Initial commit

This commit is contained in:
Ansible Core Team 2020-03-09 09:11:07 +00:00
commit aebc1b03fd
4861 changed files with 812621 additions and 0 deletions

View file

@ -0,0 +1,2 @@
needs/target/setup_docker
needs/target/setup_openssl

View file

@ -0,0 +1,46 @@
events {
worker_connections 16;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
error_log /dev/stdout info;
access_log /dev/stdout;
server {
listen *:5000 ssl;
server_name test-registry.ansible.com;
server_name_in_redirect on;
ssl_protocols TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256';
ssl_ecdh_curve X25519:secp521r1:secp384r1;
ssl_prefer_server_ciphers on;
ssl_certificate /etc/nginx/cert.pem;
ssl_certificate_key /etc/nginx/cert.key;
location / {
return 401;
}
location /v2/ {
proxy_pass http://real-registry:5000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Request-Start $msec;
client_max_body_size 0;
chunked_transfer_encoding on;
auth_basic "Ansible Test Docker Registry";
auth_basic_user_file /etc/nginx/nginx.htpasswd;
}
}
}

View file

@ -0,0 +1 @@
testuser:{PLAIN}hunter2

View file

@ -0,0 +1,31 @@
- name: "Make sure all images are removed"
docker_image:
name: "{{ item }}"
state: absent
with_items: "{{ inames }}"
- name: "Get registry logs"
command: "docker logs {{ registry_name }}"
register: registry_logs
no_log: yes
- name: "Printing registry logs"
debug: var=registry_logs.stdout_lines
- name: "Get nginx logs"
command: "docker logs {{ nginx_name }}"
register: nginx_logs
no_log: yes
- name: "Printing nginx logs"
debug: var=nginx_logs.stdout_lines
- name: "Make sure all containers are removed"
docker_container:
name: "{{ item }}"
state: absent
force_kill: yes
with_items: "{{ cnames }}"
register: result
retries: 3
delay: 3
until: result is success
- name: "Make sure all volumes are removed"
command: "docker rm -f {{ item }}"
with_items: "{{ vnames }}"
ignore_errors: yes

View file

@ -0,0 +1,2 @@
- name: Remove test registry
include_tasks: ../handlers/cleanup.yml

View file

@ -0,0 +1,3 @@
- when: ansible_facts.distribution ~ ansible_facts.distribution_major_version not in ['CentOS6', 'RedHat6']
include_tasks:
file: setup.yml

View file

@ -0,0 +1,99 @@
- name: Setup OpenSSL
include_role:
name: setup_openssl
- name: Register registry cleanup
command: 'true'
notify: Remove test registry
- name: Setup Docker
include_role:
name: setup_docker
- name: Create random name prefix and test registry name
set_fact:
name_prefix: '{{ ''ansible-test-%0x'' % ((2**32) | random) }}'
registry_name: '{{ ''ansible-test-registry-%0x'' % ((2**32) | random) }}'
nginx_name: '{{ ''ansible-test-registry-frontend-%0x'' % ((2**32) | random) }}'
- name: Create image and container list
set_fact:
inames: []
cnames:
- '{{ registry_name }}'
- '{{ nginx_name }}'
vnames:
- '{{ nginx_name }}'
- debug:
msg: Using name prefix {{ name_prefix }} and test registry name {{ registry_name }}
- block:
- name: Start test registry
docker_container:
name: '{{ registry_name }}'
image: registry:2.6.1
ports: 5000
register: registry_container
- name: Get registry URL
set_fact:
registry_address: localhost:{{ registry_container.container.NetworkSettings.Ports['5000/tcp'].0.HostPort }}
- name: Start nginx frontend for registry
docker_volume:
name: '{{ nginx_name }}'
state: present
- name: Create container for nginx frontend for registry
docker_container:
state: stopped
name: '{{ nginx_name }}'
image: nginx:alpine
ports: 5000
links:
- '{{ registry_name }}:real-registry'
volumes:
- '{{ nginx_name }}:/etc/nginx/'
register: nginx_container
- name: Copy static files into volume
command: docker cp {{ role_path }}/files/{{ item }} {{ nginx_name }}:/etc/nginx/{{ item }}
loop:
- nginx.conf
- nginx.htpasswd
- name: Create private key for frontend certificate
community.crypto.openssl_privatekey:
path: '{{ output_dir }}/cert.key'
type: ECC
curve: secp256r1
- name: Create CSR for frontend certificate
community.crypto.openssl_csr:
path: '{{ output_dir }}/cert.csr'
privatekey_path: '{{ output_dir }}/cert.key'
subject_alt_name:
- DNS:test-registry.ansible.com
- name: Create frontend certificate
community.crypto.openssl_certificate:
path: '{{ output_dir }}/cert.pem'
csr_path: '{{ output_dir }}/cert.csr'
privatekey_path: '{{ output_dir }}/cert.key'
provider: selfsigned
- name: Copy dynamic files into volume
command: docker cp {{ output_dir }}/{{ item }} {{ nginx_name }}:/etc/nginx/{{ item }}
loop:
- cert.pem
- cert.key
- name: Start nginx frontend for registry
docker_container:
name: '{{ nginx_name }}'
state: started
register: nginx_container
- debug: var=nginx_container.container.NetworkSettings
- name: Wait for registry frontend
uri:
url: https://{{ nginx_container.container.NetworkSettings.IPAddress }}:5000/v2/
url_username: testuser
url_password: hunter2
validate_certs: false
register: result
until: result is success
retries: 5
delay: 1
- name: Get registry URL
set_fact:
registry_frontend_address: localhost:{{ nginx_container.container.NetworkSettings.Ports['5000/tcp'].0.HostPort }}
- debug: msg="Registry available under {{ registry_address }}, NGINX frontend available under {{ registry_frontend_address }}"
when: docker_py_version is version('1.8.0', '>=') and docker_api_version is version('1.20', '>=')
- fail: msg="Too old docker / docker-py version to run docker_image tests!"
when: not(docker_py_version is version('1.8.0', '>=') and docker_api_version is version('1.20', '>=')) and (ansible_distribution != 'CentOS' or ansible_distribution_major_version|int > 6)