Home Explore Help
Register Sign In
shixiong
/
okd
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Merge pull request #590 from dak1n1/s3

Added S3 docker-registry config script
Stefanie Forrester 9 years ago
parent
fd02484159 9deff4bd69
commit
34465b6edd
2 changed files with 70 additions and 0 deletions
Split View Show Diff Stats
  1. 20 0
      playbooks/adhoc/s3_registry/s3_registry.j2
  2. 50 0
      playbooks/adhoc/s3_registry/s3_registry.yml

+ 20 - 0
playbooks/adhoc/s3_registry/s3_registry.j2
View File 

@@ -0,0 +1,20 @@
 
+version: 0.1
 
+log:
 
+  level: debug
 
+http:
 
+  addr: :5000
 
+storage:
 
+  cache:
 
+    layerinfo: inmemory
 
+  s3:
 
+    accesskey: {{ accesskey }}
 
+    secretkey: {{ secretkey }}
 
+    region: us-east-1
 
+    bucket: {{ clusterid }}-docker
 
+    encrypt: true
 
+    secure: true
 
+    v4auth: true
 
+    rootdirectory: /registry
 
+middleware:
 
+  repository:
 
+    - name: openshift

+ 50 - 0
playbooks/adhoc/s3_registry/s3_registry.yml
View File 

@@ -0,0 +1,50 @@
 
+---
 
+# This playbook creates an S3 bucket named after your cluster and configures the docker-registry service to use the bucket as its backend storage.
 
+# Usage:
 
+#  ansible-playbook s3_registry.yml -e accesskey="S3 aws access key" -e secretkey="S3 aws secret key" -e clusterid="mycluster"
 
+#
 
+# The AWS access/secret keys should be the keys of a separate user (not your main user), containing only the necessary S3 access role.
 
+# The 'clusterid' is the short name of your cluster.
 
+
 
+- hosts: security_group_{{ clusterid }}_master
 
+  remote_user: root
 
+  gather_facts: False
 
+
 
+  tasks:
 
+
 
+  - name: Create S3 bucket
 
+    local_action:
 
+      module: s3 bucket="{{ clusterid }}-docker" mode=create aws_access_key={{ accesskey|quote }} aws_secret_key={{ secretkey|quote }}
 
+
 
+  - name: Generate docker registry config
 
+    template: src="s3_registry.j2" dest="/root/config.yml" owner=root mode=0600
 
+
 
+  - name: Determine if new secrets are needed
 
+    command: oc get secrets
 
+    register: secrets
 
+
 
+  - name: Create registry secrets
 
+    command: oc secrets new dockerregistry /root/config.yml
 
+    when: "'dockerregistry' not in secrets.stdout"
 
+
 
+  - name: Determine if service account contains secrets
 
+    command: oc describe serviceaccount/registry
 
+    register: serviceaccount
 
+
 
+  - name: Add secrets to registry service account
 
+    command: oc secrets add serviceaccount/registry secrets/dockerregistry
 
+    when: "'dockerregistry' not in serviceaccount.stdout"
 
+
 
+  - name: Determine if deployment config contains secrets
 
+    command: oc volume dc/docker-registry --list
 
+    register: dc
 
+
 
+  - name: Add secrets to registry deployment config
 
+    command: oc volume dc/docker-registry --add --name=dockersecrets -m /etc/registryconfig --type=secret --secret-name=dockerregistry
 
+    when: "'dockersecrets' not in dc.stdout"
 
+
 
+  - name: Scale up registry
 
+    command: oc scale --replicas=1 dc/docker-registry
 
+
 
+  - name: Delete temporary config file
 
+    file: path=/root/config.yml state=absent