From 6826f27769563d30194818a0f13b9da086ddf7ab Mon Sep 17 00:00:00 2001
From: Andrew Butcher <abutcher@redhat.com>
Date: Mon, 26 Sep 2016 10:36:02 -0400
Subject: Further secure registry improvements

- Default to hosted_registry_insecure=False
- Add openshift ca to system ca-trust.
- Update ca trust in openshift_node_certificates rather than docker_ca_trust
---
 roles/openshift_node_certificates/handlers/main.yml | 10 ++++++++++
 1 file changed, 10 insertions(+)
 create mode 100644 roles/openshift_node_certificates/handlers/main.yml

(limited to 'roles/openshift_node_certificates/handlers/main.yml')

diff --git a/roles/openshift_node_certificates/handlers/main.yml b/roles/openshift_node_certificates/handlers/main.yml
new file mode 100644
index 000000000..f2299cecf
--- /dev/null
+++ b/roles/openshift_node_certificates/handlers/main.yml
@@ -0,0 +1,10 @@
+---
+- name: update ca trust
+  command: update-ca-trust
+  notify:
+  - restart docker after updating ca trust
+
+- name: restart docker after updating ca trust
+  service:
+    name: docker
+    state: restarted
-- 
cgit v1.2.3