Skip to content

Commit

Permalink
Big changes
Browse files Browse the repository at this point in the history
  • Loading branch information
jeffcpullen committed Jan 17, 2020
1 parent abe694d commit dff7812
Show file tree
Hide file tree
Showing 11 changed files with 339 additions and 206 deletions.
132 changes: 40 additions & 92 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
# quay-ansible

Quay Ansible
=========

Expand Down Expand Up @@ -59,11 +61,7 @@ ansible-playbook -i hosts deploy.yml -b --skip-tags register -e QUAY_CONFIG=true
```
<<<<<<< HEAD
ansible-playbook deploy.yml -i hosts -b -e QUAY_CONFIG_TAR=<path to quay config tarball>
=======
ansible-playbook deploy.yml -i hosts -b -e QUAY_CONFIG_TAR=<path to quay config tarball>
>>>>>>> 1e8de2f5d1d9c804b61ef1ea2df4a4e625542ac9
```
Expand All @@ -74,87 +72,46 @@ Role Variables
Review the variables stored under group_vars/all to ensure that they align with your desired configurations. Default passwords are included here and should be changed or overwritten at run time.
```
QUAY_IMAGE_VERSION: "quay.io/redhat/quay:v3.1.3"
#QUAY_IMAGE_VERSION: "quay.io/quay/quay:v3.2.0-3"

QUAY_ENDPOINT: quay.homelab.work
CLAIR_ENDPOINT: "{{ QUAY_ENDPOINT }}"

MYSQL_CONTAINER_NAME: mysql
MYSQL_DATABASE: enterpriseregistrydb
MYSQL_PASSWORD: JzxCTamgFBmHRhcGFtoPHFkrx1BH2vwQ
MYSQL_USER: quayuser
MYSQL_ROOT_PASSWORD: L36PrivxRB02bqOB9jtZtWiCcMsApOGn
QUAY_CONFIG_PASSWORD: my-secret-password
QUAY_ROOT_DIR: /opt/quay
QUAY_STORAGE_DIR: "{{ QUAY_ROOT_DIR }}/storage"
QUAY_CONFIG_PORT: 8443
QUAY_OBJECT_STORAGE: false
QUAY_HTTP_PORT: 80
QUAY_HTTPS_PORT: 443
QUAY_REDIS_DEPLOY: true
QUAY_REDIS_CONTAINERIZE: true
QUAY_DATABASE_CONTAINERIZE: false

QUAY_MYSQL_DEPLOY: true
QUAY_POSTGRESQL_DEPLOY: true

SATELLITE_REGISTER: false

# Mysql role
mysql_root_home: /root
mysql_root_username: root
mysql_root_password: "{{ MYSQL_ROOT_PASSWORD }}"
mysql_enabled_on_startup: true
mysql_databases:
- name: "{{ MYSQL_DATABASE }}"
mysql_users:
- name: "{{ MYSQL_USER }}"
host: "%"
password: "{{ MYSQL_PASSWORD }}"
priv: "{{ MYSQL_DATABASE }}.*:ALL"

# Postgres role
postgresql_user: postgres
postgresql_group: postgres
postgresql_unix_socket_directories:
- /var/run/postgresql
postgresql_service_state: started
postgresql_service_enabled: true
POSTGRES_CONNECTION_STRING: postgresql://quay@localhost:5432/clair?sslmode=disable


_mysql_packages:
default:
- mariadb-server
- mariadb-devel
- python2-mysql
RedHat-7:
- rh-mariadb103-scldevel.x86_64
- rh-mariadb103-syspaths
- MySQL-python
CentOS-7:
- mariadb-devel
- mariadb-server
- MySQL-python
CentOS:
- mysql-devel
- mysql-server
- python3-PyMySQL


_mysql_service:
default: mysql
Alpine: mariadb
Amazon: mariadb
Amazon-2018: mysqld
Archlinux: mariadb
Fedora: mariadb
RedHat-7: rh-mariadb103-mariadb
RedHat: mysqld

* `QUAY_IMAGE_VERSION`: `"quay.io/redhat/quay:v3.1.3"` - The source and tag of Quay container
* `docker_login_quay`: `"undefined"` - This optional value is pulled from the Red Hat solution to access quay images and the value is the entire login command such as: docker login -u='REDHAT_QUAY_USER' -p='LONG_UUID_STRING' quay.io" docker_login_quay:
* `docker_login_redhat`: `"docker login -u='{{ UPSTREAM_REGISTRY_USERNAME}}' -p='{{ UPSTREAM_REGISTRY_PASSWORD }}' https://registry.redhat.io"` - Command to access the Red Hat registry, built with UPSTREAM_REGISTRY_USERNAME and UPSTREAM_REGISTRY_PASSWORD variables
* `QUAY_DATABASE_CONTAINERIZE`: `false` - Boolean if databases should be deployed as RPMs or Containers
* `QUAY_MYSQL_DEPLOY`: `true` - Boolean on if mysql should be deployed for Quay
