diff options
author | Michael Gugino <mgugino@redhat.com> | 2017-08-17 22:45:05 -0400 |
---|---|---|
committer | Michael Gugino <mgugino@redhat.com> | 2017-08-28 13:49:23 -0400 |
commit | 5815311c8fbad15fe23691e010ce7e4a132f6e7c (patch) | |
tree | d73d785ef560274a13efdf538c56d81d6d6685f3 /roles/openshift_master | |
parent | ca5ebcbb4ee01841ca415df3c5afc61c192e2df2 (diff) | |
download | openshift-5815311c8fbad15fe23691e010ce7e4a132f6e7c.tar.gz openshift-5815311c8fbad15fe23691e010ce7e4a132f6e7c.tar.bz2 openshift-5815311c8fbad15fe23691e010ce7e4a132f6e7c.tar.xz openshift-5815311c8fbad15fe23691e010ce7e4a132f6e7c.zip |
Add independent registry auth support
Added the ability to support authentication for independent / 3rd party
registries. This commit will allow users to provide a `oreg_auth_user` and
`oreg_auth_password` to dynmically generate a docker config.json file.
The docker config.json file can be used by openshift to authenticate to
independent / 3rd party registries. `oreg_host` must supply endpoint connection
info in the form of 'hostname.com:port', with (optional) port 443 default.
To update the config.json on a later run, the user can specify
`oreg_auth_credentials_replace=False` to update the credentials.
These settings must be used in tandem with `oreg_url`
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1316341
Diffstat (limited to 'roles/openshift_master')
-rw-r--r-- | roles/openshift_master/defaults/main.yml | 5 | ||||
-rw-r--r-- | roles/openshift_master/tasks/main.yml | 16 |
2 files changed, 21 insertions, 0 deletions
diff --git a/roles/openshift_master/defaults/main.yml b/roles/openshift_master/defaults/main.yml index cbc879d31..d70106276 100644 --- a/roles/openshift_master/defaults/main.yml +++ b/roles/openshift_master/defaults/main.yml @@ -19,3 +19,8 @@ r_openshift_master_os_firewall_allow: - service: etcd embedded port: 4001/tcp cond: "{{ groups.oo_etcd_to_config | default([]) | length == 0 }}" + +oreg_url: '' +oreg_host: "{{ oreg_url.split('/')[0] if '.' in oreg_url.split('/')[0] else '' }}" +oreg_auth_credentials_path: "{{ openshift.common.data_dir }}/.docker" +oreg_auth_credentials_replace: False diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index b80941b48..ba56ac94e 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -232,6 +232,22 @@ - restart master controllers when: openshift_master_bootstrap_enabled | default(False) +- name: Check for credentials file for registry auth + stat: + path: "{{oreg_auth_credentials_path }}" + when: + - oreg_auth_user is defined + register: master_oreg_auth_credentials_stat + +- name: Create credentials for registry auth + command: "docker --config={{ oreg_auth_credentials_path }} login -u {{ oreg_auth_user }} -p {{ oreg_auth_password }} {{ oreg_host }}" + when: + - oreg_auth_user is defined + - (not master_oreg_auth_credentials_stat.stat.exists or oreg_auth_credentials_replace) | bool + notify: + - restart master api + - restart master controllers + - include: set_loopback_context.yml when: - openshift.common.version_gte_3_2_or_1_2 |