diff options
| author | Adam Miller <admiller@redhat.com> | 2017-04-10 20:47:41 +0000 |
|---|---|---|
| committer | Adam Miller <admiller@redhat.com> | 2017-04-10 20:52:32 +0000 |
| commit | 6939f62b4c3260acfa42a5c312c2e3d5310cdfab (patch) | |
| tree | 92a273309f857d348dcf83ed57f9e4dbadc44efc | |
| parent | 7218efb9233a2d9d59938b7413cfaef2d5fb34e8 (diff) | |
| download | ansible-6939f62b4c3260acfa42a5c312c2e3d5310cdfab.tar.gz ansible-6939f62b4c3260acfa42a5c312c2e3d5310cdfab.tar.xz ansible-6939f62b4c3260acfa42a5c312c2e3d5310cdfab.zip | |
add manage-container-images role, use w/ osbs-cluser
Currently the push-docker role requires a docker daemon to be
running on a machine somewhere which we don't want because it's
privileged, error prone, and only manages docker registry content.
This role instead uses skopeo[0], which is not privileged and
understands how to manage many types of OCI[1] compliant container
images.
[0] - https://github.com/projectatomic/skopeo
[1] - https://www.opencontainers.org/
Signed-off-by: Adam Miller <admiller@redhat.com>
| -rw-r--r-- | playbooks/groups/osbs-cluster.yml | 7 | ||||
| -rw-r--r-- | roles/manage-container-images/tasks/main.yml | 28 |
2 files changed, 35 insertions, 0 deletions
diff --git a/playbooks/groups/osbs-cluster.yml b/playbooks/groups/osbs-cluster.yml index 2f6ee5fda..c667d07c3 100644 --- a/playbooks/groups/osbs-cluster.yml +++ b/playbooks/groups/osbs-cluster.yml @@ -251,6 +251,13 @@ when: env == "staging" } - { + role: "manage-container-images", + cert_dest_dir: "/etc/docker/certs.d/candidate-registry.stg.fedoraproject.org", + cert_src: "{{private}}/files/docker-registry/{{env}}/docker-registry-internal.pem", + key_src: "{{private}}/files/docker-registry/{{env}}/docker-registry-internal.key", + when: env == "staging" + } + - { role: push-docker, docker_cert_name: "containerbuild", docker_cert_dir: "/etc/docker/certs.d/candidate-registry.fedoraproject.org", diff --git a/roles/manage-container-images/tasks/main.yml b/roles/manage-container-images/tasks/main.yml new file mode 100644 index 000000000..0dca94827 --- /dev/null +++ b/roles/manage-container-images/tasks/main.yml @@ -0,0 +1,28 @@ +--- +# tasks file for push-docker +# +- name: install necessary packages + package: + name: "{{item}}" + state: present + with_items: + - skopeo + +- name: ensure cert dir exists + file: + path: "{{container_dest_dir}}" + state: directory + +- name: install docker client cert for registry + copy: + src: "{{cert_src}}" + dest: "{{container_dest_dir}}/client.cert" + owner: root + mode: 0600 + +- name: install docker client key for registry + copy: + src: "{{key_src}}" + dest: "{{container_dest_dir}}/client.key" + owner: root + mode: 0600 |