mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
16baefd167
* docker_login: fix internal config file storage to handle credentials for more than one registry * Improve setup for docker registry. * Add second registry frontend. Add tests for #1118. * Fix cleanup.
183 lines
7.2 KiB
YAML
183 lines
7.2 KiB
YAML
---
|
|
- name: Register registry cleanup
|
|
command: 'true'
|
|
notify: Remove test registry
|
|
- name: Setup Docker
|
|
# Please note that we do setup_docker here and not via meta/main.yml to avoid the problem that
|
|
# our cleanup is called **after** setup_docker's cleanup has been called!
|
|
include_role:
|
|
name: setup_docker
|
|
- name: Create random name prefix and test registry name
|
|
set_fact:
|
|
docker_registry_container_name_registry: '{{ ''ansible-test-registry-%0x'' % ((2**32) | random) }}'
|
|
docker_registry_container_name_nginx: '{{ ''ansible-test-registry-frontend-%0x'' % ((2**32) | random) }}'
|
|
docker_registry_container_name_nginx2: '{{ ''ansible-test-registry-frontend2-%0x'' % ((2**32) | random) }}'
|
|
- name: Create image and container list
|
|
set_fact:
|
|
docker_registry_setup_inames: []
|
|
docker_registry_setup_cnames:
|
|
- '{{ docker_registry_container_name_registry }}'
|
|
- '{{ docker_registry_container_name_nginx }}'
|
|
- '{{ docker_registry_container_name_nginx2 }}'
|
|
docker_registry_setup_vnames:
|
|
- '{{ docker_registry_container_name_nginx }}'
|
|
- '{{ docker_registry_container_name_nginx2 }}'
|
|
- debug:
|
|
msg: Using test registry name {{ docker_registry_container_name_registry }} and nginx frontend name {{ docker_registry_container_name_nginx }}
|
|
- block:
|
|
|
|
# Set up registry container
|
|
- name: Start test registry
|
|
docker_container:
|
|
name: '{{ docker_registry_container_name_registry }}'
|
|
image: registry:2.6.1
|
|
ports: 5000
|
|
register: registry_container
|
|
- name: Get registry URL
|
|
set_fact:
|
|
registry_address: localhost:{{ registry_container.container.NetworkSettings.Ports['5000/tcp'].0.HostPort }}
|
|
|
|
# Set up first nginx frontend for registry
|
|
- name: Start nginx frontend for registry
|
|
docker_volume:
|
|
name: '{{ docker_registry_container_name_nginx }}'
|
|
state: present
|
|
- name: Create container for nginx frontend for registry
|
|
docker_container:
|
|
state: stopped
|
|
name: '{{ docker_registry_container_name_nginx }}'
|
|
image: nginx:alpine
|
|
ports: 5000
|
|
links:
|
|
- '{{ docker_registry_container_name_registry }}:real-registry'
|
|
volumes:
|
|
- '{{ docker_registry_container_name_nginx }}:/etc/nginx/'
|
|
register: nginx_container
|
|
- name: Copy static files into volume
|
|
command: docker cp {{ role_path }}/files/{{ item }} {{ docker_registry_container_name_nginx }}:/etc/nginx/{{ item }}
|
|
loop:
|
|
- nginx.conf
|
|
- nginx.htpasswd
|
|
register: can_copy_files
|
|
ignore_errors: yes
|
|
- block:
|
|
- name: Create private key for frontend certificate
|
|
community.crypto.openssl_privatekey:
|
|
path: '{{ output_dir }}/cert.key'
|
|
type: ECC
|
|
curve: secp256r1
|
|
- name: Create CSR for frontend certificate
|
|
community.crypto.openssl_csr:
|
|
path: '{{ output_dir }}/cert.csr'
|
|
privatekey_path: '{{ output_dir }}/cert.key'
|
|
subject_alt_name:
|
|
- DNS:test-registry.ansible.com
|
|
- name: Create frontend certificate
|
|
community.crypto.openssl_certificate:
|
|
path: '{{ output_dir }}/cert.pem'
|
|
csr_path: '{{ output_dir }}/cert.csr'
|
|
privatekey_path: '{{ output_dir }}/cert.key'
|
|
provider: selfsigned
|
|
- name: Copy dynamic files into volume
|
|
command: docker cp {{ output_dir }}/{{ item }} {{ docker_registry_container_name_nginx }}:/etc/nginx/{{ item }}
|
|
loop:
|
|
- cert.pem
|
|
- cert.key
|
|
- name: Start nginx frontend for registry
|
|
docker_container:
|
|
