use-buildset-registry: Add podman support
Change-Id: I41718073962c8e7eb3d8810276e550fb84bd6e99
This commit is contained in:
parent
b583530f2b
commit
d48667a3c5
@ -74,13 +74,18 @@
|
|||||||
mode: 0600
|
mode: 0600
|
||||||
|
|
||||||
# Pull the images
|
# Pull the images
|
||||||
|
|
||||||
|
# To support usage with both docker and podman, the buildset registry
|
||||||
|
# keeps "docker.io" entries un-namespaced, and any other namespaces
|
||||||
|
# are namespaced. Therefore, if we see docker.io in the repository
|
||||||
|
# name, we strip it here.
|
||||||
- name: Pull artifacts from intermediate registry
|
- name: Pull artifacts from intermediate registry
|
||||||
block:
|
block:
|
||||||
- name: Pull artifacts from intermediate registry
|
- name: Pull artifacts from intermediate registry
|
||||||
command: >-
|
command: >-
|
||||||
skopeo --insecure-policy copy
|
skopeo --insecure-policy copy
|
||||||
{{ item.url }}
|
{{ item.url }}
|
||||||
docker://127.0.0.1:{{ socat_port }}/{{ item.metadata.repository }}:{{ item.metadata.tag }}
|
docker://127.0.0.1:{{ socat_port }}/{{ item.metadata.repository | regex_replace('^docker\.io/(.*)', '\1') }}:{{ item.metadata.tag }}
|
||||||
retries: 3
|
retries: 3
|
||||||
register: result
|
register: result
|
||||||
until: result is success
|
until: result is success
|
||||||
|
@ -1,7 +1,11 @@
|
|||||||
|
# To support usage with both docker and podman, the buildset registry
|
||||||
|
# keeps "docker.io" entries un-namespaced, and any other namespaces
|
||||||
|
# are namespaced. Therefore, if we see docker.io in the repository
|
||||||
|
# name, we strip it here.
|
||||||
- name: Push tag to intermediate registry
|
- name: Push tag to intermediate registry
|
||||||
command: >-
|
command: >-
|
||||||
skopeo --insecure-policy copy
|
skopeo --insecure-policy copy
|
||||||
docker://127.0.0.1:{{ socat_port }}/{{ image.repository }}:{{ image_tag }}
|
docker://127.0.0.1:{{ socat_port }}/{{ image.repository | regex_replace('^docker\.io/(.*)', '\1') }}:{{ image_tag }}
|
||||||
docker://{{ intermediate_registry.host | ipwrap }}:{{ intermediate_registry.port }}/{{ image.repository }}:{{ zuul.build }}_{{ image_tag }}
|
docker://{{ intermediate_registry.host | ipwrap }}:{{ intermediate_registry.port }}/{{ image.repository }}:{{ zuul.build }}_{{ image_tag }}
|
||||||
retries: 3
|
retries: 3
|
||||||
register: result
|
register: result
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
Runs a docker registry for the use of this buildset.
|
Runs a container registry for the use of this buildset.
|
||||||
|
|
||||||
This may be used for a single job running on a single node, or it may
|
This may be used for a single job running on a single node, or it may
|
||||||
be used at the root of a job graph so that multiple jobs running for a
|
be used at the root of a job graph so that multiple jobs running for a
|
||||||
@ -16,6 +16,12 @@ single change can share the registry.
|
|||||||
|
|
||||||
The port on which the registry should listen.
|
The port on which the registry should listen.
|
||||||
|
|
||||||
|
.. zuul:rolevar:: container_command
|
||||||
|
:default: docker
|
||||||
|
|
||||||
|
The command to use to run the registry container (E.g., ``podman``).
|
||||||
|
|
||||||
|
|
||||||
**Return Values**
|
**Return Values**
|
||||||
|
|
||||||
.. zuul:rolevar:: buildset_registry
|
.. zuul:rolevar:: buildset_registry
|
||||||
|
@ -1,2 +1,3 @@
|
|||||||
buildset_registry_root: "{{ ansible_user_dir }}/buildset_registry"
|
buildset_registry_root: "{{ ansible_user_dir }}/buildset_registry"
|
||||||
buildset_registry_port: 5000
|
buildset_registry_port: 5000
|
||||||
|
container_command: docker
|
||||||
|
@ -2,18 +2,18 @@
|
|||||||
become: yes
|
become: yes
|
||||||
package:
|
package:
|
||||||
name:
|
name:
|
||||||
- python-docker
|
|
||||||
- openssl
|
- openssl
|
||||||
- python-passlib
|
- python-passlib
|
||||||
|
- socat
|
||||||
state: present
|
state: present
|
||||||
when: ansible_python_version is version('3', '<')
|
when: ansible_python_version is version('3', '<')
|
||||||
- name: Install packages
|
- name: Install packages
|
||||||
become: yes
|
become: yes
|
||||||
package:
|
package:
|
||||||
name:
|
name:
|
||||||
- python3-docker
|
|
||||||
- openssl
|
- openssl
|
||||||
- python3-passlib
|
- python3-passlib
|
||||||
|
- socat
|
||||||
state: present
|
state: present
|
||||||
when: ansible_python_version is version('3', '>=')
|
when: ansible_python_version is version('3', '>=')
|
||||||
- name: Ensure registry volume directories exists
|
- name: Ensure registry volume directories exists
|
||||||
@ -41,16 +41,21 @@
|
|||||||
set_fact:
|
set_fact:
|
||||||
certificate: "{{ certificate.content | b64decode }}"
|
certificate: "{{ certificate.content | b64decode }}"
|
||||||
- name: Start the buildset registry
|
- name: Start the buildset registry
|
||||||
docker_container:
|
command: >-
|
||||||
name: "{{ (buildset_registry_port == 5000) | ternary('buildset_registry', 'buildset_registry_' + buildset_registry_port|string) }}"
|
{{ container_command }} run -d
|
||||||
image: zuul/zuul-registry:latest
|
--name="{{ (buildset_registry_port == 5000) | ternary('buildset_registry', 'buildset_registry_' + buildset_registry_port|string) }}"
|
||||||
state: started
|
--restart=always
|
||||||
restart_policy: always
|
--publish="1{{ buildset_registry_port }}:5000"
|
||||||
ports:
|
--volume="{{ buildset_registry_root }}/tls:/tls"
|
||||||
- "{{ buildset_registry_port }}:5000"
|
--volume="{{ buildset_registry_root }}/conf:/conf"
|
||||||
volumes:
|
docker.io/zuul/zuul-registry:latest
|
||||||
- "{{ buildset_registry_root }}/tls:/tls"
|
|
||||||
- "{{ buildset_registry_root }}/conf:/conf"
|
# Start a socat tunnel to the buildset registry to work around
|
||||||
|
# https://github.com/containers/libpod/issues/4311
|
||||||
|
# in case we're using podman.
|
||||||
|
- name: Start socat to work around https://github.com/containers/libpod/issues/4311
|
||||||
|
shell: "socat -d -d TCP6-LISTEN:{{ buildset_registry_port }},fork TCP:127.0.0.1:1{{ buildset_registry_port }} 2> {{ buildset_registry_root }}/socat_port &"
|
||||||
|
|
||||||
- name: Set registry information fact
|
- name: Set registry information fact
|
||||||
set_fact:
|
set_fact:
|
||||||
buildset_registry:
|
buildset_registry:
|
||||||
|
@ -35,3 +35,15 @@ Use this role on any host which should use the buildset registry.
|
|||||||
The system user to configure to use the docker registry. The
|
The system user to configure to use the docker registry. The
|
||||||
docker configuration file for this user will be updated. By
|
docker configuration file for this user will be updated. By
|
||||||
default, the user Ansible is running as.
|
default, the user Ansible is running as.
|
||||||
|
|
||||||
|
.. zuul:rolevar:: buildset_registry_namespaces
|
||||||
|
:default: ['docker.io', 'quay.io', 'gcr.io']
|
||||||
|
|
||||||
|
The namespaces that the buildset registry supports. The buildset
|
||||||
|
registry will be consulted first for images in these namespaces.
|
||||||
|
Any others will be fetched only from their upstream sources.
|
||||||
|
|
||||||
|
Add any local or third-party registries necessary here.
|
||||||
|
|
||||||
|
The default may change in the future as more general-purpose public
|
||||||
|
registries become known.
|
||||||
|
0
roles/use-buildset-registry/__init__.py
Normal file
0
roles/use-buildset-registry/__init__.py
Normal file
4
roles/use-buildset-registry/defaults/main.yaml
Normal file
4
roles/use-buildset-registry/defaults/main.yaml
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
buildset_registry_namespaces:
|
||||||
|
- docker.io
|
||||||
|
- quay.io
|
||||||
|
- gcr.io
|
0
roles/use-buildset-registry/library/__init__.py
Normal file
0
roles/use-buildset-registry/library/__init__.py
Normal file
@ -0,0 +1,77 @@
|
|||||||
|
# Copyright 2019 Red Hat, Inc
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
|
||||||
|
import os
|
||||||
|
|
||||||
|
from ansible.module_utils.basic import AnsibleModule
|
||||||
|
from ansible.module_utils import remarshal
|
||||||
|
|
||||||
|
|
||||||
|
def get_location(prefix, location):
|
||||||
|
# To support usage with both docker and podman, the buildset
|
||||||
|
# registry keeps "docker.io" entries un-namespaced.
|
||||||
|
if prefix == 'docker.io':
|
||||||
|
return location
|
||||||
|
else:
|
||||||
|
return location + '/' + prefix
|
||||||
|
|
||||||
|
|
||||||
|
def ansible_main():
|
||||||
|
module = AnsibleModule(
|
||||||
|
argument_spec=dict(
|
||||||
|
path=dict(required=True, type='path'),
|
||||||
|
buildset_registry=dict(type='raw'),
|
||||||
|
buildset_registry_alias=dict(type='str'),
|
||||||
|
namespaces=dict(type='raw'),
|
||||||
|
)
|
||||||
|
)
|
||||||
|
p = module.params
|
||||||
|
location = '%s:%s' % (p['buildset_registry_alias'],
|
||||||
|
p['buildset_registry']['port'])
|
||||||
|
|
||||||
|
if os.path.exists(p['path']):
|
||||||
|
with open(p['path'], 'rb') as f:
|
||||||
|
input_data = f.read()
|
||||||
|
data = remarshal.decode('toml', input_data, True)
|
||||||
|
else:
|
||||||
|
data = {}
|
||||||
|
|
||||||
|
unseen = set(p['namespaces'])
|
||||||
|
if 'registry' not in data:
|
||||||
|
data['registry'] = []
|
||||||
|
for reg in data['registry']:
|
||||||
|
if reg['prefix'] in unseen:
|
||||||
|
unseen.remove(reg['prefix'])
|
||||||
|
else:
|
||||||
|
continue
|
||||||
|
mirrors = reg.setdefault('mirror', [])
|
||||||
|
mirrors.insert(0, {
|
||||||
|
'location': get_location(reg['prefix'], location)})
|
||||||
|
for prefix in unseen:
|
||||||
|
mirrors = [{'location': get_location(prefix, location)},
|
||||||
|
{'location': prefix}]
|
||||||
|
reg = {'prefix': prefix,
|
||||||
|
'location': prefix,
|
||||||
|
'mirror': mirrors}
|
||||||
|
data['registry'].append(reg)
|
||||||
|
|
||||||
|
output_data = remarshal.encode_toml(data, True)
|
||||||
|
with open(p['path'], 'wb') as f:
|
||||||
|
f.write(output_data.encode('utf8'))
|
||||||
|
|
||||||
|
module.exit_json(changed=True, data=data)
|
||||||
|
|
||||||
|
|
||||||
|
if __name__ == '__main__':
|
||||||
|
ansible_main()
|
@ -23,16 +23,14 @@
|
|||||||
file:
|
file:
|
||||||
state: directory
|
state: directory
|
||||||
path: /etc/docker
|
path: /etc/docker
|
||||||
- name: Ensure buildset registry cert directory exists
|
|
||||||
become: true
|
|
||||||
file:
|
|
||||||
path: "/etc/docker/certs.d/{{ buildset_registry_alias }}:{{ buildset_registry.port }}/"
|
|
||||||
state: directory
|
|
||||||
- name: Write buildset registry TLS certificate
|
- name: Write buildset registry TLS certificate
|
||||||
become: true
|
become: true
|
||||||
copy:
|
copy:
|
||||||
content: "{{ buildset_registry.cert }}"
|
content: "{{ buildset_registry.cert }}"
|
||||||
dest: "/etc/docker/certs.d/{{ buildset_registry_alias }}:{{ buildset_registry.port }}/ca.crt"
|
dest: "/usr/local/share/ca-certificates/buildset-registry.crt"
|
||||||
|
- name: Update CA certs
|
||||||
|
command: update-ca-certificates
|
||||||
|
become: true
|
||||||
|
|
||||||
# Update daemon config
|
# Update daemon config
|
||||||
- name: Check if docker daemon configuration exists
|
- name: Check if docker daemon configuration exists
