4 files changed, 59 insertions, 23 deletions

diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml
index 7ece0e061..dae17c3ce 100644
--- a/roles/docker/tasks/main.yml
+++ b/roles/docker/tasks/main.yml
@@ -10,20 +10,28 @@
     l_use_crio: "{{ openshift_use_crio | default(False) }}"
     l_use_crio_only: "{{ openshift_use_crio_only | default(False) }}"
 
+- when:
+    - openshift_deployment_type == 'openshift-enterprise'
+  assert:
+    that:
+      - "openshift_image_tag is defined"
+    msg: >
+      openshift_image_tag is a required inventory variable when installing openshift-enterprise
+
 - name: Use Package Docker if Requested
   include: package_docker.yml
   when:
-  - not l_use_system_container
-  - not l_use_crio_only
+    - not l_use_system_container
+    - not l_use_crio_only
 
 - name: Use System Container Docker if Requested
   include: systemcontainer_docker.yml
   when:
-  - l_use_system_container
-  - not l_use_crio_only
+    - l_use_system_container
+    - not l_use_crio_only
 
 - name: Add CRI-O usage Requested
   include: systemcontainer_crio.yml
   when:
-  - l_use_crio
-  - inventory_hostname in groups['oo_masters_to_config'] or inventory_hostname in groups['oo_nodes_to_config']
+    - l_use_crio
+    - inventory_hostname in groups['oo_masters_to_config'] or inventory_hostname in groups['oo_nodes_to_config']
diff --git a/roles/docker/tasks/package_docker.yml b/roles/docker/tasks/package_docker.yml
index 3e81d5c8e..eab5c3bb1 100644
--- a/roles/docker/tasks/package_docker.yml
+++ b/roles/docker/tasks/package_docker.yml
@@ -61,15 +61,25 @@
 - stat: path=/etc/sysconfig/docker
   register: docker_check
 
-- name: Comment old registry params in /etc/sysconfig/docker
+- name: Set registry params
   lineinfile:
     dest: /etc/sysconfig/docker
     regexp: '^{{ item.reg_conf_var }}=.*$'
-    line: "#{{ item.reg_conf_var }}=''# Moved to {{ containers_registries_conf_path }}"
+    line: "{{ item.reg_conf_var }}='{{ item.reg_fact_val | oo_prepend_strings_in_list(item.reg_flag ~ ' ') | join(' ') }}'"
+  when:
+  - item.reg_fact_val != []
+  - docker_check.stat.isreg is defined
+  - docker_check.stat.isreg
   with_items:
   - reg_conf_var: ADD_REGISTRY
+    reg_fact_val: "{{ l2_docker_additional_registries }}"
+    reg_flag: --add-registry
   - reg_conf_var: BLOCK_REGISTRY
+    reg_fact_val: "{{ l2_docker_blocked_registries }}"
+    reg_flag: --block-registry
   - reg_conf_var: INSECURE_REGISTRY
+    reg_fact_val: "{{ l2_docker_insecure_registries }}"
+    reg_flag: --insecure-registry
   notify:
   - restart docker
 
@@ -127,18 +137,6 @@
   notify:
   - restart docker
 
-- name: Check for credentials file for registry auth
-  stat:
-    path: "{{ docker_cli_auth_config_path }}/config.json"
-  when: oreg_auth_user is defined
-  register: docker_cli_auth_credentials_stat
-
-- name: Create credentials for docker cli registry auth
-  command: "docker --config={{ docker_cli_auth_config_path }} login -u {{ oreg_auth_user }} -p {{ oreg_auth_password }} {{ oreg_host }}"
-  when:
-  - oreg_auth_user is defined
-  - (not docker_cli_auth_credentials_stat.stat.exists or oreg_auth_credentials_replace) | bool
-
 - name: Start the Docker service
   systemd:
     name: docker
@@ -153,4 +151,16 @@
 - set_fact:
     docker_service_status_changed: "{{ r_docker_package_docker_start_result | changed }}"
 
