From f4c1260d0359e5b5ad43477f36afabfd1c8c87e4 Mon Sep 17 00:00:00 2001 From: Toshio Kuratomi Date: Wed, 18 Mar 2015 12:15:42 -0700 Subject: [PATCH] Add more tests for private docker registries --- .../roles/test_docker/files/devdockerCA.crt | 23 ++++ .../roles/test_docker/files/devdockerCA.key | 27 +++++ .../roles/test_docker/files/devdockerCA.srl | 1 + .../files/docker-registry.htpasswd | 1 + .../files/dockertest.ansible.com.crt | 21 ++++ .../files/dockertest.ansible.com.csr | 17 +++ .../files/dockertest.ansible.com.key | 27 +++++ .../files/nginx-docker-registry.conf | 40 +++++++ .../test_docker/tasks/docker-setup-debian.yml | 2 +- .../test_docker/tasks/docker-setup-rht.yml | 2 +- .../roles/test_docker/tasks/docker-tests.yml | 31 +++++ .../test_docker/tasks/registry-tests.yml | 108 +++++++++++++++++- 12 files changed, 294 insertions(+), 6 deletions(-) create mode 100644 test/integration/roles/test_docker/files/devdockerCA.crt create mode 100644 test/integration/roles/test_docker/files/devdockerCA.key create mode 100644 test/integration/roles/test_docker/files/devdockerCA.srl create mode 100644 test/integration/roles/test_docker/files/docker-registry.htpasswd create mode 100644 test/integration/roles/test_docker/files/dockertest.ansible.com.crt create mode 100644 test/integration/roles/test_docker/files/dockertest.ansible.com.csr create mode 100644 test/integration/roles/test_docker/files/dockertest.ansible.com.key create mode 100644 test/integration/roles/test_docker/files/nginx-docker-registry.conf diff --git a/test/integration/roles/test_docker/files/devdockerCA.crt b/test/integration/roles/test_docker/files/devdockerCA.crt new file mode 100644 index 00000000000..14f1b2f7ee6 --- /dev/null +++ b/test/integration/roles/test_docker/files/devdockerCA.crt @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIID3TCCAsWgAwIBAgIJAPczDjnFOjH/MA0GCSqGSIb3DQEBCwUAMIGEMQswCQYD +VQQGEwJVUzELMAkGA1UECAwCTkMxDzANBgNVBAcMBkR1cmhhbTEQMA4GA1UECgwH +QW5zaWJsZTEfMB0GA1UEAwwWZG9ja2VydGVzdC5hbnNpYmxlLmNvbTEkMCIGCSqG +SIb3DQEJARYVdGt1cmF0b21pQGFuc2libGUuY29tMB4XDTE1MDMxNzIyMjc1OVoX +DTQyMDgwMjIyMjc1OVowgYQxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJOQzEPMA0G +A1UEBwwGRHVyaGFtMRAwDgYDVQQKDAdBbnNpYmxlMR8wHQYDVQQDDBZkb2NrZXJ0 +ZXN0LmFuc2libGUuY29tMSQwIgYJKoZIhvcNAQkBFhV0a3VyYXRvbWlAYW5zaWJs +ZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIk4D0+QY3obQM +I/BPmI4pFFu734HHz98ce6Qat7WYiGUHsnt3LHw2a6zMsgP3siD1zqGHtk1IipWR +IwZbXm1spww/8YNUEE8wbXlLGI8IPUpg2J7NS2SdYIuN/TrQMqCUt7fFb+7OQjaH +RtR0LtXhP96al3E8BR9G6AiS67XuwdTL4vrXLUWISjNyF2Vj7xQsp8KRrq0qnXhq +pefeBi1fD9DG5f76j3s8lqGiOg9FHegvfodonNGcqE16T/vBhQcf+NjenlFvR2Lh +3wb/RCo/b1IhZHKNx32fJ/WpiKXkrLYFvwtIWtLw6XIwwarc+n7AfGqKnt4h4bAG +a+5aNnlFAgMBAAGjUDBOMB0GA1UdDgQWBBRZpu6oomSlpCvy2VgOHbWwDwVl1jAf +BgNVHSMEGDAWgBRZpu6oomSlpCvy2VgOHbWwDwVl1jAMBgNVHRMEBTADAQH/MA0G +CSqGSIb3DQEBCwUAA4IBAQCqOSFzTgQDww5bkNRCQrg7lTKzXW9bJpJ5NZdTLwh6 +b+e+XouRH+lBe7Cnn2RTtuFYVfm8hQ1Ra7GDM3v2mJns/s3zDkRINZMMVXddzl5S +M8QxsFJK41PaL9wepizslkcg19yQkdWJQYPDeFurlFvwtakhZE7ttawYi5bFkbCd +4fchMNBBmcigpSfoWb/L2lK2vVKBcfOdUl+V6k49lpf8u7WZD0Xi2cbBhw17tPj4 +ulKZaVNdzj0GFfhpQe/MtDoqxStRpHamdk0Y6fN+CvoW7RPDeVsqkIgCu30MOFuG +A53ZtOc3caYRyGYJtIIl0Rd5uIApscec/6RGiFX6Gab8 +-----END CERTIFICATE----- diff --git a/test/integration/roles/test_docker/files/devdockerCA.key b/test/integration/roles/test_docker/files/devdockerCA.key new file mode 100644 index 00000000000..0c8c0ee7b0c --- /dev/null +++ b/test/integration/roles/test_docker/files/devdockerCA.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEAyJOA9PkGN6G0DCPwT5iOKRRbu9+Bx8/fHHukGre1mIhlB7J7 +dyx8NmuszLID97Ig9c6hh7ZNSIqVkSMGW15tbKcMP/GDVBBPMG15SxiPCD1KYNie +zUtknWCLjf060DKglLe3xW/uzkI2h0bUdC7V4T/empdxPAUfRugIkuu17sHUy+L6 +1y1FiEozchdlY+8ULKfCka6tKp14aqXn3gYtXw/QxuX++o97PJahojoPRR3oL36H +aJzRnKhNek/7wYUHH/jY3p5Rb0di4d8G/0QqP29SIWRyjcd9nyf1qYil5Ky2Bb8L +SFrS8OlyMMGq3Pp+wHxqip7eIeGwBmvuWjZ5RQIDAQABAoIBAQCVOumfWgf+LBlB +TxvknKRoe/Ukes6cU1S0ZGlcV4KM0i4Y4/poWHiyJLqUMX4yNB3BxNL5nfEyH6nY +Ki74m/Dd/gtnJ9GGIfxJE6pC7Sq9/pvwIjtEkutxC/vI0LeJX6GKBIZ+JyGN5EWd +sF0xdAc9Z7+/VR2ygj0bDFgUt7rMv6fLaXh6i5Ms0JV7I/HkIi0Lmy9FncJPOTjP +/Wb3Rj5twDppBqSiqU2JNQHysWzNbp8nzBGeR0+WU6xkWjjGzVyQZJq4XJQhqqot +t+v+/lF+jObujcRxPRStaA5IoQdmls3l+ubkoFeNp3j6Nigz40wjTJArMu/Q9xQ5 +A+kHYNgBAoGBAPVNku0eyz1SyMM8FNoB+AfSpkslTnqfmehn1GCOOS9JPimGWS3A +UlAs/PAPW/H/FTM38eC89GsKKVV8zvwkERNwf+PIGzkQrJgYLxGwoflAKsvFoQi9 +PVbIn0TBDZ3TWyNfGul62fEgNen4B46d7kG6l/C3p9eKKCo3sCBgWl8FAoGBANFS +n9YWyAYmHQAWy5R0YeTsdtiRpZWkB0Is9Jr8Zm/DQDNnsKgvXw//qxuWYMi68teK +6o8t5mgDQNWBu3rXrU73f8mMVJNmzSHFbyQEyFOJ9yvI5qMRbJfvdURUje6d3ZUw +G7olKjX0fec4cAG7hbT8sMDvIbnATdhh3VppiEVBAoGBAJKidJnaNpPJ0MkkOTK4 +ypOikFWLT4ZtsYsDxiiR3A0wM0CPVu/Kb2oN+oVmKQhX+0xKvQQi79iskljP6ss+ +pBaCwXBgRiWumf2xNzHT7H8apHp7APBAb1JZSxvGa2VU2r4iM+wty+of3xqlcZ8H +OU2BRSJYJrTpmWjjMR2pe1whAoGAfMTbMSlzIPcm4h60SlD06Rdp370xDfkvumpB +gwBfrs6bPgjYa+eQqmCjBValagDFL2VGWwHpDKajxqAFuDtGuoMcUG6tGw9zxmWA +0d9n6SObiSW/FAQWzpmVNJ2R3GGM6pg6bsIoXvDU+zXQzbeRA0h7swTW/Xl67Teo +UXQGHgECgYEAjckqv2e39AgBvjxvj9SylVbFNSERrbpmiIRH31MnAHpTXbxRf7K+ +/79vUsRfQun9F/+KVfjUyMqRj0PE2tS4ATIjqQsa18RCB4mAE3sNsKz8HbJfzIFq +eEqAWmURm6gRmLmaTMlXS0ZtZaw/A2Usa/DJumu9CsfBu7ZJbDnrQIY= +-----END RSA PRIVATE KEY----- diff --git a/test/integration/roles/test_docker/files/devdockerCA.srl