diff options
Diffstat (limited to 'roles/openshift_hosted')
-rw-r--r-- | roles/openshift_hosted/README.md | 1 | ||||
-rw-r--r-- | roles/openshift_hosted/defaults/main.yml | 2 | ||||
-rw-r--r-- | roles/openshift_hosted/tasks/registry.yml | 1 | ||||
-rw-r--r-- | roles/openshift_hosted/tasks/router.yml | 9 | ||||
-rw-r--r-- | roles/openshift_hosted/tasks/secure.yml | 2 | ||||
-rw-r--r-- | roles/openshift_hosted/templates/registry_config.j2 | 4 |
6 files changed, 12 insertions, 7 deletions
diff --git a/roles/openshift_hosted/README.md b/roles/openshift_hosted/README.md index 29ae58556..d6f6e3e09 100644 --- a/roles/openshift_hosted/README.md +++ b/roles/openshift_hosted/README.md @@ -27,6 +27,7 @@ From this role: | openshift_hosted_registry_replicas | Number of nodes matching selector | The number of replicas to configure. | | openshift_hosted_registry_selector | region=infra | Node selector used when creating registry. The OpenShift registry will only be deployed to nodes matching this selector. | | openshift_hosted_registry_cert_expire_days | `730` (2 years) | Validity of the certificates in days. Works only with OpenShift version 1.5 (3.5) and later. | +| openshift_hosted_registry_clusterip | None | Cluster IP for registry service | If you specify `openshift_hosted_registry_kind=glusterfs`, the following variables also control configuration behavior: diff --git a/roles/openshift_hosted/defaults/main.yml b/roles/openshift_hosted/defaults/main.yml index c234c3740..2af42fba4 100644 --- a/roles/openshift_hosted/defaults/main.yml +++ b/roles/openshift_hosted/defaults/main.yml @@ -69,7 +69,6 @@ r_openshift_hosted_registry_use_firewalld: "{{ os_firewall_use_firewalld | defau openshift_hosted_registry_name: docker-registry openshift_hosted_registry_wait: "{{ not (openshift_master_bootstrap_enabled | default(False)) }}" -registry_volume_claim: 'registry-claim' openshift_hosted_registry_cert_expire_days: 730 r_openshift_hosted_registry_os_firewall_deny: [] @@ -81,6 +80,7 @@ r_openshift_hosted_registry_os_firewall_allow: openshift_hosted_registry_serviceaccount: registry openshift_hosted_registry_volumes: [] openshift_hosted_registry_env_vars: {} +openshift_hosted_registry_clusterip: null # These edits are being specified only to prevent 'changed' on rerun openshift_hosted_registry_edits: diff --git a/roles/openshift_hosted/tasks/registry.yml b/roles/openshift_hosted/tasks/registry.yml index f1aa9c5a8..eaaac9da2 100644 --- a/roles/openshift_hosted/tasks/registry.yml +++ b/roles/openshift_hosted/tasks/registry.yml @@ -89,6 +89,7 @@ docker-registry: default session_affinity: ClientIP service_type: ClusterIP + clusterip: '{{ openshift_hosted_registry_clusterip | default(omit) }}' - include: secure.yml static: no diff --git a/roles/openshift_hosted/tasks/router.yml b/roles/openshift_hosted/tasks/router.yml index 2aceef9e4..dd7053656 100644 --- a/roles/openshift_hosted/tasks/router.yml +++ b/roles/openshift_hosted/tasks/router.yml @@ -29,7 +29,9 @@ src: "{{ item }}" with_items: "{{ openshift_hosted_routers | oo_collect(attribute='certificate') | oo_select_keys_from_list(['keyfile', 'certfile', 'cafile']) }}" - when: ( not openshift_hosted_router_create_certificate | bool ) or openshift_hosted_router_certificate != {} + when: ( not openshift_hosted_router_create_certificate | bool ) or openshift_hosted_router_certificate != {} or + ( openshift_hosted_routers | oo_collect(attribute='certificate') | oo_select_keys_from_list(['keyfile', 'certfile', 'cafile'])|length > 0 ) + # This is for when we desire a cluster signed cert # The certificate is generated and placed in master_config_dir/ @@ -42,8 +44,8 @@ hostnames: - "{{ openshift_master_default_subdomain | default('router.default.svc.cluster.local') }}" - "*.{{ openshift_master_default_subdomain | default('router.default.svc.cluster.local') }}" - cert: "{{ ('/etc/origin/master/' ~ (item.certificate.certfile | basename)) if 'certfile' in item.certificate else ((openshift_master_config_dir) ~ '/openshift-router.crt') }}" - key: "{{ ('/etc/origin/master/' ~ (item.certificate.keyfile | basename)) if 'keyfile' in item.certificate else ((openshift_master_config_dir) ~ '/openshift-router.key') }}" + cert: "{{ openshift_master_config_dir ~ '/openshift-router.crt' }}" + key: "{{ openshift_master_config_dir ~ '/openshift-router.key' }}" with_items: "{{ openshift_hosted_routers }}" - name: set the openshift_hosted_router_certificate @@ -55,6 +57,7 @@ when: - openshift_hosted_router_create_certificate | bool - openshift_hosted_router_certificate == {} + - openshift_hosted_routers | oo_collect(attribute='certificate') | oo_select_keys_from_list(['keyfile', 'certfile', 'cafile'])|length == 0 - name: Create the router service account(s) oc_serviceaccount: diff --git a/roles/openshift_hosted/tasks/secure.yml b/roles/openshift_hosted/tasks/secure.yml index 0da8ac8a7..174bc39a4 100644 --- a/roles/openshift_hosted/tasks/secure.yml +++ b/roles/openshift_hosted/tasks/secure.yml @@ -42,7 +42,7 @@ - "{{ openshift_hosted_registry_routehost }}" cert: "{{ docker_registry_cert_path }}" key: "{{ docker_registry_key_path }}" - expire_days: "{{ openshift_hosted_registry_cert_expire_days if openshift_version | oo_version_gte_3_5_or_1_5(openshift_deployment_type) | bool else omit }}" + expire_days: "{{ openshift_hosted_registry_cert_expire_days }}" register: registry_self_cert when: docker_registry_self_signed diff --git a/roles/openshift_hosted/templates/registry_config.j2 b/roles/openshift_hosted/templates/registry_config.j2 index eae8b328e..222b63b8a 100644 --- a/roles/openshift_hosted/templates/registry_config.j2 +++ b/roles/openshift_hosted/templates/registry_config.j2 @@ -53,7 +53,7 @@ storage: {% if openshift_hosted_registry_storage_swift_domain is defined %} domain: {{ openshift_hosted_registry_storage_swift_domain }} {% endif -%} -{% if openshift_hosted_registry_storage_swift_domainid %} +{% if openshift_hosted_registry_storage_swift_domainid is defined %} domainid: {{ openshift_hosted_registry_storage_swift_domainid }} {% endif -%} {% elif openshift_hosted_registry_storage_provider | default('') == 'gcs' %} @@ -63,7 +63,7 @@ storage: keyfile: /etc/registry/gcs.json {% endif -%} {% if openshift_hosted_registry_storage_gcs_rootdirectory is defined %} - rootdirectory: {{ openshift_hosted_registry_storage_gcs_rootdirectory }} + rootdirectory: {{ openshift_hosted_registry_storage_gcs_rootdirectory | default('/registry') }} {% endif -%} {% endif -%} auth: |