summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorBrenton Leanhardt <bleanhar@redhat.com>2016-03-17 13:24:39 -0400
committerBrenton Leanhardt <bleanhar@redhat.com>2016-03-17 13:24:39 -0400
commitdf453bc226f92f3c68c82d290226dc0efc2417be (patch)
tree46f3a628edd93350b3ed889da37ae11c29140ba0
parent3dbcb72f88b951247f1eb999bcf7f36df902de8e (diff)
parentbc114a192e2682204aa237fb7d69009ddfa5b747 (diff)
downloadopenshift-df453bc226f92f3c68c82d290226dc0efc2417be.tar.gz
openshift-df453bc226f92f3c68c82d290226dc0efc2417be.tar.bz2
openshift-df453bc226f92f3c68c82d290226dc0efc2417be.tar.xz
openshift-df453bc226f92f3c68c82d290226dc0efc2417be.zip
Merge pull request #1614 from detiber/bz1317755
Bug 1317755 - Set insecure-registry for internal registry by default
-rw-r--r--playbooks/common/openshift-node/config.yml10
-rw-r--r--roles/docker/handlers/main.yml2
-rw-r--r--roles/docker/tasks/main.yml2
-rw-r--r--roles/openshift_docker_facts/tasks/main.yml17
-rwxr-xr-xroles/openshift_facts/library/openshift_facts.py5
-rw-r--r--roles/openshift_node/tasks/main.yml1
6 files changed, 29 insertions, 8 deletions
diff --git a/playbooks/common/openshift-node/config.yml b/playbooks/common/openshift-node/config.yml
index a4e0d4c8c..7ca941732 100644
--- a/playbooks/common/openshift-node/config.yml
+++ b/playbooks/common/openshift-node/config.yml
@@ -115,6 +115,11 @@
vars:
openshift_node_master_api_url: "{{ hostvars[groups.oo_first_master.0].openshift.master.api_url }}"
openshift_node_first_master_ip: "{{ hostvars[groups.oo_first_master.0].openshift.common.ip }}"
+ # TODO: configure these based on
+ # hostvars[groups.oo_first_master.0].openshift.hosted.registry instead of
+ # hardcoding
+ openshift_docker_hosted_registry_insecure: True
+ openshift_docker_hosted_registry_network: "{{ hostvars[groups.oo_first_master.0].openshift.master.portal_net }}"
roles:
- openshift_node
@@ -123,6 +128,11 @@
vars:
openshift_node_master_api_url: "{{ hostvars[groups.oo_first_master.0].openshift.master.api_url }}"
openshift_node_first_master_ip: "{{ hostvars[groups.oo_first_master.0].openshift.common.ip }}"
+ # TODO: configure these based on
+ # hostvars[groups.oo_first_master.0].openshift.hosted.registry instead of
+ # hardcoding
+ openshift_docker_hosted_registry_insecure: True
+ openshift_docker_hosted_registry_network: "{{ hostvars[groups.oo_first_master.0].openshift.master.portal_net }}"
roles:
- openshift_node
diff --git a/roles/docker/handlers/main.yml b/roles/docker/handlers/main.yml
index 9f827417f..aff905bc8 100644
--- a/roles/docker/handlers/main.yml
+++ b/roles/docker/handlers/main.yml
@@ -4,7 +4,7 @@
service:
name: docker
state: restarted
- when: not docker_service_status_changed | default(false)
+ when: not docker_service_status_changed | default(false) | bool
- name: restart udev
service:
diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml
index ccbe1d5d5..9709c5014 100644
--- a/roles/docker/tasks/main.yml
+++ b/roles/docker/tasks/main.yml
@@ -76,3 +76,5 @@
when: docker_check.stat.isreg
notify:
- restart docker
+
+- meta: flush_handlers
diff --git a/roles/openshift_docker_facts/tasks/main.yml b/roles/openshift_docker_facts/tasks/main.yml
index ad7ad3748..26b46aa94 100644
--- a/roles/openshift_docker_facts/tasks/main.yml
+++ b/roles/openshift_docker_facts/tasks/main.yml
@@ -13,11 +13,9 @@
log_options: "{{ openshift_docker_log_options | default(None) }}"
options: "{{ openshift_docker_options | default(None) }}"
disable_push_dockerhub: "{{ openshift_disable_push_dockerhub | default(None) }}"
- - role: node
- local_facts:
- portal_net: "{{ openshift_master_portal_net | default(None) }}"
+ hosted_registry_insecure: "{{ openshift_docker_hosted_registry_insecure | default(None) }}"
+ hosted_registry_network: "{{ openshift_docker_hosted_registry_network | default(None) }}"
-# TODO: append openshift.node.portal_net to docker_insecure_registries
- set_fact:
docker_additional_registries: "{{ openshift.docker.additional_registries
| default(omit) }}"
@@ -27,6 +25,15 @@
| default(omit) }}"
docker_log_driver: "{{ openshift.docker.log_driver | default(omit) }}"
docker_log_options: "{{ openshift.docker.log_options | default(omit) }}"
- docker_options: "{{ openshift.docker.options | default(omit) }}"
docker_push_dockerhub: "{{ openshift.docker.disable_push_dockerhub
| default(omit) }}"
+
+- set_fact:
+ docker_options: >
+ --insecure-registry={{ openshift.docker.hosted_registry_network }}
+ {{ openshift.docker.options | default ('') }}
+ when: openshift.docker.hosted_registry_insecure | default(False) | bool
+
+- set_fact:
+ docker_options: "{{ openshift.docker.options | default(omit) }}"
+ when: not openshift.docker.hosted_registry_insecure | default(False) | bool
diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py
index b06900681..263daf210 100755
--- a/roles/openshift_facts/library/openshift_facts.py
+++ b/roles/openshift_facts/library/openshift_facts.py
@@ -50,6 +50,10 @@ def migrate_docker_facts(facts):
old_param = 'docker_' + param
if old_param in facts[role]:
facts['docker'][param] = facts[role].pop(old_param)
+
+ if 'node' in facts and 'portal_net' in facts['node']:
+ facts['docker']['hosted_registry_insecure'] = True
+ facts['docker']['hosted_registry_network'] = facts['node'].pop('portal_net')
return facts
def migrate_local_facts(facts):
@@ -1402,7 +1406,6 @@ class OpenShiftFacts(object):
if 'node' in roles:
defaults['node'] = dict(labels={}, annotations={},
- portal_net='172.30.0.0/16',
iptables_sync_period='5s',
set_node_ip=False)
diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml
index f854d3f38..4b5832ab7 100644
--- a/roles/openshift_node/tasks/main.yml
+++ b/roles/openshift_node/tasks/main.yml
@@ -23,7 +23,6 @@
iptables_sync_period: "{{ openshift_node_iptables_sync_period | default(None) }}"
kubelet_args: "{{ openshift_node_kubelet_args | default(None) }}"
labels: "{{ lookup('oo_option', 'openshift_node_labels') | default( openshift_node_labels | default(none), true) }}"
- portal_net: "{{ openshift_master_portal_net | default(None) }}"
registry_url: "{{ oreg_url | default(none) }}"
schedulable: "{{ openshift_schedulable | default(openshift_scheduleable) | default(None) }}"
sdn_mtu: "{{ openshift_node_sdn_mtu | default(None) }}"