From 48cb038635b0508cc6c1218d3d23fb8ccd6551fe Mon Sep 17 00:00:00 2001 From: Scott Dodson Date: Thu, 25 May 2017 17:07:57 -0400 Subject: Push to the registry via dns Configures OPENSHIFT_DEFAULT_REGISTRY=docker-registry.default.svc Adds 'cluster.local' to dns search on nodes via dispatcher script Adds '.svc' to NO_PROXY defaults --- roles/openshift_master/templates/atomic-openshift-master.j2 | 3 +++ 1 file changed, 3 insertions(+) (limited to 'roles/openshift_master') diff --git a/roles/openshift_master/templates/atomic-openshift-master.j2 b/roles/openshift_master/templates/atomic-openshift-master.j2 index 6e2439fd9..2cf784fe9 100644 --- a/roles/openshift_master/templates/atomic-openshift-master.j2 +++ b/roles/openshift_master/templates/atomic-openshift-master.j2 @@ -1,5 +1,8 @@ OPTIONS=--loglevel={{ openshift.master.debug_level | default(2) }} CONFIG_FILE={{ openshift_master_config_file }} +{% if openshift_use_dnsmasq | default(true) %} +OPENSHIFT_DEFAULT_REGISTRY=docker-registry.default.svc:5000 +{% endif %} {% if openshift.common.is_containerized | bool %} IMAGE_VERSION={{ openshift_image_tag }} {% endif %} -- cgit v1.2.3 From 9bb460dcf947aec01fdf02d3ef6690d609fa2b18 Mon Sep 17 00:00:00 2001 From: Scott Dodson Date: Tue, 13 Jun 2017 12:30:22 -0400 Subject: Disable actually pushing to the registry via dns for now We need to sort out how to know that the registry certificate has the proper hostnames attached to it. It will for 3.6 clean installs but not for 3.5 to 3.6 upgrades. For now make it opt in and come back to this. --- roles/openshift_master/templates/atomic-openshift-master.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'roles/openshift_master') diff --git a/roles/openshift_master/templates/atomic-openshift-master.j2 b/roles/openshift_master/templates/atomic-openshift-master.j2 index 2cf784fe9..6c9e1336a 100644 --- a/roles/openshift_master/templates/atomic-openshift-master.j2 +++ b/roles/openshift_master/templates/atomic-openshift-master.j2 @@ -1,6 +1,6 @@ OPTIONS=--loglevel={{ openshift.master.debug_level | default(2) }} CONFIG_FILE={{ openshift_master_config_file }} -{% if openshift_use_dnsmasq | default(true) %} +{% if openshift_use_dnsmasq | default(true) and openshift_push_via_dns | default(false) %} OPENSHIFT_DEFAULT_REGISTRY=docker-registry.default.svc:5000 {% endif %} {% if openshift.common.is_containerized | bool %} -- cgit v1.2.3 From 6fbc26e857146cbbee32b8df66b65fdd66730dab Mon Sep 17 00:00:00 2001 From: Scott Dodson Date: Fri, 16 Jun 2017 13:14:39 -0400 Subject: Enable push to registry via dns only on clean 3.6 installs We cannot assume that 3.5 to 3.6 upgrades were signed with the correct certs --- roles/openshift_master/tasks/main.yml | 3 +++ roles/openshift_master/templates/atomic-openshift-master.j2 | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) (limited to 'roles/openshift_master') diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index 035c15fef..630d70a7e 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -128,6 +128,9 @@ when: openshift.master.request_header_ca is defined and item.kind == 'RequestHeaderIdentityProvider' and item.clientCA | default('') != '' with_items: "{{ openshift.master.identity_providers }}" +- set_fact: + openshift_push_via_dns: "{{ openshift_use_dnsmasq | default(true) and openshift.common.version_gte_3_6 and r_openshift_master_clean_install }}" + - name: Install the systemd units include: systemd_units.yml diff --git a/roles/openshift_master/templates/atomic-openshift-master.j2 b/roles/openshift_master/templates/atomic-openshift-master.j2 index 6c9e1336a..156bb49d6 100644 --- a/roles/openshift_master/templates/atomic-openshift-master.j2 +++ b/roles/openshift_master/templates/atomic-openshift-master.j2 @@ -1,6 +1,6 @@ OPTIONS=--loglevel={{ openshift.master.debug_level | default(2) }} CONFIG_FILE={{ openshift_master_config_file }} -{% if openshift_use_dnsmasq | default(true) and openshift_push_via_dns | default(false) %} +{% if openshift_push_via_dns %} OPENSHIFT_DEFAULT_REGISTRY=docker-registry.default.svc:5000 {% endif %} {% if openshift.common.is_containerized | bool %} -- cgit v1.2.3 From f62ca64ccf58b013e4c38143036b05c76ee6f80c Mon Sep 17 00:00:00 2001 From: Scott Dodson Date: Mon, 19 Jun 2017 21:30:58 -0400 Subject: Update atomic-openshift-master.j2 --- roles/openshift_master/templates/atomic-openshift-master.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'roles/openshift_master') diff --git a/roles/openshift_master/templates/atomic-openshift-master.j2 b/roles/openshift_master/templates/atomic-openshift-master.j2 index 156bb49d6..850fae0e4 100644 --- a/roles/openshift_master/templates/atomic-openshift-master.j2 +++ b/roles/openshift_master/templates/atomic-openshift-master.j2 @@ -1,6 +1,6 @@ OPTIONS=--loglevel={{ openshift.master.debug_level | default(2) }} CONFIG_FILE={{ openshift_master_config_file }} -{% if openshift_push_via_dns %} +{% if openshift_push_via_dns | default(false) %} OPENSHIFT_DEFAULT_REGISTRY=docker-registry.default.svc:5000 {% endif %} {% if openshift.common.is_containerized | bool %} -- cgit v1.2.3