summaryrefslogtreecommitdiffstats
path: root/roles/openshift_master
diff options
context:
space:
mode:
authorMichael Gugino <mgugino@redhat.com>2017-08-17 22:45:05 -0400
committerMichael Gugino <mgugino@redhat.com>2017-08-28 13:49:23 -0400
commit5815311c8fbad15fe23691e010ce7e4a132f6e7c (patch)
treed73d785ef560274a13efdf538c56d81d6d6685f3 /roles/openshift_master
parentca5ebcbb4ee01841ca415df3c5afc61c192e2df2 (diff)
downloadopenshift-5815311c8fbad15fe23691e010ce7e4a132f6e7c.tar.gz
openshift-5815311c8fbad15fe23691e010ce7e4a132f6e7c.tar.bz2
openshift-5815311c8fbad15fe23691e010ce7e4a132f6e7c.tar.xz
openshift-5815311c8fbad15fe23691e010ce7e4a132f6e7c.zip
Add independent registry auth support
Added the ability to support authentication for independent / 3rd party registries. This commit will allow users to provide a `oreg_auth_user` and `oreg_auth_password` to dynmically generate a docker config.json file. The docker config.json file can be used by openshift to authenticate to independent / 3rd party registries. `oreg_host` must supply endpoint connection info in the form of 'hostname.com:port', with (optional) port 443 default. To update the config.json on a later run, the user can specify `oreg_auth_credentials_replace=False` to update the credentials. These settings must be used in tandem with `oreg_url` Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1316341
Diffstat (limited to 'roles/openshift_master')
-rw-r--r--roles/openshift_master/defaults/main.yml5
-rw-r--r--roles/openshift_master/tasks/main.yml16
2 files changed, 21 insertions, 0 deletions
diff --git a/roles/openshift_master/defaults/main.yml b/roles/openshift_master/defaults/main.yml
index cbc879d31..d70106276 100644
--- a/roles/openshift_master/defaults/main.yml
+++ b/roles/openshift_master/defaults/main.yml
@@ -19,3 +19,8 @@ r_openshift_master_os_firewall_allow:
- service: etcd embedded
port: 4001/tcp
cond: "{{ groups.oo_etcd_to_config | default([]) | length == 0 }}"
+
+oreg_url: ''
+oreg_host: "{{ oreg_url.split('/')[0] if '.' in oreg_url.split('/')[0] else '' }}"
+oreg_auth_credentials_path: "{{ openshift.common.data_dir }}/.docker"
+oreg_auth_credentials_replace: False
diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml
index b80941b48..ba56ac94e 100644
--- a/roles/openshift_master/tasks/main.yml
+++ b/roles/openshift_master/tasks/main.yml
@@ -232,6 +232,22 @@
- restart master controllers
when: openshift_master_bootstrap_enabled | default(False)
+- name: Check for credentials file for registry auth
+ stat:
+ path: "{{oreg_auth_credentials_path }}"
+ when:
+ - oreg_auth_user is defined
+ register: master_oreg_auth_credentials_stat
+
+- name: Create credentials for registry auth
+ command: "docker --config={{ oreg_auth_credentials_path }} login -u {{ oreg_auth_user }} -p {{ oreg_auth_password }} {{ oreg_host }}"
+ when:
+ - oreg_auth_user is defined
+ - (not master_oreg_auth_credentials_stat.stat.exists or oreg_auth_credentials_replace) | bool
+ notify:
+ - restart master api
+ - restart master controllers
+
- include: set_loopback_context.yml
when:
- openshift.common.version_gte_3_2_or_1_2