ba4b2c68b9
This reverts commit 05f20a5396b8a1f463129b99bbe23b8b7862afdd. Apparently skopeo is properly cloud native too and doesn't support ipv6 either. I think it is pulling the same docker distribution/reference/regexp.go lib in and using docker's regex. The error we get from skopeo: time="2019-04-10T15:15:48Z" level=fatal msg="Invalid source name docker://[2607:ff68:100:54:f816:3eff:fef2:fc69]:5000/zuul/nodepool:latest: invalid reference format" Change-Id: I6f916574c9f46e8fdd2464465e2b36ecf8719b16
78 lines
2.7 KiB
YAML
78 lines
2.7 KiB
YAML
- name: Ensure docker directory exists
|
|
become: yes
|
|
file:
|
|
state: directory
|
|
path: /etc/docker
|
|
- name: Ensure buildset registry cert directory exists
|
|
become: true
|
|
file:
|
|
path: "/etc/docker/certs.d/{{ buildset_registry.host | ipwrap }}:{{ buildset_registry.port }}/"
|
|
state: directory
|
|
- name: Ensure proxy registry cert directory exists
|
|
become: true
|
|
file:
|
|
path: "/etc/docker/certs.d/{{ buildset_registry.host | ipwrap }}:{{ buildset_registry.proxy_port }}/"
|
|
state: directory
|
|
- name: Write buildset registry TLS certificate
|
|
become: true
|
|
copy:
|
|
content: "{{ buildset_registry.cert }}"
|
|
dest: "/etc/docker/certs.d/{{ buildset_registry.host | ipwrap }}:{{ buildset_registry.port }}/ca.crt"
|
|
- name: Write proxy registry TLS certificate
|
|
become: true
|
|
copy:
|
|
content: "{{ buildset_registry.cert }}"
|
|
dest: "/etc/docker/certs.d/{{ buildset_registry.host | ipwrap }}:{{ buildset_registry.proxy_port }}/ca.crt"
|
|
|
|
# Update daemon config
|
|
- name: Check if docker daemon configuration exists
|
|
stat:
|
|
path: /etc/docker/daemon.json
|
|
register: docker_config_stat
|
|
- name: Load docker daemon configuration
|
|
when: docker_config_stat.stat.exists
|
|
slurp:
|
|
path: /etc/docker/daemon.json
|
|
register: docker_config
|
|
- name: Parse docker daemon configuration
|
|
when: docker_config_stat.stat.exists
|
|
set_fact:
|
|
docker_config: "{{ docker_config.content | b64decode | from_json }}"
|
|
- name: Set default docker daemon configuration
|
|
when: not docker_config_stat.stat.exists
|
|
set_fact:
|
|
docker_config:
|
|
registry-mirrors: []
|
|
- name: Add registry to docker daemon configuration
|
|
vars:
|
|
new_config:
|
|
registry-mirrors: "['https://{{ buildset_registry.host | ipwrap }}:{{ buildset_registry.port}}/', 'https://{{ buildset_registry.host | ipwrap }}:{{ buildset_registry.proxy_port}}/']"
|
|
set_fact:
|
|
docker_config: "{{ docker_config | combine(new_config) }}"
|
|
- name: Save docker daemon configuration
|
|
copy:
|
|
content: "{{ docker_config | to_nice_json }}"
|
|
dest: /etc/docker/daemon.json
|
|
become: true
|
|
|
|
- name: Restart docker daemon
|
|
service:
|
|
name: docker
|
|
state: restarted
|
|
become: true
|
|
register: docker_restart
|
|
failed_when: docker_restart is failed and not 'Could not find the requested service' in docker_restart.msg
|
|
|
|
# We use 'block' here to cause the become to apply to all the tasks
|
|
# (which does not automatically happen with include_tasks).
|
|
- name: Update docker user config to use buildset registry
|
|
become: true
|
|
become_user: "{{ buildset_registry_docker_user }}"
|
|
when: buildset_registry_docker_user is defined
|
|
block:
|
|
- include_tasks: user-config.yaml
|
|
- name: Update docker user config to use buildset registry
|
|
when: buildset_registry_docker_user is not defined
|
|
block:
|
|
- include_tasks: user-config.yaml
|