summaryrefslogtreecommitdiffstats
path: root/test/integration/targets/docker/tasks/registry-tests.yml
blob: e17c383a09590271d61af6f35f4c5d27a998ba6f (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
- name: Configure a private docker registry
  service:
    name: docker-registry
    state: started

- name: Retrieve busybox image from docker hub
  docker:
    image: busybox
    state: present
    pull: missing

- name: Get busybox image id
  shell: "docker images | grep busybox | awk '{ print $3 }'"
  register: image_id

- name: Tag docker image into the local registry
  command: "docker tag {{ image_id.stdout_lines[0] }} localhost:5000/mine"

- name: Push docker image into the private registry
  command: "docker push localhost:5000/mine"

- name: Remove all images from the local docker
  shell: "docker rmi -f {{image_id.stdout_lines[0]}}"

- name: Get number of images in docker
  command: "docker images"
  register: docker_output

# docker prints a header so the header should be all that's present
- name: Check that there are no images in docker
  assert:
    that:
      - "{{ docker_output.stdout_lines| length }} <= 1 "

- name: Retrieve the image from private docker registry
  docker:
    image: "localhost:5000/mine"
    state: present
    pull: missing
    insecure_registry: True

- name: Run a small script in the new image
  docker:
    image: "localhost:5000/mine"
    state: reloaded
    pull: always
    command: "nc -l -p 2000 -e xargs -n1 echo hello"
    detach: True
    insecure_registry: True

- name: Get the docker container id
  shell: "docker ps | grep mine | awk '{ print $1 }'"
  register: container_id

- name: Get the docker container ip
  shell: "docker inspect {{ container_id.stdout_lines[0] }} | grep IPAddress | awk -F '\"' '{ print $4 }'"
  register: container_ip

- name: Pause a few moments because docker is not reliable
  pause:
    seconds: 40

- name: Try to access the server
  shell: "echo 'world' | nc {{ container_ip.stdout_lines[0] }} 2000"
  register: docker_output

- name: check that the script ran
  assert:
    that:
      - "'hello world' in docker_output.stdout_lines"


- name: Remove containers
  shell: "docker rm -f $(docker ps -aq)"

- shell: docker images -q
- name: Remove all images from the local docker
  shell: "docker rmi -f $(docker images -q)"

- name: Get number of images in docker
  command: "docker images"
  register: docker_output

- name: Check that there are no images in docker
  assert:
    that:
      - "{{ docker_output.stdout_lines| length }} <= 1"

#
# Private registry secured with an SSL proxy
#

- name: Set selinux to allow docker to connect to nginx
  seboolean:
    name: docker_connect_any
    state: yes

- name: Set selinux to allow nginx to connect to docker
  seboolean:
    name: httpd_can_network_connect
    state: yes

- name: Setup nginx with a user/password
  copy:
    src: docker-registry.htpasswd
    dest: /etc/nginx/docker-registry.htpasswd

- name: Setup nginx with a config file
  copy:
    src: nginx-docker-registry.conf
    dest: /etc/nginx/conf.d/nginx-docker-registry.conf

- name: Setup nginx docker cert
  copy:
    src: dockertest.ansible.com.crt
    dest: /etc/pki/tls/certs/dockertest.ansible.com.crt

- name: Setup nginx docker key
  copy:
    src: dockertest.ansible.com.key
    dest: /etc/pki/tls/private/dockertest.ansible.com.key

- name: Setup the ca keys
  copy:
    src: devdockerCA.crt
    dest: /etc/pki/ca-trust/source/anchors/devdockerCA.crt

- name: Update the ca bundle
  command: update-ca-trust extract

- name: Restart docker daemon
  service:
    name: docker
    state: restarted

- name: Start nginx
  service:
    name: nginx
    state: restarted

- name: Add domain name to hosts
  lineinfile:
    line: "127.0.0.1  dockertest.ansible.com"
    dest: /etc/hosts
    state: present

- name: Start a container after getting it from a secured private registry
  docker:
    image: dockertest.ansible.com:8080/mine
    registry: dockertest.ansible.com:8080
    username: "testdocker"
    password: "testdocker"
    state: running
    command: "nc -l -p 2000 -e xargs -n1 echo hello"
    detach: True

- name: Get the docker container id
  shell: "docker ps | grep mine | awk '{ print $1 }'"
  register: container_id

- name: Get the docker container ip
  shell: "docker inspect {{ container_id.stdout_lines[0] }} | grep IPAddress | awk -F '\"' '{ print $4 }'"
  register: container_ip

- name: Pause a few moments because docker is not reliable
  pause:
    seconds: 40

- name: Try to access the server
  shell: "echo 'world' | nc {{ container_ip.stdout_lines[0] }} 2000"
  register: docker_output

- name: check that the script ran
  assert:
    that:
      - "'hello world' in docker_output.stdout_lines"

- name: Remove containers
  shell: "docker rm $(docker ps -aq)"

- name: Remove all images from the local docker
  shell: "docker rmi -f $(docker images -q)"

- name: Remove domain name to hosts
  lineinfile:
    line: "127.0.0.1  dockertest.ansible.com"
    dest: /etc/hosts
    state: absent