blob: 48e5b0fba8f1bc591956964db0180be781bcd481 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
|
---
- name: Validate route termination configuration
fail:
msg: >
When 'openshift_hosted_registry_routetermination' is 'reencrypt', you must
provide certificate files with 'openshift_hosted_registry_routecertificates'
when: ('certfile' not in openshift_hosted_registry_routecertificates) or
('keyfile' not in openshift_hosted_registry_routecertificates) or
('cafile' not in openshift_hosted_registry_routecertificates)
- name: Configure self-signed certificate file paths
set_fact:
docker_registry_cert_path: "{{ openshift_master_config_dir }}/registry.crt"
docker_registry_key_path: "{{ openshift_master_config_dir }}/registry.key"
docker_registry_cacert_path: "{{ openshift_master_config_dir }}/ca.crt"
docker_registry_self_signed: true
- name: Retrieve provided certificate files
copy:
backup: True
dest: "{{ openshift_master_config_dir }}/named_certificates/{{ item.value | basename }}"
src: "{{ item.value }}"
when: item.key in ['certfile', 'keyfile', 'cafile'] and item.value
with_dict: "{{ openshift_hosted_registry_routecertificates }}"
# Encrypt with the provided certificate and provide the dest_cacert for the
# self-signed certificate at the endpoint
- name: Configure a reencrypt route for docker-registry
oc_route:
name: docker-registry
namespace: "{{ openshift_hosted_registry_namespace }}"
service_name: docker-registry
tls_termination: "{{ openshift_hosted_registry_routetermination }}"
host: "{{ openshift_hosted_registry_routehost | default(omit, true) }}"
cert_path: "{{ openshift_master_config_dir }}/named_certificates/{{ openshift_hosted_registry_routecertificates['certfile'] | basename }}"
key_path: "{{ openshift_master_config_dir }}/named_certificates/{{ openshift_hosted_registry_routecertificates['keyfile'] | basename }}"
cacert_path: "{{ openshift_master_config_dir }}/named_certificates/{{ openshift_hosted_registry_routecertificates['cafile'] | basename }}"
dest_cacert_path: "{{ openshift_master_config_dir }}/ca.crt"
|