diff options
author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2018-02-02 06:19:06 -0800 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-02-02 06:19:06 -0800 |
commit | 3e2c7c22a54a3ccf88b49742003a3a4a937683f8 (patch) | |
tree | 015acc050e865872a03700974cb73fa47c9dc940 /playbooks/common/openshift-cluster | |
parent | 22462aa17098116660d4600c9a1e87cd3ad40698 (diff) | |
parent | 8e0b7761a128a4851db439b9597869b17b6174b1 (diff) | |
download | openshift-3e2c7c22a54a3ccf88b49742003a3a4a937683f8.tar.gz openshift-3e2c7c22a54a3ccf88b49742003a3a4a937683f8.tar.bz2 openshift-3e2c7c22a54a3ccf88b49742003a3a4a937683f8.tar.xz openshift-3e2c7c22a54a3ccf88b49742003a3a4a937683f8.zip |
Merge pull request #6851 from kwoodson/upgrade_dns_push
Automatic merge from submit-queue.
Upgrade to migrate to using push to DNS for registries.
This is the beginning of the migration to push to docker-registry by DNS. This migrates users by rerolling their certificates and then redeploying the registry so that hosts can push to the registries with the newly created certificates.
Diffstat (limited to 'playbooks/common/openshift-cluster')
-rw-r--r-- | playbooks/common/openshift-cluster/upgrades/post_control_plane.yml | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/playbooks/common/openshift-cluster/upgrades/post_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/post_control_plane.yml index de612da21..f44ab3580 100644 --- a/playbooks/common/openshift-cluster/upgrades/post_control_plane.yml +++ b/playbooks/common/openshift-cluster/upgrades/post_control_plane.yml @@ -113,6 +113,22 @@ registry_url: "{{ openshift.master.registry_url }}" openshift_hosted_templates_import_command: replace + post_tasks: + # we need to migrate customers to the new pattern of pushing to the registry via dns + # Step 1: verify the certificates have the docker registry service name + - shell: > + echo -n | openssl s_client -showcerts -servername docker-registry.default.svc -connect docker-registry.default.svc:5000 | openssl x509 -text | grep -A1 'X509v3 Subject Alternative Name:' | grep -Pq 'DNS:docker-registry\.default\.svc(,|$)' + register: cert_output + + # Step 2: Set a fact to be used to determine if we should run the redeploy of registry certs + - name: set a fact to include the registry certs playbook if needed + set_fact: + openshift_hosted_rollout_certs_and_registry: "{{ cert_output.rc == 0 }}" + +# Run the redeploy certs based upon the certificates +- when: hostvars[groups.oo_first_master.0].openshift_hosted_rollout_certs_and_registry + import_playbook: ../../../openshift-hosted/redeploy-registry-certificates.yml + # Check for warnings to be printed at the end of the upgrade: - name: Clean up and display warnings hosts: oo_masters_to_config |