+- name: Check for credentials file for registry auth
+  stat:
+    path: "{{ docker_cli_auth_config_path }}/config.json"
+  when: oreg_auth_user is defined
+  register: docker_cli_auth_credentials_stat
+
+- name: Create credentials for docker cli registry auth
+  command: "docker --config={{ docker_cli_auth_config_path }} login -u {{ oreg_auth_user }} -p {{ oreg_auth_password }} {{ oreg_host }}"
+  when:
+  - oreg_auth_user is defined
+  - (not docker_cli_auth_credentials_stat.stat.exists or oreg_auth_credentials_replace) | bool
+
 - meta: flush_handlers
diff --git a/roles/docker/tasks/systemcontainer_crio.yml b/roles/docker/tasks/systemcontainer_crio.yml
index 66ce475e1..386369d26 100644
--- a/roles/docker/tasks/systemcontainer_crio.yml
+++ b/roles/docker/tasks/systemcontainer_crio.yml
@@ -1,4 +1,5 @@
 ---
+
 # TODO: Much of this file is shared with container engine tasks
 - set_fact:
     l_insecure_crio_registries: "{{ '\"{}\"'.format('\", \"'.join(l2_docker_insecure_registries)) }}"
@@ -92,16 +93,24 @@
 
 - block:
 
-    - name: Set to default prepend
+    - name: Set CRI-O image defaults
       set_fact:
         l_crio_image_prepend: "docker.io/gscrivano"
         l_crio_image_name: "cri-o-fedora"
+        l_crio_image_tag: "latest"
 
     - name: Use Centos based image when distribution is CentOS
       set_fact:
         l_crio_image_name: "cri-o-centos"
       when: ansible_distribution == "CentOS"
 
+    - name: Set CRI-O image tag
+      set_fact:
+        l_crio_image_tag: "{{ openshift_image_tag }}"
+      when:
+        - openshift_deployment_type == 'openshift-enterprise'
+        - openshift_image_tag is defined
+
     - name: Use RHEL based image when distribution is Red Hat
       set_fact:
         l_crio_image_prepend: "registry.access.redhat.com/openshift3"
@@ -110,7 +119,7 @@
 
     - name: Set the full image name
       set_fact:
-        l_crio_image: "{{ l_crio_image_prepend }}/{{ l_crio_image_name }}:latest"
+        l_crio_image: "{{ l_crio_image_prepend }}/{{ l_crio_image_name }}:{{ l_crio_image_tag }}"
 
     # For https://github.com/openshift/aos-cd-jobs/pull/624#pullrequestreview-61816548
     - name: Use a specific image if requested
diff --git a/roles/docker/tasks/systemcontainer_docker.yml b/roles/docker/tasks/systemcontainer_docker.yml
index 8b43393cb..5b1605b58 100644
--- a/roles/docker/tasks/systemcontainer_docker.yml
+++ b/roles/docker/tasks/systemcontainer_docker.yml
@@ -1,4 +1,5 @@
 ---
+
 # If docker_options are provided we should fail. We should not install docker and ignore
 # the users configuration. NOTE: docker_options == inventory:openshift_docker_options
 - name: Fail quickly if openshift_docker_options are set
@@ -89,6 +90,14 @@
     - name: Set to default prepend
       set_fact:
         l_docker_image_prepend: "gscrivano"
+        l_docker_image_tag: "latest"
+
+    - name: Set container engine image tag
+      set_fact:
+        l_docker_image_tag: "{{ openshift_image_tag }}"
+      when:
+        - openshift_deployment_type == 'openshift-enterprise'
+        - openshift_image_tag is defined
 
     - name: Use Red Hat Registry for image when distribution is Red Hat
       set_fact:
@@ -102,7 +111,7 @@
 
     - name: Set the full image name
       set_fact:
-        l_docker_image: "{{ l_docker_image_prepend }}/{{ openshift.docker.service_name }}:latest"
+        l_docker_image: "{{ l_docker_image_prepend }}/{{ openshift.docker.service_name }}:{{ l_docker_image_tag }}"
 
     # For https://github.com/openshift/openshift-ansible/pull/5354#issuecomment-328552959
     - name: Use a specific image if requested