diff options
author | Andrew Butcher <abutcher@afrolegs.com> | 2016-07-08 10:11:04 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2016-07-08 10:11:04 -0400 |
commit | 69b47af2aa3986ac18d5fdddf5dc6ed478fe08c4 (patch) | |
tree | 0419cfc12d414a95c987f7667f6618fba923c522 /roles/openshift_hosted/tasks/registry/storage | |
parent | 8a0c9b6b6a9820b38694cb23979ffc7a8c358588 (diff) | |
parent | 57dfae185d3d0e02ebe515263c54867bee37b45e (diff) | |
download | openshift-69b47af2aa3986ac18d5fdddf5dc6ed478fe08c4.tar.gz openshift-69b47af2aa3986ac18d5fdddf5dc6ed478fe08c4.tar.bz2 openshift-69b47af2aa3986ac18d5fdddf5dc6ed478fe08c4.tar.xz openshift-69b47af2aa3986ac18d5fdddf5dc6ed478fe08c4.zip |
Merge pull request #2023 from abutcher/openshift-hosted
Various hosted component improvements
Diffstat (limited to 'roles/openshift_hosted/tasks/registry/storage')
3 files changed, 144 insertions, 0 deletions
diff --git a/roles/openshift_hosted/tasks/registry/storage/object_storage.yml b/roles/openshift_hosted/tasks/registry/storage/object_storage.yml new file mode 100644 index 000000000..9db67ecc6 --- /dev/null +++ b/roles/openshift_hosted/tasks/registry/storage/object_storage.yml @@ -0,0 +1,114 @@ +- fail: + msg: > + Object Storage Provider: {{ openshift.hosted.registry.storage.provider }} + is not currently supported + when: openshift.hosted.registry.storage.provider not in ['azure_blob', 's3', 'swift'] + +- fail: + msg: > + Support for provider: "{{ openshift.hosted.registry.storage.provider }}" + not implemented yet + when: openshift.hosted.registry.storage.provider in ['azure_blob', 'swift'] + +- include: s3.yml + when: openshift.hosted.registry.storage.provider == 's3' + +- name: Test if docker registry config secret exists + command: > + {{ openshift.common.client_binary }} + --config={{ openshift_hosted_kubeconfig }} + --namespace={{ openshift.hosted.registry.namespace | default('default') }} + get secrets {{ registry_config_secret_name }} -o json + register: secrets + changed_when: false + failed_when: false + +- set_fact: + registry_config: "{{ lookup('template', '../templates/registry_config.j2') | b64encode }}" + +- set_fact: + registry_config_secret: "{{ lookup('template', '../templates/registry_config_secret.j2') | from_yaml }}" + +- set_fact: + same_storage_provider: "{{ (secrets.stdout|from_json)['metadata']['annotations']['provider'] | default(none) == openshift.hosted.registry.storage.provider }}" + when: secrets.rc == 0 + +- name: Update registry config secret + command: > + {{ openshift.common.client_binary }} + --config={{ openshift_hosted_kubeconfig }} + --namespace={{ openshift.hosted.registry.namespace | default('default') }} + patch secret/{{ registry_config_secret_name }} + -p '{"data": {"config.yml": "{{ registry_config }}"}}' + register: update_config_secret + when: secrets.rc == 0 and (secrets.stdout|from_json)['data']['config.yml'] != registry_config and same_storage_provider | bool + +- name: Create registry config secret + shell: > + echo '{{ registry_config_secret |to_json }}' | + {{ openshift.common.client_binary }} + --config={{ openshift_hosted_kubeconfig }} + --namespace={{ openshift.hosted.registry.namespace | default('default') }} + create -f - + when: secrets.rc == 1 + +- name: Determine if service account contains secrets + command: > + {{ openshift.common.client_binary }} + --config={{ openshift_hosted_kubeconfig }} + --namespace={{ openshift.hosted.registry.namespace | default('default') }} + get serviceaccounts registry + -o jsonpath='{.secrets[?