Switch demo to use version 2 of the Docker registry.

Author: jglick

.gitignore

@@ -1,5 +1,4 @@
 target
 work
-demo/snapshot-plugins/
 .idea
 *.iml

demo/.dockerignore

@@ -0,0 +1,2 @@
+snapshot-plugins/
+certs/

demo/.gitignore

@@ -37,6 +37,9 @@ RUN /usr/local/maven/bin/mvn -s settings.xml -Dmaven.repo.local=/usr/share/jenki
 COPY plugins.txt /tmp/files/
 RUN /usr/local/bin/plugins.sh /tmp/files/plugins.txt
 
+# Remove the base workflow-demo "cd" job
+RUN rm -rf /usr/share/jenkins/ref/jobs/cd
+
 ADD JENKINS_HOME /usr/share/jenkins/ref
 
 COPY run-demo.sh /usr/local/bin/run-demo.sh

demo/Dockerfile

@@ -0,0 +1,7 @@
+FROM registry:2.5.1
+ADD certs/ca.crt certs/ca.key certs/docker-registry.htpasswd /var/registry/certs/
+ENV REGISTRY_HTTP_TLS_CERTIFICATE /var/registry/certs/ca.crt
+ENV REGISTRY_HTTP_TLS_KEY /var/registry/certs/ca.key
+ENV REGISTRY_AUTH htpasswd
+ENV REGISTRY_AUTH_HTPASSWD_REALM Registry Realm
+ENV REGISTRY_AUTH_HTPASSWD_PATH /var/registry/certs/docker-registry.htpasswd

demo/Dockerfile-proxy

@@ -10,7 +10,7 @@
           <scope>GLOBAL</scope>
           <id>docker-registry-login</id>
           <description></description>
-          <username>workflowuser</username>
+          <username>pipelineuser</username>
           <password>123123123</password>
         </com.cloudbees.plugins.credentials.impl.UsernamePasswordCredentialsImpl>
       </java.util.concurrent.CopyOnWriteArrayList>

demo/Dockerfile-registry

@@ -25,11 +25,12 @@
 TAG=$(shell perl -n -e 'if (/docker-workflow:(.+)/) {print $$1}' plugins.txt)
 IMAGE=jenkinsci/docker-workflow-demo
 
-build-proxy:
-	docker build -t nginx:docker-workflow-demo -f Dockerfile-proxy .
+build-registry:
+	./gen-security-data.sh certs
+	docker build -t registry:docker-workflow-demo -f Dockerfile-registry .
 
 # Builds a demo based on a released version of the plugin.
-build:	build-proxy
+build:	build-registry
 	docker build -t $(IMAGE):$(TAG) .
 
 # Builds a demo based on the current local snapshot build of the plugin.
@@ -55,7 +56,7 @@ run-snapshot:	build-snapshot
 	$(DOCKER_RUN) $(IMAGE):SNAPSHOT
 
 clean:
-	rm -rf snapshot-plugins
+	rm -rf certs snapshot-plugins
 
 push:
 	docker push $(IMAGE):$(TAG)

demo/JENKINS_HOME/credentials.xml

@@ -31,26 +31,9 @@ mkdir -p $1
 
 pushd $1
 
-htpasswd -bmc docker-registry.htpasswd workflowuser 123123123
+docker run --entrypoint htpasswd registry:2.5.1 -Bbn pipelineuser 123123123 > docker-registry.htpasswd 
 
 # Create the CA Key and Certificate for signing Certs
 openssl genrsa -des3 -passout pass:x -out ca.key 4096
 openssl rsa -passin pass:x -in ca.key -out ca.key # remove password!
-openssl req -new -x509 -days 365 -key ca.key -out ca.crt -subj "/C=US/ST=California/L=San Jose/O=Jenkins CI/OU=Workflow Dept/CN=localhost"
- 
-# Create the Server Key, CSR, and Certificate
-openssl genrsa -des3 -passout pass:x -out key.pem 1024
-openssl rsa -passin pass:x -in key.pem -out key.pem # remove password!
-openssl req -new -key key.pem -out server.csr -subj "/C=US/ST=California/L=San Jose/O=Jenkins CI/OU=Workflow Dept/CN=localhost"
- 
-# Self sign the server cert.
-openssl x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out cert.pem
-
-# cat the ca cert onto the server cert
-cat ca.crt >> cert.pem
-
-# White-list the CA cert (because it is self-signed), otherwise docker client will not be able to authenticate
-cp ca.crt /usr/local/share/ca-certificates
-update-ca-certificates
-
-popd
+openssl req -new -x509 -days 365 -key ca.key -out ca.crt -subj "/C=US/ST=California/L=San Jose/O=Jenkins CI/OU=Pipeline Dept/CN=localhost"

demo/Makefile

@@ -31,10 +31,9 @@
 echo '*************** Installing a local Docker Registry Service for the demo ***************'
 echo '***************            Please sit tight for a minute                ***************'
 
-cont1=$(docker run -d --name registry --restart=always registry:0.9.1)
-cont2=$(docker run -d -p 443:443 --name wf-registry-proxy --link registry:registry nginx:docker-workflow-demo)
+cont1=$(docker run -d -p 443:5000 --name registry --restart=always registry:docker-workflow-demo)
 # TODO would be natural to switch to Compose
-trap "docker rm -f $cont1 $cont2" EXIT
+trap "docker rm -f $cont1" EXIT
 
 # Note that this https://github.com/docker/docker/issues/23177 workaround is useless since the Docker CLI does not do the hostname resolution, the server does:
 # echo $(docker inspect -f '{{.NetworkSettings.Gateway}}' $HOSTNAME) docker.example.com >> /etc/hosts
@@ -44,11 +43,6 @@ echo '***************         Docker Registry Service running now             **
 # In case some tagged images were left over from a previous run using a cache:
 (docker images -q examplecorp/spring-petclinic; docker images -q localhost/examplecorp/spring-petclinic) | xargs docker rmi --no-prune=true --force
 
-#
-# Remove the base workflow-demo "cd" job
-#
-rm -rf /usr/share/jenkins/ref/jobs/cd /var/jenkins_home/jobs/cd
-
 #
 # Now run Jenkins.
 #