Fix localhost cert location for push-to-intermediate-registry

We're using 127.0.0.1 everywhere rather than localhost; the cert directory and auth information need to match. Change-Id: Id72332625c234519ce4c819e88c184035eac8203
2019-04-22 14:35:29 -07:00 · 2019-04-22 14:35:29 -07:00 · aae4df5024
parent f855033f45
commit aae4df5024
2 changed files with 21 additions and 17 deletions
--- a/roles/pull-from-intermediate-registry/tasks/main.yaml
+++ b/roles/pull-from-intermediate-registry/tasks/main.yaml
@ -3,14 +3,6 @@
  when: buildset_registry is not defined
  set_fact:
    buildset_registry: "{{ (lookup('file', zuul.executor.work_root + '/results.json') | from_json)['buildset_registry'] }}"
- name: Ensure registry cert directory exists
-  file:
-    path: "/etc/docker/certs.d/{{ buildset_registry.host | ipwrap }}:{{ buildset_registry.port }}/"
-    state: directory
- name: Write registry TLS certificate
-  copy:
-    content: "{{ buildset_registry.cert }}"
-    dest: "/etc/docker/certs.d/{{ buildset_registry.host | ipwrap }}:{{ buildset_registry.port }}/ca.crt"

 # Start a socat tunnel to the buildset registry to work around the
 # fact that docker does not correctly parse ipv6 addresses.  The socat
@ -21,6 +13,16 @@
  set_fact:
    socat_port: "{{ lookup('file', zuul.executor.work_root + '/socat_port') | regex_replace('.*?0\\.0\\.0\\.0:(\\d+)', '\\1') }}"

+# Set up cert files for the buildset registry
+- name: Ensure registry cert directory exists
+  file:
+    path: "/etc/docker/certs.d/127.0.0.1:{{ socat_port }}/"
+    state: directory
+- name: Write registry TLS certificate
+  copy:
+    content: "{{ buildset_registry.cert }}"
+    dest: "/etc/docker/certs.d/127.0.0.1:{{ socat_port }}/ca.crt"
+
 # Update user config for intermediate and buildset registries
 - name: Ensure docker user directory exists
  file:
--- a/roles/push-to-intermediate-registry/tasks/push.yaml
+++ b/roles/push-to-intermediate-registry/tasks/push.yaml
@ -3,14 +3,6 @@
  when: buildset_registry is not defined
  set_fact:
    buildset_registry: "{{ (lookup('file', zuul.executor.work_root + '/results.json') | from_json)['buildset_registry'] }}"
- name: Ensure registry cert directory exists
-  file:
-    path: "/etc/docker/certs.d/{{ buildset_registry.host | ipwrap }}:{{ buildset_registry.port }}/"
-    state: directory
- name: Write registry TLS certificate
-  copy:
-    content: "{{ buildset_registry.cert }}"
-    dest: "/etc/docker/certs.d/{{ buildset_registry.host | ipwrap }}:{{ buildset_registry.port }}/ca.crt"

 # Start a socat tunnel to the buildset registry to work around the
 # fact that docker does not correctly parse ipv6 addresses.  The socat
@ -21,6 +13,16 @@
  set_fact:
    socat_port: "{{ lookup('file', zuul.executor.work_root + '/socat_port') | regex_replace('.*?0\\.0\\.0\\.0:(\\d+)', '\\1') }}"

+# Set up cert files for the buildset registry
+- name: Ensure registry cert directory exists
+  file:
+    path: "/etc/docker/certs.d/127.0.0.1:{{ socat_port }}/"
+    state: directory
+- name: Write registry TLS certificate
+  copy:
+    content: "{{ buildset_registry.cert }}"
+    dest: "/etc/docker/certs.d/127.0.0.1:{{ socat_port }}/ca.crt"
+
 # Update user config for intermediate and buildset registries
 - name: Ensure docker user directory exists
  file:
@ -52,7 +54,7 @@
        {
          "{{ intermediate_registry.host | ipwrap }}:{{ intermediate_registry.port }}":
            {"auth": "{{ (intermediate_registry.username + ":" + intermediate_registry.password) | b64encode }}"},
-          "localhost:{{ socat_port }}":
+          "127.0.0.1:{{ socat_port }}":
            {"auth": "{{ (buildset_registry.username + ":" + buildset_registry.password) | b64encode }}"},
        }
  set_fact: