- name: Install packages
  become: yes
  package:
    name:
      - python-docker
      - openssl
      - python-passlib
    state: present
  when: "'python3' not in ansible_python_interpreter"
- name: Install packages
  become: yes
  package:
    name:
      - python3-docker
      - openssl
      - python3-passlib
    state: present
  when: "'python3' in ansible_python_interpreter"
- name: Ensure registry volume directories exists
  file:
    state: directory
    path: "{{ buildset_registry_root }}/{{ item }}"
  loop:
    - tls
    - conf
- name: Generate registry secrets
  set_fact:
    registry_password: "{{ lookup('password', '/dev/null') }}"
    registry_secret: "{{ lookup('password', '/dev/null') }}"
- name: Write registry config
  template:
    src: registry.yaml.j2
    dest: "{{ buildset_registry_root }}/conf/registry.yaml"
- name: Generate a TLS key for the registry
  command: "openssl req -x509 -newkey rsa:2048 -keyout {{ buildset_registry_root }}/tls/cert.key -out {{ buildset_registry_root }}/tls/cert.pem -days 365 -nodes -subj '/C=US/ST=California/L=Oakland/O=Company Name/OU=Org/CN={{ ansible_host }}' -addext 'subjectAltName = DNS:zuul-jobs.buildset-registry,DNS:{{ ansible_host }},IP:{{ ansible_host }},IP:127.0.0.1'"
- name: Read TLS certificate
  slurp:
    src: "{{ buildset_registry_root }}/tls/cert.pem"
  register: certificate
- name: Decode TLS certificate
  set_fact:
    certificate: "{{ certificate.content | b64decode }}"
- name: Start the buildset registry
  docker_container:
    name: "{{ (buildset_registry_port == 5000) | ternary('buildset_registry', 'buildset_registry_' + buildset_registry_port|string) }}"
    image: zuul/zuul-registry:latest
    state: started
    restart_policy: always
    ports:
     - "{{ buildset_registry_port }}:5000"
    volumes:
      - "{{ buildset_registry_root }}/tls:/tls"
      - "{{ buildset_registry_root }}/conf:/conf"
- name: Set registry information fact
  set_fact:
    buildset_registry:
      host: "{{ ansible_host }}"
      port: "{{ buildset_registry_port }}"
      username: zuul
      password: "{{ registry_password }}"
      cert: "{{ certificate }}"
- name: Return registry information to Zuul
  zuul_return:
    data:
      buildset_registry: "{{ buildset_registry }}"