blob: e17c383a09590271d61af6f35f4c5d27a998ba6f (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
|
- name: Configure a private docker registry
service:
name: docker-registry
state: started
- name: Retrieve busybox image from docker hub
docker:
image: busybox
state: present
pull: missing
- name: Get busybox image id
shell: "docker images | grep busybox | awk '{ print $3 }'"
register: image_id
- name: Tag docker image into the local registry
command: "docker tag {{ image_id.stdout_lines[0] }} localhost:5000/mine"
- name: Push docker image into the private registry
command: "docker push localhost:5000/mine"
- name: Remove all images from the local docker
shell: "docker rmi -f {{image_id.stdout_lines[0]}}"
- name: Get number of images in docker
command: "docker images"
register: docker_output
# docker prints a header so the header should be all that's present
- name: Check that there are no images in docker
assert:
that:
- "{{ docker_output.stdout_lines| length }} <= 1 "
- name: Retrieve the image from private docker registry
docker:
image: "localhost:5000/mine"
state: present
pull: missing
insecure_registry: True
- name: Run a small script in the new image
docker:
image: "localhost:5000/mine"
state: reloaded
pull: always
command: "nc -l -p 2000 -e xargs -n1 echo hello"
detach: True
insecure_registry: True
- name: Get the docker container id
shell: "docker ps | grep mine | awk '{ print $1 }'"
register: container_id
- name: Get the docker container ip
shell: "docker inspect {{ container_id.stdout_lines[0] }} | grep IPAddress | awk -F '\"' '{ print $4 }'"
register: container_ip
- name: Pause a few moments because docker is not reliable
pause:
seconds: 40
- name: Try to access the server
shell: "echo 'world' | nc {{ container_ip.stdout_lines[0] }} 2000"
register: docker_output
- name: check that the script ran
assert:
that:
- "'hello world' in docker_output.stdout_lines"
- name: Remove containers
shell: "docker rm -f $(docker ps -aq)"
- shell: docker images -q
- name: Remove all images from the local docker
shell: "docker rmi -f $(docker images -q)"
- name: Get number of images in docker
command: "docker images"
register: docker_output
- name: Check that there are no images in docker
assert:
that:
- "{{ docker_output.stdout_lines| length }} <= 1"
#
# Private registry secured with an SSL proxy
#
- name: Set selinux to allow docker to connect to nginx
seboolean:
name: docker_connect_any
state: yes
- name: Set selinux to allow nginx to connect to docker
seboolean:
name: httpd_can_network_connect
state: yes
- name: Setup nginx with a user/password
copy:
src: docker-registry.htpasswd
dest: /etc/nginx/docker-registry.htpasswd
- name: Setup nginx with a config file
copy:
src: nginx-docker-registry.conf
dest: /etc/nginx/conf.d/nginx-docker-registry.conf
- name: Setup nginx docker cert
copy:
src: dockertest.ansible.com.crt
dest: /etc/pki/tls/certs/dockertest.ansible.com.crt
- name: Setup nginx docker key
copy:
src: dockertest.ansible.com.key
dest: /etc/pki/tls/private/dockertest.ansible.com.key
- name: Setup the ca keys
copy:
src: devdockerCA.crt
dest: /etc/pki/ca-trust/source/anchors/devdockerCA.crt
- name: Update the ca bundle
command: update-ca-trust extract
- name: Restart docker daemon
service:
name: docker
state: restarted
- name: Start nginx
service:
name: nginx
state: restarted
- name: Add domain name to hosts
lineinfile:
line: "127.0.0.1 dockertest.ansible.com"
dest: /etc/hosts
state: present
- name: Start a container after getting it from a secured private registry
docker:
image: dockertest.ansible.com:8080/mine
registry: dockertest.ansible.com:8080
username: "testdocker"
password: "testdocker"
state: running
command: "nc -l -p 2000 -e xargs -n1 echo hello"
detach: True
- name: Get the docker container id
shell: "docker ps | grep mine | awk '{ print $1 }'"
register: container_id
- name: Get the docker container ip
shell: "docker inspect {{ container_id.stdout_lines[0] }} | grep IPAddress | awk -F '\"' '{ print $4 }'"
register: container_ip
- name: Pause a few moments because docker is not reliable
pause:
seconds: 40
- name: Try to access the server
shell: "echo 'world' | nc {{ container_ip.stdout_lines[0] }} 2000"
register: docker_output
- name: check that the script ran
assert:
that:
- "'hello world' in docker_output.stdout_lines"
- name: Remove containers
shell: "docker rm $(docker ps -aq)"
- name: Remove all images from the local docker
shell: "docker rmi -f $(docker images -q)"
- name: Remove domain name to hosts
lineinfile:
line: "127.0.0.1 dockertest.ansible.com"
dest: /etc/hosts
state: absent
|