Remove registry installation from job

2025-10-09 23:26:06 +03:00
parent 414976a4bc
commit 36c6511ed6
10 changed files with 49 additions and 149 deletions
--- a/16
+++ b/16
@@ -13,6 +13,7 @@ pipeline {
    parameters {
        string(name: "target_host", defaultValue: "", trim: true, description: "Target host")
        booleanParam(name: "rproxy_install", defaultValue: true, description: "Install Rproxy")
+        string(name: "images_repo_url", defaultValue: "", trim: true, description: "Repository host with podman images (ex. rproxy.olsson.ul:5000)\n(for 'rproxy_install' job only)")
        booleanParam(name: "config_add", defaultValue: true, description: "Add config")
        string(name: "rproxy_service_name", defaultValue: "", trim: true, description: "Service name (for 'Add config' job only)")
        string(name: "rproxy_service_port", defaultValue: "", trim: true, description: "Service port (for 'Add config' job only)")
@@ -62,7 +63,13 @@ pipeline {
                                    inventory: 'hosts.ini',
                                    tags: 'install',
                                    colorized: true,
-                                    extras: '--private-key ${SSH_KEY} -e "ansible_user=${username} ansible_password=${password} rproxy_service_name=${rproxy_service_name} rproxy_service_port=${rproxy_service_port} rproxy_service_address=${rproxy_service_address}"'
+                                    extras: '''--private-key ${SSH_KEY} 
+                                    -e "ansible_user=${username} 
+                                    ansible_password=${password} 
+                                    rproxy_service_name=${rproxy_service_name} 
+                                    rproxy_service_port=${rproxy_service_port} 
+                                    rproxy_service_address=${rproxy_service_address} 
+                                    image_repo=${images_repo_url}"'''
                                )
                            }                            
                        }
@@ -89,7 +96,12 @@ pipeline {
                                    inventory: 'hosts.ini',
                                    tags: 'add_config',
                                    colorized: true,
-                                    extras: '--private-key ${SSH_KEY} -e "ansible_user=${username} ansible_password=${password} rproxy_service_name=${rproxy_service_name} rproxy_service_port=${rproxy_service_port} rproxy_service_address=${rproxy_service_address}"'
+                                    extras: '''--private-key ${SSH_KEY} 
+                                    -e "ansible_user=${username} 
+                                    ansible_password=${password} 
+                                    rproxy_service_name=${rproxy_service_name} 
+                                    rproxy_service_port=${rproxy_service_port} 
+                                    rproxy_service_address=${rproxy_service_address}"'''
                                )
                            }  
                        }
--- a/README.md
+++ b/README.md
@@ -3,12 +3,11 @@
 ## Content
 * Reverse proxy
 * HTTPS file share
-* Docker-registry

 ## Installation
 ```yml
 target_host: Enter FQDN or IP Address of target host
-rproxy_install: Install rproxy, https repo and docker-registry if checked
+rproxy_install: Install rproxy and https repo if checked
 config_add: Will config be created

 rproxy_service_name: Server/service name without domain suffix
@@ -34,13 +33,7 @@ Allows redirecting requests based on fqdn to the required address and ports with
 Would be installed with rproxy service. Hosted on port 9000. \
 Files should be stored in /opt/rproxy/repo/ to be shared.

-## Docker-registry
-Would be installed with rproxy service. Hosted on port 5000.
-Images would be stored in /opt/dockerrepo/repo/. Uses SSL so you should have trust with root certificate. \
-Install trust with root certificate
-How to store image:
+Put file in repo
 ```bash
-# After image build
-docker tag $image $registry_address:5000/$image
-docker push $registry_address:5000/$image
-```
+curl -T kafka_4.1.tar https://rproxy.olsson.ul:9000/podman/kafka/4.1/kafka_4.1.tar -k
+```
--- a/roles/rproxy/files/repo.conf
+++ b/roles/rproxy/files/repo.conf
@@ -20,7 +20,7 @@ server {
        dav_methods PUT DELETE MKCOL;
        dav_access user:rw group:r all:r;
        create_full_put_path on;
-        client_max_body_size 100m;
+        client_max_body_size 5g;

