diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..020d06f --- /dev/null +++ b/.gitignore @@ -0,0 +1,7 @@ +*.pyc +*.egg +*.eggs +*.egg-info +.tox/ +doc/build +openshift-ansible/ diff --git a/README.rst b/README.rst new file mode 100644 index 0000000..2be86bb --- /dev/null +++ b/README.rst @@ -0,0 +1,33 @@ +rdo-container-registry +====================== +RDO community standalone OpenShift Registry configuration, deployment and +documentation_. + +.. _documentation: https://rdo-container-registry.readthedocs.io/en/latest/ + +Note: this is a work in progress +================================ + +The following patches were submitted and merged upstream in order to make this work: + +- Don't set-up origin repositories if they've already been configured: + https://github.com/openshift/openshift-ansible/commit/0414e424c90000a9aa393a1d47404b726a2443d3 + +- Add teams attribute to github identity provider: + https://github.com/openshift/openshift-ansible/commit/1a43e7da5f69d5015ed5dafca50f80f2c8ec528d + +- Allow a hostname to resolve to 127.0.0.1 during validation: + https://github.com/openshift/openshift-ansible/commit/9260dcd084f19ec5a641c2673525163d5ab76816 + +Work is still in progress to merge the some patches. While these are pending, +they are rebased and cherry-picked together a forked branch at +https://github.com/dmsimard/openshift-ansible/tree/rdo + +- Support enabling the centos-openshift-origin-testing repository: + https://github.com/openshift/openshift-ansible/pull/4307 + +- Refactor registry-console setup and add support for SSL: + https://github.com/openshift/openshift-ansible/pull/4256 + +- Refactor openshift_hosted's docker-registry route setup: + https://github.com/openshift/openshift-ansible/pull/4254 diff --git a/doc/source/_static/openshift_rdo.png b/doc/source/_static/openshift_rdo.png new file mode 100644 index 0000000..bdcfa29 Binary files /dev/null and b/doc/source/_static/openshift_rdo.png differ diff --git a/doc/source/about.rst b/doc/source/about.rst new file mode 100644 index 0000000..c782f69 --- /dev/null +++ b/doc/source/about.rst @@ -0,0 +1,18 @@ +About the registry +================== + +RDO uses an `OpenShift standalone registry`_ which is more or less the upstream +for the `Atomic Registry`_ project. + +We chose to use the OpenShift standalone registry because it provides features +that ``docker-registry`` and ``docker-distribution`` do not have out of the box. + +Some reasons and features include but are not limited to: + +- Being able to list images in the registry: ``oc get imagestreams`` +- Provide a web interface to browse and manage images in the registry +- Built-in authentication and access control (ACL) with GitHub oauth support +- Dogfood the OpenShift standalone registry use case and establish a feedback loop with OpenShift developers + +.. _OpenShift Standalone registry: https://docs.openshift.com/container-platform/latest/install_config/install/stand_alone_registry.html +.. _Atomic Registry: http://www.projectatomic.io/registry/ diff --git a/doc/source/conf.py b/doc/source/conf.py new file mode 100644 index 0000000..2e1be6d --- /dev/null +++ b/doc/source/conf.py @@ -0,0 +1,83 @@ +# -*- coding: utf-8 -*- +# Copyright 2017 Red Hat, Inc. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +import os +import sys +import sphinx_rtd_theme +import pbr.version +version_info = pbr.version.VersionInfo('rdo_container_registry') + +sys.path.insert(0, os.path.abspath('../..')) +# -- General configuration ---------------------------------------------------- + +# Add any Sphinx extension module names here, as strings. They can be +# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom ones. +extensions = [ + 'sphinx.ext.autodoc', +] + +# autodoc generation is a bit aggressive and a nuisance when doing heavy +# text edit cycles. +# execute "export SPHINX_DEBUG=1" in your terminal to disable + +# The suffix of source filenames. +source_suffix = '.rst' + +# The master toctree document. +master_doc = 'index' + +# General information about the project. +project = u'RDO container registry' +copyright = u'2017, Red Hat' +author = 'RDO Community' + +# The short X.Y version. +version = version_info.version_string() +# The full version, including alpha/beta/rc tags. +release = version_info.release_string() + +# If true, '()' will be appended to :func: etc. cross-reference text. +add_function_parentheses = True + +# If true, the current module name will be prepended to all description +# unit titles (such as .. function::). +add_module_names = True + +# The name of the Pygments (syntax highlighting) style to use. +pygments_style = 'sphinx' + +# -- Options for HTML output -------------------------------------------------- + +# The theme to use for HTML and HTML Help pages. Major themes that come with +# Sphinx are currently 'default' and 'sphinxdoc'. +html_theme = 'sphinx_rtd_theme' +html_theme_path = [sphinx_rtd_theme.get_html_theme_path()] +html_static_path = ['_static'] + +# Output file base name for HTML help builder. +htmlhelp_basename = '%sdoc' % project + +# Grouping the document tree into LaTeX files. List of tuples +# (source start file, target name, title, author, documentclass +# [howto/manual]). +latex_documents = [ + ('index', + '%s.tex' % project, + u'%s Documentation' % project, + u'Red Hat', 'manual'), +] + +# Example configuration for intersphinx: refer to the Python standard library. +#intersphinx_mapping = {'http://docs.python.org/': None} diff --git a/doc/source/index.rst b/doc/source/index.rst new file mode 100644 index 0000000..51ff9e5 --- /dev/null +++ b/doc/source/index.rst @@ -0,0 +1,15 @@ +Welcome to the RDO Container Registry documentation ! +===================================================== +.. image:: _static/openshift_rdo.png + +Table of Contents +================= + +.. toctree:: + :maxdepth: 3 + + About the registry + Installing the registry + Managing