|
||||||
@ -73,6 +71,19 @@
|
|||||||
register: docker_restart
|
register: docker_restart
|
||||||
failed_when: docker_restart is failed and not 'Could not find the requested service' in docker_restart.msg
|
failed_when: docker_restart is failed and not 'Could not find the requested service' in docker_restart.msg
|
||||||
|
|
||||||
|
- name: Ensure containers directory exists
|
||||||
|
become: yes
|
||||||
|
file:
|
||||||
|
state: directory
|
||||||
|
path: /etc/containers
|
||||||
|
- name: Modify registries.conf
|
||||||
|
become: yes
|
||||||
|
modify_registries_conf:
|
||||||
|
path: /etc/containers/registries.conf
|
||||||
|
buildset_registry: "{{ buildset_registry }}"
|
||||||
|
buildset_registry_alias: "{{ buildset_registry_alias }}"
|
||||||
|
namespaces: "{{ buildset_registry_namespaces }}"
|
||||||
|
|
||||||
# We use 'block' here to cause the become to apply to all the tasks
|
# We use 'block' here to cause the become to apply to all the tasks
|
||||||
# (which does not automatically happen with include_tasks).
|
# (which does not automatically happen with include_tasks).
|
||||||
- name: Update docker user config to use buildset registry
|
- name: Update docker user config to use buildset registry
|
||||||
|
@ -37,6 +37,10 @@
|
|||||||
content: "{{ docker_config | to_nice_json }}"
|
content: "{{ docker_config | to_nice_json }}"
|
||||||
dest: "~/.docker/config.json"
|
dest: "~/.docker/config.json"
|
||||||
mode: 0600
|
mode: 0600
|
||||||
|
- name: Write containers auth configuration
|
||||||
|
copy:
|
||||||
|
content: "{{ docker_config | to_nice_json }}"
|
||||||
|
dest: "/run/user/{{ ansible_user_uid }}/auth.json"
|
||||||
- name: Check if /var/lib/kubelet exists
|
- name: Check if /var/lib/kubelet exists
|
||||||
stat:
|
stat:
|
||||||
path: /var/lib/kubelet
|
path: /var/lib/kubelet
|
||||||
|
@ -1,2 +1,2 @@
|
|||||||
FROM debian:testing
|
FROM docker.io/library/debian:testing
|
||||||
CMD echo "Zuul container test"; sleep infinity
|
CMD echo "Zuul container test"; sleep infinity
|
||||||
|
@ -1,4 +1,5 @@
|
|||||||
- name: Ensure registry volume directories exists
|
- name: Ensure registry volume directories exists
|
||||||
|
become: true
|
||||||
file:
|
file:
|
||||||
state: directory
|
state: directory
|
||||||
path: "/var/registry/{{ item }}"
|
path: "/var/registry/{{ item }}"
|
||||||
@ -6,6 +7,7 @@
|
|||||||
- certs
|
- certs
|
||||||
- auth
|
- auth
|
||||||
- name: Install python packages
|
- name: Install python packages
|
||||||
|
become: true
|
||||||
package:
|
package:
|
||||||
name:
|
name:
|
||||||
- python3-docker
|
- python3-docker
|
||||||
@ -13,6 +15,7 @@
|
|||||||
- python3-bcrypt
|
- python3-bcrypt
|
||||||
state: present
|
state: present
|
||||||
- name: Write htpassword file
|
- name: Write htpassword file
|
||||||
|
become: true
|
||||||
htpasswd:
|
htpasswd:
|
||||||
create: true
|
create: true
|
||||||
crypt_scheme: bcrypt
|
crypt_scheme: bcrypt
|
||||||
@ -20,27 +23,26 @@
|
|||||||
name: "{{ intermediate_registry.username }}"
|
name: "{{ intermediate_registry.username }}"
|
||||||
password: "{{ intermediate_registry.password }}"
|
password: "{{ intermediate_registry.password }}"
|
||||||
- name: Write TLS private key
|
- name: Write TLS private key
|
||||||
|
become: true
|
||||||
copy:
|
copy:
|
||||||
content: "{{ intermediate_registry_tls_key }}"
|
content: "{{ intermediate_registry_tls_key }}"
|
||||||
dest: /var/registry/certs/domain.key
|
dest: /var/registry/certs/domain.key
|
||||||
- name: Write TLS certificate
|
- name: Write TLS certificate
|
||||||
|
become: true
|
||||||
copy:
|
copy:
|
||||||
content: "{{ intermediate_registry_tls_cert }}{{ intermediate_registry_tls_chain | default('') }}"
|
content: "{{ intermediate_registry_tls_cert }}{{ intermediate_registry_tls_chain | default('') }}"
|
||||||
dest: /var/registry/certs/domain.crt
|
dest: /var/registry/certs/domain.crt
|
||||||
- name: Start intermediate docker registry
|
- name: Start intermediate docker registry
|
||||||
docker_container:
|
command: >-
|
||||||
name: intermediate_registry
|
{{ container_command }} run -d
|
||||||
image: registry:2
|
--name="intermediate_registry"
|
||||||
state: started
|
--restart=always
|
||||||
restart_policy: always
|
--network=host
|
||||||
ports:
|
--env REGISTRY_HTTP_TLS_CERTIFICATE="/certs/domain.crt"
|
||||||
- "5000:5000"
|
--env REGISTRY_HTTP_TLS_KEY="/certs/domain.key"
|
||||||
env:
|
--env REGISTRY_AUTH="htpasswd"
|
||||||
REGISTRY_HTTP_TLS_CERTIFICATE: /certs/domain.crt
|
--env REGISTRY_AUTH_HTPASSWD_PATH="/auth/htpasswd"
|
||||||
REGISTRY_HTTP_TLS_KEY: /certs/domain.key
|
--env REGISTRY_AUTH_HTPASSWD_REALM="Registry Realm"
|
||||||
REGISTRY_AUTH: htpasswd
|
--volume="/var/registry/certs:/certs"
|
||||||
REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
|
--volume="/var/registry/auth:/auth"
|
||||||
REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm
|
docker.io/library/registry:2
|
||||||
volumes:
|
|
||||||
- "/var/registry/certs:/certs"
|
|
||||||
- "/var/registry/auth:/auth"
|
|
||||||
|
@ -1,24 +1,24 @@
|
|||||||
- hosts: all
|
- hosts: all
|
||||||
tasks:
|
tasks:
|
||||||
- name: List containers
|
- name: List containers
|
||||||
command: "docker ps -a --format '{{ '{{ .Names }}' }}'"
|
command: "{{ container_command }} ps -a --format '{{ '{{ .Names }}' }}'"
|
||||||
register: docker_containers
|
register: docker_containers
|
||||||
ignore_errors: true
|
ignore_errors: true
|
||||||
|
|
||||||
