summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJason DeTiberus <jdetiber@redhat.com>2016-03-15 22:21:39 -0400
committerJason DeTiberus <jdetiber@redhat.com>2016-03-17 00:46:02 -0400
commitbc114a192e2682204aa237fb7d69009ddfa5b747 (patch)
tree081da29f0ab839e6530eb183dcb4ea6b44fcb14c
parent4551e7cddf4a9d1756a064fd31777b6bed7d3567 (diff)
downloadopenshift-bc114a192e2682204aa237fb7d69009ddfa5b747.tar.gz
openshift-bc114a192e2682204aa237fb7d69009ddfa5b747.tar.bz2
openshift-bc114a192e2682204aa237fb7d69009ddfa5b747.tar.xz
openshift-bc114a192e2682204aa237fb7d69009ddfa5b747.zip
Bug 1317755 - Set insecure-registry for internal registry by default
-rw-r--r--playbooks/common/openshift-node/config.yml10
-rw-r--r--roles/docker/handlers/main.yml2
-rw-r--r--roles/docker/tasks/main.yml2
-rw-r--r--roles/openshift_docker_facts/tasks/main.yml17
-rwxr-xr-xroles/openshift_facts/library/openshift_facts.py5
-rw-r--r--roles/openshift_node/tasks/main.yml1
6 files changed, 29 insertions, 8 deletions
diff --git a/playbooks/common/openshift-node/config.yml b/playbooks/common/openshift-node/config.yml
index 1f32f2786..1116a8178 100644
--- a/playbooks/common/openshift-node/config.yml
+++ b/playbooks/common/openshift-node/config.yml
@@ -115,6 +115,11 @@
vars:
openshift_node_master_api_url: "{{ hostvars[groups.oo_first_master.0].openshift.master.api_url }}"
openshift_node_first_master_ip: "{{ hostvars[groups.oo_first_master.0].openshift.common.ip }}"
+ # TODO: configure these based on
+ # hostvars[groups.oo_first_master.0].openshift.hosted.registry instead of
+ # hardcoding
+ openshift_docker_hosted_registry_insecure: True
+ openshift_docker_hosted_registry_network: "{{ hostvars[groups.oo_first_master.0].openshift.master.portal_net }}"
roles:
- openshift_node
@@ -123,6 +128,11 @@
vars:
openshift_node_master_api_url: "{{ hostvars[groups.oo_first_master.0].openshift.master.api_url }}"
openshift_node_first_master_ip: "{{ hostvars[groups.oo_first_master.0].openshift.common.ip }}"
+ # TODO: configure these based on
+ # hostvars[groups.oo_first_master.0].openshift.hosted.registry instead of
+ # hardcoding
+ openshift_docker_hosted_registry_insecure: True
+ openshift_docker_hosted_registry_network: "{{ hostvars[groups.oo_first_master.0].openshift.master.portal_net }}"
roles:
- openshift_node
diff --git a/roles/docker/handlers/main.yml b/roles/docker/handlers/main.yml
index 9f827417f..aff905bc8 100644
--- a/roles/docker/handlers/main.yml
+++ b/roles/docker/handlers/main.yml
@@ -4,7 +4,7 @@
service:
name: docker
state: restarted
- when: not docker_service_status_changed | default(false)
+ when: not docker_service_status_changed | default(false) | bool
- name: restart udev
service:
diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml
index 506cecfea..d634996fb 100644
--- a/roles/docker/tasks/main.yml
+++ b/roles/docker/tasks/main.yml
@@ -76,3 +76,5 @@
when: docker_check.stat.isreg
notify:
- restart docker
+
+- meta: flush_handlers
diff --git a/roles/openshift_docker_facts/tasks/main.yml b/roles/openshift_docker_facts/tasks/main.yml
index ad7ad3748..26b46aa94 100644
--- a/roles/openshift_docker_facts/tasks/main.yml
+++ b/roles/openshift_docker_facts/tasks/main.yml
@@ -13,11 +13,9 @@
log_options: "{{ openshift_docker_log_options | default(None) }}"
options: "{{ openshift_docker_options | default(None) }}"
disable_push_dockerhub: "{{ openshift_disable_push_dockerhub | default(None) }}"
- - role: node
- local_facts:
- portal_net: "{{ openshift_master_portal_net | default(None) }}"
+ hosted_registry_insecure: "{{ openshift_docker_hosted_registry_insecure | default(None) }}"
+ hosted_registry_network: "{{ openshift_docker_hosted_registry_network | default(None) }}"
-# TODO: append openshift.node.portal_net to docker_insecure_registries
- set_fact:
docker_additional_registries: "{{ openshift.docker.additional_registries
| default(omit) }}"
@@ -27,6 +25,15 @@
| default(omit) }}"
docker_log_driver: "{{ openshift.docker.log_driver | default(omit) }}"
docker_log_options: "{{ openshift.docker.log_options | default(omit) }}"
- docker_options: "{{ openshift.docker.options | default(omit) }}"
docker_push_dockerhub: "{{ openshift.docker.disable_push_dockerhub
| default(omit) }}"
+
+- set_fact:
+ docker_options: >
+ --insecure-registry={{ openshift.docker.hosted_registry_network }}
+ {{ openshift.docker.options | default ('') }}
+ when: openshift.docker.hosted_registry_insecure | default(False) | bool
+
+- set_fact:
+ docker_options: "{{ openshift.docker.options | default(omit) }}"
+ when: not openshift.docker.hosted_registry_insecure | default(False) | bool
diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py
index b06900681..263daf210 100755
--- a/roles/openshift_facts/library/openshift_facts.py
+++ b/roles/openshift_facts/library/openshift_facts.py
@@ -50,6 +50,10 @@ def migrate_docker_facts(facts):
old_param = 'docker_' + param
if old_param in facts[role]:
facts['docker'][param] = facts[role].pop(old_param)
+
+ if 'node' in facts and 'portal_net' in facts['node']:
+ facts['docker']['hosted_registry_insecure'] = True
+ facts['docker']['hosted_registry_network'] = facts['node'].pop('portal_net')
return facts
def migrate_local_facts(facts):
@@ -1402,7 +1406,6 @@ class OpenShiftFacts(object):
if 'node' in roles:
defaults['node'] = dict(labels={}, annotations={},
- portal_net='172.30.0.0/16',
iptables_sync_period='5s',
set_node_ip=False)
diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml
index 8768d426b..81efd2cec 100644
--- a/roles/openshift_node/tasks/main.yml
+++ b/roles/openshift_node/tasks/main.yml
@@ -23,7 +23,6 @@
iptables_sync_period: "{{ openshift_node_iptables_sync_period | default(None) }}"
kubelet_args: "{{ openshift_node_kubelet_args | default(None) }}"
labels: "{{ lookup('oo_option', 'openshift_node_labels') | default( openshift_node_labels | default(none), true) }}"
- portal_net: "{{ openshift_master_portal_net | default(None) }}"
registry_url: "{{ oreg_url | default(none) }}"
schedulable: "{{ openshift_schedulable | default(openshift_scheduleable) | default(None) }}"
sdn_mtu: "{{ openshift_node_sdn_mtu | default(None) }}"