* `MYSQL_DATABASE`: `"enterpriseregistrydb"` - The database name to be created / used for quay
* `MYSQL_PASSWORD`: `"changeme"` - The mysql database password to be set/used
* `MYSQL_ROOT_PASSWORD`: `"changeme"` - The mysql root password
* `MYSQL_USER`: `"quayuser"` - The mysql database user
* `QUAY_POSTGRESQL_DEPLOY`: `true` - Boolean on if Postgresql should be deployed for Clair / Quay
* `POSTGRES_PORT_5432_TCP_PORT`: `5432` - Port to access postgres on
* `postgresql_quay_db`: `clair` - The postgres clair database
* `postgresql_quay_user`: `quay` - The postgres clair database user
* `postgresql_quay_user_password`: `changeme` - The postgres quay user password
* `postgresql_user`: `postgres` - The postgres admin user
* `QUAY_ENDPOINT`: `"quay-server.example.com"` - The FQDN for your quay system
* `QUAY_CONFIG_PASSWORD`: `'changeme'` - The password for the quay config UI
* `QUAY_CONFIG_PORT`: `'8443'` - The port to access the quay configuration pod
* `QUAY_CONFIG_TAR`: `'undefined'` - After running the quay configuration download the tarball and set the path on this variable QUAY_CONFIG_TAR: "PATH_TO_CONFIG_TAR_FILE"
* `QUAY_HTTP_PORT`: `'80'` - The port to access Quay if TLS is not enabled
* `QUAY_HTTPS_PORT`: `'443'` - The port to access Quay when TLS is enabled
* `CLAIR_ENDPOINT`: `'{{ QUAY_ENDPOINT }}'` - The FQDN for your clair server, defaults to same as quay
* `QUAY_CLAIR_HTTP_NO_PROXY`: `'undefined'` - list of systems not to proxy (standard NO_PROXY syntax) QUAY_CLAIR_HTTP_NO_PROXY: "{{ QUAY_ENDPOINT }}"
* `QUAY_CLAIR_HTTP_PROXY`: `'undefined'` - The address and port to http proxy server QUAY_CLAIR_HTTP_PROXY: http://proxy.example.com:8080
* `QUAY_CLAIR_HTTPS_PROXY`: `'undefined'` - The address and port to https proxy server QUAY_CLAIR_HTTPS_PROXY: http://proxy.example.com:8080
* `QUAY_REDIS_DEPLOY`: `'true'` - Boolean to decide if Redis should be deployed
* `quay_redis_password`: `'lkajsdlfkjwoeiruewoijdlkf'` - The password to set on deployed Redis
* `QUAY_REDIS_CONTAINERIZE`: `'true'` - If deployed Redis should be containerized
* `QUAY_ROOT_DIR`: `'/opt/quay'` - The directory where quay and clair configurations will be placed
* `QUAY_STORAGE_DIR`: `'unset'` - Optional extra directory to create that can hold container images QUAY_STORAGE_DIR: "{{ QUAY_ROOT_DIR }}/storage"
* `UPSTREAM_REGISTRY_PASSWORD`: `'jdoe'` - Username for the add repo playbook - should be replaced soon
* `UPSTREAM_REGISTRY_USERNAME`: `'password'` - Passowrd for the add repo playbook - should be replaced soon
* `QUAY_AUTH_TOKEN`: `'undefined'` - This is used for the api calls to populate the registry post install QUAY_AUTH_TOKEN: 'undefined'
* `SATELLITE_REGISTER`: `false` - This enables the satellite registration portion of the role that will be removed soon
* `quay_ansible_satellite_fqdn`: `'satellite.example.com'` - DEPRECATED Satellite FQDN
* `quay_ansible_satellite_key`: `'example-key'` - DEPRECATED Satellite key
* `quay_ansible_satellite_org`: `'example-org'` - DEPRECATED Satellite org
```
Dependencies
------------
Expand All @@ -170,12 +127,3 @@ Author Information
------------------
An optional section for the role authors to include contact information, or a website (HTML is not allowed).
#### NOTES
the create repo mirror wants the organization_name+mirror for the robot name
Need a robot creation after repo creation
Need a sync start
125 changes: 109 additions & 16 deletions defaults/main.yml
Original file line number Diff line number Diff line change
@@ -1,19 +1,112 @@
---
# defaults file for quay-ansible