- name: Create container log dir
|
- name: Create container log dir
|
||||||
file:
|
file:
|
||||||
path: "{{ ansible_user_dir }}/zuul-output/logs/docker"
|
path: "{{ ansible_user_dir }}/zuul-output/logs/{{ container_command }}"
|
||||||
state: directory
|
state: directory
|
||||||
|
|
||||||
- name: Save container logs
|
- name: Save container logs
|
||||||
loop: "{{ docker_containers.stdout_lines | default([]) }}"
|
loop: "{{ docker_containers.stdout_lines | default([]) }}"
|
||||||
shell: "docker logs {{ item }} &> {{ ansible_user_dir }}/zuul-output/logs/docker/{{ item }}.txt"
|
shell: "{{ container_command }} logs {{ item }} &> {{ ansible_user_dir }}/zuul-output/logs/{{ container_command }}/{{ item }}.txt"
|
||||||
args:
|
args:
|
||||||
executable: /bin/bash
|
executable: /bin/bash
|
||||||
ignore_errors: true
|
ignore_errors: true
|
||||||
|
|
||||||
- name: Open container logs permissions
|
- name: Open container logs permissions
|
||||||
file:
|
file:
|
||||||
dest: "{{ ansible_user_dir }}/zuul-output/logs/docker"
|
dest: "{{ ansible_user_dir }}/zuul-output/logs/{{ container_command }}"
|
||||||
mode: u=rwX,g=rX,o=rX
|
mode: u=rwX,g=rX,o=rX
|
||||||
recurse: yes
|
recurse: yes
|
||||||
|
@ -4,10 +4,11 @@
|
|||||||
# though that obviously happens in configuration management rather
|
# though that obviously happens in configuration management rather
|
||||||
# than a job).
|
# than a job).
|
||||||
- hosts: builder:intermediate-registry
|
- hosts: builder:intermediate-registry
|
||||||
name: Set up docker and iptables configuration for registry hosts
|
name: "Set up container system and iptables configuration for registry hosts"
|
||||||
roles:
|
|
||||||
- install-docker
|
|
||||||
tasks:
|
tasks:
|
||||||
|
- name: Install container system
|
||||||
|
include_role:
|
||||||
|
name: "install-{{ container_command }}"
|
||||||
- name: Open the IPv4 port for the buildset registry
|
- name: Open the IPv4 port for the buildset registry
|
||||||
become: true
|
become: true
|
||||||
iptables:
|
iptables:
|
||||||
|
@ -13,8 +13,6 @@
|
|||||||
- name: Run the intermediate registry
|
- name: Run the intermediate registry
|
||||||
include_role:
|
include_role:
|
||||||
name: run-test-intermediate-registry
|
name: run-test-intermediate-registry
|
||||||
apply:
|
|
||||||
become: true
|
|
||||||
- name: Install the intermediate registry cert
|
- name: Install the intermediate registry cert
|
||||||
include_role:
|
include_role:
|
||||||
name: install-registry-cert
|
name: install-registry-cert
|
||||||
@ -25,17 +23,18 @@
|
|||||||
- name: Set up user credentials for the intermediate registry
|
- name: Set up user credentials for the intermediate registry
|
||||||
include_role:
|
include_role:
|
||||||
name: intermediate-registry-user-config
|
name: intermediate-registry-user-config
|
||||||
- name: Build a docker image for the previous build
|
- name: "Build a container image for the previous build"
|
||||||
include_role:
|
include_role:
|
||||||
name: build-docker-image
|
name: "build-{{ (container_command == 'docker') | ternary('docker', 'container') }}-image"
|
||||||
vars:
|
vars:
|
||||||
docker_images:
|
docker_images:
|
||||||
- context: test-playbooks/registry/docker
|
- context: test-playbooks/registry/docker
|
||||||
repository: "{{ previous_build_repository }}"
|
repository: "{{ previous_build_repository }}"
|
||||||
|
container_images: "{{ docker_images }}"
|
||||||
- name: Tag the previous build
|
- name: Tag the previous build
|
||||||
command: "docker tag {{ previous_build_repository }}:latest localhost:5000/{{ previous_build_repository }}:{{ previous_build_uuid }}_latest"
|
command: "{{ container_command }} tag {{ previous_build_repository }}:latest localhost:5000/{{ previous_build_repository }}:{{ previous_build_uuid }}_latest"
|
||||||
- name: Push the previous build to the intermediate registry
|
- name: Push the previous build to the intermediate registry
|
||||||
command: "docker push localhost:5000/{{ previous_build_repository }}:{{ previous_build_uuid }}_latest"
|
command: "{{ container_command }} push localhost:5000/{{ previous_build_repository }}:{{ previous_build_uuid }}_latest"
|
||||||
|
|
||||||
# This is also essentially pre-configuration for the real test of the
|
# This is also essentially pre-configuration for the real test of the
|
||||||
# roles. This sets up a fake executor (since we can't run the
|
# roles. This sets up a fake executor (since we can't run the
|
||||||
@ -112,16 +111,16 @@
|
|||||||
- name: Include previous build vars
|
- name: Include previous build vars
|
||||||
include_vars: vars/previous-build.yaml
|
include_vars: vars/previous-build.yaml
|
||||||
- name: Pull the previous build from buildset registry to the builder host
|
- name: Pull the previous build from buildset registry to the builder host
|
||||||
command: "docker pull {{ previous_build_repository }}:latest"
|
command: "{{ container_command }} pull {{ previous_build_repository }}:latest"
|
||||||
- name: Show local docker images for debugging
|
- name: "Show local container images for debugging"
|
||||||
command: "docker image ls"
|
command: "{{ container_command }} image ls"
|
||||||
- name: Verify previously built image is in buildset registry
|
- name: Verify previously built image is in buildset registry
|
||||||
command: "docker image inspect {{ previous_build_repository }}:latest"
|
command: "{{ container_command }} image inspect {{ previous_build_repository }}:latest"
|
||||||
|
|
||||||
# Back to straightforward use of the roles under test.
|
# Back to straightforward use of the roles under test.
|
||||||
|
|
||||||
- hosts: builder
|
- hosts: builder
|
||||||
name: Test building a docker image
|
name: Test building a container image
|
||||||
tasks:
|
tasks:
|
||||||
|
|
||||||
- name: Create fake sibling projects
|
- name: Create fake sibling projects
|
||||||
@ -133,7 +132,7 @@
|
|||||||
|
|
||||||
- name: Build docker image
|
- name: Build docker image
|
||||||
include_role:
|
include_role:
|
||||||
name: build-docker-image
|
name: "build-{{ (container_command == 'docker') | ternary('docker', 'container') }}-image"
|
||||||
vars:
|
vars:
|
||||||
docker_images:
|
docker_images:
|
||||||
- context: test-playbooks/registry/docker
|
- context: test-playbooks/registry/docker
|
||||||
@ -141,6 +140,7 @@
|
|||||||
siblings:
|
siblings:
|
||||||
- opendev.org/fake-sibling-1
|
- opendev.org/fake-sibling-1
|
||||||
- opendev.org/fake-sibling-2
|
- opendev.org/fake-sibling-2
|
||||||
|
container_images: "{{ docker_images }}"
|
||||||
|
|
||||||
- hosts: executor
|
- hosts: executor
|
||||||
name: Test pushing to the intermediate registry
|
name: Test pushing to the intermediate registry
|
||||||
@ -154,6 +154,7 @@
|
|||||||
docker_images:
|
docker_images:
|
||||||
- context: playbooks/registry/docker
|
- context: playbooks/registry/docker
|
||||||
repository: downstream/image
|
repository: downstream/image
|
||||||
|
container_images: "{{ docker_images }}"
|
||||||
|
|
||||||
# And finally an external verification step.
|
# And finally an external verification step.
|
||||||
|
|
||||||
|
@ -3,56 +3,59 @@ intermediate_registry:
|
|||||||
port: 5000
|
port: 5000
|
||||||
username: "zuul"
|
username: "zuul"
|
||||||
password: dQI83awO8Akuw0WU
|
password: dQI83awO8Akuw0WU
|
||||||
|
# openssl req -x509 -newkey rsa:2048 -keyout cert.key -out cert.pem -days 365 -nodes -subj '/C=US/ST=California/L=Oakland/O=Company Name/OU=Org/CN=zuul-jobs.intermediate-registry' -addext 'subjectAltName = DNS:zuul-jobs.intermediate-registry,DNS:localhost,IP:127.0.0.1'
|
||||||
intermediate_registry_tls_key: |
|
intermediate_registry_tls_key: |
|
||||||
-----BEGIN PRIVATE KEY-----
|
-----BEGIN PRIVATE KEY-----
|
||||||
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDYkpjfIz7bziCa
|
MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQC46dQ/20Zsjel3
|
||||||
mFrWqQ84ldeAs2jvSKs2JG0RhYNNLokr2AU/5TUvqtAisyyd5AX5dBHQ7u/7Vgmj
|
7D2F+9+9WqslsIWfiP+zsqsz+/K5ngkdYyBEjYCBAUoLmGY/6/HkvZRBYE79R2FK
|
||||||
towt7loFfAG/2/rpdSGi2Njx11roBUoDsjwdE9w3aNnrDvOCyJcepx5TWYS86+vZ
|
gjKIIo/bElKI4H6jq2nke5No+nroPXRlFh7wu0yP+U3P6pSaaDKJuJ5mMXxcboZE
|
||||||
