Force IPv4 connectivity to Docker Hub during image builds

The docker hub rate limits continue to pester us (though many of the
mitigations we have already employed seem to be helping). One thing we
haven't done is to force connectivity to the docker hub registry via
ipv4 when building images. This should help because docker hub treats
ipv6 /64 blocks as a single entity for rate limiting purposes but ipv4
addrs are individually tracked.

Change-Id: Ia108e6fd6c19727083ae4b3b07c45d3503b5fe89

playbooks/zuul/force-dockerhub-ipv4.yaml

@@ -0,0 +1,21 @@
+- hosts: all
+  tasks:
+    - name: Set docker hub fqdn list fact
+      set_fact:
+        docker_registry_hostlist:
+          - registry-1.docker.io
+          - docker-images-prod.6aa30f8b08e16409b46e0173d6de2f56.r2.cloudflarestorage.com
+          - docker.io
+
+    - name: Resolve IPv4 Addresses for Docker resources
+      shell: for domain in {{ docker_registry_hostlist|join(' ') }} ; do host -t a "$domain" ; done
+      register: docker_io_dns
+
+    - name: Update to /etc/hosts according to force_docker_io_ipv4
+      lineinfile:
+        path: /etc/hosts
+        line: "{{ (item|split(' '))[-1] }}\t{{ (item|split(' '))[0] }}"
+        mode: "0644"
+        state: "present"
+      loop: "{{ docker_io_dns.stdout_lines }}"
+      become: true

zuul.d/docker-images/base.yaml

@@ -20,6 +20,7 @@
     name: system-config-build-image
     parent: opendev-build-docker-image
     dependencies: opendev-buildset-registry
+    pre-run: playbooks/zuul/force-dockerhub-ipv4.yaml
     abstract: true
     vars:
       docker_mirror_base_url: "https://{{ zuul_site_mirror_fqdn }}/deb-docker/{{ ansible_distribution_release }}"
@@ -29,6 +30,7 @@
     name: system-config-upload-image
     parent: opendev-upload-docker-image
     dependencies: opendev-buildset-registry
+    pre-run: playbooks/zuul/force-dockerhub-ipv4.yaml
     abstract: true
     vars:
       docker_mirror_base_url: "https://{{ zuul_site_mirror_fqdn }}/deb-docker/{{ ansible_distribution_release }}"
@@ -41,6 +43,7 @@
 - job:
     name: system-config-promote-image
     parent: opendev-promote-docker-image
+    pre-run: playbooks/zuul/force-dockerhub-ipv4.yaml
     abstract: true
     secrets:
       name: docker_credentials
@@ -80,6 +83,7 @@
     name: system-config-build-container-image
     parent: opendev-build-container-image
     dependencies: opendev-buildset-registry
+    pre-run: playbooks/zuul/force-dockerhub-ipv4.yaml
     abstract: true
     vars: &system_config_image_vars
       docker_mirror_base_url: "https://{{ zuul_site_mirror_fqdn }}/deb-docker/{{ ansible_distribution_release }}"
@@ -91,6 +95,7 @@
     name: system-config-upload-container-image
     parent: opendev-upload-container-image
     dependencies: opendev-buildset-registry
+    pre-run: playbooks/zuul/force-dockerhub-ipv4.yaml
     abstract: true
     vars: *system_config_image_vars
     secrets:
@@ -101,6 +106,7 @@
 - job:
     name: system-config-promote-container-image
     parent: opendev-promote-container-image
+    pre-run: playbooks/zuul/force-dockerhub-ipv4.yaml
     abstract: true
     vars: *system_config_image_vars
     secrets: