Load docker images only on image_registry host (hitachienergy#617)

* Load docker images only on image_registry host

* Use local image registry by default for auth-service and rabbitmq

core/src/epicli/data/common/ansible/playbooks/image_registry.yml

@@ -1,9 +1,5 @@
 ---
-# Ansible playbook that makes sure the base items for all nodes are installed
-
-- hosts: all
-  gather_facts: yes
-  tasks: [ ]  
+# Ansible playbook that creates local docker image registry
 
 - hosts: image_registry
   become: true

core/src/epicli/data/common/ansible/playbooks/roles/applications/templates/auth-service/auth-service.yml.j2

@@ -194,7 +194,11 @@ spec:
               name: {{ auth_service_name }}-db
         - name: X509_CA_BUNDLE
           value: "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt"
+{% if data.use_local_image_registry is undefined or data.use_local_image_registry is sameas true %}
+        image: {{ image_registry_address }}/{{ data.image_path }}
+{% else %}
         image: {{ data.image_path }}
+{% endif %}
         imagePullPolicy: IfNotPresent
         name: {{ auth_service_name }}
         ports:

core/src/epicli/data/common/ansible/playbooks/roles/applications/templates/rabbitmq/rabbitmq.yml.j2

@@ -78,9 +78,13 @@ spec:
     spec:
       serviceAccountName: {{ rabbitmq_service_name }}
       terminationGracePeriodSeconds: 10
-      containers:        
+      containers:
       - name: {{ rabbitmq_service_name }}
+{% if data.use_local_image_registry is undefined or data.use_local_image_registry is sameas true %}
+        image: {{ image_registry_address }}/{{ data.image_path }}
+{% else %}
         image: {{ data.image_path }}
+{% endif %}
         volumeMounts:
           - name: config-volume
             mountPath: /etc/rabbitmq
@@ -124,7 +128,7 @@ spec:
                 name: {{ rabbitmq_service_name }}-cookie
 {% if data.image_pull_secret_name is defined and data.image_pull_secret_name|length %}
       imagePullSecrets:
-      - name: {{ data.image_pull_secret_name  }}
+      - name: {{ data.image_pull_secret_name }}
 {% endif %}
       volumes:
         - name: config-volume

core/src/epicli/data/common/ansible/playbooks/roles/image_registry/tasks/load-image.yml

@@ -0,0 +1,43 @@
+---
+- name: Set tag name with local image registry
+  set_fact:
+     new_image_tag: "{{ image_registry_address }}/{{ docker_image.name }}"
+  changed_when: false
+  when:
+    - docker_image.name != specification.registry_image.name
+
+- name: Check if image is already loaded
+  shell: >-
+    docker images {{ new_image_tag if (docker_image.name != specification.registry_image.name)
+                                   else docker_image.name }} --format {{ '{{' }}.ID{{ '}}' }}
+  register: image_check
+  ignore_errors: true
+  changed_when: false
+
+- name: Load image if does not exists
+  block:
+    - name: Download image file
+      include_role:
+        name: download
+        tasks_from: download_image
+      vars:
+        file_name: "{{ docker_image.file_name }}"
+
+    - name: Load image {{ docker_image.name }}
+      become: yes
+      shell: "docker load --input {{ download_directory }}/{{ docker_image.file_name }}"
+
+    - name: Tag image {{ docker_image.name }} with {{ new_image_tag }}
+      become: yes
+      shell: "docker tag {{ docker_image.name }} {{ new_image_tag }}"
+      when:
+        - docker_image.name != specification.registry_image.name
+
+    - name: Push image to registry {{ docker_image.name }}
+      become: yes
+      shell: "docker push {{ new_image_tag }}"
+      when:
+        - docker_image.name != specification.registry_image.name
+
+  when:
+    - image_check.stdout | length == 0

core/src/epicli/data/common/ansible/playbooks/roles/image_registry/tasks/main.yml

@@ -1,32 +1,27 @@
 ---
-- name: Check if image is already loaded
-  shell: "docker images {{ specification.repository_image.name }} --format {{ '{{' }}.ID{{ '}}' }}"
-  register: image_check
-  ignore_errors: true
-  changed_when: false
-
-- name: Load image if does not exists
+- name: Load images and run local registry
   block:
-  - name: Download file
-    include_role:
-      name: download
-      tasks_from: download_image
-    vars:
-      file_name: "{{ specification.repository_image.file_name }}"
+    - name: Load registry image
+      include_tasks: "load-image.yml"
+      vars:
+        docker_image: "{{ specification.registry_image }}"
+
+    - name: Check if registry is running
+      become: yes
+      shell: docker ps | grep registry:2 | cat
+      register: regitry_up_check
+      check_mode: no
 