IqodvdnuoWTk9VuolWfHsCgPRQV4uwMbIC5kbv2o4FORsOEzbuRfCEX9UTcAMEGg
|
z8TyjRs1+RaFo+walNNfcA/ZOg8JRWV5Fe4JBw7GjgR6GH265h6zppakg801rFXV
|
||||||
K/m/kM/valkrYeBbLILsOcivg4Jh0m+PFC7NTcQFo+uwpZzZvlNtVbmQ3LqkHDAE
|
zbf9sCRz7ic3vpNywGgz8klwqQVR3H1GlZ5zvlDr6/lPin+YwlXRd1wgRfFIima9
|
||||||
KDK94uBcQtdYjvvl6UZ+pNo+puD9iakYtcpQFuU8rpavMLE87+SuPVgi2Rk6QtTz
|
K+IU+nymnBExInO5AyomolpN+bn4bnrx6q2l/FKWvEssVKZPPjT8v7lbzBiXxvb2
|
||||||
OAP2mDMJAgMBAAECggEBANM9MfS7WQ1mIXEI19l2roz/wmIbHGgAllbJ8sRbWLWI
|
AKYmNjL5AgMBAAECggEARnqBNpGKBwgT62x0iqPUxGRRhT0BwSvDYieAT4EBI7RT
|
||||||
hW0JWB15gIYM8tRVtVgP2C/3IYWL+PFKez5+yH3odU/SI5ayhyr8/6DqJ7jD2Dxl
|
fwrwGpDgYMswALlmh4iTmv6TClP951WUhISZY//gWrxiDt+aBSHpa3eaWNHXlLsP
|
||||||
JEs0puOpwmsdTyixvZy78IKKeM7NiuYGq1VwNUOrMQ1LyLB2DUAC8mXYkUpLhUm6
|
qRPEWTbaWKnJ+axMVYnPcWSXoxXLc6OAs6uJQnV74Jd++RLgg8Ujx2V79OzHHF3c
|
||||||
O4wVaGie7XwMOJazRs66ceU9k7Nuv3b57yc3PN2bzTqYUVjmJ1XeuAiBJaAeHts6
|
AwwH1NHHWXPaxrItB+nLiV0Q9eQh5nibW12IFmyknYaAeYmanzVwDplBubtsS1T3
|
||||||
NfG1+vO9xLXIRTRWvDGKByNsYJJLLPOXZkQZZFYYe8TTduxyCmZgShY6sZmmnWua
|
X1kjUUaG58qCT/XyyM4YvagaDyy75T6J4XYnRsV7b/FKwc8FuF0vgbI+yY3B8nrz
|
||||||
cAdBL6b/5B3PZ2SkhdLHklaZmH8PTeAoqI2RDz/8eIECgYEA8gofU8LrK1Xjgrig
|
h4z14QLNvNmUiGbkJRpDzKQb/BeWvT/GPXzvD2ObHQKBgQDfrxIiO4bWa+IjJNSn
|
||||||
ItQxYxqZCrggm9lMMcaADc7u3nff68NyImZ5bSXhvZCu74cAIMx12HbU1UvSCsQ4
|
FySIBBoKzh70LC8ElQ8AkrzjeucgtPQIY0zJcdT9nhAcS4mYqw4tp1snhm9mbyuB
|
||||||
/cncHrlBOzG529878+iWgiUrJ29GsQiHGj+qHA4qGBSP0Qan7ISunskj4GezTeHd
|
huF83MwNFJ/O46IrWWpji0fXKQGgmPNex7yDGHYaVAE/nbzajGXXlGB1+w3tHCvM
|
||||||
/A3oTn5rLuld9V++647O35lXArkCgYEA5RBwV5nle49UT38hNqL/K+TUX5oZJXB8
|
1fxKxtLURHNtjfDBZUqDcz+PhwKBgQDToNXiMo5fKc3PninxaHrjnDQmDxk5t1y6
|
||||||
Xl9FT1L799toHUPEWEkSpf7Suf1hDwv6+tsIPO6tN7YirxK390JRxPaT948J8n1d
|
hEOTJf12BJDw4syh3YzxFcAH0CA47OTy7o7dMZVt5RZ53XKR5fbYfKD7KGX/claw
|
||||||
TkurGDs1uwLQdUWgXIwvQ8ms+8rYvTU7vg2hI7/BZhH09LmGCiYSwnem0QYXjGnc
|
sfutpskuVgFj4pnwShylFB6dQueFiHcWHf/DjMJmKyNM1dxzZcfqnH6P7FZaiYoW
|
||||||
kk56VeExytECgYBmBDw2Ctcied4eEAF3DKcQVXqiGP+tkMZbyIXazBjEbhRUhBmM
|
eoLdy1vJfwKBgQCtTL845HOgNq9aWROkbQqxkrP2gSF8Pasj2rRn1kgf2j2tmmSj
|
||||||
RFLz3V6rjtsdHHLCYEtfhJ6qlH2gihpXZgjAbmb/MzNaaFoVsTgW/OGWioFqRuTi
|
BwQb4mSJJegHdAKj1ItEla/K3J38d872KGEU0yAIVl1F9hjTixAhFWzQZwXKvhV3
|
||||||
/GiP0KyPX8NKYBrRRw9u3+qeQDdEIWp2Pcpno0M8D6LJtKR9FsE9X51cCQKBgQCs
|
7jnAO7hsx368IeKKVFInBt8BKUPt23CX34X7DTWUnX/sdhb8TxS+6RBqiwKBgQCF
|
||||||
8u5/ldjoo91acHhZUlQrhgi7bhQSao3ciz4/mD5ac7R2dBYpOnL0FiRw/VhtDfSf
|
3GAtuejQTPL/9n11U68XtcBOqpI8Lb2bxPmxZABU3EKJ/AuP/0GdZTKYPo+DMmUH
|
||||||
twTPTL5IVCJ34UA5Vj964VnzDnLKPdFXLlauYvY8jvFpufpMJiQBoKIVMqDWqvzC
|
PNplE23/mz6CSw6jNqDTAtIYy87oq3wmPA6EItFyW7h5Y+YXVemUiYtr0dv8XPtm
|
||||||
kHPcFAon0OMMa49C1mBPqBuxslHRWJSLeulvMipwIQKBgDFzDTH49cmKP8YQmCuT