b/test/integration/roles/test_docker/files/devdockerCA.srl new file mode 100644 index 00000000000..78f0162afec --- /dev/null +++ b/test/integration/roles/test_docker/files/devdockerCA.srl @@ -0,0 +1 @@ +D96F3E552F279F46 diff --git a/test/integration/roles/test_docker/files/docker-registry.htpasswd b/test/integration/roles/test_docker/files/docker-registry.htpasswd new file mode 100644 index 00000000000..7cee295817c --- /dev/null +++ b/test/integration/roles/test_docker/files/docker-registry.htpasswd @@ -0,0 +1 @@ +testdocker:$apr1$6cYd3tA9$4Dc9/I5Z.bl8/br8O/6B41 diff --git a/test/integration/roles/test_docker/files/dockertest.ansible.com.crt b/test/integration/roles/test_docker/files/dockertest.ansible.com.crt new file mode 100644 index 00000000000..e89327c3faf --- /dev/null +++ b/test/integration/roles/test_docker/files/dockertest.ansible.com.crt @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDYTCCAkkCCQDZbz5VLyefRjANBgkqhkiG9w0BAQUFADCBhDELMAkGA1UEBhMC +VVMxCzAJBgNVBAgMAk5DMQ8wDQYDVQQHDAZEdXJoYW0xEDAOBgNVBAoMB0Fuc2li +bGUxHzAdBgNVBAMMFmRvY2tlcnRlc3QuYW5zaWJsZS5jb20xJDAiBgkqhkiG9w0B +CQEWFXRrdXJhdG9taUBhbnNpYmxlLmNvbTAgFw0xNTAzMTcyMjMxNTBaGA8yMjg4 +MTIzMDIyMzE1MFowXjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk5DMQ8wDQYDVQQH +DAZEdXJoYW0xEDAOBgNVBAoMB0Fuc2libGUxHzAdBgNVBAMMFmRvY2tlcnRlc3Qu +YW5zaWJsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7WpI3 +QuuARgPufAA0JkGCGIUNWqFyTEngOWvBVEuk5TnDB4x78OCE9j7rr75OxZaSc6Y7 +oFTl+hhlgt6sqj+GXehgCHLA97CCc8eUqGv3bwdIIg/hahCPjEWfYzocX1xmUdzN +6klbV9lSO7FGSuk7W4DNga/weRfZmVoPi6jqTvx0tFsGrHVb1evholUKpxaOEYQZ +2NJ22+UXpUyVzN/mw5TAGNG0/yR7sIgCjKYCsYF8k79SfNDMJ1VcCPy3aag45jaz +WoA+OIJJFRkAaPSM5VtnbGBv/slpDVaKfl2ei7Ey3mKx1b7jYMzRz07Gw+zqr1gJ +kBWvfjR7ioxXcN7jAgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAJyF24tCq5R8SJto +EMln0m9dMoJTC5usaBYBUMMe6hV2ikUGaXVDIqY+Yypt1sIcjGnLRmehJbej8iS7 +4aypuLc8Fgb4CvW+gY3I3W1iF7ZxIN/4yr237Z9KH1d1uGi+066Sk94OCXlqgsb+ +RzU6XOg+PMIjYC/us5VRv8a2qfjIA8getR+19nP+hR6NgIQcEyRKG2FmhkUSAwd8 +60FhpW4UmPQmn0ErZmRwdp2hNPj5g3my5iOSi7DzdK4CwZJAASOoWsbQIxP0k4JE +PMo7Ad1YxXlOvNWIA8FLMkRsq3li6KJ17WBdEYgFeuxWpf1/x1WA+WpwEIfC5cuR +A5LkaNI= +-----END CERTIFICATE----- diff --git a/test/integration/roles/test_docker/files/dockertest.ansible.com.csr b/test/integration/roles/test_docker/files/dockertest.ansible.com.csr new file mode 100644 index 00000000000..62b1f8535ac --- /dev/null +++ b/test/integration/roles/test_docker/files/dockertest.ansible.com.csr @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICozCCAYsCAQAwXjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk5DMQ8wDQYDVQQH +DAZEdXJoYW0xEDAOBgNVBAoMB0Fuc2libGUxHzAdBgNVBAMMFmRvY2tlcnRlc3Qu +YW5zaWJsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7WpI3 +QuuARgPufAA0JkGCGIUNWqFyTEngOWvBVEuk5TnDB4x78OCE9j7rr75OxZaSc6Y7 +oFTl+hhlgt6sqj+GXehgCHLA97CCc8eUqGv3bwdIIg/hahCPjEWfYzocX1xmUdzN +6klbV9lSO7FGSuk7W4DNga/weRfZmVoPi6jqTvx0tFsGrHVb1evholUKpxaOEYQZ +2NJ22+UXpUyVzN/mw5TAGNG0/yR7sIgCjKYCsYF8k79SfNDMJ1VcCPy3aag45jaz +WoA+OIJJFRkAaPSM5VtnbGBv/slpDVaKfl2ei7Ey3mKx1b7jYMzRz07Gw+zqr1gJ +kBWvfjR7ioxXcN7jAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAQEAoPgw9dlA3Ys2 +oahtr2KMNFnHnab6hUr/CuDIygkOft+MCX1cPXY1c0R72NQq42TjAFO5UnriJ0Jg +rcWgBAw8TCOHH77ZWawQFjWWoxNTy+bfXNJ002tzc4S/A4s8ytcFQN7E2irbGtUB +ratVaE+c6RvD/o48N4YLUyJbJK84FZ1xMnJI0z5R6XzDWEqYbobzkM/aUWvDTT9F ++F9H5W/3sIhNFVGLygSKbhgrb6eaC8R36fcmTRfYYdT4GrpXFePoZ4LJGCKiiaGV +p8gZzYQ9xjRYDP2OUMacBDlX1Mu5IJ2SCfjavD1hMhB54tWiiw3CRMJcNMql7ob/ +ZHH8UDMqgA== +-----END CERTIFICATE REQUEST----- diff --git a/test/integration/roles/test_docker/files/dockertest.ansible.com.key b/test/integration/roles/test_docker/files/dockertest.ansible.com.key new file mode 100644 index 00000000000..bda2bb61262 --- /dev/null +++ b/test/integration/roles/test_docker/files/dockertest.ansible.com.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAu1qSN0LrgEYD7nwANCZBghiFDVqhckxJ4DlrwVRLpOU5wweM +e/DghPY+66++TsWWknOmO6BU5foYZYLerKo/hl3oYAhywPewgnPHlKhr928HSCIP +4WoQj4xFn2M6HF9cZlHczepJW1fZUjuxRkrpO1uAzYGv8HkX2ZlaD4uo6k78dLRb +Bqx1W9Xr4aJVCqcWjhGEGdjSdtvlF6VMlczf5sOUwBjRtP8ke7CIAoymArGBfJO/ +UnzQzCdVXAj8t2moOOY2s1qAPjiCSRUZAGj0jOVbZ2xgb/7JaQ1Win5dnouxMt5i +sdW+42DM0c9OxsPs6q9YCZAVr340e4qMV3De4wIDAQABAoIBABjczxSIS+pM4E6w +o/JHtV/HUzjPcydQ2mjoFdWlExjB1qV8BfeYoqLibr0mKFIZxH6Q3FmDUGDojH5E +HLq7KQzyv1inJltXQ1Q8exrOMu22DThUVNksEyCJk9+v8lE7km59pJiq46s8gDl6 +dG8Il+TporEi6a820qRsxlfTx8m4EUbyPIhf2e2wYdqiscLwj49ZzMs3TFJxN3j4 +lLP3QDHz9n8q+XXpUT9+rsePe4D4DVVRLhg8w35zkys36xfvBZrI+9SytSs+r1/e +X4gVhxeX9q3FkvXiw1IDGPr0l5X7SH+5zk7JWuLfFbNBK02zR/Bd2OIaYAOmyIFk +ZzsVfokCgYEA8Cj04S32Tga7lOAAUEuPjgXbCtGYqBUJ/9mlMHJBtyl4vaBRm1Z3 +1YQqlL3yGM1F6ZStPWs86vsVaScypr7+RnmQ/uPjz1g2jNI9vomqRkzpzd8/bBwW +J3FCaKFIfl9uQx4ac7piAYdhNXswjQ7Kzn5xgG24i8EkUm6+UxarA38CgYEAx7X+ +qOVT+kA5WU1EDIc2x3Au0PhNIXiHOGRLW0MC7Vy1xBrgxfVrz6J8flBXOxmWYjRq +3dFiHA9S7WPQStkgTjzE91sthLefJ8DKXE4IrRkvYXIIX8DqkcFxTHS/OzckTcK/ +z79jNOPYA1s+z2jzgd24sslXbqxNz1LqZ/PlRp0CgYEAik8cEF72/aK0/x0uMRAD +IcjPiGCDKTHMq3M9xjPXEtQofBTLSsm2g9n05+qodY4qmEYOq1OKJs3pW8C+U/ek +2xOB5Ll75lqoN9uQwZ3o2UnMUMskbG+UdqyskTNpW5Y8Gx1IIKQTc0vzOOi0YlhF +hjydw1ftM1dNQsgShimE3aMCgYEAwITwFk7kcoTBBBZY+B7Mrtu1Ndt3N0HiUHlW +r4Zc5waNbptefVbF9GY1zuqR/LYA43CWaHj1NAmNrqye2diPrPwmADHUInGEqqTO +LsdG099Ibo6oBe6J8bJiDwsoYeQZSiDoGVPtRcoyraGjXfxVaaac6zTu5RCS/b53 +m3hhWH0CgYAqi3x10NpJHInU/zNa1GhI9UVJzabE2APdbPHvoE/yyfpCGhExiXZw +MDImUzc59Ro0pCZ9Bk7pd5LwdjjeJXih7jaRZQlPD1BeM6dKdmJps1KMaltOOJ4J +W0FE34E+Kt5JeIix8zmhxgaAU9NVilaNx5tI/D65Y0inMBZpqedrtg== +-----END RSA PRIVATE KEY----- diff --git a/test/integration/roles/test_docker/files/nginx-docker-registry.conf b/test/integration/roles/test_docker/files/nginx-docker-registry.conf new file mode 100644 index 00000000000..99c7802e1bf --- /dev/null +++ b/test/integration/roles/test_docker/files/nginx-docker-registry.conf @@ -0,0 +1,40 @@ +# For versions of Nginx > 1.3.9 that include chunked transfer encoding support +# Replace with appropriate values where necessary + +upstream docker-registry { + server localhost:5000; +} + +server { + listen 8080; + server_name dockertest.ansible.com; + + ssl on; + ssl_certificate /etc/pki/tls/certs/dockertest.ansible.com.crt; + ssl_certificate_key /etc/pki/tls/private/dockertest.ansible.com.key; + + proxy_set_header Host $http_host; # required for Docker client sake + proxy_set_header X-Real-IP $remote_addr; # pass on real client IP + + client_max_body_size 0; # disable any limits to avoid HTTP 413 for large image uploads + + # required to avoid HTTP 411: see Issue #1486 (https://github.com/dotcloud/docker/issues/1486) + chunked_transfer_encoding on; + + location / { + # let Nginx know about our auth file + auth_basic "Restricted"; + auth_basic_user_file /etc/nginx/docker-registry.htpasswd; + + proxy_pass http://docker-registry; + } + location /_ping { + auth_basic off; + proxy_pass http://docker-registry; + } + location /v1/_ping { + auth_basic off; + proxy_pass http://docker-registry; + } + +} diff --git a/test/integration/roles/test_docker/tasks/docker-setup-debian.yml b/test/integration/roles/test_docker/tasks/docker-setup-debian.yml index 01a67eee6bb..068011a0937 100644 --- a/test/integration/roles/test_docker/tasks/docker-setup-debian.yml +++ b/test/integration/roles/test_docker/tasks/docker-setup-debian.yml @@ -2,5 +2,5 @@ apt: state: present # Note: add docker-registry when available - name: docker.io,python-docker,netcat-openbsd + name: docker.io,python-docker,netcat-openbsd,nginx diff --git a/test/integration/roles/test_docker/tasks/docker-setup-rht.yml b/test/integration/roles/test_docker/tasks/docker-setup-rht.yml index d141bddc55e..3ba234ecffc 100644 --- a/test/integration/roles/test_docker/tasks/docker-setup-rht.yml +++ b/test/integration/roles/test_docker/tasks/docker-setup-rht.yml @@ -1,7 +1,7 @@ - name: Install docker packages (yum) yum: state: present - name: docker-io,docker-registry,python-docker-py + name: docker-io,docker-registry,python-docker-py,nginx - name: Install netcat yum: diff --git a/test/integration/roles/test_docker/tasks/docker-tests.yml b/test/integration/roles/test_docker/tasks/docker-tests.yml index 11f2f9ac2c1..10067d7ad7a 100644 --- a/test/integration/roles/test_docker/tasks/docker-tests.yml +++ b/test/integration/roles/test_docker/tasks/docker-tests.yml @@ -33,3 +33,34 @@ assert: that: - "'hello world' in docker_output.stdout_lines" + +- name: Run a script that sets environment in busybox + docker: + image: busybox + state: reloaded + pull: always + env: + TEST: hello + command: '/bin/sh -c "nc -l -p 2000 -e xargs -n1 echo $TEST"' + detach: True + +- name: Get the docker container id + shell: "docker ps | grep busybox | awk '{ print $1 }'" + register: container_id + +- name: Get the docker container ip + shell: "docker inspect {{ container_id.stdout_lines[0] }} | grep IPAddress | awk -F '\"' '{ print $4 }'" + register: container_ip + +- name: Try to access the server + shell: "echo 'world' | nc {{ container_ip.stdout_lines[0] }} 2000" + register: docker_output + +- name: check that the script ran + assert: + that: + - "'hello world' in docker_output.stdout_lines" + +- name: Remove the busybox image from the local docker + shell: "docker rmi -f busybox" + diff --git a/test/integration/roles/test_docker/tasks/registry-tests.yml b/test/integration/roles/test_docker/tasks/registry-tests.yml index 52d84060197..348062234ad 100644 --- a/test/integration/roles/test_docker/tasks/registry-tests.yml +++ b/test/integration/roles/test_docker/tasks/registry-tests.yml @@ -3,18 +3,24 @@ name: docker-registry state: started +- name: Retrieve busybox image from docker hub + docker: + image: busybox + state: present + pull: missing + - name: Get busybox image id shell: "docker images | grep busybox | awk '{ print $3 }'" register: image_id -- name: Tag docker image into the local repository +- name: Tag docker image into the local registry shell: "docker tag {{ image_id.stdout_lines[0] }} localhost:5000/mine" -- name: Push docker image into the local repository +- name: Push docker image into the private registry shell: "docker push localhost:5000/mine" - name: Remove the busybox image from the local docker - shell: "docker rmi -f {{ image_id.stdout_lines[0] }}" + shell: "docker rmi -f busybox" - name: Remove the new image from the local docker shell: "docker rmi -f localhost:5000/mine" @@ -23,12 +29,13 @@ shell: "docker images |wc -l" register: docker_output +# docker prints a header so the header should be all that's present - name: Check that there are no images in docker assert: that: - "'1' in