        # auth_basic "Needs to auth";
        # auth_basic_user_file /etc/nginx/.htpasswd;
--- a/roles/rproxy/tasks/addconfig.yml
+++ b/roles/rproxy/tasks/addconfig.yml
@@ -45,6 +45,17 @@
      become_user: "{{ ansible_user }}"
      ignore_errors: true

+    - name: Get all tracking certificates
+      ansible.builtin.shell:
+        cmd: ipa-getcert list | grep "ID" | awk '{print $NF}' | tr -d "'\|:"
+      register: tracking_list
+
+    - name: Remove certificates from IPA tracking
+      ansible.builtin.shell:
+        cmd: "ipa-getcert stop-tracking -i {{ item }}"
+      loop: "{{ tracking_list.stdout_lines }}"
+      ignore_errors: true
+
    - name: Request certificate via ipa-getcert
      ansible.builtin.command: >
        ipa-getcert request
@@ -53,8 +64,6 @@
        -K HTTP/{{ rproxy_service_name }}.{{ ansible_facts['domain'] }}
        -N CN={{ rproxy_service_name }}.{{ ansible_facts['domain'] }}

-    # sudo ipa-getcert stop-tracking -i 20250813210258 if track already exists
-
    - name: Wait for certificate to appear
      ansible.builtin.wait_for:
        path: "{{ rproxy_dir }}/certs/{{ rproxy_service_name }}.{{ ansible_facts['domain'] }}.crt"
--- a/roles/rproxy/tasks/dockerrepo.yml
+++ b/roles/rproxy/tasks/dockerrepo.yml
@@ -1,113 +0,0 @@
---
- name: Prepare for image repository
-  block:
-    - name: Remove dockerrepo dir
-      ansible.builtin.file:
-        path: "{{ dockerrepo_dir }}"
-        state: absent
-
-    - name: Create dockerrepo dir
-      ansible.builtin.file:
-        path: "{{ dockerrepo_dir }}"
-        state: directory
-
-    - name: Create repo dir
-      ansible.builtin.file:
-        path: "{{ dockerrepo_data_dir }}"
-        state: directory
-
-    - name: Create certs dir
-      ansible.builtin.file:
-        path: "{{ dockerrepo_dir }}/certs"
-        state: directory
-
- name: Create certificates for image repository
-  block:
-    - name: Kinit
-      ansible.builtin.shell:
-        cmd: "echo '{{ ansible_password }}' | kinit"
-      become: false
-      become_user: "{{ ansible_user }}"
-
-    - name: Create SPN for HTTP
-      ansible.builtin.shell:
-        cmd: "ipa service-add HTTP/{{ ansible_facts['hostname'] }}.{{ ansible_facts['domain'] }}"
-      become: false
-      become_user: "{{ ansible_user }}"
-      ignore_errors: true
-
-    - name: Request certificate via ipa-getcert
-      ansible.builtin.command: >
-        ipa-getcert request
-        -f {{ rproxy_dir }}/certs/dockerrepo.crt
-        -k {{ rproxy_dir }}/certs/dockerrepo.key
-        -K HTTP/{{ ansible_facts['hostname'] }}.{{ ansible_facts['domain'] }}
-        -N CN={{ ansible_facts['hostname'] }}.{{ ansible_facts['domain'] }}
-
-    # sudo ipa-getcert stop-tracking -i 20250813210258 if track already exists
-
-    - name: Wait for certificate to appear
-      ansible.builtin.wait_for:
-        path: "{{ rproxy_dir }}/certs/dockerrepo.crt"
-        timeout: 60
-
-    - name: Change certificate permissions
-      ansible.builtin.file:
-        path: "{{ rproxy_dir }}/certs/dockerrepo.crt"
-        mode: "0744"
-
-    - name: Wait for certificate key to appear
-      ansible.builtin.wait_for:
-        path: "{{ rproxy_dir }}/certs/dockerrepo.key"
-        timeout: 60
-
-    - name: Change certificate key permissions
-      ansible.builtin.file:
-        path: "{{ rproxy_dir }}/certs/dockerrepo.key"
-        mode: "0744"
-
- name: Start image repository
-  block:
-    - name: Pull repo image
-      containers.podman.podman_image:
-        name: registry:latest
-        state: present
-
-    - name: Delete image repository container if exists
-      containers.podman.podman_container:
-        name: registry
-        state: absent
-
-    - name: Start registry
-      containers.podman.podman_container:
-        name: registry
-        image: registry:latest
-        state: started
-        ports:
-            - "5000:5000"
-        env:
-          REGISTRY_HTTP_TLS_CERTIFICATE: "/certs/dockerrepo.crt"
-          REGISTRY_HTTP_TLS_KEY: "/certs/dockerrepo.key"
-        volumes:
-          - "{{ dockerrepo_data_dir }}:/var/lib/registry:z,rw"
-          - "{{ dockerrepo_dir }}/certs:/certs:z,rw"
-          - "/etc/localtime:/etc/localtime:ro"
-        privileged: true
-        security_opt:
-          - "label=disable"
-        log_driver: journald
-        generate_systemd:
-          path: /etc/systemd/system/
-          restart_policy: always
-          stop_timeout: 120
-          names: true
-
-    - name: Daemon reload
-      ansible.builtin.shell:
-        cmd: systemctl daemon-reload
-
-    - name: Enable registry service
-      ansible.builtin.systemd:
-        name: "container-registry.service"
-        state: started
-        enabled: yes
--- a/roles/rproxy/tasks/main.yml
+++ b/roles/rproxy/tasks/main.yml
@@ -23,14 +23,6 @@
  tags:
  - install

