-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
This is the first commit that contains a first iteration: - Documentation - Playbooks to prepare host and deploy openshift standalone registry - Working code review gate (ansible-lint, docs, integration) Change-Id: I1af928c243358d0fb37a9dfcb516a402c070a589
- Loading branch information
David Moreau-Simard
committed
May 31, 2017
1 parent
d6038df
commit 9235514
Showing
24 changed files
with
1,341 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
*.pyc | ||
*.egg | ||
*.eggs | ||
*.egg-info | ||
.tox/ | ||
doc/build | ||
openshift-ansible/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
rdo-container-registry | ||
====================== | ||
RDO community standalone OpenShift Registry configuration, deployment and | ||
documentation_. | ||
|
||
.. _documentation: https://rdo-container-registry.readthedocs.io/en/latest/ | ||
|
||
Note: this is a work in progress | ||
================================ | ||
|
||
The following patches were submitted and merged upstream in order to make this work: | ||
|
||
- Don't set-up origin repositories if they've already been configured: | ||
https://github.com/openshift/openshift-ansible/commit/0414e424c90000a9aa393a1d47404b726a2443d3 | ||
|
||
- Add teams attribute to github identity provider: | ||
https://github.com/openshift/openshift-ansible/commit/1a43e7da5f69d5015ed5dafca50f80f2c8ec528d | ||
|
||
- Allow a hostname to resolve to 127.0.0.1 during validation: | ||
https://github.com/openshift/openshift-ansible/commit/9260dcd084f19ec5a641c2673525163d5ab76816 | ||
|
||
Work is still in progress to merge the some patches. While these are pending, | ||
they are rebased and cherry-picked together a forked branch at | ||
https://github.com/dmsimard/openshift-ansible/tree/rdo | ||
|
||
- Support enabling the centos-openshift-origin-testing repository: | ||
https://github.com/openshift/openshift-ansible/pull/4307 | ||
|
||
- Refactor registry-console setup and add support for SSL: | ||
https://github.com/openshift/openshift-ansible/pull/4256 | ||
|
||
- Refactor openshift_hosted's docker-registry route setup: | ||
https://github.com/openshift/openshift-ansible/pull/4254 |
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
About the registry | ||
================== | ||
|
||
RDO uses an `OpenShift standalone registry`_ which is more or less the upstream | ||
for the `Atomic Registry`_ project. | ||
|
||
We chose to use the OpenShift standalone registry because it provides features | ||
that ``docker-registry`` and ``docker-distribution`` do not have out of the box. | ||
|
||
Some reasons and features include but are not limited to: | ||
|
||
- Being able to list images in the registry: ``oc get imagestreams`` | ||
- Provide a web interface to browse and manage images in the registry | ||
- Built-in authentication and access control (ACL) with GitHub oauth support | ||
- Dogfood the OpenShift standalone registry use case and establish a feedback loop with OpenShift developers | ||
|
||
.. _OpenShift Standalone registry: https://docs.openshift.com/container-platform/latest/install_config/install/stand_alone_registry.html | ||
.. _Atomic Registry: http://www.projectatomic.io/registry/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,83 @@ | ||
# -*- coding: utf-8 -*- | ||
# Copyright 2017 Red Hat, Inc. All Rights Reserved. | ||
# | ||
# Licensed under the Apache License, Version 2.0 (the "License"); you may | ||
# not use this file except in compliance with the License. You may obtain | ||
# a copy of the License at | ||
# | ||
# http://www.apache.org/licenses/LICENSE-2.0 | ||
# | ||
# Unless required by applicable law or agreed to in writing, software | ||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT | ||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the | ||
# License for the specific language governing permissions and limitations | ||
# under the License. | ||
|
||
import os | ||
import sys | ||
import sphinx_rtd_theme | ||
import pbr.version | ||
version_info = pbr.version.VersionInfo('rdo_container_registry') | ||
|
||
sys.path.insert(0, os.path.abspath('../..')) | ||
# -- General configuration ---------------------------------------------------- | ||
|
||
# Add any Sphinx extension module names here, as strings. They can be | ||
# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom ones. | ||
extensions = [ | ||
'sphinx.ext.autodoc', | ||
] | ||
|
||
# autodoc generation is a bit aggressive and a nuisance when doing heavy | ||
# text edit cycles. | ||
# execute "export SPHINX_DEBUG=1" in your terminal to disable | ||
|
||
# The suffix of source filenames. | ||
source_suffix = '.rst' | ||
|
||
# The master toctree document. | ||
master_doc = 'index' | ||
|
||
# General information about the project. | ||
project = u'RDO container registry' | ||
copyright = u'2017, Red Hat' | ||
author = 'RDO Community' | ||
|
||
