Skip to content

Commit

Permalink
First commit
Browse files Browse the repository at this point in the history
This is the first commit that contains a first iteration:
- Documentation
- Playbooks to prepare host and deploy openshift standalone
  registry
- Working code review gate (ansible-lint, docs, integration)

Change-Id: I1af928c243358d0fb37a9dfcb516a402c070a589
  • Loading branch information
David Moreau-Simard committed May 31, 2017
1 parent d6038df commit 9235514
Show file tree
Hide file tree
Showing 24 changed files with 1,341 additions and 0 deletions.
7 changes: 7 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
*.pyc
*.egg
*.eggs
*.egg-info
.tox/
doc/build
openshift-ansible/
33 changes: 33 additions & 0 deletions README.rst
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
rdo-container-registry
======================
RDO community standalone OpenShift Registry configuration, deployment and
documentation_.

.. _documentation: https://rdo-container-registry.readthedocs.io/en/latest/

Note: this is a work in progress
================================

The following patches were submitted and merged upstream in order to make this work:

- Don't set-up origin repositories if they've already been configured:
https://github.com/openshift/openshift-ansible/commit/0414e424c90000a9aa393a1d47404b726a2443d3

- Add teams attribute to github identity provider:
https://github.com/openshift/openshift-ansible/commit/1a43e7da5f69d5015ed5dafca50f80f2c8ec528d

- Allow a hostname to resolve to 127.0.0.1 during validation:
https://github.com/openshift/openshift-ansible/commit/9260dcd084f19ec5a641c2673525163d5ab76816

Work is still in progress to merge the some patches. While these are pending,
they are rebased and cherry-picked together a forked branch at
https://github.com/dmsimard/openshift-ansible/tree/rdo

- Support enabling the centos-openshift-origin-testing repository:
https://github.com/openshift/openshift-ansible/pull/4307

- Refactor registry-console setup and add support for SSL:
https://github.com/openshift/openshift-ansible/pull/4256

- Refactor openshift_hosted's docker-registry route setup:
https://github.com/openshift/openshift-ansible/pull/4254
Binary file added doc/source/_static/openshift_rdo.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
18 changes: 18 additions & 0 deletions doc/source/about.rst
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
About the registry
==================

RDO uses an `OpenShift standalone registry`_ which is more or less the upstream
for the `Atomic Registry`_ project.

We chose to use the OpenShift standalone registry because it provides features
that ``docker-registry`` and ``docker-distribution`` do not have out of the box.

Some reasons and features include but are not limited to:

- Being able to list images in the registry: ``oc get imagestreams``
- Provide a web interface to browse and manage images in the registry
- Built-in authentication and access control (ACL) with GitHub oauth support
- Dogfood the OpenShift standalone registry use case and establish a feedback loop with OpenShift developers

.. _OpenShift Standalone registry: https://docs.openshift.com/container-platform/latest/install_config/install/stand_alone_registry.html
.. _Atomic Registry: http://www.projectatomic.io/registry/
83 changes: 83 additions & 0 deletions doc/source/conf.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,83 @@
# -*- coding: utf-8 -*-
# Copyright 2017 Red Hat, Inc. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.

import os
import sys
import sphinx_rtd_theme
import pbr.version
version_info = pbr.version.VersionInfo('rdo_container_registry')

sys.path.insert(0, os.path.abspath('../..'))
# -- General configuration ----------------------------------------------------

# Add any Sphinx extension module names here, as strings. They can be
# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom ones.
extensions = [
'sphinx.ext.autodoc',
]

# autodoc generation is a bit aggressive and a nuisance when doing heavy
# text edit cycles.
# execute "export SPHINX_DEBUG=1" in your terminal to disable

# The suffix of source filenames.
source_suffix = '.rst'

# The master toctree document.
master_doc = 'index'

# General information about the project.
project = u'RDO container registry'
copyright = u'2017, Red Hat'
author = 'RDO Community'

# The short X.Y version.
version = version_info.version_string()
# The full version, including alpha/beta/rc tags.
release = version_info.release_string()

# If true, '()' will be appended to :func: etc. cross-reference text.
add_function_parentheses = True

# If true, the current module name will be prepended to all description
# unit titles (such as .. function::).
add_module_names = True

# The name of the Pygments (syntax highlighting) style to use.
pygments_style = 'sphinx'

# -- Options for HTML output --------------------------------------------------

# The theme to use for HTML and HTML Help pages. Major themes that come with
# Sphinx are currently 'default' and 'sphinxdoc'.
html_theme = 'sphinx_rtd_theme'
html_theme_path = [sphinx_rtd_theme.get_html_theme_path()]
html_static_path = ['_static']

# Output file base name for HTML help builder.
htmlhelp_basename = '%sdoc' % project

# Grouping the document tree into LaTeX files. List of tuples
# (source start file, target name, title, author, documentclass
# [howto/manual]).
latex_documents = [
('index',
'%s.tex' % project,
u'%s Documentation' % project,
u'Red Hat', 'manual'),
]

# Example configuration for intersphinx: refer to the Python standard library.
#intersphinx_mapping = {'http://docs.python.org/': None}
15 changes: 15 additions & 0 deletions doc/source/index.rst
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
Welcome to the RDO Container Registry documentation !
=====================================================
.. image:: _static/openshift_rdo.png

Table of Contents
=================

.. toctree::
:maxdepth: 3

About the registry <about>
Installing the registry <installing>
Managing the registry <managing>
Using the registry <using>
Troubleshooting the registry <troubleshooting>
12 changes: 12 additions & 0 deletions doc/source/installing.rst
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
Installing the registry
=======================

.. warning:: Fleshing out this documentation is a work in progress.

::

pip install git+https://github.com/rdo-infra/rdo-container-registry
export RDO_GITHUB_CLIENT_ID=oauth_client_id
export RDO_GITHUB_CLIENT_SECRET=oauth_client_secret
tox -e ansible-playbook -- -i hosts -e "host_preparation_docker_disk=/dev/vdb" host-preparation.yml
tox -e ansible-playbook -- -i hosts openshift-ansible/playbooks/byo/config.yml
29 changes: 29 additions & 0 deletions doc/source/managing.rst
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
Managing the registry
=====================

.. warning:: Fleshing out this documentation is a work in progress.

.. note:: These operations are done directly on the master

::

# Grant superuser privileges to a user once he has logged in at least once
# https://docs.openshift.com/container-platform/3.5/admin_guide/manage_authorization_policy.html
oc policy add-role-to-user cluster-admin dmsimard

# Create project
oc new-project tripleo \
--description="TripleO container images for trunk and continuous integration" \
--display-name="TripleO container images"

# Create service account, make it admin of the project
oc create serviceaccount tripleo.service -n tripleo
oc policy add-role-to-user admin system:serviceaccount:tripleo:tripleo.service -n tripleo

# Retrieve service account token for image pushes (for CI and things like that)
oc describe serviceaccount tripleo.service -n tripleo
oc describe secret tripleo.service-token-<generated> -n tripleo

# Allow authenticated users to browse the TripleO project
# Note: https://github.com/cockpit-project/cockpit/issues/6711
oc policy add-role-to-group registry-viewer system:authenticated -n tripleo
30 changes: 30 additions & 0 deletions doc/source/troubleshooting.rst
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
Troubleshooting the registry
============================

.. warning:: Fleshing out this documentation is a work in progress.

::

# Logs for the origin-master process
journalctl -u origin-master --follow

# Note, commands using -n default is to select from the default namespace

# List routes, pods and services
oc get routes -n default
oc get pods -n default
oc get svc -n default

# Dump configuration of things
oc export routes -n default -o yaml |less
oc export pods -n default -o yaml |less
oc export svc -n default -o yaml |less

# Follow logs from running pods
oc get pods -n default
oc logs -f -n default <pod name> (ex: oc logs -f -n default docker-registry-1-xgxqb)

# Execute a command in a running pod
oc get pods -n default
oc exec -n default <pod name> <command> (ex: oc exec -n default docker-registry-1-xgxqb ls)

Loading

0 comments on commit 9235514

Please sign in to comment.