# NFS based defaults
#nfs_rpcbind_state: started
#nfs_rpcbind_enabled: true

# Docker defaults
#docker_service_state: started
#docker_service_enabled: true
#docker_restart_handler_state: restarted
#docker_package: "docker"
#docker_package_state: present

# Redis defaults
#redis_port: 6379
#redis_bind_interface: 127.0.0.1

QUAY_CONFIG_TAR=YouForgotToDefineMe
# @var docker_login_quay: "undefined" # This optional value is pulled from the Red Hat solution to access quay images and the value is the entire login command such as: docker login -u='REDHAT_QUAY_USER' -p='LONG_UUID_STRING' quay.io"
# docker_login_quay:

# @var docker_login_redhat: "docker login -u='{{ UPSTREAM_REGISTRY_USERNAME}}' -p='{{ UPSTREAM_REGISTRY_PASSWORD }}' https://registry.redhat.io" # Command to access the Red Hat registry, built with UPSTREAM_REGISTRY_USERNAME and UPSTREAM_REGISTRY_PASSWORD variables
docker_login_redhat: docker login -u='{{ UPSTREAM_REGISTRY_USERNAME}}' -p='{{ UPSTREAM_REGISTRY_PASSWORD }}

### Generic Database ###
# @todo containerized database testing
# @var QUAY_DATABASE_CONTAINERIZE: false # Boolean if databases should be deployed as RPMs or Containers
QUAY_DATABASE_CONTAINERIZE: false

### MySQL ###
# @var QUAY_MYSQL_DEPLOY: true # Boolean on if mysql should be deployed for Quay
QUAY_MYSQL_DEPLOY: true

# @var MYSQL_DATABASE: "enterpriseregistrydb" # The database name to be created / used for quay
MYSQL_DATABASE: enterpriseregistrydb

# @var MYSQL_PASSWORD: "changeme" # The mysql database password to be set/used
MYSQL_PASSWORD: changeme

# @var MYSQL_ROOT_PASSWORD: "changeme" # The mysql root password
MYSQL_ROOT_PASSWORD: changeme

# @var MYSQL_USER: "quayuser" # The mysql database user
MYSQL_USER: quayuser

### Postgres ###
# @var QUAY_POSTGRESQL_DEPLOY: true # Boolean on if Postgresql should be deployed for Clair / Quay
QUAY_POSTGRESQL_DEPLOY: true

# @var POSTGRES_PORT_5432_TCP_PORT: 5432 # Port to access postgres on
POSTGRES_PORT_5432_TCP_PORT: 5432

# @todo this is actually being used for clair, need to test using clair and quay on postgres
# @var postgresql_quay_db: clair # The postgres clair database
postgresql_quay_db: clair

# @var postgresql_quay_user: quay # The postgres clair database user
postgresql_quay_user: quay

# @var postgresql_quay_user_password: changeme # The postgres quay user password
postgresql_quay_user_password: changeme

# @var postgresql_user: postgres # The postgres admin user
postgresql_user: postgres

### Quay ###
# @var QUAY_ENDPOINT: "quay-server.example.com" # The FQDN for your quay system
QUAY_ENDPOINT: quay-server.example.com

# @var QUAY_CONFIG_PASSWORD: 'changeme' # The password for the quay config UI
QUAY_CONFIG_PASSWORD: changeme

# @var QUAY_CONFIG_PORT: '8443' # The port to access the quay configuration pod
QUAY_CONFIG_PORT: 8443

# @var QUAY_CONFIG_TAR: 'undefined' # After running the quay configuration download the tarball and set the path on this variable
# QUAY_CONFIG_TAR: "PATH_TO_CONFIG_TAR_FILE"