|
pAcZvDliwrqLaWMOIz03K1Hq24Urs4ADA+8vN+iRJQKBgQCtNXP4sTXjRhO+leiM
|
||||||
vC5PJJ+hutbf/dOVJuOZ5KlKwnRkbMwoamYKrkjgmWMBgtzyz12/a46lZ58ul4xW
|
3YXc/qBof9TNlMcKS0g6C0s/+KFZ1CG3DbN0CizDCxqYWedOB7CKWklmfg7ENEhL
|
||||||
1fKw/nx8uQcbnKnigyjsAUzI9FgBR4d10cYdxPlfYVmj4TAUA3os5Gu6VKySy6SV
|
NI6NTo10Q376UZE1+TmaWjGdIdvaxDnUeabSeqUXQxinWOS1pGzMgwXULw1BMLCq
|
||||||
xuHEIA6nFsXLXGBu25vI5tEv
|
Zy9ZnBgOFe2NJl4U7EN8Xdmfrw==
|
||||||
-----END PRIVATE KEY-----
|
-----END PRIVATE KEY-----
|
||||||
intermediate_registry_tls_cert: |
|
intermediate_registry_tls_cert: |
|
||||||
-----BEGIN CERTIFICATE-----
|
-----BEGIN CERTIFICATE-----
|
||||||
MIIDtDCCApygAwIBAgIJANpxowfzYw4vMA0GCSqGSIb3DQEBCwUAMG8xCzAJBgNV
|
MIIEKDCCAxCgAwIBAgIUWVQQugUNh53VhvVfb3S49zw3GvgwDQYJKoZIhvcNAQEL
|
||||||
BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
|
BQAwgYMxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRAwDgYDVQQH
|
||||||
aWRnaXRzIFB0eSBMdGQxKDAmBgNVBAMMH3p1dWwtam9icy5pbnRlcm1lZGlhdGUt
|
DAdPYWtsYW5kMRUwEwYDVQQKDAxDb21wYW55IE5hbWUxDDAKBgNVBAsMA09yZzEo
|
||||||
cmVnaXN0cnkwHhcNMTkwNTMwMjAwOTQxWhcNMzkwNTI1MjAwOTQxWjBvMQswCQYD
|
MCYGA1UEAwwfenV1bC1qb2JzLmludGVybWVkaWF0ZS1yZWdpc3RyeTAeFw0xOTEx
|
||||||
VQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQg
|
MjExODQ5MjhaFw0yMDExMjAxODQ5MjhaMIGDMQswCQYDVQQGEwJVUzETMBEGA1UE
|
||||||
V2lkZ2l0cyBQdHkgTHRkMSgwJgYDVQQDDB96dXVsLWpvYnMuaW50ZXJtZWRpYXRl
|
CAwKQ2FsaWZvcm5pYTEQMA4GA1UEBwwHT2FrbGFuZDEVMBMGA1UECgwMQ29tcGFu
|
||||||
LXJlZ2lzdHJ5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2JKY3yM+
|
eSBOYW1lMQwwCgYDVQQLDANPcmcxKDAmBgNVBAMMH3p1dWwtam9icy5pbnRlcm1l
|
||||||
284gmpha1qkPOJXXgLNo70irNiRtEYWDTS6JK9gFP+U1L6rQIrMsneQF+XQR0O7v
|
ZGlhdGUtcmVnaXN0cnkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4
|
||||||
+1YJo7aMLe5aBXwBv9v66XUhotjY8dda6AVKA7I8HRPcN2jZ6w7zgsiXHqceU1mE
|
6dQ/20Zsjel37D2F+9+9WqslsIWfiP+zsqsz+/K5ngkdYyBEjYCBAUoLmGY/6/Hk
|
||||||
vOvr2SKqHb3Z7qFk5PVbqJVnx7AoD0UFeLsDGyAuZG79qOBTkbDhM27kXwhF/VE3
|
vZRBYE79R2FKgjKIIo/bElKI4H6jq2nke5No+nroPXRlFh7wu0yP+U3P6pSaaDKJ
|
||||||
ADBBoCv5v5DP72pZK2HgWyyC7DnIr4OCYdJvjxQuzU3EBaPrsKWc2b5TbVW5kNy6
|
uJ5mMXxcboZEz8TyjRs1+RaFo+walNNfcA/ZOg8JRWV5Fe4JBw7GjgR6GH265h6z
|
||||||
pBwwBCgyveLgXELXWI775elGfqTaPqbg/YmpGLXKUBblPK6WrzCxPO/krj1YItkZ
|
ppakg801rFXVzbf9sCRz7ic3vpNywGgz8klwqQVR3H1GlZ5zvlDr6/lPin+YwlXR
|
||||||
OkLU8zgD9pgzCQIDAQABo1MwUTAdBgNVHQ4EFgQU00qH9bMUPRacZwgvBgczgR8Z
|
d1wgRfFIima9K+IU+nymnBExInO5AyomolpN+bn4bnrx6q2l/FKWvEssVKZPPjT8
|
||||||
424wHwYDVR0jBBgwFoAU00qH9bMUPRacZwgvBgczgR8Z424wDwYDVR0TAQH/BAUw
|
v7lbzBiXxvb2AKYmNjL5AgMBAAGjgZEwgY4wHQYDVR0OBBYEFCXcx6YJW0L1JMSA
|
||||||
AwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAHEX2Tw19w5okaJ+6gHMFjA338ffwU9n5