- name: Docker repo install
-  ansible.builtin.include_tasks: 
-    file: dockerrepo.yml
-    apply:
-      tags: install
-  tags:
-  - install
-
 - name: Add config
  ansible.builtin.include_tasks: 
    file: addconfig.yml
--- a/roles/rproxy/tasks/repo.yml
+++ b/roles/rproxy/tasks/repo.yml
@@ -12,6 +12,12 @@
        src: files/repo.conf
        dest: "{{ rproxy_dir }}/sites/repo.conf"

+    - name: Install createrepo
+      ansible.builtin.yum:
+        name:
+          - createrepo
+        update_cache: yes
+
 - name: Create https certificates for repository
  block:
    - name: Kinit
--- a/roles/rproxy/tasks/rproxy.yml
+++ b/roles/rproxy/tasks/rproxy.yml
@@ -6,11 +6,6 @@
        path: "{{ rproxy_dir }}"
        state: absent

-    - name: Create data dir
-      ansible.builtin.file:
-        path: "{{ data_dir }}"
-        state: directory
-
    - name: Create rproxy dir
      ansible.builtin.file:
        path: "{{ rproxy_dir }}"
@@ -40,7 +35,7 @@
  block:
    - name: Pull rproxy image
      containers.podman.podman_image:
-        name: "docker.io/library/nginx:{{ rproxy_version }}"
+        name: "{{ image_repo }}/{{ rproxy_image }}:{{ rproxy_version }}"
        state: present

    - name: Delete rproxy container if exists
@@ -51,7 +46,7 @@
    - name: Start rproxy
      containers.podman.podman_container:
        name: rproxy
-        image: "docker.io/library/nginx:{{ rproxy_version }}"
+        image: "{{ image_repo }}/{{ rproxy_image }}:{{ rproxy_version }}"
        state: started
        ports:
            - "443:443"
--- a/roles/rproxy/vars/main.yml
+++ b/roles/rproxy/vars/main.yml
@@ -1,7 +1,9 @@
+---
+# General
 ansible_python_interpreter: /usr/bin/python3
+
+# Rproxy
+rproxy_image: nginx
+rproxy_version: 1.29
 rproxy_dir: /opt/rproxy
-rproxy_version: 1.29.0
-data_dir: /opt/data
-repo_data_dir: /opt/data/repo
-dockerrepo_dir: /opt/dockerrepo
-dockerrepo_data_dir: /opt/data/dockerrepo
+repo_data_dir: /opt/repodata
--- a/rproxy.yml
+++ b/rproxy.yml
@@ -18,5 +18,9 @@
      prompt: Enter service for rproxy
      private: false

+    - name: image_repo
+      prompt: Enter repository address with podman images (ex. rproxy.olsson.ul:5000)
+      private: false
+
  roles:
    - rproxy