docker_output.stdout_lines" -- name: Retrieve the image from private docker server +- name: Retrieve the image from private docker registry docker: image: "localhost:5000/mine" state: present @@ -60,3 +67,96 @@ assert: that: - "'hello world' in docker_output.stdout_lines" + +- name: Remove the new image from the local docker + shell: "docker rmi -f localhost:5000/mine" + +- name: Get number of images in docker + shell: "docker images |wc -l" + register: docker_output + +- name: Check that there are no images in docker + assert: + that: + - "'1' in docker_output.stdout_lines" + +- name: Setup nginx with a user/password + copy: + src: docker-registry.htpasswd + dest: /etc/nginx/docker-registry.htpasswd + +- name: Setup nginx with a config file + copy: + src: nginx-docker-registry.conf + dest: /etc/nginx/conf.d/nginx-docker-registry.conf + +- name: Setup nginx docker cert + copy: + src: dockertest.ansible.com.crt + dest: /etc/pki/tls/certs/dockertest.ansible.com.crt + +- name: Setup nginx docker key + copy: + src: dockertest.ansible.com.key + dest: /etc/pki/tls/private/dockertest.ansible.com.key + +- name: Setup the ca keys + copy: + src: devdockerCA.crt + dest: /etc/pki/ca-trust/source/anchors/devdockerCA.crt + +- name: Update the ca bundle + command: update-ca-trust extract + +- name: Restart docker daemon + service: + name: docker + state: restarted + +- name: Start nginx + service: + name: nginx + state: restarted + +- name: Add domain name to hosts + lineinfile: + line: "127.0.0.1 dockertest.ansible.com" + dest: /etc/hosts + state: present + +- name: Start a container after getting it from a secured private registry + docker: + image: dockertest.ansible.com:8080/mine + registry: dockertest.ansible.com:8080 + username: "testdocker" + password: "testdocker" + state: running + command: "nc -l -p 2000 -e xargs -n1 echo hello" + detach: True + +- name: Get the docker container id + shell: "docker ps | grep mine | awk '{ print $1 }'" + register: container_id + +- name: Get the docker container ip + shell: "docker inspect {{ container_id.stdout_lines[0] }} | grep IPAddress | awk -F '\"' '{ print $4 }'" + register: container_ip + +- name: Try to access the server + shell: "echo 'world' | nc {{ container_ip.stdout_lines[0] }} 2000" + register: docker_output + +- name: check that the script ran + assert: + that: + - "'hello world' in docker_output.stdout_lines" + +- name: Remove the private repo image from the local docker + shell: "docker rmi -f dockertest.ansible.com:8080/mine" + +- name: Remove domain name to hosts + lineinfile: + line: "127.0.0.1 dockertest.ansible.com" + dest: /etc/hosts + state: absent +