-  - name: Load image {{ specification.repository_image.name }}
-    become: yes
-    shell: "docker load --input {{ download_directory }}/{{ specification.repository_image.file_name }}"
-  when: image_check.stdout | length == 0
+    # todo run registry with SSL - generate/copy certs, mount it to registry container
+    - name: Run registry
+      become: yes
+      shell: "docker run -d -e REGISTRY_HTTP_ADDR=0.0.0.0:5000 -p 5000:5000 --restart=always --name epiphany-registry {{ specification.registry_image.name }}"
+      when: regitry_up_check.stdout | length == 0
 
-- name: Check if registry is running
-  become: yes
-  shell: docker ps | grep registry:2 | cat
-  register: regitry_up_check
-  check_mode: no
+    - name: Include load-image.yml
+      include_tasks: "load-image.yml"
+      vars:
+        docker_image: "{{ item }}"
+      loop: "{{ specification.images_to_load }}"
 
-# todo run registry with SSL - generate/copy certs, mount it to registry container
-- name: Run registry
-  become: yes
-  shell: "docker run -d -e REGISTRY_HTTP_ADDR=0.0.0.0:5000 -p 5000:5000 --restart=always --name epiphany-registry {{ specification.repository_image.name }}"
-  when: regitry_up_check.stdout | length == 0
+  when: not custom_image_registry_address

core/src/epicli/data/common/ansible/playbooks/roles/kubernetes_common/tasks/main.yml

@@ -2,13 +2,6 @@
 
 - include_tasks: install-packages.yml
 
-- name: Include load-image.yml
-  include_tasks: "load-image.yml"
-  vars:
-    docker_image: "{{ item }}"
-  loop: "{{ specification.images_to_load }}"
-  when: not custom_image_registry_address
-
 - name: Enable ip forwarding
   sysctl:
     name: net.ipv4.ip_forward

core/src/epicli/data/common/defaults/configuration/applications.yml

@@ -10,6 +10,7 @@ specification:
 
 # - name: rabbitmq 2
 #   image_path: rabbitmq:3.7.10
+#   use_local_image_registry: true
 #   #image_pull_secret_name: regcred # optional
 #   service:
 #     name: rabbitmq-cluster
@@ -18,7 +19,7 @@ specification:
 #     replicas: 2
 #     namespace: queue
 #   rabbitmq:
-#     #amqp_port: 5672 #optional - default 5672  
+#     #amqp_port: 5672 #optional - default 5672
 #     plugins: # optional list of RabbitMQ plugins
 #       - rabbitmq_management
 #       - rabbitmq_management_agent
@@ -37,6 +38,7 @@ specification:
 
 # - name: auth-service # this service require postgresql to be installed in cluster
 #   image_path: jboss/keycloak:4.8.3.Final
+#   use_local_image_registry: true
 #   #image_pull_secret_name: regcred
 #   service:
 #     name: as-testauthdb
@@ -46,7 +48,7 @@ specification:
 #     admin_user: auth-service-username
 #     admin_password: auth-service-password
 #   database: 
-#     name: "auth-database-name"    
+#     name: "auth-database-name"
 #     #port: "5432" # leave it when default
 #     user: "auth-db-user"
 #     password: "auth-db-password"

