- hosts: intermediate-registry:builder name: Install docker on registry and builder hosts roles: - install-docker # Run the intermediate registry on this host, and also build an image # and place it in the registry to simulate an artifact from a previous # build which has been passed to this one (so that we can test pulling # from the intermediate registry in the correct order). - hosts: intermediate-registry name: Set up the intermediate registry and add a build tasks: - name: Include intermediate registry vars include_vars: vars/intermediate-registry-auth.yaml - name: Include previous build vars include_vars: vars/previous-build.yaml - name: Run the intermediate registry include_role: name: run-test-intermediate-registry apply: become: true - name: Install the intermediate registry cert include_role: name: install-registry-cert vars: registry_host: localhost registry_port: 5000 registry_cert: "{{ intermediate_registry_tls_cert }}" - name: Set up user credentials for the intermediate registry include_role: name: intermediate-registry-user-config - name: Build a docker image for the previous build include_role: name: build-docker-image vars: docker_images: - context: test-playbooks/registry/docker repository: "{{ previous_build_repository }}" - name: Tag the previous build command: "docker tag {{ previous_build_repository }}:latest localhost:5000/{{ previous_build_repository }}:{{ previous_build_uuid }}_latest" - name: Push the previous build to the intermediate registry command: "docker push localhost:5000/{{ previous_build_repository }}:{{ previous_build_uuid }}_latest" # This is also essentially pre-configuration for the real test of the # roles. This sets up a fake executor (since we can't run the # necessary commands untrusted on the real one). - hosts: executor name: Set up a simulated executor tasks: - name: Include intermediate registry vars include_vars: vars/intermediate-registry-auth.yaml - name: Create simulated zuul work directory become: true file: state: directory path: "{{ zuul.executor.work_root }}" owner: "{{ ansible_user }}" group: "{{ ansible_user }}" - name: Add project atomic PPA become: true apt_repository: repo: ppa:projectatomic/ppa - name: Install packages become: true package: name: - socat - skopeo state: present - name: Install the intermediate registry cert include_role: name: install-registry-cert vars: registry_host: "{{ intermediate_registry.host }}" registry_port: "{{ intermediate_registry.port }}" registry_cert: "{{ intermediate_registry_tls_cert }}" - name: Make /etc/docker directory zuul-owned become: true file: state: directory path: "/etc/docker" owner: "{{ ansible_user }}" group: "{{ ansible_user }}" recurse: true - name: Configure /etc/hosts for intermediate registry become: true lineinfile: path: /etc/hosts state: present regex: "^{{ hostvars['intermediate-registry'].nodepool.private_ipv4 }}\t{{ intermediate_registry.host }}$" line: "{{ hostvars['intermediate-registry'].nodepool.private_ipv4 }}\t{{ intermediate_registry.host }}" insertafter: EOF # This begins the simulation of what we would expect to happen in a # normal job. - hosts: builder name: Test the buildset registry roles roles: - run-buildset-registry - use-buildset-registry - hosts: executor name: Test pulling from the intermediate registry tasks: - name: Include intermediate registry vars include_vars: vars/intermediate-registry-auth.yaml - name: Include previous build vars include_vars: vars/previous-build.yaml - name: Prepare a replacement zuul variable set_fact: test_zuul: "{{ previous_build_zuul }}" - name: Run pull-from-intermediate-registry role include_role: name: pull-from-intermediate-registry vars: zuul: "{{ test_zuul }}" # This simulates a build actually using the previous build. - hosts: builder name: Test that the previous build is available tasks: - name: Include intermediate registry vars include_vars: vars/intermediate-registry-auth.yaml - name: Include previous build vars include_vars: vars/previous-build.yaml - name: Pull the previous build from buildset registry to the builder host command: "docker pull {{ previous_build_repository }}:latest" - name: Show local docker images for debugging command: "docker image ls" - name: Verify previously built image is in buildset registry command: "docker image inspect {{ previous_build_repository }}:latest" # Back to straightforward use of the roles under test. - hosts: builder name: Test building a docker image roles: - role: build-docker-image vars: docker_images: - context: test-playbooks/registry/docker repository: downstream/image - hosts: executor name: Test pushing to the intermediate registry tasks: - name: Include intermediate registry vars include_vars: vars/intermediate-registry-auth.yaml - name: Run push-to-intermediate-registry role include_role: name: push-to-intermediate-registry vars: docker_images: - context: playbooks/registry/docker repository: downstream/image # And finally an external verification step. - hosts: executor name: Test that the newly built image was pushed to the intermediate registry tasks: - name: Include intermediate registry vars include_vars: vars/intermediate-registry-auth.yaml - name: Fetch intermediate registry catalog uri: url: "https://{{ intermediate_registry.host }}:{{ intermediate_registry.port }}/v2/_catalog" validate_certs: false user: "{{ intermediate_registry.username }}" password: "{{ intermediate_registry.password }}" register: catalog - name: Verify newly built image is in intermediate registry catalog assert: that: "'downstream/image' in catalog.json.repositories"