blob: 38ce92e92f5c8ecf603fcf6f640b5faba198dd2a (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
|
---
# This playbook creates an S3 bucket named after your cluster and configures the docker-registry service to use the bucket as its backend storage.
# Usage:
# ansible-playbook s3_registry.yml -e clusterid="mycluster" -e aws_bucket="clusterid-docker" -e aws_region="us-east-1"
#
# The AWS access/secret keys should be the keys of a separate user (not your main user), containing only the necessary S3 access role.
# The 'clusterid' is the short name of your cluster.
- hosts: tag_clusterid_{{ clusterid }}:&tag_host-type_openshift-master
remote_user: root
gather_facts: False
vars:
aws_access_key: "{{ lookup('env', 'S3_ACCESS_KEY_ID') }}"
aws_secret_key: "{{ lookup('env', 'S3_SECRET_ACCESS_KEY') }}"
aws_bucket_name: "{{ aws_bucket | default(clusterid ~ '-docker') }}"
aws_bucket_region: "{{ aws_region | default(lookup('env', 'S3_REGION') | default('us-east-1', true)) }}"
tasks:
- name: Check for AWS creds
fail:
msg: "Couldn't find {{ item }} creds in ENV"
when: "{{ item }} == ''"
with_items:
- aws_access_key
- aws_secret_key
- name: Scale down registry
command: oc scale --replicas=0 dc/docker-registry
- name: Create S3 bucket
local_action:
module: s3 bucket="{{ aws_bucket_name }}" mode=create
- name: Set up registry environment variable
command: oc env dc/docker-registry REGISTRY_CONFIGURATION_PATH=/etc/registryconfig/config.yml
- name: Generate docker registry config
template: src="s3_registry.j2" dest="/root/config.yml" owner=root mode=0600
- name: Determine if new secrets are needed
command: oc get secrets
register: secrets
- name: Create registry secrets
command: oc secrets new dockerregistry /root/config.yml
when: "'dockerregistry' not in secrets.stdout"
- name: Determine if service account contains secrets
command: oc describe serviceaccount/registry
register: serviceaccount
- name: Add secrets to registry service account
command: oc secrets add serviceaccount/registry secrets/dockerregistry
when: "'dockerregistry' not in serviceaccount.stdout"
- name: Determine if deployment config contains secrets
command: oc volume dc/docker-registry --list
register: dc
- name: Add secrets to registry deployment config
command: oc volume dc/docker-registry --add --name=dockersecrets -m /etc/registryconfig --type=secret --secret-name=dockerregistry
when: "'dockersecrets' not in dc.stdout"
- name: Wait for deployment config to take effect before scaling up
pause: seconds=30
- name: Scale up registry
command: oc scale --replicas=1 dc/docker-registry
- name: Delete temporary config file
file: path=/root/config.yml state=absent
|