1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00

docker_login: fix internal config file storage to handle credentials for more than one registry (#1118)

* docker_login: fix internal config file storage to handle credentials for more than one registry

* Improve setup for docker registry.

* Add second registry frontend. Add tests for #1118.

* Fix cleanup.
This commit is contained in:
Felix Fontein 2020-10-21 08:18:05 +02:00 committed by GitHub
parent 3bc31f286e
commit 16baefd167
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
9 changed files with 132 additions and 36 deletions

View file

@ -0,0 +1,2 @@
bugfixes:
- "docker_login - fix internal config file storage to handle credentials for more than one registry (https://github.com/ansible-collections/community.general/issues/1117)."

View file

@ -257,14 +257,13 @@ class DockerFileStore(object):
auth = to_text(b64auth)
# build up the auth structure
new_auth = dict(
auths=dict()
)
new_auth['auths'][server] = dict(
if 'auths' not in self._config:
self._config['auths'] = dict()
self._config['auths'][server] = dict(
auth=auth
)
self._config.update(new_auth)
self._write()
def erase(self, server):
@ -272,6 +271,7 @@ class DockerFileStore(object):
Remove credentials for the given server from the configuration.
'''
if 'auths' in self._config and server in self._config['auths']:
self._config['auths'].pop(server)
self._write()

View file

@ -1,3 +1,4 @@
---
####################################################################
# WARNING: These are designed specifically for Ansible tests #
# and should not be used as examples of how to write Ansible roles #

View file

@ -1,3 +1,4 @@
---
- block:
- include_tasks: run-test.yml
with_fileglob:

View file

@ -1,10 +1,11 @@
---
- name: "Make sure all images are removed"
docker_image:
name: "{{ item }}"
state: absent
with_items: "{{ inames }}"
with_items: "{{ docker_registry_setup_inames }}"
- name: "Get registry logs"
command: "docker logs {{ registry_name }}"
command: "docker logs {{ docker_registry_container_name_registry }}"
register: registry_logs
no_log: yes
ignore_errors: yes
@ -12,26 +13,35 @@
debug:
var: registry_logs.stdout_lines
when: registry_logs is not failed
- name: "Get nginx logs"
command: "docker logs {{ nginx_name }}"
- name: "Get nginx logs for first instance"
command: "docker logs {{ docker_registry_container_name_nginx }}"
register: nginx_logs
no_log: yes
ignore_errors: yes
- name: "Printing nginx logs"
- name: "Get nginx logs for second instance"
command: "docker logs {{ docker_registry_container_name_nginx2 }}"
register: nginx2_logs
no_log: yes
ignore_errors: yes
- name: "Printing nginx logs for first instance"
debug:
var: nginx_logs.stdout_lines
when: nginx_logs is not failed
- name: "Printing nginx logs for second instance"
debug:
var: nginx2_logs.stdout_lines
when: nginx_logs is not failed
- name: "Make sure all containers are removed"
docker_container:
name: "{{ item }}"
state: absent
force_kill: yes
with_items: "{{ cnames }}"
with_items: "{{ docker_registry_setup_cnames }}"
register: result
retries: 3
delay: 3
until: result is success
- name: "Make sure all volumes are removed"
command: "docker rm -f {{ item }}"
with_items: "{{ vnames }}"
with_items: "{{ docker_registry_setup_vnames }}"
ignore_errors: yes

View file

@ -1,2 +1,3 @@
---
- name: Remove test registry
include_tasks: ../handlers/cleanup.yml

View file

@ -0,0 +1,3 @@
dependencies:
#- setup_docker -- done in setup.yml, to work around cleanup problems!
- setup_openssl

View file

@ -1,3 +1,4 @@
---
####################################################################
# WARNING: These are designed specifically for Ansible tests #
# and should not be used as examples of how to write Ansible roles #