core/src/epicli/data/common/defaults/configuration/image-registry.yml

@@ -4,6 +4,45 @@ title: "Epiphany image registry"
 name: default
 specification:
   description: "Local registry with Docker images"
-  repository_image:
+  registry_image:
     name: "registry:2"
-    file_name: registry-2.tar
+    file_name: registry-2.tar
+  images_to_load:
+    # K8s
+  - name: "k8s.gcr.io/kube-apiserver:v1.14.6"
+    file_name: kube-apiserver-v1.14.6.tar
+  - name: "k8s.gcr.io/kube-controller-manager:v1.14.6"
+    file_name: kube-controller-manager-v1.14.6.tar
+  - name: "k8s.gcr.io/kube-scheduler:v1.14.6"
+    file_name: kube-scheduler-v1.14.6.tar
+  - name: "k8s.gcr.io/kube-proxy:v1.14.6"
+    file_name: kube-proxy-v1.14.6.tar
+  - name: "k8s.gcr.io/pause:3.1"
+    file_name: pause-3.1.tar
+  - name: "k8s.gcr.io/etcd:3.3.10"
+    file_name: etcd-3.3.10.tar
+  - name: "k8s.gcr.io/coredns:1.3.1"
+    file_name: coredns-1.3.1.tar
+  - name: "coredns/coredns:1.5.0"
+    file_name: coredns-1.5.0.tar
+  - name: "quay.io/coreos/flannel:v0.11.0-amd64"
+    file_name: flannel-v0.11.0-amd64.tar
+  - name: "quay.io/coreos/flannel:v0.11.0"
+    file_name: flannel-v0.11.0.tar
+  - name: "calico/node:v3.8.1"
+    file_name: node-v3.8.1.tar
+  - name: "calico/pod2daemon-flexvol:v3.8.1"
+    file_name: pod2daemon-flexvol-v3.8.1.tar
+  - name: "kubernetesui/dashboard:v2.0.0-beta1"
+    file_name: dashboard-v2.0.0-beta1.tar
+  - name: "kubernetesui/metrics-scraper:v1.0.0"
+    file_name: metrics-scraper-v1.0.0.tar
+  - name: "calico/cni:v3.8.1"
+    file_name: cni-v3.8.1.tar
+  - name: "calico/kube-controllers:v3.8.1"
+    file_name: kube-controllers-v3.8.1.tar
+    # applications
+  - name: "jboss/keycloak:4.8.3.Final"
+    file_name: keycloak-4.8.3.Final.tar
+  - name: "rabbitmq:3.7.10"
+    file_name: rabbitmq-3.7.10.tar

core/src/epicli/data/common/defaults/configuration/kubernetes-master.yml

@@ -4,44 +4,6 @@ title: "Kubernetes Master Config"
 name: default
 specification:
   version: 1.14.6
-  images_to_load:
-  - name: "k8s.gcr.io/kube-apiserver:v1.14.6"
-    file_name: kube-apiserver-v1.14.6.tar
-  - name: "k8s.gcr.io/kube-controller-manager:v1.14.6"
-    file_name: kube-controller-manager-v1.14.6.tar
-  - name: "k8s.gcr.io/kube-scheduler:v1.14.6"
-    file_name: kube-scheduler-v1.14.6.tar
-  - name: "k8s.gcr.io/kube-proxy:v1.14.6"
-    file_name: kube-proxy-v1.14.6.tar
-  - name: "k8s.gcr.io/pause:3.1"
-    file_name: pause-3.1.tar
-  - name: "k8s.gcr.io/etcd:3.3.10"
-    file_name: etcd-3.3.10.tar
-  - name: "k8s.gcr.io/coredns:1.3.1"
-    file_name: coredns-1.3.1.tar
-  - name: "coredns/coredns:1.5.0"
-    file_name: coredns-1.5.0.tar
-  - name: "quay.io/coreos/flannel:v0.11.0-amd64"
-    file_name: flannel-v0.11.0-amd64.tar
-  - name: "quay.io/coreos/flannel:v0.11.0"
-    file_name: flannel-v0.11.0.tar
-  - name: "calico/node:v3.8.1"
-    file_name: node-v3.8.1.tar
-  - name: "calico/pod2daemon-flexvol:v3.8.1"
-    file_name: pod2daemon-flexvol-v3.8.1.tar
-  - name: "kubernetesui/dashboard:v2.0.0-beta1"
-    file_name: dashboard-v2.0.0-beta1.tar
-  - name: "kubernetesui/metrics-scraper:v1.0.0"
-    file_name: metrics-scraper-v1.0.0.tar
-  - name: "calico/cni:v3.8.1"
-    file_name: cni-v3.8.1.tar
-  - name: "calico/kube-controllers:v3.8.1"
-    file_name: kube-controllers-v3.8.1.tar
-  - name: "jboss/keycloak:4.8.3.Final"
-    file_name: keycloak-4.8.3.Final.tar
-  - name: "rabbitmq:3.7.10"
-    file_name: rabbitmq-3.7.10.tar
-
   allow_pods_on_master: False
   storage:
     name: epiphany-cluster-volume # name of the Kubernetes resource

core/src/epicli/data/common/defaults/configuration/kubernetes-node.yml

@@ -4,9 +4,4 @@ title: "Kubernetes Node Config"
 name: default
 specification:
   version: 1.14.6
-  images_to_load:
-  - name: "jboss/keycloak:4.8.3.Final"
-    file_name: keycloak-4.8.3.Final.tar
-  - name: "rabbitmq:3.7.10"
-    file_name: rabbitmq-3.7.10.tar
   node_labels: "node-type=epiphany"