openstack
/
tripleo-ci
Code Issues Proposed changes

Fix repo configuration 

The wrong parameter name was used for the repo configuration.
It should have been rpm_setup_config not rpm_setup. Additionally the
iptables rules did not allow for the containers to fetch the repos from
the CI host. This change lets docker manage the docker iptables rules
and adds a rule to allow port 80 from the docker container ip range.

Depends-On: https://review.openstack.org/#/c/634064/
Change-Id: I037465f7bbc7b6016373385f07c7c944a09299c9
Closes-Bug: #1813527
This commit is contained in:
Alex Schultz 2019-01-28 08:31:27 -07:00
parent 44a129efda
commit 21c4f37fd7
3 changed files with 8 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
playbooks/tripleo-buildcontainers/pre.yaml
View File

@ -40,10 +40,6 @@
shell: |
ansible-playbook docker-playbook.yaml --extra-vars "container_registry_deployment_user={{ ansible_user }}"
- name: Add docker masquerading rules
become: true
command: iptables -t nat -A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE
- name: Reset connection because of group changes for current user
meta: reset_connection
@ -64,3 +60,7 @@
shell: |
set -ex
cp /etc/yum.repos.d/delorean* /var/www/html/
- name: Add http iptables rules from containers
command: iptables -I openstack-INPUT 1 -p tcp --dport 80 -s 172.17.0.0/16 -j ACCEPT
become: true

2
playbooks/tripleo-buildcontainers/templates/docker-playbook.yaml.j2
View File

@ -1,4 +1,6 @@
- hosts: localhost
become: true
vars:
container_registry_docker_options: --log-driver=journald --signature-verification=false --iptables=true --live-restore
roles:
- container-registry

3
playbooks/tripleo-buildcontainers/templates/kolla-build.conf.j2
View File

@ -5,5 +5,6 @@ namespace='{{ ci_branch | replace("/", "") }}'
registry=127.0.0.1:8787
tag=latest
template_override={{ openstack_git_root }}/tripleo-common/container-images/tripleo_kolla_template_overrides.j2
rpm_setup=http://localhost/delorean.repo,http://localhost/delorean-deps.repo
# we use the repos off the main host as they will already have the correct mirror info in them
rpm_setup_config=http://172.17.0.1/delorean.repo,http://172.17.0.1/delorean-{{ ci_branch }}-testing.repo