diff options
author | Brenton Leanhardt <bleanhar@redhat.com> | 2016-03-17 13:24:39 -0400 |
---|---|---|
committer | Brenton Leanhardt <bleanhar@redhat.com> | 2016-03-17 13:24:39 -0400 |
commit | df453bc226f92f3c68c82d290226dc0efc2417be (patch) | |
tree | 46f3a628edd93350b3ed889da37ae11c29140ba0 | |
parent | 3dbcb72f88b951247f1eb999bcf7f36df902de8e (diff) | |
parent | bc114a192e2682204aa237fb7d69009ddfa5b747 (diff) | |
download | openshift-df453bc226f92f3c68c82d290226dc0efc2417be.tar.gz openshift-df453bc226f92f3c68c82d290226dc0efc2417be.tar.bz2 openshift-df453bc226f92f3c68c82d290226dc0efc2417be.tar.xz openshift-df453bc226f92f3c68c82d290226dc0efc2417be.zip |
Merge pull request #1614 from detiber/bz1317755
Bug 1317755 - Set insecure-registry for internal registry by default
-rw-r--r-- | playbooks/common/openshift-node/config.yml | 10 | ||||
-rw-r--r-- | roles/docker/handlers/main.yml | 2 | ||||
-rw-r--r-- | roles/docker/tasks/main.yml | 2 | ||||
-rw-r--r-- | roles/openshift_docker_facts/tasks/main.yml | 17 | ||||
-rwxr-xr-x | roles/openshift_facts/library/openshift_facts.py | 5 | ||||
-rw-r--r-- | roles/openshift_node/tasks/main.yml | 1 |
6 files changed, 29 insertions, 8 deletions
diff --git a/playbooks/common/openshift-node/config.yml b/playbooks/common/openshift-node/config.yml index a4e0d4c8c..7ca941732 100644 --- a/playbooks/common/openshift-node/config.yml +++ b/playbooks/common/openshift-node/config.yml @@ -115,6 +115,11 @@ vars: openshift_node_master_api_url: "{{ hostvars[groups.oo_first_master.0].openshift.master.api_url }}" openshift_node_first_master_ip: "{{ hostvars[groups.oo_first_master.0].openshift.common.ip }}" + # TODO: configure these based on + # hostvars[groups.oo_first_master.0].openshift.hosted.registry instead of + # hardcoding + openshift_docker_hosted_registry_insecure: True + openshift_docker_hosted_registry_network: "{{ hostvars[groups.oo_first_master.0].openshift.master.portal_net }}" roles: - openshift_node @@ -123,6 +128,11 @@ vars: openshift_node_master_api_url: "{{ hostvars[groups.oo_first_master.0].openshift.master.api_url }}" openshift_node_first_master_ip: "{{ hostvars[groups.oo_first_master.0].openshift.common.ip }}" + # TODO: configure these based on + # hostvars[groups.oo_first_master.0].openshift.hosted.registry instead of + # hardcoding + openshift_docker_hosted_registry_insecure: True + openshift_docker_hosted_registry_network: "{{ hostvars[groups.oo_first_master.0].openshift.master.portal_net }}" roles: - openshift_node diff --git a/roles/docker/handlers/main.yml b/roles/docker/handlers/main.yml index 9f827417f..aff905bc8 100644 --- a/roles/docker/handlers/main.yml +++ b/roles/docker/handlers/main.yml @@ -4,7 +4,7 @@ service: name: docker state: restarted - when: not docker_service_status_changed | default(false) + when: not docker_service_status_changed | default(false) | bool - name: restart udev service: diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index ccbe1d5d5..9709c5014 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -76,3 +76,5 @@ when: docker_check.stat.isreg notify: - restart docker + +- meta: flush_handlers diff --git a/roles/openshift_docker_facts/tasks/main.yml b/roles/openshift_docker_facts/tasks/main.yml index ad7ad3748..26b46aa94 100644 --- a/roles/openshift_docker_facts/tasks/main.yml +++ b/roles/openshift_docker_facts/tasks/main.yml @@ -13,11 +13,9 @@ log_options: "{{ openshift_docker_log_options | default(None) }}" options: "{{ openshift_docker_options | default(None) }}" disable_push_dockerhub: "{{ openshift_disable_push_dockerhub | default(None) }}" - - role: node - local_facts: - portal_net: "{{ openshift_master_portal_net | default(None) }}" + hosted_registry_insecure: "{{ openshift_docker_hosted_registry_insecure | default(None) }}" + hosted_registry_network: "{{ openshift_docker_hosted_registry_network | default(None) }}" -# TODO: append openshift.node.portal_net to docker_insecure_registries - set_fact: docker_additional_registries: "{{ openshift.docker.additional_registries | default(omit) }}" @@ -27,6 +25,15 @@ | default(omit) }}" docker_log_driver: "{{ openshift.docker.log_driver | default(omit) }}" docker_log_options: "{{ openshift.docker.log_options | default(omit) }}" - docker_options: "{{ openshift.docker.options | default(omit) }}" docker_push_dockerhub: "{{ openshift.docker.disable_push_dockerhub | default(omit) }}" + +- set_fact: + docker_options: > + --insecure-registry={{ openshift.docker.hosted_registry_network }} + {{ openshift.docker.options | default ('') }} + when: openshift.docker.hosted_registry_insecure | default(False) | bool + +- set_fact: + docker_options: "{{ openshift.docker.options | default(omit) }}" + when: not openshift.docker.hosted_registry_insecure | default(False) | bool diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index b06900681..263daf210 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -50,6 +50,10 @@ def migrate_docker_facts(facts): old_param = 'docker_' + param if old_param in facts[role]: facts['docker'][param] = facts[role].pop(old_param) + + if 'node' in facts and 'portal_net' in facts['node']: + facts['docker']['hosted_registry_insecure'] = True + facts['docker']['hosted_registry_network'] = facts['node'].pop('portal_net') return facts def migrate_local_facts(facts): @@ -1402,7 +1406,6 @@ class OpenShiftFacts(object): if 'node' in roles: defaults['node'] = dict(labels={}, annotations={}, - portal_net='172.30.0.0/16', iptables_sync_period='5s', set_node_ip=False) diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index f854d3f38..4b5832ab7 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -23,7 +23,6 @@ iptables_sync_period: "{{ openshift_node_iptables_sync_period | default(None) }}" kubelet_args: "{{ openshift_node_kubelet_args | default(None) }}" labels: "{{ lookup('oo_option', 'openshift_node_labels') | default( openshift_node_labels | default(none), true) }}" - portal_net: "{{ openshift_master_portal_net | default(None) }}" registry_url: "{{ oreg_url | default(none) }}" schedulable: "{{ openshift_schedulable | default(openshift_scheduleable) | default(None) }}" sdn_mtu: "{{ openshift_node_sdn_mtu | default(None) }}" |