the registry + Using the registry + Troubleshooting the registry diff --git a/doc/source/installing.rst b/doc/source/installing.rst new file mode 100644 index 0000000..6414439 --- /dev/null +++ b/doc/source/installing.rst @@ -0,0 +1,12 @@ +Installing the registry +======================= + +.. warning:: Fleshing out this documentation is a work in progress. + +:: + + pip install git+https://github.com/rdo-infra/rdo-container-registry + export RDO_GITHUB_CLIENT_ID=oauth_client_id + export RDO_GITHUB_CLIENT_SECRET=oauth_client_secret + tox -e ansible-playbook -- -i hosts -e "host_preparation_docker_disk=/dev/vdb" host-preparation.yml + tox -e ansible-playbook -- -i hosts openshift-ansible/playbooks/byo/config.yml diff --git a/doc/source/managing.rst b/doc/source/managing.rst new file mode 100644 index 0000000..6b603bf --- /dev/null +++ b/doc/source/managing.rst @@ -0,0 +1,29 @@ +Managing the registry +===================== + +.. warning:: Fleshing out this documentation is a work in progress. + +.. note:: These operations are done directly on the master + +:: + + # Grant superuser privileges to a user once he has logged in at least once + # https://docs.openshift.com/container-platform/3.5/admin_guide/manage_authorization_policy.html + oc policy add-role-to-user cluster-admin dmsimard + + # Create project + oc new-project tripleo \ + --description="TripleO container images for trunk and continuous integration" \ + --display-name="TripleO container images" + + # Create service account, make it admin of the project + oc create serviceaccount tripleo.service -n tripleo + oc policy add-role-to-user admin system:serviceaccount:tripleo:tripleo.service -n tripleo + + # Retrieve service account token for image pushes (for CI and things like that) + oc describe serviceaccount tripleo.service -n tripleo + oc describe secret tripleo.service-token- -n tripleo + + # Allow authenticated users to browse the TripleO project + # Note: https://github.com/cockpit-project/cockpit/issues/6711 + oc policy add-role-to-group registry-viewer system:authenticated -n tripleo diff --git a/doc/source/troubleshooting.rst b/doc/source/troubleshooting.rst new file mode 100644 index 0000000..36968b3 --- /dev/null +++ b/doc/source/troubleshooting.rst @@ -0,0 +1,30 @@ +Troubleshooting the registry +============================ + +.. warning:: Fleshing out this documentation is a work in progress. + +:: + + # Logs for the origin-master process + journalctl -u origin-master --follow + + # Note, commands using -n default is to select from the default namespace + + # List routes, pods and services + oc get routes -n default + oc get pods -n default + oc get svc -n default + + # Dump configuration of things + oc export routes -n default -o yaml |less + oc export pods -n default -o yaml |less + oc export svc -n default -o yaml |less + + # Follow logs from running pods + oc get pods -n default + oc logs -f -n default (ex: oc logs -f -n default docker-registry-1-xgxqb) + + # Execute a command in a running pod + oc get pods -n default + oc exec -n default (ex: oc exec -n default docker-registry-1-xgxqb ls) + diff --git a/doc/source/using.rst b/doc/source/using.rst new file mode 100644 index 0000000..524226f --- /dev/null +++ b/doc/source/using.rst @@ -0,0 +1,635 @@ +Using the registry +================== + +.. warning:: Fleshing out this documentation is a work in progress. + +Pulling containers +------------------ + +``docker pull trunk.registry.rdoproject.org//(:)`` + +Examples:: + + docker pull trunk.registry.rdoproject.org/tripleo/centos-binary-base:latest-passed-ci + docker pull trunk.registry.rdoproject.org/developer/centos + +Pushing containers +------------------ + +Before you can push containers, you need to log in to the registry using +the ``docker login`` command. + +In order to use the ``docker login`` command, you need to obtain a token first. +This token is obtained by logging on to the `registry console`_. + +In order to log in to the registry console, you need to be a member of a +specific `GitHub team`_ which grants the required access. + +After you have successfully logged in to the console, the home page will provide +the login command that you can copy & paste, it looks like this:: + + docker login -p abcdef_token -e unused -u unused trunk.registry.rdoproject.org + +Afterwards, you may push container images to projects in which you have the necessary +privileges, for example:: + + docker pull docker.io/centos + docker tag docker.io/centos trunk.registry.rdoproject.org/myproject/centos + docker push trunk.registry.rdoproject.org/myproject/centos + +.. _registry console: https://console.registry.rdoproject.org +.. _GitHub team: https://github.com/orgs/rdo-infra/teams/registry-rdoproject-org + +Using the OpenShift origin client +--------------------------------- + +The OpenShift origin client allows you to query the registry to list images or +get image metadata information. + +To install the OpenShift client:: + + # On Fedora + dnf -y install origin-clients + + # On CentOS + yum -y install centos-release-openshift-origin + yum -y install origin-clients + +If you have an account +~~~~~~~~~~~~~~~~~~~~~~ + +If you have an account and are able to log in to the `registry console`_, it +will provide a login command that you can copy & paste, it looks like this:: + + oc login --token abcdef_token registry.rdoproject.org:8443 + +You will then be able to use ``oc`` commands against the projects you have access +to. + +If you do not have an account +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +If you do not have an account and you are not able to log in to the +`registry console`_, you will only be able to list container images for +projects that are *public* (*anonymous*). + +You will need to create a configuration file in order to tell your OpenShift +client where the OpenShift cluster is located in order to send it's