fedora-infra_ansible/playbooks/groups/docker-registry.yml

# create an osbs server
- include:  "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=docker-registry:docker-registry-stg"

- name: make the box be real
  hosts: docker-registry:docker-registry-stg
  user: root
  gather_facts: True

  vars_files:
   - /srv/web/infra/ansible/vars/global.yml
   - "/srv/private/ansible/vars.yml"
   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml

  roles:
  - base
  - rkhunter
  - nagios/client
  - hosts
  - fas_client
  - collectd/base
  - rsyncd
  - sudo
  - { role: openvpn/client,
      when: env != "staging" }

  tasks:
  - include: "{{ tasks }}/yumrepos.yml"
  - include: "{{ tasks }}/2fa_client.yml"
  - include: "{{ tasks }}/motd.yml"

  handlers:
  - include: "{{ handlers }}/restart_services.yml"

- name: set up gluster on stg
  hosts:
  - docker-registry01.stg.phx2.fedoraproject.org
  - docker-registry02.stg.phx2.fedoraproject.org
  user: root
  gather_facts: True

  vars_files:
   - /srv/web/infra/ansible/vars/global.yml
   - "/srv/private/ansible/vars.yml"
   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml

  roles:
  - role: gluster/server
    name: gluster
    username: "{{ registry_gluster_username_stg }}"
    password: "{{ registry_gluster_password_stg }}"
    owner: root
    group: root
    datadir: /srv/glusterfs/registry-stg

  - role: gluster/client
    name: gluster
    servers:
    - docker-registry01.stg.phx2.fedoraproject.org
    - docker-registry02.stg.phx2.fedoraproject.org
    username: "{{ registry_gluster_username_stg }}"
    password: "{{ registry_gluster_password_stg }}"
    owner: root
    group: root
    mountdir: "/srv/docker"

- name: setup docker distribution registry
  hosts: docker-registry:docker-registry-stg
  vars_files:
    - /srv/web/infra/ansible/vars/global.yml
    - /srv/private/ansible/vars.yml
    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml


  # NOTE: tls is disabled for docker-distribution because we are listening only
  #       on localhost and all external connections will be through httpd which
  #       will be SSL enalbed.
  roles:
    - {
      role: docker-distribution,
        conf_path: "/etc/docker-distribution/registry/config.yml",
        tls: {
          enabled: False,
        },
        log: {
          fields: {
            service: "registry"
          }
        },
        storage: {
          filesystem: {
            rootdirectory: "/srv/"
          }
        },
        http: {
          addr: ":5000"
        }
      }

    # Setup compose-x86-01 push docker images to registry
    - {
      role: push-docker,
        docker_cert_name: "containerstable",
        docker_cert_dir: "/etc/docker/certs.d/registry.stg.fedoraproject.org",
      when: env == "staging",
      delegate_to: compose-x86-01.phx2.fedoraproject.org
    }
    - {
      role: push-docker,
        docker_cert_name: "containerbuild",
        docker_cert_dir: "/etc/docker/certs.d/candidate-registry.stg.fedoraproject.org",
      when: env == "staging",
      delegate_to: compose-x86-01.phx2.fedoraproject.org
    }
    - {
      role: push-docker,
        docker_cert_name: "containerstable",
        docker_cert_dir: "/etc/docker/certs.d/registry.fedoraproject.org",
      when: env == "production",
      delegate_to: compose-x86-01.phx2.fedoraproject.org
    }
    - {
      role: push-docker,
        docker_cert_name: "containerbuild",
        docker_cert_dir: "/etc/docker/certs.d/candidate-registry.fedoraproject.org",
      when: env == "production",
      delegate_to: compose-x86-01.phx2.fedoraproject.org
    }