From ba4b2c68b9e6477ea9551dc7b64ff67a6b8c5ae8 Mon Sep 17 00:00:00 2001 From: Clark Boylan Date: Wed, 10 Apr 2019 08:19:16 -0700 Subject: [PATCH] Revert "Only alias registries on build nodes" This reverts commit 05f20a5396b8a1f463129b99bbe23b8b7862afdd. Apparently skopeo is properly cloud native too and doesn't support ipv6 either. I think it is pulling the same docker distribution/reference/regexp.go lib in and using docker's regex. The error we get from skopeo: time="2019-04-10T15:15:48Z" level=fatal msg="Invalid source name docker://[2607:ff68:100:54:f816:3eff:fef2:fc69]:5000/zuul/nodepool:latest: invalid reference format" Change-Id: I6f916574c9f46e8fdd2464465e2b36ecf8719b16 --- roles/build-docker-image/tasks/push.yaml | 24 ++------------- .../tasks/main.yaml | 2 +- .../tasks/push.yaml | 1 - roles/use-buildset-registry/tasks/main.yaml | 30 ++++--------------- .../tasks/user-config.yaml | 4 +-- 5 files changed, 10 insertions(+), 51 deletions(-) diff --git a/roles/build-docker-image/tasks/push.yaml b/roles/build-docker-image/tasks/push.yaml index e37d9ea80..582849329 100644 --- a/roles/build-docker-image/tasks/push.yaml +++ b/roles/build-docker-image/tasks/push.yaml @@ -1,32 +1,12 @@ -# Docker doesn't understand docker push [1234:5678::]:5000/image/path:tag -# so we set up /etc/hosts with a registry alias name to support ipv6 and 4. -- name: Configure /etc/hosts for buildset_registry to workaround docker not understanding ipv6 addresses - become: yes - lineinfile: - path: /etc/hosts - state: present - regex: "^{{ buildset_registry.host }}\tzuul-jobs.buildset_registry$" - line: "{{ buildset_registry.host }}\tzuul-jobs.buildset_registry" - insertafter: EOF - when: buildset_registry.host | ipaddr -- name: Set buildset_registry alias variable when using ip - set_fact: - buildset_registry_alias: zuul-jobs.buildset_registry - when: buildset_registry.host | ipaddr -- name: Set buildset_registry alias variable when using name - set_fact: - buildset_registry_alias: "{{ buildset_registry.host }}" - when: not ( buildset_registry.host | ipaddr ) - - name: Tag image for buildset registry command: >- - docker tag {{ image.repository }}:{{ image_tag }} {{ buildset_registry_alias }}:{{ buildset_registry.port }}/{{ image.repository }}:{{ image_tag }} + docker tag {{ image.repository }}:{{ image_tag }} {{ buildset_registry.host | ipwrap }}:{{ buildset_registry.port }}/{{ image.repository }}:{{ image_tag }} loop: "{{ image.tags | default(['latest']) }}" loop_control: loop_var: image_tag - name: Push tag to buildset registry command: >- - docker push {{ buildset_registry_alias }}:{{ buildset_registry.port }}/{{ image.repository }}:{{ image_tag }} + docker push {{ buildset_registry.host | ipwrap }}:{{ buildset_registry.port }}/{{ image.repository }}:{{ image_tag }} loop: "{{ image.tags | default(['latest']) }}" loop_control: loop_var: image_tag diff --git a/roles/pull-from-intermediate-registry/tasks/main.yaml b/roles/pull-from-intermediate-registry/tasks/main.yaml index 9a2e49863..448f01cf7 100644 --- a/roles/pull-from-intermediate-registry/tasks/main.yaml +++ b/roles/pull-from-intermediate-registry/tasks/main.yaml @@ -3,7 +3,6 @@ when: buildset_registry is not defined set_fact: buildset_registry: "{{ (lookup('file', zuul.executor.work_root + '/results.json') | from_json)['buildset_registry'] }}" - - name: Ensure registry cert directory exists file: path: "/etc/docker/certs.d/{{ buildset_registry.host | ipwrap }}:{{ buildset_registry.port }}/" @@ -13,6 +12,7 @@ content: "{{ buildset_registry.cert }}" dest: "/etc/docker/certs.d/{{ buildset_registry.host | ipwrap }}:{{ buildset_registry.port }}/ca.crt" + # Update user config for intermediate and buildset registries - name: Ensure docker user directory exists file: diff --git a/roles/push-to-intermediate-registry/tasks/push.yaml b/roles/push-to-intermediate-registry/tasks/push.yaml index 73a3cb3dc..3c71df47a 100644 --- a/roles/push-to-intermediate-registry/tasks/push.yaml +++ b/roles/push-to-intermediate-registry/tasks/push.yaml @@ -3,7 +3,6 @@ when: buildset_registry is not defined set_fact: buildset_registry: "{{ (lookup('file', zuul.executor.work_root + '/results.json') | from_json)['buildset_registry'] }}" - - name: Ensure registry cert directory exists file: path: "/etc/docker/certs.d/{{ buildset_registry.host | ipwrap }}:{{ buildset_registry.port }}/" diff --git a/roles/use-buildset-registry/tasks/main.yaml b/roles/use-buildset-registry/tasks/main.yaml index 97c5bb9ce..f98820c91 100644 --- a/roles/use-buildset-registry/tasks/main.yaml +++ b/roles/use-buildset-registry/tasks/main.yaml @@ -1,23 +1,3 @@ -# Docker doesn't understand docker push [1234:5678::]:5000/image/path:tag -# so we set up /etc/hosts with a registry alias name to support ipv6 and 4. -- name: Configure /etc/hosts for buildset_registry to workaround docker not understanding ipv6 addresses - become: yes - lineinfile: - path: /etc/hosts - state: present - regex: "^{{ buildset_registry.host }}\tzuul-jobs.buildset_registry$" - line: "{{ buildset_registry.host }}\tzuul-jobs.buildset_registry" - insertafter: EOF - when: buildset_registry.host | ipaddr -- name: Set buildset_registry alias variable when using ip - set_fact: - buildset_registry_alias: zuul-jobs.buildset_registry - when: buildset_registry.host | ipaddr -- name: Set buildset_registry alias variable when using name - set_fact: - buildset_registry_alias: "{{ buildset_registry.host }}" - when: not ( buildset_registry.host | ipaddr ) - - name: Ensure docker directory exists become: yes file: @@ -26,23 +6,23 @@ - name: Ensure buildset registry cert directory exists become: true file: - path: "/etc/docker/certs.d/{{ buildset_registry_alias }}:{{ buildset_registry.port }}/" + path: "/etc/docker/certs.d/{{ buildset_registry.host | ipwrap }}:{{ buildset_registry.port }}/" state: directory - name: Ensure proxy registry cert directory exists become: true file: - path: "/etc/docker/certs.d/{{ buildset_registry_alias }}:{{ buildset_registry.proxy_port }}/" + path: "/etc/docker/certs.d/{{ buildset_registry.host | ipwrap }}:{{ buildset_registry.proxy_port }}/" state: directory - name: Write buildset registry TLS certificate become: true copy: content: "{{ buildset_registry.cert }}" - dest: "/etc/docker/certs.d/{{ buildset_registry_alias }}:{{ buildset_registry.port }}/ca.crt" + dest: "/etc/docker/certs.d/{{ buildset_registry.host | ipwrap }}:{{ buildset_registry.port }}/ca.crt" - name: Write proxy registry TLS certificate become: true copy: content: "{{ buildset_registry.cert }}" - dest: "/etc/docker/certs.d/{{ buildset_registry_alias }}:{{ buildset_registry.proxy_port }}/ca.crt" + dest: "/etc/docker/certs.d/{{ buildset_registry.host | ipwrap }}:{{ buildset_registry.proxy_port }}/ca.crt" # Update daemon config - name: Check if docker daemon configuration exists @@ -66,7 +46,7 @@ - name: Add registry to docker daemon configuration vars: new_config: - registry-mirrors: "['https://{{ buildset_registry_alias }}:{{ buildset_registry.port}}/', 'https://{{ buildset_registry_alias }}:{{ buildset_registry.proxy_port}}/']" + registry-mirrors: "['https://{{ buildset_registry.host | ipwrap }}:{{ buildset_registry.port}}/', 'https://{{ buildset_registry.host | ipwrap }}:{{ buildset_registry.proxy_port}}/']" set_fact: docker_config: "{{ docker_config | combine(new_config) }}" - name: Save docker daemon configuration diff --git a/roles/use-buildset-registry/tasks/user-config.yaml b/roles/use-buildset-registry/tasks/user-config.yaml index 09b0602df..56b2d2124 100644 --- a/roles/use-buildset-registry/tasks/user-config.yaml +++ b/roles/use-buildset-registry/tasks/user-config.yaml @@ -29,9 +29,9 @@ { "https://index.docker.io/v1/": {"auth": "{{ (buildset_registry.username + ":" + buildset_registry.password) | b64encode }}"}, - "{{ buildset_registry_alias }}:{{ buildset_registry.port }}": + "{{ buildset_registry.host | ipwrap }}:{{ buildset_registry.port }}": {"auth": "{{ (buildset_registry.username + ":" + buildset_registry.password) | b64encode }}"}, - "{{ buildset_registry_alias }}:{{ buildset_registry.proxy_port }}": + "{{ buildset_registry.host | ipwrap }}:{{ buildset_registry.proxy_port }}": {"auth": "{{ (buildset_registry.username + ":" + buildset_registry.password) | b64encode }}"} } set_fact: