diff options
Diffstat (limited to 'roles')
-rw-r--r-- | roles/openshift_docker/tasks/main.yml | 32 | ||||
-rwxr-xr-x | roles/openshift_facts/library/openshift_facts.py | 5 | ||||
-rw-r--r-- | roles/openshift_node/tasks/main.yml | 2 |
3 files changed, 31 insertions, 8 deletions
diff --git a/roles/openshift_docker/tasks/main.yml b/roles/openshift_docker/tasks/main.yml index 4f9fe1f97..75e782eef 100644 --- a/roles/openshift_docker/tasks/main.yml +++ b/roles/openshift_docker/tasks/main.yml @@ -1,18 +1,30 @@ --- -- openshift_facts: - role: common +- name: Set docker facts + openshift_facts: + role: "{{ item.role }}" + local_facts: "{{ item.local_facts }}" + with_items: + - role: common local_facts: deployment_type: "{{ openshift_deployment_type }}" docker_additional_registries: "{{ docker_additional_registries }}" docker_insecure_registries: "{{ docker_insecure_registries }}" docker_blocked_registries: "{{ docker_blocked_registries }}" + - role: node + local_facts: + portal_net: "{{ openshift_master_portal_net | default(None) }}" + docker_log_driver: "{{ lookup( 'oo_option' , 'docker_log_driver' ) | default('',True) }}" + docker_log_options: "{{ lookup( 'oo_option' , 'docker_log_options' ) | default('',True) }}" +- stat: path=/etc/sysconfig/docker + register: docker_check + - name: Set registry params lineinfile: dest: /etc/sysconfig/docker regexp: '^{{ item.reg_conf_var }}=.*$' line: "{{ item.reg_conf_var }}='{{ item.reg_fact_val | oo_prepend_strings_in_list(item.reg_flag ~ ' ') | join(' ') }}'" - when: "'docker_additional_registries' in openshift.common" + when: "'docker_additional_registries' in openshift.common and docker_check.stat.isreg" with_items: - reg_conf_var: ADD_REGISTRY reg_fact_val: "{{ openshift.common.docker_additional_registries }}" @@ -25,3 +37,17 @@ reg_flag: --insecure-registry notify: - restart docker + +# TODO: Enable secure registry when code available in origin +# TODO: perhaps move this to openshift_docker? +- name: Secure Registry and Logs Options + lineinfile: + dest: /etc/sysconfig/docker + regexp: '^OPTIONS=.*$' + line: "OPTIONS='--insecure-registry={{ openshift.node.portal_net }} \ + {% if ansible_selinux and ansible_selinux.status == '''enabled''' %}--selinux-enabled{% endif %} \ + {% if openshift.node.docker_log_driver is defined %} --log-driver {{ openshift.node.docker_log_driver }} {% endif %} \ + {% if openshift.node.docker_log_options is defined %} {{ openshift.node.docker_log_options | oo_split() | oo_prepend_strings_in_list('--log-opt ') | join(' ')}} {% endif %} '" + when: docker_check.stat.isreg + notify: + - restart docker
\ No newline at end of file diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index 35ee18f4f..c33e395a9 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -652,10 +652,9 @@ def set_deployment_facts_if_unset(facts): if deployment_type in ['enterprise', 'atomic-enterprise', 'openshift-enterprise']: addtl_regs = facts['common'].get('docker_additional_registries', []) - ent_reg = ['registry.access.redhat.com'] + ent_reg = 'registry.access.redhat.com' if ent_reg not in addtl_regs: - facts['common']['docker_additional_registries'] = addtl_regs + ent_reg - + facts['common']['docker_additional_registries'] = addtl_regs + [ent_reg] for role in ('master', 'node'): if role in facts: diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index f77e0250d..597d5566f 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -22,8 +22,6 @@ local_facts: annotations: "{{ openshift_node_annotations | default(none) }}" debug_level: "{{ openshift_node_debug_level | default(openshift.common.debug_level) }}" - docker_log_driver: "{{ lookup( 'oo_option' , 'docker_log_driver' ) | default('',True) }}" - docker_log_options: "{{ lookup( 'oo_option' , 'docker_log_options' ) | default('',True) }}" iptables_sync_period: "{{ openshift_node_iptables_sync_period | default(None) }}" kubelet_args: "{{ openshift_node_kubelet_args | default(None) }}" labels: "{{ lookup('oo_option', 'openshift_node_labels') | default( openshift_node_labels | default(none), true) }}" |