zuul
/
zuul-jobs
Code Issues Proposed changes
zuul-jobs/roles/push-to-intermediate-registry/tasks/push.yaml

110 lines
4.2 KiB
YAML
Raw Blame History

# Docker doesn't understand docker push [1234:5678::]:5000/image/path:tag
# so we set up /etc/hosts with a registry alias name to support ipv6 and 4.
- name: Configure /etc/hosts for buildset_registry to workaround docker not understanding ipv6 addresses
become: yes
lineinfile:
path: /etc/hosts
state: present
regex: "^{{ buildset_registry.host }}\tzuul-jobs.buildset_registry$"
line: "{{ buildset_registry.host }}\tzuul-jobs.buildset_registry"
insertafter: EOF
when: buildset_registry.host | ipaddr
- name: Set buildset_registry alias variable when using ip
set_fact:
buildset_registry_alias: zuul-jobs.buildset_registry
when: buildset_registry.host | ipaddr
- name: Set buildset_registry alias variable when using name
set_fact:
buildset_registry_alias: "{{ buildset_registry.host }}"
when: not ( buildset_registry.host | ipaddr )
- name: Configure /etc/hosts for intermediate_registry to workaround docker not understanding ipv6 addresses
become: yes
lineinfile:
path: /etc/hosts
state: present
regex: "^{{ intermediate_registry.host }}\tzuul-jobs.intermediate_registry$"
line: "{{ intermediate_registry.host }}\tzuul-jobs.intermediate_registry"
insertafter: EOF
when: intermediate_registry.host | ipaddr
- name: Set intermediate_registry alias variable when using ip
set_fact:
intermediate_registry_alias: zuul-jobs.intermediate_registry
when: intermediate_registry.host | ipaddr
- name: Set intermediate_registry alias variable when using name
set_fact:
intermediate_registry_alias: "{{ intermediate_registry.host }}"
when: not ( intermediate_registry.host | ipaddr )
# This can be removed if we add this functionality to Zuul directly
- name: Load information from zuul_return
when: buildset_registry is not defined
set_fact:
buildset_registry: "{{ (lookup('file', zuul.executor.work_root + '/results.json') | from_json)['buildset_registry'] }}"
- name: Ensure registry cert directory exists
file:
path: "/etc/docker/certs.d/{{ buildset_registry_alias }}:{{ buildset_registry.port }}/"
state: directory
- name: Write registry TLS certificate
copy:
content: "{{ buildset_registry.cert }}"
dest: "/etc/docker/certs.d/{{ buildset_registry_alias }}:{{ buildset_registry.port }}/ca.crt"
# Update user config for intermediate and buildset registries
- name: Ensure docker user directory exists
file:
state: directory
path: "~/.docker"
mode: 0700
- name: Check if docker user configuration exists
stat:
path: "~/.docker/config.json"
register: docker_config_stat
- name: Load docker user configuration
when: docker_config_stat.stat.exists
slurp:
path: "~/.docker/config.json"
register: docker_config
- name: Parse docker user configuration
when: docker_config_stat.stat.exists
set_fact:
docker_config: "{{ docker_config.content | b64decode | from_json }}"
- name: Set default docker user configuration
when: not docker_config_stat.stat.exists
set_fact:
docker_config:
auths: {}
- name: Add registry to docker user configuration
vars:
new_config:
auths: |
{
"{{ intermediate_registry_alias }}:{{ intermediate_registry.port }}":
{"auth": "{{ (intermediate_registry.username + ":" + intermediate_registry.password) | b64encode }}"},
"{{ buildset_registry_alias }}:{{ buildset_registry.port }}":
{"auth": "{{ (buildset_registry.username + ":" + buildset_registry.password) | b64encode }}"},
}
set_fact:
new_docker_config: "{{ docker_config | combine(new_config, recursive=True) }}"
- name: Save docker user configuration
copy:
content: "{{ new_docker_config | to_nice_json }}"
dest: "~/.docker/config.json"
mode: 0600
# Push the images
- name: Push images to intermediate registry
block:
- name: Push image to intermediate registry
include_tasks: push-image.yaml
loop: "{{ docker_images }}"
loop_control:
loop_var: image
always:
- name: Remove docker user config
command: "shred ~/.docker/config.json"
- name: Replace docker user configuration
copy:
content: "{{ docker_config | to_nice_json }}"
dest: "~/.docker/config.json"
mode: 0600
View Git Blame Copy Permalink