Merge pull request #281 from jwhonce/wip/insecure_registry

Infrastructure - Set OpenShift Registry

2 files changed, 13 insertions, 1 deletions

diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py
index e4d3bf26f..cb67a13de 100755
--- a/roles/openshift_facts/library/openshift_facts.py
+++ b/roles/openshift_facts/library/openshift_facts.py
@@ -705,7 +705,7 @@ class OpenShiftFacts(object):
             defaults['master'] = master
 
         if 'node' in roles:
-            node = dict(pod_cidr='', labels={}, annotations={})
+            node = dict(pod_cidr='', labels={}, annotations={}, portal_net='172.30.0.0/16')
             node['resources_cpu'] = self.system_facts['processor_cores']
             node['resources_memory'] = int(
                 int(self.system_facts['memtotal_mb']) * 1024 * 1024 * 0.75
diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml
index c5202650f..15d18f510 100644
--- a/roles/openshift_node/tasks/main.yml
+++ b/roles/openshift_node/tasks/main.yml
@@ -20,6 +20,7 @@
       annotations: "{{ openshift_node_annotations | default(none) }}"
       registry_url: "{{ oreg_url | default(none) }}"
       debug_level: "{{ openshift_node_debug_level | default(openshift.common.debug_level) }}"
+      portal_net: "{{ openshift_master_portal_net | default(None) }}"
 
 - name: Install OpenShift Node package
   yum: pkg=openshift-node state=present
@@ -56,6 +57,17 @@
   notify:
   - restart openshift-node
 
+- stat: path=/etc/sysconfig/docker
+  register: docker_check
+
+  # TODO: Enable secure registry when code available in origin
+- name: Secure OpenShift Registry
+  lineinfile:
+    dest: /etc/sysconfig/docker
+    regexp: '^OPTIONS=.*'
+    line: "OPTIONS='--insecure-registry={{ openshift.node.portal_net }} --selinux-enabled'"
+  when: docker_check.stat.isreg
+
 - name: Allow NFS access for VMs
   seboolean: name=virt_use_nfs state=yes persistent=yes