_registry.host }}:{{ buildset_registry.port }}/"
+    state: directory
+- name: Write registry TLS certificate
+  become: true
+  copy:
+    content: "{{ buildset_registry.cert }}"
+    dest: "/etc/docker/certs.d/{{ buildset_registry.host }}:{{ buildset_registry.port }}/ca.crt"
+- name: Load docker daemon configuration
+  slurp:
+    path: /etc/docker/daemon.json
+  register: docker_config
+- name: Parse docker daemon configuration
+  set_fact:
+    docker_config: "{{ docker_config.content | b64decode | from_json }}"
+- name: Add registry to docker daemon configuration
+  vars:
+    new_config:
+      registry-mirrors: "['https://{{ buildset_registry.host }}:{{ buildset_registry.port}}/'] + {{ docker_config['registry-mirrors'] }}"
+  set_fact:
+    docker_config: "{{ docker_config | combine(new_config) }}"
+- name: Save docker daemon configuration
+  copy:
+    content: "{{ docker_config | to_nice_json }}"
+    dest: /etc/docker/daemon.json
+  become: true
+- name: Restart docker daemon
+  service:
+    name: docker
+    state: restarted
+  become: true
+- name: Log in to registry
+  command: "docker login -u {{ buildset_registry.username }} -p {{ buildset_registry.password }} https://{{ buildset_registry.host }}:{{ buildset_registry.port}}/"
+  register: result
+  until: result.rc ==0
+  delay: 1
+  retries: 120