(@.name=="{{ registry_config_secret_name }}")].name}' + register: serviceaccount + changed_when: false + +- name: Add secrets to registry service account + command: > + {{ openshift.common.client_binary }} + --config={{ openshift_hosted_kubeconfig }} + --namespace={{ openshift.hosted.registry.namespace | default('default') }} + secrets add serviceaccount/registry secrets/{{ registry_config_secret_name }} + when: serviceaccount.stdout == '' + +- name: Determine if deployment config contains secrets + command: > + {{ openshift.common.client_binary }} + --config={{ openshift_hosted_kubeconfig }} + --namespace={{ openshift.hosted.registry.namespace | default('default') }} + set volumes dc/docker-registry --list + register: volume + changed_when: false + +- name: Add secrets to registry deployment config + command: > + {{ openshift.common.client_binary }} + --config={{ openshift_hosted_kubeconfig }} + --namespace={{ openshift.hosted.registry.namespace | default('default') }} + set volumes dc/docker-registry --add --name=docker-config -m /etc/registry + --type=secret --secret-name={{ registry_config_secret_name }} + when: registry_config_secret_name not in volume.stdout + +- name: Determine if registry environment variable needs to be created + command: > + {{ openshift.common.client_binary }} + --config={{ openshift_hosted_kubeconfig }} + --namespace={{ openshift.hosted.registry.namespace | default('default') }} + set env --list dc/docker-registry + register: oc_env + changed_when: false + +- name: Add registry environment variable + command: > + {{ openshift.common.client_binary }} + --config={{ openshift_hosted_kubeconfig }} + --namespace={{ openshift.hosted.registry.namespace | default('default') }} + set env dc/docker-registry REGISTRY_CONFIGURATION_PATH=/etc/registry/config.yml + when: "'REGISTRY_CONFIGURATION_PATH' not in oc_env.stdout" + +- name: Redeploy registry + command: > + {{ openshift.common.client_binary }} + --config={{ openshift_hosted_kubeconfig }} + --namespace={{ openshift.hosted.registry.namespace | default('default') }} + deploy dc/docker-registry --latest + when: secrets.rc == 0 and update_config_secret.rc == 0 and same_storage_provider | bool diff --git a/roles/openshift_hosted/tasks/registry/storage/persistent_volume.yml b/roles/openshift_hosted/tasks/registry/storage/persistent_volume.yml new file mode 100644 index 000000000..6bf859e82 --- /dev/null +++ b/roles/openshift_hosted/tasks/registry/storage/persistent_volume.yml @@ -0,0 +1,18 @@ +--- +- set_fact: + registry_volume_claim: "{{ openshift.hosted.registry.storage.volume.name }}-claim" + +- name: Determine if volume is already attached to dc/docker-registry + command: "{{ openshift.common.client_binary }} get -o template dc/docker-registry --template=\\{\\{.spec.template.spec.volumes\\}\\} --output-version=v1" + changed_when: false + register: registry_volumes_output + +- set_fact: + volume_attached: "{{ registry_volume_claim in registry_volumes_output.stdout }}" + +- name: Add volume to dc/docker-registry + command: > + {{ openshift.common.client_binary }} volume dc/docker-registry + --add --overwrite -t persistentVolumeClaim --claim-name={{ registry_volume_claim }} + --name=registry-storage + when: not volume_attached | bool diff --git a/roles/openshift_hosted/tasks/registry/storage/s3.yml b/roles/openshift_hosted/tasks/registry/storage/s3.yml new file mode 100644 index 000000000..707be9c00 --- /dev/null +++ b/roles/openshift_hosted/tasks/registry/storage/s3.yml @@ -0,0 +1,12 @@ +--- +- fail: + msg: > + openshift_hosted_registry_storage_s3_accesskey and + openshift_hosted_registry_storage_s3_secretkey are required + when: openshift.hosted.registry.storage.s3.accesskey | default(none) is none or openshift.hosted.registry.storage.s3.secretkey | default(none) is none + +- fail: + msg: > + openshift_hosted_registry_storage_s3_bucket and + openshift_hosted_registry_storage_s3_region are required + when: openshift.hosted.registry.storage.s3.bucket | default(none) is none or openshift.hosted.registry.storage.s3.region | default(none) is none |