BigDataRepublic · stefanvanwouw · Feb 17, 2017 · Feb 17, 2017
diff --git a/embedded-execution-layer/README.md b/embedded-execution-layer/README.md
@@ -12,6 +12,14 @@ cp /opt/ssl/client.* /vagrant/
 
 2. You can now run any docker command from your host.
 ```
-docker --tlsverify --tlscacert=ca.crt --tlscert=client.crt --tlskey=client.pem -H <address e.g. 10.0.0.45>:2376
+docker --tlsverify --tlscacert=ca.crt --tlscert=client.crt --tlskey=client.pem -H <address e.g. 10.0.0.45>:2376 version
+docker --tlsverify --tlscacert=ca.crt --tlscert=client.crt --tlskey=client.pem -H <address e.g. 10.0.0.45>:2376 build -t ...
 ```
 
+3. If you want to deploy a service on all nodes use the docker registry provided by tagging your docker image as ``10.0.0.45:4000/name``. E.g.:
+```
+docker --tlsverify --tlscacert=ca.crt --tlscert=client.crt --tlskey=client.pem -H <address e.g. 10.0.0.45>:2376 tag <image id (docker images)> 10.0.0.45:4000/name
+docker --tlsverify --tlscacert=ca.crt --tlscert=client.crt --tlskey=client.pem -H <address e.g. 10.0.0.45>:2376 push 10.0.0.45:4000/name
+```
+The image is now available on all vagrant hosts (required for deploying a docker swarm mode service).
+
diff --git a/embedded-execution-layer/Vagrantfile b/embedded-execution-layer/Vagrantfile
@@ -52,6 +52,14 @@ Vagrant.configure("2") do |config|
         ansible.limit = "all" # or only "nodes" group, etc.
       end
 
+      vm.vm.provision "ansible_local" do |ansible|
+        ansible.playbook = "registry.yml"
+        ansible.inventory_path = "example-inventory/dev"
+        ansible.provisioning_path = "/vagrant/embedded-execution-layer"
+        ansible.raw_arguments = ['-u vagrant']
+        ansible.limit = "all" # or only "nodes" group, etc.
+      end
+
       # Provision virtualbox:
       vm.vm.provider "virtualbox" do |vb|
         vb.memory = 2048 # 2 GB

diff --git a/embedded-execution-layer/components/docker/defaults/main.yml b/embedded-execution-layer/components/docker/defaults/main.yml
@@ -1,2 +1,3 @@
 ---
 docker_remote_access: False
+docker_opts: ""
diff --git a/embedded-execution-layer/components/docker/tasks/main.yml b/embedded-execution-layer/components/docker/tasks/main.yml
@@ -13,30 +13,18 @@
   systemd: state=started name=docker enabled=yes
 
 
-
-
-
-- name: Ensure docker daemon is running in secure remote access mode
-  lineinfile:
-    dest: /usr/lib/systemd/system/docker.service
-    regexp: "ExecStart"
-    line: "ExecStart=/usr/bin/dockerd --tlsverify --tlscacert={{ docker_remote_access_certs_location }}/ca.crt --tlscert={{ docker_remote_access_certs_location }}/server.crt --tlskey={{ docker_remote_access_certs_location }}/server.pem -H=0.0.0.0:2376 -H unix:///var/run/docker.sock"
-    state: present
-  notify:
-    - daemon_reload
-    - restart_docker
+- set_fact:
+    docker_opts: "--tlsverify --tlscacert={{ docker_remote_access_certs_location }}/ca.crt --tlscert={{ docker_remote_access_certs_location }}/server.crt --tlskey={{ docker_remote_access_certs_location }}/server.pem -H=0.0.0.0:2376 -H unix:///var/run/docker.sock {{ docker_opts }}"
   when: docker_remote_access
 
-- name: Ensure docker daemon is running in local mode
+- name: Ensure docker daemon is running with correct parameters (local vs remote mode + extra opts)
   lineinfile:
     dest: /usr/lib/systemd/system/docker.service
     regexp: "ExecStart"
-    line: "ExecStart=/usr/bin/dockerd"
+    line: "ExecStart=/usr/bin/dockerd {{ docker_opts }}"
     state: present
   notify:
     - daemon_reload
     - restart_docker
-  when: not docker_remote_access
-
 
 - meta: flush_handlers
diff --git a/embedded-execution-layer/example-inventory/dev b/embedded-execution-layer/example-inventory/dev
@@ -7,6 +7,9 @@ bdr-container-node-1
 bdr-container-node-2
 bdr-container-node-3
 
+[container-nodes:vars]
+docker_opts="--insecure-registry 10.0.0.45:4000"
+
 [initial-swarm-leader-manager]
 bdr-container-node-1
 

diff --git a/embedded-execution-layer/platform/registry/defaults/main.yml b/embedded-execution-layer/platform/registry/defaults/main.yml
@@ -0,0 +1,3 @@
+---
+registry_node_constraint: "node.labels.registry==true"
+registry_version: 2
diff --git a/embedded-execution-layer/platform/registry/tasks/main.yml b/embedded-execution-layer/platform/registry/tasks/main.yml
@@ -0,0 +1,48 @@
+---
+
+# We use the external docker API made available to us to provision this
+- name: Check parameters
+  assert:
+    that:
+      - docker_client_cert is defined
+      - docker_client_key is defined
+      - docker_client_cacert is defined
+      - docker_endpoint is defined
+      - docker_opts is defined and '--insecure-registry' in docker_opts
+
+- set_fact:
+    docker_cmd: docker --tlsverify --tlscacert={{ docker_client_cacert }} --tlscert={{ docker_client_cert }} --tlskey={{ docker_client_key }} -H {{ docker_endpoint }}
+
+- name: Check for Registry
+  command: |
+    {{ docker_cmd }}
+    inspect registry
+  register: tmp_command_result
+  failed_when: "'--help' in tmp_command_result.stderr"
+
+- set_fact:
+    tmp_service_exists: "{{ tmp_command_result.stderr == ''}}"
+
+
+- name: Deploy Registry
+  command: |
+    {{ docker_cmd }}
+    run
+    --name registry
+    --restart=always
+    --volume /opt/registry:/var/lib/registry
+    -d
+    -p 4000:5000
+    registry:{{ registry_version }}
+  when: not tmp_service_exists
+
+
+
+
+
+
+
+
+
+
+
diff --git a/embedded-execution-layer/registry.yml b/embedded-execution-layer/registry.yml
@@ -0,0 +1,13 @@
+---
+
+- hosts: initial-swarm-leader-manager
+  become: yes
+  roles:
+    - { role: registry,
+        docker_endpoint: "127.0.0.1:2376",
+        docker_client_cert: "/opt/ssl/client.crt",
+        docker_client_cacert: "/opt/ssl/ca.crt",
+        docker_client_key: "/opt/ssl/client.pem",
+        registry_nodes: ['bdr-container-node-1']
+      }
+