queries. + +This configuration file is located at ``~/.kube/config`` and needs to look like +the following:: + + apiVersion: v1 + clusters: + - cluster: + server: https://registry.rdoproject.org:8443 + name: registry-rdoproject-org:8443 + contexts: + - context: + cluster: registry-rdoproject-org:8443 + namespace: default + kind: Config + preferences: {} + +You will then be able to use ``oc`` commands against projects that are made +public or anonymous. + +Listing containers +~~~~~~~~~~~~~~~~~~ + +The OpenShift client has the ability to list available container images in a +project over CLI:: + + oc get imagestreams -n tripleo + NAME DOCKER REPO TAGS UPDATED + centos-binary-aodh-api 172.30.132.198:5000/tripleo/centos-binary-aodh-api latest 2 hours ago + centos-binary-aodh-base 172.30.132.198:5000/tripleo/centos-binary-aodh-base latest 2 hours ago + centos-binary-aodh-evaluator 172.30.132.198:5000/tripleo/centos-binary-aodh-evaluator latest 2 hours ago + +.. note:: Note that the DOCKER REPO field contains an internal URL. + This will be improved to show the public registry endpoint in a + future version of OpenShift, in the meantime, you can substitute that + URL by ``trunk.registry.rdoproject.org``. + +Image metadata +-------------- + +With the OpenShift client +~~~~~~~~~~~~~~~~~~~~~~~~~ +``oc describe imagestreams`` or ``oc describe is``:: + + oc describe imagestreams centos-binary-aodh-api -n tripleo + Name: centos-binary-aodh-api + Namespace: tripleo + Created: 23 hours ago + Labels: + Annotations: + Docker Pull Spec: 172.30.132.198:5000/tripleo/centos-binary-aodh-api + Unique Images: 4 + Tags: 4 + + latest + pushed image + + * 172.30.132.198:5000/tripleo/centos-binary-aodh-api@sha256:b558c7e942d03dbaf506cae0b8bba81ec98c4d132f8f81fdbdead1521ca6fd73 + 23 hours ago + + 38471d4ccf3914805fafaa56b21db2cc83755e95_5d6d179f + pushed image + + * 172.30.132.198:5000/tripleo/centos-binary-aodh-api@sha256:85efabdbdb663802d6387623fc9f76c13ad89f74bf121e8f246f0f9b22cd261e + 22 hours ago + + 87a9e523723c0707a56341e9a7f7542bb4ec9567_c928cd3f + pushed image + + * 172.30.132.198:5000/tripleo/centos-binary-aodh-api@sha256:64c2837a84c7a72acfc2c633426cbb600b0771dde1259de7203a61a1b4c37aae + 23 hours ago + + latest-passed-ci + pushed image + + * 172.30.132.198:5000/tripleo/centos-binary-aodh-api@sha256:aa784a9b213b8d8b42b1ed09cbc3e6111956703cbd223f7f6f77f17c48383665 + 22 hours ago + +``oc describe imagestreamtags`` or ``oc describe istags``:: + + oc describe imagestreamtags centos-binary-aodh-api:latest -n tripleo + Name: sha256:b558c7e942d03dbaf506cae0b8bba81ec98c4d132f8f81fdbdead1521ca6fd73 + Namespace: + Created: 23 hours ago + Labels: + Annotations: openshift.io/image.managed=true + Docker Image: 172.30.132.198:5000/tripleo/centos-binary-aodh-api@sha256:b558c7e942d03dbaf506cae0b8bba81ec98c4d132f8f81fdbdead1521ca6fd73 + Image Name: sha256:b558c7e942d03dbaf506cae0b8bba81ec98c4d132f8f81fdbdead1521ca6fd73 + Image Size: 237.1 MB (first layer 72.29 MB, last binary layer 545 B) + Image Created: 24 hours ago + Author: + Arch: amd64 + Command: kolla_start + Working Dir: + User: + Exposes Ports: + Docker Labels: + build-date=20170529 + build_id=1496093093 + kolla_version=4.0.0 + license=GPLv2 + maintainer=TripleO Project (http://tripleo.org) + name=aodh-api + rdo_version=87a9e523723c0707a56341e9a7f7542bb4ec9567_c928cd3f + vendor=CentOS + Environment: + PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + KOLLA_BASE_DISTRO=centos + KOLLA_INSTALL_TYPE=binary + KOLLA_INSTALL_METATYPE=rdo + PS1=$(tput bold)($(printenv KOLLA_SERVICE_NAME))$(tput sgr0)[$(id -un)@$(hostname -s) $(pwd)]$ + +With Skopeo +~~~~~~~~~~~ +Skopeo_ is a tool from `Project Atomic`_ that allows you interact easily with +Docker registries. + +For example, it allows you to inspect metadata remotely without downloading +the image first:: + + skopeo inspect docker://trunk.registry.rdoproject.org/tripleo/centos-binary-aodh-api + { + "Name": "trunk.registry.rdoproject.org/tripleo/centos-binary-aodh-api", + "Tag": "latest", + "Digest": "sha256:b558c7e942d03dbaf506cae0b8bba81ec98c4d132f8f81fdbdead1521ca6fd73", + "RepoTags": [ + "latest", + "38471d4ccf3914805fafaa56b21db2cc83755e95_5d6d179f", + "87a9e523723c0707a56341e9a7f7542bb4ec9567_c928cd3f", + "latest-passed-ci" + ], + "Created": "2017-05-29T21:29:21.715464885Z", + "DockerVersion": "1.12.6", + "Labels": { + "build-date": "20170529", + "build_id": "1496093093", + "kolla_version": "4.0.0", + "license": "GPLv2", + "maintainer": "TripleO Project (http://tripleo.org)", + "name": "aodh-api", + "rdo_version": "87a9e523723c0707a56341e9a7f7542bb4ec9567_c928cd3f", + "vendor": "CentOS" + }, + "Architecture": "amd64", + "Os": "linux", + "Layers": [ + "sha256:dd6405a9d6445ac370348c852c1d28dbdbbbefca4a40f5a302d02ea59488023d", + "sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4", + "sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4", + "sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4", + "sha256:2cd7b6008767ea2a93ac3d0ab8b034a008f74e4ad6cbefcdae1132ed0cd9357e", + "sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4", + "sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4", + "sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4", + "sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4", + "sha256:0f9e56455f34aceaba55c30e37223ecc9c78a699665e666949fe46f4522553c2", + "sha256:2e83a0b6361f9d4a4ff6d34622f856ef853d5fb5d69380a2ce725da479a3a1bd", + "sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4", + "sha256:bf6f0cf0995e7369a7cb3fc4de97a1252a9a33cce553971b68be89798f54a3c0", + "sha256:72be68d311b8dfd0328e46ef8561fc4e8a44e3aa12d47e87332c1bdfb581398a", + "sha256:bd2e425390db662ed28bc21372c7fa0256d130e55f7bf8ec6339fc41fa1d166c", + "sha256:7020914f6824dda8830b3dbb559500e41cfb6de2c0c85b94ce8e42d874cad2b4", + "sha256:c4f089101f2cebb3f9b57259fbe73137a1a1181f9eedc408f41b1392912e7c82", + "sha256:33abc8109d965f