Various hosted component improvements

* [openshift_projects] Add openshift_projects role
* [openshift_hosted] hosted deployments use openshift_hosted_infra_selector if openshift_hosted_<component>_selector is not defined
* [openshift_hosted] move openshift_projects, openshift_serviceaccounts and openshift_metrics to dependencies of openshift_hosted
* [router] improve router deployment
  - add router option to force subdomain
  - add CA to router certificate options
* [registry] move registry config into openshift_hosted role
  - additional registry fixes/tweaks
  - add s3 storage support for registry
* [serviceaccount] fix up serviceaccount creation

1 files changed, 114 insertions, 0 deletions

diff --git a/roles/openshift_hosted/tasks/registry/storage/object_storage.yml b/roles/openshift_hosted/tasks/registry/storage/object_storage.yml
new file mode 100644
index 000000000..9db67ecc6
--- /dev/null
+++ b/roles/openshift_hosted/tasks/registry/storage/object_storage.yml
@@ -0,0 +1,114 @@
+- fail:
+    msg: >
+      Object Storage Provider: {{ openshift.hosted.registry.storage.provider }}
+      is not currently supported
+  when: openshift.hosted.registry.storage.provider not in ['azure_blob', 's3', 'swift']
+
+- fail:
+    msg: >
+      Support for provider: "{{ openshift.hosted.registry.storage.provider }}"
+      not implemented yet
+  when: openshift.hosted.registry.storage.provider in ['azure_blob', 'swift']
+
+- include: s3.yml
+  when: openshift.hosted.registry.storage.provider == 's3'
+
+- name: Test if docker registry config secret exists
+  command: >
+    {{ openshift.common.client_binary }}
+    --config={{ openshift_hosted_kubeconfig }}
+    --namespace={{ openshift.hosted.registry.namespace | default('default') }}
+    get secrets {{ registry_config_secret_name }} -o json
+  register: secrets
+  changed_when: false
+  failed_when: false
+
+- set_fact:
+    registry_config: "{{ lookup('template', '../templates/registry_config.j2') | b64encode }}"
+
+- set_fact:
+    registry_config_secret: "{{ lookup('template', '../templates/registry_config_secret.j2') | from_yaml }}"
+
+- set_fact:
+    same_storage_provider: "{{ (secrets.stdout|from_json)['metadata']['annotations']['provider'] | default(none) == openshift.hosted.registry.storage.provider }}"
+  when: secrets.rc == 0
+
+- name: Update registry config secret
+  command: >
+    {{ openshift.common.client_binary }}
+    --config={{ openshift_hosted_kubeconfig }}
+    --namespace={{ openshift.hosted.registry.namespace | default('default') }}
+    patch secret/{{ registry_config_secret_name }}
+    -p '{"data": {"config.yml": "{{ registry_config }}"}}'
+  register: update_config_secret
+  when: secrets.rc == 0 and (secrets.stdout|from_json)['data']['config.yml'] != registry_config and same_storage_provider | bool
+
+- name: Create registry config secret
+  shell: >
+    echo '{{ registry_config_secret |to_json }}' |
+    {{ openshift.common.client_binary }}
+    --config={{ openshift_hosted_kubeconfig }}
+    --namespace={{ openshift.hosted.registry.namespace | default('default') }}
+    create -f -
+  when: secrets.rc == 1
+
+- name: Determine if service account contains secrets
+  command: >
+    {{ openshift.common.client_binary }}
+    --config={{ openshift_hosted_kubeconfig }}
+    --namespace={{ openshift.hosted.registry.namespace | default('default') }}
+    get serviceaccounts registry
+    -o jsonpath='{.secrets[?(@.name=="{{ registry_config_secret_name }}")].name}'
+  register: serviceaccount
+  changed_when: false
+
+- name: Add secrets to registry service account
+  command: >
+    {{ openshift.common.client_binary }}
+    --config={{ openshift_hosted_kubeconfig }}
+    --namespace={{ openshift.hosted.registry.namespace | default('default') }}
+    secrets add serviceaccount/registry secrets/{{ registry_config_secret_name }}
+  when: serviceaccount.stdout == ''
+
+- name: Determine if deployment config contains secrets
+  command: >
+    {{ openshift.common.client_binary }}
+    --config={{ openshift_hosted_kubeconfig }}
+    --namespace={{ openshift.hosted.registry.namespace | default('default') }}
+    set volumes dc/docker-registry --list
+  register: volume
+  changed_when: false
+
+- name: Add secrets to registry deployment config
+  command: >
+    {{ openshift.common.client_binary }}
+    --config={{ openshift_hosted_kubeconfig }}
+    --namespace={{ openshift.hosted.registry.namespace | default('default') }}
+    set volumes dc/docker-registry --add --name=docker-config -m /etc/registry
+    --type=secret --secret-name={{ registry_config_secret_name }}
+  when: registry_config_secret_name not in volume.stdout
+
+- name: Determine if registry environment variable needs to be created
+  command: >
+    {{ openshift.common.client_binary }}
+    --config={{ openshift_hosted_kubeconfig }}
+    --namespace={{ openshift.hosted.registry.namespace | default('default') }}
+    set env --list dc/docker-registry
+  register: oc_env
+  changed_when: false
+
+- name: Add registry environment variable
+  command: >
+    {{ openshift.common.client_binary }}
+    --config={{ openshift_hosted_kubeconfig }}
+    --namespace={{ openshift.hosted.registry.namespace | default('default') }}
+    set env dc/docker-registry REGISTRY_CONFIGURATION_PATH=/etc/registry/config.yml
+  when: "'REGISTRY_CONFIGURATION_PATH' not in oc_env.stdout"
+
+- name: Redeploy registry
+  command: >
+    {{ openshift.common.client_binary }}
+    --config={{ openshift_hosted_kubeconfig }}
+    --namespace={{ openshift.hosted.registry.namespace | default('default') }}
+    deploy dc/docker-registry --latest
+  when: secrets.rc == 0 and update_config_secret.rc == 0 and same_storage_provider | bool