View file

@ -1,54 +1,60 @@
- name: Setup OpenSSL
include_role:
name: setup_openssl
---
- name: Register registry cleanup
command: 'true'
notify: Remove test registry
- name: Setup Docker
# Please note that we do setup_docker here and not via meta/main.yml to avoid the problem that
# our cleanup is called **after** setup_docker's cleanup has been called!
include_role:
name: setup_docker
- name: Create random name prefix and test registry name
set_fact:
name_prefix: '{{ ''ansible-test-%0x'' % ((2**32) | random) }}'
registry_name: '{{ ''ansible-test-registry-%0x'' % ((2**32) | random) }}'
nginx_name: '{{ ''ansible-test-registry-frontend-%0x'' % ((2**32) | random) }}'
docker_registry_container_name_registry: '{{ ''ansible-test-registry-%0x'' % ((2**32) | random) }}'
docker_registry_container_name_nginx: '{{ ''ansible-test-registry-frontend-%0x'' % ((2**32) | random) }}'
docker_registry_container_name_nginx2: '{{ ''ansible-test-registry-frontend2-%0x'' % ((2**32) | random) }}'
- name: Create image and container list
set_fact:
inames: []
cnames:
- '{{ registry_name }}'
- '{{ nginx_name }}'
vnames:
- '{{ nginx_name }}'
docker_registry_setup_inames: []
docker_registry_setup_cnames:
- '{{ docker_registry_container_name_registry }}'
- '{{ docker_registry_container_name_nginx }}'
- '{{ docker_registry_container_name_nginx2 }}'
docker_registry_setup_vnames:
- '{{ docker_registry_container_name_nginx }}'
- '{{ docker_registry_container_name_nginx2 }}'
- debug:
msg: Using name prefix {{ name_prefix }} and test registry name {{ registry_name }}
msg: Using test registry name {{ docker_registry_container_name_registry }} and nginx frontend name {{ docker_registry_container_name_nginx }}
- block:
# Set up registry container
- name: Start test registry
docker_container:
name: '{{ registry_name }}'
name: '{{ docker_registry_container_name_registry }}'
image: registry:2.6.1
ports: 5000
register: registry_container
- name: Get registry URL
set_fact:
registry_address: localhost:{{ registry_container.container.NetworkSettings.Ports['5000/tcp'].0.HostPort }}
# Set up first nginx frontend for registry
- name: Start nginx frontend for registry
docker_volume:
name: '{{ nginx_name }}'
name: '{{ docker_registry_container_name_nginx }}'
state: present
- name: Create container for nginx frontend for registry
docker_container:
state: stopped
name: '{{ nginx_name }}'
name: '{{ docker_registry_container_name_nginx }}'
image: nginx:alpine
ports: 5000
links:
- '{{ registry_name }}:real-registry'
- '{{ docker_registry_container_name_registry }}:real-registry'
volumes:
- '{{ nginx_name }}:/etc/nginx/'
- '{{ docker_registry_container_name_nginx }}:/etc/nginx/'
register: nginx_container
- name: Copy static files into volume
command: docker cp {{ role_path }}/files/{{ item }} {{ nginx_name }}:/etc/nginx/{{ item }}
command: docker cp {{ role_path }}/files/{{ item }} {{ docker_registry_container_name_nginx }}:/etc/nginx/{{ item }}
loop:
- nginx.conf
- nginx.htpasswd
@ -73,13 +79,13 @@
privatekey_path: '{{ output_dir }}/cert.key'
provider: selfsigned
- name: Copy dynamic files into volume
command: docker cp {{ output_dir }}/{{ item }} {{ nginx_name }}:/etc/nginx/{{ item }}
command: docker cp {{ output_dir }}/{{ item }} {{ docker_registry_container_name_nginx }}:/etc/nginx/{{ item }}
loop:
- cert.pem
- cert.key
- name: Start nginx frontend for registry
docker_container:
name: '{{ nginx_name }}'
name: '{{ docker_registry_container_name_nginx }}'
state: started
register: nginx_container
- debug: var=nginx_container.container.NetworkSettings
@ -100,7 +106,78 @@
- set_fact:
registry_frontend_address: 'n/a'
when: can_copy_files is failed
- debug: msg="Registry available under {{ registry_address }}, NGINX frontend available under {{ registry_frontend_address }}"
# Set up second nginx frontend for registry
- name: Start nginx frontend for registry
docker_volume:
name: '{{ docker_registry_container_name_nginx2 }}'
state: present
- name: Create container for nginx frontend for registry
docker_container:
state: stopped
name: '{{ docker_registry_container_name_nginx2 }}'
image: nginx:alpine
ports: 5000
links:
- '{{ docker_registry_container_name_registry }}:real-registry'
volumes:
- '{{ docker_registry_container_name_nginx2 }}:/etc/nginx/'
register: nginx_container
- name: Copy static files into volume
command: docker cp {{ role_path }}/files/{{ item }} {{ docker_registry_container_name_nginx2 }}:/etc/nginx/{{ item }}
loop:
- nginx.conf
- nginx.htpasswd
register: can_copy_files
ignore_errors: yes
- block:
- name: Create private key for frontend certificate
community.crypto.openssl_privatekey:
path: '{{ output_dir }}/cert.key'
type: ECC
curve: secp256r1
- name: Create CSR for frontend certificate
community.crypto.openssl_csr:
path: '{{ output_dir }}/cert.csr'
privatekey_path: '{{ output_dir }}/cert.key'
subject_alt_name:
- DNS:test-registry.ansible.com
- name: Create frontend certificate
community.crypto.openssl_certificate:
path: '{{ output_dir }}/cert.pem'
csr_path: '{{ output_dir }}/cert.csr'
privatekey_path: '{{ output_dir }}/cert.key'
provider: selfsigned
- name: Copy dynamic files into volume
command: docker cp {{ output_dir }}/{{ item }} {{ docker_registry_container_name_nginx2 }}:/etc/nginx/{{ item }}
loop:
- cert.pem
- cert.key
- name: Start nginx frontend for registry
docker_container:
name: '{{ docker_registry_container_name_nginx2 }}'
state: started
register: nginx_container
- debug: var=nginx_container.container.NetworkSettings
- name: Wait for registry frontend
uri:
url: https://{{ nginx_container.container.NetworkSettings.IPAddress }}:5000/v2/
url_username: testuser
url_password: hunter2
validate_certs: false
register: result
until: result is success
retries: 5
delay: 1
- name: Get registry URL
set_fact:
registry_frontend2_address: localhost:{{ nginx_container.container.NetworkSettings.Ports['5000/tcp'].0.HostPort }}
when: can_copy_files is not failed
- set_fact:
registry_frontend2_address: 'n/a'
when: can_copy_files is failed
- debug: msg="Registry available under {{ registry_address }}, NGINX frontends available under {{ registry_frontend_address }} and {{ registry_frontend2_address }}"
when: docker_py_version is version('1.8.0', '>=') and docker_api_version is version('1.20', '>=')
- fail: msg="Too old docker / docker-py version to run docker_image tests!"
when: not(docker_py_version is version('1.8.0', '>=') and docker_api_version is version('1.20', '>=')) and (ansible_distribution != 'CentOS' or ansible_distribution_major_version|int > 6)