summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorScott Dodson <sdodson@redhat.com>2016-10-26 16:49:11 -0400
committerGitHub <noreply@github.com>2016-10-26 16:49:11 -0400
commitcab68138cd264b9a4cb5dad9801a42ee50e1bc9b (patch)
tree803b6245cb49fc7e22f58af895243869a529b6bb
parent52ab71a6f741f2477ab395d48dacfe609cf1411a (diff)
parent33da79e7389a3fceeaf735663fd8051a0a2fe057 (diff)
downloadopenshift-cab68138cd264b9a4cb5dad9801a42ee50e1bc9b.tar.gz
openshift-cab68138cd264b9a4cb5dad9801a42ee50e1bc9b.tar.bz2
openshift-cab68138cd264b9a4cb5dad9801a42ee50e1bc9b.tar.xz
openshift-cab68138cd264b9a4cb5dad9801a42ee50e1bc9b.zip
Merge pull request #2670 from abutcher/hosted-registry-insecure
Bug 1388016 - The insecure-registry address was removed during upgrade
-rw-r--r--playbooks/common/openshift-cluster/openshift_hosted.yml2
-rw-r--r--roles/openshift_docker_facts/tasks/main.yml2
-rwxr-xr-xroles/openshift_facts/library/openshift_facts.py23
-rw-r--r--roles/openshift_hosted/tasks/registry/registry.yml2
4 files changed, 24 insertions, 5 deletions
diff --git a/playbooks/common/openshift-cluster/openshift_hosted.yml b/playbooks/common/openshift-cluster/openshift_hosted.yml
index 352d266a5..ccbba54b4 100644
--- a/playbooks/common/openshift-cluster/openshift_hosted.yml
+++ b/playbooks/common/openshift-cluster/openshift_hosted.yml
@@ -65,4 +65,4 @@
openshift_hosted_logging_elasticsearch_ops_pvc_prefix: "{{ 'logging-es' if openshift_hosted_logging_storage_kind | default(none) =='dynamic' else '' }}"
- role: cockpit-ui
- when: ( openshift.common.version_gte_3_3_or_1_3 | bool ) and ( openshift_hosted_manage_registry | default(true) | bool )
+ when: ( openshift.common.version_gte_3_3_or_1_3 | bool ) and ( openshift_hosted_manage_registry | default(true) | bool ) and not (openshift.docker.hosted_registry_insecure | default(false) | bool)
diff --git a/roles/openshift_docker_facts/tasks/main.yml b/roles/openshift_docker_facts/tasks/main.yml
index 0c8a36d65..c690c5243 100644
--- a/roles/openshift_docker_facts/tasks/main.yml
+++ b/roles/openshift_docker_facts/tasks/main.yml
@@ -13,7 +13,7 @@
log_options: "{{ openshift_docker_log_options | default(None) }}"
options: "{{ openshift_docker_options | default(None) }}"
disable_push_dockerhub: "{{ openshift_disable_push_dockerhub | default(None) }}"
- hosted_registry_insecure: "{{ openshift_docker_hosted_registry_insecure | default(False) }}"
+ hosted_registry_insecure: "{{ openshift_docker_hosted_registry_insecure | default(openshift.docker.hosted_registry_insecure | default(False)) }}"
hosted_registry_network: "{{ openshift_docker_hosted_registry_network | default(None) }}"
- set_fact:
diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py
index 1d611f010..0a783b164 100755
--- a/roles/openshift_facts/library/openshift_facts.py
+++ b/roles/openshift_facts/library/openshift_facts.py
@@ -55,7 +55,6 @@ def migrate_docker_facts(facts):
facts['docker'][param] = facts[role].pop(old_param)
if 'node' in facts and 'portal_net' in facts['node']:
- facts['docker']['hosted_registry_insecure'] = True
facts['docker']['hosted_registry_network'] = facts['node'].pop('portal_net')
# log_options was originally meant to be a comma separated string, but
@@ -1171,6 +1170,24 @@ def get_docker_version_info():
}
return result
+def get_hosted_registry_insecure():
+ """ Parses OPTIONS from /etc/sysconfig/docker to determine if the
+ registry is currently insecure.
+ """
+ hosted_registry_insecure = None
+ if os.path.exists('/etc/sysconfig/docker'):
+ try:
+ ini_str = unicode('[root]\n' + open('/etc/sysconfig/docker', 'r').read(), 'utf-8')
+ ini_fp = io.StringIO(ini_str)
+ config = ConfigParser.RawConfigParser()
+ config.readfp(ini_fp)
+ options = config.get('root', 'OPTIONS')
+ if 'insecure-registry' in options:
+ hosted_registry_insecure = True
+ except:
+ pass
+ return hosted_registry_insecure
+
def get_openshift_version(facts):
""" Get current version of openshift on the host.
@@ -1826,13 +1843,15 @@ class OpenShiftFacts(object):
if 'docker' in roles:
docker = dict(disable_push_dockerhub=False,
- hosted_registry_insecure=True,
options='--log-driver=json-file --log-opt max-size=50m')
version_info = get_docker_version_info()
if version_info is not None:
docker['api_version'] = version_info['api_version']
docker['version'] = version_info['version']
docker['gte_1_10'] = LooseVersion(version_info['version']) >= LooseVersion('1.10')
+ hosted_registry_insecure = get_hosted_registry_insecure()
+ if hosted_registry_insecure is not None:
+ docker['hosted_registry_insecure'] = hosted_registry_insecure
defaults['docker'] = docker
if 'clock' in roles:
diff --git a/roles/openshift_hosted/tasks/registry/registry.yml b/roles/openshift_hosted/tasks/registry/registry.yml
index c29df1873..93b701ebc 100644
--- a/roles/openshift_hosted/tasks/registry/registry.yml
+++ b/roles/openshift_hosted/tasks/registry/registry.yml
@@ -53,7 +53,7 @@
- include: secure.yml
static: no
- when: replicas | int > 0
+ when: replicas | int > 0 and not (openshift.docker.hosted_registry_insecure | default(false) | bool)
- include: storage/object_storage.yml
static: no