mirror of
https://github.com/ansible-collections/community.docker.git
synced 2025-12-16 11:58:43 +00:00
e198e4ab43
* Move copying functionality to module_utils. * Add docker_container_copy_into module. * Use new module in other tests. * Fix copyright and attributes. * Improve idempotency, improve stat code. * Document and test when a stopped container works. * Improve owner/group detection error handling when container is stopped. * Fix formulation. Co-authored-by: Brian Scholer <1260690+briantist@users.noreply.github.com> * Improve file comparison. * Avoid reading whole file at once. * Stream when fetching files from daemon. * Fix comment. * Use read() instead of read1(). * Stream files when copying into container. * Linting. * Add force parameter. * Simplify library code. * Linting. * Add content and content_is_b64 options. * Make force=false work as for copy module: only copy if the destination does not exist. * Improve docs. * content should be no_log. * Implement diff mode. * Improve error handling. * Lint and improve. * Set owner/group ID to avoid ID lookup (which fails in paused containers). * Apply suggestions from code review Co-authored-by: Brian Scholer <1260690+briantist@users.noreply.github.com> Co-authored-by: Brian Scholer <1260690+briantist@users.noreply.github.com>
121 lines
4.0 KiB
YAML
121 lines
4.0 KiB
YAML
---
|
|
# Copyright (c) Ansible Project
|
|
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
|
|
# SPDX-License-Identifier: GPL-3.0-or-later
|
|
|
|
# Set up first nginx frontend for registry
|
|
- name: Start nginx frontend for registry
|
|
docker_volume:
|
|
name: '{{ docker_registry_container_name_frontend }}'
|
|
state: present
|
|
|
|
- name: Create container for nginx frontend for registry
|
|
docker_container:
|
|
state: stopped
|
|
name: '{{ docker_registry_container_name_frontend }}'
|
|
image: "{{ docker_test_image_registry_nginx }}"
|
|
ports: 5000
|
|
# `links` does not work when using a network. That's why the docker_container task
|
|
# in setup.yml specifies `aliases` so we get the same effect.
|
|
links:
|
|
- '{{ docker_registry_container_name_registry }}:real-registry'
|
|
volumes:
|
|
- '{{ docker_registry_container_name_frontend }}:/etc/nginx/'
|
|
network_mode: '{{ current_container_network_ip | default(omit, true) }}'
|
|
networks: >-
|
|
{{
|
|
[dict([['name', current_container_network_ip]])]
|
|
if current_container_network_ip not in ['', 'bridge'] else omit
|
|
}}
|
|
register: nginx_container
|
|
|
|
- name: Copy config files
|
|
copy:
|
|
src: "{{ item }}"
|
|
dest: "{{ remote_tmp_dir }}/{{ item }}"
|
|
mode: "0644"
|
|
loop:
|
|
- nginx.conf
|
|
- nginx.htpasswd
|
|
|
|
- name: Copy static files into volume
|
|
docker_container_copy_into:
|
|
container: '{{ docker_registry_container_name_frontend }}'
|
|
path: '{{ remote_tmp_dir }}/{{ item }}'
|
|
container_path: '/etc/nginx/{{ item }}'
|
|
owner_id: 0
|
|
group_id: 0
|
|
loop:
|
|
- nginx.conf
|
|
- nginx.htpasswd
|
|
register: can_copy_files
|
|
ignore_errors: yes
|
|
|
|
- when: can_copy_files is not failed
|
|
block:
|
|
|
|
- name: Create private key for frontend certificate
|
|
community.crypto.openssl_privatekey:
|
|
path: '{{ remote_tmp_dir }}/cert.key'
|
|
type: ECC
|
|
curve: secp256r1
|
|
force: yes
|
|
|
|
- name: Create CSR for frontend certificate
|
|
community.crypto.openssl_csr:
|
|
path: '{{ remote_tmp_dir }}/cert.csr'
|
|
privatekey_path: '{{ remote_tmp_dir }}/cert.key'
|
|
subject_alt_name:
|
|
- DNS:test-registry.ansible.com
|
|
|
|
- name: Create frontend certificate
|
|
community.crypto.x509_certificate:
|
|
path: '{{ remote_tmp_dir }}/cert.pem'
|
|
csr_path: '{{ remote_tmp_dir }}/cert.csr'
|
|
privatekey_path: '{{ remote_tmp_dir }}/cert.key'
|
|
provider: selfsigned
|
|
|
|
- name: Copy dynamic files into volume
|
|
docker_container_copy_into:
|
|
container: '{{ docker_registry_container_name_frontend }}'
|
|
path: '{{ remote_tmp_dir }}/{{ item }}'
|
|
container_path: '/etc/nginx/{{ item }}'
|
|
owner_id: 0
|
|
group_id: 0
|
|
loop:
|
|
- cert.pem
|
|
- cert.key
|
|
|
|
- name: Start nginx frontend for registry
|
|
docker_container:
|
|
name: '{{ docker_registry_container_name_frontend }}'
|
|
state: started
|
|
register: nginx_container
|
|
|
|
- name: Output nginx container network settings
|
|
debug:
|
|
var: nginx_container.container.NetworkSettings
|
|
|
|
- name: Get registry URL
|
|
set_fact:
|
|
# Note that this host/port combination is used by the Docker daemon, that's why `localhost` is appropriate!
|
|
# This host/port combination cannot be used if the tests are running inside a docker container.
|
|
docker_registry_frontend_address: localhost:{{ nginx_container.container.NetworkSettings.Ports['5000/tcp'].0.HostPort }}
|
|
# The following host/port combination can be used from inside the docker container.
|
|
docker_registry_frontend_address_internal: "{{ nginx_container.container.NetworkSettings.Networks[current_container_network_ip].IPAddress if current_container_network_ip else nginx_container.container.NetworkSettings.IPAddress }}:5000"
|
|
|
|
- name: Wait for registry frontend
|
|
uri:
|
|
url: https://{{ docker_registry_frontend_address_internal }}/v2/
|
|
url_username: testuser
|
|
url_password: hunter2
|
|
validate_certs: false
|
|
register: result
|
|
until: result is success
|
|
retries: 5
|
|
delay: 1
|
|
|
|
- set_fact:
|
|
docker_registry_frontend_address: 'n/a'
|
|
when: can_copy_files is failed
|