93c302c9811928b6ebdf9bb22339e2cbdd8dda32f0e6f64461", + "sha256:bddef0ebe7c602b3ea948d0d9fe0707d4ecb02e78e33de77af279e18829cc280", + "sha256:e83b73b2bea3e03313d3243240e7e30fd2ac585afbb57223053e1b658439b46c", + "sha256:a3ece904123ddd878bdbd88aa01817de01b79f481df9965b9a5cd4f56e529b72", + "sha256:54c91f9119b0a5e1925e3eb4c35df00268d99f76eace85b248c64b30ac896d1a", + "sha256:702759ec043e579a7a5634a6fc1010ecf567af91069928571e472e7a69cbf4fb", + "sha256:ea2620fc7ad861d9cf3f42cf6a4d73be4b25889a8a2610e854aefc508f5b5d0e", + "sha256:8d8ec19a2094876862b81a2194bbe72efcab2ad7b6f2a59f91d75056b8eef64d", + "sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4", + "sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4", + "sha256:da5c65ac8909f45a23d180f074a49d9b768d697d1db90dd79c813182c265ea80", + "sha256:1b403b81203da688a9add9c41291a87f8c8f08cac4244540b9e5f66d1db30a06", + "sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4", + "sha256:68ebdcb67a8ebe7f7d525dbbfd85e989181c965b52441fc6ff1c1b1a41477f9e", + "sha256:b4a7f16092b091deff942a0a5cb5da27b63859d7af5422630f32a47f87f54bbf", + "sha256:b892f4c6c3b7e139dbe8d7e403c4558f5b424c5cf07a51ff5ab074c6201cd779", + "sha256:0fd273e790a9b2fc17d28ec6255094f5fe63a1576e54c208134c0435f1c1b2cc", + "sha256:73786d94d5dedd650ce3193adfa2b92502131e90287731ac6d26db5de1ae5d4d", + "sha256:fdcf22601cf27f222030e783f8755e11a1adb0dc949a7e735740e67c02548171", + "sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4", + "sha256:3f59f43f810c97c60d62f42c8779ad9aadecfb1647feb86630dcc444ab710995", + "sha256:bd7ad955318a78798da9d8b4c9ad4c683bf38dcd93db7b2f6a1c111e37b563ff", + "sha256:79743704eaad90ed9ce3a67fa1185babc3ffc9f015213831b659e67ed11704d5" + ] + } + +.. _Skopeo: https://github.com/projectatomic/skopeo +.. _Project Atomic: http://www.projectatomic.io/ + +With curl +~~~~~~~~~ + +For ``imagestreams``:: + + curl https://registry.rdoproject.org:8443/oapi/v1/namespaces/tripleo/imagestreams/centos-binary-aodh-api + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "centos-binary-aodh-api", + "namespace": "tripleo", + "selfLink": "/oapi/v1/namespaces/tripleo/imagestreams/centos-binary-aodh-api", + "uid": "a0c69ef8-44c0-11e7-858e-fa163e033b7c", + "resourceVersion": "3600", + "generation": 1, + "creationTimestamp": "2017-05-29T22:46:17Z" + }, + "spec": {}, + "status": { + "dockerImageRepository": "172.30.132.198:5000/tripleo/centos-binary-aodh-api", + "tags": [ + { + "tag": "latest", + "items": [ + { + "created": "2017-05-29T22:46:17Z", + "dockerImageReference": "172.30.132.198:5000/tripleo/centos-binary-aodh-api@sha256:b558c7e942d03dbaf506cae0b8bba81ec98c4d132f8f81fdbdead1521ca6fd73", + "image": "sha256:b558c7e942d03dbaf506cae0b8bba81ec98c4d132f8f81fdbdead1521ca6fd73", + "generation": 1 + } + ] + }, + { + "tag": "38471d4ccf3914805fafaa56b21db2cc83755e95_5d6d179f", + "items": [ + { + "created": "2017-05-29T23:11:38Z", + "dockerImageReference": "172.30.132.198:5000/tripleo/centos-binary-aodh-api@sha256:85efabdbdb663802d6387623fc9f76c13ad89f74bf121e8f246f0f9b22cd261e", + "image": "sha256:85efabdbdb663802d6387623fc9f76c13ad89f74bf121e8f246f0f9b22cd261e", + "generation": 1 + } + ] + }, + { + "tag": "87a9e523723c0707a56341e9a7f7542bb4ec9567_c928cd3f", + "items": [ + { + "created": "2017-05-29T22:46:31Z", + "dockerImageReference": "172.30.132.198:5000/tripleo/centos-binary-aodh-api@sha256:64c2837a84c7a72acfc2c633426cbb600b0771dde1259de7203a61a1b4c37aae", + "image": "sha256:64c2837a84c7a72acfc2c633426cbb600b0771dde1259de7203a61a1b4c37aae", + "generation": 1 + } + ] + }, + { + "tag": "latest-passed-ci", + "items": [ + { + "created": "2017-05-29T23:11:24Z", + "dockerImageReference": "172.30.132.198:5000/tripleo/centos-binary-aodh-api@sha256:aa784a9b213b8d8b42b1ed09cbc3e6111956703cbd223f7f6f77f17c48383665", + "image": "sha256:aa784a9b213b8d8b42b1ed09cbc3e6111956703cbd223f7f6f77f17c48383665", + "generation": 1 + } + ] + } + ] + } + } + +For ``imagestreamtags``:: + + curl https://registry.rdoproject.org:8443/oapi/v1/namespaces/tripleo/imagestreamtags/centos-binary-aodh-api:latest + { + "kind": "ImageStreamTag", + "apiVersion": "v1", + "metadata": { + "name": "centos-binary-aodh-api:latest", + "namespace": "tripleo", + "selfLink": "/oapi/v1/namespaces/tripleo/imagestreamtags/centos-binary-aodh-api%3Alatest", + "uid": "a0c69ef8-44c0-11e7-858e-fa163e033b7c", + "resourceVersion": "3600", + "creationTimestamp": "2017-05-29T22:46:17Z" + }, + "tag": null, + "generation": 1, + "image": { + "metadata": { + "name": "sha256:b558c7e942d03dbaf506cae0b8bba81ec98c4d132f8f81fdbdead1521ca6fd73", + "uid": "a0c7a764-44c0-11e7-858e-fa163e033b7c", + "resourceVersion": "3098", + "creationTimestamp": "2017-05-29T22:46:17Z", + "annotations": { + "openshift.io/image.managed": "true" + } + }, + "dockerImageReference": "172.30.132.198:5000/tripleo/centos-binary-aodh-api@sha256:b558c7e942d03dbaf506cae0b8bba81ec98c4d132f8f81fdbdead1521ca6fd73", + "dockerImageMetadata": { + "kind": "DockerImage", + "apiVersion": "1.0", + "Id": "11e27e00f85f340a8ad1e9e2330dc61b80f3ea962db9c468c7776a21f6ceee00", + "Parent": "ad9dfe0c7ccc21ff769cb644a30f88f8ddad536fec46664a23537cf91cadc33e", + "Created": "2017-05-29T21:29:21Z", + "Container": "f019f8ffc684ac4a9ed476d2ef53cf4612e7a4889ae7bc6e0c32d1743b524753", + "ContainerConfig": { + "Hostname": "dfa0e46aa7ac", + "Env": [ + "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", + "KOLLA_BASE_DISTRO=centos", + "KOLLA_INSTALL_TYPE=binary", + "KOLLA_INSTALL_METATYPE=rdo", + "PS1=$(tput bold)($(printenv KOLLA_SERVICE_NAME))$(tput sgr0)[$(id -un)@$(hostname -s) $(pwd)]$ " + ], + "Cmd": [ + "/bin/sh", + "-c", + "chmod 755 /usr/local/bin/kolla_aodh_extend_start" + ], + "Image": "sha256:b2c4694ba4d018bbfe55f5546091684bbe51e14f18b5aa53aaaff24d81b07c61", + "Labels": { + "build-date": "20170529", + "build_id": "1496093093", + "kolla_version": "4.0.0", + "license": "GPLv2", + "maintainer": "TripleO Project (http://tripleo.org)", + "name": "aodh-api", + "rdo_version": "87a9e523723c0707a56341e9a7f7542bb4ec9567_c928cd3f", + "vendor": "CentOS" + } + }, + "DockerVersion": "1.12.6", + "Config": { + "Hostname": "dfa0e46aa7ac", + "Env": [ + "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", + "KOLLA_BASE_DISTRO=centos", + "KOLLA_INSTALL_TYPE=binary", + "KOLLA_INSTALL_METATYPE=rdo", + "PS1=$(tput bold)($(printenv KOLLA_SERVICE_NAME))$(tput sgr0)[$(id -un)@$(hostname -s) $(pwd)]$ " + ], + "Cmd": [ + "kolla_start" + ], + "Image": "sha256:b2c4694ba4d018bbfe55f5546091684bbe51e14f18b5aa53aaaff24d81b07c61", + "Labels": { + "build-date": "20170529", + "build_id": "1496093093", + "kolla_version": "4.0.0", + "license": "GPLv2", + "maintainer": "TripleO Project (http://tripleo.org)", + "name": "aodh-api", + "rdo_version": "87a9e523723c0707a56341e9a7f7542bb4ec9567_c928cd3f", + "vendor": "CentOS" + } + }, + "Architecture": "amd64", + "Size": 237061207 + }, + "dockerImageMetadataVersion": "1.0", + "dockerImageLayers": [ + { + "name": "sha256:dd6405a9d6445ac370348c852c1d28dbdbbbefca4a40f5a302d02ea59488023d", + "size": 72292482, + "mediaType": "application/vnd.docker.container.image.rootfs.diff+x-gtar" + }, + { + "name": "sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4", + "size": 32, + "mediaType": "application/vnd.docker.container.image.rootfs.diff+x-gtar" + }, + { + "name": "sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4", + "size": 32, + "mediaType": "application/vnd.docker.container.image.rootfs.diff+x-gtar" + }, + { + "name": "sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4", + "size": 32, + "mediaType": "application/vnd.docker.container.image.rootfs.diff+x-gtar" + }, + { + "name": "sha256:2cd7b6008767ea2a93ac3d0ab8b034a008f74e4ad6cbefcdae1132ed0cd9357e", + "size": 22717, + "mediaType": "application/vnd.docker.container.image.rootfs.diff+x-gtar" + }, + { + "name": "sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4", + "size": 32, + "mediaType": "application/vnd.docker.container.image.rootfs.diff+x-gtar" + }, + { + "name": "sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4", + "size": 32, + "mediaType": "application/vnd.docker.container.image.rootfs.diff+x-gtar" + }, + { + "name": "sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4", + "size": 32, + "mediaType": "application/vnd.docker.container.image.rootfs.diff+x-gtar" + }, + { + "name": "sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4", + "size": 32, + "mediaType": "application/vnd.docker.container.image.rootfs.diff+x-gtar" + }, + { + "name": "sha256:0f9e56455f34aceaba55c30e37223ecc9c78a699665e666949fe46f4522553c2", + "size": 266, + "mediaType": "application/vnd.docker.container.image.rootfs.diff+x-gtar" + }, + { + "name": "sha256:2e83a0b6361f9d4a4ff6d34622f856ef853d5fb5d69380a2ce725da479a3a1bd", + "size": 528, + "mediaType": "application/vnd.docker.container.image.rootfs.diff+x-gtar" + }, + { + "name": "sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4", + "size": 32, + "mediaType": "application/vnd.docker.container.image.rootfs.diff+x-gtar" + }, + { + "name": "sha256:bf6f0cf0995e7369a7cb3fc4de97a1252a9a33cce553971b68be89798f54a3c0", + "size": 2023, + "mediaType": "application/vnd.docker.container.image.rootfs.diff+x-gtar" + }, + { + "name": "sha256:72be68d311b8dfd0328e46ef8561fc4e8a44e3aa12d47e87332c1bdfb581398a", + "size": 1598, + "mediaType": "application/vnd.docker.container.image.rootfs.diff+x-gtar" + }, + { + "name": "sha256:bd2e425390db662ed28bc21372c7fa0256d130e55f7bf8ec6339fc41fa1d166c", + "size": 1621, + "mediaType": "application/vnd.docker.container.image.rootfs.diff+x-gtar" + }, + { + "name": "sha256:7020914f6824dda8830b3dbb559500e41cfb6de2c0c85b94ce8e42d874cad2b4", + "size": 5360567, + "mediaType": "application/vnd.docker.container.image.rootfs.diff+x-gtar" + }, + { + "name": "sha256:c4f089101f2cebb3f9b57259fbe73137a1a1181f9eedc408f41b1392912e7c82", + "size": 5485035, + "mediaType": "application/vnd.docker.container.image.rootfs.diff+x-gtar" + }, + { + "name": "sha256:33abc8109d965f93c302c9811928b6ebdf9bb22339e2cbdd8dda32f0e6f64461", + "size": 5370612, + "mediaType": "application/vnd.docker.container.image.rootfs.diff+x-gtar" + }, + { + "name": "sha256:bddef0ebe7c602b3ea948d0d9fe0707d4ecb02e78e33de77af279e18829cc280", + "size": 34553499, + "mediaType": "application/vnd.docker.container.image.rootfs.diff+x-gtar" + }, + { + "name": "sha256:e83b73b2bea3e03313d3243240e7e30fd2ac585afbb57223053e1b658439b46c", + "size": 3923, + "mediaType": "application/vnd.docker.container.image.rootfs.diff+x-gtar" + }, + { + "name": "sha256:a3ece904123ddd878bdbd88aa01817de01b79f481df9965b9a5cd4f56e529b72", + "size": 596, + "mediaType": "application/vnd.docker.container.image.rootfs.diff+x-gtar" + }, + { + "name": "sha256:54c91f9119b0a5e1925e3eb4c35df00268d99f76eace85b248c64b30ac896d1a", + "size": 546, + "mediaType": "application/vnd.docker.container.image.rootfs.diff+x-gtar" + }, + { + "name": "sha256:702759ec043e579a7a5634a6fc1010ecf567af91069928571e472e7a69cbf4fb", + "size": 250, + "mediaType": "application/vnd.docker.container.image.rootfs.diff+x-gtar" + }, + { + "name": "sha256:ea2620fc7ad861d9cf3f42cf6a4d73be4b25889a8a2610e854aefc508f5b5d0e", + "size": 27474, + "mediaType": "application/vnd.docker.container.image.rootfs.diff+x-gtar" + }, + { + "name": "sha256:8d8ec19a2094876862b81a2194bbe72efcab2ad7b6f2a59f91d75056b8eef64d", + "size": 4838, + "mediaType": "application/vnd.docker.container.image.rootfs.diff+x-gtar" + }, + { + "name": "sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4", + "size": 32, + "mediaType": "application/vnd.docker.container.image.rootfs.diff+x-gtar" + }, + { + "name": "sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4", + "size": 32, + "mediaType": "application/vnd.docker.container.image.rootfs.diff+x-gtar" + }, + { + "name": "sha256:da5c65ac8909f45a23d180f074a49d9b768d697d1db90dd79c813182c265ea80", + "size": 