name: '{{ docker_registry_container_name_nginx }}'
|
|
state: started
|
|
register: nginx_container
|
|
- debug: var=nginx_container.container.NetworkSettings
|
|
- name: Wait for registry frontend
|
|
uri:
|
|
url: https://{{ nginx_container.container.NetworkSettings.IPAddress }}:5000/v2/
|
|
url_username: testuser
|
|
url_password: hunter2
|
|
validate_certs: false
|
|
register: result
|
|
until: result is success
|
|
retries: 5
|
|
delay: 1
|
|
- name: Get registry URL
|
|
set_fact:
|
|
registry_frontend_address: localhost:{{ nginx_container.container.NetworkSettings.Ports['5000/tcp'].0.HostPort }}
|
|
when: can_copy_files is not failed
|
|
- set_fact:
|
|
registry_frontend_address: 'n/a'
|
|
when: can_copy_files is failed
|
|
|
|
# Set up second nginx frontend for registry
|
|
- name: Start nginx frontend for registry
|
|
docker_volume:
|
|
name: '{{ docker_registry_container_name_nginx2 }}'
|
|
state: present
|
|
- name: Create container for nginx frontend for registry
|
|
docker_container:
|
|
state: stopped
|
|
name: '{{ docker_registry_container_name_nginx2 }}'
|
|
image: nginx:alpine
|
|
ports: 5000
|
|
links:
|
|
- '{{ docker_registry_container_name_registry }}:real-registry'
|
|
volumes:
|
|
- '{{ docker_registry_container_name_nginx2 }}:/etc/nginx/'
|
|
register: nginx_container
|
|
- name: Copy static files into volume
|
|
command: docker cp {{ role_path }}/files/{{ item }} {{ docker_registry_container_name_nginx2 }}:/etc/nginx/{{ item }}
|
|
loop:
|
|
- nginx.conf
|
|
- nginx.htpasswd
|
|
register: can_copy_files
|
|
ignore_errors: yes
|
|
- block:
|
|
- name: Create private key for frontend certificate
|
|
community.crypto.openssl_privatekey:
|
|
path: '{{ output_dir }}/cert.key'
|
|
type: ECC
|
|
curve: secp256r1
|
|
- name: Create CSR for frontend certificate
|
|
community.crypto.openssl_csr:
|
|
path: '{{ output_dir }}/cert.csr'
|
|
privatekey_path: '{{ output_dir }}/cert.key'
|
|
subject_alt_name:
|
|
- DNS:test-registry.ansible.com
|
|
- name: Create frontend certificate
|
|
community.crypto.openssl_certificate:
|
|
path: '{{ output_dir }}/cert.pem'
|
|
csr_path: '{{ output_dir }}/cert.csr'
|
|
privatekey_path: '{{ output_dir }}/cert.key'
|
|
provider: selfsigned
|
|
- name: Copy dynamic files into volume
|
|
command: docker cp {{ output_dir }}/{{ item }} {{ docker_registry_container_name_nginx2 }}:/etc/nginx/{{ item }}
|
|
loop:
|
|
- cert.pem
|
|
- cert.key
|
|
- name: Start nginx frontend for registry
|
|
docker_container:
|
|
name: '{{ docker_registry_container_name_nginx2 }}'
|
|
state: started
|
|
register: nginx_container
|
|
- debug: var=nginx_container.container.NetworkSettings
|
|
- name: Wait for registry frontend
|
|
uri:
|
|
url: https://{{ nginx_container.container.NetworkSettings.IPAddress }}:5000/v2/
|
|
url_username: testuser
|
|
url_password: hunter2
|
|
validate_certs: false
|
|
register: result
|
|
until: result is success
|
|
retries: 5
|
|
delay: 1
|
|
- name: Get registry URL
|
|
set_fact:
|
|
registry_frontend2_address: localhost:{{ nginx_container.container.NetworkSettings.Ports['5000/tcp'].0.HostPort }}
|
|
when: can_copy_files is not failed
|
|
- set_fact:
|
|
registry_frontend2_address: 'n/a'
|
|
when: can_copy_files is failed
|
|
|
|
- debug: msg="Registry available under {{ registry_address }}, NGINX frontends available under {{ registry_frontend_address }} and {{ registry_frontend2_address }}"
|
|
when: docker_py_version is version('1.8.0', '>=') and docker_api_version is version('1.20', '>=')
|
|
- fail: msg="Too old docker / docker-py version to run docker_image tests!"
|
|
when: not(docker_py_version is version('1.8.0', '>=') and docker_api_version is version('1.20', '>=')) and (ansible_distribution != 'CentOS' or ansible_distribution_major_version|int > 6)
|