|
rQDbbc9LyQN3MB8GA1UdIwQYMBaAFCXcx6YJW0L1JMSArQDbbc9LyQN3MA8GA1Ud
|
||||||
2piBMypbYr50yyPyUaTmz4SIBsTLkIWu00a0pdo9pqZDnv1KwxtJtP4o4qQXhMd4
|
EwEB/wQFMAMBAf8wOwYDVR0RBDQwMoIfenV1bC1qb2JzLmludGVybWVkaWF0ZS1y
|
||||||
Ve3FFF+6AMaOy5y5+hRkE8iHOOik/rNPFqkVDatNGuOMSNYO/jUFXc+C6Ol7gM/J
|
ZWdpc3RyeYIJbG9jYWxob3N0hwR/AAABMA0GCSqGSIb3DQEBCwUAA4IBAQBMQR4u
|
||||||
edyWaafjQbvdKapKPbdP4Y69R8OlRTNK1lJMIGJrsCdaeaK4EpLpbJPHnagIMdmQ
|
bcdeS6ML/X/BLh3HBjWf0DYobU5GVBoMC9c+L9Fxh82ck/CAK3Oeozr9iHFu5YLj
|
||||||
HDsTf978weRrjJ4JEODTabsKVHKyx0GBwe8CmR0NzpfO2ORCyNUO1rLK2rzh5YTQ
|
OsJWlAbRl0Getz7HOnVH9rMyL/ac9c99CKixjY1Vsf49x1itpOQULoZ+zJixFROk
|
||||||
qKGyfY0DAyiSHxKaUeGiskc4/WMxaYv2FzD63Xvzmot9atSwCMjN1A==
|
07KhnkaqsYs4SIfDSoa18UmBROEVT2y7yT0uYAwyxwMtZVJWUg7L9OuxPE/tMB0/
|
||||||
|
NyNwMzhdKBL0V54rXH0dxOQ0yE5mGkaOOgKS5x43r78xRRNZ3JM5iRj3S0P75Nbg
|
||||||
|
YDvkkOd0Pf+5UPBJyc4wh5TA+vOrU63lKa6RwIWIbA+xXJn5WJQFoQOjO2dCcEka
|
||||||
|
8p2tutWB2+G+3F12
|
||||||
-----END CERTIFICATE-----
|
-----END CERTIFICATE-----
|
||||||
#intermediate_registry_tls_chain
|
|
||||||
|
@ -2,7 +2,7 @@
|
|||||||
# buildset via provides/requires. This build should be copied from
|
# buildset via provides/requires. This build should be copied from
|
||||||
# the intermediate registry to the buildset registry.
|
# the intermediate registry to the buildset registry.
|
||||||
|
|
||||||
previous_build_repository: upstream/image
|
previous_build_repository: docker.io/upstream/image
|
||||||
previous_build_uuid: 48a84fe22a744cb5b0310f396358d912
|
previous_build_uuid: 48a84fe22a744cb5b0310f396358d912
|
||||||
previous_build_zuul:
|
previous_build_zuul:
|
||||||
artifacts:
|
artifacts:
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
- job:
|
- job:
|
||||||
name: zuul-jobs-test-registry
|
name: zuul-jobs-test-registry-docker
|
||||||
description: |
|
description: |
|
||||||
Test the intermediate registry roles.
|
Test the intermediate registry roles.
|
||||||
|
|
||||||
@ -17,6 +17,38 @@
|
|||||||
pre-run: test-playbooks/registry/test-registry-pre.yaml
|
pre-run: test-playbooks/registry/test-registry-pre.yaml
|
||||||
run: test-playbooks/registry/test-registry.yaml
|
run: test-playbooks/registry/test-registry.yaml
|
||||||
post-run: test-playbooks/registry/test-registry-post.yaml
|
post-run: test-playbooks/registry/test-registry-post.yaml
|
||||||
|
vars:
|
||||||
|
container_command: docker
|
||||||
|
nodeset:
|
||||||
|
nodes:
|
||||||
|
- name: intermediate-registry
|
||||||
|
label: ubuntu-bionic
|
||||||
|
- name: executor
|
||||||
|
label: ubuntu-bionic
|
||||||
|
- name: builder
|
||||||
|
label: ubuntu-bionic
|
||||||
|
|
||||||
|
- job:
|
||||||
|
name: zuul-jobs-test-registry-podman
|
||||||
|
description: |
|
||||||
|
Test the intermediate registry roles.
|
||||||
|
|
||||||
|
This job tests changes to the intermediate registry roles using
|
||||||
|
podman rather than docker. It is not meant to be used directly
|
||||||
|
but rather run on changes to roles in the zuul-jobs repo.
|
||||||
|
files:
|
||||||
|
- roles/pull-from-intermediate-registry/.*
|
||||||
|
- roles/push-to-intermediate-registry/.*
|
||||||
|
- roles/install-podman/.*
|
||||||
|
- roles/build-container-image/.*
|
||||||
|
- roles/run-buildset-registry/.*
|
||||||
|
- roles/use-buildset-registry/.*
|
||||||
|
- test-playbooks/registry/.*
|
||||||
|
pre-run: test-playbooks/registry/test-registry-pre.yaml
|
||||||
|
run: test-playbooks/registry/test-registry.yaml
|
||||||
|
post-run: test-playbooks/registry/test-registry-post.yaml
|
||||||
|
vars:
|
||||||
|
container_command: podman
|
||||||
nodeset:
|
nodeset:
|
||||||
nodes:
|
nodes:
|
||||||
- name: intermediate-registry
|
- name: intermediate-registry
|
||||||
@ -52,6 +84,8 @@
|
|||||||
pre-run: test-playbooks/registry/buildset-registry-pre.yaml
|
pre-run: test-playbooks/registry/buildset-registry-pre.yaml
|
||||||
run: test-playbooks/registry/buildset-registry.yaml
|
run: test-playbooks/registry/buildset-registry.yaml
|
||||||
post-run: test-playbooks/registry/test-registry-post.yaml
|
post-run: test-playbooks/registry/test-registry-post.yaml
|
||||||
|
vars:
|
||||||
|
container_command: docker
|
||||||
|
|
||||||
- job:
|
- job:
|
||||||
name: zuul-jobs-test-registry-buildset-registry-k8s-docker
|
name: zuul-jobs-test-registry-buildset-registry-k8s-docker
|
||||||
@ -74,6 +108,8 @@
|
|||||||
post-run:
|
post-run:
|
||||||
- test-playbooks/registry/buildset-registry-k8s-docker-post.yaml
|
- test-playbooks/registry/buildset-registry-k8s-docker-post.yaml
|
||||||
- test-playbooks/registry/test-registry-post.yaml
|
- test-playbooks/registry/test-registry-post.yaml
|
||||||
|
vars:
|
||||||
|
container_command: docker
|
||||||
|
|
||||||
- job:
|
- job:
|
||||||
name: zuul-jobs-test-install-kubernetes-docker
|
name: zuul-jobs-test-install-kubernetes-docker
|
||||||
@ -126,7 +162,8 @@
|
|||||||
- project:
|
- project:
|
||||||
check:
|
check:
|
||||||
jobs: &id001
|
jobs: &id001
|
||||||
- zuul-jobs-test-registry
|
- zuul-jobs-test-registry-docker
|
||||||
|
- zuul-jobs-test-registry-podman
|
||||||
- zuul-jobs-test-registry-buildset-registry
|
- zuul-jobs-test-registry-buildset-registry
|
||||||
- zuul-jobs-test-registry-buildset-registry-k8s-docker
|
- zuul-jobs-test-registry-buildset-registry-k8s-docker
|
||||||
- zuul-jobs-test-install-kubernetes-docker
|
- zuul-jobs-test-install-kubernetes-docker
|
||||||
|
Loading…
Reference in New Issue
Block a user