14847530, + "mediaType": "application/vnd.docker.container.image.rootfs.diff+x-gtar" + }, + { + "name": "sha256:1b403b81203da688a9add9c41291a87f8c8f08cac4244540b9e5f66d1db30a06", + "size": 54587991, + "mediaType": "application/vnd.docker.container.image.rootfs.diff+x-gtar" + }, + { + "name": "sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4", + "size": 32, + "mediaType": "application/vnd.docker.container.image.rootfs.diff+x-gtar" + }, + { + "name": "sha256:68ebdcb67a8ebe7f7d525dbbfd85e989181c965b52441fc6ff1c1b1a41477f9e", + "size": 2785, + "mediaType": "application/vnd.docker.container.image.rootfs.diff+x-gtar" + }, + { + "name": "sha256:b4a7f16092b091deff942a0a5cb5da27b63859d7af5422630f32a47f87f54bbf", + "size": 37298747, + "mediaType": "application/vnd.docker.container.image.rootfs.diff+x-gtar" + }, + { + "name": "sha256:b892f4c6c3b7e139dbe8d7e403c4558f5b424c5cf07a51ff5ab074c6201cd779", + "size": 8871, + "mediaType": "application/vnd.docker.container.image.rootfs.diff+x-gtar" + }, + { + "name": "sha256:0fd273e790a9b2fc17d28ec6255094f5fe63a1576e54c208134c0435f1c1b2cc", + "size": 359, + "mediaType": "application/vnd.docker.container.image.rootfs.diff+x-gtar" + }, + { + "name": "sha256:73786d94d5dedd650ce3193adfa2b92502131e90287731ac6d26db5de1ae5d4d", + "size": 239, + "mediaType": "application/vnd.docker.container.image.rootfs.diff+x-gtar" + }, + { + "name": "sha256:fdcf22601cf27f222030e783f8755e11a1adb0dc949a7e735740e67c02548171", + "size": 565, + "mediaType": "application/vnd.docker.container.image.rootfs.diff+x-gtar" + }, + { + "name": "sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4", + "size": 32, + "mediaType": "application/vnd.docker.container.image.rootfs.diff+x-gtar" + }, + { + "name": "sha256:3f59f43f810c97c60d62f42c8779ad9aadecfb1647feb86630dcc444ab710995", + "size": 7184422, + "mediaType": "application/vnd.docker.container.image.rootfs.diff+x-gtar" + }, + { + "name": "sha256:bd7ad955318a78798da9d8b4c9ad4c683bf38dcd93db7b2f6a1c111e37b563ff", + "size": 546, + "mediaType": "application/vnd.docker.container.image.rootfs.diff+x-gtar" + }, + { + "name": "sha256:79743704eaad90ed9ce3a67fa1185babc3ffc9f015213831b659e67ed11704d5", + "size": 545, + "mediaType": "application/vnd.docker.container.image.rootfs.diff+x-gtar" + } + ], + "dockerImageSignatures": [ + "eyJoZWFkZXIiOnsiandrIjp7ImNydiI6IlAtMjU2Iiwia2lkIjoiM1dXTzpWV1pGOjRUR0I6TzJPQTpSV083OkxINDQ6TkZPUDpZREtBOkFQNVA6STRITDpGUUozOlpSUkgiLCJrdHkiOiJFQyIsIngiOiJJbEV3X1BTSEdOakptZEYyM2FkRXMxem90eXVteER6bE9CaEVrUXVkcDdrIiwieSI6ImpjcHl4dVQ3QzVMM1ZobmU3TDhRdVBjbHdXb0gza2ZBTWRuLWEtanc2aGMifSwiYWxnIjoiRVMyNTYifSwic2lnbmF0dXJlIjoiSlJJanY1RzVZUzZ2V2hUM0tMSVpSaTdxWlRQb2dxRVhEZXd2SlZrNmxnbm5aQjlqbm91ZE04VHVpcmhUd0lRbmdaWkRLU3l6RXJkdEthOXFtQk5wbWciLCJwcm90ZWN0ZWQiOiJleUptYjNKdFlYUk1aVzVuZEdnaU9qTTFNak01TENKbWIzSnRZWFJVWVdsc0lqb2lRMjR3SWl3aWRHbHRaU0k2SWpJd01UY3RNRFV0TWpsVU1qSTZORFk2TVRkYUluMCJ9" + ], + "dockerImageManifestMediaType": "application/vnd.docker.distribution.manifest.v1+json" + } + } \ No newline at end of file diff --git a/group_vars/OSEv3.yml b/group_vars/OSEv3.yml new file mode 100644 index 0000000..3a80c9d --- /dev/null +++ b/group_vars/OSEv3.yml @@ -0,0 +1,54 @@ +--- +debug_level: 2 + +# This is deployed on an OpenStack cloud which defaults eth0 mtu to 1450 +# The node mtu must be 50 less than eth0 +# https://docs.openshift.com/container-platform/3.5/admin_guide/sdn_troubleshooting.html#builds-on-a-virtual-network-are-failing +openshift_node_sdn_mtu: 1400 + +# Version and deployment type +openshift_deployment_type: origin +deployment_subtype: registry +# openshift_release 1.5.1 is only available in -testing and fixes known issues +openshift_repos_enable_testing: true +openshift_release: v1.5.1 + +# Identity: GitHub oauth +# Application name: "OpenShift Docker Registry Console" +# Application home page: "https://registry.rdoproject.org:8443/" +# Application description: "OpenShift Docker Registry Console" +# Application callback URL: "https://registry.rdoproject.org:8443/oauth2callback/github" +openshift_master_identity_providers: + - name: github + login: true + challenge: false + kind: GitHubIdentityProvider + clientID: "{{ lookup('env', 'RDO_GITHUB_CLIENT_ID') |default(None, true) }}" + clientSecret: "{{ lookup('env', 'RDO_GITHUB_CLIENT_SECRET') |default(None, true) }}" + teams: + - rdo-infra/registry-rdoproject-org + +# Endpoint DNS and SSL +openshift_master_cluster_public_hostname: registry.rdoproject.org +openshift_master_default_subdomain: apps.registry.rdoproject.org +openshift_master_overwrite_named_certificates: true +openshift_master_named_certificates: + - certfile: /etc/letsencrypt/live/registry.rdoproject.org/registry.rdoproject.org-fullchain.pem + keyfile: /etc/letsencrypt/live/registry.rdoproject.org/registry.rdoproject.org-privkey.pem + names: + - registry.rdoproject.org + +# Note: using passthrough termination because reencrypt does not work +# https://github.com/openshift/origin/issues/14249 +openshift_hosted_registry_routehost: trunk.registry.rdoproject.org +openshift_hosted_registry_routetermination: passthrough +openshift_hosted_registry_routecertificates: + certfile: "/etc/letsencrypt/live/trunk.registry.rdoproject.org/trunk.registry.rdoproject.org-fullchain.pem" + keyfile: "/etc/letsencrypt/live/trunk.registry.rdoproject.org/trunk.registry.rdoproject.org-privkey.pem" + +openshift_hosted_registry_console_routehost: console.registry.rdoproject.org +openshift_hosted_registry_console_routetermination: reencrypt +openshift_hosted_registry_console_routecertificates: + certfile: "/etc/letsencrypt/live/console.registry.rdoproject.org/console.registry.rdoproject.org-cert.pem" + keyfile: "/etc/letsencrypt/live/console.registry.rdoproject.org/console.registry.rdoproject.org-privkey.pem" + cafile: "/etc/letsencrypt/live/console.registry.rdoproject.org/console.registry.rdoproject.org-chain.pem" diff --git a/host-preparation.yml b/host-preparation.yml new file mode 100644 index 0000000..be0ef6b --- /dev/null +++ b/host-preparation.yml @@ -0,0 +1,22 @@ +--- +# Copyright Red Hat, Inc. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + +- name: Prepare host for an OpenShift Standalone Registry installation + hosts: nodes + become: yes + tasks: + - include_role: + name: host-preparation diff --git a/hosts b/hosts new file mode 100644 index 0000000..9199cb0 --- /dev/null +++ b/hosts @@ -0,0 +1,12 @@ +# Create an OSEv3 group that contains the masters and nodes groups +[OSEv3:children] +masters +nodes + +# host group for masters +[masters] +registry.rdoproject.org + +# host group for nodes, includes region info +[nodes] +registry.rdoproject.org openshift_node_labels="{'region': 'infra', 'zone': 'default'}" openshift_schedulable=true diff --git a/letsencrypt.sh b/letsencrypt.sh new file mode 100644 index 0000000..703e8d0 --- /dev/null +++ b/letsencrypt.sh @@ -0,0 +1,48 @@ +#!/bin/bash +# Copyright Red Hat, Inc. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + +# Note: if generating certificates after OpenShift has been set up +# oc scale --replicas=0 dc router +# +# oc scale --replicas=1 dc router + +yum -y install git + +# Retrieve letsencrypt and run it +git clone https://github.com/letsencrypt/letsencrypt +mkdir -p /tmp/letsencrypt + +for domain in registry.rdoproject.org trunk.registry.rdoproject.org console.registry.rdoproject.org +do +letsencrypt/letsencrypt-auto --renew-by-default \ + -a standalone \ + --webroot-path /tmp/letsencrypt/ \ + --server https://acme-v01.api.letsencrypt.org/directory \ + --email dmsimard@redhat.com \ + --text \ + --non-interactive \ + --agree-tos \ + -d $domain auth + sleep 1 + # openshift-ansible gathers all keys and certs to /etc/origin/master/named_certificates + # Give them unique names so they don't overwrite each other. + pushd /etc/letsencrypt/live/${domain} + ln -s privkey.pem ${domain}-privkey.pem + ln -s cert.pem ${domain}-cert.pem + ln -s chain.pem ${domain}-chain.pem + ln -s fullchain.pem ${domain}-fullchain.pem + popd +done diff --git a/requirements.txt b/requirements.txt new file mode 100644 index 0000000..40d7ab3 --- /dev/null +++ b/requirements.txt @@ -0,0 +1,2 @@ +pbr>=1.6 +ara>=0.5.0 diff --git a/roles/host-preparation/README.rst b/roles/host-preparation/README.rst new file mode 100644 index 0000000..7ccf965 --- /dev/null +++ b/roles/host-preparation/README.rst @@ -0,0 +1,16 @@ +host-preparation +================ + +This is an Ansible version of the necessary pre-requirements documented here: +https://docs.openshift.com/container-platform/3.5/install_config/install/host_preparation.html + +It will: + +- Install the required packages +- Start and enable NetworkManager +- Set up the API, Registry and Console FQDNs to resolve to 127.0.0.1 +- Configure 172.30.0.0/16 as a trusted range for insecure registries +- Configure the docker-network MTU (default: 1400) +- Configure docker-storage-setup to format a block device and remount it as '/var/lib/docker' with the overlay2 storage driver +- Run docker-storage-setup if /var/lib/docker is not yet mounted +- Enable and start Docker diff --git a/roles/host-preparation/defaults/main.yml b/roles/host-preparation/defaults/main.yml new file mode 100644 index 0000000..8a5aa0e --- /dev/null +++ b/roles/host-preparation/defaults/main.yml @@ -0,0 +1,40 @@ +--- +# Copyright Red Hat, Inc. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + +host_preparation_domain: registry.rdoproject.org +host_preparation_registry: trunk.registry.rdoproject.org +host_preparation_console: console.registry.rdoproject.org + +host_preparation_packages: + - centos-release-openshift-origin + - wget + - git + - net-tools + - bind-utils + - iptables-services + - bridge-utils + - bash-completion + - docker + - NetworkManager + - pyOpenSSL + +# OpenStack (TripleO) clouds have a default MTU of 1450, we need to override +# the 1500 default +host_preparation_docker_mtu: 1400 + +# It is expected that the host has an additional cinder volume/disk for the +# storage of containers and images. +# host_preparation_docker_disk: "/dev/vdb" diff --git a/roles/host-preparation/handlers/main.yml b/roles/host-preparation/handlers/main.yml new file mode 100644 index 0000000..b48a3bc --- /dev/null +++ b/roles/host-preparation/handlers/main.yml @@ -0,0 +1,20 @@ +--- +# Copyright Red Hat, Inc. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + +- name: Restart docker + service: + state: "restarted" + name: "docker" diff --git a/roles/host-preparation/tasks/main.yml b/roles/host-preparation/tasks/main.yml new file mode 100644 index 0000000..59e3323 --- /dev/null +++ b/roles/host-preparation/tasks/main.yml @@ -0,0 +1,120 @@ +--- +# Copyright Red Hat, Inc. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + +- name: Intall pre-required packages + package: + name: "{{ host_preparation_packages }}" + state: "present" + +- name: Enable and start NetworkManager + service: + name: "NetworkManager" + state: "started" + enabled: "yes" + +- name: Ensure hostnames properly resolve to localhost + lineinfile: + dest: "/etc/hosts" + line: "127.0.0.1 {{ item }}" + insertafter: EOF + with_items: + - "{{ host_preparation_domain }}" + - "{{ host_preparation_registry }}" + - "{{ host_preparation_console }}" + - "{{ ansible_fqdn }}" + +- name: Configure Docker insecure registry for internal OpenShift subnet + lineinfile: + dest: "/etc/sysconfig/docker" + regexp: "^INSECURE_REGISTRY=" + line: "INSECURE_REGISTRY='--insecure-registry 172.30.0.0/16'" + notify: + - Restart docker + +- name: Configure Docker MTU + lineinfile: + dest: "/etc/sysconfig/docker-network" + regexp: "^DOCKER_NETWORK_OPTIONS=" + line: "DOCKER_NETWORK_OPTIONS='--mtu {{ host_preparation_docker_mtu }}'" + notify: + - Restart docker + +- name: Configure mounts fact + set_fact: + mounts: "{{ ansible_mounts | map(attribute='mount') | join(' ') }}" + +- name: Configure docker-storage-setup with a block device + copy: + content: | + DEVS={{ host_preparation_docker_disk }} + VG=docker-vg + STORAGE_DRIVER=overlay2 + DOCKER_ROOT_VOLUME=yes + DOCKER_ROOT_VOLUME_SIZE=100%FREE + dest: "/etc/sysconfig/docker-storage-setup" + when: + - host_preparation_docker_disk is defined + - "'/var/lib/docker' not in mounts" + +- when: + - host_preparation_docker_disk is not defined + - "'/var/lib/docker' not in mounts" + block: + - name: Warn about using loopback device + debug: + msg: >- + 'host_preparation_docker_disk' was not defined, a temporary loopback + device will be configured for test purposes. This is not recommended + in production. + + - name: Pause for warning + pause: + seconds: 10 + + - name: Create file for loopback device + command: dd if=/dev/zero of=/tmp/loopback bs=1M count=4096 + + - name: Set up loopback device + command: losetup -f /tmp/loopback + + - name: Create docker-vg volume group on the loopback device + lvg: + vg: "docker-vg" + pvs: "/dev/loop0" + + - name: Configure docker-storage-setup with a loopback device + copy: + content: | + VG=docker-vg + STORAGE_DRIVER=overlay2 + DOCKER_ROOT_VOLUME=yes + DOCKER_ROOT_VOLUME_SIZE=100%FREE + dest: "/etc/sysconfig/docker-storage-setup" + +- name: Run docker-storage-setup + command: docker-storage-setup + when: "'/var/lib/docker' not in mounts" + notify: + - Restart docker + +- name: Enable and start Docker + service: + name: "docker" + state: "started" + enabled: "yes" + +- name: Flush handlers + meta: flush_handlers diff --git a/run_tests.sh b/run_tests.sh new file mode 100755 index 0000000..d15f141 --- /dev/null +++ b/run_tests.sh @@ -0,0 +1,37 @@ +#!/bin/bash +set -e + +export RDO_GITHUB_CLIENT_ID=oauth_client_id +export RDO_GITHUB_CLIENT_SECRET=oauth_client_secret + +function cleanup() { + # This is used so that openshift-ansible is not in CWD when initializing + # tox which makes it take forever to bootstrap the virtualenv + rm -rf openshift-ansible +} + +# This runs on localhost but uses registry.rdoproject.org resources +for host in registry.rdoproject.org console.registry.rdoproject.org trunk.registry.rdoproject.org +do + if ! grep -q "127.0.0.1 ${host}" /etc/hosts; then + echo "127.0.0.1 ${host}" | sudo tee -a /etc/hosts + fi +done + +# We'll be connecting on localhost over ssh, setup keypair authentication +if [ ! -f ~/.ssh/id_rsa.pub ]; then + ssh-keygen -f ~/.ssh/id_rsa -t rsa -N '' +fi +if ! grep -q "$(cat ~/.ssh/id_rsa.pub)" ~/.ssh/authorized_keys; then + cat ~/.ssh/id_rsa.pub >>~/.ssh/authorized_keys +fi +ssh-keyscan -H registry.rdoproject.org >>~/.ssh/known_hosts + +cleanup +tox -e ansible-playbook -- -b -i hosts host-preparation.yml -e "ansible_ssh_user=${USER}" +cleanup +tox -e ansible-playbook -- -b -i hosts openshift-ansible/playbooks/byo/config.yml -e "ansible_ssh_user=${USER}" + +sudo oc get pods +sudo oc get routes +sudo oc get svc diff --git a/setup.cfg b/setup.cfg new file mode 100644 index 0000000..2d3bf6b --- /dev/null +++ b/setup.cfg @@ -0,0 +1,44 @@ +[metadata] +name = rdo-container-registry +summary = rdo-container-registry +description-file = + README.rst +author = David Moreau Simard +author-email = dms@redhat.com +home-page = https://github.com/rdo-infra/rdo-container-registry +classifier = + License :: OSI Approved :: Apache Software License + Development Status :: 4 - Beta + Intended Audience :: Developers + Intended Audience :: System Administrators + Intended Audience :: Information Technology + Topic :: Utilities + +[global] +setup-hooks = + pbr.hooks.setup_hook + +[files] +data_files = + usr/local/share/rdo-container-registry = + hosts + host-preparation.yml + letsencrypt.sh + usr/local/share/rdo-container-registry/roles = roles/* + usr/local/share/rdo-container-registry/group_vars = group_vars/* + usr/local/share/rdo-container-registry/doc = doc/source/* + +[build_sphinx] +source-dir = docs +build-dir = docs/build +all_files = 1 + +[upload_sphinx] +upload-dir = docs/html + +[wheel] +universal = 1 + +[pbr] +skip_authors = True +skip_changelog = True diff --git a/setup.py b/setup.py new file mode 100644 index 0000000..6a931a6 --- /dev/null +++ b/setup.py @@ -0,0 +1,19 @@ +# Copyright Red Hat, Inc. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +import setuptools + +setuptools.setup( + setup_requires=['pbr'], + pbr=True) diff --git a/test-requirements.txt b/test-requirements.txt new file mode 100644 index 0000000..ffc481d --- /dev/null +++ b/test-requirements.txt @@ -0,0 +1,3 @@ +sphinx<1.6.0 +sphinx-rtd-theme +ansible-lint diff --git a/tox.ini b/tox.ini new file mode 100644 index 0000000..8662374 --- /dev/null +++ b/tox.ini @@ -0,0 +1,42 @@ +[tox] +minversion = 1.6 +envlist = py27 +skipdist = True + +[testenv] +usedevelop = True +install_command = pip install -U {opts} {packages} +setenv = VIRTUAL_ENV={envdir} +deps = -r{toxinidir}/test-requirements.txt + +[testenv:docs] +commands = sphinx-build -W -b html doc/source doc/build/html + +[testenv:ansible-lint] +commands = + bash -c "find roles/ -type f -regex '.*.y[a]?ml' -print | xargs -L1 ansible-lint" +setenv = + ANSIBLE_CONFIG = {toxinidir}/openshift-ansible/ansible.cfg + PYTHONUNBUFFERED = 1 +whitelist_externals = bash + +[testenv:ansible-playbook] +commands = + rm -rf {toxinidir}/openshift-ansible + bash -c "git clone https://github.com/dmsimard/openshift-ansible; pushd openshift-ansible; git checkout rdo; popd" + pip install -r {toxinidir}/openshift-ansible/requirements.txt + ansible-playbook {posargs} + rm -rf {toxinidir}/openshift-ansible +passenv = + HOME + SSH_AUTH_SOCK + USER + RDO_GITHUB_CLIENT_ID + RDO_GITHUB_CLIENT_SECRET +setenv = + ANSIBLE_CONFIG = {toxinidir}/openshift-ansible/ansible.cfg + ANSIBLE_CALLBACK_PLUGINS={toxinidir}/.tox/ansible-playbook/lib/python2.7/site-packages/ara/plugins/callbacks + PYTHONUNBUFFERED = 1 +whitelist_externals = + bash + rm