Use buildset registry push endpoint

When copying images from the intermediate registry to the buildset
registry, use the new push endpoint of the dual-registry system.

Also, use the push endpoint after a docker build to push the
new image to the buildset registry.

Change-Id: I3a11036bb9fb7cb3457a3d744fa83647c1b1b085
This commit is contained in:
James E. Blair 2019-02-21 14:11:19 -08:00
parent 90fc18f621
commit a358f21736
3 changed files with 13 additions and 9 deletions

View File

@ -1,12 +1,12 @@
- name: Tag image for buildset registry - name: Tag image for buildset registry
command: >- command: >-
docker tag {{ image.repository }}:{{ image_tag }} {{ buildset_registry.host }}:{{ buildset_registry.port }}/{{ image.repository }}:{{ image_tag }} docker tag {{ image.repository }}:{{ image_tag }} {{ buildset_registry.push_host }}:{{ buildset_registry.push_port }}/{{ image.repository }}:{{ image_tag }}
loop: "{{ image.tags | default(['latest']) }}" loop: "{{ image.tags | default(['latest']) }}"
loop_control: loop_control:
loop_var: image_tag loop_var: image_tag
- name: Push tag to buildset registry - name: Push tag to buildset registry
command: >- command: >-
docker push {{ buildset_registry.host }}:{{ buildset_registry.port }}/{{ image.repository }}:{{ image_tag }} docker push {{ buildset_registry.push_host }}:{{ buildset_registry.push_port }}/{{ image.repository }}:{{ image_tag }}
loop: "{{ image.tags | default(['latest']) }}" loop: "{{ image.tags | default(['latest']) }}"
loop_control: loop_control:
loop_var: image_tag loop_var: image_tag

View File

@ -5,23 +5,19 @@
buildset_registry: "{{ (lookup('file', zuul.executor.work_root + '/results.json') | from_json)['buildset_registry'] }}" buildset_registry: "{{ (lookup('file', zuul.executor.work_root + '/results.json') | from_json)['buildset_registry'] }}"
- name: Ensure registry cert directory exists - name: Ensure registry cert directory exists
file: file:
path: "/etc/docker/certs.d/{{ buildset_registry.host }}:{{ buildset_registry.port }}/" path: "/etc/docker/certs.d/{{ buildset_registry.push_host }}:{{ buildset_registry.push_port }}/"
state: directory
- name: Ensure registry cert directory exists
file:
path: "/etc/docker/certs.d/{{ buildset_registry.host }}:{{ buildset_registry.port }}/"
state: directory state: directory
- name: Write registry TLS certificate - name: Write registry TLS certificate
copy: copy:
content: "{{ buildset_registry.cert }}" content: "{{ buildset_registry.cert }}"
dest: "/etc/docker/certs.d/{{ buildset_registry.host }}:{{ buildset_registry.port }}/ca.crt" dest: "/etc/docker/certs.d/{{ buildset_registry.push_host }}:{{ buildset_registry.push_port }}/ca.crt"
- name: Pull artifact from intermediate registry - name: Pull artifact from intermediate registry
command: >- command: >-
skopeo --insecure-policy copy skopeo --insecure-policy copy
--src-creds={{ intermediate_registry.username }}:{{ intermediate_registry.password }} --src-creds={{ intermediate_registry.username }}:{{ intermediate_registry.password }}
--dest-creds={{ buildset_registry.username }}:{{ buildset_registry.password }} --dest-creds={{ buildset_registry.username }}:{{ buildset_registry.password }}
{{ item.url }} {{ item.url }}
docker://{{ buildset_registry.host }}:{{ buildset_registry.port }}/{{ item.metadata.repository }}:{{ item.metadata.tag }} docker://{{ buildset_registry.push_host }}:{{ buildset_registry.push_port }}/{{ item.metadata.repository }}:{{ item.metadata.tag }}
when: "item.metadata.type | default('') == 'container_image'" when: "item.metadata.type | default('') == 'container_image'"
loop: "{{ zuul.artifacts | default([]) }}" loop: "{{ zuul.artifacts | default([]) }}"
# no_log: true TODO(corvus): replace # no_log: true TODO(corvus): replace

View File

@ -17,6 +17,14 @@ Use this role on any host which should use the buildset registry.
The port on which the registry is listening. The port on which the registry is listening.
.. zuul:rolevar:: push_host
The host (IP address) to use when pushing images to the registry.
.. zuul:rolevar:: push_port
The port to use when pushing images to the registry.
.. zuul:rolevar:: username .. zuul:rolevar:: username
The username used to access the registry via HTTP basic auth. The username used to access the registry via HTTP basic auth.