ansible-role-container-regi.../README.rst
Sorin Sbarnea 230373ece3 Disable docker iptables support
Fixes: https://bugs.launchpad.net/tripleo/+bug/1845166/
Change-Id: Ib8a28d84d7363f060170c134ea291e84c3231357
2019-10-03 20:12:48 +01:00

4.2 KiB

ansible-role-container-registry

A role to deploy a container registry and provide methods to login to it. For now, the role only support Docker Registry v2. The login currently doesn't work with hub.docker.com.

Role Variables

Variables used for container registry
Name Default Value Description
container_registry_debug false Enable debug option in Docker
container_registry_deploy_docker true Whether or not to deploy Docker
container_registry_deploy_docker_distribution true Whether or not to deploy Docker Distribution
container_registry_deployment_user centos User which needs to manage containers
container_registry_docker_options --log-driver=journald --signature-verification=false --iptables=false --live-restore Options given to Docker configuration
container_registry_docker_disable_iptables false Adds --iptables=false to /etc/sysconfig/docker-network config
container_registry_insecure_registries [] Array of insecure registries
container_registry_network_options [undefined] Docker networking options
container_registry_host localhost Docker registry host
container_registry_port 8787 Docker registry port
container_registry_mirror [undefined] Docker registry mirror
container_registry_storage_options -s overlay2 Docker storage options
container_registry_selinux false Whether or not SElinux is enabled for containers
container_registry_additional_sockets [undefined] Additional sockets for containers
container_registry_skip_reconfiguration false Do not perform container registry reconfiguration if it's already configured
container_registry_logins [] A dictionary containing registries and a username and a password associated with the registry. Example: {'docker.io': {'myusername': 'mypassword'}, 'registry.example.com:8787': {'otheruser': 'otherpass'}}

Requirements

  • ansible >= 2.4
  • python >= 2.6

Dependencies

None

Example Playbooks

Modify Image

The following playbook will deploy a Docker registry:

- hosts: localhost
  become: true
  roles:
    - container-registry

License

Apache 2.0

Running local testing

Local testing of this role can be done in a number of ways.

Mimic Zuul

Sometimes its nessisary to setup a test that will mimic what the OpenStack gate will do (Zuul). To run tests that minic the gate, python-virtualenv git, gcc, and ansible are required.

$ sudo yum install python-virtualenv git gcc

Once the packages are installed, create a python virtual environment.

$ python -m virtualenv --system-site-packages ~/test-python
$ ~/test-python/bin/pip install pip setuptools --upgrade

Now install the latest Ansible

$ ~/test-python/bin/pip install ansible

With Ansible installed, activate the virtual environment and run the run-local.yml test playbook.

$ source ~/test-python/bin/activate
(test-python) $ ansible-playbook -i 'localhost,' \
                                 -e "tripleo_src=$(realpath --relative-to="${HOME}" "$(pwd)")" \
                                 -e "ansible_user=${USER}" \
                                 -e "ansible_user_dir=${HOME}" \
                                 -e "ansible_connection=local" \
                                 zuul.d/playbooks/run-local.yml

Running Molecule directly

It is also possible to test this role using molecule directly. When running tests directly it is assumed all of the dependencies are setup and ready to run on the local workstation. When

$ molecule test --all