- name: Configure a private docker registry service: name: docker-registry state: started - name: Retrieve busybox image from docker hub docker: image: busybox state: present pull: missing - name: Get busybox image id shell: "docker images | grep busybox | awk '{ print $3 }'" register: image_id - name: Tag docker image into the local registry command: "docker tag {{ image_id.stdout_lines[0] }} localhost:5000/mine" - name: Push docker image into the private registry command: "docker push localhost:5000/mine" - name: Remove containers shell: "docker rm $(docker ps -aq)" - name: Remove all images from the local docker shell: "docker rmi -f $(docker images -q)" - name: Get number of images in docker command: "docker images" register: docker_output # docker prints a header so the header should be all that's present - name: Check that there are no images in docker assert: that: - "{{ docker_output.stdout_lines| length }} <= 1 " - name: Retrieve the image from private docker registry docker: image: "localhost:5000/mine" state: present pull: missing insecure_registry: True docker_api_version: "1.14" - name: Run a small script in the new image docker: image: "localhost:5000/mine" state: reloaded pull: always command: "nc -l -p 2000 -e xargs -n1 echo hello" detach: True insecure_registry: True docker_api_version: "1.14" - name: Get the docker container id shell: "docker ps | grep mine | awk '{ print $1 }'" register: container_id - name: Get the docker container ip shell: "docker inspect {{ container_id.stdout_lines[0] }} | grep IPAddress | awk -F '\"' '{ print $4 }'" register: container_ip - name: Pause a few moments because docker is not reliable pause: seconds: 40 - name: Try to access the server shell: "echo 'world' | nc {{ container_ip.stdout_lines[0] }} 2000" register: docker_output - name: check that the script ran assert: that: - "'hello world' in docker_output.stdout_lines" - name: Remove containers shell: "docker rm $(docker ps -aq)" - name: Remove all images from the local docker shell: "docker rmi -f $(docker images -q)" - name: Get number of images in docker command: "docker images" register: docker_output - name: Check that there are no images in docker assert: that: - "{{ docker_output.stdout_lines| length }} <= 1" # # Private registry secured with an SSL proxy # - name: Set selinux to allow docker to connect to nginx seboolean: name: docker_connect_any state: yes - name: Set selinux to allow nginx to connect to docker seboolean: name: httpd_can_network_connect state: yes - name: Setup nginx with a user/password copy: src: docker-registry.htpasswd dest: /etc/nginx/docker-registry.htpasswd - name: Setup nginx with a config file copy: src: nginx-docker-registry.conf dest: /etc/nginx/conf.d/nginx-docker-registry.conf - name: Setup nginx docker cert copy: src: dockertest.ansible.com.crt dest: /etc/pki/tls/certs/dockertest.ansible.com.crt - name: Setup nginx docker key copy: src: dockertest.ansible.com.key dest: /etc/pki/tls/private/dockertest.ansible.com.key - name: Setup the ca keys copy: src: devdockerCA.crt dest: /etc/pki/ca-trust/source/anchors/devdockerCA.crt - name: Update the ca bundle command: update-ca-trust extract - name: Restart docker daemon service: name: docker state: restarted - name: Start nginx service: name: nginx state: restarted - name: Add domain name to hosts lineinfile: line: "127.0.0.1 dockertest.ansible.com" dest: /etc/hosts state: present - name: Start a container after getting it from a secured private registry docker: image: dockertest.ansible.com:8080/mine registry: dockertest.ansible.com:8080 username: "testdocker" password: "testdocker" state: running command: "nc -l -p 2000 -e xargs -n1 echo hello" detach: True docker_api_version: "1.14" - name: Get the docker container id shell: "docker ps | grep mine | awk '{ print $1 }'" register: container_id - name: Get the docker container ip shell: "docker inspect {{ container_id.stdout_lines[0] }} | grep IPAddress | awk -F '\"' '{ print $4 }'" register: container_ip - name: Pause a few moments because docker is not reliable pause: seconds: 40 - name: Try to access the server shell: "echo 'world' | nc {{ container_ip.stdout_lines[0] }} 2000" register: docker_output - name: check that the script ran assert: that: - "'hello world' in docker_output.stdout_lines" - name: Remove containers shell: "docker rm $(docker ps -aq)" - name: Remove all images from the local docker shell: "docker rmi -f $(docker images -q)" - name: Remove domain name to hosts lineinfile: line: "127.0.0.1 dockertest.ansible.com" dest: /etc/hosts state: absent