From 356d7cb64cd2cd09f35b0e7865dbb6fb3a197165 Mon Sep 17 00:00:00 2001 From: mpavlov Date: Thu, 3 Oct 2024 22:47:28 +0300 Subject: [PATCH 1/5] created dockerrepo preparings --- roles/rproxy/tasks/main.yml | 62 +++++++++++++++++-- .../docker-compose.dockerrepo.yml.j2 | 15 +++++ ...se.yml.j2 => docker-compose.rproxy.yml.j2} | 0 roles/rproxy/templates/dockerrepo.cnf.j2 | 29 +++++++++ rproxy.yml | 1 + 5 files changed, 101 insertions(+), 6 deletions(-) create mode 100644 roles/rproxy/templates/docker-compose.dockerrepo.yml.j2 rename roles/rproxy/templates/{docker-compose.yml.j2 => docker-compose.rproxy.yml.j2} (100%) create mode 100644 roles/rproxy/templates/dockerrepo.cnf.j2 diff --git a/roles/rproxy/tasks/main.yml b/roles/rproxy/tasks/main.yml index 729856d..9d21948 100644 --- a/roles/rproxy/tasks/main.yml +++ b/roles/rproxy/tasks/main.yml @@ -7,6 +7,11 @@ - install - add_config + - name: Get IP address + ansible.builtin.shell: + cmd: hostname -I | awk '{print $1}' + register: IP + - name: Install docker (Debian) ansible.builtin.apt: name: @@ -58,7 +63,7 @@ - name: Copy docker-compose ansible.builtin.template: - src: templates/docker-compose.yml.j2 + src: templates/docker-compose.rproxy.yml.j2 dest: "{{ rproxy_dir }}/docker-compose.yml" - name: Copy nginx.conf @@ -83,11 +88,6 @@ - name: Create https repository block: - - name: Get IP address - ansible.builtin.shell: - cmd: hostname -I | awk '{print $1}' - register: IP - - name: Create repo dir ansible.builtin.file: path: "{{ rproxy_dir }}/repo" @@ -137,6 +137,56 @@ restarted: true tags: install +- name: Create docker repository + block: + - name: Create repo dir + ansible.builtin.file: + path: "{{ dockerrepo_dir }}/repo" + state: directory + + - name: Create certs dir + ansible.builtin.file: + path: "{{ dockerrepo_dir }}/certs" + state: directory + + - name: Copy dockerrepo certificate cnf + ansible.builtin.template: + src: templates/dockerrepo.cnf.j2 + dest: '{{ dockerrepo_dir }}/certs/dockerrepo.cnf' + + - name: Generate dockerrepo certificate key + ansible.builtin.shell: + cmd: 'openssl genrsa -out {{ dockerrepo_dir }}/certs/dockerrepo.key 2048' + + - name: Generate dockerrepo csr + ansible.builtin.shell: + cmd: 'openssl req -key {{ dockerrepo_dir }}/certs/dockerrepo.key -new -out {{ dockerrepo_dir }}/certs/dockerrepo.csr -config {{ dockerrepo_dir }}/certs/dockerrepo.cnf' + + - name: Sign dockerrepo certificate + ansible.builtin.shell: + cmd: 'openssl x509 -req -CA {{ rproxy_dir }}/certs/RootCA.crt -CAkey {{ rproxy_dir }}/certs/RootCA.key -in {{ dockerrepo_dir }}/certs/dockerrepo.csr -out {{ dockerrepo_dir }}/certs/dockerrepo.crt -CAcreateserial -extfile {{ dockerrepo_dir }}/certs/dockerrepo.cnf -days 365 -extensions v3_x509' + + - name: Create fullchain certificate + ansible.builtin.shell: + cmd: 'cat {{ rproxy_dir }}/certs/RootCA.crt >> {{ dockerrepo_dir }}/certs/dockerrepo.crt' + + - name: Delete csr + ansible.builtin.file: + path: "{{ dockerrepo_dir }}/certs/dockerrepo.csr" + state: absent + + - name: Delete cnf + ansible.builtin.file: + path: "{{ dockerrepo_dir }}/certs/dockerrepo.cnf" + state: absent + + - name: Restart rproxy + community.docker.docker_compose: + project_src: "{{ dockerrepo_dir }}" + build: false + restarted: true + tags: install + - name: Create configs block: - name: Copy server.conf diff --git a/roles/rproxy/templates/docker-compose.dockerrepo.yml.j2 b/roles/rproxy/templates/docker-compose.dockerrepo.yml.j2 new file mode 100644 index 0000000..971f030 --- /dev/null +++ b/roles/rproxy/templates/docker-compose.dockerrepo.yml.j2 @@ -0,0 +1,15 @@ +version: '3.3' + +services: + nginx: + image: registry:latest + container_name: dockerrepo + restart: always + environment: + - REGISTRY_HTTP_TLS_CERTIFICATE=/certs/dockerrepo.crt + - REGISTRY_HTTP_TLS_KEY=/certs/dockerrepo.key + volumes: + - {{ dockerrepo_dir }}/repo:/var/lib/registry + - {{ dockerrepo_dir }}/certs:/certs + ports: + - 5000:5000 \ No newline at end of file diff --git a/roles/rproxy/templates/docker-compose.yml.j2 b/roles/rproxy/templates/docker-compose.rproxy.yml.j2 similarity index 100% rename from roles/rproxy/templates/docker-compose.yml.j2 rename to roles/rproxy/templates/docker-compose.rproxy.yml.j2 diff --git a/roles/rproxy/templates/dockerrepo.cnf.j2 b/roles/rproxy/templates/dockerrepo.cnf.j2 new file mode 100644 index 0000000..0167769 --- /dev/null +++ b/roles/rproxy/templates/dockerrepo.cnf.j2 @@ -0,0 +1,29 @@ +[ req ] +prompt = no +distinguished_name = dockerrepo.