From 6c6635df9d2fb57b1e70bfc63b7301b7e7c28d72 Mon Sep 17 00:00:00 2001 From: Stefanie Forrester Date: Thu, 17 Sep 2015 15:01:51 -0700 Subject: Added S3 docker-registry config script --- playbooks/adhoc/s3_registry/s3_registry.j2 | 20 +++++++++++ playbooks/adhoc/s3_registry/s3_registry.yml | 55 +++++++++++++++++++++++++++++ 2 files changed, 75 insertions(+) create mode 100644 playbooks/adhoc/s3_registry/s3_registry.j2 create mode 100644 playbooks/adhoc/s3_registry/s3_registry.yml (limited to 'playbooks') diff --git a/playbooks/adhoc/s3_registry/s3_registry.j2 b/playbooks/adhoc/s3_registry/s3_registry.j2 new file mode 100644 index 000000000..eb8660f6c --- /dev/null +++ b/playbooks/adhoc/s3_registry/s3_registry.j2 @@ -0,0 +1,20 @@ +version: 0.1 +log: + level: debug +http: + addr: :5000 +storage: + cache: + layerinfo: inmemory + s3: + accesskey: {{ accesskey }} + secretkey: {{ secretkey }} + region: us-east-1 + bucket: {{ bucketname }} + encrypt: true + secure: true + v4auth: true + rootdirectory: /registry +middleware: + repository: + - name: openshift diff --git a/playbooks/adhoc/s3_registry/s3_registry.yml b/playbooks/adhoc/s3_registry/s3_registry.yml new file mode 100644 index 000000000..61280df0b --- /dev/null +++ b/playbooks/adhoc/s3_registry/s3_registry.yml @@ -0,0 +1,55 @@ +--- +# This playbook creates an S3 bucket, if it doesn't already exist, and configures the docker registry service to use the bucket as its backend storage. +# Usage: +# ansible-playbook s3_registry.yml -e bucketname="mybucket" -e accesskey="S3 aws access key" -e secretkey="S3 aws secret key" -e master="master fqdn or IP" -i "master," +# +# Example: +# ansible-playbook s3_registry.yml -e accesskey="asdf" -e secretkey="hjkl" -e bucketname="testbucket" -e master="54.173.148.238" -i "54.173.148.238," +# +# The bucket name can be anything, but generally should correspond with your cluster name. +# The AWS access/secret keys should be the keys of a separate user (not your main user), containing only the necessary S3 access role. +# The 'master' param is the fqdn or public IP of your cluster's master. +# The -i param allows this playbook to be run on your master, even if it's not yet in your main inventory file. (The comma is mandatory). + +- hosts: "{{ master }}" + remote_user: root + gather_facts: False + + tasks: + + - name: Create S3 bucket + local_action: + module: s3 bucket={{ bucketname|quote }} mode=create aws_access_key={{ accesskey|quote }} aws_secret_key={{ secretkey|quote }} + + - name: Generate docker registry config + template: src="s3_registry.j2" dest="/root/config.yml" owner=root mode=0600 + + - name: Determine if new secrets are needed + command: oc get secrets + register: secrets + + - name: Create registry secrets + command: oc secrets new dockerregistry /root/config.yml + when: "'dockerregistry' not in secrets.stdout" + + - name: Determine if service account contains secrets + command: oc describe serviceaccount/registry + register: serviceaccount + + - name: Add secrets to registry service account + command: oc secrets add serviceaccount/registry secrets/dockerregistry + when: "'dockerregistry' not in serviceaccount.stdout" + + - name: Determine if deployment config contains secrets + command: oc volume dc/docker-registry --list + register: dc + + - name: Add secrets to registry deployment config + command: oc volume dc/docker-registry --add --name=dockersecrets -m /etc/registryconfig --type=secret --secret-name=dockerregistry + when: "'dockersecrets' not in dc.stdout" + + - name: Scale up registry + command: oc scale --replicas=1 dc/docker-registry + + - name: Delete temporary config file + file: path=/root/config.yml state=absent -- cgit v1.2.3