# The short X.Y version. | ||
version = version_info.version_string() | ||
# The full version, including alpha/beta/rc tags. | ||
release = version_info.release_string() | ||
|
||
# If true, '()' will be appended to :func: etc. cross-reference text. | ||
add_function_parentheses = True | ||
|
||
# If true, the current module name will be prepended to all description | ||
# unit titles (such as .. function::). | ||
add_module_names = True | ||
|
||
# The name of the Pygments (syntax highlighting) style to use. | ||
pygments_style = 'sphinx' | ||
|
||
# -- Options for HTML output -------------------------------------------------- | ||
|
||
# The theme to use for HTML and HTML Help pages. Major themes that come with | ||
# Sphinx are currently 'default' and 'sphinxdoc'. | ||
html_theme = 'sphinx_rtd_theme' | ||
html_theme_path = [sphinx_rtd_theme.get_html_theme_path()] | ||
html_static_path = ['_static'] | ||
|
||
# Output file base name for HTML help builder. | ||
htmlhelp_basename = '%sdoc' % project | ||
|
||
# Grouping the document tree into LaTeX files. List of tuples | ||
# (source start file, target name, title, author, documentclass | ||
# [howto/manual]). | ||
latex_documents = [ | ||
('index', | ||
'%s.tex' % project, | ||
u'%s Documentation' % project, | ||
u'Red Hat', 'manual'), | ||
] | ||
|
||
# Example configuration for intersphinx: refer to the Python standard library. | ||
#intersphinx_mapping = {'http://docs.python.org/': None} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
Welcome to the RDO Container Registry documentation ! | ||
===================================================== | ||
.. image:: _static/openshift_rdo.png | ||
|
||
Table of Contents | ||
================= | ||
|
||
.. toctree:: | ||
:maxdepth: 3 | ||
|
||
About the registry <about> | ||
Installing the registry <installing> | ||
Managing the registry <managing> | ||
Using the registry <using> | ||
Troubleshooting the registry <troubleshooting> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
Installing the registry | ||
======================= | ||
|
||
.. warning:: Fleshing out this documentation is a work in progress. | ||
|
||
:: | ||
|
||
pip install git+https://github.com/rdo-infra/rdo-container-registry | ||
export RDO_GITHUB_CLIENT_ID=oauth_client_id | ||
export RDO_GITHUB_CLIENT_SECRET=oauth_client_secret | ||
tox -e ansible-playbook -- -i hosts -e "host_preparation_docker_disk=/dev/vdb" host-preparation.yml | ||
tox -e ansible-playbook -- -i hosts openshift-ansible/playbooks/byo/config.yml |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
Managing the registry | ||
===================== | ||
|
||
.. warning:: Fleshing out this documentation is a work in progress. | ||
|
||
.. note:: These operations are done directly on the master | ||
|
||
:: | ||
|
||
# Grant superuser privileges to a user once he has logged in at least once | ||
# https://docs.openshift.com/container-platform/3.5/admin_guide/manage_authorization_policy.html | ||
oc policy add-role-to-user cluster-admin dmsimard | ||
|
||
# Create project | ||
oc new-project tripleo \ | ||
--description="TripleO container images for trunk and continuous integration" \ | ||
--display-name="TripleO container images" | ||
|
||
# Create service account, make it admin of the project | ||
oc create serviceaccount tripleo.service -n tripleo | ||
oc policy add-role-to-user admin system:serviceaccount:tripleo:tripleo.service -n tripleo | ||
|
||
# Retrieve service account token for image pushes (for CI and things like that) | ||
oc describe serviceaccount tripleo.service -n tripleo | ||
oc describe secret tripleo.service-token-<generated> -n tripleo | ||
|
||
# Allow authenticated users to browse the TripleO project | ||
# Note: https://github.com/cockpit-project/cockpit/issues/6711 | ||
oc policy add-role-to-group registry-viewer system:authenticated -n tripleo |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
Troubleshooting the registry | ||
============================ | ||
|
||
.. warning:: Fleshing out this documentation is a work in progress. | ||
|
||
:: | ||
|
||
# Logs for the origin-master process | ||
journalctl -u origin-master --follow | ||
|
||
# Note, commands using -n default is to select from the default namespace | ||
|
||
# List routes, pods and services | ||
oc get routes -n default | ||
oc get pods -n default | ||
oc get svc -n default | ||
|
||
# Dump configuration of things | ||
oc export routes -n default -o yaml |less | ||
oc export pods -n default -o yaml |less | ||
oc export svc -n default -o yaml |less | ||
|
||
# Follow logs from running pods | ||
oc get pods -n default | ||
oc logs -f -n default <pod name> (ex: oc logs -f -n default docker-registry-1-xgxqb) | ||
|
||
# Execute a command in a running pod | ||
oc get pods -n default | ||
oc exec -n default <pod name> <command> (ex: oc exec -n default docker-registry-1-xgxqb ls) | ||
|
Oops, something went wrong.