zuul-jobs/roles/use-buildset-registry/tasks/main.yaml

# Docker doesn't understand docker push [1234:5678::]:5000/image/path:tag
# so we set up /etc/hosts with a registry alias name to support ipv6 and 4.
- name: Configure /etc/hosts for buildset_registry to workaround docker not understanding ipv6 addresses
  become: yes
  lineinfile:
    path: /etc/hosts
    state: present
    regex: "^{{ buildset_registry.host }}\tzuul-jobs.buildset_registry$"
    line: "{{ buildset_registry.host }}\tzuul-jobs.buildset_registry"
    insertafter: EOF
  when: buildset_registry.host | ipaddr
- name: Set buildset_registry alias variable when using ip
  set_fact:
    buildset_registry_alias: zuul-jobs.buildset_registry
  when: buildset_registry.host | ipaddr
- name: Set buildset_registry alias variable when using name
  set_fact:
    buildset_registry_alias: "{{ buildset_registry.host }}"
  when: not ( buildset_registry.host | ipaddr )

- name: Ensure docker directory exists
  become: yes
  file:
    state: directory
    path: /etc/docker
- name: Ensure buildset registry cert directory exists
  become: true
  file:
    path: "/etc/docker/certs.d/{{ buildset_registry_alias }}:{{ buildset_registry.port }}/"
    state: directory
- name: Ensure proxy registry cert directory exists
  become: true
  file:
    path: "/etc/docker/certs.d/{{ buildset_registry_alias }}:{{ buildset_registry.proxy_port }}/"
    state: directory
- name: Write buildset registry TLS certificate
  become: true
  copy:
    content: "{{ buildset_registry.cert }}"
    dest: "/etc/docker/certs.d/{{ buildset_registry_alias }}:{{ buildset_registry.port }}/ca.crt"
- name: Write proxy registry TLS certificate
  become: true
  copy:
    content: "{{ buildset_registry.cert }}"
    dest: "/etc/docker/certs.d/{{ buildset_registry_alias }}:{{ buildset_registry.proxy_port }}/ca.crt"

# Update daemon config
- name: Check if docker daemon configuration exists
  stat:
    path: /etc/docker/daemon.json
  register: docker_config_stat
- name: Load docker daemon configuration
  when: docker_config_stat.stat.exists
  slurp:
    path: /etc/docker/daemon.json
  register: docker_config
- name: Parse docker daemon configuration
  when: docker_config_stat.stat.exists
  set_fact:
    docker_config: "{{ docker_config.content | b64decode | from_json }}"
- name: Set default docker daemon configuration
  when: not docker_config_stat.stat.exists
  set_fact:
    docker_config:
      registry-mirrors: []
- name: Add registry to docker daemon configuration
  vars:
    new_config:
      registry-mirrors: "['https://{{ buildset_registry_alias }}:{{ buildset_registry.port}}/', 'https://{{ buildset_registry_alias }}:{{ buildset_registry.proxy_port}}/']"
  set_fact:
    docker_config: "{{ docker_config | combine(new_config) }}"
- name: Save docker daemon configuration
  copy:
    content: "{{ docker_config | to_nice_json }}"
    dest: /etc/docker/daemon.json
  become: true

- name: Restart docker daemon
  service:
    name: docker
    state: restarted
  become: true
  register: docker_restart
  failed_when: docker_restart is failed and not 'Could not find the requested service' in docker_restart.msg

# We use 'block' here to cause the become to apply to all the tasks
# (which does not automatically happen with include_tasks).
- name: Update docker user config to use buildset registry
  become: true
  become_user: "{{ buildset_registry_docker_user }}"
  when: buildset_registry_docker_user is defined
  block:
    - include_tasks: user-config.yaml
- name: Update docker user config to use buildset registry
  when: buildset_registry_docker_user is not defined
  block:
    - include_tasks: user-config.yaml