# @var QUAY_HTTP_PORT: '80' # The port to access Quay if TLS is not enabled
QUAY_HTTP_PORT: 80

# @var QUAY_HTTPS_PORT: '443' # The port to access Quay when TLS is enabled
QUAY_HTTPS_PORT: 443

### Clair ###
# @var CLAIR_ENDPOINT: '{{ QUAY_ENDPOINT }}' # The FQDN for your clair server, defaults to same as quay
CLAIR_ENDPOINT: "{{ QUAY_ENDPOINT }}"

# @var QUAY_CLAIR_HTTP_NO_PROXY: 'undefined' # list of systems not to proxy (standard NO_PROXY syntax)
# QUAY_CLAIR_HTTP_NO_PROXY: "{{ QUAY_ENDPOINT }}"

# @var QUAY_CLAIR_HTTP_PROXY: 'undefined' # The address and port to http proxy server
# QUAY_CLAIR_HTTP_PROXY: http://proxy.example.com:8080

# @var QUAY_CLAIR_HTTPS_PROXY: 'undefined' # The address and port to https proxy server
# QUAY_CLAIR_HTTPS_PROXY: http://proxy.example.com:8080

### Redis ###
# @var QUAY_REDIS_DEPLOY: 'true' # Boolean to decide if Redis should be deployed
QUAY_REDIS_DEPLOY: true

# @var quay_redis_password: 'lkajsdlfkjwoeiruewoijdlkf' # The password to set on deployed Redis
quay_redis_password: lkajsdlfkjwoeiruewoijdlkf

# @var QUAY_REDIS_CONTAINERIZE: 'true' # If deployed Redis should be containerized
QUAY_REDIS_CONTAINERIZE: true

# @var QUAY_ROOT_DIR: '/opt/quay' # The directory where quay and clair configurations will be placed
QUAY_ROOT_DIR: /opt/quay

# @var QUAY_STORAGE_DIR: 'unset' # Optional extra directory to create that can hold container images
# QUAY_STORAGE_DIR: "{{ QUAY_ROOT_DIR }}/storage"

### Create Repo playbook ###
# @var UPSTREAM_REGISTRY_PASSWORD: 'jdoe' # Username for the add repo playbook - should be replaced soon
# @var UPSTREAM_REGISTRY_USERNAME: 'password' # Passowrd for the add repo playbook - should be replaced soon

### Deprecated ###
# @var QUAY_AUTH_TOKEN: 'undefined' # This is used for the api calls to populate the registry post install
# QUAY_AUTH_TOKEN: 'undefined'

# @var SATELLITE_REGISTER: false # This enables the satellite registration portion of the role that will be removed soon
SATELLITE_REGISTER: false

# @var quay_ansible_satellite_fqdn: 'satellite.example.com' # DEPRECATED Satellite FQDN
# @var quay_ansible_satellite_key: 'example-key' # DEPRECATED Satellite key
# @var quay_ansible_satellite_org: 'example-org'# DEPRECATED Satellite org
16 changes: 12 additions & 4 deletions deploy.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
---
- hosts: all
- hosts: quaysystems

handlers:
- name: Include all handlers
Expand All @@ -10,11 +10,11 @@
- name: Register system to satellite and repos
include_role:
name: register-system
when: SATELLITE_REGISTER
when: SATELLITE_REGISTER == True and SATELLITE_REGISTER is defined
tags:
- register

- hosts: database
- hosts: quaydatabase
handlers:
- name: Include all handlers
import_tasks: handlers/main.yml
Expand Down Expand Up @@ -61,6 +61,14 @@
tags:
- database

- name: Docker login to quay.io (when defined)
command: "{{ docker_login_quay }}"
when: docker_login_quay is defined

- name: Docker login to redhat.io (when defined)
command: "{{ docker_login_redhat }}"
when: docker_login_redhat is defined

- name: Deploy conatinerized mysql
include_tasks: tasks/deploy-mysql.yml
when: QUAY_MYSQL_DEPLOY and QUAY_DATABASE_CONTAINERIZE
Expand Down Expand Up @@ -136,7 +144,7 @@
tags:
- database

- hosts: redis
- hosts: quayredis
handlers:
- name: Include all handlers
import_tasks: handlers/main.yml
Expand Down
Loading

0 comments on commit dff7812

Please sign in to comment.