d48667a3c5
Change-Id: I41718073962c8e7eb3d8810276e550fb84bd6e99
102 lines
3.8 KiB
YAML
102 lines
3.8 KiB
YAML
# This can be removed if we add this functionality to Zuul directly
|
|
- name: Load information from zuul_return
|
|
when: buildset_registry is not defined
|
|
set_fact:
|
|
buildset_registry: "{{ (lookup('file', zuul.executor.work_root + '/results.json') | from_json)['buildset_registry'] }}"
|
|
|
|
# Start a socat tunnel to the buildset registry to work around the
|
|
# fact that docker does not correctly parse ipv6 addresses. The socat
|
|
# process will terminate when the playbook ends.
|
|
- name: Start socat to work around https://github.com/moby/moby/issues/39033
|
|
shell: "socat -d -d TCP-LISTEN:0,fork TCP:{{ buildset_registry.host | ipwrap }}:{{ buildset_registry.port }} 2> {{ zuul.executor.work_root }}/socat_port &"
|
|
|
|
# Use slurp instead of file lookup to make this testable on a fake
|
|
# executor node.
|
|
- name: Read socat port
|
|
slurp:
|
|
src: "{{ zuul.executor.work_root }}/socat_port"
|
|
register: read_socat_port
|
|
- name: Set socat port
|
|
set_fact:
|
|
socat_port: "{{ read_socat_port['content'] | b64decode | regex_replace('.*?0\\.0\\.0\\.0:(\\d+)', '\\1') | regex_replace('\n', '') }}"
|
|
|
|
# Set up cert files for the buildset registry
|
|
- name: Ensure registry cert directory exists
|
|
file:
|
|
path: "/etc/docker/certs.d/127.0.0.1:{{ socat_port }}/"
|
|
state: directory
|
|
- name: Write registry TLS certificate
|
|
copy:
|
|
content: "{{ buildset_registry.cert }}"
|
|
dest: "/etc/docker/certs.d/127.0.0.1:{{ socat_port }}/ca.crt"
|
|
|
|
# Update user config for intermediate and buildset registries
|
|
- name: Ensure docker user directory exists
|
|
file:
|
|
state: directory
|
|
path: "~/.docker"
|
|
mode: 0700
|
|
- name: Check if docker user configuration exists
|
|
stat:
|
|
path: "~/.docker/config.json"
|
|
register: docker_config_stat
|
|
- name: Load docker user configuration
|
|
when: docker_config_stat.stat.exists
|
|
slurp:
|
|
path: "~/.docker/config.json"
|
|
register: docker_config
|
|
- name: Parse docker user configuration
|
|
when: docker_config_stat.stat.exists
|
|
set_fact:
|
|
docker_config: "{{ docker_config.content | b64decode | from_json }}"
|
|
- name: Set default docker user configuration
|
|
when: not docker_config_stat.stat.exists
|
|
set_fact:
|
|
docker_config:
|
|
auths: {}
|
|
- name: Add registry to docker user configuration
|
|
no_log: true
|
|
vars:
|
|
new_config:
|
|
auths: |
|
|
{
|
|
"{{ intermediate_registry.host | ipwrap }}:{{ intermediate_registry.port }}":
|
|
{"auth": "{{ (intermediate_registry.username + ":" + intermediate_registry.password) | b64encode }}"},
|
|
"127.0.0.1:{{ socat_port }}":
|
|
{"auth": "{{ (buildset_registry.username + ":" + buildset_registry.password) | b64encode }}"},
|
|
}
|
|
set_fact:
|
|
new_docker_config: "{{ docker_config | combine(new_config, recursive=True) }}"
|
|
- name: Save docker user configuration
|
|
copy:
|
|
content: "{{ new_docker_config | to_nice_json }}"
|
|
dest: "~/.docker/config.json"
|
|
mode: 0600
|
|
|
|
# Pull the images
|
|
|
|
# To support usage with both docker and podman, the buildset registry
|
|
# keeps "docker.io" entries un-namespaced, and any other namespaces
|
|
# are namespaced. Therefore, if we see docker.io in the repository
|
|
# name, we strip it here.
|
|
- name: Pull artifacts from intermediate registry
|
|
block:
|
|
- name: Pull artifacts from intermediate registry
|
|
command: >-
|
|
skopeo --insecure-policy copy
|
|
{{ item.url }}
|
|
docker://127.0.0.1:{{ socat_port }}/{{ item.metadata.repository | regex_replace('^docker\.io/(.*)', '\1') }}:{{ item.metadata.tag }}
|
|
retries: 3
|
|
register: result
|
|
until: result is success
|
|
when: "'metadata' in item and item.metadata.type | default('') == 'container_image'"
|
|
loop: "{{ zuul.artifacts | default([]) }}"
|
|
always:
|
|
- name: Remove docker user config
|
|
command: "shred ~/.docker/config.json"
|
|
- name: Replace docker user configuration
|
|
copy:
|
|
content: "{{ docker_config | to_nice_json }}"
|
|
dest: "~/.docker/config.json"
|
|
mode: 0600
|