add new role docker/registry (WIP)

4 files changed, 84 insertions, 0 deletions

diff --git a/roles/docker/registry/defaults/main.yml b/roles/docker/registry/defaults/main.yml
new file mode 100644
index 00000000..f561aedd
--- /dev/null
+++ b/roles/docker/registry/defaults/main.yml
@@ -0,0 +1,13 @@
+---
+# docker_registry_storage:
+#   type: ...
+
+docker_registry_http_listen: ":5000"
+# docker_registry_http_listen_debug: "127.0.0.1:5001"
+
+# docker_registry_http_secret: ...
+
+# docker_registry_http_hostnames:
+#   - docker.example.com
+# docker_registry_http_tls:
+#   certificate_provider: ...
diff --git a/roles/docker/registry/handlers/main.yml b/roles/docker/registry/handlers/main.yml
new file mode 100644
index 00000000..1924e02f
--- /dev/null
+++ b/roles/docker/registry/handlers/main.yml
@@ -0,0 +1,5 @@
+---
+- name: restart docker-registry
+  service:
+    name: docker-registry
+    state: restarted
diff --git a/roles/docker/registry/tasks/main.yml b/roles/docker/registry/tasks/main.yml
new file mode 100644
index 00000000..70f0196c
--- /dev/null
+++ b/roles/docker/registry/tasks/main.yml
@@ -0,0 +1,31 @@
+---
+- name: prepare storage volume for /var/lib/docker-registry
+  when: docker_registry_storage is defined
+  vars:
+    storage_volume: "{{ docker_registry_storage | combine({'dest': '/var/lib/docker-registry'}) }}"
+  include_role:
+    name: "storage/{{ docker_registry_storage.type }}/volume"
+
+- name: install registry package
+  apt:
+    name: docker-registry
+    state: present
+
+- name: set up tls config
+  when: docker_registry_http_tls is defined
+  vars:
+    x509_certificate_name: "docker-registry"
+    x509_certificate_hostnames: "{{ docker_registry_http_hostnames }}"
+    x509_certificate_config: "{{ docker_registry_http_tls.certificate_config }}"
+    x509_certificate_reload_services:
+    - docker-registry
+  include_role:
+    name: "x509/{{ docker_registry_http_tls.certificate_provider }}/cert"
+
+- name: install config
+  template:
+    src: config.yml.j2
+    dest: /etc/docker/registry/config.yml
+    mode: 0640
+    group: docker-registry
+  notify: restart docker-registry
diff --git a/roles/docker/registry/templates/config.yml.j2 b/roles/docker/registry/templates/config.yml.j2
new file mode 100644
index 00000000..ac5bbae1
--- /dev/null
+++ b/roles/docker/registry/templates/config.yml.j2
@@ -0,0 +1,35 @@
+version: 0.1
+log:
+  accesslog:
+    disabled: true
+storage:
+  filesystem:
+    rootdirectory: /var/lib/docker-registry
+  cache:
+    blobdescriptor: inmemory
+  delete:
+    enabled: true
+http:
+  addr: "{{ docker_registry_http_listen }}"
+{% if docker_registry_http_secret is defined %}
+  secret: "{{ docker_registry_http_secret }}"
+{% endif %}
+  headers:
+    X-Content-Type-Options: [nosniff]
+{% if docker_registry_http_tls is defined %}
+  tls:
+    certificate: "{{ x509_certificate_path_fullchain }}"
+    key: "{{ x509_certificate_path_key }}"
+{% endif %}
+{% if docker_registry_http_listen_debug is defined %}
+  debug:
+    addr: "{{ docker_registry_http_listen_debug }}"
+    prometheus:
+      enabled: true
+      path: /metrics
+{% endif %}
+health:
+  storagedriver:
+    enabled: true
+    interval: 10s
+    threshold: 3