f793a76e33
In our container job roles and tests we sometimes need to set up a registry. In those caes we've typically been using registry:2 from docker.io. Docker has put in place some pretty strict rate limits so we've mirrored the image to quay.io as an alternative source location. Fetch the image from that location. Change-Id: Idccaa350bd2951d5b56314ea4f19bdcb9c13d1a1
51 lines
1.5 KiB
YAML
51 lines
1.5 KiB
YAML
- name: Ensure registry volume directories exists
|
|
become: true
|
|
file:
|
|
state: directory
|
|
path: "/var/registry/{{ zj_reg_dir }}"
|
|
loop:
|
|
- certs
|
|
- auth
|
|
loop_control:
|
|
loop_var: zj_reg_dir
|
|
- name: Install python packages
|
|
become: true
|
|
package:
|
|
name:
|
|
- python3-docker
|
|
- python3-passlib
|
|
- python3-bcrypt
|
|
state: present
|
|
- name: Write htpassword file
|
|
become: true
|
|
htpasswd:
|
|
create: true
|
|
crypt_scheme: bcrypt
|
|
path: /var/registry/auth/htpasswd
|
|
name: "{{ intermediate_registry.username }}"
|
|
password: "{{ intermediate_registry.password }}"
|
|
- name: Write TLS private key
|
|
become: true
|
|
copy:
|
|
content: "{{ intermediate_registry_tls_key }}"
|
|
dest: /var/registry/certs/domain.key
|
|
- name: Write TLS certificate
|
|
become: true
|
|
copy:
|
|
content: "{{ intermediate_registry_tls_cert }}{{ intermediate_registry_tls_chain | default('') }}"
|
|
dest: /var/registry/certs/domain.crt
|
|
- name: Start intermediate docker registry
|
|
command: >-
|
|
{{ container_command }} run -d
|
|
--name="intermediate_registry"
|
|
--restart=always
|
|
--network=host
|
|
--env REGISTRY_HTTP_TLS_CERTIFICATE="/certs/domain.crt"
|
|
--env REGISTRY_HTTP_TLS_KEY="/certs/domain.key"
|
|
--env REGISTRY_AUTH="htpasswd"
|
|
--env REGISTRY_AUTH_HTPASSWD_PATH="/auth/htpasswd"
|
|
--env REGISTRY_AUTH_HTPASSWD_REALM="Registry Realm"
|
|
--volume="/var/registry/certs:/certs"
|
|
--volume="/var/registry/auth:/auth"
|
|
quay.io/opendevmirror/registry:2
|