From 5a8d9370af750c25ac55a7ced51e24f29bb9facc Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Tue, 24 Oct 2023 23:31:26 +0200 Subject: add new role docker/registry (WIP) --- roles/docker/registry/defaults/main.yml | 13 ++++++++++ roles/docker/registry/handlers/main.yml | 5 ++++ roles/docker/registry/tasks/main.yml | 31 ++++++++++++++++++++++++ roles/docker/registry/templates/config.yml.j2 | 35 +++++++++++++++++++++++++++ 4 files changed, 84 insertions(+) create mode 100644 roles/docker/registry/defaults/main.yml create mode 100644 roles/docker/registry/handlers/main.yml create mode 100644 roles/docker/registry/tasks/main.yml create mode 100644 roles/docker/registry/templates/config.yml.j2 (limited to 'roles/docker/registry') diff --git a/roles/docker/registry/defaults/main.yml b/roles/docker/registry/defaults/main.yml new file mode 100644 index 00000000..f561aedd --- /dev/null +++ b/roles/docker/registry/defaults/main.yml @@ -0,0 +1,13 @@ +--- +# docker_registry_storage: +# type: ... + +docker_registry_http_listen: ":5000" +# docker_registry_http_listen_debug: "127.0.0.1:5001" + +# docker_registry_http_secret: ... + +# docker_registry_http_hostnames: +# - docker.example.com +# docker_registry_http_tls: +# certificate_provider: ... diff --git a/roles/docker/registry/handlers/main.yml b/roles/docker/registry/handlers/main.yml new file mode 100644 index 00000000..1924e02f --- /dev/null +++ b/roles/docker/registry/handlers/main.yml @@ -0,0 +1,5 @@ +--- +- name: restart docker-registry + service: + name: docker-registry + state: restarted diff --git a/roles/docker/registry/tasks/main.yml b/roles/docker/registry/tasks/main.yml new file mode 100644 index 00000000..70f0196c --- /dev/null +++ b/roles/docker/registry/tasks/main.yml @@ -0,0 +1,31 @@ +--- +- name: prepare storage volume for /var/lib/docker-registry + when: docker_registry_storage is defined + vars: + storage_volume: "{{ docker_registry_storage | combine({'dest': '/var/lib/docker-registry'}) }}" + include_role: + name: "storage/{{ docker_registry_storage.type }}/volume" + +- name: install registry package + apt: + name: docker-registry + state: present + +- name: set up tls config + when: docker_registry_http_tls is defined + vars: + x509_certificate_name: "docker-registry" + x509_certificate_hostnames: "{{ docker_registry_http_hostnames }}" + x509_certificate_config: "{{ docker_registry_http_tls.certificate_config }}" + x509_certificate_reload_services: + - docker-registry + include_role: + name: "x509/{{ docker_registry_http_tls.certificate_provider }}/cert" + +- name: install config + template: + src: config.yml.j2 + dest: /etc/docker/registry/config.yml + mode: 0640 + group: docker-registry + notify: restart docker-registry diff --git a/roles/docker/registry/templates/config.yml.j2 b/roles/docker/registry/templates/config.yml.j2 new file mode 100644 index 00000000..ac5bbae1 --- /dev/null +++ b/roles/docker/registry/templates/config.yml.j2 @@ -0,0 +1,35 @@ +version: 0.1 +log: + accesslog: + disabled: true +storage: + filesystem: + rootdirectory: /var/lib/docker-registry + cache: + blobdescriptor: inmemory + delete: + enabled: true +http: + addr: "{{ docker_registry_http_listen }}" +{% if docker_registry_http_secret is defined %} + secret: "{{ docker_registry_http_secret }}" +{% endif %} + headers: + X-Content-Type-Options: [nosniff] +{% if docker_registry_http_tls is defined %} + tls: + certificate: "{{ x509_certificate_path_fullchain }}" + key: "{{ x509_certificate_path_key }}" +{% endif %} +{% if docker_registry_http_listen_debug is defined %} + debug: + addr: "{{ docker_registry_http_listen_debug }}" + prometheus: + enabled: true + path: /metrics +{% endif %} +health: + storagedriver: + enabled: true + interval: 10s + threshold: 3 -- cgit v1.2.3