blob: 9db67ecc6fbbf73effdace244bca47f694ace3b5 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
|
- fail:
msg: >
Object Storage Provider: {{ openshift.hosted.registry.storage.provider }}
is not currently supported
when: openshift.hosted.registry.storage.provider not in ['azure_blob', 's3', 'swift']
- fail:
msg: >
Support for provider: "{{ openshift.hosted.registry.storage.provider }}"
not implemented yet
when: openshift.hosted.registry.storage.provider in ['azure_blob', 'swift']
- include: s3.yml
when: openshift.hosted.registry.storage.provider == 's3'
- name: Test if docker registry config secret exists
command: >
{{ openshift.common.client_binary }}
--config={{ openshift_hosted_kubeconfig }}
--namespace={{ openshift.hosted.registry.namespace | default('default') }}
get secrets {{ registry_config_secret_name }} -o json
register: secrets
changed_when: false
failed_when: false
- set_fact:
registry_config: "{{ lookup('template', '../templates/registry_config.j2') | b64encode }}"
- set_fact:
registry_config_secret: "{{ lookup('template', '../templates/registry_config_secret.j2') | from_yaml }}"
- set_fact:
same_storage_provider: "{{ (secrets.stdout|from_json)['metadata']['annotations']['provider'] | default(none) == openshift.hosted.registry.storage.provider }}"
when: secrets.rc == 0
- name: Update registry config secret
command: >
{{ openshift.common.client_binary }}
--config={{ openshift_hosted_kubeconfig }}
--namespace={{ openshift.hosted.registry.namespace | default('default') }}
patch secret/{{ registry_config_secret_name }}
-p '{"data": {"config.yml": "{{ registry_config }}"}}'
register: update_config_secret
when: secrets.rc == 0 and (secrets.stdout|from_json)['data']['config.yml'] != registry_config and same_storage_provider | bool
- name: Create registry config secret
shell: >
echo '{{ registry_config_secret |to_json }}' |
{{ openshift.common.client_binary }}
--config={{ openshift_hosted_kubeconfig }}
--namespace={{ openshift.hosted.registry.namespace | default('default') }}
create -f -
when: secrets.rc == 1
- name: Determine if service account contains secrets
command: >
{{ openshift.common.client_binary }}
--config={{ openshift_hosted_kubeconfig }}
--namespace={{ openshift.hosted.registry.namespace | default('default') }}
get serviceaccounts registry
-o jsonpath='{.secrets[?(@.name=="{{ registry_config_secret_name }}")].name}'
register: serviceaccount
changed_when: false
- name: Add secrets to registry service account
command: >
{{ openshift.common.client_binary }}
--config={{ openshift_hosted_kubeconfig }}
--namespace={{ openshift.hosted.registry.namespace | default('default') }}
secrets add serviceaccount/registry secrets/{{ registry_config_secret_name }}
when: serviceaccount.stdout == ''
- name: Determine if deployment config contains secrets
command: >
{{ openshift.common.client_binary }}
--config={{ openshift_hosted_kubeconfig }}
--namespace={{ openshift.hosted.registry.namespace | default('default') }}
set volumes dc/docker-registry --list
register: volume
changed_when: false
- name: Add secrets to registry deployment config
command: >
{{ openshift.common.client_binary }}
--config={{ openshift_hosted_kubeconfig }}
--namespace={{ openshift.hosted.registry.namespace | default('default') }}
set volumes dc/docker-registry --add --name=docker-config -m /etc/registry
--type=secret --secret-name={{ registry_config_secret_name }}
when: registry_config_secret_name not in volume.stdout
- name: Determine if registry environment variable needs to be created
command: >
{{ openshift.common.client_binary }}
--config={{ openshift_hosted_kubeconfig }}
--namespace={{ openshift.hosted.registry.namespace | default('default') }}
set env --list dc/docker-registry
register: oc_env
changed_when: false
- name: Add registry environment variable
command: >
{{ openshift.common.client_binary }}
--config={{ openshift_hosted_kubeconfig }}
--namespace={{ openshift.hosted.registry.namespace | default('default') }}
set env dc/docker-registry REGISTRY_CONFIGURATION_PATH=/etc/registry/config.yml
when: "'REGISTRY_CONFIGURATION_PATH' not in oc_env.stdout"
- name: Redeploy registry
command: >
{{ openshift.common.client_binary }}
--config={{ openshift_hosted_kubeconfig }}
--namespace={{ openshift.hosted.registry.namespace | default('default') }}
deploy dc/docker-registry --latest
when: secrets.rc == 0 and update_config_secret.rc == 0 and same_storage_provider | bool
|