Replace the push-docker role by login-registry and use podman.

This commit replaces the push-docker role which depends on docker by a new role login-registry which is using podman instead. Fixes https://pagure.io/fedora-infrastructure/issue/8393 Signed-off-by: Clement Verna <cverna@tutanota.com>
2020-01-16 15:30:26 +01:00 · 2020-01-16 15:30:26 +01:00 · 85be95fb79
commit 85be95fb79
parent d5abe969e1
5 changed files with 36 additions and 43 deletions
--- a/playbooks/groups/oci-registry.yml
+++ b/playbooks/groups/oci-registry.yml
@ -80,7 +80,7 @@

    # Setup compose-x86-01 push docker images to registry
    - {
-      role: push-docker,
+      role: login-registry,
        candidate_registry: "candidate-registry.stg.fedoraproject.org",
        candidate_registry_osbs_username: "{{candidate_registry_osbs_stg_username}}",
        candidate_registry_osbs_password: "{{candidate_registry_osbs_stg_password}}",
@ -88,7 +88,7 @@
      delegate_to: compose-x86-01.phx2.fedoraproject.org
    }
    - {
-      role: push-docker,
+      role: login-registry,
        candidate_registry: "candidate-registry.fedoraproject.org",
        candidate_registry_osbs_username: "{{candidate_registry_osbs_prod_username}}",
        candidate_registry_osbs_password: "{{candidate_registry_osbs_prod_password}}",
--- a/playbooks/groups/releng-compose.yml
+++ b/playbooks/groups/releng-compose.yml
@ -57,7 +57,7 @@
    nfs_src_dir: 'fedora_ftp/fedora.redhat.com/pub'
    when: "'releng_compose' in group_names"
 #
-# mount archive volumes on composer so we can run the archiving script there. 
+# mount archive volumes on composer so we can run the archiving script there.
 #
  - role: nfs/client
    mnt_dir: '/mnt/fedora_koji/koji/vol/fedora_koji_archive00'
@ -106,26 +106,26 @@
      key_src: "{{private}}/files/docker-registry/{{env}}/pki/private/containerstable.key",
    when: env == "production"
  }
-#  - {
-#    role: push-docker,
-#      candidate_registry: "candidate-registry.stg.fedoraproject.org",
-#      candidate_registry_osbs_username: "{{candidate_registry_osbs_stg_username}}",
-#      candidate_registry_osbs_password: "{{candidate_registry_osbs_stg_password}}",
-#  }
-#  - {
-#    role: push-docker,
-#      candidate_registry: "candidate-registry.fedoraproject.org",
-#      candidate_registry_osbs_username: "{{candidate_registry_osbs_prod_username}}",
-#      candidate_registry_osbs_password: "{{candidate_registry_osbs_prod_password}}",
-#    when: env == "production"
-#  }
-#  - {
-#    role: push-docker,
-#      candidate_registry: "quay.io",
-#      candidate_registry_osbs_username: "{{quay_io_username}}",
-#      candidate_registry_osbs_password: "{{quay_io_password}}",
-#    when: env == "production"
-#  }
+  - {
+    role: login-registry,
+      candidate_registry: "candidate-registry.stg.fedoraproject.org",
+      candidate_registry_osbs_username: "{{candidate_registry_osbs_stg_username}}",
+      candidate_registry_osbs_password: "{{candidate_registry_osbs_stg_password}}",
+  }
+  - {
+    role: login-registry,
+      candidate_registry: "candidate-registry.fedoraproject.org",
+      candidate_registry_osbs_username: "{{candidate_registry_osbs_prod_username}}",
+      candidate_registry_osbs_password: "{{candidate_registry_osbs_prod_password}}",
+    when: env == "production"
+  }
+  - {
+    role: login-registry,
+      candidate_registry: "quay.io",
+      candidate_registry_osbs_username: "{{quay_io_username}}",
+      candidate_registry_osbs_password: "{{quay_io_password}}",
+    when: env == "production"
+  }


  tasks:
--- a/roles/login-registry/tasks/main.yml
+++ b/roles/login-registry/tasks/main.yml
@ -0,0 +1,12 @@
+---
+# tasks file for login-registry role
+# This role is used to login to a registry using the
+# podman client.
+
+- name: install podman
+  package:
+    name: podman
+    state: present
+
+- name: Log into the candidate-registry
+  cmd: podman login {{candidate_registry}} -u {{candidate_registry_osbs_username}} -p {{candidate_registry_osbs_password}}
--- a/roles/push-container-registry/tasks/main.yml
+++ b/roles/push-container-registry/tasks/main.yml
@ -3,7 +3,7 @@
 # This role install skopeo and the certificates
 # needed to push container images to our production registry.
 # Note : push to the candidate-registry is done using docker login
-# see the push-docker role.
+# see the login-registry role.

 - name: install necessary packages
  package:
--- a/roles/push-docker/tasks/main.yml
+++ b/roles/push-docker/tasks/main.yml
@ -1,19 +0,0 @@
---
-# tasks file for push-docker role
-# This role is used to login to a registry using the
-# docker client.
-
- name: install docker and python-docker
-  package: name="{{ item }}" state=present
-  with_items:
-    - docker
-    - python3-docker
-
- name: start and enable docker
-  service: name=docker state=started enabled=yes
-
- name: Log into the candidate-registry
-  docker_login:
-    registry: "{{candidate_registry}}"
-    username: "{{candidate_registry_osbs_username}}"
-    password: "{{candidate_registry_osbs_password}}"