mirror of
https://github.com/ansible-collections/community.docker.git
synced 2025-12-15 19:42:06 +00:00
d207643e0c
* Fix IP address retrieval for registry setup. * Adjust push detection to Docker 29. * Idempotency for export no longer works. * Disable pull idempotency checks that play with architecture. * Add more known image IDs. * Adjust load tests. * Adjust error message check. * Allow for more digests. * Make sure a new enough cryptography version is installed.
131 lines
4.6 KiB
YAML
131 lines
4.6 KiB
YAML
---
|
|
# Copyright (c) Ansible Project
|
|
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
|
|
# SPDX-License-Identifier: GPL-3.0-or-later
|
|
|
|
# Set up first nginx frontend for registry
|
|
- name: Start nginx frontend for registry
|
|
community.docker.docker_volume:
|
|
name: '{{ docker_registry_container_name_frontend }}'
|
|
state: present
|
|
|
|
- name: Create container for nginx frontend for registry
|
|
community.docker.docker_container:
|
|
state: stopped
|
|
name: '{{ docker_registry_container_name_frontend }}'
|
|
image: "{{ docker_test_image_registry_nginx }}"
|
|
ports: 5000
|
|
# `links` does not work when using a network. That's why the docker_container task
|
|
# in setup.yml specifies `aliases` so we get the same effect.
|
|
links:
|
|
- '{{ docker_registry_container_name_registry }}:real-registry'
|
|
volumes:
|
|
- '{{ docker_registry_container_name_frontend }}:/etc/nginx/'
|
|
network_mode: '{{ current_container_network_ip | default(omit, true) }}'
|
|
networks: >-
|
|
{{
|
|
[dict([['name', current_container_network_ip]])]
|
|
if current_container_network_ip not in ['', 'bridge'] else omit
|
|
}}
|
|
register: nginx_container
|
|
|
|
- name: Copy config files
|
|
ansible.builtin.copy:
|
|
src: "{{ item }}"
|
|
dest: "{{ remote_tmp_dir }}/{{ item }}"
|
|
mode: "0644"
|
|
loop:
|
|
- nginx.conf
|
|
- nginx.htpasswd
|
|
|
|
- name: Copy static files into volume
|
|
community.docker.docker_container_copy_into:
|
|
container: '{{ docker_registry_container_name_frontend }}'
|
|
path: '{{ remote_tmp_dir }}/{{ item }}'
|
|
container_path: '/etc/nginx/{{ item }}'
|
|
owner_id: 0
|
|
group_id: 0
|
|
loop:
|
|
- nginx.conf
|
|
- nginx.htpasswd
|
|
register: can_copy_files
|
|
ignore_errors: true
|
|
|
|
- when: can_copy_files is not failed
|
|
block:
|
|
|
|
- name: Create private key for frontend certificate
|
|
community.crypto.openssl_privatekey:
|
|
path: '{{ remote_tmp_dir }}/cert.key'
|
|
type: ECC
|
|
curve: secp256r1
|
|
force: true
|
|
|
|
- name: Create CSR for frontend certificate
|
|
community.crypto.openssl_csr:
|
|
path: '{{ remote_tmp_dir }}/cert.csr'
|
|
privatekey_path: '{{ remote_tmp_dir }}/cert.key'
|
|
subject_alt_name:
|
|
- DNS:test-registry.ansible.com
|
|
|
|
- name: Create frontend certificate
|
|
community.crypto.x509_certificate:
|
|
path: '{{ remote_tmp_dir }}/cert.pem'
|
|
csr_path: '{{ remote_tmp_dir }}/cert.csr'
|
|
privatekey_path: '{{ remote_tmp_dir }}/cert.key'
|
|
provider: selfsigned
|
|
|
|
- name: Copy dynamic files into volume
|
|
community.docker.docker_container_copy_into:
|
|
container: '{{ docker_registry_container_name_frontend }}'
|
|
path: '{{ remote_tmp_dir }}/{{ item }}'
|
|
container_path: '/etc/nginx/{{ item }}'
|
|
owner_id: 0
|
|
group_id: 0
|
|
loop:
|
|
- cert.pem
|
|
- cert.key
|
|
|
|
- name: Start nginx frontend for registry
|
|
community.docker.docker_container:
|
|
name: '{{ docker_registry_container_name_frontend }}'
|
|
state: started
|
|
register: nginx_container
|
|
|
|
- name: Output nginx container network settings
|
|
ansible.builtin.debug:
|
|
var: nginx_container.container.NetworkSettings
|
|
|
|
- name: Get registry URL
|
|
ansible.builtin.set_fact:
|
|
# Note that this host/port combination is used by the Docker daemon, that's why `localhost` is appropriate!
|
|
# This host/port combination cannot be used if the tests are running inside a docker container.
|
|
docker_registry_frontend_address: localhost:{{ nginx_container.container.NetworkSettings.Ports['5000/tcp'].0.HostPort }}
|
|
# The following host/port combination can be used from inside the docker container.
|
|
docker_registry_frontend_address_internal: >-
|
|
{{
|
|
nginx_container.container.NetworkSettings.Networks[current_container_network_ip].IPAddress
|
|
if current_container_network_ip else
|
|
(
|
|
nginx_container.container.NetworkSettings.IPAddress
|
|
| default(nginx_container.container.NetworkSettings.Networks['bridge'].IPAddress)
|
|
)
|
|
}}:5000
|
|
# Since Docker 29, nginx_container.container.NetworkSettings.IPAddress no longer exists.
|
|
# Use the bridge network's IP address instead...
|
|
|
|
- name: Wait for registry frontend
|
|
ansible.builtin.uri:
|
|
url: https://{{ docker_registry_frontend_address_internal }}/v2/
|
|
url_username: testuser
|
|
url_password: hunter2
|
|
validate_certs: false
|
|
register: result
|
|
until: result is success
|
|
retries: 5
|
|
delay: 1
|
|
|
|
- ansible.builtin.set_fact:
|
|
docker_registry_frontend_address: 'n/a'
|
|
when: can_copy_files is failed
|