{{ domain.stdout }} +req_extensions = v3_req +x509_extensions = v3_x509 + + +[ dockerrepo.{{ domain.stdout }} ] +countryName = RU +stateOrProvinceName = RU +localityName = MSK +organizationName = {{ domain.stdout }} +organizationalUnitName = IT +commonName = dockerrepo.{{ domain.stdout }} +emailAddress = admin@{{ domain.stdout }} + +[ v3_req ] +basicConstraints = CA:false +keyUsage = digitalSignature, keyEncipherment +subjectAltName = @sans + +[ v3_x509 ] +basicConstraints = CA:false +keyUsage = digitalSignature, keyEncipherment +subjectAltName = @sans + +[ sans ] +DNS.1 = dockerrepo.{{ domain.stdout }} +IP.1 = {{ IP.stdout }} \ No newline at end of file diff --git a/rproxy.yml b/rproxy.yml index 9ee0785..8b2b0cb 100644 --- a/rproxy.yml +++ b/rproxy.yml @@ -5,6 +5,7 @@ vars: ansible_python_interpreter: /usr/bin/python3 rproxy_dir: /opt/rproxy + dockerrepo_dir: /opt/dockerrepo vars_prompt: - name: rproxy_service_name -- 2.49.1 From d5eea97332eedb417f9f8f16afc5eddcd7daf614 Mon Sep 17 00:00:00 2001 From: mpavlov Date: Thu, 3 Oct 2024 22:49:46 +0300 Subject: [PATCH 2/5] creation of dockerrepo dir --- roles/rproxy/tasks/main.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/roles/rproxy/tasks/main.yml b/roles/rproxy/tasks/main.yml index 9d21948..5860f74 100644 --- a/roles/rproxy/tasks/main.yml +++ b/roles/rproxy/tasks/main.yml @@ -139,6 +139,16 @@ - name: Create docker repository block: + - name: Remove dockerrepo dir + ansible.builtin.file: + path: "{{ dockerrepo_dir }}" + state: absent + + - name: Create dockerrepo dir + ansible.builtin.file: + path: "{{ dockerrepo_dir }}" + state: directory + - name: Create repo dir ansible.builtin.file: path: "{{ dockerrepo_dir }}/repo" -- 2.49.1 From c9ed16169cae8b12c296497526dbfd2a73858cf0 Mon Sep 17 00:00:00 2001 From: mpavlov Date: Thu, 3 Oct 2024 22:55:26 +0300 Subject: [PATCH 3/5] fix EOF --- roles/rproxy/tasks/main.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/rproxy/tasks/main.yml b/roles/rproxy/tasks/main.yml index 5860f74..ffc65e3 100644 --- a/roles/rproxy/tasks/main.yml +++ b/roles/rproxy/tasks/main.yml @@ -7,10 +7,10 @@ - install - add_config - - name: Get IP address - ansible.builtin.shell: - cmd: hostname -I | awk '{print $1}' - register: IP +- name: Get IP address + ansible.builtin.shell: + cmd: hostname -I | awk '{print $1}' + register: IP - name: Install docker (Debian) ansible.builtin.apt: -- 2.49.1 From 702e07ee41421e4f8432f40a82af50221e6174c7 Mon Sep 17 00:00:00 2001 From: mpavlov Date: Thu, 3 Oct 2024 22:57:05 +0300 Subject: [PATCH 4/5] added tag to get IP --- roles/rproxy/tasks/main.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/rproxy/tasks/main.yml b/roles/rproxy/tasks/main.yml index ffc65e3..e82f0c6 100644 --- a/roles/rproxy/tasks/main.yml +++ b/roles/rproxy/tasks/main.yml @@ -11,6 +11,8 @@ ansible.builtin.shell: cmd: hostname -I | awk '{print $1}' register: IP + tags: + - install - name: Install docker (Debian) ansible.builtin.apt: -- 2.49.1 From f092b05f3697fdb87fa643ae3baba887946f8271 Mon Sep 17 00:00:00 2001 From: mpavlov Date: Thu, 3 Oct 2024 23:06:03 +0300 Subject: [PATCH 5/5] copy docker-compose --- roles/rproxy/tasks/main.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/roles/rproxy/tasks/main.yml b/roles/rproxy/tasks/main.yml index e82f0c6..74a8f2b 100644 --- a/roles/rproxy/tasks/main.yml +++ b/roles/rproxy/tasks/main.yml @@ -161,6 +161,11 @@ path: "{{ dockerrepo_dir }}/certs" state: directory + - name: Copy docker-compose + ansible.builtin.template: + src: templates/docker-compose.dockerrepo.yml.j2 + dest: "{{ dockerrepo_dir }}/docker-compose.yml" + - name: Copy dockerrepo certificate cnf ansible.builtin.template: src: templates/dockerrepo.cnf.j2 -- 2.49.1