diff options
author | Andrew Butcher <abutcher@redhat.com> | 2016-06-30 13:20:10 -0400 |
---|---|---|
committer | Andrew Butcher <abutcher@redhat.com> | 2016-07-07 13:31:12 -0400 |
commit | 57dfae185d3d0e02ebe515263c54867bee37b45e (patch) | |
tree | fce310bd381bb38145aed3dc10424484feaf96c6 /roles/openshift_hosted/tasks/registry/storage/object_storage.yml | |
parent | 1a2c22a060b8b6f0e64d452fdfc13012d3c067ed (diff) | |
download | openshift-57dfae185d3d0e02ebe515263c54867bee37b45e.tar.gz openshift-57dfae185d3d0e02ebe515263c54867bee37b45e.tar.bz2 openshift-57dfae185d3d0e02ebe515263c54867bee37b45e.tar.xz openshift-57dfae185d3d0e02ebe515263c54867bee37b45e.zip |
Various hosted component improvements
* [openshift_projects] Add openshift_projects role
* [openshift_hosted] hosted deployments use openshift_hosted_infra_selector if openshift_hosted_<component>_selector is not defined
* [openshift_hosted] move openshift_projects, openshift_serviceaccounts and openshift_metrics to dependencies of openshift_hosted
* [router] improve router deployment
- add router option to force subdomain
- add CA to router certificate options
* [registry] move registry config into openshift_hosted role
- additional registry fixes/tweaks
- add s3 storage support for registry
* [serviceaccount] fix up serviceaccount creation
Diffstat (limited to 'roles/openshift_hosted/tasks/registry/storage/object_storage.yml')
-rw-r--r-- | roles/openshift_hosted/tasks/registry/storage/object_storage.yml | 114 |
1 files changed, 114 insertions, 0 deletions
diff --git a/roles/openshift_hosted/tasks/registry/storage/object_storage.yml b/roles/openshift_hosted/tasks/registry/storage/object_storage.yml new file mode 100644 index 000000000..9db67ecc6 --- /dev/null +++ b/roles/openshift_hosted/tasks/registry/storage/object_storage.yml @@ -0,0 +1,114 @@ +- fail: + msg: > + Object Storage Provider: {{ openshift.hosted.registry.storage.provider }} + is not currently supported + when: openshift.hosted.registry.storage.provider not in ['azure_blob', 's3', 'swift'] + +- fail: + msg: > + Support for provider: "{{ openshift.hosted.registry.storage.provider }}" + not implemented yet + when: openshift.hosted.registry.storage.provider in ['azure_blob', 'swift'] + +- include: s3.yml + when: openshift.hosted.registry.storage.provider == 's3' + +- name: Test if docker registry config secret exists + command: > + {{ openshift.common.client_binary }} + --config={{ openshift_hosted_kubeconfig }} + --namespace={{ openshift.hosted.registry.namespace | default('default') }} + get secrets {{ registry_config_secret_name }} -o json + register: secrets + changed_when: false + failed_when: false + +- set_fact: + registry_config: "{{ lookup('template', '../templates/registry_config.j2') | b64encode }}" + +- set_fact: + registry_config_secret: "{{ lookup('template', '../templates/registry_config_secret.j2') | from_yaml }}" + +- set_fact: + same_storage_provider: "{{ (secrets.stdout|from_json)['metadata']['annotations']['provider'] | default(none) == openshift.hosted.registry.storage.provider }}" + when: secrets.rc == 0 + +- name: Update registry config secret + command: > + {{ openshift.common.client_binary }} + --config={{ openshift_hosted_kubeconfig }} + --namespace={{ openshift.hosted.registry.namespace | default('default') }} + patch secret/{{ registry_config_secret_name }} + -p '{"data": {"config.yml": "{{ registry_config }}"}}' + register: update_config_secret + when: secrets.rc == 0 and (secrets.stdout|from_json)['data']['config.yml'] != registry_config and same_storage_provider | bool + +- name: Create registry config secret + shell: > + echo '{{ registry_config_secret |to_json }}' | + {{ openshift.common.client_binary }} + --config={{ openshift_hosted_kubeconfig }} + --namespace={{ openshift.hosted.registry.namespace | default('default') }} + create -f - + when: secrets.rc == 1 + +- name: Determine if service account contains secrets + command: > + {{ openshift.common.client_binary }} + --config={{ openshift_hosted_kubeconfig }} + --namespace={{ openshift.hosted.registry.namespace | default('default') }} + get serviceaccounts registry + -o jsonpath='{.secrets[?(@.name=="{{ registry_config_secret_name }}")].name}' + register: serviceaccount + changed_when: false + +- name: Add secrets to registry service account + command: > + {{ openshift.common.client_binary }} + --config={{ openshift_hosted_kubeconfig }} + --namespace={{ openshift.hosted.registry.namespace | default('default') }} + secrets add serviceaccount/registry secrets/{{ registry_config_secret_name }} + when: serviceaccount.stdout == '' + +- name: Determine if deployment config contains secrets + command: > + {{ openshift.common.client_binary }} + --config={{ openshift_hosted_kubeconfig }} + --namespace={{ openshift.hosted.registry.namespace | default('default') }} + set volumes dc/docker-registry --list + register: volume + changed_when: false + +- name: Add secrets to registry deployment config + command: > + {{ openshift.common.client_binary }} + --config={{ openshift_hosted_kubeconfig }} + --namespace={{ openshift.hosted.registry.namespace | default('default') }} + set volumes dc/docker-registry --add --name=docker-config -m /etc/registry + --type=secret --secret-name={{ registry_config_secret_name }} + when: registry_config_secret_name not in volume.stdout + +- name: Determine if registry environment variable needs to be created + command: > + {{ openshift.common.client_binary }} + --config={{ openshift_hosted_kubeconfig }} + --namespace={{ openshift.hosted.registry.namespace | default('default') }} + set env --list dc/docker-registry + register: oc_env + changed_when: false + +- name: Add registry environment variable + command: > + {{ openshift.common.client_binary }} + --config={{ openshift_hosted_kubeconfig }} + --namespace={{ openshift.hosted.registry.namespace | default('default') }} + set env dc/docker-registry REGISTRY_CONFIGURATION_PATH=/etc/registry/config.yml + when: "'REGISTRY_CONFIGURATION_PATH' not in oc_env.stdout" + +- name: Redeploy registry + command: > + {{ openshift.common.client_binary }} + --config={{ openshift_hosted_kubeconfig }} + --namespace={{ openshift.hosted.registry.namespace | default('default') }} + deploy dc/docker-registry --latest + when: secrets.rc == 0 and update_config_secret.rc == 0 and same_storage_provider | bool |