120 lines
3.7 KiB
YAML
120 lines
3.7 KiB
YAML
---
|
|
- name: Ensure Registry auth directory exists
|
|
file:
|
|
path: "{{ registry_auth_path }}"
|
|
state: directory
|
|
mode: '0755'
|
|
become: yes
|
|
|
|
- name: Check if registry vault file exists
|
|
stat:
|
|
path: "{{ registry_vault_file }}"
|
|
delegate_to: localhost
|
|
register: registry_vault_stat
|
|
become: no
|
|
|
|
- name: Optionally load registry credentials from vault
|
|
include_vars:
|
|
file: "{{ registry_vault_file }}"
|
|
when: registry_vault_stat.stat.exists
|
|
no_log: yes
|
|
delegate_to: localhost
|
|
become: no
|
|
register: registry_vault_vars
|
|
failed_when: false
|
|
|
|
- name: Fail if registry vault decryption failed
|
|
fail:
|
|
msg: >
|
|
Failed to decrypt {{ registry_vault_file }}.
|
|
Provide a valid vault password (e.g. via --vault-password-file) or update docker_registry_password_default.
|
|
when:
|
|
- not ansible_check_mode
|
|
- registry_vault_stat.stat.exists
|
|
- registry_vault_vars is defined
|
|
- registry_vault_vars.failed | default(false)
|
|
|
|
- name: Set registry credentials from vault or defaults or generate
|
|
set_fact:
|
|
registry_username: "{{ vault_docker_registry_username | default(docker_registry_username_default) }}"
|
|
registry_password: >-
|
|
{{
|
|
vault_docker_registry_password
|
|
| default(docker_registry_password_default)
|
|
| default(lookup('password', '/dev/null length=32 chars=ascii_letters,digits'))
|
|
}}
|
|
no_log: true
|
|
|
|
- name: Create Registry htpasswd file if missing
|
|
shell: |
|
|
docker run --rm --entrypoint htpasswd httpd:2 -Bbn {{ registry_username }} {{ registry_password }} > {{ registry_auth_path }}/htpasswd
|
|
chmod 644 {{ registry_auth_path }}/htpasswd
|
|
args:
|
|
executable: /bin/bash
|
|
creates: "{{ registry_auth_path }}/htpasswd"
|
|
become: yes
|
|
no_log: true
|
|
when: not ansible_check_mode
|
|
|
|
- name: Deploy Docker Registry stack
|
|
community.docker.docker_compose_v2:
|
|
project_src: "{{ registry_stack_path }}"
|
|
state: present
|
|
pull: always
|
|
register: registry_compose_result
|
|
|
|
- name: Wait for Docker Registry to be ready
|
|
wait_for:
|
|
timeout: "{{ registry_wait_timeout }}"
|
|
when: registry_compose_result.changed
|
|
|
|
- name: Check Registry container status
|
|
shell: |
|
|
docker compose -f {{ registry_stack_path }}/docker-compose.yml ps registry | grep -Eiq "Up|running"
|
|
register: registry_state
|
|
changed_when: false
|
|
until: registry_state.rc == 0
|
|
retries: "{{ ((registry_wait_timeout | int) + (registry_wait_interval | int) - 1) // (registry_wait_interval | int) }}"
|
|
delay: "{{ registry_wait_interval | int }}"
|
|
failed_when: registry_state.rc != 0
|
|
when: not ansible_check_mode
|
|
|
|
- name: Check Registry logs for readiness
|
|
shell: docker compose logs registry 2>&1 | grep -Ei "(listening on|listening at|http server)" || true
|
|
args:
|
|
chdir: "{{ registry_stack_path }}"
|
|
register: registry_logs
|
|
until: registry_logs.stdout != ""
|
|
retries: 6
|
|
delay: 10
|
|
changed_when: false
|
|
failed_when: false
|
|
when: not ansible_check_mode
|
|
|
|
- name: Verify Registry is accessible
|
|
uri:
|
|
url: "{{ registry_healthcheck_url }}"
|
|
user: "{{ registry_username }}"
|
|
password: "{{ registry_password }}"
|
|
status_code: 200
|
|
timeout: 5
|
|
register: registry_check
|
|
ignore_errors: yes
|
|
changed_when: false
|
|
no_log: true
|
|
when:
|
|
- not ansible_check_mode
|
|
- registry_healthcheck_enabled | bool
|
|
|
|
- name: Display Registry status
|
|
debug:
|
|
msg: "Registry accessibility: {{ 'SUCCESS' if registry_check.status == 200 else 'FAILED - may need manual check' }}"
|
|
when:
|
|
- not ansible_check_mode
|
|
- registry_healthcheck_enabled | bool
|
|
|
|
- name: Record registry deployment facts
|
|
set_fact:
|
|
registry_stack_changed: "{{ registry_compose_result.changed | default(false) }}"
|
|
registry_access_status: "{{ registry_check.status | default('disabled' if not registry_healthcheck_enabled else 'unknown') }}"
|